[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Mitja Kaučič mitjaka at cde.si
Tue Jan 8 07:23:41 CST 2013


Hello Joshua,
yes that is the SDP that mozzila generates now. They generate only sha-256 fingerprint but accept all SHS variants
https://bugzilla.mozilla.org/show_bug.cgi?id=825515
Maybe because sha-256 is more secure.

That is the whole SDP mozzila generates, with video and datachanel.
v=0
o=Mozilla-SIPUA 9899 0 IN IP4 0.0.0.0
s=SIP Call
t=0 0
a=ice-ufrag:b3de65be
a=ice-pwd:c5e2abb556e29dd9b0481835a728ae4a
a=fingerprint:sha-256 68:25:70:72:AA:87:63:4B:51:84:43:11:FF:93:67:FF:B6:E6:B8:9D:F6:55:ED:55:98:8B:EE:9B:A6:39:60:B7
m=audio 59608 RTP/SAVPF 109 0 8 101
c=IN IP4 ...
a=rtpmap:109 opus/48000/2
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61851 typ host
a=candidate:1 1 UDP 1692467199 ... 59608 typ srflx raddr ... rport 61851
a=candidate:0 2 UDP 2111832318 ... 61852 typ host
a=candidate:1 2 UDP 1692467198 ... 52894 typ srflx raddr ... rport 61852
m=video 55730 RTP/SAVPF 120
c=IN IP4 ....
a=rtpmap:120 VP8/90000
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61853 typ host
a=candidate:1 1 UDP 1692467199 ... 55730 typ srflx raddr ... rport 61853
a=candidate:0 2 UDP 2111832318 ... 61854 typ host
a=candidate:1 2 UDP 1692467198 ... 56390 typ srflx raddr ... rport 61854
m=application 55059 SCTP/DTLS 5000
c=IN IP4 ...
a=fmtp:5000 protocol=webrtc-datachannel;streams=16
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61855 typ host
a=candidate:1 1 UDP 1692467199 ... 55059 typ srflx raddr ... rport 61855
a=candidate:0 2 UDP 2111832318 ... 61856 typ host
a=candidate:1 2 UDP 1692467198 ... 56301 typ srflx raddr ... rport 61856

Do you plan to come together with mozzila into a agrement for the SDP format and WEBRTC implementation or is that something that is not on your aggenda? And google implementation is also changing and in flux do you want to be interoperable with firefox and mozzila?
Because that is something we would need, to be done.

Regards M

-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Joshua Colp
Sent: Tuesday, January 08, 2013 1:52 PM
To: Asterisk Developers Mailing List
Subject: Re: [asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Mitja Kaučič wrote:
> I have problem with offer SDP that firefox nightly generates. It writes out the following error on asterisk:
>
> WARNING[25424][C-00000004]: chan_sip.c:10936 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '2457893540'
> SDP:
> v=0
> o=Mozilla-SIPUA 14911 0 IN IP4 xxx
> s=SIP Call
> t=0 0
> a=ice-ufrag:de2f016f
> a=ice-pwd:5f6c1d1e785108256c0e9e94d2a5ee78
> a=fingerprint:sha-256 B4:C6:2A:9E:3E:C9:BD:92:13:D3:20:4A:07:B2:BB:9E:27:18:7F:B8:77:70:1D:76:49:A0:40:0F:66:1C:DD:96
> m=audio 60273 RTP/SAVPF 109 0 8 101
> c=IN IP4 xxx
> a=rtpmap:109 opus/48000/2
> a=ptime:20
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=sendrecv
>
> After inspecting the code in  Chan_sip.c, metode "process_sdp_a_dtls", looks like there is only sha-1 supported, but firefox uses sha-256:
> if (!strcasecmp(hash, "sha-1"))
> {
>                  dtls->set_fingerprint(instance, AST_RTP_DTLS_HASH_SHA1, value);
> } else {
>                  ast_log(LOG_WARNING, "Unsupported fingerprint hash type '%s' received on dialog '%s'\n",hash, p->callid);
> }
>
> Is there a support for sha-256 in asterisk and is there a plan to be supported and when?

There's no current issue for doing this, so no plan to. The SDP above is
also weird... the fingerprint is used for DTLS-SRTP but the SDP doesn't
show DTLS-SRTP.

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

Posredovani dokument je namenjen izključno prejemniku (ali osebi, odgovorni za prenos tega sporočila prejemniku) ter osebam, ki so upravičene poznati v dokumentu vsebovane podatke na podlagi svojih pristojnosti. Posredovani dokument je dovoljeno uporabljati le za med pošiljateljem in prejemnikom dogovorjeni namen. Drugačno posredovanje, razmnoževanje oziroma uporaba dokumenta ni dovoljena. Dokument so vsi podatki v kakršnikoli obliki, ki jih vsebuje ta elektronska pošta. Če ste prejeli to sporočilo zaradi napake v naslovu ali pri prenosu sporočila, prosimo, da o tem obvestite pošiljatelja elektronskega sporočila.

Privileged/confidential information may be contained in this message. This communication is confidential and intended solely for the addressee(s). Unauthorized distribution, modification or disclosure of the contents may be unlawful. If you receive this in error, please notify the sender and delete it from your system.  If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone.


More information about the asterisk-dev mailing list