[asterisk-dev] SRTP implementation

marek cervenka cervajs at fpf.slu.cz
Tue May 1 13:56:16 MST 2007


> Olle E Johansson wrote:
>> 
>> 23 apr 2007 kl. 19.55 skrev Russell Bryant:
>> 
>>> John Todd wrote:
>>>> To morph this into a -dev thread: if this patch were to become (again) 
>>>> useful and error-free, is there any objection or usefulness in adding it 
>>>> to TRUNK?  Personally, I think there is, if there is a method by which 
>>>> SRTP can be activated or de-activated from within the dialplan based on 
>>>> prior shared secrets.  However, I have heard others disagree and object 
>>>> that without signalling-based secure key exchange, SRTP is not worth the 
>>>> effort.  Opinions?
>>> 
>>> I agree with you.  I think that is a reasonable approach.  I can't speak 
>>> for the quality of the patch itself as I have not reviewed it.  But, if it 
>>> works, I would guess that it would not be too bad to get it into trunk.
>> 
>> Kevin and I earlier decided that we wanted to delay this until we had a 
>> complete security solution, with signalling based secure key exchange ;-)
>> 
>> /O
>
> I have uploaded a new patch. This patch and also the previous supports MIKEY 
> as well as sdescriptions.
>
> The MIKEY key management scheme uses transport encryption for transporting 
> the keys securely over unsecured transports such as unencrypted SDP.
>
> There are several MIKEY flavors: Pre shared, DH-SIGN, RSA, RSA-R and DH-HMAC. 
> The patch currently uses DH-HMAC for outgoing connections, using secret from 
> sip.conf as the shared secret.

http://www.voip-info.org/wiki/view/Asterisk+SRTP updated

test srtp server (asterisk SVN-trunk-r61760 + latest SRTP patch)
voice2.fpf.slu.cz

test sip accounts
700:700
701:701
702:702

extensions.conf
exten => 600,1,Set(_SIPSRTP=optional)
exten => 600,n,Set(_SIPSRTP_CRYPTO=enable)
exten => 600,n,Playback(demo-echotest) ; Let them know what's going on
exten => 600,n,Echo ; Do the echo test
exten => 600,n,Playback(demo-echodone) ; Let them know it's over
exten => 600,n,hangup

exten => 610,1,Set(_SIPSRTP=require)
exten => 610,n,Set(_SIPSRTP_MIKEY=enable)
exten => 610,n,Playback(demo-echotest) ; Let them know what's going on
exten => 610,n,Echo ; Do the echo test
exten => 610,n,Playback(demo-echodone) ; Let them know it's over
exten => 610,n,hangup

p.s. sorry for cross post

---------------------------------------
Marek Cervenka
Centrum Vypocetni Techniky
CVT 		- http://cvt.fpf.slu.cz
FPF SLU OPAVA 	- http://www.fpf.slu.cz
LCNA 		- http://lcna.slu.cz
=======================================



More information about the asterisk-dev mailing list