[asterisk-commits] oej: branch oej/lingon-srtp-key-lifetime-1.8 r398923 - /team/oej/lingon-srtp-...

Thu Sep 12 07:32:06 CDT 2013

Author: oej
Date: Thu Sep 12 07:32:04 2013
New Revision: 398923

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=398923
Log:
Adding a README

Added:
    team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt   (with props)
Modified:
    team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/sdp_crypto.c

Added: team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt
URL: http://svnview.digium.com/svn/asterisk/team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt?view=auto&rev=398923
==============================================================================

--- team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt (added)
+++ team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt Thu Sep 12 07:32:04 2013
@@ -1,0 +1,47 @@
+Edvina AB
+Olle E. Johansson
+
+
+Project started: 2013-09-12
+
+
+Goal: 		To accept INVITEs with crypto lifetime and MKI values
+Out of scope:	To actually follow and honor the crypto lifetime
+		This may be part 2 of this project though
+
+
+Problem:
+========
+
+Chan_sip currently doesn't parse any key attributes in SDES negotiations, 
+nor does it support multiple keys in the SDP. When receiving any attribute,
+chan_sip hangs up the call. This is obviously not a behaviour anyone wants.
+Generally, hanging up a call is considered bad behaviour.
+
+
+SDES crypto attribute examples:
+==============================
+
+Syntax: from RFC 4568
+         a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
+
+For SDES the key-params starts with "inline:". There can be multiple key-params, separated
+with semi-colon.
+
+Example of a=crypto headers:
+a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:32
+
+a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:32
+
+THe lifetime can be ignored as this example (also from RFC 4568)
+        inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2|1066:4
+
+There can be multiple keys with different MKI values:
+
+a=crypto:2 F8_128_HMAC_SHA1_80
+       inline:MTIzNDU2Nzg5QUJDREUwMTIzNDU2Nzg5QUJjZGVm|2^20|1:4;
+       inline:QUJjZGVmMTIzNDU2Nzg5QUJDREUwMTIzNDU2Nzg5|2^20|2:4
+       FEC_ORDER=FEC_SRTP
+
+
+The MKI always have a colon. The lifetime parameter can be decimal.

Propchange: team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/README.lingon.txt
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/sdp_crypto.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/sdp_crypto.c?view=diff&rev=398923&r1=398922&r2=398923
==============================================================================
--- team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/sdp_crypto.c (original)
+++ team/oej/lingon-srtp-key-lifetime-1.8/channels/sip/sdp_crypto.c Thu Sep 12 07:32:04 2013
@@ -204,6 +204,29 @@
 	int suite_val = 0;
 	unsigned char remote_key[SRTP_MASTER_LEN];
 
+	/* Syntax: from RFC 4568
+	 a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
+
+	for SDES the key-params starts with "inline:"
+
+Example of a=crypto headers:
+a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:32
+
+a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:32
+
+THe lifetime can be ignored as this example (also from RFC 4568)
+	inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2|1066:4
+
+There can be multiple keys with different MKI values:
+
+a=crypto:2 F8_128_HMAC_SHA1_80
+       inline:MTIzNDU2Nzg5QUJDREUwMTIzNDU2Nzg5QUJjZGVm|2^20|1:4;
+       inline:QUJjZGVmMTIzNDU2Nzg5QUJDREUwMTIzNDU2Nzg5|2^20|2:4
+       FEC_ORDER=FEC_SRTP
+
+
+	*/
+
 	if (!ast_rtp_engine_srtp_is_registered()) {
 		return -1;
 	}


