res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash.
authorJoshua Colp <jcolp@digium.com>
Wed, 1 Oct 2014 16:39:45 +0000 (16:39 +0000)
committerJoshua Colp <jcolp@digium.com>
Wed, 1 Oct 2014 16:39:45 +0000 (16:39 +0000)
During the latest update to DTLS-SRTP support the ability to configure
the hash used for fingerprints was added. This gave us two supported ones:
SHA-1 and SHA-256. The default was accordingly updated to SHA-256.
Unfortunately this configuration ability was not exposed within res_pjsip.
This change adds a dtls_fingerprint option that controls it.

#SIPit31
........

Merged revisions 424290 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 424291 from http://svn.asterisk.org/svn/asterisk/branches/13

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424292 65c4cc65-6c06-0410-ace0-fbb531ad65f3

configs/samples/pjsip.conf.sample
res/res_pjsip.c
res/res_pjsip/pjsip_configuration.c

index 7edff2d..cbc1d7c 100644 (file)
                 ; certificates (default: "")
 ;dtls_setup=    ; Whether we are willing to accept connections connect to the
                 ; other party or both (default: "")
+;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP
+                   ; (default: "SHA-256")
 ;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80
                 ; byte tags (default: "no")
 ;set_var=       ; Variable set on a channel involving the endpoint. For multiple
index a7f6846..e6d0d0c 100644 (file)
                                                </enumlist>
                                        </description>
                                </configOption>
+                               <configOption name="dtls_fingerprint">
+                                       <synopsis>Type of hash to use for the DTLS fingerprint in the SDP.</synopsis>
+                                       <description>
+                                               <para>
+                                                       This option only applies if <replaceable>media_encryption</replaceable> is
+                                                       set to <literal>dtls</literal>.
+                                               </para>
+                                               <enumlist>
+                                                       <enum name="SHA-256"></enum>
+                                                       <enum name="SHA-1"></enum>
+                                               </enumlist>
+                                       </description>
+                               </configOption>
                                <configOption name="srtp_tag_32">
                                        <synopsis>Determines whether 32 byte tags should be used instead of 80 byte tags.</synopsis>
                                        <description><para>
index a5fec86..c3fa43f 100644 (file)
@@ -726,6 +726,20 @@ static int dtlssetup_to_str(const void *obj, const intptr_t *args, char **buf)
        return 0;
 }
 
+static const char *ast_rtp_dtls_fingerprint_map[] = {
+       [AST_RTP_DTLS_HASH_SHA256] = "SHA-256",
+       [AST_RTP_DTLS_HASH_SHA1] = "SHA-1",
+};
+
+static int dtlsfingerprint_to_str(const void *obj, const intptr_t *args, char **buf)
+{
+       const struct ast_sip_endpoint *endpoint = obj;
+       if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.hash, ast_rtp_dtls_fingerprint_map)) {
+               *buf = ast_strdup(ast_rtp_dtls_fingerprint_map[endpoint->media.rtp.dtls_cfg.hash]);
+       }
+       return 0;
+}
+
 static int t38udptl_ec_handler(const struct aco_option *opt,
        struct ast_variable *var, void *obj)
 {
@@ -1738,6 +1752,7 @@ int ast_res_pjsip_initialize_configuration(const struct ast_module_info *ast_mod
        ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_file", "", dtls_handler, dtlscafile_to_str, NULL, 0, 0);
        ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_path", "", dtls_handler, dtlscapath_to_str, NULL, 0, 0);
        ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_setup", "", dtls_handler, dtlssetup_to_str, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_fingerprint", "", dtls_handler, dtlsfingerprint_to_str, NULL, 0, 0);
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "srtp_tag_32", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.srtp_tag_32));
        ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "redirect_method", "user", redirect_handler, NULL, NULL, 0, 0);
        ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "set_var", "", set_var_handler, set_var_to_str, set_var_to_vl, 0, 0);