[asterisk-bugs] [JIRA] (ASTERISK-17721) Incoming SRTP calls that specify a key lifetime fail

Matt Jordan (JIRA) noreply at issues.asterisk.org
Wed Feb 25 14:57:34 CST 2015 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-17721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-17721:
-----------------------------------

    Description: 
Asterisk's SRTP implementation does not understand the key lifetime attribute in an {{a=cyrpto}} line. Since some phones specify this (and are not configurable in this regard), Asterisk really needs to implement support for this.

*STEPS TO REPRODUCE*

I believe recent Grandstream firmware releases send this parameter. Any call with this specified will be rejected by Asterisk.

*ADDITIONAL INFORMATION*

The default key lifetime for {{AES_CM_128_HMAC_SHA1_32}} or {{80}} is {{2^48}} SRTP packets (or {{2^31}} SRTCP packets whichever comes first). At 50 packets/second this is 178,391 years...a decidedly long call.

  was:
Asterisk's SRTP implementation does not understand the key lifetime attribute in an a=cyrpto line. Since some phones specify this (and are not configurable in this regard), Asterisk really needs to implement support for this.

****** STEPS TO REPRODUCE ******

I believe recent Grandstream firmware releases send this parameter. Any call with this specified will be rejected by Asterisk.

****** ADDITIONAL INFORMATION ******

The default key lifetime for AES_CM_128_HMAC_SHA1_32 or 80 is 2^48 SRTP packets (or 2^31 SRTCP packets whichever comes first). At 50 packets/second this is 178,391 years...a decidedly long call.


> Incoming SRTP calls that specify a key lifetime fail
> ----------------------------------------------------
>
>                 Key: ASTERISK-17721
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-17721
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Channels/chan_sip/SRTP
>            Reporter: Terry Wilson
>            Severity: Minor
>         Attachments: srtpMKI_Asterisk11.patch, srtpMKI_Asterisk12.patch
>
>
> Asterisk's SRTP implementation does not understand the key lifetime attribute in an {{a=cyrpto}} line. Since some phones specify this (and are not configurable in this regard), Asterisk really needs to implement support for this.
> *STEPS TO REPRODUCE*
> I believe recent Grandstream firmware releases send this parameter. Any call with this specified will be rejected by Asterisk.
> *ADDITIONAL INFORMATION*
> The default key lifetime for {{AES_CM_128_HMAC_SHA1_32}} or {{80}} is {{2^48}} SRTP packets (or {{2^31}} SRTCP packets whichever comes first). At 50 packets/second this is 178,391 years...a decidedly long call.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list