From 93092e850f94e4d2cee82828c6bb45ea879135f5 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Thu, 13 Jun 2013 14:07:40 -0400
Subject: [PATCH] must use the outgoing's side crypto context for out packets,
 also add some logging

---
 daemon/call.c   |  8 +++-----
 daemon/crypto.c |  3 ---
 daemon/rtp.c    | 36 ++++++++++++++++++++++++------------
 3 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/daemon/call.c b/daemon/call.c
index 071952a50..a0406be3a 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -217,17 +217,16 @@ void kernelize(struct callstream *c) {
 
 
 static int __dummy_stream_handler(str *s, struct streamrelay *r) {
-	abort();
 	return 0;
 }
 static int call_avpf2avp(str *s, struct streamrelay *r) {
 	return rtcp_avpf2avp(s);
 }
 static int call_avp2savp_rtp(str *s, struct streamrelay *r) {
-	return rtp_avp2savp(s, &r->peer.crypto.out);
+	return rtp_avp2savp(s, &r->other->peer.crypto.out);
 }
 static int call_avp2savp_rtcp(str *s, struct streamrelay *r) {
-	return rtcp_avp2savp(s, &r->peer.crypto.out);
+	return rtcp_avp2savp(s, &r->other->peer.crypto.out);
 }
 static int call_savp2avp_rtp(str *s, struct streamrelay *r) {
 	return rtp_savp2avp(s, &r->peer.crypto.in);
@@ -339,8 +338,7 @@ static int stream_packet(struct streamrelay *sr_incoming, str *s, struct sockadd
 
 	if (!sr_incoming->handler)
 		sr_incoming->handler = determine_handler(sr_incoming);
-	if (sr_incoming->handler != __dummy_stream_handler)
-		handler_ret = sr_incoming->handler(s, sr_incoming);
+	handler_ret = sr_incoming->handler(s, sr_incoming);
 
 use_cand:
 	if (p_incoming->confirmed || !p_incoming->filled || sr_incoming->idx != 0)
diff --git a/daemon/crypto.c b/daemon/crypto.c
index 6a89dce30..0758c0e7a 100644
--- a/daemon/crypto.c
+++ b/daemon/crypto.c
@@ -189,9 +189,6 @@ int crypto_gen_session_key(struct crypto_context *c, str *out, unsigned char lab
 	unsigned char x[14];
 	int i;
 
-	if (!c->crypto_suite)
-		return -1;
-
 	ZERO(key_id);
 	/* key_id[1..6] := r; or 1..4 for rtcp
 	 * key_derivation_rate == 0 --> r == 0 */
diff --git a/daemon/rtp.c b/daemon/rtp.c
index 1b42102a3..c402e67d3 100644
--- a/daemon/rtp.c
+++ b/daemon/rtp.c
@@ -6,6 +6,7 @@
 
 #include "str.h"
 #include "crypto.h"
+#include "log.h"
 
 
 
@@ -16,20 +17,24 @@ static inline int check_session_keys(struct crypto_context *c) {
 	if (c->have_session_key)
 		return 0;
 	if (!c->crypto_suite)
-		return -1;
+		goto error;
 
 	str_init_len(&s, c->session_key, c->crypto_suite->session_key_len);
 	if (crypto_gen_session_key(c, &s, 0x00, 6))
-		return -1;
+		goto error;
 	str_init_len(&s, c->session_auth_key, c->crypto_suite->srtp_auth_key_len);
 	if (crypto_gen_session_key(c, &s, 0x01, 6))
-		return -1;
+		goto error;
 	str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len);
 	if (crypto_gen_session_key(c, &s, 0x02, 6))
-		return -1;
+		goto error;
 
 	c->have_session_key = 1;
 	return 0;
+
+error:
+	mylog(LOG_WARNING, "Error generating SRTP session keys");
+	return -1;
 }
 
 static int rtp_payload(struct rtp_header **out, str *p, const str *s) {
@@ -37,31 +42,35 @@ static int rtp_payload(struct rtp_header **out, str *p, const str *s) {
 	struct rtp_extension *ext;
 
 	if (s->len < sizeof(*rtp))
-		return -1;
+		goto error;
 
 	rtp = (void *) s->s;
 	if ((rtp->v_p_x_cc & 0xc0) != 0x80) /* version 2 */
-		return -1;
+		goto error;
 
 	*p = *s;
 	/* fixed header */
 	str_shift(p, sizeof(*rtp));
 	/* csrc list */
 	if (str_shift(p, (rtp->v_p_x_cc & 0xf) * 4))
-		return -1;
+		goto error;
 
 	if ((rtp->v_p_x_cc & 0x10)) {
 		/* extension */
 		if (p->len < sizeof(*ext))
-			return -1;
+			goto error;
 		ext = (void *) p->s;
 		if (str_shift(p, 4 + ntohs(ext->length) * 4))
-			return -1;
+			goto error;
 	}
 
 	*out = rtp;
 
 	return 0;
+
+error:
+	mylog(LOG_WARNING, "Error parsing RTP header");
+	return -1;
 }
 
 static u_int64_t packet_index(struct crypto_context *c, struct rtp_header *rtp) {
@@ -125,7 +134,6 @@ void rtp_append_mki(str *s, struct crypto_context *c) {
 }
 
 /* rfc 3711, section 3.3 */
-/* XXX some error handling/logging here */
 int rtp_avp2savp(str *s, struct crypto_context *c) {
 	struct rtp_header *rtp;
 	str payload, to_auth;
@@ -203,7 +211,7 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki,
 	*auth_tag = STR_NULL;
 	if (auth_len) {
 		if (to_decrypt->len < auth_len)
-			return -1;
+			goto error;
 
 		str_init_len(auth_tag, to_decrypt->s + to_decrypt->len - auth_len, auth_len);
 		to_decrypt->len -= auth_len;
@@ -214,7 +222,7 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki,
 		*mki = STR_NULL;
 	if (mki_len) {
 		if (to_decrypt->len < mki_len)
-			return -1;
+			goto error;
 
 		if (mki)
 			str_init_len(mki, to_decrypt->s - mki_len, mki_len);
@@ -223,4 +231,8 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki,
 	}
 
 	return 0;
+
+error:
+	mylog(LOG_WARNING, "Invalid SRTP packet received");
+	return -1;
 }