diff --git a/daemon/dtls.c b/daemon/dtls.c index 043741c1f..69f685d25 100644 --- a/daemon/dtls.c +++ b/daemon/dtls.c @@ -657,6 +657,8 @@ int dtls_connection_init(struct dtls_connection *d, struct packet_stream *ps, in d->active = active ? -1 : 0; + random_string(d->tls_id, sizeof(d->tls_id)); + done: return 0; diff --git a/daemon/sdp.c b/daemon/sdp.c index 4bfe5deaf..cc3854aa5 100644 --- a/daemon/sdp.c +++ b/daemon/sdp.c @@ -2376,7 +2376,7 @@ static void insert_candidates(GString *s, struct packet_stream *rtp, struct pack insert_sfd_candidates(s, rtcp, type_pref, local_pref, cand_type, flags); } -static void insert_dtls(GString *s, struct call_media *media) { +static void insert_dtls(GString *s, struct call_media *media, struct dtls_connection *dtls) { unsigned char *p; int i; const struct dtls_hash_func *hf; @@ -2427,6 +2427,16 @@ static void insert_dtls(GString *s, struct call_media *media) { g_string_truncate(s, s->len - 1); g_string_append(s, "\r\n"); + + if (dtls) { + g_string_append(s, "a=tls-id:"); + + p = dtls->tls_id; + for (i = 0; i < sizeof(dtls->tls_id); i++) + g_string_append_printf(s, "%02x", *p++); + + g_string_append(s, "\r\n"); + } } static void insert_crypto1(GString *s, struct call_media *media, struct crypto_params_sdes *cps, @@ -2602,6 +2612,7 @@ static struct packet_stream *print_sdp_media_section(GString *s, struct call_med struct sdp_ng_flags *flags, GList *rtp_ps_link, bool is_active, bool force_end_of_ice) { + struct packet_stream *rtp_ps = rtp_ps_link->data; struct packet_stream *ps_rtcp = NULL; if (media->media_id.s) { @@ -2628,7 +2639,7 @@ static struct packet_stream *print_sdp_media_section(GString *s, struct call_med ps_rtcp = print_rtcp(s, media, rtp_ps_link, flags); insert_crypto(s, media, flags); - insert_dtls(s, media); + insert_dtls(s, media, dtls_ptr(rtp_ps->selected_sfd)); if (proto_is_rtp(media->protocol) && media->ptime) g_string_append_printf(s, "a=ptime:%i\r\n", media->ptime); @@ -2644,7 +2655,7 @@ static struct packet_stream *print_sdp_media_section(GString *s, struct call_med if (MEDIA_ISSET(media, TRICKLE_ICE) && media->ice_agent) g_string_append(s, "a=ice-options:trickle\r\n"); if (MEDIA_ISSET(media, ICE)) - insert_candidates(s, rtp_ps_link->data, ps_rtcp, flags, sdp_media); + insert_candidates(s, rtp_ps, ps_rtcp, flags, sdp_media); } if (MEDIA_ISSET(media, TRICKLE_ICE) && media->ice_agent) diff --git a/include/dtls.h b/include/dtls.h index 04c751460..3a910b29e 100644 --- a/include/dtls.h +++ b/include/dtls.h @@ -53,6 +53,7 @@ struct dtls_connection { SSL *ssl; BIO *r_bio, *w_bio; void *ptr; + unsigned char tls_id[16]; unsigned int init:1, active:1, connected:1; diff --git a/perl/NGCP/Rtpengine/AutoTest.pm b/perl/NGCP/Rtpengine/AutoTest.pm index 034573ea3..6d1bb6664 100644 --- a/perl/NGCP/Rtpengine/AutoTest.pm +++ b/perl/NGCP/Rtpengine/AutoTest.pm @@ -135,6 +135,7 @@ sub sdp_match { $regexp =~ s/FINGERPRINT/([0-9a-fA-F:]{59})/gs; $regexp =~ s/SDP_VERSION/\\d+ \\d+/gs; $regexp =~ s/RTPE_VERSION/rtpengine-\\S+/gs; + $regexp =~ s/TLS_ID/([0-9a-f]{32})/gs; my $crlf = crlf($sdp); like $crlf, qr/$regexp/s, "$name - output '$cmd' SDP"; my @matches = $crlf =~ qr/$regexp/s; diff --git a/t/auto-daemon-tests-pubsub.pl b/t/auto-daemon-tests-pubsub.pl index 623ba4d2f..4e677a022 100755 --- a/t/auto-daemon-tests-pubsub.pl +++ b/t/auto-daemon-tests-pubsub.pl @@ -2584,6 +2584,7 @@ a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP is $ftr, ft(), 'from-tag matches'; @@ -2690,6 +2691,7 @@ a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP is $ftr, ft(), 'from-tag matches'; @@ -2758,6 +2760,7 @@ a=crypto:133 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:134 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP ($port_b) = answer('SRTP call RTP sub', diff --git a/t/auto-daemon-tests-websocket.py b/t/auto-daemon-tests-websocket.py index 9ddf05c04..6d889ccf8 100644 --- a/t/auto-daemon-tests-websocket.py +++ b/t/auto-daemon-tests-websocket.py @@ -522,6 +522,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:actpass\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" @@ -699,7 +700,8 @@ class TestVideoroom(unittest.TestCase): "a=recvonly\r\n" "a=rtcp:\d+\r\n" "a=setup:active\r\n" - "a=fingerprint:sha-256 .{95}\r\n$", + "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n$", re.DOTALL, ), ) @@ -876,7 +878,8 @@ class TestVideoroom(unittest.TestCase): "a=recvonly\r\n" "a=rtcp:\d+\r\n" "a=setup:active\r\n" - "a=fingerprint:sha-256 .{95}\r\n$", + "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n$", re.DOTALL, ), ) @@ -1212,6 +1215,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:active\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" @@ -1231,6 +1235,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:active\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" @@ -1313,6 +1318,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:actpass\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" @@ -1353,6 +1359,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:actpass\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" @@ -1554,6 +1561,7 @@ class TestVideoroom(unittest.TestCase): "a=rtcp-mux\r\n" "a=setup:actpass\r\n" "a=fingerprint:sha-256 .{95}\r\n" + "a=tls-id:[0-9a-f]{32}\r\n" "a=ice-ufrag:.{8}\r\n" "a=ice-pwd:.{26}\r\n" "a=ice-options:trickle\r\n" diff --git a/t/auto-daemon-tests.pl b/t/auto-daemon-tests.pl index e1bdaf059..53fe55dd4 100755 --- a/t/auto-daemon-tests.pl +++ b/t/auto-daemon-tests.pl @@ -8006,6 +8006,7 @@ a=sendrecv a=rtcp:PORT a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP answer('fingerprint selection', { @@ -8058,6 +8059,7 @@ a=sendrecv a=rtcp:PORT a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP @@ -8094,6 +8096,7 @@ a=sendrecv a=rtcp:PORT a=setup:actpass a=fingerprint:sha-1 FINGERPRINT +a=tls-id:TLS_ID SDP answer('fingerprint selection', { @@ -8146,6 +8149,7 @@ a=sendrecv a=rtcp:PORT a=setup:actpass a=fingerprint:sha-1 FINGERPRINT +a=tls-id:TLS_ID SDP new_call; @@ -8181,6 +8185,7 @@ a=sendrecv a=rtcp:PORT a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP @@ -8233,6 +8238,7 @@ a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP rtpe_req('delete', 'GH 1086', { 'from-tag' => ft() }); @@ -8278,6 +8284,7 @@ a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP @@ -8675,6 +8682,7 @@ a=sendrecv a=rtcp:PORT a=setup:active a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP @@ -8728,6 +8736,7 @@ a=sendrecv a=rtcp:PORT a=setup:passive a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID SDP @@ -8845,6 +8854,7 @@ a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID a=ptime:20 SDP @@ -8963,6 +8973,7 @@ a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128 a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128 a=setup:actpass a=fingerprint:sha-256 FINGERPRINT256 +a=tls-id:TLS_ID a=ptime:20 SDP