<br>
Hi, Michael and Tim, <br>
<br>
Thanks for the help. It looks like Mark Spencer checked in some basic
IAX encryption code in Dec, 2004. When "encryption" is set, IAX
encrypts frames using AES128 which is the only supported algorithm. As
of clients, I would think KIAX and DIAX would work as well. <br>
<br>
Thanks<br>
<br>
-Scott<br>
<br>
<br>
Date: Wed, 28 Sep 2005 14:28:11 -0700<br>
From: Michael Jia <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:michael.mjia@gmail.com">michael.mjia@gmail.com</a>><br>
Subject: Re: [Asterisk-Users] Voice Encryption<br>
To: Asterisk Users Mailing List - Non-Commercial Discussion<br>
<<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:asterisk-users@lists.digium.com">asterisk-users@lists.digium.com</a>><br>
Cc: <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:kzliao@yahoo.com">kzliao@yahoo.com</a><br>
Message-ID: <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:692781cd0509281428324cb5eb@mail.gmail.com">692781cd0509281428324cb5eb@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi, Scott<br>
<br>
The source code I found is in chan_iax.c, from the name of parameters, it<br>
looks like it is using<br>
AES. Can anyone here confirm that?<br>
<br>
static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh,<br>
unsigned char *poo, int *datalen)<br>
{<br>
int padding;<br>
unsigned char *workspace;<br>
workspace = alloca(*datalen + 32);<br>
if (!workspace)<br>
return -1;<br>
if (ntohs(fh->scallno) & IAX_FLAG_FULL) {<br>
struct ast_iax2_full_enc_hdr *efh = (struct ast_iax2_full_enc_hdr *)fh;<br>
if (option_debug)<br>
ast_log(LOG_DEBUG, "Encoding full frame with length %d\n", *datalen);<br>
padding = 16 - ((*datalen - sizeof(struct ast_iax2_full_enc_hdr)) % 16);<br>
padding = 16 + (padding & 0xf);<br>
memcpy(workspace, poo, padding);<br>
memcpy(workspace + padding, efh->encdata, *datalen - sizeof(struct<br>
ast_iax2_full_enc_hdr));<br>
*datalen += padding;<br>
workspace[15] &= 0xf0;<br>
workspace[15] |= (padding & 0xf);<br>
memcpy_encrypt(efh->encdata, workspace, *datalen, ecx);<br>
if (*datalen >= 32 + sizeof(struct ast_iax2_full_enc_hdr))<br>
memcpy(poo, workspace + *datalen - 32, 32);<br>
} else {<br>
struct ast_iax2_mini_enc_hdr *efh = (struct ast_iax2_mini_enc_hdr *)fh;<br>
if (option_debug)<br>
ast_log(LOG_DEBUG, "Encoding mini frame with length %d\n", *datalen);<br>
padding = 16 - ((*datalen - sizeof(struct ast_iax2_mini_enc_hdr)) % 16);<br>
padding = 16 + (padding & 0xf);<br>
memset(workspace, 0, padding);<br>
memcpy(workspace + padding, efh->encdata, *datalen - sizeof(struct<br>
ast_iax2_mini_enc_hdr));<br>
workspace[15] &= 0xf0;<br>
workspace[15] |= (padding & 0x0f);<br>
*datalen += padding;<br>
memcpy_encrypt(efh->encdata, workspace, *datalen, ecx);<br>
if (*datalen >= 32 + sizeof(struct ast_iax2_mini_enc_hdr))<br>
memcpy(poo, workspace + *datalen - 32, 32);<br>
}<br>
return 0;<br>
}<br>
<br>
<br>
<br>
On 9/28/05, tim panton <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:tpanton@attglobal.net">tpanton@attglobal.net</a>> wrote:<br>
><br>
><br>
> On 28 Sep 2005, at 07:26, Michael Jia wrote:<br>
><br>
> Hi, Scott<br>
><br>
> This is Michael Jia. So far, I searched the lists and with the following<br>
> email threads<br>
> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.digium.com/pipermail/asterisk-dev/2004-December/008295.html" target="_blank">http://lists.digium.com/pipermail/asterisk-dev/2004-December/008295.html
</a><br>
> I don't know what is the current working status now. Maybe somone in the<br>
> lists<br>
> knows.<br>
><br>
><br>
> Last I heard IAX2 in CVS Head has encryption that works between 2 asterisk<br>
> systems. There is no documentation (yet) except the source code, and no<br>
> clients that support it (yet).<br>
><br>
> Tim.<br>
><br>
><br>
>