Secure RTP (SRTP) More...
#include "asterisk.h"#include <srtp/srtp.h>#include "asterisk/lock.h"#include "asterisk/sched.h"#include "asterisk/module.h"#include "asterisk/options.h"#include "asterisk/rtp_engine.h"#include "asterisk/astobj2.h"
Go to the source code of this file.
Data Structures | |
| struct | ast_srtp |
| struct | ast_srtp_policy |
Functions | |
| static void | __reg_module (void) |
| static void | __unreg_module (void) |
| static int | ast_srtp_add_stream (struct ast_srtp *srtp, struct ast_srtp_policy *policy) |
| static int | ast_srtp_change_source (struct ast_srtp *srtp, unsigned int from_ssrc, unsigned int to_ssrc) |
| static int | ast_srtp_create (struct ast_srtp **srtp, struct ast_rtp_instance *rtp, struct ast_srtp_policy *policy) |
| static void | ast_srtp_destroy (struct ast_srtp *srtp) |
| static int | ast_srtp_get_random (unsigned char *key, size_t len) |
| static struct ast_srtp_policy * | ast_srtp_policy_alloc (void) |
| static void | ast_srtp_policy_destroy (struct ast_srtp_policy *policy) |
| static int | ast_srtp_policy_set_master_key (struct ast_srtp_policy *policy, const unsigned char *key, size_t key_len, const unsigned char *salt, size_t salt_len) |
| static void | ast_srtp_policy_set_ssrc (struct ast_srtp_policy *policy, unsigned long ssrc, int inbound) |
| static int | ast_srtp_policy_set_suite (struct ast_srtp_policy *policy, enum ast_srtp_suite suite) |
| static int | ast_srtp_protect (struct ast_srtp *srtp, void **buf, int *len, int rtcp) |
| static void | ast_srtp_set_cb (struct ast_srtp *srtp, const struct ast_srtp_cb *cb, void *data) |
| static int | ast_srtp_unprotect (struct ast_srtp *srtp, void *buf, int *len, int rtcp) |
| static struct ast_srtp_policy * | find_policy (struct ast_srtp *srtp, const srtp_policy_t *policy, int flags) |
| static int | load_module (void) |
| static int | policy_cmp_fn (void *obj, void *arg, int flags) |
| static void | policy_destructor (void *obj) |
| static int | policy_hash_fn (const void *obj, const int flags) |
| static int | policy_set_suite (crypto_policy_t *p, enum ast_srtp_suite suite) |
| static int | res_srtp_init (void) |
| static struct ast_srtp * | res_srtp_new (void) |
| static const char * | srtp_errstr (int err) |
| static void | srtp_event_cb (srtp_event_data_t *data) |
| static int | unload_module (void) |
Variables | |
| static struct ast_module_info | __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Secure RTP (SRTP)" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND, } |
| static struct ast_module_info * | ast_module_info = &__mod_info |
| static int | g_initialized = 0 |
| static struct ast_srtp_policy_res | policy_res |
| static struct ast_srtp_res | srtp_res |
Detailed Description
Function Documentation
| static void __reg_module | ( | void | ) | [static] |
Definition at line 536 of file res_srtp.c.
| static void __unreg_module | ( | void | ) | [static] |
Definition at line 536 of file res_srtp.c.
| static int ast_srtp_add_stream | ( | struct ast_srtp * | srtp, |
| struct ast_srtp_policy * | policy | ||
| ) | [static] |
Definition at line 458 of file res_srtp.c.
References ao2_t_link, ao2_t_ref, ast_debug, find_policy(), match(), OBJ_POINTER, ast_srtp::policies, ast_srtp::session, and ast_srtp_policy::sp.
Referenced by ast_srtp_change_source().
{
struct ast_srtp_policy *match;
if ((match = find_policy(srtp, &policy->sp, OBJ_POINTER))) {
ast_debug(3, "Policy already exists, not re-adding\n");
ao2_t_ref(match, -1, "Unreffing already existing policy");
return -1;
}
if (srtp_add_stream(srtp->session, &policy->sp) != err_status_ok) {
return -1;
}
ao2_t_link(srtp->policies, policy, "Added additional stream");
return 0;
}
| static int ast_srtp_change_source | ( | struct ast_srtp * | srtp, |
| unsigned int | from_ssrc, | ||
| unsigned int | to_ssrc | ||
| ) | [static] |
Definition at line 477 of file res_srtp.c.
References ao2_t_ref, ast_debug, ast_log(), ast_srtp_add_stream(), find_policy(), LOG_WARNING, match(), OBJ_POINTER, OBJ_UNLINK, ast_srtp::session, ast_srtp_policy::sp, and status.
{
struct ast_srtp_policy *match;
struct srtp_policy_t sp = {
.ssrc.type = ssrc_specific,
.ssrc.value = from_ssrc,
};
err_status_t status;
/* If we find a mach, return and unlink it from the container so we
* can change the SSRC (which is part of the hash) and then have
* ast_srtp_add_stream link it back in if all is well */
if ((match = find_policy(srtp, &sp, OBJ_POINTER | OBJ_UNLINK))) {
match->sp.ssrc.value = to_ssrc;
if (ast_srtp_add_stream(srtp, match)) {
ast_log(LOG_WARNING, "Couldn't add stream\n");
} else if ((status = srtp_remove_stream(srtp->session, from_ssrc))) {
ast_debug(3, "Couldn't remove stream (%d)\n", status);
}
ao2_t_ref(match, -1, "Unreffing found policy in change_source");
}
return 0;
}
| static int ast_srtp_create | ( | struct ast_srtp ** | srtp, |
| struct ast_rtp_instance * | rtp, | ||
| struct ast_srtp_policy * | policy | ||
| ) | [static] |
Definition at line 424 of file res_srtp.c.
References ao2_t_link, ast_module_ref(), res_srtp_new(), ast_srtp::rtp, ast_module_info::self, ast_srtp::session, and ast_srtp_policy::sp.
{
struct ast_srtp *temp;
if (!(temp = res_srtp_new())) {
return -1;
}
if (srtp_create(&temp->session, &policy->sp) != err_status_ok) {
return -1;
}
ast_module_ref(ast_module_info->self);
temp->rtp = rtp;
*srtp = temp;
ao2_t_link((*srtp)->policies, policy, "Created initial policy");
return 0;
}
| static void ast_srtp_destroy | ( | struct ast_srtp * | srtp | ) | [static] |
Definition at line 445 of file res_srtp.c.
References ao2_t_callback, ao2_t_ref, ast_free, ast_module_unref(), OBJ_MULTIPLE, OBJ_NODATA, OBJ_UNLINK, ast_srtp::policies, ast_module_info::self, and ast_srtp::session.
{
if (srtp->session) {
srtp_dealloc(srtp->session);
}
ao2_t_callback(srtp->policies, OBJ_UNLINK | OBJ_NODATA | OBJ_MULTIPLE, NULL, NULL, "Unallocate policy");
ao2_t_ref(srtp->policies, -1, "Destroying container");
ast_free(srtp);
ast_module_unref(ast_module_info->self);
}
| static int ast_srtp_get_random | ( | unsigned char * | key, |
| size_t | len | ||
| ) | [static] |
Definition at line 302 of file res_srtp.c.
{
return crypto_get_random(key, len) != err_status_ok ? -1: 0;
}
| static struct ast_srtp_policy * ast_srtp_policy_alloc | ( | void | ) | [static, read] |
Definition at line 232 of file res_srtp.c.
References ao2_t_alloc, ast_log(), LOG_ERROR, and policy_destructor().
{
struct ast_srtp_policy *tmp;
if (!(tmp = ao2_t_alloc(sizeof(*tmp), policy_destructor, "Allocating policy"))) {
ast_log(LOG_ERROR, "Unable to allocate memory for srtp_policy\n");
}
return tmp;
}
| static void ast_srtp_policy_destroy | ( | struct ast_srtp_policy * | policy | ) | [static] |
Definition at line 243 of file res_srtp.c.
References ao2_t_ref.
{
ao2_t_ref(policy, -1, "Destroying policy");
}
| static int ast_srtp_policy_set_master_key | ( | struct ast_srtp_policy * | policy, |
| const unsigned char * | key, | ||
| size_t | key_len, | ||
| const unsigned char * | salt, | ||
| size_t | salt_len | ||
| ) | [static] |
Definition at line 280 of file res_srtp.c.
References ast_calloc, ast_free, and ast_srtp_policy::sp.
{
size_t size = key_len + salt_len;
unsigned char *master_key;
if (policy->sp.key) {
ast_free(policy->sp.key);
policy->sp.key = NULL;
}
if (!(master_key = ast_calloc(1, size))) {
return -1;
}
memcpy(master_key, key, key_len);
memcpy(master_key + key_len, salt, salt_len);
policy->sp.key = master_key;
return 0;
}
| static void ast_srtp_policy_set_ssrc | ( | struct ast_srtp_policy * | policy, |
| unsigned long | ssrc, | ||
| int | inbound | ||
| ) | [static] |
Definition at line 211 of file res_srtp.c.
References ast_srtp_policy::sp.
| static int ast_srtp_policy_set_suite | ( | struct ast_srtp_policy * | policy, |
| enum ast_srtp_suite | suite | ||
| ) | [static] |
Definition at line 275 of file res_srtp.c.
References policy_set_suite(), and ast_srtp_policy::sp.
{
return policy_set_suite(&policy->sp.rtp, suite) | policy_set_suite(&policy->sp.rtcp, suite);
}
| static int ast_srtp_protect | ( | struct ast_srtp * | srtp, |
| void ** | buf, | ||
| int * | len, | ||
| int | rtcp | ||
| ) | [static] |
Definition at line 402 of file res_srtp.c.
References ast_log(), ast_srtp::buf, len(), LOG_WARNING, ast_srtp::rtcpbuf, ast_srtp::session, and srtp_errstr().
{
int res;
unsigned char *localbuf;
if ((*len + SRTP_MAX_TRAILER_LEN) > sizeof(srtp->buf)) {
return -1;
}
localbuf = rtcp ? srtp->rtcpbuf : srtp->buf;
memcpy(localbuf, *buf, *len);
if ((res = rtcp ? srtp_protect_rtcp(srtp->session, localbuf, len) : srtp_protect(srtp->session, localbuf, len)) != err_status_ok && res != err_status_replay_fail) {
ast_log(LOG_WARNING, "SRTP protect: %s\n", srtp_errstr(res));
return -1;
}
*buf = localbuf;
return *len;
}
| static void ast_srtp_set_cb | ( | struct ast_srtp * | srtp, |
| const struct ast_srtp_cb * | cb, | ||
| void * | data | ||
| ) | [static] |
Definition at line 307 of file res_srtp.c.
References ast_srtp::cb, and ast_srtp::data.
| static int ast_srtp_unprotect | ( | struct ast_srtp * | srtp, |
| void * | buf, | ||
| int * | len, | ||
| int | rtcp | ||
| ) | [static] |
Definition at line 318 of file res_srtp.c.
References ao2_container_count(), ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_t_ref, ast_log(), ast_rtp_instance_get_stats(), AST_RTP_INSTANCE_STAT_REMOTE_SSRC, ast_srtp::cb, ast_srtp::data, errno, len(), LOG_WARNING, ast_srtp_cb::no_ctx, ast_srtp::policies, ast_rtp_instance_stats::remote_ssrc, ast_srtp::rtp, ast_srtp::session, ast_srtp_policy::sp, srtp_errstr(), and ast_srtp::warned.
{
int res = 0;
int i;
int retry = 0;
struct ast_rtp_instance_stats stats = {0,};
tryagain:
for (i = 0; i < 2; i++) {
res = rtcp ? srtp_unprotect_rtcp(srtp->session, buf, len) : srtp_unprotect(srtp->session, buf, len);
if (res != err_status_no_ctx) {
break;
}
if (srtp->cb && srtp->cb->no_ctx) {
if (ast_rtp_instance_get_stats(srtp->rtp, &stats, AST_RTP_INSTANCE_STAT_REMOTE_SSRC)) {
break;
}
if (srtp->cb->no_ctx(srtp->rtp, stats.remote_ssrc, srtp->data) < 0) {
break;
}
} else {
break;
}
}
if (retry == 0 && res == err_status_replay_old) {
ast_log(LOG_WARNING, "SRTP unprotect: %s\n", srtp_errstr(res));
if (srtp->session) {
struct ast_srtp_policy *policy;
struct ao2_iterator it;
int policies_count = 0;
// dealloc first
ast_log(LOG_WARNING, "SRTP destroy before re-create\n");
srtp_dealloc(srtp->session);
// get the count
policies_count = ao2_container_count(srtp->policies);
// get the first to build up
it = ao2_iterator_init(srtp->policies, 0);
policy = ao2_iterator_next(&it);
ast_log(LOG_WARNING, "SRTP try to re-create\n");
if (srtp_create(&srtp->session, &policy->sp) == err_status_ok) {
ast_log(LOG_WARNING, "SRTP re-created with first policy\n");
// unref first element
ao2_t_ref(policy, -1, "Unreffing first policy for re-creating srtp session");
// if we have more than one policy, add them afterwards
if (policies_count > 1) {
ast_log(LOG_WARNING, "Add all the other %d policies\n", policies_count-1);
while ((policy = ao2_iterator_next(&it))) {
srtp_add_stream(srtp->session, &policy->sp);
ao2_t_ref(policy, -1, "Unreffing n-th policy for re-creating srtp session");
}
}
retry++;
ao2_iterator_destroy(&it);
goto tryagain;
}
ao2_iterator_destroy(&it);
}
}
if (res != err_status_ok && res != err_status_replay_fail ) {
if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {
ast_log(LOG_WARNING, "SRTP unprotect: %s %d\n", srtp_errstr(res), srtp->warned);
srtp->warned = 11;
} else {
srtp->warned++;
}
errno = EAGAIN;
return -1;
}
return *len;
}
| static struct ast_srtp_policy* find_policy | ( | struct ast_srtp * | srtp, |
| const srtp_policy_t * | policy, | ||
| int | flags | ||
| ) | [static, read] |
Definition at line 159 of file res_srtp.c.
References ao2_t_find, ast_srtp::policies, and ast_srtp_policy::sp.
Referenced by ast_srtp_add_stream(), and ast_srtp_change_source().
{
struct ast_srtp_policy tmp = {
.sp = {
.ssrc.type = policy->ssrc.type,
.ssrc.value = policy->ssrc.value,
},
};
return ao2_t_find(srtp->policies, &tmp, flags, "Looking for policy");
}
| static int load_module | ( | void | ) | [static] |
| static int policy_cmp_fn | ( | void * | obj, |
| void * | arg, | ||
| int | flags | ||
| ) | [static] |
Definition at line 152 of file res_srtp.c.
References ast_srtp_policy::sp.
Referenced by res_srtp_new().
{
const struct ast_srtp_policy *one = obj, *two = arg;
return one->sp.ssrc.type == two->sp.ssrc.type && one->sp.ssrc.value == two->sp.ssrc.value;
}
| static void policy_destructor | ( | void * | obj | ) | [static] |
Definition at line 222 of file res_srtp.c.
References ast_free, and ast_srtp_policy::sp.
Referenced by ast_srtp_policy_alloc().
{
struct ast_srtp_policy *policy = obj;
if (policy->sp.key) {
ast_free(policy->sp.key);
policy->sp.key = NULL;
}
}
| static int policy_hash_fn | ( | const void * | obj, |
| const int | flags | ||
| ) | [static] |
Definition at line 145 of file res_srtp.c.
References ast_srtp_policy::sp.
Referenced by res_srtp_new().
{
const struct ast_srtp_policy *policy = obj;
return policy->sp.ssrc.type == ssrc_specific ? policy->sp.ssrc.value : policy->sp.ssrc.type;
}
| static int policy_set_suite | ( | crypto_policy_t * | p, |
| enum ast_srtp_suite | suite | ||
| ) | [static] |
Definition at line 248 of file res_srtp.c.
References AST_AES_CM_128_HMAC_SHA1_32, AST_AES_CM_128_HMAC_SHA1_80, ast_log(), and LOG_ERROR.
Referenced by ast_srtp_policy_set_suite().
{
switch (suite) {
case AST_AES_CM_128_HMAC_SHA1_80:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 10;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
case AST_AES_CM_128_HMAC_SHA1_32:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 4;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
default:
ast_log(LOG_ERROR, "Invalid crypto suite: %d\n", suite);
return -1;
}
}
| static int res_srtp_init | ( | void | ) | [static] |
Definition at line 502 of file res_srtp.c.
References ast_rtp_engine_register_srtp(), and srtp_event_cb().
Referenced by load_module().
{
if (g_initialized) {
return 0;
}
if (srtp_init() != err_status_ok) {
return -1;
}
srtp_install_event_handler(srtp_event_cb);
return ast_rtp_engine_register_srtp(&srtp_res, &policy_res);
}
| static struct ast_srtp* res_srtp_new | ( | void | ) | [static, read] |
Definition at line 171 of file res_srtp.c.
References ao2_t_container_alloc, ast_calloc, ast_free, ast_log(), LOG_ERROR, ast_srtp::policies, policy_cmp_fn(), policy_hash_fn(), and ast_srtp::warned.
Referenced by ast_srtp_create().
{
struct ast_srtp *srtp;
if (!(srtp = ast_calloc(1, sizeof(*srtp)))) {
ast_log(LOG_ERROR, "Unable to allocate memory for srtp\n");
return NULL;
}
if (!(srtp->policies = ao2_t_container_alloc(5, policy_hash_fn, policy_cmp_fn, "SRTP policy container"))) {
ast_free(srtp);
return NULL;
}
srtp->warned = 1;
return srtp;
}
| static const char* srtp_errstr | ( | int | err | ) | [static] |
Definition at line 105 of file res_srtp.c.
Referenced by ast_srtp_protect(), and ast_srtp_unprotect().
{
switch(err) {
case err_status_ok:
return "nothing to report";
case err_status_fail:
return "unspecified failure";
case err_status_bad_param:
return "unsupported parameter";
case err_status_alloc_fail:
return "couldn't allocate memory";
case err_status_dealloc_fail:
return "couldn't deallocate properly";
case err_status_init_fail:
return "couldn't initialize";
case err_status_terminus:
return "can't process as much data as requested";
case err_status_auth_fail:
return "authentication failure";
case err_status_cipher_fail:
return "cipher failure";
case err_status_replay_fail:
return "replay check failed (bad index)";
case err_status_replay_old:
return "replay check failed (index too old)";
case err_status_algo_fail:
return "algorithm failed test routine";
case err_status_no_such_op:
return "unsupported operation";
case err_status_no_ctx:
return "no appropriate context found";
case err_status_cant_check:
return "unable to perform desired validation";
case err_status_key_expired:
return "can't use key any more";
default:
return "unknown";
}
}
| static void srtp_event_cb | ( | srtp_event_data_t * | data | ) | [static] |
Definition at line 193 of file res_srtp.c.
References ast_debug.
Referenced by res_srtp_init().
{
switch (data->event) {
case event_ssrc_collision:
ast_debug(1, "SSRC collision\n");
break;
case event_key_soft_limit:
ast_debug(1, "event_key_soft_limit\n");
break;
case event_key_hard_limit:
ast_debug(1, "event_key_hard_limit\n");
break;
case event_packet_index_limit:
ast_debug(1, "event_packet_index_limit\n");
break;
}
}
| static int unload_module | ( | void | ) | [static] |
Definition at line 526 of file res_srtp.c.
References ast_rtp_engine_unregister_srtp().
{
ast_rtp_engine_unregister_srtp();
return 0;
}
Variable Documentation
struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Secure RTP (SRTP)" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND, } [static] |
Definition at line 536 of file res_srtp.c.
struct ast_module_info* ast_module_info = &__mod_info [static] |
Definition at line 536 of file res_srtp.c.
int g_initialized = 0 [static] |
Definition at line 66 of file res_srtp.c.
struct ast_srtp_policy_res policy_res [static] |
Definition at line 97 of file res_srtp.c.
Referenced by ast_rtp_engine_register_srtp().
struct ast_srtp_res srtp_res [static] |
Definition at line 86 of file res_srtp.c.
Referenced by ast_rtp_engine_register_srtp().
