tweak to srtp to support polycoms

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7254 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Anthony Minessale 2008-01-16 21:28:20 +00:00
parent ab1b61cb5d
commit 28d2dfdf3a
4 changed files with 27 additions and 6 deletions

View File

@ -52,7 +52,7 @@
<condition field="${call_debug}" expression="^true$" break="never"> <condition field="${call_debug}" expression="^true$" break="never">
<action application="info"/> <action application="info"/>
</condition> </condition>
<condition field="${sip_has_crypto}" expression="^AES_CM_128_HMAC_SHA1_32$" break="never"> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
<action application="set" data="sip_secure_media=true"/> <action application="set" data="sip_secure_media=true"/>
</condition> </condition>
<condition> <condition>
@ -236,6 +236,13 @@
</condition> </condition>
</extension> </extension>
<extension name="echo">
<condition field="destination_number" expression="^9996$">
<action application="answer"/>
<action application="echo"/>
</condition>
</extension>
<extension name="milliwatt"> <extension name="milliwatt">
<condition field="destination_number" expression="^9997$"> <condition field="destination_number" expression="^9997$">
<action application="answer"/> <action application="answer"/>
@ -251,7 +258,7 @@
</extension> </extension>
<extension name="hold_music"> <extension name="hold_music">
<condition field="${sip_has_crypto}" expression="^AES_CM_128_HMAC_SHA1_32$" break="never"> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
<action application="answer"/> <action application="answer"/>
<action application="execute_extension" data="is_secure XML default"/> <action application="execute_extension" data="is_secure XML default"/>
</condition> </condition>

View File

@ -46,7 +46,7 @@
<!--<param name="bind-params" value="transport=udp"/>--> <!--<param name="bind-params" value="transport=udp"/>-->
<!-- TLS: disabled by default, set to "true" to enable --> <!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="false"/> <param name="tls" value="true"/>
<!-- additional bind parameters for TLS --> <!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/> <param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5061 will be used if unspecified) --> <!-- Port to listen on for TLS requests. (5061 will be used if unspecified) -->
@ -54,7 +54,7 @@
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) --> <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/> <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 --> <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="sslv23"/> <param name="tls-version" value="tlsv1"/>
<!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)--> <!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
<!--<param name="rtp-rewrite-timestamps" value="true"/>--> <!--<param name="rtp-rewrite-timestamps" value="true"/>-->

View File

@ -345,6 +345,7 @@ struct private_object {
char *gateway_name; char *gateway_name;
char *local_crypto_key; char *local_crypto_key;
char *remote_crypto_key; char *remote_crypto_key;
int crypto_tag;
unsigned char local_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN]; unsigned char local_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
unsigned char remote_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN]; unsigned char remote_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
switch_rtp_crypto_key_type_t crypto_send_type; switch_rtp_crypto_key_type_t crypto_send_type;

View File

@ -1352,7 +1352,8 @@ switch_status_t sofia_glue_activate_rtp(private_object_t *tech_pvt, switch_rtp_f
if (tech_pvt->remote_crypto_key && switch_test_flag(tech_pvt, TFLAG_SECURE)) { if (tech_pvt->remote_crypto_key && switch_test_flag(tech_pvt, TFLAG_SECURE)) {
sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV); sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_SEND, 1, tech_pvt->crypto_type, tech_pvt->local_raw_key, SWITCH_RTP_KEY_LEN); switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_SEND, 1, tech_pvt->crypto_type, tech_pvt->local_raw_key, SWITCH_RTP_KEY_LEN);
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, 1, tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN); switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, tech_pvt->crypto_tag,
tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN);
switch_channel_set_variable(tech_pvt->channel, SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE, "true"); switch_channel_set_variable(tech_pvt->channel, SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE, "true");
} }
@ -1547,11 +1548,23 @@ uint8_t sofia_glue_negotiate_sdp(switch_core_session_t *session, sdp_session_t *
ptime = atoi(a->a_value); ptime = atoi(a->a_value);
} else if (!strcasecmp(a->a_name, "crypto") && a->a_value) { } else if (!strcasecmp(a->a_name, "crypto") && a->a_value) {
crypto = a->a_value; crypto = a->a_value;
int crypto_tag = atoi(crypto);
if (tech_pvt->remote_crypto_key) { if (tech_pvt->remote_crypto_key) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Already have a key\n"); if (crypto_tag && crypto_tag == tech_pvt->crypto_tag) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Existing key is still valid.\n");
} else {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Change Remote key to [%s]\n", crypto);
tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto);
tech_pvt->crypto_tag = crypto_tag;
sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, tech_pvt->crypto_tag,
tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN);
}
} else { } else {
tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto); tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto);
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Set Remote Key [%s]\n", tech_pvt->remote_crypto_key); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Set Remote Key [%s]\n", tech_pvt->remote_crypto_key);
tech_pvt->crypto_tag = crypto_tag;
if (switch_strlen_zero(tech_pvt->local_crypto_key)) { if (switch_strlen_zero(tech_pvt->local_crypto_key)) {
if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) { if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {