[asterisk-bugs] [JIRA] (ASTERISK-20849) SDP crypto attribute is not well formed in the SDP ANSWER

Pedro Kiefer (JIRA) noreply at issues.asterisk.org
Sun Dec 30 19:25:45 CST 2012 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=201013#comment-201013 ] 

Pedro Kiefer commented on ASTERISK-20849:
-----------------------------------------

Not sure if the problem is related to line 297 of sip/sdp_crypto.c, which reads:
{noformat}
if (snprintf(crypto_buf, sizeof(crypto_buf), "a=crypto:1 AES_CM_128_HMAC_SHA1_%i inline:%s\r\n"
                taglen, p->local_key64) < 1) {
{noformat}

Having a hardcoded crypto tag would explain this bug. On the other hand, sdp_crypto_process seems to get it right:
{noformat}
snprintf(p->a_crypto, attr_len + 10, "a=crypto:%s %s inline:%s\r\n", tag, suite, p->local_key64);
{noformat}

But the string saved to p->a_crypto on sdp_crypto_process is ignored by sdp_crypto_offer, which I think shouldn't happen. If we already have a valid a_crypto line, use it, other wise create a new one, taking in account the tag number which was received (or 0 if we are making the offer).
                
> SDP crypto attribute is not well formed in the SDP ANSWER
> ---------------------------------------------------------
>
>                 Key: ASTERISK-20849
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20849
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 11.1.0
>            Reporter: José Luis Millán
>            Assignee: José Luis Millán
>
> The crypto tag in the SDP ANSWER is not being generated according to the crypto tag in the SDP OFFER for the chosen crypto attribute. This makes the offerer reject the SDP ANSWER as it is malformed.
> Ej:
> For the following crypto lines in the SDP OFFER:
> a=crypto:0 AES_CM_128_HMAC_SHA1_32 inline:cpascljg+FDoOgsFyVirWHQjGXGp5WTEiVU2SuYC
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:i5JOAu02aPN5MaXlbwJofff1opYOd2mDJ21pTejP
> Asterisk replies with:
> a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:vdrJnisX2hBpcQvcZbpMmR9IG+Dc0EpEP1iC1EbQ
> While the correct reply is:
> a=crypto:0 AES_CM_128_HMAC_SHA1_32 inline:vdrJnisX2hBpcQvcZbpMmR9IG+Dc0EpEP1iC1EbQ
> As per RFC4568 section 5.1:
> "
> When an offered crypto attribute is accepted, the crypto attribute in
>    the answer MUST contain the following:
>    *  The tag and crypto-suite from the accepted crypto attribute in the
>       offer (the same crypto-suite MUST be used in the send and receive
>       direction).
> "
> Manually rewriting the ANSWER crypto tag accordingly before sdp is processed in the offerer does the trick.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list