diff --git a/README.md b/README.md index ac17c67f7..da4bcee08 100644 --- a/README.md +++ b/README.md @@ -732,10 +732,8 @@ Optionally included keys are: - `pad crypto` - RFC 4568 (section 6.1) is somewhat ambiguous regarding the base64 encoding format of - `a=crypto` parameters added to an SDP body. The default interpretation is that trailing - `=` characters used for padding should be omitted. With this flag set, these padding - characters will be left in place. + Legacy alias to SDES=pad. + - `generate mid` @@ -931,6 +929,17 @@ Optionally included keys are: offer, it will be removed and will be missing in the outgoing offer; and if a given crypto suite was not present in the received offer, it will not be added to it. + - `pad` + + RFC 4568 (section 6.1) is somewhat ambiguous regarding the base64 encoding format of + `a=crypto` parameters added to an SDP body. The default interpretation is that trailing + `=` characters used for padding should be omitted. With this flag set, these padding + characters will be left in place. + + - `lifetime` + + Add the key lifetime parameter `2^31` to each crypto key. + * `record call` Contains one of the strings `yes`, `no`, `on` or `off`. This tells the rtpengine diff --git a/daemon/call_interfaces.c b/daemon/call_interfaces.c index ccd165731..48a881f6f 100644 --- a/daemon/call_interfaces.c +++ b/daemon/call_interfaces.c @@ -541,6 +541,9 @@ INLINE void ng_sdes_option(struct sdp_ng_flags *out, str *s, void *dummy) { case CSH_LOOKUP("AUTHENTICATED_SRTP"): out->sdes_authenticated_srtp = 1; break; + case CSH_LOOKUP("lifetime"): + out->sdes_lifetime = 1; + break; default: ilog(LOG_WARN, "Unknown 'SDES' flag encountered: '"STR_FORMAT"'", STR_FMT(s)); @@ -790,7 +793,7 @@ static void call_ng_flags_flags(struct sdp_ng_flags *out, str *s, void *dummy) { out->inject_dtmf = 1; break; case CSH_LOOKUP("pad-crypto"): - out->pad_crypto = 1; + out->sdes_pad = 1; break; default: // handle values aliases from other dictionaries diff --git a/daemon/sdp.c b/daemon/sdp.c index 21e8065fd..7d3231f28 100644 --- a/daemon/sdp.c +++ b/daemon/sdp.c @@ -2187,7 +2187,7 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s p, &state, &save); p += g_base64_encode_close(0, p, &state, &save); - if (!flags->pad_crypto) { + if (!flags->sdes_pad) { // truncate trailing == while (p > b64_buf && p[-1] == '=') p--; @@ -2198,6 +2198,8 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s chopper_append_c(chop, cps->params.crypto_suite->name); chopper_append_c(chop, " inline:"); chopper_append(chop, b64_buf, p - b64_buf); + if (flags->sdes_lifetime) + chopper_append_c(chop, "|2^31"); if (cps->params.mki_len) { ull = 0; for (i = 0; i < cps->params.mki_len && i < sizeof(ull); i++) diff --git a/include/call_interfaces.h b/include/call_interfaces.h index 2b60b023c..b219bd056 100644 --- a/include/call_interfaces.h +++ b/include/call_interfaces.h @@ -96,7 +96,8 @@ struct sdp_ng_flags { sdes_encrypted_srtp:1, sdes_encrypted_srtcp:1, sdes_authenticated_srtp:1, - pad_crypto:1; + sdes_lifetime:1, + sdes_pad:1; }; diff --git a/t/auto-daemon-tests.pl b/t/auto-daemon-tests.pl index 8a71063d7..2ed8a0000 100755 --- a/t/auto-daemon-tests.pl +++ b/t/auto-daemon-tests.pl @@ -18,6 +18,45 @@ my ($sock_a, $sock_b, $port_a, $port_b, $ssrc, $resp, $srtp_ctx_a, $srtp_ctx_b, +# SDES key lifetime + +new_call(); + +offer('gh 966', { ICE => 'remove', 'transport-protocol' => 'RTP/SAVP', SDES => ['lifetime'], + DTLS => 'off' }, <