[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-dev
Subject: [asterisk-dev] [BOUNTY] offered : Allow 256 bit SRTP cipher suites
From: Kevin Long <kevin.long () haloprivacy ! com>
Date: 2016-06-07 18:19:34
Message-ID: DFFB3CCE-DDA3-4F38-AB1C-4E5412FE3EC9 () haloprivacy ! com
[Download RAW message or body]
Greetings,
Some modern SIP apps and even some SIP desk phones allow the use of stronger SRTP \
cipher suites than Asterisk currently allows.
In res_srtp.c , there is a switch/case statement which looks like it simply rejects \
calls asking for cipher suites for SRTP, besides two AES-128 suites implemented long \
ago.
libsrtp supports the stronger cipher suites already, so I *believe* only Asterisk \
source code needs minor changes.
When I attempt to enable a stronger SRTP cipher suite in my SIP phone (Groundwire SIP \
app) I get the the error message "Invalid crypto suite" in my Asterisk log (see \
existing code snippet from asterisk below)
Desired cipher suites:
> > AES_CM_256_HMAC_SHA1_32
> > AES_CM_256_HMAC_SHA1_80
Please contact me back via the list or at my email directly if interested in picking \
up this work. We will need to discuss how this works with chan_sip vs pjsip etc.
static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
{
switch (suite) {
case AST_AES_CM_128_HMAC_SHA1_80:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 10;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
case AST_AES_CM_128_HMAC_SHA1_32:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 4;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
default:
ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);
Thank you,
Kevin Long
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic