summaryrefslogtreecommitdiff
path: root/modules/dtls_srtp
diff options
context:
space:
mode:
authorAlfred E. Heggestad <aeh@db.org>2014-06-19 19:12:57 +0200
committerAlfred E. Heggestad <aeh@db.org>2014-06-19 19:12:57 +0200
commit2896839ad92f3b4ce0cf6bb39415ad0ac7a56692 (patch)
tree2f77e31cf444b82f1e032982246a5ce0682d7c94 /modules/dtls_srtp
parentc94c27cf8461e477b5a2acf01574ef9222485c64 (diff)
dtls_srtp: use SRTP-stack from libre
Diffstat (limited to 'modules/dtls_srtp')
-rw-r--r--modules/dtls_srtp/dtls_srtp.c17
-rw-r--r--modules/dtls_srtp/module.mk2
-rw-r--r--modules/dtls_srtp/srtp.c119
3 files changed, 26 insertions, 112 deletions
diff --git a/modules/dtls_srtp/dtls_srtp.c b/modules/dtls_srtp/dtls_srtp.c
index 2796080..e63aafc 100644
--- a/modules/dtls_srtp/dtls_srtp.c
+++ b/modules/dtls_srtp/dtls_srtp.c
@@ -4,10 +4,6 @@
* Copyright (C) 2010 Creytiv.com
*/
-#if defined (__GNUC__) && !defined (asm)
-#define asm __asm__ /* workaround */
-#endif
-#include <srtp/srtp.h>
#include <re.h>
#include <baresip.h>
#include <string.h>
@@ -224,6 +220,8 @@ static void dtls_close_handler(int err, void *arg)
info("dtls_srtp: dtls-connection closed (%m)\n", err);
+ comp->tls_conn = mem_deref(comp->tls_conn);
+
if (!comp->negotiated) {
if (comp->ds->sess->errorh)
@@ -238,6 +236,8 @@ static void dtls_conn_handler(const struct sa *peer, void *arg)
int err;
(void)peer;
+ info("dtls_srtp: incoming DTLS connect from %J\n", peer);
+
err = dtls_accept(&comp->tls_conn, tls, comp->dtls_sock,
dtls_estab_handler, NULL, dtls_close_handler, comp);
if (err) {
@@ -423,16 +423,8 @@ static struct menc dtls_srtp2 = {
static int module_init(void)
{
- err_status_t ret;
int err;
- crypto_kernel_shutdown();
- ret = srtp_init();
- if (err_status_ok != ret) {
- warning("dtls_srtp: srtp_init() failed: ret=%d\n", ret);
- return ENOSYS;
- }
-
err = tls_alloc(&tls, TLS_METHOD_DTLSV1, NULL, NULL);
if (err) {
warning("dtls_srtp: failed to create DTLS context (%m)\n",
@@ -472,7 +464,6 @@ static int module_close(void)
menc_unregister(&dtls_srtpf);
menc_unregister(&dtls_srtp2);
tls = mem_deref(tls);
- crypto_kernel_shutdown();
return 0;
}
diff --git a/modules/dtls_srtp/module.mk b/modules/dtls_srtp/module.mk
index 2e9b6d5..4fb3628 100644
--- a/modules/dtls_srtp/module.mk
+++ b/modules/dtls_srtp/module.mk
@@ -6,6 +6,6 @@
MOD := dtls_srtp
$(MOD)_SRCS += dtls_srtp.c srtp.c dtls.c
-$(MOD)_LFLAGS += -lsrtp
+$(MOD)_LFLAGS +=
include mk/mod.mk
diff --git a/modules/dtls_srtp/srtp.c b/modules/dtls_srtp/srtp.c
index 554a23d..e449b3f 100644
--- a/modules/dtls_srtp/srtp.c
+++ b/modules/dtls_srtp/srtp.c
@@ -4,19 +4,13 @@
* Copyright (C) 2010 Creytiv.com
*/
-#if defined (__GNUC__) && !defined (asm)
-#define asm __asm__ /* workaround */
-#endif
-#include <srtp/srtp.h>
#include <re.h>
#include <baresip.h>
#include "dtls_srtp.h"
struct srtp_stream {
- srtp_policy_t policy;
- srtp_t srtp;
- uint8_t key[SRTP_MAX_KEY_LEN];
+ struct srtp *srtp;
};
@@ -58,104 +52,62 @@ static inline bool is_rtcp_packet(const struct mbuf *mb)
}
-static int errstatus_print(struct re_printf *pf, err_status_t e)
-{
- const char *s;
-
- switch (e) {
-
- case err_status_ok: s = "ok"; break;
- case err_status_fail: s = "fail"; break;
- case err_status_auth_fail: s = "auth_fail"; break;
- case err_status_cipher_fail: s = "cipher_fail"; break;
- case err_status_replay_fail: s = "replay_fail"; break;
-
- default:
- return re_hprintf(pf, "err=%d", e);
- }
-
- return re_hprintf(pf, "%s", s);
-}
-
-
static void destructor(void *arg)
{
struct srtp_stream *s = arg;
- if (s->srtp)
- srtp_dealloc(s->srtp);
+ mem_deref(s->srtp);
}
static bool send_handler(int *err, struct sa *dst, struct mbuf *mb, void *arg)
{
struct comp *comp = arg;
- err_status_t e;
- int len;
(void)dst;
if (!is_rtp_or_rtcp(mb))
return false;
- len = (int)mbuf_get_left(mb);
-
- if (mbuf_get_space(mb) < ((size_t)len + SRTP_MAX_TRAILER_LEN)) {
- *err = mbuf_resize(mb, mb->pos + len + SRTP_MAX_TRAILER_LEN);
- if (*err)
- return true;
- }
-
if (is_rtcp_packet(mb)) {
- e = srtp_protect_rtcp(comp->tx->srtp, mbuf_buf(mb), &len);
+ *err = srtcp_encrypt(comp->tx->srtp, mb);
+ if (*err) {
+ warning("srtp: srtcp_encrypt failed (%m)\n", *err);
+ }
}
else {
- e = srtp_protect(comp->tx->srtp, mbuf_buf(mb), &len);
+ *err = srtp_encrypt(comp->tx->srtp, mb);
+ if (*err) {
+ warning("srtp: srtp_encrypt failed (%m)\n", *err);
+ }
}
- if (err_status_ok != e) {
- warning("srtp: send: failed to protect %s-packet"
- " with %d bytes (%H)\n",
- is_rtcp_packet(mb) ? "RTCP" : "RTP",
- len, errstatus_print, e);
- *err = EPROTO;
- return false;
- }
- mbuf_set_end(mb, mb->pos + len);
-
- return false; /* continue processing */
+ return *err ? true : false; /* continue processing */
}
static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg)
{
struct comp *comp = arg;
- err_status_t e;
- int len;
+ int err;
(void)src;
if (!is_rtp_or_rtcp(mb))
return false;
- len = (int)mbuf_get_left(mb);
-
if (is_rtcp_packet(mb)) {
- e = srtp_unprotect_rtcp(comp->rx->srtp, mbuf_buf(mb), &len);
+ err = srtcp_decrypt(comp->rx->srtp, mb);
}
else {
- e = srtp_unprotect(comp->rx->srtp, mbuf_buf(mb), &len);
+ err = srtp_decrypt(comp->rx->srtp, mb);
}
- if (e != err_status_ok) {
- warning("srtp: recv: failed to unprotect %s-packet"
- " with %d bytes (%H)\n",
- is_rtcp_packet(mb) ? "RTCP" : "RTP",
- len, errstatus_print, e);
+ if (err) {
+ warning("srtp: recv: failed to decrypt %s-packet (%m)\n",
+ is_rtcp_packet(mb) ? "RTCP" : "RTP", err);
return true; /* error - drop packet */
}
- mbuf_set_end(mb, mb->pos + len);
-
return false; /* continue processing */
}
@@ -164,47 +116,18 @@ int srtp_stream_add(struct srtp_stream **sp, enum srtp_suite suite,
const uint8_t *key, size_t key_size, bool tx)
{
struct srtp_stream *s;
- err_status_t e;
int err = 0;
- if (!sp || !key || key_size > SRTP_MAX_KEY_LEN)
+ if (!sp || !key)
return EINVAL;
s = mem_zalloc(sizeof(*s), destructor);
if (!s)
return ENOMEM;
- memcpy(s->key, key, sizeof(s->key));
-
- /* note: policy and key must be on the heap */
-
- switch (suite) {
-
- case SRTP_AES_CM_128_HMAC_SHA1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(&s->policy.rtp);
- crypto_policy_set_aes_cm_128_hmac_sha1_32(&s->policy.rtcp);
- break;
-
- case SRTP_AES_CM_128_HMAC_SHA1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(&s->policy.rtp);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(&s->policy.rtcp);
- break;
-
- default:
- warning("srtp: unsupported crypto suite: %d\n", suite);
- err = ENOSYS;
- goto out;
- }
-
- s->policy.ssrc.type = tx ? ssrc_any_outbound : ssrc_any_inbound;
- s->policy.key = s->key;
- s->policy.next = NULL;
-
- e = srtp_create(&s->srtp, &s->policy);
- if (err_status_ok != e) {
- s->srtp = NULL;
- warning("srtp: srtp_create() failed. e=%d\n", e);
- err = ENOMEM;
+ err = srtp_alloc(&s->srtp, suite, key, key_size, 0);
+ if (err) {
+ warning("srtp: srtp_alloc() failed (%m)\n", err);
goto out;
}