From 129175e9f66ec1f458362f5086862cf52058b9d0 Mon Sep 17 00:00:00 2001 From: Fabrice Bellet Date: Sun, 14 Jul 2019 22:55:52 +0200 Subject: [PATCH] media: use purple purple_media_set_require_encryption api This patch uses the require-encryption property of the farstream conference element, to block by default the stream at the srtpdec element at creation time, until we know from sdp whether it will be encrypted or not. The installation of the keys in the element unblocks the stream, by processing it through the decoder, else the toggle of the property to "false" also unblocks the stream in "pass through" mode. This patch prevents a crypted stream to pass through the srtpdec element in the short time frame before the crypto elements have been installed, and to reach the rest of the pipeline, causing codec decoder errors where decrypted stream is expected. https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1016 --- src/api/sipe-backend.h | 3 +++ src/core/sipe-media.c | 13 +++++++++++++ src/miranda/miranda-media.c | 8 ++++++++ src/purple/purple-media.c | 13 +++++++++++++ src/telepathy/telepathy-stubs.c | 3 +++ 5 files changed, 40 insertions(+) diff --git a/src/api/sipe-backend.h b/src/api/sipe-backend.h index 2e69a56a..850e4cf2 100644 --- a/src/api/sipe-backend.h +++ b/src/api/sipe-backend.h @@ -457,6 +457,9 @@ void sipe_backend_media_set_encryption_keys(struct sipe_media_call *media, struct sipe_media_stream *stream, const guchar *encryption_key, const guchar *decryption_key); +void sipe_backend_media_set_require_encryption(struct sipe_media_call *media, + struct sipe_media_stream *stream, + const gboolean require_encryption); /* Stream handling */ void sipe_backend_stream_hold(struct sipe_media_call *media, diff --git a/src/core/sipe-media.c b/src/core/sipe-media.c index bbbb20ae..5bfa4468 100644 --- a/src/core/sipe-media.c +++ b/src/core/sipe-media.c @@ -779,6 +779,12 @@ update_call_from_remote_sdp(struct sipe_media_call_private* call_private, SIPE_MEDIA_STREAM_PRIVATE->encryption_key, media->encryption_key); SIPE_MEDIA_STREAM_PRIVATE->encryption_key_id = media->encryption_key_id; + } else { + // We now know that the stream won't be encrypted. + // Allow unencrypted data to pass srtpdec freely + sipe_backend_media_set_require_encryption(SIPE_MEDIA_CALL, + stream, + FALSE); } result = sipe_backend_set_remote_codecs(SIPE_MEDIA_CALL, stream, @@ -1415,6 +1421,13 @@ sipe_media_stream_add(struct sipe_media_call *call, const gchar *id, stream_private->encryption_key[i] = rand() & 0xff; } stream_private->encryption_key_id = 1; + // We don't know yet whether the stream will be + // encrypted or not. Enable the require-encryption + // property at stream creation time anyway, we may + // disable it later if we don't receive encryption keys. + sipe_backend_media_set_require_encryption(call, + SIPE_MEDIA_STREAM, + TRUE); } #endif diff --git a/src/miranda/miranda-media.c b/src/miranda/miranda-media.c index fa673c47..80b866c9 100644 --- a/src/miranda/miranda-media.c +++ b/src/miranda/miranda-media.c @@ -138,6 +138,14 @@ sipe_backend_media_set_encryption_keys(struct sipe_media_call *media, } void +sipe_backend_media_set_require_encryption(struct sipe_media_call *media, + struct sipe_media_stream *stream, + const gboolean require_encryption) +{ + _NIF(); +} + +void sipe_backend_stream_hold(struct sipe_media_call *media, struct sipe_media_stream *stream, gboolean local) diff --git a/src/purple/purple-media.c b/src/purple/purple-media.c index c5f94cc5..28f4709f 100644 --- a/src/purple/purple-media.c +++ b/src/purple/purple-media.c @@ -1092,6 +1092,15 @@ sipe_backend_media_set_encryption_keys(struct sipe_media_call *media, "hmac-sha1-80", (gchar *)decryption_key, SIPE_SRTP_KEY_LEN); } + +void +sipe_backend_media_set_require_encryption(struct sipe_media_call *media, + struct sipe_media_stream *stream, + const gboolean require_encryption) +{ + purple_media_set_require_encryption(media->backend_private->m, + stream->id, media->with, require_encryption); +} #else void sipe_backend_media_set_encryption_keys(SIPE_UNUSED_PARAMETER struct sipe_media_call *media, @@ -1099,6 +1108,10 @@ sipe_backend_media_set_encryption_keys(SIPE_UNUSED_PARAMETER struct sipe_media_c SIPE_UNUSED_PARAMETER const guchar *encryption_key, SIPE_UNUSED_PARAMETER const guchar *decryption_key) {} +sipe_backend_media_set_require_encryption(SIPE_UNUSED_PARAMETER struct sipe_media_call *media, + SIPE_UNUSED_PARAMETER struct sipe_media_stream *stream, + SIPE_UNUSED_PARAMETER const gboolean require_encryption) +{} #endif void sipe_backend_stream_hold(struct sipe_media_call *media, diff --git a/src/telepathy/telepathy-stubs.c b/src/telepathy/telepathy-stubs.c index a9f73183..4cadca12 100644 --- a/src/telepathy/telepathy-stubs.c +++ b/src/telepathy/telepathy-stubs.c @@ -209,6 +209,9 @@ void sipe_backend_media_set_encryption_keys(SIPE_UNUSED_PARAMETER struct sipe_me SIPE_UNUSED_PARAMETER struct sipe_media_stream *stream, SIPE_UNUSED_PARAMETER const guchar *encryption_key, SIPE_UNUSED_PARAMETER const guchar *decryption_key) {} +void sipe_backend_media_set_require_encryption(SIPE_UNUSED_PARAMETER struct sipe_media_call *media, + SIPE_UNUSED_PARAMETER struct sipe_media_stream *stream, + SIPE_UNUSED_PARAMETER const gboolean require_encryption) {} void sipe_backend_stream_hold(SIPE_UNUSED_PARAMETER struct sipe_media_call *media, SIPE_UNUSED_PARAMETER struct sipe_media_stream *stream, SIPE_UNUSED_PARAMETER gboolean local) {} -- 2.11.4.GIT