[asterisk-bugs] [JIRA] (ASTERISK-20896) SDP crypto attribute is not well formed in the SDP ANSWER

[Rusty Newton (JIRA)]

Rusty Newton created ASTERISK-20896:
---------------------------------------

             Summary: SDP crypto attribute is not well formed in the SDP ANSWER
                 Key: ASTERISK-20896
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20896
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Channels/chan_sip/SRTP
    Affects Versions: SVN, 10.11.1, 11.1.0
            Reporter: José Luis Millán


The crypto tag in the SDP ANSWER is not being generated according to the crypto tag in the SDP OFFER for the chosen crypto attribute. This makes the offerer reject the SDP ANSWER as it is malformed.


Ej:

For the following crypto lines in the SDP OFFER:

a=crypto:0 AES_CM_128_HMAC_SHA1_32 inline:cpascljg+FDoOgsFyVirWHQjGXGp5WTEiVU2SuYC
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:i5JOAu02aPN5MaXlbwJofff1opYOd2mDJ21pTejP

Asterisk replies with:
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:vdrJnisX2hBpcQvcZbpMmR9IG+Dc0EpEP1iC1EbQ

While the correct reply is:
a=crypto:0 AES_CM_128_HMAC_SHA1_32 inline:vdrJnisX2hBpcQvcZbpMmR9IG+Dc0EpEP1iC1EbQ

As per RFC4568 section 5.1:

"
When an offered crypto attribute is accepted, the crypto attribute in
   the answer MUST contain the following:

   *  The tag and crypto-suite from the accepted crypto attribute in the
      offer (the same crypto-suite MUST be used in the send and receive
      direction).
"

Manually rewriting the ANSWER crypto tag accordingly before sdp is processed in the offerer does the trick.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira