From e0cdf74ac5d215e511d39633e5759564d3f00e86 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 26 Apr 2018 08:31:41 -0400 Subject: [PATCH] fix SRTP ROC syncing between kernel and userspace also fixes spurious unkernelized rtcp-mux streams fixes #495 Change-Id: I9ec86ec5ecfffeede367a9aab9168ac32b7a95f3 --- daemon/call.c | 4 ++-- daemon/media_socket.c | 7 +++++-- utils/srtp-debug-helper | 13 +++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/daemon/call.c b/daemon/call.c index cd5dc86b3..9e0b61e41 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -598,7 +598,7 @@ static void call_timer(void *ptr) { if (sink) { mutex_lock(&sink->out_lock); if (sink->crypto.params.crypto_suite && sink->ssrc_out - && ke->target.ssrc == sink->ssrc_out->parent->h.ssrc + && ntohl(ke->target.ssrc) == sink->ssrc_out->parent->h.ssrc && ke->target.encrypt.last_index - sink->ssrc_out->srtp_index > 0x4000) { sink->ssrc_out->srtp_index = ke->target.encrypt.last_index; @@ -609,7 +609,7 @@ static void call_timer(void *ptr) { mutex_lock(&ps->in_lock); if (sfd->crypto.params.crypto_suite && ps->ssrc_in - && ke->target.ssrc == ps->ssrc_in->parent->h.ssrc + && ntohl(ke->target.ssrc) == ps->ssrc_in->parent->h.ssrc && ke->target.decrypt.last_index - ps->ssrc_in->srtp_index > 0x4000) { ps->ssrc_in->srtp_index = ke->target.decrypt.last_index; diff --git a/daemon/media_socket.c b/daemon/media_socket.c index ec04f4b7e..98d920a1c 100644 --- a/daemon/media_socket.c +++ b/daemon/media_socket.c @@ -1475,8 +1475,10 @@ update_peerinfo: mutex_lock(&phc->mp.stream->out_lock); endpoint = phc->mp.stream->endpoint; phc->mp.stream->endpoint = phc->mp.fsin; - if (memcmp(&endpoint, &phc->mp.stream->endpoint, sizeof(endpoint))) + if (memcmp(&endpoint, &phc->mp.stream->endpoint, sizeof(endpoint))) { + phc->unkernelize = 1; phc->update = 1; + } update_addr: mutex_unlock(&phc->mp.stream->out_lock); @@ -1485,6 +1487,7 @@ update_addr: if (phc->mp.stream->selected_sfd && phc->mp.sfd != phc->mp.stream->selected_sfd) { ilog(LOG_INFO, "Switching local interface to %s", endpoint_print_buf(&phc->mp.sfd->socket.local)); phc->mp.stream->selected_sfd = phc->mp.sfd; + phc->unkernelize = 1; phc->update = 1; } @@ -1651,7 +1654,7 @@ static int stream_packet(struct packet_handler_ctx *phc) { if (G_LIKELY(handler_ret >= 0)) handler_ret = media_packet_encrypt(phc); - if (phc->update) // for RTCP packet index updates + if (phc->unkernelize) // for RTCP packet index updates unkernelize(phc->mp.stream); diff --git a/utils/srtp-debug-helper b/utils/srtp-debug-helper index c0c795340..b14f6f85c 100755 --- a/utils/srtp-debug-helper +++ b/utils/srtp-debug-helper @@ -3,12 +3,12 @@ use strict; use warnings; use MIME::Base64; -use SRTP; +use NGCP::Rtpclient::SRTP; -my $cs = $SRTP::crypto_suites{$ARGV[0]} or die; +my $cs = $NGCP::Rtpclient::SRTP::crypto_suites{$ARGV[0]} or die; my $inline_key = $ARGV[1] or die; -my ($key, $salt) = SRTP::decode_inline_base64($inline_key); -my ($skey, $sauth, $ssalt) = SRTP::gen_rtp_session_keys($key, $salt); +my ($key, $salt) = NGCP::Rtpclient::SRTP::decode_inline_base64($inline_key, $cs); +my ($skey, $sauth, $ssalt) = NGCP::Rtpclient::SRTP::gen_rtp_session_keys($key, $salt); print("Master key: " . unpack("H*", $key) . "\n"); print("Master salt: " . unpack("H*", $salt) . "\n"); print("RTP session key: " . unpack("H*", $skey) . "\n"); @@ -25,14 +25,15 @@ else { $pack = pack("H*", $pack); } -my $roc = $ARGV[3] // 0; +my $in_roc = $ARGV[3] // 0; print("Packet length: " . length($pack) . " bytes\n"); -my ($dec, $roc, $tag, $hmac) = SRTP::decrypt_rtp($cs, $skey, $ssalt, $sauth, $roc, $pack); +my ($dec, $out_roc, $tag, $hmac) = NGCP::Rtpclient::SRTP::decrypt_rtp($cs, $skey, $ssalt, $sauth, $in_roc, $pack); print("Auth tag from packet: " . unpack("H*", $tag) . "\n"); print("Computed auth tag: " . unpack("H*", $hmac) . "\n"); print("Decoded packet: " . unpack("H*", $dec) . "\n"); +print("ROC: $out_roc\n");