[asterisk-bugs] [Asterisk 0005413]: [patch] [branch] Secure RTP (SRTP)
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Mar 2 19:15:41 CST 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=5413
======================================================================
Reported By: mikma
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 5413
Category: Channels/chan_sip/NewFeature
Reproducibility: N/A
Severity: feature
Priority: normal
Status: confirmed
Target Version: 1.8
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 48491
Request Review:
======================================================================
Date Submitted: 2005-10-09 10:36 CDT
Last Modified: 2010-03-02 19:15 CST
======================================================================
Summary: [patch] [branch] Secure RTP (SRTP)
Description:
This patch adds initial support for secure RTP using libsrt[1]. It can
be used in for example an implementation of the sdecriptions draft[2].
[1] http://srtp.sourceforge.net/srtp.html
[2]
http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt
Update (17/12/2008): Branch against trunk is located here
http://svn.digium.com/svn/asterisk/team/group/srtp
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0010129 Module SRTP can't loaded
======================================================================
----------------------------------------------------------------------
(0118806) twilson (administrator) - 2010-03-02 19:15
https://issues.asterisk.org/view.php?id=5413#c118806
----------------------------------------------------------------------
notthematrix: the bug that you noticed with grandstreams should be fixed in
the latest srtp_reboot.
If a call comes in with an SRTP offer, it should be encrypted.
If a call is made to a peer that has "encryption=yes" in sip.conf, then
the call will be offered with SRTP and fail otherwise. If it fails, the
HANGUPCAUSE will be 58 (for now) and you can catch the error in the
dialplan and handle it however you wish (play an error, dial a copy of the
peer without encryption enabled, etc.)
You can check whether a channel has encrypted signaling with
CHANNEL(secure_signaling) and CHANNEL(secure_media)
You can force any outgoing request initiated by a channel to have security
features via Set(CHANNEL(secure_bridge_signaling)=1) and
Set(CHANNEL(secure_bridge_media)=1) or clear the necessity by setting them
to 0.
An example of one phone calling another and requesting that the call have
secure signaling and media, but falling back to insecure for failure would
look something like:
; Set secure signaling and media
exten => _600X,1,Set(CHANNEL(secure_bridge_signaling)=1)
exten => _600X,n,Set(CHANNEL(secure_bridge_media)=1)
; Display the seeings for secure signaling and media
exten => _600X,n,NoOp(Bridge signaling:
${CHANNEL(secure_bridge_signaling)})
exten => _600X,n,NoOp(Bridge media: ${CHANNEL(secure_bridge_signaling)})
; Make the outbound dial attempt and check for encryption-related failure
exten => _600X,n,Dial(SIP/${EXTEN})
exten => _600X,n,GotoIf($["${HANGUPCAUSE}" = "58"]?encrypt_fail)
exten => _600X,n,Hangup
; Turn off the encryption requirement and redial
exten => _600X,n(encrypt_fail),Set(CHANNEL(secure_bridge_signaling)=0)
exten => _600X,n,Set(CHANNEL(secure_bridge_media)=0)
exten => _600X,n,Dial(SIP/${EXTEN})
exten => _600X,n,Hangup
Issue History
Date Modified Username Field Change
======================================================================
2010-03-02 19:15 twilson Note Added: 0118806
======================================================================
More information about the asterisk-bugs
mailing list