kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-04-22 19:29:54 +00:00
Code Issues Projects Releases Wiki Activity

FS-8281: Expose SRTP and SRTCP crypto keys as channel vars

Browse Source 
New vars are srtp_{local,remote}_crypto_key and srtcp_{local,remote}_crypto_key.
Allows decrypting packet captured media streams for debugging.
This commit is contained in:
Corey Burke 2015-10-02 06:56:51 -07:00
parent fd603e483f
commit 0316fdfcf1
3 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
conf/vanilla/autoload_configs/switch.conf.xml
View File

@ -152,6 +152,12 @@
<param name="rtp-enable-zrtp" value="false"/> <param name="rtp-enable-zrtp" value="false"/>
<!--
Store encryption keys for secure media in channel variables and call CDRs. Default: false.
WARNING: If true, anyone with CDR access can decrypt secure media!
-->
<!-- <param name="rtp-retain-crypto-keys" value="true"/> -->
<!-- <param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'" /> --> <!-- <param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'" /> -->
<!-- <param name="core-db-dsn" value="dsn:username:password" /> --> <!-- <param name="core-db-dsn" value="dsn:username:password" /> -->
<!-- <!--

8
src/switch_core.c
View File

@ -2229,9 +2229,15 @@ static void switch_load_core_config(const char *file)
} else if (!strcasecmp(var, "rtp-enable-zrtp")) { } else if (!strcasecmp(var, "rtp-enable-zrtp")) {
switch_core_set_variable("zrtp_enabled", val); switch_core_set_variable("zrtp_enabled", val);
#endif #endif
} else if (!strcasecmp(var, "switchname") && !zstr(val)) { } else if (!strcasecmp(var, "switchname") && !zstr(val)) {
runtime.switchname = switch_core_strdup(runtime.memory_pool, val); runtime.switchname = switch_core_strdup(runtime.memory_pool, val);
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Set switchname to %s\n", runtime.switchname); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Set switchname to %s\n", runtime.switchname);
} else if (!strcasecmp(var, "rtp-retain-crypto-keys")) {
if (switch_true(val)) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING,
"rtp-retain-crypto-keys enabled. Could be used to decrypt secure media.\n");
}
switch_core_set_variable("rtp_retain_crypto_keys", val);
} }
} }
} }

22
src/switch_rtp.c
View File

@ -3393,11 +3393,33 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_crypto_key(switch_rtp_t *rtp_sess
switch_event_t *fsevent = NULL; switch_event_t *fsevent = NULL;
int idx = 0; int idx = 0;
const char *var; const char *var;
unsigned char b64_key[512] = "";
if (direction >= SWITCH_RTP_CRYPTO_MAX || keylen > SWITCH_RTP_MAX_CRYPTO_LEN) { if (direction >= SWITCH_RTP_CRYPTO_MAX || keylen > SWITCH_RTP_MAX_CRYPTO_LEN) {
return SWITCH_STATUS_FALSE; return SWITCH_STATUS_FALSE;
} }
switch_b64_encode(key, keylen, b64_key, sizeof(b64_key));
if (switch_true(switch_core_get_variable("rtp_retain_crypto_keys"))) {
switch(direction) {
case SWITCH_RTP_CRYPTO_SEND:
switch_channel_set_variable(channel, "srtp_local_crypto_key", (const char *)b64_key);
break;
case SWITCH_RTP_CRYPTO_RECV:
switch_channel_set_variable(channel, "srtp_remote_crypto_key", (const char *)b64_key);
break;
case SWITCH_RTP_CRYPTO_SEND_RTCP:
switch_channel_set_variable(channel, "srtcp_local_crypto_key", (const char *)b64_key);
break;
case SWITCH_RTP_CRYPTO_RECV_RTCP:
switch_channel_set_variable(channel, "srtcp_remote_crypto_key", (const char *)b64_key);
break;
default:
break;
}
}
crypto_key = switch_core_alloc(rtp_session->pool, sizeof(*crypto_key)); crypto_key = switch_core_alloc(rtp_session->pool, sizeof(*crypto_key));
if (direction == SWITCH_RTP_CRYPTO_RECV_RTCP) { if (direction == SWITCH_RTP_CRYPTO_RECV_RTCP) {