From: Joshua Colp Date: Wed, 1 Oct 2014 16:39:45 +0000 (+0000) Subject: res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash. X-Git-Tag: 14.0.0-beta1~1609 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=adba2a8d7fd;p=thirdparty%2Fasterisk.git res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash. During the latest update to DTLS-SRTP support the ability to configure the hash used for fingerprints was added. This gave us two supported ones: SHA-1 and SHA-256. The default was accordingly updated to SHA-256. Unfortunately this configuration ability was not exposed within res_pjsip. This change adds a dtls_fingerprint option that controls it. #SIPit31 ........ Merged revisions 424290 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 424291 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424292 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample index 7edff2d396..cbc1d7cee9 100644 --- a/configs/samples/pjsip.conf.sample +++ b/configs/samples/pjsip.conf.sample @@ -610,6 +610,8 @@ ; certificates (default: "") ;dtls_setup= ; Whether we are willing to accept connections connect to the ; other party or both (default: "") +;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP + ; (default: "SHA-256") ;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80 ; byte tags (default: "no") ;set_var= ; Variable set on a channel involving the endpoint. For multiple diff --git a/res/res_pjsip.c b/res/res_pjsip.c index a7f684650c..e6d0d0c48c 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -692,6 +692,19 @@ + + Type of hash to use for the DTLS fingerprint in the SDP. + + + This option only applies if media_encryption is + set to dtls. + + + + + + + Determines whether 32 byte tags should be used instead of 80 byte tags. diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c index a5fec86431..c3fa43faeb 100644 --- a/res/res_pjsip/pjsip_configuration.c +++ b/res/res_pjsip/pjsip_configuration.c @@ -726,6 +726,20 @@ static int dtlssetup_to_str(const void *obj, const intptr_t *args, char **buf) return 0; } +static const char *ast_rtp_dtls_fingerprint_map[] = { + [AST_RTP_DTLS_HASH_SHA256] = "SHA-256", + [AST_RTP_DTLS_HASH_SHA1] = "SHA-1", +}; + +static int dtlsfingerprint_to_str(const void *obj, const intptr_t *args, char **buf) +{ + const struct ast_sip_endpoint *endpoint = obj; + if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.hash, ast_rtp_dtls_fingerprint_map)) { + *buf = ast_strdup(ast_rtp_dtls_fingerprint_map[endpoint->media.rtp.dtls_cfg.hash]); + } + return 0; +} + static int t38udptl_ec_handler(const struct aco_option *opt, struct ast_variable *var, void *obj) { @@ -1738,6 +1752,7 @@ int ast_res_pjsip_initialize_configuration(const struct ast_module_info *ast_mod ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_file", "", dtls_handler, dtlscafile_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_path", "", dtls_handler, dtlscapath_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_setup", "", dtls_handler, dtlssetup_to_str, NULL, 0, 0); + ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_fingerprint", "", dtls_handler, dtlsfingerprint_to_str, NULL, 0, 0); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "srtp_tag_32", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.srtp_tag_32)); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "redirect_method", "user", redirect_handler, NULL, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "set_var", "", set_var_handler, set_var_to_str, set_var_to_vl, 0, 0);