[asterisk-dev] [Code Review] Allow Setting Auth Tag Bit length and make SRTP optional chan_sip

Tilghman Lesher reviewboard at asterisk.org
Wed May 25 15:29:39 CDT 2011 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1173/#review3622
-----------------------------------------------------------



/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1173/#comment7284>

    Shouldn't you reverse these (i.e. prefer 32-bit taglen, if it's specified in the request, even if an 80-bit taglen is specified in the config file)?



/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1173/#comment7282>

    This new option needs corresponding documentation in configs/sip.conf.sample.



/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1173/#comment7285>

    Document this in the config file, too.



/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1173/#comment7286>

    The additional parentheses around *srtp are unnecessary (in the second case) when you're just passing the pointer.



/trunk/channels/sip/sdp_crypto.c
<https://reviewboard.asterisk.org/r/1173/#comment7283>

    space after comma


- Tilghman


On 2011-05-25 09:56:44, irroot wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1173/
> -----------------------------------------------------------
> 
> (Updated 2011-05-25 09:56:44)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> change the encruption option to tristate with optional bit setting
> also make this a global option.
> 
> qwell sugests a second option for bitlen have no problem with that.
> 
> 4.1 Crypto-suites 
>     
>    A crypto-suite value appears as the first parameter in a=crypto. The 
>    CRYPTO-SUITE value MAY be different for SRTP and SRTCP as described 
>    in Section 4.2. If a receiver does not support the particular 
>    crypto-suite, then the receiver MUST NOT participate in the media 
>    stream and SHOULD log an "unrecognized crypto-suite" condition 
>    unless the receiver is participating in an Offer/Answer exchange 
>    (Section 5).  RTP/SAVP has four crypto-suites as described below. 
>     
> 4.1.1 AES_CM_128_HMAC_SHA1_80 
>     
>    This is the SRTP default AES Counter Mode cipher and HMAC-SHA1 
>    message authentication having a 80-bit authentication tag.  The 
>    encryption and authentication key lengths are 128 bits.  The master 
>    salt value is 112 bits and the session salt value is 112 bits.  The 
>    PRF is the default SRTP pseudo-random function that uses AES Counter 
>    Mode with a 128-bit key length.   
>  
> 4.1.2 AES_CM_128_HMAC_SHA1_32 
>     
>    The SRTP AES Counter Mode cipher is used with HMAC-SHA1 message 
>    authentication having an 32-bit authentication tag.  The encryption 
>    and authentication key lengths are 128 bits.  The master salt value 
>    is 112 bits and the session salt value is 112 bits.  These values 
>    apply to SRTP and to SRTCP.  The PRF is the default SRTP pseudo-
>    random function that uses AES Counter Mode with a 128-bit key 
>    length.  
>  
> 4.1.3 F8_128_HMAC_SHA1_80 
>     
>    The SRTP f8 cipher is used with HMAC-SHA1 message authentication 
>    having a 80-bit authentication tag.  The encryption and 
>    authentication key lengths are 128 bits.  The master salt value is 
>    112 bits and the session salt value is 112 bits.  The PRF is the 
>    default SRTP pseudo-random function that uses AES Counter Mode with 
>    a 128-bit key length.  
>     
> 4.1.4 F8_128_HMAC_SHA1_32 
>     
>    The SRTP f8 cipher is used with HMAC-SHA1 message authentication 
>    having a 32-bit authentication tag.  The encryption and  
>    authentication key lengths are 128 bits.  The master salt value is 
>    112 bits and the session salt value is 112 bits.  The PRF is the 
>    default SRTP pseudo-random function that uses AES Counter Mode with 
>    a 128-bit key length.  
> 
> 
> This addresses bug 19335.
>     https://issues.asterisk.org/view.php?id=19335
> 
> 
> Diffs
> -----
> 
>   /trunk/CHANGES 320770 
>   /trunk/channels/chan_sip.c 320770 
>   /trunk/channels/sip/include/sdp_crypto.h 320770 
>   /trunk/channels/sip/include/sip.h 320770 
>   /trunk/channels/sip/include/srtp.h 320770 
>   /trunk/channels/sip/sdp_crypto.c 320770 
> 
> Diff: https://reviewboard.asterisk.org/r/1173/diff
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> irroot
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110525/6dccc3a0/attachment-0001.htm>

More information about the asterisk-dev mailing list