VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
kevin.long at halopriv...
Guest
|
 Posted: Mon May 30, 2016 1:50 pm Post subject: [asterisk-users] Need stronger SRTP ciphers (256 bit) |
 |
|
Hi folks,
At least several endpoints (soft phone and desk phones) are supporting various 256 bit ciphers for SRTP these days. I *believe* libsrtp has been updated to allow this, and that only the code in Asterisk has not been been updated to allow these stronger ciphers.
Would anyone with the know-how be willing/able to submit a patch ?
Thank you,
Kevin Long
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
kevin.long at halopriv...
Guest
|
| Posted: Tue May 31, 2016 12:54 am Post subject: [asterisk-users] Need stronger SRTP ciphers (256 bit) |
|
|
Some more information (would love some thoughts on this, I have never submitted a patch yet).
Groundwire (Popular SIP app) supports the following cipher suites for SRTP:
AES_CM_128_HMAC_SHA1_32
AES_CM_128_HMAC_SHA1_80
AES_CM_192_HMAC_SHA1_32
AES_CM_192_HMAC_SHA1_80
AES_CM_256_HMAC_SHA1_32
AES_CM_256_HMAC_SHA1_80
AEAD_AES_128_GCM
AEAD_AES_256_GCM
I see in the asterisk 13.9.1 source tarsal, in res/res_srtp.c :
Could adding support for the above cipher suites be as simple as adding more options to this switch/case statement with the appropriate parameters or is there more to it?
Thank you!
static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
{
switch (suite) {
case AST_AES_CM_128_HMAC_SHA1_80:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 10;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
case AST_AES_CM_128_HMAC_SHA1_32:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 4;
p->sec_serv = sec_serv_conf_and_auth;
return 0;
default:
ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);
| Quote: | On May 30, 2016, at 11:49 AM, Kevin Long <kevin.long@haloprivacy.com> wrote:
Hi folks,
At least several endpoints (soft phone and desk phones) are supporting various 256 bit ciphers for SRTP these days. I *believe* libsrtp has been updated to allow this, and that only the code in Asterisk has not been been updated to allow these stronger ciphers.
Would anyone with the know-how be willing/able to submit a patch ?
Thank you,
Kevin Long
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
jcolp at digium.com
Guest
|
| Posted: Tue May 31, 2016 9:46 am Post subject: [asterisk-users] Need stronger SRTP ciphers (256 bit) |
|
|
Kevin Long wrote:
| Quote: |
Some more information (would love some thoughts on this, I have never
submitted a patch yet).
Groundwire (Popular SIP app) supports the following cipher suites for
SRTP:
AES_CM_128_HMAC_SHA1_32 AES_CM_128_HMAC_SHA1_80
AES_CM_192_HMAC_SHA1_32 AES_CM_192_HMAC_SHA1_80
AES_CM_256_HMAC_SHA1_32 AES_CM_256_HMAC_SHA1_80 AEAD_AES_128_GCM
AEAD_AES_256_GCM
I see in the asterisk 13.9.1 source tarsal, in res/res_srtp.c :
Could adding support for the above cipher suites be as simple as
adding more options to this switch/case statement with the
appropriate parameters or is there more to it?
Thank you!
static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite
suite) { switch (suite) { case AST_AES_CM_128_HMAC_SHA1_80:
p->cipher_type = AES_128_ICM; p->cipher_key_len = 30; p->auth_type =
HMAC_SHA1; p->auth_key_len = 20; p->auth_tag_len = 10; p->sec_serv =
sec_serv_conf_and_auth; return 0;
case AST_AES_CM_128_HMAC_SHA1_32: p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30; p->auth_type = HMAC_SHA1; p->auth_key_len =
20; p->auth_tag_len = 4; p->sec_serv = sec_serv_conf_and_auth; return
0;
default: ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);
|
It could maybe be as simple as that, but until it is attempted it's
unknown what other stuff may need to be adjusted.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
