ASTERISK-20233: SRTP not working with some devices (Eg Grandstream gxv3175) - Message "Can't provide secure audio requested in SDP offer"

[Home]

Summary: ASTERISK-20233: SRTP not working with some devices (Eg Grandstream gxv3175) - Message "Can't provide secure audio requested in SDP offer"

Reporter: tootai (tootai) Labels:

Date Opened: 2012-08-15 08:57:23 Date Closed: 2012-08-15 17:22:59

Priority: Major Regression?

Status: Closed/Complete Components: Channels/chan_sip/SRTP

Versions: 10.7.0 Frequency of
Occurrence Constant

Related
Issues:
is duplicated by ASTERISK-22748 SRTP Crypto Offer With Lifetime Not Accepted

is related to ASTERISK-17721 Incoming SRTP calls that specify a key lifetime fail

is related to ASTERISK-17899 Handle crypto lifetime in SDES-SRTP negotiation

Environment: RHEL5 Linux 2.6.18-308.11.1.el5 Attachments:

Description: Here is output

{noformat}
v=0
o=<Private> 8001 8000 IN IP4 192.168.10.104
s=SIP Call
c=IN IP4 192.168.10.104
t=0 0
m=audio 56008 RTP/SAVP 9 0 8 101
a=sendrecv
a=rtpmap:9 G722/8000
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:txJVSUpEW30QbN7XrYuyOgNHVOHBX4dshzqYUwzg|2^31
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:jcPz4ww9J2e7ONOZD4AkwronCQ8Jym6QNvXKz0jW|2^31
<------------->
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: --- (17 headers 15 lines) ---
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Sending to 109.237.252.179:51974 (NAT)
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Using INVITE request as basis request - 633650172-36867-4@BJC.BGI.BA.BAE
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found peer '<private>' for '<private>' from xxx.xxx.xxx.xxx:51974
[2012-08-15 17:33:27] VERBOSE[9911] netsock2.c: == Using SIP RTP CoS mark 5
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found RTP audio format 9
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found RTP audio format 0
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found RTP audio format 8
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found RTP audio format 101
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found audio description format G722 for ID 9
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found audio description format PCMU for ID 0
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found audio description format PCMA for ID 8
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c: Found audio description format telephone-event for ID 101
[2012-08-15 17:33:27] NOTICE[9911] sip/sdp_crypto.c: Crypto life time unsupported: crypto:1 AES_CM_128_HMAC_SHA1_80 inline:txJVSUpEW30QbN7XrYuyOgNHVOHBX4dshzqYUwzg|2^31
[2012-08-15 17:33:27] NOTICE[9911] sip/sdp_crypto.c: SRTP crypto offer not acceptable
[2012-08-15 17:33:27] NOTICE[9911] sip/sdp_crypto.c: Crypto life time unsupported: crypto:2 AES_CM_128_HMAC_SHA1_32 inline:jcPz4ww9J2e7ONOZD4AkwronCQ8Jym6QNvXKz0jW|2^31
[2012-08-15 17:33:27] NOTICE[9911] sip/sdp_crypto.c: SRTP crypto offer not acceptable
[2012-08-15 17:33:27] WARNING[9911] chan_sip.c: Can't provide secure audio requested in SDP offer
[2012-08-15 17:33:27] VERBOSE[9911] chan_sip.c:
<--- Reliably Transmitting (NAT) to xxx.xxx.xxx.xxx:51974 --->
SIP/2.0 488 Not acceptable here
[...]
{noformat}

Call is ended with 488 error.

Same setup with blink softphone is OK. Difference is

{noformat}
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:j8ZJtC63YQGWyCMspHXEL6ca9VsuPcc2OBJk+Qav
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:yxZP4ZTdJa8vcEV4FVQrkk/s7LLkjXlHeNzkCWWv
{noformat}

So could the {{|2^31}} at the end of the crypto line be the cause ...

--
Daniel

Comments: By: David Brillert (aragon) 2012-08-15 10:21:39.108-0500

I have the same problem with Audiocodes phones.
Did some digging and found there was a patch for crypto key lifetime issues that you seem to be having and I was having as well.
There is also an FAQ on the Grandstream website.
http://www.grandstream.com/support/faq/gxp-enterprise-phone-series#faqGXP25
I tried the unsupported patch available at ASTERISK-17899
SRTP negotiation then works but I don't hear any audio (extension>server<extension)
I can't get this SRTP stuff working...
By: Matt Jordan (mjordan) 2012-08-15 17:22:41.647-0500

This is not a bug but a feature request.

Asterisk at this time does not support lifetime for cryptographic keys (which is the part after the | in the key). As such, this issue will be closed out unless a patch is provided which actually adds support in Asterisk for lifetime.
By: Matt Jordan (mjordan) 2012-08-15 17:22:53.876-0500

Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists [1] and Asterisk IRC channels and made note of by Bug Marshals.

[1] http://www.asterisk.org/support/mailing-lists