[asterisk-bugs] [JIRA] (ASTERISK-22748) SRTP Crypto Offer Not Acceptable

Wed Oct 23 10:40:03 CDT 2013

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=211157#comment-211157 ] 

Michael L. Young commented on ASTERISK-22748:
---------------------------------------------

Alejandro,

You must be getting log messages like this when using the Grandstream:
{noformat}
"Crypto life time unsupported: crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Ar/jYxzGz1lLcROAnVi8IFGB2VJlynqKBhjaVvgb|2^32"
"Crypto life time unsupported: crypto:2 AES_CM_128_HMAC_SHA1_32 inline:CPvb7F73si5R/Z9kfT28OV0NujdfHwHaqQfyg13q|2^32"
{noformat}

Asterisk does not support lifetime for cryptographic keys, which is the part that follows the "|".

Take a look at this FAQ on Grandstream's website for extra information.
http://www.grandstream.com/support/faq/gxp-enterprise-phone-series#25

Unless you can provide a patch to add this feature, we need to close this out since we do not accept feature requests through the bug tracker.  You can feel free to bring this up on the mailing lists and see if anyone would be able to help add this support.

> SRTP Crypto Offer Not Acceptable
> --------------------------------
>
>                 Key: ASTERISK-22748
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22748
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Channels/chan_sip/TCP-TLS
>    Affects Versions: 11.5.1
>         Environment: FreePBX with Asterisk 11.5.1 recompiled
>            Reporter: Alejandro Mejia
>
> When a=crypto:1 and a=crypto:2 are not comming right after m=audio on SDP message from certain SIP clients (Grandstream phones for example), Asterisk ignores the crypto parameters and issues the following errors:
> NOTICE[20186][C-00000042]: sip/sdp_crypto.c:265 sdp_crypto_process: SRTP crypto offer not acceptable
> WARNING[20186][C-00000042]: chan_sip.c:10454 process_sdp: Rejecting secure audio stream without encryption details: audio 5004 RTP/SAVP 0 8 4 18 9 97 2 101
> This resulting on a "Not Acceptable Here" SIP error.
> The following SDP informations are from Yealink phone, and Grandstream phone.
> Yealink (call goes through without issues):
> v=0
> o=- 20013 20013 IN IP4 10.28.128.187
> s=SDP data
> c=IN IP4 10.28.128.187
> t=0 0
> m=audio 11792 RTP/SAVP 0 8 18 9 101
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:NmU0NTlkM2QzNDkzNGFiNzVjYjE2MWI2ZDcyMWZk
> a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:M2JhMmJmYmM4OGIxNDRlADY5NDQ5NjMANjljM2Qz
> a=crypto:3 F8_128_HMAC_SHA1_80 inline:Mzk2NDY1NWExYTdkYWI3YTdmOTc1MWZmNmRlYTkx
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:9 G722/8000
> a=fmtp:101 0-15
> a=rtpmap:101 telephone-event/8000
> a=ptime:20
> a=sendrecv
> Grandstream phone (call won't go through):
> v=0
> o=898 8000 8000 IN IP4 10.28.128.97
> s=SIP Call
> c=IN IP4 10.28.128.97
> t=0 0
> m=audio 5004 RTP/SAVP 0 8 4 18 9 97 2 101
> a=sendrecv
> a=rtpmap:0 PCMU/8000
> a=ptime:20
> a=rtpmap:8 PCMA/8000
> a=rtpmap:4 G723/8000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:9 G722/8000
> a=rtpmap:97 iLBC/8000
> a=fmtp:97 mode=30
> a=rtpmap:2 G726-32/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Ar/jYxzGz1lLcROAnVi8IFGB2VJlynqKBhjaVvgb|2^32
> a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:CPvb7F73si5R/Z9kfT28OV0NujdfHwHaqQfyg13q|2^32

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira