From fd426457d70446c203b28f1ec158e3089f7ac9db Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Mon, 27 Apr 2015 14:46:04 -0400
Subject: [PATCH] use SRTP<>SRTP transcoding when crypto parameters differ

---
 daemon/call.c   | 21 +++++++++++++--------
 daemon/crypto.h | 15 +++++++++++++++
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/daemon/call.c b/daemon/call.c
index bdf7668ad..d9b2d7c16 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -260,7 +260,7 @@ static const struct streamhandler *__sh_matrix_in_rtp_savpf[] = {
 	[PROTO_UDP_TLS_RTP_SAVPF]	= &__sh_noop,
 	[PROTO_UDPTL]			= &__sh_noop,
 };
-static const struct streamhandler *__sh_matrix_in_rtp_savp_dtls[] = {
+static const struct streamhandler *__sh_matrix_in_rtp_savp_recrypt[] = {
 	[PROTO_RTP_AVP]			= &__sh_savp2avp,
 	[PROTO_RTP_AVPF]		= &__sh_savp2avp,
 	[PROTO_RTP_SAVP]		= &__sh_savp2savp,
@@ -269,7 +269,7 @@ static const struct streamhandler *__sh_matrix_in_rtp_savp_dtls[] = {
 	[PROTO_UDP_TLS_RTP_SAVPF]	= &__sh_savp2savp,
 	[PROTO_UDPTL]			= &__sh_noop,
 };
-static const struct streamhandler *__sh_matrix_in_rtp_savpf_dtls[] = {
+static const struct streamhandler *__sh_matrix_in_rtp_savpf_recrypt[] = {
 	[PROTO_RTP_AVP]			= &__sh_savpf2avp,
 	[PROTO_RTP_AVPF]		= &__sh_savp2avp,
 	[PROTO_RTP_SAVP]		= &__sh_savpf2savp,
@@ -300,13 +300,13 @@ static const struct streamhandler **__sh_matrix[] = {
 	[PROTO_UDPTL]			= __sh_matrix_noop,
 };
 /* special case for DTLS as we can't pass through SRTP<>SRTP */
-static const struct streamhandler **__sh_matrix_dtls[] = {
+static const struct streamhandler **__sh_matrix_recrypt[] = {
 	[PROTO_RTP_AVP]			= __sh_matrix_in_rtp_avp,
 	[PROTO_RTP_AVPF]		= __sh_matrix_in_rtp_avpf,
-	[PROTO_RTP_SAVP]		= __sh_matrix_in_rtp_savp_dtls,
-	[PROTO_RTP_SAVPF]		= __sh_matrix_in_rtp_savpf_dtls,
-	[PROTO_UDP_TLS_RTP_SAVP]	= __sh_matrix_in_rtp_savp_dtls,
-	[PROTO_UDP_TLS_RTP_SAVPF]	= __sh_matrix_in_rtp_savpf_dtls,
+	[PROTO_RTP_SAVP]		= __sh_matrix_in_rtp_savp_recrypt,
+	[PROTO_RTP_SAVPF]		= __sh_matrix_in_rtp_savpf_recrypt,
+	[PROTO_UDP_TLS_RTP_SAVP]	= __sh_matrix_in_rtp_savp_recrypt,
+	[PROTO_UDP_TLS_RTP_SAVPF]	= __sh_matrix_in_rtp_savpf_recrypt,
 	[PROTO_UDPTL]			= __sh_matrix_noop,
 };
 
@@ -564,7 +564,12 @@ static void determine_handler(struct packet_stream *in, const struct packet_stre
 
 	matrix = __sh_matrix;
 	if (MEDIA_ISSET(in->media, DTLS) || MEDIA_ISSET(out->media, DTLS))
-		matrix = __sh_matrix_dtls;
+		matrix = __sh_matrix_recrypt;
+	else if (in->media->protocol->srtp && out->media->protocol->srtp
+			&& in->sfd && out->sfd
+			&& (crypto_params_cmp(&in->crypto.params, &out->sfd->crypto.params)
+				|| crypto_params_cmp(&out->crypto.params, &in->sfd->crypto.params)))
+		matrix = __sh_matrix_recrypt;
 
 	sh_pp = matrix[in->media->protocol->index];
 	if (!sh_pp)
diff --git a/daemon/crypto.h b/daemon/crypto.h
index 495a8d869..ea27dc006 100644
--- a/daemon/crypto.h
+++ b/daemon/crypto.h
@@ -155,6 +155,21 @@ INLINE void crypto_init(struct crypto_context *c, const struct crypto_params *p)
 	crypto_cleanup(c);
 	crypto_params_copy(&c->params, p);
 }
+INLINE int crypto_params_cmp(const struct crypto_params *a, const struct crypto_params *b) {
+       if (a->crypto_suite != b->crypto_suite)
+               return 1;
+       if (!a->crypto_suite)
+               return 0;
+       if (memcmp(a->master_key, b->master_key, a->crypto_suite->master_key_len))
+               return 1;
+       if (memcmp(a->master_salt, b->master_salt, a->crypto_suite->master_salt_len))
+               return 1;
+       if (a->mki_len != b->mki_len)
+               return 1;
+       if (a->mki_len && memcmp(a->mki, b->mki, a->mki_len))
+               return 1;
+       return 0;
+}