[asterisk-bugs] [Asterisk 0005413]: [branch] Secure RTP (SRTP)
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Jan 9 20:54:10 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=5413
======================================================================
Reported By: mikma
Assigned To: otherwiseguy
======================================================================
Project: Asterisk
Issue ID: 5413
Category: Channels/chan_sip/NewFeature
Reproducibility: N/A
Severity: feature
Priority: normal
Status: assigned
Target Version: 1.6.3
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 48491
Disclaimer on File?: Yes
Request Review:
======================================================================
Date Submitted: 2005-10-09 10:36 CDT
Last Modified: 2009-01-09 20:53 CST
======================================================================
Summary: [branch] Secure RTP (SRTP)
Description:
This patch adds initial support for secure RTP using libsrt[1]. It can
be used in for example an implementation of the sdecriptions draft[2].
[1] http://srtp.sourceforge.net/srtp.html
[2]
http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt
Update (17/12/2008): Branch against trunk is located here
http://svn.digium.com/svn/asterisk/team/group/srtp
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0010129 Module SRTP can't loaded
======================================================================
----------------------------------------------------------------------
(0097410) notthematrix (reporter) - 2009-01-09 20:53
http://bugs.digium.com/view.php?id=5413#c97410
----------------------------------------------------------------------
this is a simple example cryted outgoing call to *69
imstresting thing is that grandstream is sending 2 crypto lines.
while asterisk is just sending 1
hope this helps
<--- SIP read from TLS:92.254.55.200:2049 --->
REGISTER sip:111.222.111.222:5060 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.108:38553;branch=z9hG4bK1328680060;rport;alias
From: <sip:31201234444 at 111.222.111.222:5060>;tag=773952076
To: <sip:31201234444 at 111.222.111.222:5060>
Call-ID: 1944620384-38553-1 at 192.168.1.108
CSeq: 4085 REGISTER
Contact:
<sip:31201234444 at 192.168.1.108:38553;transport=tls>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82131B12>"
Authorization: Digest username="31201234444", realm="asterisk",
nonce="5817c42f", uri="sip:111.222.111.222:5060",
response="2b32e050474413f5b293a54ef0fd90eb", algorithm=MD5
Max-Forwards: 70
User-Agent: Grandstream HT-503 V1.1B 1.0.0.15*
Supported: path
Expires: 60
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER,
UPDATE
Content-Length: 0
<------------->
--- (14 headers 0 lines) ---
Sending to 92.254.55.200 : 2049 (NAT)
mastermetals2*CLI>
<--- Transmitting (NAT) to 92.254.55.200:2049 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS
192.168.1.108:38553;branch=z9hG4bK1328680060;alias;received=92.254.55.200;rport=2049
From: <sip:31201234444 at 111.222.111.222:5060>;tag=773952076
To: <sip:31201234444 at 111.222.111.222:5060>;tag=as6d37965a
Call-ID: 1944620384-38553-1 at 192.168.1.108
CSeq: 4085 REGISTER
Server: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="07eb5f17"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '1944620384-38553-1 at 192.168.1.108' in
32000 ms (Method: REGISTER)
mastermetals2*CLI>
<--- SIP read from TLS:92.254.55.200:2049 --->
REGISTER sip:111.222.111.222:5060 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.108:38553;branch=z9hG4bK341609338;rport;alias
From: <sip:31201234444 at 111.222.111.222:5060>;tag=773952076
To: <sip:31201234444 at 111.222.111.222:5060>
Call-ID: 1944620384-38553-1 at 192.168.1.108
CSeq: 4086 REGISTER
Contact:
<sip:31201234444 at 192.168.1.108:38553;transport=tls>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82131B12>"
Authorization: Digest username="31201234444", realm="asterisk",
nonce="07eb5f17", uri="sip:111.222.111.222:5060",
response="53981646897112ad403fc65054e31049", algorithm=MD5
Max-Forwards: 70
User-Agent: Grandstream HT-503 V1.1B 1.0.0.15*
Supported: path
Expires: 60
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER,
UPDATE
Content-Length: 0
<------------->
--- (14 headers 0 lines) ---
Sending to 92.254.55.200 : 2049 (NAT)
Reliably Transmitting (NAT) to 92.254.55.200:2049:
OPTIONS sip:31201234444 at 192.168.1.108:38553;transport=tls SIP/2.0
Via: SIP/2.0/TLS 187.111.222.48:5060;branch=z9hG4bK57ef7488;rport
Max-Forwards: 70
From: "Unknown" <sip:Unknown at 187.111.222.48:5060>;tag=as569d62cc
To: <sip:31201234444 at 192.168.1.108:38553;transport=tls>
Contact: <sip:Unknown at 187.111.222.48:5060;transport=TLS>
Call-ID: 1350c93d5f862e2c6029fd233808b3e4 at 187.111.222.48
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX
Date: Sat, 10 Jan 2009 02:43:40 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
Content-Length: 0
---
mastermetals2*CLI>
<--- Transmitting (NAT) to 92.254.55.200:2049 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS
192.168.1.108:38553;branch=z9hG4bK341609338;alias;received=92.254.55.200;rport=2049
From: <sip:31201234444 at 111.222.111.222:5060>;tag=773952076
To: <sip:31201234444 at 111.222.111.222:5060>;tag=as6d37965a
Call-ID: 1944620384-38553-1 at 192.168.1.108
CSeq: 4086 REGISTER
Server: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
Expires: 60
Contact: <sip:31201234444 at 192.168.1.108:38553;transport=tls>;expires=60
Date: Sat, 10 Jan 2009 02:43:40 GMT
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '1944620384-38553-1 at 192.168.1.108' in
32000 ms (Method: REGISTER)
mastermetals2*CLI>
<--- SIP read from TLS:92.254.55.200:2049 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS
187.111.222.48:5060;branch=z9hG4bK57ef7488;rport=5060;received=111.222.111.222
From: "Unknown" <sip:Unknown at 187.111.222.48:5060>;tag=as569d62cc
To: <sip:31201234444 at 192.168.1.108:38553;transport=tls>;tag=1156601697
Call-ID: 1350c93d5f862e2c6029fd233808b3e4 at 187.111.222.48
CSeq: 102 OPTIONS
Supported: replaces, path, timer
User-Agent: Grandstream HT-503 V1.1B 1.0.0.15*
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER,
UPDATE
Content-Length: 0
<------------->
--- (10 headers 0 lines) ---
mastermetals2*CLI>
<--- SIP read from TLS:92.254.55.200:2049 --->
INVITE sip:*69 at 111.222.111.222:5060 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.108:38553;branch=z9hG4bK1252606461;rport;alias
From: "31201234444" <sip:31201234444 at 111.222.111.222:5060>;tag=1698805902
To: <sip:*69 at 111.222.111.222:5060>
Call-ID: 2021476396-38553-39 at 192.168.1.108
CSeq: 380 INVITE
Contact: <sip:31201234444 at 192.168.1.108:38553;transport=tls>
Max-Forwards: 70
User-Agent: Grandstream HT-503 V1.1B 1.0.0.15*
Privacy: none
P-Asserted-Identity: "31201234444" <sip:31201234444 at 111.222.111.222:5060>
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER,
UPDATE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 610
v=0
o=31201234444 8000 8000 IN IP4 192.168.1.108
s=SIP Call
c=IN IP4 192.168.1.108
t=0 0
m=audio 45962 RTP/SAVP 0 8 4 18 2 97 103 102 101
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:4 G723/8000
a=rtpmap:18 G729/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=20
a=rtpmap:103 AAL2-G726-40/8000
a=rtpmap:102 G729E/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16,32-36,54
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:9PN7RsLNlxQ1v8PBXHt6Kmzmq2CZz8VinczDwr++
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:rLOxJ/lz9ZGIKlBL66zHZdczS4KT5FFYR+8lCrHk
<------------->
--- (16 headers 21 lines) ---
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Sending to 92.254.55.200 : 2049 (NAT)
Using INVITE request as basis request - 2021476396-38553-39 at 192.168.1.108
Found peer '31201234444' for '31201234444' from 92.254.55.200:2049
<--- Reliably Transmitting (NAT) to 92.254.55.200:2049 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS
192.168.1.108:38553;branch=z9hG4bK1252606461;alias;received=92.254.55.200;rport=2049
From: "31201234444" <sip:31201234444 at 111.222.111.222:5060>;tag=1698805902
To: <sip:*69 at 111.222.111.222:5060>;tag=as7e102d4a
Call-ID: 2021476396-38553-39 at 192.168.1.108
CSeq: 380 INVITE
Server: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="250842ac"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '2021476396-38553-39 at 192.168.1.108'
in 6400 ms (Method: INVITE)
mastermetals2*CLI>
<--- SIP read from TLS:92.254.55.200:2049 --->
ACK sip:*69 at 111.222.111.222:5060 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.108:38553;branch=z9hG4bK1252606461;rport;alias
From: "31201234444" <sip:31201234444 at 111.222.111.222:5060>;tag=1698805902
To: <sip:*69 at 111.222.111.222:5060>;tag=as7e102d4a
Call-ID: 2021476396-38553-39 at 192.168.1.108
CSeq: 380 ACK
Content-Length: 0
<------------->
--- (7 headers 0 lines) ---
mastermetals2*CLI>
<--- SIP read from TLS:92.254.55.200:2049 --->
INVITE sip:*69 at 111.222.111.222:5060 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.108:38553;branch=z9hG4bK183764387;rport;alias
From: "31201234444" <sip:31201234444 at 111.222.111.222:5060>;tag=1698805902
To: <sip:*69 at 111.222.111.222:5060>
Call-ID: 2021476396-38553-39 at 192.168.1.108
CSeq: 381 INVITE
Contact: <sip:31201234444 at 192.168.1.108:38553;transport=tls>
Authorization: Digest username="31201234444", realm="asterisk",
nonce="250842ac", uri="sip:*69 at 111.222.111.222:5060",
response="17a73c6df8187ca057f070f519caf23d", algorithm=MD5
Max-Forwards: 70
User-Agent: Grandstream HT-503 V1.1B 1.0.0.15*
Privacy: none
P-Asserted-Identity: "31201234444" <sip:31201234444 at 111.222.111.222:5060>
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER,
UPDATE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 610
v=0
o=31201234444 8000 8000 IN IP4 192.168.1.108
s=SIP Call
c=IN IP4 192.168.1.108
t=0 0
m=audio 45962 RTP/SAVP 0 8 4 18 2 97 103 102 101
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:4 G723/8000
a=rtpmap:18 G729/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=20
a=rtpmap:103 AAL2-G726-40/8000
a=rtpmap:102 G729E/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16,32-36,54
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:9PN7RsLNlxQ1v8PBXHt6Kmzmq2CZz8VinczDwr++
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:rLOxJ/lz9ZGIKlBL66zHZdczS4KT5FFYR+8lCrHk
<------------->
--- (17 headers 21 lines) ---
Sending to 92.254.55.200 : 2049 (NAT)
Using INVITE request as basis request - 2021476396-38553-39 at 192.168.1.108
Found peer '31201234444' for '31201234444' from 92.254.55.200:2049
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 4
Found RTP audio format 18
Found RTP audio format 2
Found RTP audio format 97
Found RTP audio format 103
Found RTP audio format 102
Found RTP audio format 101
Peer audio RTP is at port 192.168.1.108:45962
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format G723 for ID 4
Found audio description format G729 for ID 18
Found audio description format G726-32 for ID 2
Found audio description format iLBC for ID 97
Found unknown media description format AAL2-G726-40 for ID 103
Found unknown media description format G729E for ID 102
Found audio description format telephone-event for ID 101
Capabilities: us - 0x110f (g723|gsm|ulaw|alaw|g729|g722), peer -
audio=0xd0d (g723|ulaw|alaw|g726|g729|ilbc)/video=0x0 (nothing)/text=0x0
(nothing),
combined - 0x10d (g723|ulaw|alaw|g729)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event), peer - 0x1
(telephone-event), combined - 0x1 (telephone-event)
Peer audio RTP is at port 192.168.1.108:45962
Looking for *69 in klant-31-123-123456 (domain 111.222.111.222)
list_route: hop: <sip:31201234444 at 192.168.1.108:38553;transport=tls>
<--- Transmitting (NAT) to 92.254.55.200:2049 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS
192.168.1.108:38553;branch=z9hG4bK183764387;alias;received=92.254.55.200;rport=2049
From: "31201234444" <sip:31201234444 at 111.222.111.222:5060>;tag=1698805902
To: <sip:*69 at 111.222.111.222:5060>
Call-ID: 2021476396-38553-39 at 192.168.1.108
CSeq: 381 INVITE
Server: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
Contact: <sip:*69 at 187.111.222.48:5060;transport=TLS>
Content-Length: 0
<------------>
-- Executing [*69 at klant-31-123-123456:1]
Goto("SIP/31201234444-71cde4c8", "from-internal,*69,1") in new stack
-- Goto (from-internal,*69,1)
-- Executing [*69 at from-internal:1] Goto("SIP/31201234444-71cde4c8",
"app-calltrace-perform,s,1") in new stack
-- Goto (app-calltrace-perform,s,1)
-- Executing [s at app-calltrace-perform:1]
Answer("SIP/31201234444-71cde4c8", "") in new stack
Audio is at 187.111.222.48 port 19236
Adding codec 0x8 (alaw) to SDP
Adding codec 0x4 (ulaw) to SDP
Adding codec 0x100 (g729) to SDP
Adding codec 0x1 (g723) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Issue History
Date Modified Username Field Change
======================================================================
2009-01-09 20:53 notthematrix Note Added: 0097410
======================================================================
More information about the asterisk-bugs
mailing list