Summary:ASTERISK-17721: Incoming SRTP calls that specify a key lifetime fail
Reporter:Terry Wilson (twilson)Labels:
Date Opened:2011-04-19 14:04:34Date Closed:2015-02-25 15:15:40.000-0600
Versions:Frequency of
is related toASTERISK-20233 SRTP not working with some devices (Eg Grandstream gxv3175) - Message "Can't provide secure audio requested in SDP offer"
is related toASTERISK-22748 SRTP Crypto Offer With Lifetime Not Accepted
is related toASTERISK-17899 Handle crypto lifetime in SDES-SRTP negotiation
Environment:Attachments:( 0) srtpMKI_Asterisk11.patch
( 1) srtpMKI_Asterisk12.patch
Description:Asterisk's SRTP implementation does not understand the key lifetime attribute in an {{a=cyrpto}} line. Since some phones specify this (and are not configurable in this regard), Asterisk really needs to implement support for this.


I believe recent Grandstream firmware releases send this parameter. Any call with this specified will be rejected by Asterisk.


The default key lifetime for {{AES_CM_128_HMAC_SHA1_32}} or {{80}} is {{2^48}} SRTP packets (or {{2^31}} SRTCP packets whichever comes first). At 50 packets/second this is 178,391 years...a decidedly long call.
Comments:By: David Brillert (aragon) 2012-11-11 21:11:35.241-0600

Aastra also sends this parameter and all calls are rejected by Asterisk.
Tested in 1.8

By: Olle Johansson (oej) 2013-09-05 04:21:26.883-0500

This is discussed in 17899

By: Alexander Traud (traud) 2014-07-15 04:08:55.772-0500

Yes, the other issue includes a whole branch.

Anyway, I added the hot-fix from [Pedro Garcia|http://forums.asterisk.org/viewtopic.php?f=1&t=77789], because it is easier to download them here. For example from within a script, a direct download of the patch is easier than to copy-and-paste it from the discussion board. And as stated in the other issue, hanging-up is worse than ignoring.

Made compatible with Asterisk 11 and Asterisk 12.