From e435b35e34431082128c8e321e4466f27065920d Mon Sep 17 00:00:00 2001 From: "Alfred E. Heggestad" Date: Thu, 18 Jun 2015 22:22:48 +0200 Subject: dtls_srtp: switch to SHA-256 fingerprint as default --- modules/dtls_srtp/dtls_srtp.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/modules/dtls_srtp/dtls_srtp.c b/modules/dtls_srtp/dtls_srtp.c index e63aafc..dfc2a96 100644 --- a/modules/dtls_srtp/dtls_srtp.c +++ b/modules/dtls_srtp/dtls_srtp.c @@ -10,9 +10,26 @@ #include "dtls_srtp.h" -/* - * STACK Diagram: +/** + * @defgroup dtls_srtp dtls_srtp + * + * DTLS-SRTP media encryption module + * + * This module implements end-to-end media encryption using DTLS-SRTP + * which is now mandatory for WebRTC endpoints. + * + * DTLS-SRTP can be enabled in ~/.baresip/accounts: + * + \verbatim + ;mediaenc=dtls_srtp + ;mediaenc=dtls_srtpf + ;mediaenc=srtp-mandf + \endverbatim + * + * + * Internally the protocol stack diagram looks something like this: * + \verbatim * application * | * | @@ -24,7 +41,8 @@ * ( TURN/ICE ) * | * | - * socket + * [socket] + \endverbatim * */ @@ -93,7 +111,8 @@ static bool verify_fingerprint(const struct sdp_session *sess, enum tls_fingerprint type; int err; - if (sdp_fingerprint_decode(sdp_rattr(sess, media, "fingerprint"), + if (sdp_fingerprint_decode(sdp_media_session_rattr(media, sess, + "fingerprint"), &hash, md_sdp, &sz_sdp)) return false; @@ -156,8 +175,8 @@ static int session_alloc(struct menc_sess **sessp, goto out; /* RFC 4572 */ - err = sdp_session_set_lattr(sdp, true, "fingerprint", "SHA-1 %H", - dtls_print_sha1_fingerprint, tls); + err = sdp_session_set_lattr(sdp, true, "fingerprint", "SHA-256 %H", + dtls_print_sha256_fingerprint, tls); if (err) goto out; @@ -366,7 +385,7 @@ static int media_alloc(struct menc_media **mp, struct menc_sess *sess, setup: st->mux = (rtpsock == rtcpsock) || (rtcpsock == NULL); - setup = sdp_rattr(st->sess->sdp, st->sdpm, "setup"); + setup = sdp_media_session_rattr(st->sdpm, st->sess->sdp, "setup"); if (setup) { st->active = !(0 == str_casecmp(setup, "active")); @@ -375,7 +394,8 @@ static int media_alloc(struct menc_media **mp, struct menc_sess *sess, } /* SDP offer/answer on fingerprint attribute */ - fingerprint = sdp_rattr(st->sess->sdp, st->sdpm, "fingerprint"); + fingerprint = sdp_media_session_rattr(st->sdpm, st->sess->sdp, + "fingerprint"); if (fingerprint) { struct pl hash; -- cgit v1.2.3