Empathy List Archives

pjsip@lists.pjsip.org

pjsip list

SRTP

Michael Bradley Jr

Thu, Jan 31, 2008 10:45 PM

Hi,

i'm using the latest svn version of pjsua to communicate between two parties.
I've set SRTP as mandatory for the media transport with the following parameters:

--use-srtp 2 --srtp-secure 0

Everything is fine but Wireshark keep telling me
"SRTP Payload with NULL encryption".
Is that correct?

Here is the snippet of the Offer SDP

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VLDONbsbGl2Puqy+0PV7w/uGfpSPKFevDpxGsxN3
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:lp5JGr/jKVzCzLyORdEMJjUPszZmioZ3zubVizTX

and here is the encryption part of the Answer SDP
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:y71cYd6MyNqA9ywtm0rS2KBRDByG6/7vuQnyeL8T

So my question, did pjsua used NULL encryption or AES_CM_128_HMAC_SHA1_80 as
suggested in the Answer-SDP?

Another question, when the caller uses (--use-srtp 1) and the callee has
(--use-srtp 2) the call is always unencrypted. Is there a way to change that
behavior in pjsua?

Thanks in advance for any help

Michael

Hi, i'm using the latest svn version of pjsua to communicate between two parties. I've set SRTP as mandatory for the media transport with the following parameters: --use-srtp 2 --srtp-secure 0 Everything is fine but Wireshark keep telling me "SRTP Payload with NULL encryption". Is that correct? Here is the snippet of the Offer SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VLDONbsbGl2Puqy+0PV7w/uGfpSPKFevDpxGsxN3 a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:lp5JGr/jKVzCzLyORdEMJjUPszZmioZ3zubVizTX and here is the encryption part of the Answer SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:y71cYd6MyNqA9ywtm0rS2KBRDByG6/7vuQnyeL8T So my question, did pjsua used NULL encryption or AES_CM_128_HMAC_SHA1_80 as suggested in the Answer-SDP? Another question, when the caller uses (--use-srtp 1) and the callee has (--use-srtp 2) the call is always unencrypted. Is there a way to change that behavior in pjsua? Thanks in advance for any help Michael

Benny Prijono

Fri, Feb 1, 2008 9:05 AM

Hi Michael,

On 1/31/08, Michael Bradley Jr mbradley.jr@gmail.com wrote:

Hi,

i'm using the latest svn version of pjsua to communicate between two parties.
I've set SRTP as mandatory for the media transport with the following parameters:

--use-srtp 2 --srtp-secure 0

Everything is fine but Wireshark keep telling me
"SRTP Payload with NULL encryption".
Is that correct?

Here is the snippet of the Offer SDP

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VLDONbsbGl2Puqy+0PV7w/uGfpSPKFevDpxGsxN3
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:lp5JGr/jKVzCzLyORdEMJjUPszZmioZ3zubVizTX

and here is the encryption part of the Answer SDP
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:y71cYd6MyNqA9ywtm0rS2KBRDByG6/7vuQnyeL8T

So my question, did pjsua used NULL encryption or AES_CM_128_HMAC_SHA1_80 as
suggested in the Answer-SDP?

I don't know how Wireshark can find out the cipher from RTP packets
(AFAIK you'd have to see the SDP negotiation), but I think it's wrong.
The RTP packets should be encrypted, and you can verify this by saving
the (G711) payload to a file and see the contents.

What Wireshark version are you using? Mine doesn't seem to even know about SRTP.

Another question, when the caller uses (--use-srtp 1) and the callee has
(--use-srtp 2) the call is always unencrypted. Is there a way to change that
behavior in pjsua?

Somehow it did not happen here (I'm using r1761). The call is rejected
with 406/Not Acceptable.

cheers,
-benny

Thanks in advance for any help

Michael

Hi Michael, On 1/31/08, Michael Bradley Jr <mbradley.jr@gmail.com> wrote: > Hi, > > i'm using the latest svn version of pjsua to communicate between two parties. > I've set SRTP as mandatory for the media transport with the following parameters: > > --use-srtp 2 --srtp-secure 0 > > Everything is fine but Wireshark keep telling me > "SRTP Payload with NULL encryption". > Is that correct? > > Here is the snippet of the Offer SDP > > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VLDONbsbGl2Puqy+0PV7w/uGfpSPKFevDpxGsxN3 > a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:lp5JGr/jKVzCzLyORdEMJjUPszZmioZ3zubVizTX > > and here is the encryption part of the Answer SDP > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:y71cYd6MyNqA9ywtm0rS2KBRDByG6/7vuQnyeL8T > > So my question, did pjsua used NULL encryption or AES_CM_128_HMAC_SHA1_80 as > suggested in the Answer-SDP? > I don't know how Wireshark can find out the cipher from RTP packets (AFAIK you'd have to see the SDP negotiation), but I think it's wrong. The RTP packets should be encrypted, and you can verify this by saving the (G711) payload to a file and see the contents. What Wireshark version are you using? Mine doesn't seem to even know about SRTP. > Another question, when the caller uses (--use-srtp 1) and the callee has > (--use-srtp 2) the call is always unencrypted. Is there a way to change that > behavior in pjsua? > Somehow it did not happen here (I'm using r1761). The call is rejected with 406/Not Acceptable. cheers, -benny > Thanks in advance for any help > > Michael