libSRTP support in Asterisk

Hello, I’m trying to modify the encryption method in srtp. I am trying to modify the data payload encryption method without changing other configurations.
From here, it is known that the encryption method developed must also be implemented on the server so it is necessary to change the library on libsrtp. However, after building the srtp source code with the command:

  • ./configure
  • make
  • make install
    indicates that the encryption method used is AES, which is the previous configuration. Does anyone know why this happens ? Why the build in libsrtp not changing to the new one ?
    I have also tried to rebuild the asterisk to the make stage to rebuild the module and move it to the / usr / lib / asterisk / modules folder, but this does not change anything.

You haven’t actually explained what you’ve done or what you are expecting. From the perspective of Asterisk there is coded support for the various methods for SDP negotiation.

I am trying to replace the implementation of payload encryption that is on srtp with an artificial module. for example, I am trying to replace the existing implementation by performing an xor operation with 1 for each data packet.

From the endpoint side of the sender and receiver the xor operation method has run well. However, when viewed from a wireshark packet, the payload coming out of the server does not represent an xor operation (more closely the result of an AES operation).

To be used, it must adjust the implementation of libsrtp with the xor 1 encryption method the same as the implementation on the sender and receiver. After that, builds by the library libsrtp on the server with stages:

  • ./configure
  • make
  • make shared_library
  • make install

However, the payload on incoming and outgoing servers does not reflect xor 1 encryption. Note: build libsrtp is on /usr/local/lib.

I have also tried replacing the file in /usr/lib/asterisk/modules with the new file rebuilding the asterisk without running the make install steps.

If you’re modified libsrtp then either your modification is not working, or your install is not going to the same location. If you’ve manually ensured that it is the updated library, then it would seem your modification is not working.

Yes, I also think the same.
However, what confused me was when trying to open the res_srtp.c file using vscode and then accessing the srtp file (script #include <srtp2 / srtp.h>), showing the new srtp.h file where there was a declaration of the function I made.
I am trying to update the library to /usr/lib/asterisk/modules followed by unloading the module and reloading the module or by stopping the asterisk still not changing the existing encryption function.

is there another configuration file related to srtp besides the res_srtp.c file on the asterisk?

No, everything is contained with the res_srtp module.

I am curious, why exactly do you want to modify libSRTP? Is that some sort of University project about learning encryption? By the way, you can see which library is used by Asterisk by going for ldd /lib/asterisk/modules/ If you changed that library, I recommend to touch res/res_srtp.c and make install Asterisk again.

Thank for your answer. It has worked now, I deleted all the srtp libraries in all directories before installing libsrtp from source. I also rebuild the asterisk to get new
Yes, this is project from university. I have to try replacing the AES method on SRTP with another encryption mechanism for the payload only.

There are questions that are still related to this. So, I tried to test the decryption module that I made in libsrtp. Based on the mechanism, the encrypted packet from the endpoint will be first decrypted by the asterisk. I am trying to display the ciphertext received and write it into a txt file. I wrote this implementation in the srtp.c code which would later become a shared library.

srtp.c -->

When implemented, this actually caused the asterisk to stop forcefully even though I only added 3 lines of code. Here is the code that I added.

FILE *fp;

Does anyone know why this happens? Does the .so file not perform open file operations?

I assume stop forcibly means crash, in which case, what did the backtrace show.

Although I would expect fclose to detect a null pointer, you should check that fp isn’t null between the fopen and further processing. On the other hand, the man page says:

   The  behaviour  of  fclose() is undefined if the stream parameter is an
   illegal pointer, or is a descriptor already passed to a previous  invo‐
   cation of fclose().

Also, these seem to be developer questions, and this is an end user forum. There are mailing lists and IRC channels for developers.

I have to rebuild Asterisk whenever I change something in, not sure why. Does that help?

I solved this problem. As suggested by rebuilding the asterisk, but before using it in communication I need to make sure that the file already exists with file permissions set to be accessible by all parties (chmod 666) and set file ownership for user not root.

Thanks for answer and help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.