Module: sems Branch: master Commit: e92ecf5a179095cd7815e12c188cac5526de4281 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=e92ecf5a179095cd7815e12c188cac5526de4281
Author: Stefan Sayer <[email protected]> Committer: Stefan Sayer <[email protected]> Date: Mon Nov 3 14:04:24 2014 +0100 core:zrtp: fix ZID, double ZRTP initialization; place ZRTP init after onStart --- core/AmRtpStream.cpp | 3 -- core/AmSession.cpp | 23 ++++++------ core/AmZRTP.cpp | 91 ++++++++++++++++++++++++-------------------------- core/etc/zrtp.conf | 6 ++- doc/src/doc_zrtp.h | 4 +- 5 files changed, 62 insertions(+), 65 deletions(-) diff --git a/core/AmRtpStream.cpp b/core/AmRtpStream.cpp index 9ca65af..b7b776f 100644 --- a/core/AmRtpStream.cpp +++ b/core/AmRtpStream.cpp @@ -755,9 +755,6 @@ int AmRtpStream::init(const AmSdp& local, #ifdef WITH_ZRTP if (session && session->enable_zrtp) { - if (session->zrtp_session_state.initSession(session)) - return -1; - session->zrtp_session_state.startStreams(get_ssrc()); } #endif diff --git a/core/AmSession.cpp b/core/AmSession.cpp index 7b77c0e..fd76432 100644 --- a/core/AmSession.cpp +++ b/core/AmSession.cpp @@ -279,15 +279,6 @@ void AmSession::run() { #endif bool AmSession::startup() { -#ifdef WITH_ZRTP - if (enable_zrtp) { - if (zrtp_session_state.initSession(this)) - return -1; - - DBG("initialized ZRTP session context OK\n"); - } -#endif - session_started(); try { @@ -295,6 +286,16 @@ bool AmSession::startup() { onStart(); +#ifdef WITH_ZRTP + if (enable_zrtp) { + if (zrtp_session_state.initSession(this)) { + ERROR("initializing ZRTP session\n"); + throw AmSession::Exception(500, SIP_REPLY_SERVER_INTERNAL_ERROR); + } + DBG("initialized ZRTP session context OK\n"); + } +#endif + } catch(const AmSession::Exception& e){ throw e; } catch(const string& str){ @@ -1322,9 +1323,9 @@ void AmSession::onZRTPProtocolEvent(zrtp_protocol_event_t event, zrtp_stream_t * break; case ZRTP_EVENT_IS_PASSIVE_RESTRICTION: - INFO("ZRTP_EVENT_IS_PASSIVE_RESTRICTION\n"); + INFO("ZRTP_EVENT_IS_PASSIVE_RESTRICTION\n"); break; - + default: INFO("unknown ZRTP_EVENT\n"); break; diff --git a/core/AmZRTP.cpp b/core/AmZRTP.cpp index 43ae222..2496125 100644 --- a/core/AmZRTP.cpp +++ b/core/AmZRTP.cpp @@ -45,7 +45,7 @@ AmMutex AmZRTP::zrtp_cache_mut; zrtp_global_t* AmZRTP::zrtp_global; // persistent storage for libzrtp data zrtp_config_t AmZRTP::zrtp_config; -zrtp_zid_t AmZRTP::zrtp_instance_zid = {"defaultsems"}; // todo: generate one +zrtp_zid_t AmZRTP::zrtp_instance_zid = {"defaultsems"}; // todo: generate one? void zrtp_log(int level, char *data, int len, int offset) { int sems_lvl = L_DBG; @@ -68,25 +68,54 @@ int AmZRTP::init() { } cache_path = cfg.getParameter("cache_path"); - string zid = cfg.getParameter("zid"); - if (zid.length() != sizeof(zrtp_zid_t)) { - ERROR("ZID of this instance MUST be set for ZRTP.\n"); - ERROR("ZID needs to be %lu characters long.\n", - sizeof(zrtp_zid_t)); - return -1; + if (cfg.hasParameter("zid_hex")) { + string zid_hex = cfg.getParameter("zid_hex"); + if (zid_hex.size() != 2*sizeof(zrtp_instance_zid)) { + ERROR("zid_hex config parameter in zrtp.conf must be %lu characters long.\n", + sizeof(zrtp_zid_t)*2); + return -1; + } + + for (size_t i=0;i<sizeof(zrtp_instance_zid);i++) { + unsigned int h; + if (reverse_hex2int(zid_hex.substr(i*2, 2), h)) { + ERROR("in zid_hex in zrtp.conf: '%s' is no hex number\n", zid_hex.substr(i*2, 2).c_str()); + return -1; + } + + zrtp_instance_zid[i]=h % 0xff; + } + + } else if (cfg.hasParameter("zid")) { + string zid = cfg.getParameter("zid"); + WARN("zid parameter in zrtp.conf is only supported for backwards compatibility. Please use zid_hex\n"); + if (zid.length() != sizeof(zrtp_zid_t)) { + ERROR("zid config parameter in zrtp.conf must be %lu characters long.\n", + sizeof(zrtp_zid_t)); + return -1; + } + for (size_t i=0;i<zid.length();i++) + zrtp_instance_zid[i]=zid[i]; + } else { + // generate one + string zid_hex; + for (size_t i=0;i<sizeof(zrtp_instance_zid);i++) { + zrtp_instance_zid[i]=get_random() % 0xff; + zid_hex+=char2hex(zrtp_instance_zid[i], true); + } + + WARN("Generated random ZID. To support key continuity through key cache " + "on the peers, add this to zrtp.conf: 'zid_hex=\"%s\"'", zid_hex.c_str()); } - for (size_t i=0;i<zid.length();i++) - zrtp_instance_zid[i]=zid[i]; - DBG("initializing ZRTP library with ZID '%s', cache path '%s'.\n", - zid.c_str(), cache_path.c_str()); + DBG("initializing ZRTP library with cache path '%s'.\n", cache_path.c_str()); zrtp_config_defaults(&zrtp_config); strcpy(zrtp_config.client_id, SEMS_CLIENT_ID); + memcpy((char*)zrtp_config.zid, (char*)zrtp_instance_zid, sizeof(zrtp_zid_t)); zrtp_config.lic_mode = ZRTP_LICENSE_MODE_UNLIMITED; - strncpy(zrtp_config.cache_file_cfg.cache_path, cache_path.c_str(), 256); @@ -136,11 +165,9 @@ AmZRTPSessionState::AmZRTPSessionState() } int AmZRTPSessionState::initSession(AmSession* session) { + DBG("Initializing ZRTP stream...\n"); - DBG("starting ZRTP stream...\n"); - // - // Allocate zrtp session with default parameters - // + // Allocate zrtp session zrtp_status_t status = zrtp_session_init( AmZRTP::zrtp_global, &zrtp_profile, @@ -154,9 +181,7 @@ int AmZRTPSessionState::initSession(AmSession* session) { // Set call-back pointer to our parent structure zrtp_session_set_userdata(zrtp_session, session); - // - // Attach Audio and Video Streams - // + // Attach audio stream status = zrtp_stream_attach(zrtp_session, &zrtp_audio); if (zrtp_status_ok != status) { // Check error code and debug logs @@ -272,32 +297,4 @@ void AmZRTP::on_zrtp_protocol_event(zrtp_stream_t *stream, zrtp_protocol_event_t sess->postEvent(new AmZRTPProtocolEvent(event, stream)); } -/* -void zrtp_play_alert(zrtp_stream_t* ctx) { - INFO("zrtp_play_alert: ALERT!\n"); - ctx->need_play_alert = zrtp_play_no; -} -*/ - -// #define BUFFER_LOG_SIZE 256 -// void zrtp_print_log(log_level_t level, const char* format, ...) -// { -// char buffer[BUFFER_LOG_SIZE]; -// va_list arg; - -// va_start(arg, format); -// vsnprintf(buffer, BUFFER_LOG_SIZE, format, arg); -// va_end( arg ); -// int sems_lvl = L_ERR; -// switch(level) { -// case ZRTP_LOG_DEBUG: sems_lvl = L_DBG; break; -// case ZRTP_LOG_INFO: sems_lvl = L_INFO; break; -// case ZRTP_LOG_WARNING: sems_lvl = L_WARN; break; -// case ZRTP_LOG_ERROR: sems_lvl = L_ERR; break; -// case ZRTP_LOG_FATAL: sems_lvl = L_ERR; break; -// case ZRTP_LOG_ALL: sems_lvl = L_ERR; break; -// } -// _LOG(sems_lvl, "*** %s", buffer); -// } - #endif diff --git a/core/etc/zrtp.conf b/core/etc/zrtp.conf index 6dc41f4..0b8a71f 100644 --- a/core/etc/zrtp.conf +++ b/core/etc/zrtp.conf @@ -4,9 +4,11 @@ cache_path=zrtp_cache.dat # -# ZID - must be set to a unique identifier on installation. +# ZID - must be set to a unique random identifier on installation. +# if none is provided, a random one will be generated - this should be +# then taken into zrtp.conf to support key continuity. # -#zid=012345678901 +#zid_hex="d4d8bb2d7d3536244cb67598" # random_entropy_bytes - bytes to read from /dev/random to zrtp entropy pool # Warning: can stall the startup process if there's many bytes read. diff --git a/doc/src/doc_zrtp.h b/doc/src/doc_zrtp.h index 909e8b5..7e2aa46 100644 --- a/doc/src/doc_zrtp.h +++ b/doc/src/doc_zrtp.h @@ -1,4 +1,4 @@ -/* \file info about ZRTP usage in SEMS +/* \file info about using ZRTP with SEMS */ /*! @@ -15,7 +15,7 @@ * not supporting it are still possible, but unencrypted. The actual RTP encryption is done with * <a href="http://www.ietf.org/rfc/rfc3711.txt";>SRTP</a>. * - * <p>ZRTP is one of the widest (if not the widest) supported end-to-end encryption methods for VoIP. + * <p>ZRTP is one of the most widely (if not the most widely) supported end-to-end encryption methods for VoIP. * Popular SIP clients that support ZRTP are <a href="http://www.jitsi.org";>Jitsi</a>, CSipSimple, Twinkle, Linphone.</p> * * <p>For more information about ZRTP, see the _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
