Author: dzzinstant Date: Sun Aug 3 01:07:50 2014 New Revision: 31 URL: http://svn.gna.org/viewcvs/pidgin-zrtp?rev=31&view=rev Log: Add 'require-encryption' option: Drops unencrypted RTP/RTCP packets when enabled; TODO: timeout & cancelling of unencrypted calls
Modified: trunk/patches/README.patches trunk/patches/gstzrtp.diff trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c Modified: trunk/patches/README.patches URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/patches/README.patches?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/patches/README.patches (original) +++ trunk/patches/README.patches Sun Aug 3 01:07:50 2014 @@ -5,7 +5,8 @@ gstzrtp.diff (required) This patch adds functionality that is needed by the Pidgin-ZRTP plugin, but not implemented/activated in the official distribution of GstZRTP: - * sas_verify: Let the client store the authentication status for a peer + * sas-verify: Let the client store the authentication status for a peer + * require-encryption: Never send unencrypted RTP/RTCP packets gstzrtp-new_algos.diff (recommended) The current version of GstZRTP expectsi that some more recent algorithms Modified: trunk/patches/gstzrtp.diff URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/patches/gstzrtp.diff?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/patches/gstzrtp.diff (original) +++ trunk/patches/gstzrtp.diff Sun Aug 3 01:07:50 2014 @@ -1,15 +1,16 @@ -diff -r ba9d3e83d723 -r 6c6631c478d6 src/gstzrtpfilter.c +diff -r ba9d3e83d723 src/gstzrtpfilter.c --- a/src/gstzrtpfilter.c +++ b/src/gstzrtpfilter.c -@@ -130,6 +130,7 @@ +@@ -130,6 +130,8 @@ PROP_MULTI_PARAM, PROP_IS_MULTI, PROP_MULTI_AVAILABLE, + PROP_SAS_VERIFY, ++ PROP_REQUIRE_ENCRYPTION, PROP_LAST, }; -@@ -219,6 +220,7 @@ +@@ -219,6 +221,7 @@ static gboolean zrtp_initialize(GstZrtpFilter* filter, const gchar *zidFilename, gboolean autoEnable); static void zrtp_filter_startZrtp(GstZrtpFilter *zrtp); static void zrtp_filter_stopZrtp(GstZrtpFilter *zrtp); @@ -17,7 +18,7 @@ /* Forward declaration of the ZRTP specific callback functions that this adapter must implement */ -@@ -541,6 +543,11 @@ +@@ -541,6 +544,15 @@ g_param_spec_boolean("multi-available", "MultiAvailable", "Check if master session supports multi-stream mode.", FALSE, G_PARAM_READABLE)); @@ -25,21 +26,68 @@ + g_param_spec_boolean("sas-verify", "Local SAS verify", + "Sets/Resets the local SAS verify flag.", + FALSE, G_PARAM_WRITABLE)); ++ g_object_class_install_property(gobject_class, PROP_REQUIRE_ENCRYPTION, ++ g_param_spec_boolean("require-encryption", "Drop clear RTP packets", ++ "If TRUE, clear RTP packets will not be sent.", ++ FALSE, G_PARAM_WRITABLE)); + /** * GstZrtpFilter::status: * @zrtpfilter: the zrtpfilter instance -@@ -794,6 +801,9 @@ +@@ -694,6 +706,7 @@ + filter->localSSRC = 0; + filter->peerSSRC = 0; + filter->gotMultiParam = FALSE; ++ filter->requireEncryption = FALSE; + + // TODO: caps setter, getter checks? + // Initialize the receive (upstream) RTP data path +@@ -794,6 +807,14 @@ GST_DEBUG("%p, length: %d", mspArr->data, mspArr->len); zrtp_setMultiStrParams(filter->zrtpCtx, (char*)mspArr->data, mspArr->len); break; + case PROP_SAS_VERIFY: ++ GST_DEBUG("%s", g_value_get_boolean(value) ? "TRUE" : "FALSE"); + zrtp_sas_verify(filter, g_value_get_boolean(value)); ++ break; ++ case PROP_REQUIRE_ENCRYPTION: ++ GST_DEBUG("%s", g_value_get_boolean(value) ? "TRUE" : "FALSE"); ++ filter->requireEncryption = g_value_get_boolean(value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; -@@ -1132,6 +1142,15 @@ +@@ -985,7 +1006,13 @@ + + if (zrtp->srtpSend == NULL) { + GST_TRACE_OBJECT(zrtp, "Received downstream RTP buffer - SRTP inactive"); +- rc = gst_pad_push (zrtp->send_rtp_src, gstBuf); ++ if (!zrtp->requireEncryption) { ++ rc = gst_pad_push (zrtp->send_rtp_src, gstBuf); ++ } else { // Drop buffer ++ GST_DEBUG_OBJECT(zrtp, "Clear RTP packet dropped - encryption required!"); ++ rc = GST_FLOW_OK; ++ gst_buffer_unref(gstBuf); ++ } + } + else { + rc = zsrtp_protect(zrtp->srtpSend, gstBuf); +@@ -1039,7 +1066,13 @@ + + if (zrtp->srtcpSend == NULL) { + GST_TRACE_OBJECT(zrtp, "Received downstream RTCP buffer - SRTP inactive"); +- rc = gst_pad_push (zrtp->send_rtcp_src, gstBuf); ++ if (!zrtp->requireEncryption) { ++ rc = gst_pad_push (zrtp->send_rtcp_src, gstBuf); ++ } else { // Drop buffer ++ GST_DEBUG_OBJECT(zrtp, "Clear RTCP packet dropped - encryption required!"); ++ rc = GST_FLOW_OK; ++ gst_buffer_unref(gstBuf); ++ } + } + else { + rc = zsrtp_protectCtrl(zrtp->srtcpSend, gstBuf); +@@ -1132,6 +1165,15 @@ } static @@ -55,3 +103,14 @@ gboolean timer_callback(GstClock *clock, GstClockTime time, GstClockID id, gpointer userData) { +diff -r ba9d3e83d723 src/gstzrtpfilter.h +--- a/src/gstzrtpfilter.h ++++ b/src/gstzrtpfilter.h +@@ -310,6 +310,7 @@ + gboolean started; + gboolean close_slave; + gboolean mitmMode; ++ gboolean requireEncryption; + + }; + Modified: trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c (original) +++ trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c Sun Aug 3 01:07:50 2014 @@ -582,8 +582,9 @@ self, participant, opts, zrtpcall); g_object_set(G_OBJECT(zrtpcall), - "enable", (opts & PURPLE_ENCRYPT_OPT_ENABLE) != 0, - "initialize", (opts & PURPLE_ENCRYPT_OPT_INITIATE) != 0, + "require-encryption", (opts & PURPLE_ENCRYPT_OPT_REQUIRE) != 0, + "enable", (opts & PURPLE_ENCRYPT_OPT_ENABLE) != 0, + "initialize", (opts & PURPLE_ENCRYPT_OPT_INITIATE) != 0, NULL); return TRUE; } Modified: trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c (original) +++ trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c Sun Aug 3 01:07:50 2014 @@ -63,9 +63,9 @@ _("Encrypt options"), options); purple_request_field_choice_add(field, "use global settings"); purple_request_field_choice_add(field, "disabled"); - // purple_request_field_choice_add(field, "enabled when requested"); + purple_request_field_choice_add(field, "enabled when requested [FIXME]"); purple_request_field_choice_add(field, "enabled automatically"); - // purple_request_field_choice_add(field, "required, cancel unencrypted calls"); + purple_request_field_choice_add(field, "required [TODO: cancel unencrypted calls]"); purple_request_field_group_add_field(group, field); request = purple_request_fields_new(); @@ -174,7 +174,7 @@ purple_plugin_pref_add_choice(ppref, "disabled", GINT_TO_POINTER(1)); // purple_plugin_pref_add_choice(ppref, "enabled when requested", GINT_TO_POINTER(2)); purple_plugin_pref_add_choice(ppref, "enabled automatically", GINT_TO_POINTER(3)); - // purple_plugin_pref_add_choice(ppref, "required, cancel unencrypted calls", GINT_TO_POINTER(4)); + purple_plugin_pref_add_choice(ppref, "required [cancel unencrypted calls]", GINT_TO_POINTER(4)); purple_plugin_pref_frame_add(frame, ppref); return frame; Modified: trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c (original) +++ trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c Sun Aug 3 01:07:50 2014 @@ -83,6 +83,7 @@ gboolean do_enable; gboolean do_initialize; gboolean local_verified; + gboolean require_encryption; GstElement *zrtpmaster; GHashTable *channels; @@ -98,6 +99,7 @@ PROP_INITIALIZE, PROP_ZRTPMASTER, PROP_LOCALVERIFIED, + PROP_REQUIRE_ENCRYPTION, PROP_LAST }; @@ -295,6 +297,7 @@ priv->filters_pending = NULL; priv->zrtpmaster = NULL; priv->cachename = NULL; + priv->require_encryption = FALSE; set_state(self, ZRTPSTATE_INIT); } @@ -375,6 +378,9 @@ case PROP_LOCALVERIFIED: priv->local_verified = g_value_get_boolean(value); set_local_verified(self, priv->local_verified); + break; + case PROP_REQUIRE_ENCRYPTION: + priv->require_encryption = g_value_get_boolean(value); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID( @@ -474,6 +480,12 @@ "the peer's authenticity", FALSE, G_PARAM_READWRITE)); + g_object_class_install_property(gobject_class, PROP_REQUIRE_ENCRYPTION, + g_param_spec_boolean("require-encryption", + "Only send encrypted RTP packets", + "If TRUE: RTP packets of this ZrtpCall must be encrypted", + FALSE, + G_PARAM_WRITABLE)); // zrtp_call_signals[S_ERROR] = // g_signal_new("error", G_TYPE_FROM_CLASS(klass), @@ -639,7 +651,8 @@ if (self->zrtp_state == ZRTPSTATE_INIT) { /* Only first zrtpfilter may start negotiation */ g_object_set(G_OBJECT(zrtpfilter), - "cache-name", priv->cachename, + "cache-name", priv->cachename, + "require-encryption", priv->require_encryption, "enable", priv->do_enable, "initialize", priv->do_initialize, NULL); @@ -647,6 +660,7 @@ } else { g_object_set(G_OBJECT(zrtpfilter), "cache-name", priv->cachename, + "require-encryption", priv->require_encryption, "enable", priv->do_enable, "initialize", FALSE, NULL); Modified: trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c URL: http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c?rev=31&r1=30&r2=31&view=diff ============================================================================== --- trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c (original) +++ trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c Sun Aug 3 01:07:50 2014 @@ -512,7 +512,6 @@ g_object_add_weak_pointer(G_OBJECT(priv->fsconference), (gpointer*) &priv->fsconference); - gst_debug_set_threshold_for_name ("zrtpfilter", GST_LEVEL_LOG); break; case PROP_PIPELINE: _______________________________________________ Pidgin-zrtp-commits mailing list Pidgin-zrtp-commits@gna.org https://mail.gna.org/listinfo/pidgin-zrtp-commits