[asterisk-bugs] [JIRA] (ASTERISK-29519) ROC value not incremented in SRTP

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Tue Jul 13 03:52:33 CDT 2021


     [ https://issues.asterisk.org/jira/browse/ASTERISK-29519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua C. Colp updated ASTERISK-29519:
--------------------------------------

    Description: 
h3. What is happening?

We have to do an integration with a client that wants to secure their communications with TLS for the signaling and SRTP for the media.

After enabling SRTP all looked great, but the client detected that after ~22 minutes the call hangup automatically.

After some debugging, the client inform us that his SBC provider detected the issue. The reason of this problem was that after the RTP sequence number overflowed, the ROC (roll-over counter) value wasn't increased.

h3. Proposed solution

We had to update the `libsrtp` version from 2.0.0 to 2.3.0. The reason for this change is that the default version included in Debian doesn't expose the headers from reading and changing the values of ROC.

For implementing this, we modified the following files:
* res/res_rtp_asterisk.c
* res/res_srtp.c

The modifications for *res_srtp.c*:

<inline code removed>

  was:
h3. What is happening?

We have to do an integration with a client that wants to secure their communications with TLS for the signaling and SRTP for the media.

After enabling SRTP all looked great, but the client detected that after ~22 minutes the call hangup automatically.

After some debugging, the client inform us that his SBC provider detected the issue. The reason of this problem was that after the RTP sequence number overflowed, the ROC (roll-over counter) value wasn't increased.

h3. Proposed solution

We had to update the `libsrtp` version from 2.0.0 to 2.3.0. The reason for this change is that the default version included in Debian doesn't expose the headers from reading and changing the values of ROC.

For implementing this, we modified the following files:
* res/res_rtp_asterisk.c
* res/res_srtp.c

The modifications for *res_srtp.c*:

Lines 103-104
{code}
static int ast_srtp_set_stream_roc(struct ast_srtp *srtp, unsigned int ssrc, unsigned int roc);
static int ast_srtp_get_stream_roc(struct ast_srtp *srtp, unsigned int ssrc, unsigned int *roc);
{code}

Lines 118-119
{code}
.set_stream_roc = ast_srtp_set_stream_roc,
.get_stream_roc = ast_srtp_get_stream_roc
{code}

Lines 366-374
{code}
static int ast_srtp_set_stream_roc(struct ast_srtp *srtp, unsigned int ssrc, unsigned int roc)
{
	return srtp_set_stream_roc(srtp->session, ssrc, roc);
}

static int ast_srtp_get_stream_roc(struct ast_srtp *srtp, unsigned int ssrc, unsigned int *roc)
{
	return srtp_get_stream_roc(srtp->session, ssrc, roc);
}
{code}

The modifications for *res_rtp_asterisk.c*:

Lines 5099-5124
{code}
	if (seqno == rtp->seqno) {
		rtp->seqno++;
		if (rtp->seqno == 0) {
			ast_verbose("Seq number roll over for SSRC: %d\n", rtp->ssrc);
			struct ast_srtp *srtp = ast_rtp_instance_get_srtp(instance, 0);
			if (res_srtp && srtp) {
				ast_verbose("\'SRTP\' detected\n");
				unsigned int roc;
				ast_verbose("Obtaining the SRTP ROC value...\n");
				int res = res_srtp->get_stream_roc(srtp, rtp->ssrc, &roc);
				if (res == 0) {
					ast_verbose("Current SRTP ROC value: %d", roc);
					roc++;
					ast_verbose("Setting new ROC to %d", roc);
					res = res_srtp->set_stream_roc(srtp, rtp->ssrc, roc);
					if (res == 0) {
						ast_verbose("ROC updated!\n");
					} else {
						ast_log(LOG_ERROR, "Cannot update ROC. Error: %d\n", res);
					}
				} else {
					ast_log(LOG_ERROR, "Cannot read current ROC. Error: %d\n", res);
				}
			}
		}
	}
{code}


> ROC value not incremented in SRTP
> ---------------------------------
>
>                 Key: ASTERISK-29519
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29519
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_srtp
>    Affects Versions: 18.4.0
>            Reporter: Marcos Cereijo Rodríguez
>
> h3. What is happening?
> We have to do an integration with a client that wants to secure their communications with TLS for the signaling and SRTP for the media.
> After enabling SRTP all looked great, but the client detected that after ~22 minutes the call hangup automatically.
> After some debugging, the client inform us that his SBC provider detected the issue. The reason of this problem was that after the RTP sequence number overflowed, the ROC (roll-over counter) value wasn't increased.
> h3. Proposed solution
> We had to update the `libsrtp` version from 2.0.0 to 2.3.0. The reason for this change is that the default version included in Debian doesn't expose the headers from reading and changing the values of ROC.
> For implementing this, we modified the following files:
> * res/res_rtp_asterisk.c
> * res/res_srtp.c
> The modifications for *res_srtp.c*:
> <inline code removed>



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list