Add option to leave base64 padding for a=crypto in place

closes #658 Squashed commit (plus docs and minor modification) of: commit 4187cd3b2d Author: Muhammad Zaka <muhammad.zaka@synety.com> Date: Mon Nov 19 18:13:43 2018 +0000 removed unnecessary pad_crypto_def variable commit 5c7b7c0ced Author: Muhammad Zaka <muhammad.zaka@synety.com> Date: Mon Nov 19 17:39:18 2018 +0000 add `pad-crypto` flag to not truncate trailing '==' after base64 encode commit 98bea79902 Author: Muhammad Zaka <muhammad.zaka@synety.com> Date: Fri Nov 16 10:59:47 2018 +0000 crypto containing padding should be sent within sdp for pass through Change-Id: I1f7502f34e9492100e5c3a5a7345319ed996c22c
7 years ago · fb1083f8e3
parent 9b2fe3711f
commit fb1083f8e3
5 changed files with 24 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -1240,6 +1240,13 @@ Optionally included keys are:
 		full-call media block, but also remove directional media blocks that were imposed on
 		individual participants.

+	- `pad crypto`
+
+		RFC 4568 (section 6.1) is somewhat ambiguous regarding the base64 encoding format of
+		`a=crypto` parameters added to an SDP body. The default interpretation is that trailing
+		`=` characters used for padding should be omitted. With this flag set, these padding
+		characters will be left in place.
+
 * `replace`

 	Similar to the `flags` list. Controls which parts of the SDP body should be rewritten.
--- a/daemon/call_interfaces.c
+++ b/daemon/call_interfaces.c
@ -621,6 +621,8 @@ static void call_ng_flags_flags(struct sdp_ng_flags *out, str *s, void *dummy) {
 		out->always_transcode = 1;
 	else if (!str_cmp(s, "asymmetric-codecs"))
 		out->asymmetric_codecs = 1;
+	else if (!str_cmp(s, "pad-crypto"))
+		out->pad_crypto = 1;
 	else {
 		// handle values aliases from other dictionaries
 		if (call_ng_flags_prefix(out, s, "SDES-", ng_sdes_option, NULL))
--- a/daemon/sdp.c
+++ b/daemon/sdp.c
@ -1916,7 +1916,7 @@ static void insert_dtls(struct call_media *media, struct sdp_chopper *chop) {
 	chopper_append_c(chop, "\r\n");
 }

-static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, struct crypto_params_sdes *cps) {
+static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, struct crypto_params_sdes *cps, struct sdp_ng_flags *flags) {
 	char b64_buf[((SRTP_MAX_MASTER_KEY_LEN + SRTP_MAX_MASTER_SALT_LEN) / 3 + 1) * 4 + 4];
 	char *p;
 	int state = 0, save = 0, i;
@ -1933,9 +1933,12 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s
 			cps->params.crypto_suite->master_salt_len, 0,
 			p, &state, &save);
 	p += g_base64_encode_close(0, p, &state, &save);
-	// truncate trailing ==
-	while (p > b64_buf && p[-1] == '=')
-		p--;
+
+	if (!flags->pad_crypto) {
+		// truncate trailing ==
+		while (p > b64_buf && p[-1] == '=')
+			p--;
+	}

 	chopper_append_c(chop, "a=crypto:");
 	chopper_append_printf(chop, "%u ", cps->tag);
@ -1956,9 +1959,9 @@ static void insert_crypto1(struct call_media *media, struct sdp_chopper *chop, s
 		chopper_append_c(chop, " UNAUTHENTICATED_SRTP");
 	chopper_append_c(chop, "\r\n");
 }
-static void insert_crypto(struct call_media *media, struct sdp_chopper *chop) {
+static void insert_crypto(struct call_media *media, struct sdp_chopper *chop, struct sdp_ng_flags *flags) {
 	for (GList *l = media->sdes_out.head; l; l = l->next)
-		insert_crypto1(media, chop, l->data);
+		insert_crypto1(media, chop, l->data, flags);
 }


@ -2116,7 +2119,7 @@ int sdp_replace(struct sdp_chopper *chop, GQueue *sessions, struct call_monologu
 			else
 				ps_rtcp = NULL;

-			insert_crypto(call_media, chop);
+			insert_crypto(call_media, chop, flags);
 			insert_dtls(call_media, chop);

 			if (call_media->ptime)
--- a/include/call_interfaces.h
+++ b/include/call_interfaces.h
@ -70,13 +70,14 @@ struct sdp_ng_flags {
 	    sdes_unauthenticated_srtp:1,
 	    sdes_encrypted_srtp:1,
 	    sdes_encrypted_srtcp:1,
-	    sdes_authenticated_srtp:1;
+	    sdes_authenticated_srtp:1,
+	    pad_crypto:1;
 };

+
 extern int trust_address_def;
 extern int dtls_passive_def;

-
 str *call_request_tcp(char **);
 str *call_lookup_tcp(char **);
 void call_delete_tcp(char **);
--- a/utils/rtpengine-ng-client
+++ b/utils/rtpengine-ng-client
@ -60,6 +60,7 @@ GetOptions(
 	'metadata=s'			=> \$options{'metadata'},
 	'all'				=> \$options{'all'},
 	'address=s'			=> \$options{'address'},
+	'pad-crypto'			=> \$options{'pad crypto'},
 ) or die;

 my $cmd = shift(@ARGV) or die;
@ -72,7 +73,7 @@ for my $x (split(/,/, 'from-tag,to-tag,call-id,transport protocol,media address,
 for my $x (split(/,/, 'TOS,delete-delay')) {
 	defined($options{$x}) and $packet{$x} = $options{$x};
 }
-for my $x (split(/,/, 'trust address,symmetric,asymmetric,force,strict source,media handover,sip source address,reset,port latching,no rtcp attribute,loop protect,record call,always transcode,all')) {
+for my $x (split(/,/, 'trust address,symmetric,asymmetric,force,strict source,media handover,sip source address,reset,port latching,no rtcp attribute,loop protect,record call,always transcode,all,pad crypto')) {
 	defined($options{$x}) and push(@{$packet{flags}}, $x);
 }
 for my $x (split(/,/, 'origin,session connection')) {