From fb1083f8e3ec37ba768a7e18ebfa0bd34b5e73af Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Mon, 19 Nov 2018 13:37:46 -0500 Subject: [PATCH] Add option to leave base64 padding for a=crypto in place closes #658 Squashed commit (plus docs and minor modification) of: commit 4187cd3b2d65be0bc2a41dd0b18cf5d36142d059 Author: Muhammad Zaka Date: Mon Nov 19 18:13:43 2018 +0000 removed unnecessary pad_crypto_def variable commit 5c7b7c0cedce857ccbc5b3d72b818dd5aa85b8f5 Author: Muhammad Zaka Date: Mon Nov 19 17:39:18 2018 +0000 add `pad-crypto` flag to not truncate trailing '==' after base64 encode commit 98bea79902ad5fe0a999810b1e6528d807b93102 Author: Muhammad Zaka Date: Fri Nov 16 10:59:47 2018 +0000 crypto containing padding should be sent within sdp for pass through Change-Id: I1f7502f34e9492100e5c3a5a7345319ed996c22c --- README.md | 7 +++++++ daemon/call_interfaces.c | 2 ++ daemon/sdp.c | 17 ++++++++++------- include/call_interfaces.h | 5 +++-- utils/rtpengine-ng-client | 3 ++- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index bb5648011..d17f8f088 100644 --- a/README.md +++ b/README.md @@ -1240,6 +1240,13 @@ Optionally included keys are: full-call media block, but also remove directional media blocks that were imposed on individual participants. + - `pad crypto` + + RFC 4568 (section 6.1) is somewhat ambiguous regarding the base64 encoding format of + `a=crypto` parameters added to an SDP body. The default interpretation is that trailing + `=` characters used for padding should be omitted. With this flag set, these padding + characters will be left in place. + * `replace` Similar to the `flags` list. Controls which parts of the SDP body should be rewritten. diff --git a/daemon/call_interfaces.c b/daemon/call_interfaces.c index 500024186..9cf023b65 100644 --- a/daemon/call_interfaces.c +++ b/daemon/call_interfaces.c @@ -621,6 +621,8 @@ static void call_ng_flags_flags(struct sdp_ng_flags *out, str *s, void *dummy) { out->always_transcode = 1; else if (!str_cmp(s, "asymmetric-codecs")) out->asymmetric_codecs = 1; + else if (!str_cmp(s, "pad-crypto")) + out->pad_crypto = 1; else { // handle values aliases from other dictionaries if (call_ng_flags_prefix(out, s, "SDES-", ng_sdes_option, NULL)) diff --git a/daemon/sdp.c b/daemon/sdp.c index cd6d1bc4e..3d68682b1 100644 --- a/daemon/sdp.c +++ b/daemon/sdp.c @@ -1916,7 +1916,7 @@ static void insert_dtls(struct call_media *media, struct sdp_chopper *chop) { chopper_append_c(chop, "\r\n"); } -static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, struct crypto_params_sdes *cps) { +static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, struct crypto_params_sdes *cps, struct sdp_ng_flags *flags) { char b64_buf[((SRTP_MAX_MASTER_KEY_LEN + SRTP_MAX_MASTER_SALT_LEN) / 3 + 1) * 4 + 4]; char *p; int state = 0, save = 0, i; @@ -1933,9 +1933,12 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s cps->params.crypto_suite->master_salt_len, 0, p, &state, &save); p += g_base64_encode_close(0, p, &state, &save); - // truncate trailing == - while (p > b64_buf && p[-1] == '=') - p--; + + if (!flags->pad_crypto) { + // truncate trailing == + while (p > b64_buf && p[-1] == '=') + p--; + } chopper_append_c(chop, "a=crypto:"); chopper_append_printf(chop, "%u ", cps->tag); @@ -1956,9 +1959,9 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s chopper_append_c(chop, " UNAUTHENTICATED_SRTP"); chopper_append_c(chop, "\r\n"); } -static void insert_crypto(struct call_media *media, struct sdp_chopper *chop) { +static void insert_crypto(struct call_media *media, struct sdp_chopper *chop, struct sdp_ng_flags *flags) { for (GList *l = media->sdes_out.head; l; l = l->next) - insert_crypto1(media, chop, l->data); + insert_crypto1(media, chop, l->data, flags); } @@ -2116,7 +2119,7 @@ int sdp_replace(struct sdp_chopper *chop, GQueue *sessions, struct call_monologu else ps_rtcp = NULL; - insert_crypto(call_media, chop); + insert_crypto(call_media, chop, flags); insert_dtls(call_media, chop); if (call_media->ptime) diff --git a/include/call_interfaces.h b/include/call_interfaces.h index 4667bb954..e87318a4b 100644 --- a/include/call_interfaces.h +++ b/include/call_interfaces.h @@ -70,13 +70,14 @@ struct sdp_ng_flags { sdes_unauthenticated_srtp:1, sdes_encrypted_srtp:1, sdes_encrypted_srtcp:1, - sdes_authenticated_srtp:1; + sdes_authenticated_srtp:1, + pad_crypto:1; }; + extern int trust_address_def; extern int dtls_passive_def; - str *call_request_tcp(char **); str *call_lookup_tcp(char **); void call_delete_tcp(char **); diff --git a/utils/rtpengine-ng-client b/utils/rtpengine-ng-client index b1a61ab45..92d191528 100755 --- a/utils/rtpengine-ng-client +++ b/utils/rtpengine-ng-client @@ -60,6 +60,7 @@ GetOptions( 'metadata=s' => \$options{'metadata'}, 'all' => \$options{'all'}, 'address=s' => \$options{'address'}, + 'pad-crypto' => \$options{'pad crypto'}, ) or die; my $cmd = shift(@ARGV) or die; @@ -72,7 +73,7 @@ for my $x (split(/,/, 'from-tag,to-tag,call-id,transport protocol,media address, for my $x (split(/,/, 'TOS,delete-delay')) { defined($options{$x}) and $packet{$x} = $options{$x}; } -for my $x (split(/,/, 'trust address,symmetric,asymmetric,force,strict source,media handover,sip source address,reset,port latching,no rtcp attribute,loop protect,record call,always transcode,all')) { +for my $x (split(/,/, 'trust address,symmetric,asymmetric,force,strict source,media handover,sip source address,reset,port latching,no rtcp attribute,loop protect,record call,always transcode,all,pad crypto')) { defined($options{$x}) and push(@{$packet{flags}}, $x); } for my $x (split(/,/, 'origin,session connection')) {