fix mitm for audio for passing sas with zrtp

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16204 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Brian West 2010-01-07 23:29:06 +00:00
parent 4c6942b437
commit 857a8926d2

View File

@ -219,7 +219,8 @@ struct switch_rtp {
#ifdef ENABLE_ZRTP #ifdef ENABLE_ZRTP
zrtp_session_t *zrtp_session; zrtp_session_t *zrtp_session;
zrtp_profile_t *zrtp_profile; zrtp_profile_t *zrtp_profile;
zrtp_stream_t *zrtp_ctx; zrtp_stream_t *zrtp_audio_ctx;
zrtp_stream_t *zrtp_video_ctx;
int zrtp_mitm_tries; int zrtp_mitm_tries;
#endif #endif
@ -474,8 +475,8 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
#if 0 #if 0
case ZRTP_EVENT_NO_ZRTP_QUICK: case ZRTP_EVENT_NO_ZRTP_QUICK:
{ {
if (rtp_session->zrtp_ctx != NULL) { if (rtp_session->zrtp_audio_ctx != NULL) {
zrtp_stream_stop(rtp_session->zrtp_ctx); zrtp_stream_stop(rtp_session->zrtp_audio_ctx);
} }
} }
break; break;
@ -561,7 +562,7 @@ static void zrtp_handler(switch_rtp_t *rtp_session, switch_socket_t *sock, void
zrtp_status_t status = zrtp_status_fail; zrtp_status_t status = zrtp_status_fail;
unsigned int len = datalen; unsigned int len = datalen;
status = zrtp_process_srtp(rtp_session->zrtp_ctx, (char*)data, &len); status = zrtp_process_srtp(rtp_session->zrtp_audio_ctx, (char*)data, &len);
switch(status) { switch(status) {
case zrtp_status_ok: case zrtp_status_ok:
break; break;
@ -1190,6 +1191,8 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_create(switch_rtp_t **new_rtp_session
zrtp_enabled = NULL; zrtp_enabled = NULL;
} }
switch_channel_set_private(channel, "__zrtp_rtp_session", rtp_session);
if (switch_true(zrtp_enabled)) { if (switch_true(zrtp_enabled)) {
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) { if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
initiator = 1; initiator = 1;
@ -1210,15 +1213,15 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_create(switch_rtp_t **new_rtp_session
zrtp_session_set_userdata(rtp_session->zrtp_session, rtp_session); zrtp_session_set_userdata(rtp_session->zrtp_session, rtp_session);
if (zrtp_status_ok != zrtp_stream_attach(rtp_session->zrtp_session, &rtp_session->zrtp_ctx)) { if (zrtp_status_ok != zrtp_stream_attach(rtp_session->zrtp_session, &rtp_session->zrtp_audio_ctx)) {
abort(); abort();
} }
zrtp_stream_set_userdata(rtp_session->zrtp_ctx, rtp_session); zrtp_stream_set_userdata(rtp_session->zrtp_audio_ctx, rtp_session);
if (switch_true(switch_channel_get_variable(channel, "zrtp_enrollment"))) { if (switch_true(switch_channel_get_variable(channel, "zrtp_enrollment"))) {
zrtp_stream_registration_start(rtp_session->zrtp_ctx, rtp_session->ssrc); zrtp_stream_registration_start(rtp_session->zrtp_audio_ctx, rtp_session->ssrc);
} else { } else {
zrtp_stream_start(rtp_session->zrtp_ctx, rtp_session->ssrc); zrtp_stream_start(rtp_session->zrtp_audio_ctx, rtp_session->ssrc);
} }
} }
} }
@ -1481,8 +1484,8 @@ SWITCH_DECLARE(void) switch_rtp_destroy(switch_rtp_t **rtp_session)
/* ZRTP */ /* ZRTP */
if (zrtp_on) { if (zrtp_on) {
if ((*rtp_session)->zrtp_ctx != NULL) { if ((*rtp_session)->zrtp_audio_ctx != NULL) {
zrtp_stream_stop((*rtp_session)->zrtp_ctx); zrtp_stream_stop((*rtp_session)->zrtp_audio_ctx);
} }
if (switch_test_flag((*rtp_session), SWITCH_ZRTP_FLAG_SECURE_SEND)) { if (switch_test_flag((*rtp_session), SWITCH_ZRTP_FLAG_SECURE_SEND)) {
@ -2129,7 +2132,7 @@ static int rtp_common_read(switch_rtp_t *rtp_session, switch_payload_t *payload_
unsigned int sbytes = (int) bytes; unsigned int sbytes = (int) bytes;
zrtp_status_t stat = 0; zrtp_status_t stat = 0;
stat = zrtp_process_srtp(rtp_session->zrtp_ctx, (void *)&rtp_session->recv_msg, &sbytes); stat = zrtp_process_srtp(rtp_session->zrtp_audio_ctx, (void *)&rtp_session->recv_msg, &sbytes);
switch (stat) { switch (stat) {
case zrtp_status_ok: case zrtp_status_ok:
@ -2497,17 +2500,42 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp
if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) { if (zrtp_session_info.sas_is_ready) {
frame->extra_data = rtp_session->zrtp_ctx; switch_core_session_t *session = switch_core_memory_pool_get_data(rtp_session->pool, "__session");
switch_set_flag(frame, SFF_ZRTP); switch_channel_t *channel = switch_core_session_get_channel(session);
const char *uuid = switch_channel_get_variable(channel, SWITCH_SIGNAL_BOND_VARIABLE);
if (uuid) {
switch_core_session_t *other_session;
if ((other_session = switch_core_session_locate(uuid))) {
switch_channel_t *other_channel = switch_core_session_get_channel(other_session);
switch_rtp_t *other_rtp_session = switch_channel_get_private(other_channel, "__zrtp_rtp_session");
if (other_rtp_session) {
if (zrtp_status_ok == zrtp_session_get(other_rtp_session->zrtp_session, &zrtp_session_info)) {
if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) { if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) {
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
} else if (zrtp_status_ok == zrtp_resolve_mitm_call(other_rtp_session->zrtp_audio_ctx, rtp_session->zrtp_audio_ctx)) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid, zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
&rtp_session->zrtp_session->peer_zid, zrtp_session_info.sas_is_verified^1); &rtp_session->zrtp_session->peer_zid, zrtp_session_info.sas_is_verified^1);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
}
rtp_session->zrtp_mitm_tries++; rtp_session->zrtp_mitm_tries++;
} }
} }
} }
switch_core_session_rwunlock(other_session);
}
}
}
}
}
#endif #endif
if (bytes < 0) { if (bytes < 0) {
@ -2767,7 +2795,7 @@ static int rtp_common_write(switch_rtp_t *rtp_session,
unsigned int sbytes = (int) bytes; unsigned int sbytes = (int) bytes;
zrtp_status_t stat = zrtp_status_fail; zrtp_status_t stat = zrtp_status_fail;
stat = zrtp_process_rtp(rtp_session->zrtp_ctx, (void*)send_msg, &sbytes); stat = zrtp_process_rtp(rtp_session->zrtp_audio_ctx, (void*)send_msg, &sbytes);
switch (stat) { switch (stat) {
case zrtp_status_ok: case zrtp_status_ok:
@ -2974,19 +3002,44 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
} }
#ifdef ENABLE_ZRTP #ifdef ENABLE_ZRTP
if (zrtp_on && switch_test_flag(frame, SFF_ZRTP) && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND)) { if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND)) {
zrtp_session_info_t zrtp_session_info; zrtp_session_info_t zrtp_session_info;
if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) { if (zrtp_session_info.sas_is_ready) {
switch_core_session_t *session = switch_core_memory_pool_get_data(rtp_session->pool, "__session");
switch_channel_t *channel = switch_core_session_get_channel(session);
const char *uuid = switch_channel_get_variable(channel, SWITCH_SIGNAL_BOND_VARIABLE);
if (uuid) {
switch_core_session_t *other_session;
if ((other_session = switch_core_session_locate(uuid))) {
switch_channel_t *other_channel = switch_core_session_get_channel(other_session);
switch_rtp_t *other_rtp_session = switch_channel_get_private(other_channel, "__zrtp_rtp_session");
if (other_rtp_session) {
if (zrtp_status_ok == zrtp_session_get(other_rtp_session->zrtp_session, &zrtp_session_info)) {
if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) { if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
} else if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) { switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
} else if (zrtp_status_ok == zrtp_resolve_mitm_call(other_rtp_session->zrtp_audio_ctx, rtp_session->zrtp_audio_ctx)) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid, zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
&rtp_session->zrtp_session->peer_zid, zrtp_session_info.sas_is_verified^1); &rtp_session->zrtp_session->peer_zid, zrtp_session_info.sas_is_verified^1);
rtp_session->zrtp_mitm_tries++; rtp_session->zrtp_mitm_tries++;
} }
rtp_session->zrtp_mitm_tries++;
}
}
switch_core_session_rwunlock(other_session);
}
}
} }
} }
} }
@ -3096,7 +3149,7 @@ SWITCH_DECLARE(int) switch_rtp_write_manual(switch_rtp_t *rtp_session,
unsigned int sbytes = (int) bytes; unsigned int sbytes = (int) bytes;
zrtp_status_t stat = zrtp_status_fail; zrtp_status_t stat = zrtp_status_fail;
stat = zrtp_process_rtp(rtp_session->zrtp_ctx, (void*)&rtp_session->write_msg, &sbytes); stat = zrtp_process_rtp(rtp_session->zrtp_audio_ctx, (void*)&rtp_session->write_msg, &sbytes);
switch (stat) { switch (stat) {
case zrtp_status_ok: case zrtp_status_ok: