From 2896839ad92f3b4ce0cf6bb39415ad0ac7a56692 Mon Sep 17 00:00:00 2001 From: "Alfred E. Heggestad" Date: Thu, 19 Jun 2014 19:12:57 +0200 Subject: dtls_srtp: use SRTP-stack from libre --- modules/dtls_srtp/dtls_srtp.c | 17 ++---- modules/dtls_srtp/module.mk | 2 +- modules/dtls_srtp/srtp.c | 119 ++++++++---------------------------------- 3 files changed, 26 insertions(+), 112 deletions(-) (limited to 'modules/dtls_srtp') diff --git a/modules/dtls_srtp/dtls_srtp.c b/modules/dtls_srtp/dtls_srtp.c index 2796080..e63aafc 100644 --- a/modules/dtls_srtp/dtls_srtp.c +++ b/modules/dtls_srtp/dtls_srtp.c @@ -4,10 +4,6 @@ * Copyright (C) 2010 Creytiv.com */ -#if defined (__GNUC__) && !defined (asm) -#define asm __asm__ /* workaround */ -#endif -#include #include #include #include @@ -224,6 +220,8 @@ static void dtls_close_handler(int err, void *arg) info("dtls_srtp: dtls-connection closed (%m)\n", err); + comp->tls_conn = mem_deref(comp->tls_conn); + if (!comp->negotiated) { if (comp->ds->sess->errorh) @@ -238,6 +236,8 @@ static void dtls_conn_handler(const struct sa *peer, void *arg) int err; (void)peer; + info("dtls_srtp: incoming DTLS connect from %J\n", peer); + err = dtls_accept(&comp->tls_conn, tls, comp->dtls_sock, dtls_estab_handler, NULL, dtls_close_handler, comp); if (err) { @@ -423,16 +423,8 @@ static struct menc dtls_srtp2 = { static int module_init(void) { - err_status_t ret; int err; - crypto_kernel_shutdown(); - ret = srtp_init(); - if (err_status_ok != ret) { - warning("dtls_srtp: srtp_init() failed: ret=%d\n", ret); - return ENOSYS; - } - err = tls_alloc(&tls, TLS_METHOD_DTLSV1, NULL, NULL); if (err) { warning("dtls_srtp: failed to create DTLS context (%m)\n", @@ -472,7 +464,6 @@ static int module_close(void) menc_unregister(&dtls_srtpf); menc_unregister(&dtls_srtp2); tls = mem_deref(tls); - crypto_kernel_shutdown(); return 0; } diff --git a/modules/dtls_srtp/module.mk b/modules/dtls_srtp/module.mk index 2e9b6d5..4fb3628 100644 --- a/modules/dtls_srtp/module.mk +++ b/modules/dtls_srtp/module.mk @@ -6,6 +6,6 @@ MOD := dtls_srtp $(MOD)_SRCS += dtls_srtp.c srtp.c dtls.c -$(MOD)_LFLAGS += -lsrtp +$(MOD)_LFLAGS += include mk/mod.mk diff --git a/modules/dtls_srtp/srtp.c b/modules/dtls_srtp/srtp.c index 554a23d..e449b3f 100644 --- a/modules/dtls_srtp/srtp.c +++ b/modules/dtls_srtp/srtp.c @@ -4,19 +4,13 @@ * Copyright (C) 2010 Creytiv.com */ -#if defined (__GNUC__) && !defined (asm) -#define asm __asm__ /* workaround */ -#endif -#include #include #include #include "dtls_srtp.h" struct srtp_stream { - srtp_policy_t policy; - srtp_t srtp; - uint8_t key[SRTP_MAX_KEY_LEN]; + struct srtp *srtp; }; @@ -58,104 +52,62 @@ static inline bool is_rtcp_packet(const struct mbuf *mb) } -static int errstatus_print(struct re_printf *pf, err_status_t e) -{ - const char *s; - - switch (e) { - - case err_status_ok: s = "ok"; break; - case err_status_fail: s = "fail"; break; - case err_status_auth_fail: s = "auth_fail"; break; - case err_status_cipher_fail: s = "cipher_fail"; break; - case err_status_replay_fail: s = "replay_fail"; break; - - default: - return re_hprintf(pf, "err=%d", e); - } - - return re_hprintf(pf, "%s", s); -} - - static void destructor(void *arg) { struct srtp_stream *s = arg; - if (s->srtp) - srtp_dealloc(s->srtp); + mem_deref(s->srtp); } static bool send_handler(int *err, struct sa *dst, struct mbuf *mb, void *arg) { struct comp *comp = arg; - err_status_t e; - int len; (void)dst; if (!is_rtp_or_rtcp(mb)) return false; - len = (int)mbuf_get_left(mb); - - if (mbuf_get_space(mb) < ((size_t)len + SRTP_MAX_TRAILER_LEN)) { - *err = mbuf_resize(mb, mb->pos + len + SRTP_MAX_TRAILER_LEN); - if (*err) - return true; - } - if (is_rtcp_packet(mb)) { - e = srtp_protect_rtcp(comp->tx->srtp, mbuf_buf(mb), &len); + *err = srtcp_encrypt(comp->tx->srtp, mb); + if (*err) { + warning("srtp: srtcp_encrypt failed (%m)\n", *err); + } } else { - e = srtp_protect(comp->tx->srtp, mbuf_buf(mb), &len); + *err = srtp_encrypt(comp->tx->srtp, mb); + if (*err) { + warning("srtp: srtp_encrypt failed (%m)\n", *err); + } } - if (err_status_ok != e) { - warning("srtp: send: failed to protect %s-packet" - " with %d bytes (%H)\n", - is_rtcp_packet(mb) ? "RTCP" : "RTP", - len, errstatus_print, e); - *err = EPROTO; - return false; - } - mbuf_set_end(mb, mb->pos + len); - - return false; /* continue processing */ + return *err ? true : false; /* continue processing */ } static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg) { struct comp *comp = arg; - err_status_t e; - int len; + int err; (void)src; if (!is_rtp_or_rtcp(mb)) return false; - len = (int)mbuf_get_left(mb); - if (is_rtcp_packet(mb)) { - e = srtp_unprotect_rtcp(comp->rx->srtp, mbuf_buf(mb), &len); + err = srtcp_decrypt(comp->rx->srtp, mb); } else { - e = srtp_unprotect(comp->rx->srtp, mbuf_buf(mb), &len); + err = srtp_decrypt(comp->rx->srtp, mb); } - if (e != err_status_ok) { - warning("srtp: recv: failed to unprotect %s-packet" - " with %d bytes (%H)\n", - is_rtcp_packet(mb) ? "RTCP" : "RTP", - len, errstatus_print, e); + if (err) { + warning("srtp: recv: failed to decrypt %s-packet (%m)\n", + is_rtcp_packet(mb) ? "RTCP" : "RTP", err); return true; /* error - drop packet */ } - mbuf_set_end(mb, mb->pos + len); - return false; /* continue processing */ } @@ -164,47 +116,18 @@ int srtp_stream_add(struct srtp_stream **sp, enum srtp_suite suite, const uint8_t *key, size_t key_size, bool tx) { struct srtp_stream *s; - err_status_t e; int err = 0; - if (!sp || !key || key_size > SRTP_MAX_KEY_LEN) + if (!sp || !key) return EINVAL; s = mem_zalloc(sizeof(*s), destructor); if (!s) return ENOMEM; - memcpy(s->key, key, sizeof(s->key)); - - /* note: policy and key must be on the heap */ - - switch (suite) { - - case SRTP_AES_CM_128_HMAC_SHA1_32: - crypto_policy_set_aes_cm_128_hmac_sha1_32(&s->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_32(&s->policy.rtcp); - break; - - case SRTP_AES_CM_128_HMAC_SHA1_80: - crypto_policy_set_aes_cm_128_hmac_sha1_80(&s->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&s->policy.rtcp); - break; - - default: - warning("srtp: unsupported crypto suite: %d\n", suite); - err = ENOSYS; - goto out; - } - - s->policy.ssrc.type = tx ? ssrc_any_outbound : ssrc_any_inbound; - s->policy.key = s->key; - s->policy.next = NULL; - - e = srtp_create(&s->srtp, &s->policy); - if (err_status_ok != e) { - s->srtp = NULL; - warning("srtp: srtp_create() failed. e=%d\n", e); - err = ENOMEM; + err = srtp_alloc(&s->srtp, suite, key, key_size, 0); + if (err) { + warning("srtp: srtp_alloc() failed (%m)\n", err); goto out; } -- cgit v1.2.3