[asterisk-dev] [Code Review]: DTLS-SRTP Support

Joshua Colp reviewboard at asterisk.org
Wed Sep 19 14:15:05 CDT 2012 


> On Sept. 19, 2012, 1:57 p.m., opticron wrote:
> > /trunk/channels/chan_sip.c, line 9721
> > <https://reviewboard.asterisk.org/r/2113/diff/1/?file=31234#file31234line9721>
> >
> >     This should be checked before the transport checking so that SRTP_CRYPTO_OFFER_OK does not get set inadvertently.  This applies to the video stream processing as well.

Fixed.


> On Sept. 19, 2012, 1:57 p.m., opticron wrote:
> > /trunk/channels/chan_sip.c, line 10024
> > <https://reviewboard.asterisk.org/r/2113/diff/1/?file=31234#file31234line10024>
> >
> >     Instead of setting processed to TRUE, this should result in setting offer->type = SDP_UNKNOWN, breaking out of the stream parameter processing loop, and continuing with the next stream definition since encryption is unsupported for text streams.

If the offer contained DTLS-SRTP it would have already skipped this stream when looking at the protocol and declined it, since that protocol is not supported. As for handling DTLS-SRTP attributes I've removed it since it is not needed and could cause insanity with bad packets.


On Sept. 19, 2012, 1:57 p.m., Joshua Colp wrote:
> > If DTLS-SRTP (or normal SRTP) is offered in session-level SDP and a text stream is also offered in the same SDP offer, Asterisk should either reject the text stream or the entire offer since it cannot honor the request.

Above.


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2113/#review7092
-----------------------------------------------------------


On Sept. 14, 2012, 11:43 a.m., Joshua Colp wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2113/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2012, 11:43 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> WebRTC has migrated to using DTLS-SRTP as the method for securing media streams. This patch adds support for it using OpenSSL. DTLS is used between both sides with the keying material for SRTP extracted from that negotiation.
> 
> 
> Diffs
> -----
> 
>   /configure UNKNOWN 
>   /trunk/channels/chan_sip.c 373058 
>   /trunk/channels/sip/include/sip.h 373058 
>   /trunk/configs/sip.conf.sample 373058 
>   /trunk/configure.ac 373058 
>   /trunk/include/asterisk/autoconfig.h.in 373058 
>   /trunk/include/asterisk/rtp_engine.h 373058 
>   /trunk/main/rtp_engine.c 373058 
>   /trunk/res/res_rtp_asterisk.c 373058 
> 
> Diff: https://reviewboard.asterisk.org/r/2113/diff
> 
> 
> Testing
> -------
> 
> Tested various configurations between two Asterisk instances. Rekeying, verification, etc all appear to work. Unfortunately there are very few DTLS-SRTP implementations in the wild so testing against another implementation has not yet occurred.
> 
> 
> Thanks,
> 
> Joshua
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120919/c1634158/attachment.htm>

More information about the asterisk-dev mailing list