[asterisk-users] Need stronger SRTP ciphers (256 bit)
Joshua Colp
jcolp at digium.com
Tue May 31 09:45:23 CDT 2016
Kevin Long wrote:
>
> Some more information (would love some thoughts on this, I have never
> submitted a patch yet).
>
> Groundwire (Popular SIP app) supports the following cipher suites for
> SRTP:
>
>
> AES_CM_128_HMAC_SHA1_32 AES_CM_128_HMAC_SHA1_80
> AES_CM_192_HMAC_SHA1_32 AES_CM_192_HMAC_SHA1_80
> AES_CM_256_HMAC_SHA1_32 AES_CM_256_HMAC_SHA1_80 AEAD_AES_128_GCM
> AEAD_AES_256_GCM
>
>
>
> I see in the asterisk 13.9.1 source tarsal, in res/res_srtp.c :
>
>
> Could adding support for the above cipher suites be as simple as
> adding more options to this switch/case statement with the
> appropriate parameters or is there more to it?
>
> Thank you!
>
>
>
> static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite
> suite) { switch (suite) { case AST_AES_CM_128_HMAC_SHA1_80:
> p->cipher_type = AES_128_ICM; p->cipher_key_len = 30; p->auth_type =
> HMAC_SHA1; p->auth_key_len = 20; p->auth_tag_len = 10; p->sec_serv =
> sec_serv_conf_and_auth; return 0;
>
> case AST_AES_CM_128_HMAC_SHA1_32: p->cipher_type = AES_128_ICM;
> p->cipher_key_len = 30; p->auth_type = HMAC_SHA1; p->auth_key_len =
> 20; p->auth_tag_len = 4; p->sec_serv = sec_serv_conf_and_auth; return
> 0;
>
> default: ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);
It could maybe be as simple as that, but until it is attempted it's
unknown what other stuff may need to be adjusted.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list