MT#56125 Move sdes_no / sdes_only checks to a separate function

A new function dedicated to SDES crypto suites policy checks has been introduced: 'crypto_params_sdes_check_limitations()'. Use it to decrease an amount of repeating code blocks related to SDES checks. Change-Id: I0ac242a63107a9f3a41f95a57e3d3675645ac18d
3 years ago · 6dcda68223
--- a/daemon/call.c
+++ b/daemon/call.c
@ -1780,24 +1780,12 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 		for (GList *l = offered_cpq ? offered_cpq->head : NULL; l; l = l->next) {
 			struct crypto_params_sdes *offered_cps = l->data;

 			/* if we accept only certain SDES suites, then add only them,
 			 * this takes precedence above the 'SDES-no-' flag(s).
 			 * We mustn't check the 'flags->sdes_no' at all, if 'flags->sdes_only' is set.
 			 */
 			if (!flags->sdes_nonew && flags->sdes_only) {
 				if (!g_hash_table_lookup(flags->sdes_only, &offered_cps->params.crypto_suite->name_str)) {
 					ilogs(crypto, LOG_DEBUG, "'%s' crypto suite not added, because not one of 'SDES-only-'",
 							offered_cps->params.crypto_suite->name);
 					continue;
 				}
 			}

 			/* SDES suites to be excluded */
 			else if (!flags->sdes_nonew && flags->sdes_no &&
 				g_hash_table_lookup(flags->sdes_no, &offered_cps->params.crypto_suite->name_str))
 			if (!flags->sdes_nonew &&
 				crypto_params_sdes_check_limitations(flags->sdes_only, flags->sdes_no,
 				offered_cps->params.crypto_suite))
 			{
 				ilogs(crypto, LOG_DEBUG, "Not offering crypto suite '%s' due to 'SDES-no' option",
 				offered_cps->params.crypto_suite->name);
 				ilogs(crypto, LOG_DEBUG, "Not offering crypto suite '%s'",
 					offered_cps->params.crypto_suite->name);
 				continue;
 			}

@ -1843,28 +1831,15 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 			 * that weren't accepted before, instead of re-using the same keys (and
 			 * suites) that were previously offered but not accepted */
 			for (unsigned int i = 0; i < num_crypto_suites; i++) {

 				if ((types_offered & (1 << i)))
 					continue;

 				/* if we accept only certain SDES suites, then add only them,
 				 * this takes precedence above the 'SDES-no-' flag(s).
 				 * We mustn't check the 'flags->sdes_no' at all, if 'flags->sdes_only' is set.
 				 */
 				if (flags->sdes_only)
 				if (crypto_params_sdes_check_limitations(flags->sdes_only,
 						flags->sdes_no, &crypto_suites[i]))
 				{
 					if (!g_hash_table_lookup(flags->sdes_only, &crypto_suites[i].name_str)) {
 						ilogs(crypto, LOG_DEBUG, "'%s' crypto suite not added, because not one of 'SDES-only-'",
 								crypto_suites[i].name);
 						continue;
 					}
 				}

 				/* SDES suites to be excluded */
 				else if (flags->sdes_no &&
 					g_hash_table_lookup(flags->sdes_no, &crypto_suites[i].name_str))
 				{
 					ilogs(crypto, LOG_DEBUG, "Not offering crypto suite '%s' due to 'SDES-no' option",
 					crypto_suites[i].name);
 					ilogs(crypto, LOG_DEBUG, "Not offering crypto suite '%s'",
 						crypto_suites[i].name);
 					continue;
 				}

@ -1989,26 +1964,8 @@ static void __sdes_accept(struct call_media *media, const struct sdp_ng_flags *f
 		while (l) {
 			struct crypto_params_sdes *offered_cps = l->data;

 			/* if 'SDES-only-' flag(s) present, then
 				* accept only those SDES suites mentioned in the 'SDES-only-',
 				* all the rest will be dropped / not added.
 				* This takes precedence over 'SDES-no-'.
 				*
 				* We mustn't check the 'flags->sdes_no' at all, if 'flags->sdes_only' is set. */
 			if (flags->sdes_only)
 			{
 				if (g_hash_table_lookup(flags->sdes_only,
 						&offered_cps->params.crypto_suite->name_str))
 				{
 					l = l->prev;
 					continue;
 				}
 			}

 			/* if 'SDES-no-' flag(s) present, then
 				* remove SDES-no suites from offered ones */
 			else if (flags->sdes_no && !g_hash_table_lookup(flags->sdes_no,
 					&offered_cps->params.crypto_suite->name_str))
 			if (!crypto_params_sdes_check_limitations(flags->sdes_only,
 					flags->sdes_no, offered_cps->params.crypto_suite))
 			{
 				l = l->prev;
 				continue;
--- a/include/crypto.h
+++ b/include/crypto.h
@ -10,7 +10,6 @@
 #include "aux.h"



 #define SRTP_MAX_MASTER_KEY_LEN 32
 #define SRTP_MAX_MASTER_SALT_LEN 14
 #define SRTP_MAX_SESSION_KEY_LEN 32
@ -217,7 +216,36 @@ INLINE void crypto_params_sdes_queue_copy(GQueue *dst, const GQueue *src) {
 		g_queue_push_tail(dst, cpy);
 	}
 }
 /**
 * Checks whether to apply policies according to: sdes_no / sdes_only
 * returns: 1 - to not apply / 0 - to apply
 */
 INLINE int crypto_params_sdes_check_limitations(GHashTable * sdes_only,
 			GHashTable * sdes_no,
 			const struct crypto_suite *cps) {

 	/* if 'SDES-only-' flag(s) present, then
 	 * accept only those SDES suites mentioned in the 'SDES-only-',
 	 * all the rest will be dropped / not added.
 	 * This takes precedence over 'SDES-no-'.
 	 *
 	 * We mustn't check the 'flags->sdes_no' at all, if 'flags->sdes_only' is set. */
 	if (sdes_only)
 	{
 		if (!g_hash_table_lookup(sdes_only, &cps->name_str))
 			return 1;
 	}

 	/* if 'SDES-no-' flag(s) present, then
 		* remove SDES-no suites from offered ones */
 	else if (sdes_no &&
 		g_hash_table_lookup(sdes_no, &cps->name_str))
 	{
 		return 1;
 	}

 	return 0;
 }

 #include "main.h"
 #include "log.h"