linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Set Master Key for SRTP in linphone


From: Werner Dittmann
Subject: Re: [Linphone-developers] Set Master Key for SRTP in linphone
Date: Fri, 5 Jun 2020 11:19:52 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1

The clients exchange the SRTP keys via SIP/SDP. It depends on the client how it generates a
key. Some clients just offer the feature 'use SRTP (or SDES)' and if enabled the client generates
an appropriate key and sends it in the SIP INVITE to the other party. The other party's client
then uses or generates its key and sends it in the 200 OK.

Now both parties have an SRTP key to encrypt/decrypt data. The first client uses its key to
encrypt its data, the other party can decrypt it. The other party encrypts its data using its
key, the first party can decrypt it.

Linphone seems to have an input field where the user can set the master key for SRTP. IMHO
not a good idea because it's much better to have some good software to generate random
key data if SRTP/secure call should be used.

Important:
- Use TLS (or real SIPS) to send the SIP/SDP data, otherwise the keys are sent in clear over the Internet :-)
- the SIP servers can always see/save the keys because they handle the SIP/SDP cleartext data

If you like to avoid that _any_ server can see/save keys then use ZRTP which is a
protocol that negoriates the SRTP keys in an end-to-end fashion.

AFAIK DTLS-SRTP also has some weakness with regard to servers knowing/seeing the keys (need
to lookup some analysis I made some years ago :-) )

Regards,
Werner

Am 04.06.20 um 17:45 schrieb Hilman Fitriana:
Thank you for the answer, as you said a master key on srtp will be generated into 6 session keys that are used directly for the encryption and authentication process. However, as mentioned, srtp requires external input as a master key. To be able to communicate using srtp (aes), of course both parties need to have the same key. This is the point of the problem. Which party regulates the key to the security process? Is it on the sender, receiver or even the server?

I found interesting code in the linphone source in the linphone-sdk / mediastreamer2 / tools / mediastreamer.c file which generates the master key for local or remote. Here is the code : 
```
void setup_media_streams(MediastreamDatas* args){
    .................................................................................
if (args->enable_srtp) {
     if (!args->srtp_local_master_key) {
          char tmp[30];
          snprintf(tmp,sizeof(tmp),"%08x%08x%08x%08x",rand(),rand(),rand(),rand());
          args->srtp_local_master_key = (char*) malloc(41);
          b64_encode((const char*)tmp, 30, args->srtp_local_master_key, 40);
          args->srtp_local_master_key[40] = '\0';
          ms_message("Generated local srtp key: '%s'", args->srtp_local_master_key);
      }
      if (!args->srtp_remote_master_key) {
        ................................................
       }
}
```

Is this the place to generate the master key used for srtp communication?

I use asterisk as a voip server. To be able to communicate with an active SRTP, I must set the type of media encryption on the server with sdes. I think the first point to be discussed for the term "SRTP" that I raised.

Note: I use the linphone console version without UI.

Best Regards,
Hilman

Pada tanggal Kam, 4 Jun 2020 pukul 17.52 Greg Troxel <gdt@lexort.com> menulis:
Mark Murawski <markm-lists@intellasoft.net> writes:

> Here is specific information about how SRTP operates:
> https://tools.ietf.org/html/rfc3711
>
> See this section on Key Derivation:
> https://tools.ietf.org/html/rfc3711#section-4.3.1

[It is still on my TODO list to really understand the entire SRTP ecosystem.]

That explains how to go from a provided master key to individual
algorithm keys, and section 8 talks about external key management.

I realize it's conventional to label this "SRTP" in a UI, but it seems
that these UIs are mislabeled, in that SRTP itself, without an associated
key management scheme, requires providing a key to both endpoints.

When people and programs simply say "SRTP", I think they could mean
either of these:

  Session Description Protocol (SDP) Security Descriptions for Media Streams
  https://tools.ietf.org/html/rfc4568

  SRTP Extension for DTLS
  https://tools.ietf.org/html/rfc5764

The first is about SIP providing keys over the TLS-protected signaling
channel.

The second is within the data channel, but has a scheme to bootstrap
authentication from the signaling channel:

   A DTLS-SRTP session may be indicated by an external signaling
   protocol like SIP.  When the signaling exchange is integrity-
   protected (e.g., when SIP Identity protection via digital signatures
   is used), DTLS-SRTP can leverage this integrity guarantee to provide
   complete security of the media stream.  A description of how to
   indicate DTLS-SRTP sessions in SIP and SDP [RFC4566], and how to
   authenticate the endpoints using fingerprints can be found in
   [RFC5763].


So:

  What is linphone doing when configured for "SRTP"?
  What is linphone doing when configured for "DTLS"

  Do people think it is a bug that the UI does not make this clear?
  Or is it obvious that SRTP is short for "SDES-SRTP (RFC4568)"?
  And that DTLS is short for RFC5764?


_______________________________________________
Linphone-developers mailing list
Linphone-developers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/linphone-developers

_______________________________________________
Linphone-developers mailing list
Linphone-developers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/linphone-developers
-- 
Werner Dittmann
email: Werner.Dittmann@t-online.de
cell:  +49 173 44 37 659
PGP key: 82EF5E8B

reply via email to

[Prev in Thread] Current Thread [Next in Thread]