Author: dzzinstant
Date: Sun Aug 3 01:07:50 2014
New Revision: 31
URL: http://svn.gna.org/viewcvs/pidgin-zrtp?rev=31&view=rev
Log:
Add 'require-encryption' option: Drops unencrypted RTP/RTCP packets when
enabled; TODO: timeout & cancelling of unencrypted calls
Modified:
trunk/patches/README.patches
trunk/patches/gstzrtp.diff
trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c
trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c
trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c
trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c
Modified: trunk/patches/README.patches
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/patches/README.patches?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/patches/README.patches (original)
+++ trunk/patches/README.patches Sun Aug 3 01:07:50 2014
@@ -5,7 +5,8 @@
gstzrtp.diff (required)
This patch adds functionality that is needed by the Pidgin-ZRTP plugin,
but not implemented/activated in the official distribution of GstZRTP:
- * sas_verify: Let the client store the authentication status for a peer
+ * sas-verify: Let the client store the authentication status for a peer
+ * require-encryption: Never send unencrypted RTP/RTCP packets
gstzrtp-new_algos.diff (recommended)
The current version of GstZRTP expectsi that some more recent algorithms
Modified: trunk/patches/gstzrtp.diff
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/patches/gstzrtp.diff?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/patches/gstzrtp.diff (original)
+++ trunk/patches/gstzrtp.diff Sun Aug 3 01:07:50 2014
@@ -1,15 +1,16 @@
-diff -r ba9d3e83d723 -r 6c6631c478d6 src/gstzrtpfilter.c
+diff -r ba9d3e83d723 src/gstzrtpfilter.c
--- a/src/gstzrtpfilter.c
+++ b/src/gstzrtpfilter.c
-@@ -130,6 +130,7 @@
+@@ -130,6 +130,8 @@
PROP_MULTI_PARAM,
PROP_IS_MULTI,
PROP_MULTI_AVAILABLE,
+ PROP_SAS_VERIFY,
++ PROP_REQUIRE_ENCRYPTION,
PROP_LAST,
};
-@@ -219,6 +220,7 @@
+@@ -219,6 +221,7 @@
static gboolean zrtp_initialize(GstZrtpFilter* filter, const gchar
*zidFilename, gboolean autoEnable);
static void zrtp_filter_startZrtp(GstZrtpFilter *zrtp);
static void zrtp_filter_stopZrtp(GstZrtpFilter *zrtp);
@@ -17,7 +18,7 @@
/* Forward declaration of the ZRTP specific callback functions that this
adapter must implement */
-@@ -541,6 +543,11 @@
+@@ -541,6 +544,15 @@
g_param_spec_boolean("multi-available",
"MultiAvailable",
"Check if master
session supports multi-stream mode.",
FALSE,
G_PARAM_READABLE));
@@ -25,21 +26,68 @@
+ g_param_spec_boolean("sas-verify", "Local
SAS verify",
+
"Sets/Resets the local SAS verify flag.",
+ FALSE,
G_PARAM_WRITABLE));
++ g_object_class_install_property(gobject_class, PROP_REQUIRE_ENCRYPTION,
++
g_param_spec_boolean("require-encryption", "Drop clear RTP packets",
++ "If TRUE, clear RTP packets will
not be sent.",
++ FALSE,
G_PARAM_WRITABLE));
+
/**
* GstZrtpFilter::status:
* @zrtpfilter: the zrtpfilter instance
-@@ -794,6 +801,9 @@
+@@ -694,6 +706,7 @@
+ filter->localSSRC = 0;
+ filter->peerSSRC = 0;
+ filter->gotMultiParam = FALSE;
++ filter->requireEncryption = FALSE;
+
+ // TODO: caps setter, getter checks?
+ // Initialize the receive (upstream) RTP data path
+@@ -794,6 +807,14 @@
GST_DEBUG("%p, length: %d", mspArr->data, mspArr->len);
zrtp_setMultiStrParams(filter->zrtpCtx, (char*)mspArr->data,
mspArr->len);
break;
+ case PROP_SAS_VERIFY:
++ GST_DEBUG("%s", g_value_get_boolean(value) ? "TRUE" : "FALSE");
+ zrtp_sas_verify(filter, g_value_get_boolean(value));
++ break;
++ case PROP_REQUIRE_ENCRYPTION:
++ GST_DEBUG("%s", g_value_get_boolean(value) ? "TRUE" : "FALSE");
++ filter->requireEncryption = g_value_get_boolean(value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
-@@ -1132,6 +1142,15 @@
+@@ -985,7 +1006,13 @@
+
+ if (zrtp->srtpSend == NULL) {
+ GST_TRACE_OBJECT(zrtp, "Received downstream RTP buffer - SRTP
inactive");
+- rc = gst_pad_push (zrtp->send_rtp_src, gstBuf);
++ if (!zrtp->requireEncryption) {
++ rc = gst_pad_push (zrtp->send_rtp_src, gstBuf);
++ } else { // Drop buffer
++ GST_DEBUG_OBJECT(zrtp, "Clear RTP packet dropped - encryption
required!");
++ rc = GST_FLOW_OK;
++ gst_buffer_unref(gstBuf);
++ }
+ }
+ else {
+ rc = zsrtp_protect(zrtp->srtpSend, gstBuf);
+@@ -1039,7 +1066,13 @@
+
+ if (zrtp->srtcpSend == NULL) {
+ GST_TRACE_OBJECT(zrtp, "Received downstream RTCP buffer - SRTP
inactive");
+- rc = gst_pad_push (zrtp->send_rtcp_src, gstBuf);
++ if (!zrtp->requireEncryption) {
++ rc = gst_pad_push (zrtp->send_rtcp_src, gstBuf);
++ } else { // Drop buffer
++ GST_DEBUG_OBJECT(zrtp, "Clear RTCP packet dropped - encryption
required!");
++ rc = GST_FLOW_OK;
++ gst_buffer_unref(gstBuf);
++ }
+ }
+ else {
+ rc = zsrtp_protectCtrl(zrtp->srtcpSend, gstBuf);
+@@ -1132,6 +1165,15 @@
}
static
@@ -55,3 +103,14 @@
gboolean timer_callback(GstClock *clock, GstClockTime time,
GstClockID id, gpointer userData)
{
+diff -r ba9d3e83d723 src/gstzrtpfilter.h
+--- a/src/gstzrtpfilter.h
++++ b/src/gstzrtpfilter.h
+@@ -310,6 +310,7 @@
+ gboolean started;
+ gboolean close_slave;
+ gboolean mitmMode;
++ gboolean requireEncryption;
+
+ };
+
Modified: trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c (original)
+++ trunk/src/pidgin-plugin/simplezrtp/encrypt-backend-zrtp.c Sun Aug 3
01:07:50 2014
@@ -582,8 +582,9 @@
self, participant, opts, zrtpcall);
g_object_set(G_OBJECT(zrtpcall),
- "enable", (opts & PURPLE_ENCRYPT_OPT_ENABLE) != 0,
- "initialize", (opts & PURPLE_ENCRYPT_OPT_INITIATE) != 0,
+ "require-encryption", (opts &
PURPLE_ENCRYPT_OPT_REQUIRE) != 0,
+ "enable", (opts &
PURPLE_ENCRYPT_OPT_ENABLE) != 0,
+ "initialize", (opts &
PURPLE_ENCRYPT_OPT_INITIATE) != 0,
NULL);
return TRUE;
}
Modified: trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c (original)
+++ trunk/src/pidgin-plugin/simplezrtp/simplezrtp.c Sun Aug 3 01:07:50 2014
@@ -63,9 +63,9 @@
_("Encrypt options"), options);
purple_request_field_choice_add(field, "use global settings");
purple_request_field_choice_add(field, "disabled");
- // purple_request_field_choice_add(field, "enabled when requested");
+ purple_request_field_choice_add(field, "enabled when requested
[FIXME]");
purple_request_field_choice_add(field, "enabled automatically");
- // purple_request_field_choice_add(field, "required, cancel unencrypted
calls");
+ purple_request_field_choice_add(field, "required [TODO: cancel
unencrypted calls]");
purple_request_field_group_add_field(group, field);
request = purple_request_fields_new();
@@ -174,7 +174,7 @@
purple_plugin_pref_add_choice(ppref, "disabled", GINT_TO_POINTER(1));
// purple_plugin_pref_add_choice(ppref, "enabled when requested",
GINT_TO_POINTER(2));
purple_plugin_pref_add_choice(ppref, "enabled automatically",
GINT_TO_POINTER(3));
- // purple_plugin_pref_add_choice(ppref, "required, cancel unencrypted
calls", GINT_TO_POINTER(4));
+ purple_plugin_pref_add_choice(ppref, "required [cancel unencrypted
calls]", GINT_TO_POINTER(4));
purple_plugin_pref_frame_add(frame, ppref);
return frame;
Modified: trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c (original)
+++ trunk/src/pidgin-plugin/simplezrtp/zrtp-call.c Sun Aug 3 01:07:50 2014
@@ -83,6 +83,7 @@
gboolean do_enable;
gboolean do_initialize;
gboolean local_verified;
+ gboolean require_encryption;
GstElement *zrtpmaster;
GHashTable *channels;
@@ -98,6 +99,7 @@
PROP_INITIALIZE,
PROP_ZRTPMASTER,
PROP_LOCALVERIFIED,
+ PROP_REQUIRE_ENCRYPTION,
PROP_LAST
};
@@ -295,6 +297,7 @@
priv->filters_pending = NULL;
priv->zrtpmaster = NULL;
priv->cachename = NULL;
+ priv->require_encryption = FALSE;
set_state(self, ZRTPSTATE_INIT);
}
@@ -375,6 +378,9 @@
case PROP_LOCALVERIFIED:
priv->local_verified = g_value_get_boolean(value);
set_local_verified(self, priv->local_verified);
+ break;
+ case PROP_REQUIRE_ENCRYPTION:
+ priv->require_encryption = g_value_get_boolean(value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(
@@ -474,6 +480,12 @@
"the peer's authenticity",
FALSE,
G_PARAM_READWRITE));
+ g_object_class_install_property(gobject_class, PROP_REQUIRE_ENCRYPTION,
+ g_param_spec_boolean("require-encryption",
+ "Only send encrypted RTP packets",
+ "If TRUE: RTP packets of this ZrtpCall must be
encrypted",
+ FALSE,
+ G_PARAM_WRITABLE));
// zrtp_call_signals[S_ERROR] =
// g_signal_new("error", G_TYPE_FROM_CLASS(klass),
@@ -639,7 +651,8 @@
if (self->zrtp_state == ZRTPSTATE_INIT) {
/* Only first zrtpfilter may start negotiation */
g_object_set(G_OBJECT(zrtpfilter),
- "cache-name", priv->cachename,
+ "cache-name", priv->cachename,
+ "require-encryption", priv->require_encryption,
"enable", priv->do_enable,
"initialize", priv->do_initialize,
NULL);
@@ -647,6 +660,7 @@
} else {
g_object_set(G_OBJECT(zrtpfilter),
"cache-name", priv->cachename,
+ "require-encryption", priv->require_encryption,
"enable", priv->do_enable,
"initialize", FALSE,
NULL);
Modified: trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c
URL:
http://svn.gna.org/viewcvs/pidgin-zrtp/trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c?rev=31&r1=30&r2=31&view=diff
==============================================================================
--- trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c (original)
+++ trunk/src/pidgin-plugin/simplezrtp/zrtp-conference.c Sun Aug 3
01:07:50 2014
@@ -512,7 +512,6 @@
g_object_add_weak_pointer(G_OBJECT(priv->fsconference),
(gpointer*) &priv->fsconference);
- gst_debug_set_threshold_for_name ("zrtpfilter",
GST_LEVEL_LOG);
break;
case PROP_PIPELINE:
_______________________________________________
Pidgin-zrtp-commits mailing list
Pidgin-zrtp-commits@gna.org
https://mail.gna.org/listinfo/pidgin-zrtp-commits
