[asterisk-bugs] [Asterisk 0005413]: [branch] Secure RTP (SRTP)

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Jan 8 19:28:33 CST 2009 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=5413 
====================================================================== 
Reported By:                mikma
Assigned To:                otherwiseguy
====================================================================== 
Project:                    Asterisk
Issue ID:                   5413
Category:                   Channels/chan_sip/NewFeature
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     assigned
Target Version:             1.6.3
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 48491 
Disclaimer on File?:        Yes 
Request Review:              
====================================================================== 
Date Submitted:             2005-10-09 10:36 CDT
Last Modified:              2009-01-08 19:28 CST
====================================================================== 
Summary:                    [branch] Secure RTP (SRTP)
Description: 
This patch adds initial support for secure RTP using libsrt[1]. It can
be used in for example an implementation of the sdecriptions draft[2].

[1] http://srtp.sourceforge.net/srtp.html
[2]
http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt


Update (17/12/2008): Branch against trunk is located here
http://svn.digium.com/svn/asterisk/team/group/srtp
======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0010129 Module SRTP can't loaded
====================================================================== 

---------------------------------------------------------------------- 
 (0097257) otherwiseguy (administrator) - 2009-01-08 19:28
 http://bugs.digium.com/view.php?id=5413#c97257 
---------------------------------------------------------------------- 
I have a post on asterisk-dev (copy available at
http://lists.digium.com/pipermail/asterisk-dev/2009-January/036029.html)
that lists some additions that I have made and have some example dialplans.
 If some of you watching this ticket (that happen to be subscribed to
asterisk-dev) could let me know what you think, I'd appreciate it.

The short version is that I've added the ability for Dial with the
"execute macro for callee" option M() to allow you to play
warnings/notifications just before the two legs of a call are bridged. 
Combine that with using ${CHANNEL(secure_signalling)} and
${CHANNEL(secure_media)} you can control how you handle calls where only
portions of the call may be encrypted, etc.  A short example from the
email:

In this case, we will potentially have only one side of the  
conversation encrypted, but everyone who supports encryption will have  
their leg encrypted.  If you would like to let everyone know the  
status of the encryption across both legs of the call, you could do  
the following:

__extensions.conf__
[default]
exten => _600X,1,NoOp(Everyone that supports encryption will have it!)
exten => _600X,n,Set(_SIPSRTP=${SIPPEER(${EXTEN},srtpcapable)})
exten => _600X,n,Gosub(set-secure,s,1)
exten => _600X,n,Dial(${${EXTEN}_tech}/${EXTEN},,M(check-secure^$ 
{secure}))
exten => _600X,n,Hangup

[macro-check-secure]
exten => s,1,NoOp(Checking for secure signalling and media)
exten => s,n,Gosub(set-secure,s,1)
exten => s,n,Set(announce=${IF($[${secure} & ${ARG1}]?channel- 
secure:channel-insecure-warn)})
exten => s,n,Set(MACRO_RESULT=PLAY_BOTH:${announce})

[set-secure]
exten => s,1,Set(secure=$[${CHANNEL(secure_signalling)} & $ 
{CHANNEL(secure_media)}])
exten => s,n,Return

Here, we define secure as a call that has both secure signalling and  
secure media.  In SIP, this would mean both the transport being TLS  
and the media being encrypted with SRTP.  For IAX, this would be both  
Asterisk and the IAX phone (or other Asterisk box) having negotiated  
encryption.

Anyway, let me know what you think and feel free to get some conversation
going on the asterisk-dev mailing list.  People by and large seem to ignore
the SRTP posts I make there.  It would be nice to see some actual
discussion. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-01-08 19:28 otherwiseguy   Note Added: 0097257                          
======================================================================

More information about the asterisk-bugs mailing list