[Asterisk-Dev] AES voice encryption for IAX2

[James Sharp]

>
> I'm more interested in any information regarding the modification of the
> IAX2 protocol to allow encryption of
> the media packets, call numbers, and the call state info.
>
> Taking a look at the copy of the IAX2 protocol spec,
> I see that it won't be trivial to modify the protocol
> to protect the call numbers, call data and state information without
> significant structural change to the format of the headers.
>
> IOTW: Time for IAX3?
>
> One could protect the data by defining a special code (0xFFFF) for the
> call number field in IAX2 but this is a kludgy fix to an otherwise
> outstanding protocol.

Why not just add a subclass of AST_FRAME_VOICE_ENCRYPTED?   Or a new
frametype of AST_FRAME_ENCRYPTED_IAX?

If you get an IAX packet with AST_FRAME_ENCRYPTED_IAX, you decrypt the
structure and convert it to AST_FRAME_IAX?  Same with voice.


> One could also re-direct encrypted traffic onto a new
> source/destination port number pair ala HTTP/HTTPS, then
> define a new header format which exposes minumal call information.
>
> Finally, we could define IAXS as a new and separate protocol
> using a new known port number pair only used when encryption is necessary
> as encryption capable headers will make IAX less efficient.

If you go with static keying on the two endpoints, then all you have to do
is indicate that the frames are encrypted.

You do get into some issues for an IAX transfer, though.  You have either
renegotiate keys or make sure all endpoints use the same key.