ice-pwd is too short, RFC5245 need at least 128 bits of randomness
Hi, PJSIP experts,
I am new to PJSIP, now I am trying to make call using SIP to WebRTC.
I am using MicroSIP to simulate SIP client, and using latest Chrome/Firefox for WebRTC side.
From PJSIP Datasheet page, https://trac.pjsip.org/repos/wiki/PJSIP-Datasheet
PJSIP should support ICE protocol RFC5245 (https://tools.ietf.org/pdf/rfc5245.pdf )
And from RFC 5245 Page 76(section 15.4: "ice-ufrag" and "ice-pwd" Attributes)
The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the
beginning of a session. The ice-ufrag attribute MUST contain at
least 24 bits of randomness, and the ice-pwd attribute MUST contain
at least 128 bits of randomness.
But from captured packet in Wireshark, the length "ice-pwd" generated in pjmedia is less than 128 bits, only 8 char actually, refer to attached screenshot for details.
Also from this page, https://trac.pjsip.org/repos/wiki/Using_Standalone_ICE
The sample ic-pwd is just 8 char.
a=ice-ufrag:2b2c6196
a=ice-pwd:06ea0fa8
Because ice-pwd is too short here, the browser side rejected this.
Anyone can help to explain this ?
Appreciate your support in advance.
Happy New Year.
Jackson
Checked in src code:
In ice_session.c, method pj_ice_sess_create() to create a ICE session, has below code block:
if (local_ufrag == NULL) {
ice->rx_ufrag.ptr = (char*) pj_pool_alloc(ice->pool, PJ_ICE_UFRAG_LEN);
pj_create_random_string(ice->rx_ufrag.ptr, PJ_ICE_UFRAG_LEN);
ice->rx_ufrag.slen = PJ_ICE_UFRAG_LEN;
} else {
pj_strdup(ice->pool, &ice->rx_ufrag, local_ufrag);
}
if (local_passwd == NULL) {
ice->rx_pass.ptr = (char*) pj_pool_alloc(ice->pool, PJ_ICE_UFRAG_LEN);
pj_create_random_string(ice->rx_pass.ptr, PJ_ICE_UFRAG_LEN);
ice->rx_pass.slen = PJ_ICE_UFRAG_LEN;
} else {
pj_strdup(ice->pool, &ice->rx_pass, local_passwd);
}
PJ_ICE_UFRAG_LEN is defined in config.h as below:
#ifndef PJ_ICE_UFRAG_LEN
define PJ_ICE_UFRAG_LEN 8
#endif
The problem is that in RFC5245 (https://tools.ietf.org/pdf/rfc5245.pdf )
the minimal length of ice-pwd is 128 bits.
So this should be a bug which need to be fixed .
Thanks.
Jackson
发件人: Morgan Chen jacksonchenjp@hotmail.com
发送时间: 2017年12月28日 11:52
收件人: pjsip@lists.pjsip.org
主题: ice-pwd is too short, RFC5245 need at least 128 bits of randomness
Hi, PJSIP experts,
I am new to PJSIP, now I am trying to make call using SIP to WebRTC.
I am using MicroSIP to simulate SIP client, and using latest Chrome/Firefox for WebRTC side.
From PJSIP Datasheet page, https://trac.pjsip.org/repos/wiki/PJSIP-Datasheet
PJSIP should support ICE protocol RFC5245 (https://tools.ietf.org/pdf/rfc5245.pdf )
And from RFC 5245 Page 76(section 15.4: "ice-ufrag" and "ice-pwd" Attributes)
The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the
beginning of a session. The ice-ufrag attribute MUST contain at
least 24 bits of randomness, and the ice-pwd attribute MUST contain
at least 128 bits of randomness.
But from captured packet in Wireshark, the length "ice-pwd" generated in pjmedia is less than 128 bits, only 8 char actually, refer to attached screenshot for details.
Also from this page, https://trac.pjsip.org/repos/wiki/Using_Standalone_ICE
The sample ic-pwd is just 8 char.
a=ice-ufrag:2b2c6196
a=ice-pwd:06ea0fa8
Because ice-pwd is too short here, the browser side rejected this.
Anyone can help to explain this ?
Appreciate your support in advance.
Happy New Year.
Jackson