[asterisk-bugs] [JIRA] (ASTERISK-26979) [RTCP-MUX] / WebRTC - SRTP unprotect failed with authentication failure 10 or 110

Javier Riveros (JIRA) noreply at issues.asterisk.org
Wed May 3 13:23:58 CDT 2017 

Javier Riveros  created ASTERISK-26979:
------------------------------------------

             Summary: [RTCP-MUX] / WebRTC - SRTP unprotect failed with authentication failure 10 or 110
                 Key: ASTERISK-26979
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26979
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_srtp
    Affects Versions: 13.15.0
            Reporter: Javier Riveros 
            Severity: Critical
         Attachments: Logs_config_packets_captures.zip

As soon as I give it a try to RTCP-MUX in webRTC-land I start getting those warnings.

I take a look to srtp library and libsrtp error err_status_auth_fail (see crypto/include/err.h, enum err_status_t) for version 1.5.x . It usually means that a wrong key is used to decrypt or a packet is modified after encryption (so computed auth tag doesn't match the one from the packet)  normally an "authentication failure".

So in asterisk looks like this warnning is being fire on 10 packets or 110 pkts
in res_srtp.c.

{code}
if (res != err_status_ok && res != err_status_replay_fail ) {
                if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {
                        ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned);
                        srtp->warned = 11;
                } else {
                        srtp->warned++;
                }
                errno = EAGAIN;
                return -1;
        }
{code}

Call example.

ASTERISK (tcp)-> (tcp) SIP-proxy (WS) -> (WS) WebRTC.

{code}
call start at : 2017-05-02T17:36:35Z
- First log (warining)
 
[2017-05-02 17:37:06.005] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 10

--second log (warining)
[2017-05-02 17:41:17.601] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 110

--call ends at
~2017-05-02T17:42:25Z
{code}

asterisk version: 13.15.0
libsrtp : libsrtp0-dev (1.5.0)
pjsip: (using pjsip bundle) v2.6
O.S : ubuntu 14.10
Browser: chrome 56,57,58 (windows/linux/mac)

I will attach the logs, config, packet captures.

If more info is needed let me know.

Thanks,



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list