[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer

Fri Feb 25 01:54:16 CST 2011

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18674 
====================================================================== 
Reported By:                bbeers
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18674
Category:                   Channels/chan_sip/SRTP
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     acknowledged
Asterisk Version:           SVN 
JIRA:                       SWP-3142 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 303637 
Request Review:              
====================================================================== 
Date Submitted:             2011-01-25 09:56 CST
Last Modified:              2011-02-25 01:54 CST
====================================================================== 
Summary:                    [patch] Unable to choose which SRTP suite to offer
Description: 
Setting encryption=yes in sip.conf will cause asterisk to
 generate a line in SIP INVITE SDP:

 a=crypto: AES_CM_128_HMAC_SHA1_80 ...

There is no way to specify that asterisk should offer
 AES_CM_128_HMAC_SHA1_32 instead of
 AES_CM_128_HMAC_SHA1_80.

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0018187 Indicate SRTP + Feature reqest
====================================================================== 

---------------------------------------------------------------------- 
 (0132398) Irontec (reporter) - 2011-02-25 01:54
 https://issues.asterisk.org/view.php?id=18674#c132398 
---------------------------------------------------------------------- 
Hi, I'm using Cisco SPA5XX phones and Snom360.

Without any patches and changing only the sdp_crypto.c to offer AES_32
instead AES_80 works well. We only have a Warning like:
  WARNING[4187]: res_srtp.c:338 ast_srtp_unprotect: SRTP unprotect:
authentication failure

But, the conversation is protected (using Wireshark or Omnipeek we can't
hear real audio)

Change to AES_32 is required because SPA5XX phones send two Crypto lines
and the first one is AES_32 and as we know Asterisk only uses the first
line....
(With Snoms we can choose which type to use)

Thanks for your effort with this issue. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-02-25 01:54 Irontec        Note Added: 0132398                          
======================================================================