[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Feb 18 11:59:14 CST 2011 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18674 
====================================================================== 
Reported By:                bbeers
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18674
Category:                   Channels/chan_sip/SRTP
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 303637 
Request Review:              
====================================================================== 
Date Submitted:             2011-01-25 09:56 CST
Last Modified:              2011-02-18 11:59 CST
====================================================================== 
Summary:                    [patch] Unable to choose which SRTP suite to offer
Description: 
Setting encryption=yes in sip.conf will cause asterisk to
 generate a line in SIP INVITE SDP:

 a=crypto: AES_CM_128_HMAC_SHA1_80 ...

There is no way to specify that asterisk should offer
 AES_CM_128_HMAC_SHA1_32 instead of
 AES_CM_128_HMAC_SHA1_80.

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0018187 Indicate SRTP + Feature reqest
====================================================================== 

---------------------------------------------------------------------- 
 (0132150) andrewhack (reporter) - 2011-02-18 11:59
 https://issues.asterisk.org/view.php?id=18674#c132150 
---------------------------------------------------------------------- 
bberrs: this is my conf:
[fixed-phone](!)
encryption=aes_32
srtpcapable=yes
transport=tls
host=dynamic
directmedia=no
nat=no
canreinvite=no
outgoinglimit=1
incominglimit=2

[mobile-phone](!)
encryption=aes_80
srtpcapable=yes
transport=tls
host=dynamic
directmedia=no
nat=no
canreinvite=no
outgoinglimit=1
incominglimit=2

[66666](mobile-phone)
type=friend
context=securecallnet
defaultuser=66666
callerid=66666
secret=000000
mailbox=66666
amaflags=default
accountcode=itcom

[77777](fixed-phone)
type=friend
context=securecallnet
defaultuser=77777
callerid=77777
secret=000000
mailbox=77777
amaflags=default
accountcode=itcom


I din't try encryption=no. Actually I reverted back to 1.8.2.2 and
05.patch - I am sorry, I reverted immediately after my post and can't
provide SIP trace now.

Now everything, from SIP trace point of view, looks good but wireshark
shows plain packets.
This is the SIP trace from 1.8.2.2 and 05.patch:
<--- SIP read from TLS:10.0.0.87:32824 --->
INVITE sips:11111 at 192.168.5.210 SIP/2.0
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK4ktmlhhpfphc6r9v071k4t1;rport
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>
Contact: <sips:P_C1uMG4BIAVypRQIfLt at 10.0.0.87:5061>
Supported: precondition,100rel,timer
CSeq: 782 INVITE
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
User-Agent: Nokia RM-469 052.003 (en)
Expires: 120
Privacy: None
Session-Expires: 1800
Max-Forwards: 70
Content-Type: application/sdp
Accept-Language: en
Content-Length: 756

v=0
o=66666 63466315031581125 63466315031581125 IN IP4 10.0.0.87
s=-
c=IN IP4 10.0.0.87
t=0 0
m=audio 10000 RTP/SAVP 100 96 0 8 97 18 98 13
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:d2wwa2o2ZWlMbE5mMDYwVE1qSzVxTjlHTldRUnlX
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:RTE1RVlBTFZtU2d6MmQ3bUJhRVdkQWZaYTVmSzBh
a=curr:sec e2e none
a=des:sec optional e2e sendrecv
a=rtpmap:100 AMR-WB/16000
a=ptime:20
a=maxptime:200
a=fmtp:100 mode-change-period=2; mode-change-neighbor=1
a=rtpmap:96 AMR/8000
a=fmtp:96 mode-set=0,1,2,3,4,5,6,7; mode-change-neighbor=1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:97 iLBC/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:98 telephone-event/8000
a=fmtp:98 0-15
a=rtpmap:13 CN/8000
<------------->
--- (17 headers 25 lines) ---
Sending to 10.0.0.87:32824 (no NAT)
Using INVITE request as basis request - Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
Found peer '66666' for '66666' from 10.0.0.87:32824

<--- Reliably Transmitting (no NAT) to 10.0.0.87:32824 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK4ktmlhhpfphc6r9v071k4t1;received=10.0.0.87;rport=32824
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>;tag=as0f38e4c9
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
CSeq: 782 INVITE
Server: Secure Call Network
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="securecall",
nonce="432442a1"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog 'Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g' in
32000 ms (Method: INVITE)

<--- SIP read from TLS:10.0.0.87:32824 --->
ACK sips:11111 at 192.168.5.210 SIP/2.0
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK4ktmlhhpfphc6r9v071k4t1;rport
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>;tag=as0f38e4c9
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
CSeq: 782 ACK
Supported: sec-agree
Max-Forwards: 70
Content-Length: 0

<------------->
--- (9 headers 0 lines) ---

<--- SIP read from TLS:10.0.0.87:32824 --->
INVITE sips:11111 at 192.168.5.210 SIP/2.0
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK2qhgpvr33g5fno3vdb3534r;rport
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>
Contact: <sips:P_C1uMG4BIAVypRQIfLt at 10.0.0.87:5061>
Supported: precondition,100rel,timer
CSeq: 783 INVITE
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
User-Agent: Nokia RM-469 052.003 (en)
Expires: 120
Privacy: None
Session-Expires: 1800
Max-Forwards: 70
Authorization: Digest
realm="securecall",nonce="432442a1",algorithm=MD5,username="66666",uri="sips:11111 at 192.168.5.210",response="ae5328698bd10fe65f39f509508ba4d3"
Content-Type: application/sdp
Accept-Language: en
Content-Length: 756

v=0
o=66666 63466315031581125 63466315031581125 IN IP4 10.0.0.87
s=-
c=IN IP4 10.0.0.87
t=0 0
m=audio 10000 RTP/SAVP 100 96 0 8 97 18 98 13
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:d2wwa2o2ZWlMbE5mMDYwVE1qSzVxTjlHTldRUnlX
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:RTE1RVlBTFZtU2d6MmQ3bUJhRVdkQWZaYTVmSzBh
a=curr:sec e2e none
a=des:sec optional e2e sendrecv
a=rtpmap:100 AMR-WB/16000
a=ptime:20
a=maxptime:200
a=fmtp:100 mode-change-period=2; mode-change-neighbor=1
a=rtpmap:96 AMR/8000
a=fmtp:96 mode-set=0,1,2,3,4,5,6,7; mode-change-neighbor=1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:97 iLBC/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:98 telephone-event/8000
a=fmtp:98 0-15
a=rtpmap:13 CN/8000
<------------->
--- (18 headers 25 lines) ---
Sending to 10.0.0.87:32824 (no NAT)
Using INVITE request as basis request - Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
Found peer '66666' for '66666' from 10.0.0.87:32824
  == Using SIP RTP CoS mark 5
Found RTP audio format 100
Found RTP audio format 96
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 97
Found RTP audio format 18
Found RTP audio format 98
Found RTP audio format 13
  == SRTP_CRYPTO_SUITE is set to 0 ((null)).
  == SRTP_CRYPTO_SUITE is set to 16 (AES_CM_128_HMAC_SHA1_80).
Found audio description format AMR-WB for ID 100
Found audio description format AMR for ID 96
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format iLBC for ID 97
Found audio description format G729 for ID 18
Found audio description format telephone-event for ID 98
Found audio description format CN for ID 13
Capabilities: us - 0x40f (g723|gsm|ulaw|alaw|ilbc), peer - audio=0x50c
(ulaw|alaw|g729|ilbc)/video=0x0 (nothing)/text=0x0 (nothing), combined -
0x40c (ulaw|alaw|ilbc)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x3
(telephone-event|CN|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 10.0.0.87:10000
Looking for 11111 in securecallnet (domain 192.168.5.210)
list_route: hop: <sips:P_C1uMG4BIAVypRQIfLt at 10.0.0.87:5061>

<--- Transmitting (no NAT) to 10.0.0.87:32824 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK2qhgpvr33g5fno3vdb3534r;received=10.0.0.87;rport=32824
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
CSeq: 783 INVITE
Server: Secure Call Network
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
Session-Expires: 600;refresher=uas
Contact: <sip:11111 at 192.168.5.210:5061;transport=TLS>
Content-Length: 0


<------------>
    -- Executing [11111 at securecallnet:1] Playback("SIP/66666-00000006",
"demo-echotest") in new stack
Audio is at 5061
  == Selecting 1 (AES_CM_128_HMAC_SHA1_80) for srtp crypto offer.
Adding codec 0x8 (alaw) to SDP
Adding codec 0x4 (ulaw) to SDP
Adding codec 0x400 (ilbc) to SDP
Adding non-codec 0x1 (telephone-event) to SDP

<--- Reliably Transmitting (no NAT) to 10.0.0.87:32824 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bK2qhgpvr33g5fno3vdb3534r;received=10.0.0.87;rport=32824
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
To: <sips:11111 at 192.168.5.210>;tag=as3eefcc7a
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
CSeq: 783 INVITE
Server: Secure Call Network
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
Session-Expires: 600;refresher=uas
Contact: <sip:11111 at 192.168.5.210:5061;transport=TLS>
Content-Type: application/sdp
Content-Length: 389

v=0
o=root 442929548 442929548 IN IP4 192.168.5.210
s=Asterisk PBX 1.8.2.2-1
c=IN IP4 192.168.5.210
t=0 0
m=audio 43272 RTP/SAVP 8 0 97 98
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=30
a=rtpmap:98 telephone-event/8000
a=fmtp:98 0-16
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:byXQQP1sUKtBPssVZ6IWYcHHnH85RVGg1SBq2MqY

<------------>

<--- SIP read from TLS:10.0.0.87:32824 --->
ACK sip:11111 at 192.168.5.210:5061;transport=TLS SIP/2.0
Via: SIP/2.0/TLS
10.0.0.87:5061;branch=z9hG4bKhm1fkaklp6v8ro3vdb37pgj;rport
To: <sips:11111 at 192.168.5.210>;tag=as3eefcc7a
From: <sips:66666 at 192.168.5.210>;tag=0rq6lhn5slhc6cdl071k
Call-ID: Tp1GNEQ8oIfNYg73gKXvKBR7wNkG0g
CSeq: 783 ACK
Supported: sec-agree
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE
Max-Forwards: 70
Authorization: Digest
realm="securecall",nonce="432442a1",algorithm=MD5,username="66666",uri="sips:11111 at 192.168.5.210",response="ae5328698bd10fe65f39f509508ba4d3"
Content-Length: 0

<-------------> 

I will try 1.8.2.2 and 22.patch after this post 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-02-18 11:59 andrewhack     Note Added: 0132150                          
======================================================================

More information about the asterisk-bugs mailing list