| Summary: | ASTERISK-17721: Incoming SRTP calls that specify a key lifetime fail | ||||||||
| Reporter: | Terry Wilson (twilson) | Labels: | |||||||
| Date Opened: | 2011-04-19 14:04:34 | Date Closed: | 2015-02-25 15:15:40.000-0600 | ||||||
| Priority: | Minor | Regression? | No | ||||||
| Status: | Closed/Complete | Components: | Channels/chan_sip/SRTP | ||||||
| Versions: | Frequency of Occurrence | ||||||||
| Related Issues: |
| ||||||||
| Environment: | Attachments: | ( 0) srtpMKI_Asterisk11.patch ( 1) srtpMKI_Asterisk12.patch | |||||||
| Description: | Asterisk's SRTP implementation does not understand the key lifetime attribute in an {{a=cyrpto}} line. Since some phones specify this (and are not configurable in this regard), Asterisk really needs to implement support for this.
*STEPS TO REPRODUCE* I believe recent Grandstream firmware releases send this parameter. Any call with this specified will be rejected by Asterisk. *ADDITIONAL INFORMATION* The default key lifetime for {{AES_CM_128_HMAC_SHA1_32}} or {{80}} is {{2^48}} SRTP packets (or {{2^31}} SRTCP packets whichever comes first). At 50 packets/second this is 178,391 years...a decidedly long call. | ||||||||
| Comments: | By: David Brillert (aragon) 2012-11-11 21:11:35.241-0600 Aastra also sends this parameter and all calls are rejected by Asterisk. Tested in 1.8 By: Olle Johansson (oej) 2013-09-05 04:21:26.883-0500 This is discussed in 17899 By: Alexander Traud (traud) 2014-07-15 04:08:55.772-0500 Yes, the other issue includes a whole branch. Anyway, I added the hot-fix from [Pedro Garcia|http://forums.asterisk.org/viewtopic.php?f=1&t=77789], because it is easier to download them here. For example from within a script, a direct download of the patch is easier than to copy-and-paste it from the discussion board. And as stated in the other issue, hanging-up is worse than ignoring. Made compatible with Asterisk 11 and Asterisk 12. | ||||||||