diff options
author | Alfred E. Heggestad <aeh@db.org> | 2014-09-17 21:23:17 +0300 |
---|---|---|
committer | Alfred E. Heggestad <aeh@db.org> | 2014-09-17 21:23:17 +0300 |
commit | c7864e8878ec20340837dda28e421fe901f9afb6 (patch) | |
tree | 47955c85db9d9ce07a45dda61e417bd6e38cf600 /modules | |
parent | fd2415e04189f762a9c530c933966f8892453041 (diff) |
zrtp: add support for SAS verification
- the patch was contributed by Ingo Feinerer
- use the command 'Z' to write verified ZID
Diffstat (limited to 'modules')
-rw-r--r-- | modules/zrtp/zrtp.c | 69 |
1 files changed, 66 insertions, 3 deletions
diff --git a/modules/zrtp/zrtp.c b/modules/zrtp/zrtp.c index b4f9d8d..29c1f0d 100644 --- a/modules/zrtp/zrtp.c +++ b/modules/zrtp/zrtp.c @@ -244,11 +244,72 @@ static int on_send_packet(const zrtp_stream_t *stream, } +static void on_zrtp_secure(zrtp_stream_t *stream) +{ + const struct menc_media *st = zrtp_stream_get_userdata(stream); + const struct menc_sess *sess = st->sess; + zrtp_session_info_t sess_info; + + zrtp_session_get(sess->zrtp_session, &sess_info); + if (!sess_info.sas_is_verified && sess_info.sas_is_ready) { + info("zrtp: verify SAS <%s> <%s> for remote peer %w\n", + sess_info.sas1.buffer, + sess_info.sas2.buffer, + sess_info.peer_zid.buffer, + (size_t)sess_info.peer_zid.length); + } +} + + static struct menc menc_zrtp = { LE_INIT, "zrtp", "RTP/AVP", session_alloc, media_alloc }; +static int verify_sas(struct re_printf *pf, void *arg) +{ + const struct cmd_arg *carg = arg; + + if (str_isset(carg->prm)) { + char *s2h; + char rzid[ZRTP_STRING16] = ""; + zrtp_status_t s; + zrtp_string16_t remote_zid; + + if (str_len(carg->prm) != 24) { + warning("zrtp: invalid remote ZID (%s)\n", carg->prm); + return EINVAL; + } + + s2h = str2hex(carg->prm, (int) str_len(carg->prm), + rzid, sizeof(rzid)); + if (str_len(rzid) != sizeof(zrtp_zid_t)) { + warning("zrtp: str2hex failed (%s)\n", s2h); + return EINVAL; + } + zrtp_zstrcpyc(ZSTR_GV(remote_zid), rzid); + + s = zrtp_cache_set_verified(zrtp_global->cache, + ZSTR_GV(remote_zid), + true); + if (s == zrtp_status_ok) + info("zrtp: SAS for peer %s verified\n", carg->prm); + else { + warning("zrtp: zrtp_cache_set_verified" + " failed (status = %d)\n", s); + return EINVAL; + } + } + + return 0; +} + + +static const struct cmd cmdv[] = { + {'Z', CMD_PRM, "Verify ZRTP SAS", verify_sas }, +}; + + static int module_init(void) { zrtp_status_t s; @@ -267,12 +328,12 @@ static int module_init(void) if (re_snprintf(zrtp_config.cache_file_cfg.cache_path, sizeof(zrtp_config.cache_file_cfg.cache_path), "%s/zrtp_cache.dat", config_path) < 0) - return ENOMEM; + return ENOMEM; if (re_snprintf(zrtp_zid_path, sizeof(zrtp_zid_path), "%s/zrtp_zid", config_path) < 0) - return ENOMEM; + return ENOMEM; if ((f = fopen(zrtp_zid_path, "rb")) != NULL) { if (fread(zrtp_config.zid, sizeof(zrtp_config.zid), 1, f) != 1) { @@ -302,6 +363,7 @@ static int module_init(void) zrtp_config.lic_mode = ZRTP_LICENSE_MODE_UNLIMITED; zrtp_config.cb.misc_cb.on_send_packet = on_send_packet; + zrtp_config.cb.event_cb.on_zrtp_secure = on_zrtp_secure; s = zrtp_init(&zrtp_config, &zrtp_global); if (zrtp_status_ok != s) { @@ -311,12 +373,13 @@ static int module_init(void) menc_register(&menc_zrtp); - return 0; + return cmd_register(cmdv, ARRAY_SIZE(cmdv)); } static int module_close(void) { + cmd_unregister(cmdv); menc_unregister(&menc_zrtp); if (zrtp_global) { |