[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256

jag (JIRA) noreply at issues.asterisk.org
Tue Apr 8 08:19:18 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=217074#comment-217074 ] 

jag edited comment on ASTERISK-22961 at 4/8/14 8:18 AM:
--------------------------------------------------------

I am using Asterisk 12.2.0-rc1, I updated with this patch file srtp_dtls.patch 07/Jan/14 7:38 AM
from bug isssue ASTERISK-22961
https://issues.asterisk.org/jira/browse/ASTERISK-22961?jql=text%20~%20%22dtls%22

Rtp traffic seems to be sent and received, Asterisk debug log shows

Sent RTP packet to 10.1.xxx.xxx:41143 (via ICE) (type 08, seq 021868, ts 221760, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001383, ts 1917269534, len 000160)
Sent RTP packet to 10.1.xxx.xxx41143 (via ICE) (type 08, seq 021869, ts 221920, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001384, ts 1917269694, len 000160)
Sent RTP packet to 10.1.xxx.xxx:41143 (via ICE) (type 08, seq 021870, ts 222080, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001385, ts 1917269854, len 000160)

However the len is reported as "len 4294967284" which seems to be wrong
No audio is heard on the browser.

Please note this on a tls connection not wss.

This is the sent sdp.

=0
o=root 350315728 350315728 IN IP4 10.31.xxx.xxx
s=Asterisk PBX 12.2.0-rc1
c=IN IP4 10.31.xxx.xxx
t=0 0
m=audio 24316 UDP/TLS/RTP/SAVPF 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=maxptime:150
a=ice-ufrag:1c5c5d52130f06fd70e1e23f0d6323f2
a=ice-pwd:12611b8146599a9019d59b4b649a7970
a=candidate:Ha1f026f 1 UDP 2130706431 10.31.xxx.xxx 24316 typ host
a=candidate:Ha1f026f 2 UDP 2130706430 10.31.xxx.xxx 24317 typ host
a=connection:new
a=setup:active
a=fingerprint:SHA-256 13:BB:CF:88:C4:75:9B:F0:DA:36:0A:6D:5D:37:C9:26:6B:3C:82:3E:F6:92:AE:A7:AE:CF:FF:78:F5:86:D9:E8
a=sendrecv



was (Author: jaflong):

I am using Asterisk 12.2.0-rc1, I updated with this patch file srtp_dtls.patch 07/Jan/14 7:38 AM
from bug isssue ASTERISK-22961
https://issues.asterisk.org/jira/browse/ASTERISK-22961?jql=text%20~%20%22dtls%22

Rtp traffic seems to be sent and received, Asterisk debug log shows

Sent RTP packet to 10.1.xxx.xxx:41143 (via ICE) (type 08, seq 021868, ts 221760, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001383, ts 1917269534, len 000160)
Sent RTP packet to 10.1.xxx.xxx41143 (via ICE) (type 08, seq 021869, ts 221920, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001384, ts 1917269694, len 000160)
Sent RTP packet to 10.1.xxx.xxx:41143 (via ICE) (type 08, seq 021870, ts 222080, len 4294967284)
Got RTP packet from 10.1.xxx.xxx:41143 (type 08, seq 001385, ts 1917269854, len 000160)

However the len is reported as "len 4294967284" which seems to be wrong
No audio is heard on the browser.

This is the sent sdp.

=0
o=root 350315728 350315728 IN IP4 10.31.xxx.xxx
s=Asterisk PBX 12.2.0-rc1
c=IN IP4 10.31.xxx.xxx
t=0 0
m=audio 24316 UDP/TLS/RTP/SAVPF 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=maxptime:150
a=ice-ufrag:1c5c5d52130f06fd70e1e23f0d6323f2
a=ice-pwd:12611b8146599a9019d59b4b649a7970
a=candidate:Ha1f026f 1 UDP 2130706431 10.31.xxx.xxx 24316 typ host
a=candidate:Ha1f026f 2 UDP 2130706430 10.31.xxx.xxx 24317 typ host
a=connection:new
a=setup:active
a=fingerprint:SHA-256 13:BB:CF:88:C4:75:9B:F0:DA:36:0A:6D:5D:37:C9:26:6B:3C:82:3E:F6:92:AE:A7:AE:CF:FF:78:F5:86:D9:E8
a=sendrecv


> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
>                 Key: ASTERISK-22961
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
>    Affects Versions: 11.6.0, 12.0.0-beta2
>            Reporter: Jay Jideliov
>         Attachments: 11.7 patched.zip, asterisk_dtls.patch, chan_sip.c, dtls_retransmission.patch, ice_session.c, jssip no ring.txt, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch, wireshark.txt
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list