From bea08a563bb18927fc2afac912fb0653c543ef93 Mon Sep 17 00:00:00 2001
From: Naveen Albert <asterisk@phreaknet.org>
Date: Tue, 26 Oct 2021 00:47:02 +0000
Subject: [PATCH] chan_iax2: Allow both secret and outkey at dial time

Historically, the dial syntax for IAX2 has held that
an outkey (used only for RSA authenticated calls)
and a secret (used only for plain text and MD5 authenticated
calls, historically) were mutually exclusive, and thus
the same position in the dial string was used for both
values.

Now that encryption is possible with RSA authentication,
this poses a limitation, since encryption requires a
secret and RSA authentication requires an outkey. Thus,
the dial syntax is extended so that both a secret and
an outkey can be specified.

The new extended syntax is backwards compatible with the
old syntax. However, a secret can now be specified after
the outkey, or the outkey can be specified after the secret.
This makes it possible to spawn an encrypted RSA authenticated
call without a corresponding peer being predefined in iax.conf.

ASTERISK-29707 #close

Change-Id: I1f8149313ed760169d604afbb07720a8b07dd00e
---
 channels/chan_iax2.c                   | 31 +++++++++++++++++++++-----
 doc/CHANGES-staging/chan_iax2_dial.txt |  4 ++++
 2 files changed, 29 insertions(+), 6 deletions(-)
 create mode 100644 doc/CHANGES-staging/chan_iax2_dial.txt

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 6b27139253..91aa1f7b5f 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -5035,6 +5035,8 @@ reject:
  */
 static void parse_dial_string(char *data, struct parsed_dial_string *pds)
 {
+	char *outkey = NULL;
+
 	if (ast_strlen_zero(data))
 		return;
 
@@ -5057,7 +5059,8 @@ static void parse_dial_string(char *data, struct parsed_dial_string *pds)
 	if (pds->username) {
 		data = pds->username;
 		pds->username = strsep(&data, ":");
-		pds->password = data;
+		pds->password = strsep(&data, ":");
+		outkey = data;
 	}
 
 	data = pds->peer;
@@ -5067,10 +5070,26 @@ static void parse_dial_string(char *data, struct parsed_dial_string *pds)
 	/*
 	 * Check for a key name wrapped in [] in the password position.
 	 * If found, move it to the key field instead.
+	 * Also allow for both key and secret to be specified, now that
+	 * encryption is possible with RSA authentication.
 	 */
-	if (pds->password && (pds->password[0] == '[')) {
+	
+	if (pds->password && (pds->password[0] == '[')) { /* key (then maybe secret) */
 		pds->key = ast_strip_quoted(pds->password, "[", "]");
-		pds->password = NULL;
+		if (ast_strlen_zero(outkey)) {
+			pds->password = NULL;
+			ast_debug(1, "Outkey (%s), no secret\n", pds->key);
+		} else {
+			pds->password = outkey;
+			ast_debug(1, "Outkey (%s) and secret (%s)\n", pds->key, pds->password);
+		}
+	} else if (outkey && (outkey[0] == '[')) { /* secret, then key */
+		pds->key = ast_strip_quoted(outkey, "[", "]");
+		if (ast_strlen_zero(pds->password)) {
+			ast_debug(1, "Outkey (%s), no secret\n", pds->key);
+		} else {
+			ast_debug(1, "Outkey (%s) and secret (%s)\n", pds->key, pds->password);
+		}
 	}
 }
 
@@ -6468,7 +6487,7 @@ static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh,
 	} else {
 		struct ast_iax2_mini_enc_hdr *efh = (struct ast_iax2_mini_enc_hdr *)fh;
 		if (iaxdebug)
-			ast_debug(1, "Decoding mini with length %d\n", *datalen);
+			ast_debug(5, "Decoding mini with length %d\n", *datalen);
 		if (*datalen < 16 + sizeof(struct ast_iax2_mini_hdr))
 			return -1;
 		/* Decrypt */
@@ -6506,7 +6525,7 @@ static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh,
 	} else {
 		struct ast_iax2_mini_enc_hdr *efh = (struct ast_iax2_mini_enc_hdr *)fh;
 		if (iaxdebug)
-			ast_debug(1, "Encoding mini frame with length %d\n", *datalen);
+			ast_debug(5, "Encoding mini frame with length %d\n", *datalen);
 		padding = 16 - ((*datalen - sizeof(struct ast_iax2_mini_enc_hdr)) % 16);
 		padding = 16 + (padding & 0xf);
 		memcpy(workspace, poo, padding);
@@ -11993,7 +12012,7 @@ immediatedial:
 		iaxs[fr->callno]->last = fr->ts;
 #if 1
 		if (iaxdebug)
-			ast_debug(1, "For call=%d, set last=%u\n", fr->callno, fr->ts);
+			ast_debug(3, "For call=%d, set last=%u\n", fr->callno, fr->ts);
 #endif
 	}
 
diff --git a/doc/CHANGES-staging/chan_iax2_dial.txt b/doc/CHANGES-staging/chan_iax2_dial.txt
new file mode 100644
index 0000000000..a95832b0b1
--- /dev/null
+++ b/doc/CHANGES-staging/chan_iax2_dial.txt
@@ -0,0 +1,4 @@
+Subject: chan_iax2
+
+Both a secret and an outkey may be specified at dial time,
+since encryption is possible with RSA authentication.
-- 
GitLab