Changeset 5755
- Timestamp:
- Mar 15, 2018 3:00:59 AM (7 years ago)
- Location:
- pjproject/trunk
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjmedia/include/pjmedia/transport_srtp.h
r5621 r5755 191 191 192 192 /** 193 * Specify the number of crypto suite settings. 193 * Specify the number of crypto suite settings. If set to zero, all 194 * available cryptos will be enabled. Default: zero. 194 195 */ 195 196 unsigned crypto_count; 196 197 197 198 /** 198 * Specify individual crypto suite setting. 199 * Specify individual crypto suite setting and its priority order. 200 * 199 201 * Notes for DTLS-SRTP keying: 200 202 * - Currently only supports these cryptos: AES_CM_128_HMAC_SHA1_80, … … 205 207 206 208 /** 207 * Specify the number of enabled keying methods. 208 * Default is PJMEDIA_SRTP_MAX_KEYINGS (all enabled). 209 * Specify the number of enabled keying methods. If set to zero, all 210 * keyings will be enabled. Maximum value is PJMEDIA_SRTP_MAX_KEYINGS. 211 * 212 * Default is zero (all keyings are enabled with priority order: 213 * SDES, DTLS-SRTP). 209 214 */ 210 215 unsigned keying_count; … … 215 220 * for example as currently only one keying is supported in the SDP offer, 216 221 * keying with first priority will be likely used in the SDP offer. 217 *218 * Default is that all supported keying methods (i.e: currently SDES and219 * DTLS-SRTP) will be enabled and with priority order: SDES, DTLS-SRTP.220 222 */ 221 223 pjmedia_srtp_keying_method keying[PJMEDIA_SRTP_KEYINGS_COUNT]; … … 321 323 */ 322 324 PJ_DECL(void) pjmedia_srtp_setting_default(pjmedia_srtp_setting *opt); 325 326 327 /** 328 * Enumerate available SRTP crypto name. 329 * 330 * @param count On input, specifies the maximum length of crypto 331 * array. On output, the number of available crypto 332 * initialized by this function. 333 * @param crypto The SRTP crypto array output. 334 * 335 * @return PJ_SUCCESS on success. 336 */ 337 PJ_DECL(pj_status_t) pjmedia_srtp_enum_crypto(unsigned *count, 338 pjmedia_srtp_crypto crypto[]); 339 340 341 /** 342 * Enumerate available SRTP keying methods. 343 * 344 * @param count On input, specifies the maximum length of keying method 345 * array. On output, the number of available keying method 346 * initialized by this function. 347 * @param crypto The SRTP keying method array output. 348 * 349 * @return PJ_SUCCESS on success. 350 */ 351 PJ_DECL(pj_status_t) pjmedia_srtp_enum_keying(unsigned *count, 352 pjmedia_srtp_keying_method keying[]); 323 353 324 354 -
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp.c
r5752 r5755 610 610 PJ_DEF(void) pjmedia_srtp_setting_default(pjmedia_srtp_setting *opt) 611 611 { 612 unsigned i;613 614 612 pj_assert(opt); 615 613 … … 617 615 opt->close_member_tp = PJ_TRUE; 618 616 opt->use = PJMEDIA_SRTP_OPTIONAL; 619 620 /* Copy default crypto-suites, but skip crypto 'NULL' */ 621 opt->crypto_count = sizeof(crypto_suites)/sizeof(crypto_suites[0]) - 1; 622 for (i=0; i<opt->crypto_count; ++i) 623 opt->crypto[i].name = pj_str(crypto_suites[i+1].name); 624 625 /* Keying method */ 626 opt->keying_count = PJMEDIA_SRTP_KEYINGS_COUNT; 627 opt->keying[0] = PJMEDIA_SRTP_KEYING_SDES; 628 opt->keying[1] = PJMEDIA_SRTP_KEYING_DTLS_SRTP; 629 630 /* Just for reminder to add any new keying to the array above */ 631 pj_assert(PJMEDIA_SRTP_KEYINGS_COUNT == 2); 617 } 618 619 /* 620 * Enumerate all SRTP cryptos, except "NULL". 621 */ 622 PJ_DEF(pj_status_t) pjmedia_srtp_enum_crypto(unsigned *count, 623 pjmedia_srtp_crypto crypto[]) 624 { 625 unsigned i, max; 626 627 PJ_ASSERT_RETURN(count && crypto, PJ_EINVAL); 628 629 max = sizeof(crypto_suites) / sizeof(crypto_suites[0]) - 1; 630 if (*count > max) 631 *count = max; 632 633 for (i=0; i<*count; ++i) { 634 pj_bzero(&crypto[i], sizeof(crypto[0])); 635 crypto[i].name = pj_str(crypto_suites[i+1].name); 636 } 637 638 return PJ_SUCCESS; 639 } 640 641 642 /* 643 * Enumerate available SRTP keying methods. 644 */ 645 PJ_DEF(pj_status_t) pjmedia_srtp_enum_keying(unsigned *count, 646 pjmedia_srtp_keying_method keying[]) 647 { 648 unsigned max; 649 650 PJ_ASSERT_RETURN(count && keying, PJ_EINVAL); 651 652 max = *count; 653 *count = 0; 654 655 #if defined(PJMEDIA_SRTP_HAS_SDES) && (PJMEDIA_SRTP_HAS_SDES != 0) 656 if (*count < max) 657 keying[(*count)++] = PJMEDIA_SRTP_KEYING_SDES; 658 #endif 659 #if defined(PJMEDIA_SRTP_HAS_DTLS) && (PJMEDIA_SRTP_HAS_DTLS != 0) 660 if (*count < max) 661 keying[(*count)++] = PJMEDIA_SRTP_KEYING_DTLS_SRTP; 662 #endif 663 664 return PJ_SUCCESS; 632 665 } 633 666 … … 704 737 } 705 738 706 status = pj_lock_create_recursive_mutex(pool, pool->obj_name, &srtp->mutex); 739 /* If crypto count is set to zero, setup default crypto-suites, 740 * i.e: all available crypto but 'NULL'. 741 */ 742 if (srtp->setting.crypto_count == 0) { 743 srtp->setting.crypto_count = PJMEDIA_SRTP_MAX_CRYPTOS; 744 pjmedia_srtp_enum_crypto(&srtp->setting.crypto_count, 745 srtp->setting.crypto); 746 } 747 748 status = pj_lock_create_recursive_mutex(pool, pool->obj_name, 749 &srtp->mutex); 707 750 if (status != PJ_SUCCESS) { 708 751 pj_pool_release(pool); … … 724 767 /* Initialize peer's SRTP usage mode. */ 725 768 srtp->peer_use = srtp->setting.use; 769 770 /* If keying count set to zero, setup default keying count & priorities */ 771 if (srtp->setting.keying_count == 0) { 772 srtp->setting.keying_count = PJMEDIA_SRTP_KEYINGS_COUNT; 773 pjmedia_srtp_enum_keying(&srtp->setting.keying_count, 774 srtp->setting.keying); 775 } 726 776 727 777 /* Initialize SRTP keying method. */ … … 1414 1464 1415 1465 if (srtp->offerer_side && srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 1466 /* If we are offerer and SRTP is disabled, simply bypass SRTP and 1467 * skip keying. 1468 */ 1416 1469 srtp->bypass_srtp = PJ_TRUE; 1417 1470 srtp->keying_cnt = 0; 1418 1471 } else { 1472 /* If we are answerer and SRTP is disabled, we need to verify that 1473 * SRTP is disabled too in remote SDP, so we can't just skip keying. 1474 */ 1419 1475 srtp->bypass_srtp = PJ_FALSE; 1420 1476 srtp->keying_cnt = srtp->all_keying_cnt; … … 1431 1487 return status; 1432 1488 1433 /* Invoke media_create() of all keying methods */ 1489 /* Invoke media_create() of all keying methods, keying actions for each 1490 * SRTP mode: 1491 * - DISABLED: 1492 * - as offerer, nothing (keying is skipped). 1493 * - as answerer, verify remote SDP, make sure it has SRTP disabled too, 1494 * if not, return error. 1495 * - OPTIONAL: 1496 * - as offerer, general initialization. 1497 * - as answerer, optionally verify SRTP attr in remote SDP (if any). 1498 * - MANDATORY: 1499 * - as offerer, general initialization. 1500 * - as answerer, verify SRTP attr in remote SDP. 1501 */ 1434 1502 for (i=0; i < srtp->keying_cnt; ) { 1435 1503 pj_status_t st; … … 1458 1526 return keying_status; 1459 1527 1528 /* Bypass SRTP & skip keying as SRTP is disabled and verification on 1529 * remote SDP has been done. 1530 */ 1531 if (srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 1532 srtp->bypass_srtp = PJ_TRUE; 1533 srtp->keying_cnt = 0; 1534 } 1535 1460 1536 return PJ_SUCCESS; 1461 1537 } … … 1484 1560 return status; 1485 1561 1486 /* Invoke encode_sdp() of all keying methods */ 1562 /* Invoke encode_sdp() of all keying methods, keying actions for each 1563 * SRTP mode: 1564 * - DISABLED: nothing (keying is skipped) 1565 * - OPTIONAL: 1566 * - as offerer, generate offer. 1567 * - as answerer, if remote has the same SRTP keying in SDP, verify it, 1568 * generate answer, start crypto nego. 1569 * - MANDATORY: 1570 * - as offerer, generate offer. 1571 * - as answerer, verify remote SDP, generate answer, start crypto nego. 1572 * 1573 * Note: because the SDP will be processed by other keying/components, 1574 * keying must do verification on remote SDP first (e.g: keying 1575 * is being used) before touching local SDP. 1576 */ 1487 1577 for (i=0; i < srtp->keying_cnt; ) { 1488 1578 pj_status_t st; … … 1544 1634 return status; 1545 1635 1546 /* Invoke media_start() of all keying methods */ 1636 /* Invoke media_start() of all keying methods, keying actions for each 1637 * SRTP mode: 1638 * - DISABLED: nothing (keying is skipped) 1639 * - OPTIONAL: 1640 * - as offerer, if remote answer has the same SRTP keying in SDP, 1641 * verify it and start crypto nego. 1642 * - as answerer, start crypto nego if not yet (usually initated in 1643 * encode_sdp()). 1644 * - MANDATORY: 1645 * - as offerer, verify remote answer and start crypto nego. 1646 * - as answerer, start crypto nego if not yet (usually initated in 1647 * encode_sdp()). 1648 */ 1547 1649 for (i=0; i < srtp->keying_cnt; ) { 1548 1650 status = pjmedia_transport_media_start(srtp->keying[i], pool, -
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c
r5750 r5755 1016 1016 */ 1017 1017 pjmedia_sdp_media *m_rem = sdp_remote->media[media_index]; 1018 pjmedia_sdp_attr *attr_setup; 1018 1019 1019 1020 if (pj_stricmp(&m_rem->desc.transport, &ID_TP_DTLS_SRTP)!=0) { … … 1021 1022 status = PJMEDIA_SRTP_ESDPINTRANSPORT; 1022 1023 goto on_return; 1024 } 1025 1026 /* Check for a=setup in remote SDP. */ 1027 attr_setup = pjmedia_sdp_media_find_attr(m_rem, &ID_SETUP, NULL); 1028 if (!attr_setup) 1029 attr_setup = pjmedia_sdp_attr_find(sdp_remote->attr_count, 1030 sdp_remote->attr, &ID_SETUP, NULL); 1031 switch (ds->srtp->setting.use) { 1032 case PJMEDIA_SRTP_DISABLED: 1033 if (attr_setup) 1034 return PJMEDIA_SRTP_ESDPINTRANSPORT; 1035 break; 1036 case PJMEDIA_SRTP_OPTIONAL: 1037 break; 1038 case PJMEDIA_SRTP_MANDATORY: 1039 if (!attr_setup) 1040 return PJMEDIA_SRTP_ESDPINTRANSPORT; 1041 break; 1023 1042 } 1024 1043 } -
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_sdes.c
r5749 r5755 278 278 PJ_UNUSED_ARG(sdp_pool); 279 279 280 /* Verify remote media transport, it has to be RTP/AVP or RTP/SAVP */ 281 if (!srtp->offerer_side) { 282 pjmedia_sdp_media *m = sdp_remote->media[media_index]; 283 if (pj_stricmp(&m->desc.transport, &ID_RTP_AVP) != 0 && 284 pj_stricmp(&m->desc.transport, &ID_RTP_SAVP) != 0) 285 { 286 return PJMEDIA_SRTP_ESDPINTRANSPORT; 287 } 288 } 289 280 290 /* Validations */ 281 291 if (srtp->offerer_side) { … … 284 294 pjmedia_sdp_media *m_rem = sdp_remote->media[media_index]; 285 295 286 /* Nothing to do on inactive media stream */287 if (pjmedia_sdp_media_find_attr(m_rem, &ID_INACTIVE, NULL))288 srtp->bypass_srtp = PJ_TRUE;289 290 296 /* Validate remote media transport based on SRTP usage option. */ 291 297 switch (srtp->setting.use) { … … 293 299 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP) == 0) 294 300 return PJMEDIA_SRTP_ESDPINTRANSPORT; 295 srtp->bypass_srtp = PJ_TRUE;296 301 break; 297 302 case PJMEDIA_SRTP_OPTIONAL: … … 326 331 m_loc = sdp_local->media[media_index]; 327 332 328 /* Bypass SDES if media transport is not RTP/AVP or RTP/SAVP */ 329 if (pj_stricmp(&m_loc->desc.transport, &ID_RTP_AVP) != 0 && 330 pj_stricmp(&m_loc->desc.transport, &ID_RTP_SAVP) != 0) 333 /* Verify media transport, it has to be RTP/AVP or RTP/SAVP */ 331 334 { 332 return PJ_SUCCESS; 335 pjmedia_sdp_media *m = sdp_remote? m_rem : m_loc; 336 if (pj_stricmp(&m->desc.transport, &ID_RTP_AVP) != 0 && 337 pj_stricmp(&m->desc.transport, &ID_RTP_SAVP) != 0) 338 { 339 return PJMEDIA_SRTP_ESDPINTRANSPORT; 340 } 333 341 } 334 342 … … 353 361 switch (srtp->setting.use) { 354 362 case PJMEDIA_SRTP_DISABLED: 355 pj_assert(!"Shouldn't reach here");363 /* Should never reach here */ 356 364 return PJ_SUCCESS; 357 365 case PJMEDIA_SRTP_OPTIONAL: … … 407 415 switch (srtp->setting.use) { 408 416 case PJMEDIA_SRTP_DISABLED: 417 /* Should never reach here */ 409 418 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP) == 0) 410 419 return PJMEDIA_SRTP_ESDPINTRANSPORT; 411 420 return PJ_SUCCESS; 412 421 case PJMEDIA_SRTP_OPTIONAL: 413 m_loc->desc.transport = m_rem->desc.transport;414 422 break; 415 423 case PJMEDIA_SRTP_MANDATORY: 416 424 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP) != 0) 417 425 return PJMEDIA_SRTP_ESDPINTRANSPORT; 418 m_loc->desc.transport = ID_RTP_SAVP;419 426 break; 420 427 } … … 480 487 switch (srtp->setting.use) { 481 488 case PJMEDIA_SRTP_DISABLED: 482 pj_assert(!"Should never reach here");489 /* Should never reach here */ 483 490 break; 484 491 … … 536 543 /* At this point, we get valid rx_policy_neg & tx_policy_neg. */ 537 544 } 545 546 /* Update transport description in local media SDP */ 547 m_loc->desc.transport = m_rem->desc.transport; 538 548 } 539 549 … … 590 600 pjmedia_srtp_crypto loc_crypto[PJMEDIA_SRTP_MAX_CRYPTOS]; 591 601 int loc_cryto_cnt = PJMEDIA_SRTP_MAX_CRYPTOS; 602 pjmedia_srtp_crypto tmp_tx_crypto; 603 pj_bool_t has_crypto_attr = PJ_FALSE; 604 int rem_tag; 605 int j; 606 592 607 593 608 m_rem = sdp_remote->media[media_index]; 594 609 m_loc = sdp_local->media[media_index]; 610 611 /* Verify media transport, it has to be RTP/AVP or RTP/SAVP */ 612 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_AVP) != 0 && 613 pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP) != 0) 614 { 615 return PJMEDIA_SRTP_ESDPINTRANSPORT; 616 } 595 617 596 618 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP) == 0) … … 599 621 srtp->peer_use = PJMEDIA_SRTP_OPTIONAL; 600 622 601 /* For answerer side, this function will just have to start SRTP */ 623 /* For answerer side, this function will just have to start SRTP as 624 * SRTP crypto policies have been populated in media_encode_sdp(). 625 */ 626 if (!srtp->offerer_side) 627 return PJ_SUCCESS; 602 628 603 629 /* Check remote media transport & set local media transport 604 630 * based on SRTP usage option. 605 631 */ 606 if (srtp->offerer_side) { 607 if (srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 608 if (pjmedia_sdp_media_find_attr(m_rem, &ID_CRYPTO, NULL)) { 609 DEACTIVATE_MEDIA(pool, m_loc); 610 return PJMEDIA_SRTP_ESDPINCRYPTO; 611 } 632 if (srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 633 if (pjmedia_sdp_media_find_attr(m_rem, &ID_CRYPTO, NULL)) { 634 DEACTIVATE_MEDIA(pool, m_loc); 635 return PJMEDIA_SRTP_ESDPINCRYPTO; 636 } 637 return PJ_SUCCESS; 638 } else if (srtp->setting.use == PJMEDIA_SRTP_OPTIONAL) { 639 // Regardless the answer's transport type (RTP/AVP or RTP/SAVP), 640 // the answer must be processed through in optional mode. 641 // Please note that at this point transport type is ensured to be 642 // RTP/AVP or RTP/SAVP, see sdes_media_create() 643 //if (pj_stricmp(&m_rem->desc.transport, &m_loc->desc.transport)) { 644 //DEACTIVATE_MEDIA(pool, m_loc); 645 //return PJMEDIA_SDP_EINPROTO; 646 //} 647 fill_local_crypto(srtp->pool, m_loc, loc_crypto, &loc_cryto_cnt); 648 } else if (srtp->setting.use == PJMEDIA_SRTP_MANDATORY) { 649 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP)) { 650 DEACTIVATE_MEDIA(pool, m_loc); 651 return PJMEDIA_SDP_EINPROTO; 652 } 653 fill_local_crypto(srtp->pool, m_loc, loc_crypto, &loc_cryto_cnt); 654 } 655 656 /* find supported crypto-suite, get the tag, and assign policy_local */ 657 for (i=0; i<m_rem->attr_count; ++i) { 658 if (pj_stricmp(&m_rem->attr[i]->name, &ID_CRYPTO) != 0) 659 continue; 660 661 /* more than one crypto attribute in media answer */ 662 if (has_crypto_attr) { 663 DEACTIVATE_MEDIA(pool, m_loc); 664 return PJMEDIA_SRTP_ESDPAMBIGUEANS; 665 } 666 667 has_crypto_attr = PJ_TRUE; 668 669 status = parse_attr_crypto(srtp->pool, m_rem->attr[i], 670 &tmp_tx_crypto, &rem_tag); 671 if (status != PJ_SUCCESS) 672 return status; 673 674 675 /* Tag range check, our tags in the offer must be in the SRTP 676 * setting range, so does the remote answer's. The remote answer's 677 * tag must not exceed the tag range of the local offer. 678 */ 679 if (rem_tag < 1 || rem_tag > (int)srtp->setting.crypto_count || 680 rem_tag > loc_cryto_cnt) 681 { 682 DEACTIVATE_MEDIA(pool, m_loc); 683 return PJMEDIA_SRTP_ESDPINCRYPTOTAG; 684 } 685 686 /* match the crypto name */ 687 if (pj_stricmp(&tmp_tx_crypto.name, &loc_crypto[rem_tag-1].name)) 688 { 689 DEACTIVATE_MEDIA(pool, m_loc); 690 return PJMEDIA_SRTP_ECRYPTONOTMATCH; 691 } 692 693 /* Find the crypto from the setting. */ 694 for (j = 0; j < (int)srtp->setting.crypto_count; ++j) { 695 if (pj_stricmp(&tmp_tx_crypto.name, 696 &srtp->setting.crypto[j].name) == 0) 697 { 698 srtp->tx_policy_neg = srtp->setting.crypto[j]; 699 break; 700 } 701 } 702 703 srtp->rx_policy_neg = tmp_tx_crypto; 704 } 705 706 if (srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 707 /* should never reach here */ 708 return PJ_SUCCESS; 709 } else if (srtp->setting.use == PJMEDIA_SRTP_OPTIONAL) { 710 if (!has_crypto_attr) 612 711 return PJ_SUCCESS; 613 } else if (srtp->setting.use == PJMEDIA_SRTP_OPTIONAL) { 614 // Regardless the answer's transport type (RTP/AVP or RTP/SAVP), 615 // the answer must be processed through in optional mode. 616 // Please note that at this point transport type is ensured to be 617 // RTP/AVP or RTP/SAVP, see sdes_media_create() 618 //if (pj_stricmp(&m_rem->desc.transport, &m_loc->desc.transport)) { 619 //DEACTIVATE_MEDIA(pool, m_loc); 620 //return PJMEDIA_SDP_EINPROTO; 621 //} 622 fill_local_crypto(srtp->pool, m_loc, loc_crypto, &loc_cryto_cnt); 623 } else if (srtp->setting.use == PJMEDIA_SRTP_MANDATORY) { 624 if (pj_stricmp(&m_rem->desc.transport, &ID_RTP_SAVP)) { 625 DEACTIVATE_MEDIA(pool, m_loc); 626 return PJMEDIA_SDP_EINPROTO; 627 } 628 fill_local_crypto(srtp->pool, m_loc, loc_crypto, &loc_cryto_cnt); 629 } 630 } 631 632 if (srtp->offerer_side) { 633 /* find supported crypto-suite, get the tag, and assign policy_local */ 634 pjmedia_srtp_crypto tmp_tx_crypto; 635 pj_bool_t has_crypto_attr = PJ_FALSE; 636 int rem_tag; 637 int j; 638 639 for (i=0; i<m_rem->attr_count; ++i) { 640 if (pj_stricmp(&m_rem->attr[i]->name, &ID_CRYPTO) != 0) 641 continue; 642 643 /* more than one crypto attribute in media answer */ 644 if (has_crypto_attr) { 645 DEACTIVATE_MEDIA(pool, m_loc); 646 return PJMEDIA_SRTP_ESDPAMBIGUEANS; 647 } 648 649 has_crypto_attr = PJ_TRUE; 650 651 status = parse_attr_crypto(srtp->pool, m_rem->attr[i], 652 &tmp_tx_crypto, &rem_tag); 653 if (status != PJ_SUCCESS) 654 return status; 655 656 657 /* Tag range check, our tags in the offer must be in the SRTP 658 * setting range, so does the remote answer's. The remote answer's 659 * tag must not exceed the tag range of the local offer. 660 */ 661 if (rem_tag < 1 || rem_tag > (int)srtp->setting.crypto_count || 662 rem_tag > loc_cryto_cnt) 663 { 664 DEACTIVATE_MEDIA(pool, m_loc); 665 return PJMEDIA_SRTP_ESDPINCRYPTOTAG; 666 } 667 668 /* match the crypto name */ 669 if (pj_stricmp(&tmp_tx_crypto.name, &loc_crypto[rem_tag-1].name)) 670 { 671 DEACTIVATE_MEDIA(pool, m_loc); 672 return PJMEDIA_SRTP_ECRYPTONOTMATCH; 673 } 674 675 /* Find the crypto from the setting. */ 676 for (j = 0; j < (int)srtp->setting.crypto_count; ++j) { 677 if (pj_stricmp(&tmp_tx_crypto.name, 678 &srtp->setting.crypto[j].name) == 0) 679 { 680 srtp->tx_policy_neg = srtp->setting.crypto[j]; 681 break; 682 } 683 } 684 685 srtp->rx_policy_neg = tmp_tx_crypto; 686 } 687 688 if (srtp->setting.use == PJMEDIA_SRTP_DISABLED) { 689 /* should never reach here */ 690 return PJ_SUCCESS; 691 } else if (srtp->setting.use == PJMEDIA_SRTP_OPTIONAL) { 692 if (!has_crypto_attr) 693 return PJ_SUCCESS; 694 } else if (srtp->setting.use == PJMEDIA_SRTP_MANDATORY) { 695 if (!has_crypto_attr) { 696 DEACTIVATE_MEDIA(pool, m_loc); 697 return PJMEDIA_SRTP_ESDPREQCRYPTO; 698 } 699 } 700 701 /* At this point, we get valid rx_policy_neg & tx_policy_neg. */ 702 } 712 } else if (srtp->setting.use == PJMEDIA_SRTP_MANDATORY) { 713 if (!has_crypto_attr) { 714 DEACTIVATE_MEDIA(pool, m_loc); 715 return PJMEDIA_SRTP_ESDPREQCRYPTO; 716 } 717 } 718 719 /* At this point, we get valid rx_policy_neg & tx_policy_neg. */ 703 720 704 721 return PJ_SUCCESS; -
pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c
r5746 r5755 1011 1011 } 1012 1012 1013 /*1014 * This callback is called when media transport SRTP needs to be created.1015 */1016 static void on_create_media_transport_srtp(pjsua_call_id call_id,1017 unsigned media_idx,1018 pjmedia_srtp_setting *srtp_opt)1019 {1020 PJ_UNUSED_ARG(call_id);1021 PJ_UNUSED_ARG(media_idx);1022 1023 /* Set SRTP keying to use DTLS over SDES */1024 if (app_config.srtp_keying == 1) {1025 srtp_opt->keying_count = 2;1026 srtp_opt->keying[0] = PJMEDIA_SRTP_KEYING_DTLS_SRTP;1027 srtp_opt->keying[1] = PJMEDIA_SRTP_KEYING_SDES;1028 }1029 }1030 1031 1032 1013 #ifdef TRANSPORT_ADAPTER_SAMPLE 1033 1014 /* … … 1363 1344 app_config.cfg.cb.on_snd_dev_operation = &on_snd_dev_operation; 1364 1345 app_config.cfg.cb.on_call_media_event = &on_call_media_event; 1365 app_config.cfg.cb.on_create_media_transport_srtp =1366 &on_create_media_transport_srtp;1367 1346 #ifdef TRANSPORT_ADAPTER_SAMPLE 1368 1347 app_config.cfg.cb.on_create_media_transport = &on_create_media_transport; -
pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app_config.c
r5746 r5755 1055 1055 return -1; 1056 1056 } 1057 /* Set SRTP keying to use DTLS over SDES */ 1058 if (app_config.srtp_keying == 1) { 1059 pjsua_srtp_opt *srtp_opt = &app_config.cfg.srtp_opt; 1060 srtp_opt->keying_count = 2; 1061 srtp_opt->keying[0] = PJMEDIA_SRTP_KEYING_DTLS_SRTP; 1062 srtp_opt->keying[1] = PJMEDIA_SRTP_KEYING_SDES; 1063 1064 cur_acc->srtp_opt.keying_count = 2; 1065 cur_acc->srtp_opt.keying[0] = PJMEDIA_SRTP_KEYING_DTLS_SRTP; 1066 cur_acc->srtp_opt.keying[1] = PJMEDIA_SRTP_KEYING_SDES; 1067 } 1057 1068 break; 1058 1069 #endif -
pjproject/trunk/pjsip-apps/src/swig/symbols.i
r5735 r5755 48 48 49 49 typedef enum pjmedia_srtp_crypto_option {PJMEDIA_SRTP_NO_ENCRYPTION = 1, PJMEDIA_SRTP_NO_AUTHENTICATION = 2} pjmedia_srtp_crypto_option; 50 51 typedef enum pjmedia_srtp_keying_method {PJMEDIA_SRTP_KEYING_SDES = 0, PJMEDIA_SRTP_KEYING_DTLS_SRTP = 1, PJMEDIA_SRTP_KEYINGS_COUNT = 2} pjmedia_srtp_keying_method; 50 52 51 53 typedef enum pjmedia_vid_stream_rc_method {PJMEDIA_VID_STREAM_RC_NONE = 0, PJMEDIA_VID_STREAM_RC_SIMPLE_BLOCKING = 1} pjmedia_vid_stream_rc_method; -
pjproject/trunk/pjsip-apps/src/swig/symbols.lst
r5677 r5755 9 9 10 10 pjmedia/event.h pjmedia_event_type 11 pjmedia/transport_srtp.h pjmedia_srtp_use pjmedia_srtp_crypto_option 11 pjmedia/transport_srtp.h pjmedia_srtp_use pjmedia_srtp_crypto_option pjmedia_srtp_keying_method 12 12 pjmedia/vid_stream.h pjmedia_vid_stream_rc_method 13 13 pjmedia-videodev/videodev.h pjmedia_vid_dev_index pjmedia_vid_dev_std_index pjmedia_vid_dev_cap -
pjproject/trunk/pjsip/include/pjsua-lib/pjsua.h
r5721 r5755 636 636 637 637 } pjsua_create_media_transport_flag; 638 639 640 /** 641 * Specify SRTP media transport settings. 642 */ 643 typedef struct pjsua_srtp_opt 644 { 645 /** 646 * Specify the number of crypto suite settings. If set to zero, all 647 * available cryptos will be enabled. Note that available crypto names 648 * can be enumerated using pjmedia_srtp_enum_crypto(). 649 * 650 * Default is zero. 651 */ 652 unsigned crypto_count; 653 654 /** 655 * Specify individual crypto suite setting and its priority order. 656 * 657 * Notes for DTLS-SRTP keying: 658 * - Currently only supports these cryptos: AES_CM_128_HMAC_SHA1_80, 659 * AES_CM_128_HMAC_SHA1_32, AEAD_AES_256_GCM, and AEAD_AES_128_GCM. 660 * - SRTP key is not configurable. 661 */ 662 pjmedia_srtp_crypto crypto[PJMEDIA_SRTP_MAX_CRYPTOS]; 663 664 /** 665 * Specify the number of enabled keying methods. If set to zero, all 666 * keyings will be enabled. Maximum value is PJMEDIA_SRTP_MAX_KEYINGS. 667 * Note that available keying methods can be enumerated using 668 * pjmedia_srtp_enum_keying(). 669 * 670 * Default is zero (all keyings are enabled with priority order: 671 * SDES, DTLS-SRTP). 672 */ 673 unsigned keying_count; 674 675 /** 676 * Specify enabled keying methods and its priority order. Keying method 677 * with higher priority will be given earlier chance to process the SDP, 678 * for example as currently only one keying is supported in the SDP offer, 679 * keying with first priority will be likely used in the SDP offer. 680 */ 681 pjmedia_srtp_keying_method keying[PJMEDIA_SRTP_KEYINGS_COUNT]; 682 683 } pjsua_srtp_opt; 638 684 639 685 … … 1520 1566 1521 1567 /** 1522 * This callback is called when SRTP media transport is created. 1568 * Warning: deprecated and may be removed in future release. Application 1569 * can set SRTP crypto settings (including keys) and keying methods 1570 * via pjsua_srtp_opt in pjsua_config and pjsua_acc_config. 1571 * See also ticket #2100. 1572 * 1573 * This callback is called before SRTP media transport is created. 1523 1574 * Application can modify the SRTP setting \a srtp_opt to specify 1524 * the cryptos and keys which are going to be used. Note that 1525 * application should not modify the field 1526 * \a pjmedia_srtp_setting.close_member_tp and can only modify 1527 * the field \a pjmedia_srtp_setting.use for initial INVITE. 1575 * the cryptos & keys and keying methods which are going to be used. 1576 * Note that only some fields of pjmedia_srtp_setting can be overriden 1577 * from this callback, i.e: "crypto_count", "crypto", "keying_count", 1578 * "keying", and "use" (only for initial INVITE), any modification in 1579 * other fields will be ignored. 1528 1580 * 1529 1581 * @param call_id Call ID … … 1901 1953 */ 1902 1954 pj_bool_t srtp_optional_dup_offer; 1955 1956 /** 1957 * Specify SRTP transport setting. Application can initialize it with 1958 * default values using pjsua_srtp_opt_default(). 1959 */ 1960 pjsua_srtp_opt srtp_opt; 1903 1961 1904 1962 /** … … 3224 3282 } pjsua_nat64_opt; 3225 3283 3284 3226 3285 /** 3227 3286 * This structure describes account configuration to be specified when … … 3741 3800 */ 3742 3801 pj_bool_t srtp_optional_dup_offer; 3802 3803 /** 3804 * Specify SRTP transport setting. Application can initialize it with 3805 * default values using pjsua_srtp_opt_default(). 3806 */ 3807 pjsua_srtp_opt srtp_opt; 3743 3808 3744 3809 /** … … 3891 3956 pjsua_turn_config *dst, 3892 3957 const pjsua_turn_config *src); 3958 3959 3960 /** 3961 * Call this function to initialize SRTP config with default values. 3962 * 3963 * @param cfg The SRTP config to be initialized. 3964 */ 3965 PJ_DECL(void) pjsua_srtp_opt_default(pjsua_srtp_opt *cfg); 3966 3893 3967 3894 3968 /** -
pjproject/trunk/pjsip/include/pjsua2/account.hpp
r5649 r5755 704 704 705 705 /** 706 * SRTP crypto. 707 */ 708 struct SrtpCrypto 709 { 710 /** 711 * Optional key. If empty, a random key will be autogenerated. 712 */ 713 string key; 714 715 /** 716 * Crypto name. 717 */ 718 string name; 719 720 /** 721 * Flags, bitmask from #pjmedia_srtp_crypto_option 722 */ 723 unsigned flags; 724 725 public: 726 /** 727 * Convert from pjsip 728 */ 729 void fromPj(const pjmedia_srtp_crypto &prm); 730 731 /** 732 * Convert to pjsip 733 */ 734 pjmedia_srtp_crypto toPj() const; 735 }; 736 737 struct SrtpOpt : public PersistentObject 738 { 739 /** 740 * Specify SRTP cryptos. If empty, all crypto will be enabled. 741 * Available crypto can be enumerated using Endpoint::srtpCryptoEnum(). 742 * 743 * Default: empty. 744 */ 745 vector<SrtpCrypto> cryptos; 746 747 /** 748 * Specify SRTP keying methods, valid keying method is defined in 749 * pjmedia_srtp_keying_method. If empty, all keying methods will be 750 * enabled with priority order: SDES, DTLS-SRTP. 751 * 752 * Default: empty. 753 */ 754 IntVector keyings; 755 756 public: 757 /** 758 * Default constructor initializes with default values. 759 */ 760 SrtpOpt(); 761 762 /** 763 * Convert from pjsip 764 */ 765 void fromPj(const pjsua_srtp_opt &prm); 766 767 /** 768 * Convert to pjsip 769 */ 770 pjsua_srtp_opt toPj() const; 771 772 public: 773 /** 774 * Read this object from a container node. 775 * 776 * @param node Container to read values from. 777 */ 778 virtual void readObject(const ContainerNode &node) throw(Error); 779 780 /** 781 * Write this object to a container node. 782 * 783 * @param node Container to write values to. 784 */ 785 virtual void writeObject(ContainerNode &node) const throw(Error); 786 }; 787 788 /** 706 789 * Account media config (applicable for both audio and video). This will be 707 790 * specified in AccountConfig. … … 753 836 */ 754 837 int srtpSecureSignaling; 838 839 /** 840 * Specify SRTP settings, like cryptos and keying methods. 841 */ 842 SrtpOpt srtpOpt; 755 843 756 844 /** -
pjproject/trunk/pjsip/include/pjsua2/call.hpp
r5676 r5755 965 965 */ 966 966 unsigned flags; 967 };968 969 /**970 * SRTP crypto.971 */972 struct SrtpCrypto973 {974 /**975 * Optional key. If empty, a random key will be autogenerated.976 */977 string key;978 979 /**980 * Crypto name.981 */982 string name;983 984 /**985 * Flags, bitmask from #pjmedia_srtp_crypto_option986 */987 unsigned flags;988 967 }; 989 968 … … 1808 1787 1809 1788 /** 1789 * Warning: deprecated and may be removed in future release. 1790 * Application can set SRTP crypto settings (including keys) and 1791 * keying methods via AccountConfig.mediaConfig.srtpOpt. 1792 * See also ticket #2100. 1793 * 1810 1794 * This callback is called when SRTP media transport is created. 1811 1795 * Application can modify the SRTP setting \a srtpOpt to specify -
pjproject/trunk/pjsip/include/pjsua2/endpoint.hpp
r5704 r5755 1482 1482 */ 1483 1483 void resetVideoCodecParam(const string &codec_id) throw(Error); 1484 1485 /** 1486 * Enumerate all SRTP crypto-suite names. 1487 * 1488 * @return The list of SRTP crypto-suite name. 1489 */ 1490 StringVector srtpCryptoEnum() throw(Error); 1484 1491 1485 1492 /************************************************************************* -
pjproject/trunk/pjsip/src/pjsua-lib/pjsua_core.c
r5712 r5755 115 115 cfg->use_timer = PJSUA_SIP_TIMER_OPTIONAL; 116 116 pjsip_timer_setting_default(&cfg->timer_setting); 117 pjsua_srtp_opt_default(&cfg->srtp_opt); 117 118 } 118 119 … … 253 254 } 254 255 } 256 257 258 PJ_DEF(void) pjsua_srtp_opt_default(pjsua_srtp_opt *cfg) 259 { 260 pj_bzero(cfg, sizeof(*cfg)); 261 } 262 255 263 256 264 PJ_DEF(void) pjsua_acc_config_default(pjsua_acc_config *cfg) … … 289 297 cfg->srtp_secure_signaling = pjsua_var.ua_cfg.srtp_secure_signaling; 290 298 cfg->srtp_optional_dup_offer = pjsua_var.ua_cfg.srtp_optional_dup_offer; 299 cfg->srtp_opt = pjsua_var.ua_cfg.srtp_opt; 291 300 cfg->reg_retry_interval = PJSUA_REG_RETRY_INTERVAL; 292 301 cfg->reg_retry_random_interval = 10; -
pjproject/trunk/pjsip/src/pjsua-lib/pjsua_media.c
r5748 r5755 1536 1536 if (!call_med->tp_orig) { 1537 1537 pjmedia_srtp_setting srtp_opt; 1538 pjsua_srtp_opt *acc_srtp_opt = &acc->cfg.srtp_opt; 1538 1539 pjmedia_transport *srtp = NULL; 1540 unsigned i; 1539 1541 1540 1542 /* Check if SRTP requires secure signaling */ … … 1552 1554 srtp_opt.cb.on_srtp_nego_complete = &on_srtp_nego_complete; 1553 1555 srtp_opt.user_data = call_med; 1556 1557 /* Get crypto and keying settings from account settings */ 1558 srtp_opt.crypto_count = acc_srtp_opt->crypto_count; 1559 for (i = 0; i < srtp_opt.crypto_count; ++i) 1560 srtp_opt.crypto[i] = acc_srtp_opt->crypto[i]; 1561 srtp_opt.keying_count = acc_srtp_opt->keying_count; 1562 for (i = 0; i < srtp_opt.keying_count; ++i) 1563 srtp_opt.keying[i] = acc_srtp_opt->keying[i]; 1554 1564 1555 1565 /* If media session has been ever established, let's use remote's … … 1560 1570 else 1561 1571 srtp_opt.use = acc->cfg.use_srtp; 1562 1572 1563 1573 if (pjsua_var.ua_cfg.cb.on_create_media_transport_srtp) { 1574 pjmedia_srtp_setting srtp_opt2 = srtp_opt; 1564 1575 pjsua_call *call = call_med->call; 1565 pjmedia_srtp_use srtp_use = srtp_opt.use; 1576 1577 /* Warn that this callback is deprecated (see also #2100) */ 1578 PJ_LOG(1,(THIS_FILE, "Warning: on_create_media_transport_srtp " 1579 "is deprecated and will be removed in the " 1580 "future release")); 1566 1581 1567 1582 (*pjsua_var.ua_cfg.cb.on_create_media_transport_srtp) 1568 (call->index, call_med->idx, &srtp_opt); 1569 1570 /* Close_member_tp must not be overwritten by app */ 1571 srtp_opt.close_member_tp = PJ_TRUE; 1572 1573 /* Revert SRTP usage policy if media is reinitialized */ 1574 if (call->inv && call->inv->state == PJSIP_INV_STATE_CONFIRMED) { 1575 srtp_opt.use = srtp_use; 1576 } 1583 (call->index, call_med->idx, &srtp_opt2); 1584 1585 /* Only apply SRTP usage policy if this is initial INVITE */ 1586 if (call->inv && call->inv->state < PJSIP_INV_STATE_CONFIRMED) { 1587 srtp_opt.use = srtp_opt2.use; 1588 } 1589 1590 /* Apply crypto and keying settings from callback */ 1591 srtp_opt.crypto_count = srtp_opt2.crypto_count; 1592 for (i = 0; i < srtp_opt.crypto_count; ++i) 1593 srtp_opt.crypto[i] = srtp_opt2.crypto[i]; 1594 srtp_opt.keying_count = srtp_opt2.keying_count; 1595 for (i = 0; i < srtp_opt.keying_count; ++i) 1596 srtp_opt.keying[i] = srtp_opt2.keying[i]; 1577 1597 } 1578 1598 -
pjproject/trunk/pjsip/src/pjsua2/account.cpp
r5649 r5755 27 27 28 28 #define THIS_FILE "account.cpp" 29 30 /////////////////////////////////////////////////////////////////////////////// 31 32 void SrtpCrypto::fromPj(const pjmedia_srtp_crypto &prm) 33 { 34 this->key = pj2Str(prm.key); 35 this->name = pj2Str(prm.name); 36 this->flags = prm.flags; 37 } 38 39 pjmedia_srtp_crypto SrtpCrypto::toPj() const 40 { 41 pjmedia_srtp_crypto crypto; 42 43 crypto.key = str2Pj(this->key); 44 crypto.name = str2Pj(this->name); 45 crypto.flags = this->flags; 46 47 return crypto; 48 } 49 50 /////////////////////////////////////////////////////////////////////////////// 51 52 SrtpOpt::SrtpOpt() 53 { 54 pjsua_srtp_opt opt; 55 pjsua_srtp_opt_default(&opt); 56 fromPj(opt); 57 } 58 59 void SrtpOpt::fromPj(const pjsua_srtp_opt &prm) 60 { 61 this->cryptos.clear(); 62 for (unsigned i = 0; i < prm.crypto_count; ++i) { 63 SrtpCrypto crypto; 64 crypto.fromPj(prm.crypto[i]); 65 this->cryptos.push_back(crypto); 66 } 67 68 this->keyings.clear(); 69 for (unsigned i = 0; i < prm.keying_count; ++i) { 70 this->keyings.push_back(prm.keying[i]); 71 } 72 } 73 74 pjsua_srtp_opt SrtpOpt::toPj() const 75 { 76 pjsua_srtp_opt opt; 77 78 pj_bzero(&opt, sizeof(opt)); 79 80 opt.crypto_count = this->cryptos.size(); 81 for (unsigned i = 0; i < opt.crypto_count; ++i) { 82 opt.crypto[i] = this->cryptos[i].toPj(); 83 } 84 85 opt.keying_count = this->keyings.size(); 86 for (unsigned i = 0; i < opt.keying_count; ++i) { 87 opt.keying[i] = (pjmedia_srtp_keying_method)this->keyings[i]; 88 } 89 90 return opt; 91 } 92 93 void SrtpOpt::readObject(const ContainerNode &node) throw(Error) 94 { 95 ContainerNode this_node = node.readContainer("SrtpOpt"); 96 97 ContainerNode crypto_node = this_node.readArray("cryptos"); 98 this->cryptos.clear(); 99 while (crypto_node.hasUnread()) { 100 SrtpCrypto crypto; 101 NODE_READ_STRING (crypto_node, crypto.key); 102 NODE_READ_STRING (crypto_node, crypto.name); 103 NODE_READ_UNSIGNED (crypto_node, crypto.flags); 104 this->cryptos.push_back(crypto); 105 } 106 107 ContainerNode keying_node = this_node.readArray("keyings"); 108 this->keyings.clear(); 109 while (keying_node.hasUnread()) { 110 unsigned keying; 111 NODE_READ_UNSIGNED (keying_node, keying); 112 this->keyings.push_back(keying); 113 } 114 } 115 116 void SrtpOpt::writeObject(ContainerNode &node) const throw(Error) 117 { 118 ContainerNode this_node = node.writeNewContainer("SrtpOpt"); 119 120 ContainerNode crypto_node = this_node.writeNewArray("cryptos"); 121 for (unsigned i=0; i<this->cryptos.size(); ++i) { 122 NODE_WRITE_STRING (crypto_node, this->cryptos[i].key); 123 NODE_WRITE_STRING (crypto_node, this->cryptos[i].name); 124 NODE_WRITE_UNSIGNED (crypto_node, this->cryptos[i].flags); 125 } 126 127 ContainerNode keying_node = this_node.writeNewArray("keyings"); 128 for (unsigned i=0; i<this->keyings.size(); ++i) { 129 NODE_WRITE_UNSIGNED (keying_node, this->keyings[i]); 130 } 131 } 29 132 30 133 /////////////////////////////////////////////////////////////////////////////// … … 253 356 NODE_READ_NUM_T ( this_node, pjmedia_srtp_use, srtpUse); 254 357 NODE_READ_INT ( this_node, srtpSecureSignaling); 358 NODE_READ_OBJ ( this_node, srtpOpt); 255 359 NODE_READ_NUM_T ( this_node, pjsua_ipv6_use, ipv6Use); 256 360 NODE_READ_OBJ ( this_node, transportConfig); … … 265 369 NODE_WRITE_NUM_T ( this_node, pjmedia_srtp_use, srtpUse); 266 370 NODE_WRITE_INT ( this_node, srtpSecureSignaling); 371 NODE_WRITE_OBJ ( this_node, srtpOpt); 267 372 NODE_WRITE_NUM_T ( this_node, pjsua_ipv6_use, ipv6Use); 268 373 NODE_WRITE_OBJ ( this_node, transportConfig); … … 453 558 ret.use_srtp = mediaConfig.srtpUse; 454 559 ret.srtp_secure_signaling = mediaConfig.srtpSecureSignaling; 560 ret.srtp_opt = mediaConfig.srtpOpt.toPj(); 455 561 ret.ipv6_media_use = mediaConfig.ipv6Use; 456 562 … … 627 733 mediaConfig.srtpUse = prm.use_srtp; 628 734 mediaConfig.srtpSecureSignaling = prm.srtp_secure_signaling; 735 mediaConfig.srtpOpt.fromPj(prm.srtp_opt); 629 736 mediaConfig.ipv6Use = prm.ipv6_media_use; 630 737 -
pjproject/trunk/pjsip/src/pjsua2/endpoint.cpp
r5704 r5755 1092 1092 prm.stream = param->stream; 1093 1093 prm.streamIdx = param->stream_idx; 1094 prm.destroyPort = param->destroy_port;1094 prm.destroyPort = (param->destroy_port != PJ_FALSE); 1095 1095 prm.pPort = (MediaPort)param->port; 1096 1096 … … 2082 2082 } 2083 2083 2084 /* 2085 * Enumerate all SRTP crypto-suite names. 2086 */ 2087 StringVector Endpoint::srtpCryptoEnum() throw(Error) 2088 { 2089 unsigned cnt = PJMEDIA_SRTP_MAX_CRYPTOS; 2090 pjmedia_srtp_crypto cryptos[PJMEDIA_SRTP_MAX_CRYPTOS]; 2091 StringVector result; 2092 2093 PJSUA2_CHECK_EXPR(pjmedia_srtp_enum_crypto(&cnt, cryptos)); 2094 2095 for (unsigned i = 0; i < cnt; ++i) 2096 result.push_back(pj2Str(cryptos[i].name)); 2097 2098 return result; 2099 } 2100 2084 2101 void Endpoint::handleIpChange(const IpChangeParam ¶m) throw(Error) 2085 2102 {
Note: See TracChangeset
for help on using the changeset viewer.