diff --git a/Makefile.am b/Makefile.am index ccde84fd79..4bdc9f897e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -652,13 +652,14 @@ pristine: git clean -fdx git reset --hard -update-clean: clean libs/openzap/Makefile python-reconf lua-reconf spandsp-reconf +update-clean: clean libs/openzap/Makefile python-reconf lua-reconf spandsp-reconf srtp-reconf cd libs/sofia-sip && $(MAKE) clean cd libs/openzap && $(MAKE) clean cd libs/portaudio && $(MAKE) clean cd libs/speex && $(MAKE) clean cd libs/esl && $(MAKE) clean cd libs/sqlite && $(MAKE) clean + cd libs/srtp && $(MAKE) clean swigall: @echo reswigging all @@ -688,6 +689,10 @@ pa-reconf: cd libs/portaudio && sh ./configure.gnu $(MAKE) mod_portaudio-clean +srtp-reconf: + cd libs/srtp && $(MAKE) clean + cd libs/srtp && sh ./configure.gnu + oz-reconf: cd libs/openzap && $(MAKE) clean cd libs/openzap && autoreconf -fi diff --git a/src/include/switch_rtp.h b/src/include/switch_rtp.h index f14d1ed91e..489d6a3a13 100644 --- a/src/include/switch_rtp.h +++ b/src/include/switch_rtp.h @@ -50,6 +50,7 @@ SWITCH_BEGIN_EXTERN_C #define SWITCH_RTP_KEY_LEN 30 #define SWITCH_RTP_CRYPTO_KEY_32 "AES_CM_128_HMAC_SHA1_32" #define SWITCH_RTP_CRYPTO_KEY_80 "AES_CM_128_HMAC_SHA1_80" +#define SWITCH_RTP_CRYPTO_KEY_8 "AES_GCM_128_8" typedef enum { SWITCH_RTP_CRYPTO_SEND, SWITCH_RTP_CRYPTO_RECV, @@ -63,6 +64,9 @@ typedef enum { AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32, AES_CM_256_HMAC_SHA1_80, + AES_CM_192_HMAC_SHA1_80, + AES_GCM_256_8, + AES_GCM_128_8, AES_CM_128_NULL_AUTH } switch_rtp_crypto_key_type_t; diff --git a/src/switch_core_media.c b/src/switch_core_media.c index 77427fe287..e0830fa0ce 100644 --- a/src/switch_core_media.c +++ b/src/switch_core_media.c @@ -824,6 +824,14 @@ static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh if (ctype == AES_CM_128_HMAC_SHA1_80) { type_str = SWITCH_RTP_CRYPTO_KEY_80; + } else if (ctype == AES_GCM_256_8) { + type_str = SWITCH_RTP_CRYPTO_KEY_8; + } else if (ctype == AES_GCM_128_8) { + type_str = SWITCH_RTP_CRYPTO_KEY_8; + } else if (ctype == AES_CM_256_HMAC_SHA1_80) { + type_str = SWITCH_RTP_CRYPTO_KEY_80; + } else if (ctype == AES_CM_192_HMAC_SHA1_80) { + type_str = SWITCH_RTP_CRYPTO_KEY_80; } else { type_str = SWITCH_RTP_CRYPTO_KEY_32; } @@ -893,6 +901,8 @@ switch_status_t switch_core_media_add_crypto(switch_secure_settings_t *ssec, con type = AES_CM_128_HMAC_SHA1_32; } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_80, strlen(SWITCH_RTP_CRYPTO_KEY_80))) { type = AES_CM_128_HMAC_SHA1_80; + } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_8, strlen(SWITCH_RTP_CRYPTO_KEY_8))) { + type = AES_GCM_128_8; } else { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Parse Error near [%s]\n", p); goto bad; @@ -1037,6 +1047,11 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1); switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type, engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8); + switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 1); + switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type, + engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN); } else { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n"); } @@ -1073,6 +1088,9 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_80, crypto)) { switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_80); switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8); + switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 1); } else { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n"); } @@ -1106,6 +1124,12 @@ SWITCH_DECLARE(void) switch_core_session_check_outgoing_crypto(switch_core_sessi SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0); switch_core_media_build_crypto(session->media_handle, SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0); + } else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_8)) { + switch_channel_set_flag(channel, CF_SECURE); + switch_core_media_build_crypto(session->media_handle, + SWITCH_MEDIA_TYPE_AUDIO, 1, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 0); + switch_core_media_build_crypto(session->media_handle, + SWITCH_MEDIA_TYPE_VIDEO, 1, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 0); } } diff --git a/src/switch_rtp.c b/src/switch_rtp.c index 89426be7ec..116f8e41c9 100644 --- a/src/switch_rtp.c +++ b/src/switch_rtp.c @@ -3049,6 +3049,24 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_crypto_key(switch_rtp_t *rtp_sess } break; + case AES_GCM_256_8: + crypto_policy_set_aes_gcm_256_8_auth(&policy->rtp); + crypto_policy_set_aes_gcm_256_8_auth(&policy->rtcp); + + if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) { + switch_channel_set_variable(channel, "rtp_has_crypto", "AES_GCM_256_8"); + } + break; + + case AES_GCM_128_8: + crypto_policy_set_aes_gcm_128_8_auth(&policy->rtp); + crypto_policy_set_aes_gcm_128_8_auth(&policy->rtcp); + + if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) { + switch_channel_set_variable(channel, "rtp_has_crypto", "AES_GCM_128_8"); + } + break; + case AES_CM_256_HMAC_SHA1_80: crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtp); crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtcp);