diff options
author | Marvin W <git@larma.de> | 2022-02-09 23:52:47 +0100 |
---|---|---|
committer | Marvin W <git@larma.de> | 2022-02-09 23:58:54 +0100 |
commit | 28248607f03bfd3e5fc6b29e0528edfd4f04a601 (patch) | |
tree | da8b17bdf223758306fc300e9b98d6b48218ceb7 /plugins/ice/src/transport_parameters.vala | |
parent | 7718def74d46ee29c64d0fd2c0e84f9776012043 (diff) | |
download | dino-28248607f03bfd3e5fc6b29e0528edfd4f04a601.tar.gz dino-28248607f03bfd3e5fc6b29e0528edfd4f04a601.zip |
DTLS: Handle DTLS fingerprint in transport-info before session-accept
Diffstat (limited to 'plugins/ice/src/transport_parameters.vala')
-rw-r--r-- | plugins/ice/src/transport_parameters.vala | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/plugins/ice/src/transport_parameters.vala b/plugins/ice/src/transport_parameters.vala index fdeebb82..66dde8b1 100644 --- a/plugins/ice/src/transport_parameters.vala +++ b/plugins/ice/src/transport_parameters.vala @@ -160,13 +160,25 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport } } + private bool bytes_equal(uint8[] a1, uint8[] a2) { + return a1.length == a2.length && Memory.cmp(a1, a2, a1.length) == 0; + } + public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError { debug("on_transport_accept from %s", peer_full_jid.to_string()); base.handle_transport_accept(transport); if (dtls_srtp_handler != null && peer_fingerprint != null) { - dtls_srtp_handler.peer_fingerprint = peer_fingerprint; - dtls_srtp_handler.peer_fp_algo = peer_fp_algo; + if (dtls_srtp_handler.peer_fingerprint != null) { + if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) { + warning("Tried to replace certificate fingerprint mid use. We don't allow that."); + peer_fingerprint = dtls_srtp_handler.peer_fingerprint; + peer_fp_algo = dtls_srtp_handler.peer_fp_algo; + } + } else { + dtls_srtp_handler.peer_fingerprint = peer_fingerprint; + dtls_srtp_handler.peer_fp_algo = peer_fp_algo; + } if (peer_setup == "passive") { dtls_srtp_handler.mode = DtlsSrtp.Mode.CLIENT; dtls_srtp_handler.stop_dtls_connection(); @@ -186,6 +198,19 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport debug("on_transport_info from %s", peer_full_jid.to_string()); base.handle_transport_info(transport); + if (dtls_srtp_handler != null && peer_fingerprint != null) { + if (dtls_srtp_handler.peer_fingerprint != null) { + if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) { + warning("Tried to replace certificate fingerprint mid use. We don't allow that."); + peer_fingerprint = dtls_srtp_handler.peer_fingerprint; + peer_fp_algo = dtls_srtp_handler.peer_fp_algo; + } + } else { + dtls_srtp_handler.peer_fingerprint = peer_fingerprint; + dtls_srtp_handler.peer_fp_algo = peer_fp_algo; + } + } + if (!we_want_connection) return; if (remote_ufrag != null && remote_pwd != null && !remote_credentials_set) { |