[asterisk-dev] Asterisk 11.3.0-rc1 and srtp - white noise only
Andrea Suisani
sickpig at opinioni.net
Wed Mar 27 09:17:54 CDT 2013
[cc:ed Martin Koenig]
On 03/27/2013 01:30 PM, Matthew Jordan wrote:
> On 03/20/2013 10:41 AM, Martin Koenig wrote:
>> Quick follow-up, I believe that recent changes related to sdp_crypto are
>> causing the issue.
>>
>>
>>
>> Here is another log, Call Flow
>>
>>
>>
>> Gigaset w/o srtp > Asterisk > snom.
>>
>>
>>
>> Look at the crypto logging. When Asterisk is processing the remote SDP
>> answer, it is logging his own key and not the one from SDP – I assume
>> that it is then trying to decode the remote srtp stream with the wrong
>> key, and not with the proper remote from the SDP. This would explain the
>> white noise.
>>
>
> Based on the logging statements, I can see how you'd come to that
> conclusion. However, I'm not sure that's the case. When a response is
> received, it parses out the remote key and uses the already calculated
> local key to set the policy in sdp_crypto_activate. As a final activity,
> the local key attribute is re-computed.
>
> The first logging statement happens immediately after the SRTP policy
> being activated. Oddly, there should be a DEBUG 1 level log statement
> indicating that the SRTP policy was activated (from
> sdp_crypto_activate), and we shouldn't see "Accepting crypto tag 1" if
> sdp_crypto_activate failed. It's possible that the different way in
> which the DEBUG log statements are created is causing the difference
> here (ast_debug(1, ...) versus ast_log(LOG_DEBUG, ...)).
>
>>
>> [Mar 20 16:31:27] DEBUG[13795][C-00000002] sip/sdp_crypto.c: Accepting
>> crypto tag 1
>
> This particular statement is the re-computing of the local key. It isn't
> the key computed for the remote policy.
>
>> [Mar 20 16:31:27] DEBUG[13795][C-00000002] sip/sdp_crypto.c: Crypto
>> line: a=crypto:1 AES_CM_128_HMAC_SHA1_80
>> inline:cEglQBq1wgUwFUV6Wg++6QzqZ0tUlSmA1hZSkmhE
>>
>
> All of that aside, getting 'white noise' is odd. In general, when we
> have a mismatch in keys, you will get a lot of 'unprotect' failures in
> Asterisk as it attempts to unprotect the inbound SRTP and fails. Did you
> see any such failures?
>
> Or is it the other way around, where Asterisk is successfully decoding
> the inbound SRTP but failing to successfully transmit SRTP to the device?
>
More information about the asterisk-dev
mailing list