diff options
| author | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-03-11 17:25:31 +0000 |
|---|---|---|
| committer | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-03-11 17:25:31 +0000 |
| commit | c8544de66ab4ae15e56e53686c09d58adcd01189 (patch) | |
| tree | 397c808b1a774b0423c2acf0992a7444e31c9645 /channels/iax2-parser.h | |
| parent | 39fff2dbb2475e0b9342e567800df53a08a6addd (diff) | |
encrypted IAX2 during packet loss causes decryption to fail on retransmitted frames
If an iax channel is encrypted, and a retransmit frame is sent, that packet's iseqno is updated while it is encrypted. This causes the entire frame to be corrupted. When the corrupted frame is sent, the other side decrypts it and sends a VNAK back because the decrypted frame doesn't make any sense. When we get the VNAK, we look through the sent queue and send the same corrupted frame causing a loop. To fix this, encrypted frames requiring retransmission are decrypted, updated, then re-encrypted. Since key-rotation may change the key held by the pvt struct, the keys used for encryption/decryption are held within the iax_frame to guarantee they remain correct.
(closes issue #14607)
Reported by: stevenla
Tested by: dvossel
Review: http://reviewboard.digium.com/r/192/
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@181340 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels/iax2-parser.h')
| -rw-r--r-- | channels/iax2-parser.h | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/channels/iax2-parser.h b/channels/iax2-parser.h index 0f3e18c00..91da2e427 100644 --- a/channels/iax2-parser.h +++ b/channels/iax2-parser.h @@ -19,6 +19,7 @@ #define _IAX2_PARSER_H #include "asterisk/linkedlists.h" +#include "asterisk/aes.h" struct iax_ies { char *called_number; @@ -86,41 +87,49 @@ struct iax_frame { int sockfd; #endif - /* /Our/ call number */ + /*! /Our/ call number */ unsigned short callno; - /* /Their/ call number */ + /*! /Their/ call number */ unsigned short dcallno; - /* Start of raw frame (outgoing only) */ + /*! Start of raw frame (outgoing only) */ void *data; - /* Length of frame (outgoing only) */ + /*! Length of frame (outgoing only) */ int datalen; - /* How many retries so far? */ + /*! How many retries so far? */ int retries; - /* Outgoing relative timestamp (ms) */ + /*! Outgoing relative timestamp (ms) */ unsigned int ts; - /* How long to wait before retrying */ + /*! How long to wait before retrying */ int retrytime; - /* Are we received out of order? */ + /*! Are we received out of order? */ unsigned int outoforder:1; - /* Have we been sent at all yet? */ + /*! Have we been sent at all yet? */ unsigned int sentyet:1; - /* Non-zero if should be sent to transfer peer */ + /*! Non-zero if should be sent to transfer peer */ unsigned int transfer:1; - /* Non-zero if this is the final message */ + /*! Non-zero if this is the final message */ unsigned int final:1; - /* Ingress or outgres */ + /*! Ingress or outgres */ unsigned int direction:2; - /* Can this frame be cached? */ + /*! Can this frame be cached? */ unsigned int cacheable:1; - /* Outgoing Packet sequence number */ + /*! Outgoing Packet sequence number */ int oseqno; - /* Next expected incoming packet sequence number */ + /*! Next expected incoming packet sequence number */ int iseqno; - /* Retransmission ID */ + /*! Retransmission ID */ int retrans; - /* Easy linking */ + /*! is this packet encrypted or not. if set this varible holds encryption methods*/ + int encmethods; + /*! store encrypt key */ + aes_encrypt_ctx ecx; + /*! store decrypt key which corresponds to ecx */ + aes_decrypt_ctx mydcx; + /*! random data for encryption pad */ + unsigned char semirand[32]; + /*! Easy linking */ AST_LIST_ENTRY(iax_frame) list; - /* Actual, isolated frame header */ + /*! Actual, isolated frame header */ struct ast_frame af; /*! Amount of space _allocated_ for data */ size_t afdatalen; |