From 98235c97645ff81cac4078b97d8f30d06eea1fff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Cr=C3=AAte?= <olivier.crete@collabora.com>
Date: Mon, 23 Feb 2015 14:34:37 -0500
Subject: stream: Add "require-encryption" parameter

If it is set to TRUE, then all buffers will be dropped before
the decryption key is set.

https://bugs.freedesktop.org/show_bug.cgi?id=89288
---
 farstream/fs-stream.c                | 20 ++++++++++++++-
 gst/fsrtpconference/fs-rtp-session.c | 10 +-------
 gst/fsrtpconference/fs-rtp-stream.c  | 49 ++++++++++++++++++++++++++++++++++--
 3 files changed, 67 insertions(+), 12 deletions(-)

diff --git a/farstream/fs-stream.c b/farstream/fs-stream.c
index 481ac596..a2b0734b 100644
--- a/farstream/fs-stream.c
+++ b/farstream/fs-stream.c
@@ -130,7 +130,8 @@ enum
   PROP_DIRECTION,
   PROP_PARTICIPANT,
   PROP_SESSION,
-  PROP_DECRYPTION_PARAMETERS
+  PROP_DECRYPTION_PARAMETERS,
+  PROP_REQUIRE_ENCRYPTION
 };
 
 
@@ -290,6 +291,20 @@ fs_stream_class_init (FsStreamClass *klass)
           GST_TYPE_STRUCTURE,
           G_PARAM_READABLE | G_PARAM_STATIC_STRINGS));
 
+  /**
+   * FsStream:require-encryption:
+   *
+   * If set to TRUE, only encrypted content will be accepted on this
+   * stream.
+   */
+  g_object_class_install_property (gobject_class,
+      PROP_REQUIRE_ENCRYPTION,
+      g_param_spec_boolean ("require-encryption",
+          "Require Encryption",
+          "If TRUE, only encrypted content will be accepted",
+          FALSE,
+          G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
+
   /**
    * FsStream::error:
    * @self: #FsStream that emitted the signal
@@ -376,6 +391,9 @@ fs_stream_get_property (GObject *object,
       g_value_set_boxed (value, NULL);
       /* Not having parameters is valid, in this case set nothing */
       break;
+    case PROP_REQUIRE_ENCRYPTION:
+      g_value_set_boxed (value, FALSE);
+      break;
     default:
       GST_WARNING ("Subclass %s of FsStream does not override the %s property"
           " getter",
diff --git a/gst/fsrtpconference/fs-rtp-session.c b/gst/fsrtpconference/fs-rtp-session.c
index a465cfa0..b040a5cb 100644
--- a/gst/fsrtpconference/fs-rtp-session.c
+++ b/gst/fsrtpconference/fs-rtp-session.c
@@ -5523,15 +5523,7 @@ _srtpdec_request_key (GstElement *srtpdec, guint ssrc, gpointer user_data)
 
   fs_rtp_session_has_disposed_exit (self);
 
-  if (caps)
-    return caps;
-  else
-    return gst_caps_new_simple ("application/x-srtp",
-        "srtp-cipher", G_TYPE_STRING, "null",
-        "srtcp-cipher", G_TYPE_STRING, "null",
-        "srtp-auth", G_TYPE_STRING, "null",
-        "srtcp-auth", G_TYPE_STRING, "null",
-        NULL);
+  return caps;
 }
 
 static gboolean
diff --git a/gst/fsrtpconference/fs-rtp-stream.c b/gst/fsrtpconference/fs-rtp-stream.c
index ebe30f16..a6457d89 100644
--- a/gst/fsrtpconference/fs-rtp-stream.c
+++ b/gst/fsrtpconference/fs-rtp-stream.c
@@ -77,7 +77,8 @@ enum
   PROP_SESSION,
   PROP_RTP_HEADER_EXTENSIONS,
   PROP_DECRYPTION_PARAMETERS,
-  PROP_SEND_RTCP_MUX
+  PROP_SEND_RTCP_MUX,
+  PROP_REQUIRE_ENCRYPTION
 };
 
 struct _FsRtpStreamPrivate
@@ -98,6 +99,7 @@ struct _FsRtpStreamPrivate
 
   /* protected by session lock */
   GstStructure *decryption_parameters;
+  gboolean encrypted;
 
   gulong local_candidates_prepared_handler_id;
   gulong new_active_candidate_pair_handler_id;
@@ -224,6 +226,9 @@ fs_rtp_stream_class_init (FsRtpStreamClass *klass)
   g_object_class_override_property (gobject_class,
                                     PROP_DECRYPTION_PARAMETERS,
                                     "decryption-parameters");
+  g_object_class_override_property (gobject_class,
+                                    PROP_REQUIRE_ENCRYPTION,
+                                    "require-encryption");
 
   g_object_class_install_property (gobject_class,
       PROP_RTP_HEADER_EXTENSIONS,
@@ -475,6 +480,11 @@ fs_rtp_stream_get_property (GObject *object,
         g_value_set_boolean (value, FALSE);
       FS_RTP_SESSION_UNLOCK (session);
       break;
+    case PROP_REQUIRE_ENCRYPTION:
+      FS_RTP_SESSION_LOCK (session);
+      g_value_set_boolean (value, self->priv->encrypted);
+      FS_RTP_SESSION_UNLOCK (session);
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -579,6 +589,28 @@ fs_rtp_stream_set_property (GObject *object,
         }
       }
       break;
+    case PROP_REQUIRE_ENCRYPTION:
+      {
+        FsRtpSession *session = fs_rtp_stream_get_session (self, NULL);
+
+        if (session) {
+          FS_RTP_SESSION_LOCK (session);
+
+          if (self->priv->encrypted != g_value_get_boolean (value))
+          {
+            self->priv->encrypted = g_value_get_boolean (value);
+
+            if (!self->priv->decrypt_clear_locked_cb (self,
+                    self->priv->user_data_for_cb)) {
+              g_warning ("Can't set encryption because srtpdec is not"
+                  " installed");
+              self->priv->encrypted = FALSE;
+            }
+          }
+          FS_RTP_SESSION_UNLOCK (session);
+        }
+      }
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -1492,7 +1524,20 @@ fs_rtp_stream_get_srtp_caps_locked (FsRtpStream *self)
    */
   if (!gst_structure_has_name (self->priv->decryption_parameters,
           "FarstreamSRTP"))
-    return NULL;
+  {
+    /* Return NULL (drop packets) if encrypted, otherwise return
+     * the NULL codec.
+     */
+    if (self->priv->encrypted)
+      return NULL;
+    else
+      return gst_caps_new_simple ("application/x-srtp",
+          "srtp-cipher", G_TYPE_STRING, "null",
+          "srtcp-cipher", G_TYPE_STRING, "null",
+          "srtp-auth", G_TYPE_STRING, "null",
+          "srtcp-auth", G_TYPE_STRING, "null",
+          NULL);
+  }
 
   srtp_cipher = gst_structure_get_string (self->priv->decryption_parameters,
       "rtp-cipher");
-- 
cgit v1.2.1