[asterisk-dev] Asterisk 11.3.0-rc1 and srtp - white noise only

Matthew Jordan mjordan at digium.com
Wed Mar 27 07:30:31 CDT 2013 

On 03/20/2013 10:41 AM, Martin Koenig wrote:
> Quick follow-up, I believe that recent changes related to sdp_crypto are
> causing the issue.
> 
>  
> 
> Here is another log, Call Flow
> 
>  
> 
> Gigaset w/o srtp > Asterisk > snom.
> 
>  
> 
> Look at the crypto logging. When Asterisk is processing the remote SDP
> answer, it is logging his own key and not the one from SDP – I assume
> that it is then trying to decode the remote srtp stream with the wrong
> key, and not with the proper remote from the SDP. This would explain the
> white noise.
> 

Based on the logging statements, I can see how you'd come to that
conclusion. However, I'm not sure that's the case. When a response is
received, it parses out the remote key and uses the already calculated
local key to set the policy in sdp_crypto_activate. As a final activity,
the local key attribute is re-computed.

The first logging statement happens immediately after the SRTP policy
being activated. Oddly, there should be a DEBUG 1 level log statement
indicating that the SRTP policy was activated (from
sdp_crypto_activate), and we shouldn't see "Accepting crypto tag 1" if
sdp_crypto_activate failed. It's possible that the different way in
which the DEBUG log statements are created is causing the difference
here (ast_debug(1, ...) versus ast_log(LOG_DEBUG, ...)).

> 
> [Mar 20 16:31:27] DEBUG[13795][C-00000002] sip/sdp_crypto.c: Accepting
> crypto tag 1

This particular statement is the re-computing of the local key. It isn't
the key computed for the remote policy.

> [Mar 20 16:31:27] DEBUG[13795][C-00000002] sip/sdp_crypto.c: Crypto
> line: a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:cEglQBq1wgUwFUV6Wg++6QzqZ0tUlSmA1hZSkmhE
> 

All of that aside, getting 'white noise' is odd. In general, when we
have a mismatch in keys, you will get a lot of 'unprotect' failures in
Asterisk as it attempts to unprotect the inbound SRTP and fails. Did you
see any such failures?

Or is it the other way around, where Asterisk is successfully decoding
the inbound SRTP but failing to successfully transmit SRTP to the device?

-- 
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org

More information about the asterisk-dev mailing list