From c7c30df3c9da4c6ae6b1c0f118cdfbf72dae8f40 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 28 Aug 2019 15:31:18 -0400
Subject: [PATCH] TT#65800 fix SDES negotiation bug

If B accepts a crypto suite that was not listed as the first, in order
to support SRTP passthrough, we correctly answer to A with only that one
crypto suite. But we must also remove all other crypto suites from our
list of supported crypto suites internally, because we use the first one
to init our crypto contexts.

fixes #829

Change-Id: Id07343d7b24648208e3a4b4e0b246949dce0385e
(cherry picked from commit 346670014972f68a0c0ce92514ba3c37df643c95)
---
 daemon/call.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/daemon/call.c b/daemon/call.c
index b340aaabb..48c4ba811 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -1397,11 +1397,15 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 		struct crypto_params_sdes *cps_in = cpq_in->head ? cpq_in->head->data : NULL;
 		struct crypto_params_sdes *offered_cps = offered_cpq->head ? offered_cpq->head->data : NULL;
 		if (offered_cps) {
+			ilog(LOG_DEBUG, "Looking for matching crypto suite to offered %u:%s", offered_cps->tag,
+					offered_cps->params.crypto_suite->name);
 			// check if we can do SRTP<>SRTP passthrough. the crypto suite that was accepted
 			// must have been present in what was offered to us
 			for (GList *l = cpq_in->head; l; l = l->next) {
 				struct crypto_params_sdes *check_cps = l->data;
 				if (check_cps->params.crypto_suite == offered_cps->params.crypto_suite) {
+					ilog(LOG_DEBUG, "Found matching crypto suite %u:%s", check_cps->tag,
+							check_cps->params.crypto_suite->name);
 					cps_in = check_cps;
 					break;
 				}
@@ -1418,6 +1422,8 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 				// SRTP<>SRTP passthrough
 				cps->params.session_params = cps_in->params.session_params; // XXX verify
 				crypto_params_copy(&cps->params, &offered_cps->params, 1);
+				ilog(LOG_DEBUG, "Copied crypto params from %i:%s for SRTP passthrough",
+						cps_in->tag, cps_in->params.crypto_suite->name);
 			}
 			else {
 				random_string((unsigned char *) cps->params.master_key,
@@ -1426,7 +1432,16 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 						cps->params.crypto_suite->master_salt_len);
 				/* mki = mki_len = 0 */
 				cps->params.session_params = cps_in->params.session_params;
+				ilog(LOG_DEBUG, "Creating new SRTP crypto params for %i:%s",
+						cps->tag, cps->params.crypto_suite->name);
 			}
+
+			// flush out crypto suites we ended up not using - leave only one
+			if (!g_queue_remove(cpq_in, cps_in))
+				ilog(LOG_ERR, "BUG: incoming crypto suite not found in queue");
+			crypto_params_sdes_queue_clear(cpq_in);
+			g_queue_push_tail(cpq_in, cps_in);
+
 			__sdes_flags(cps, flags);
 			__sdes_flags(cps_in, flags);
 		}