Summary:ASTERISK-21416: Implement SDES-SRTP support in chan_gulp
Reporter:Matt Jordan (mjordan)Labels:Asterisk12 NewSIP
Date Opened:2013-04-12 08:33:14Date Closed:2013-05-01 08:22:38
Status:Closed/CompleteComponents:Channels/chan_pjsip Resources/res_srtp
Versions:Frequency of
Description:This task is to implement SDES-SRTP support in chan_gulp. This includes:

* Refactoring out the setup of an SRTP session - given a set of SDP parameters - to minimize code duplication between chan_sip and chan_gulp. This would involve improving the code in sdp_crypto and sharing it between both channel drivers.
* Defining and adding the necessary configuration parameters to an endpoint to enable encryption
* Performing SRTP initialization on inbound requests and responding with the appropriate keys in a response
* Transmitting SRTP keys given an endpoint's support for encryption
* Re-initializing an SRTP session on a channel if a re-INVITE contains new keys
* Adding automated tests to the test suite for chan_gulp that test negotiating SRTP keys
Comments:By: Kinsey Moore (kmoore) 2013-04-17 16:10:04.175-0500

The work for this issue is occurring on the following branch:

The sdp/srtp parser functions have been pulled into main and cleaned up a little (removed unused items).  Next up will be factoring out the SRTP/RTP engine setup from chan_sip so it can be used from res_sip as well.

By: Kinsey Moore (kmoore) 2013-04-23 10:22:00.956-0500

Calls initiated with SRTP function with encrypted audio in both directions.

By: Kinsey Moore (kmoore) 2013-04-23 14:13:38.136-0500

Verified that encrypted audio still works properly after hold/unhold and session-timers-based re-INVITES with several different different clients, but none were capable of setting new keys during a call.

By: Kinsey Moore (kmoore) 2013-04-24 13:46:44.453-0500

After working some bugs out of the hacked chan_sip side of changing SRTP keys mid-call, mid-call re-keying of res_sip calls now works properly (after some tweaks).