Pjsip cipher 256

nodorgrom · November 15, 2018, 8:30am

Good morning!

Asterisk 15.6.1, pjsip, Debian 9, OpenSSL 1.1.0f 25 May 2017, x86_64

I’m trying make a TLS call from Asterisk 15.6.1 to endpoint Bria (latest version)
SIP header contains SDES options include crypto, when sent INVITE (SDP)
The crypto has next entry - a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:<random string>
But I would like to see here something like with 256, because when I was trying phone from Bria to Asterisk 15.6.1 ( -> other endpoint… ) I saw that a=crypto entry had containsed 256.

I pointed in pjsip.transport.conf all ciphers whose contains only 256 but it doesn’t work.
Could you please give me more information about managing cipher in pjsip and how can I change it?

[IP-crypto]
type=transport
protocol=udp
bind=:5060
cert_file=/etc/asterisk/keys/asterisk.pem
priv_key_file=/etc/asterisk/keys/asterisk.key
cipher=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA,RSA-PSK-AES256-GCM-SHA384,DHE-PSK-AES256-GCM-SHA384,AES256-GCM-SHA384,PSK-AES256-GCM-SHA384,AES256-SHA256,ECDHE-PSK-AES256-CBC-SHA384,ECDHE-PSK-AES256-CBC-SHA,SRP-RSA-AES-256-CBC-SHA,SRP-AES-256-CBC-SHA,RSA-PSK-AES256-CBC-SHA384,DHE-PSK-AES256-CBC-SHA384,RSA-PSK-AES256-CBC-SHA,DHE-PSK-AES256-CBC-SHA,AES256-SHA,PSK-AES256-CBC-SHA384,PSK-AES256-CBC-SHA
method=tlsv1
verify_client=yes
verify_server=yes
allow_reload=yes
tos=cs3
cos=3

[172.25.25.25-udp]
type=transport
protocol=udp
bind=172.25.25.25:5060

jcolp · November 15, 2018, 11:04am

The TLS transport is used for the signaling layer, what you are referring to is for media and the configuration for TLS has no impact on it. All SRTP configuration for an endpoint is in the endpoint section, and I don’t believe we support such a thing currently.

nodorgrom · November 15, 2018, 11:06am

Do you mean that I’m needed to add cipher option in to pjsip.endpoint.conf for special endpoint?
P.S. I tryed do it, but I had an error in Asterisk CLI that cipher cannot be used there

jcolp · November 15, 2018, 11:07am

As I stated I don’t believe we support that for SRTP, and if we did it would be documented[1] on the wiki.

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Configuration_res_pjsip

nodorgrom · November 15, 2018, 11:33am

I think Asterisk uses by default 128 ciphers and it doesn’t be changed in endpoint.conf but can it be changed during installation Asterisk?

jcolp · November 15, 2018, 11:34am

As I stated, TLS and SRTP are completely separate things. The ciphers you mention have no correlation to the “a=crypto” line in SDP.

nodorgrom · November 15, 2018, 11:39am

Thank you, I know
TLS is transport
SRTP is media
SDP is session describe

Could you please explain me, how can I make like as: a=crypto=…256… during outgoing calls

jcolp · November 15, 2018, 11:41am

As I stated, I don’t believe that is supported and if it were it would be on in the endpoint configuration I linked. Since there is no option to control it, it is likely unsupported and thus you would need to add code to do so.

nodorgrom · November 15, 2018, 12:33pm

By this logic all incoming calls whose contains a=crypto: …256…, would be dropped (rejected) because endpoint doesn’t support cipher.
Look at example, Bria phone makes a call with SRTP and ecryption to Asterisk.
Bria sends an INVITE packet which contains next description:

asterisk -> bria
[ outgoing call ]
xv=0
xo=- 1214669129 1214669129 IN IP4 172.25.73.249
xs=Asterisk
xc=IN IP4 172.25.73.249
xt=0 0
xm=audio 19716 RTP/SAVP 18 8 0 101
xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:8 PCMA/8000
xa=rtpmap:0 PCMU/8000
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-16
xa=ptime:20
xa=maxptime:150
xa=sendrecv

asterisk <- bria
[ incoming call ]
xv=0
xo=- 1192253840736 1 IN IP4 …
xs=Cpc session
xc=IN IP4 …
xt=0 0
xm=audio 48112 RTP/SAVP 18 101
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-15
xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
xa=sendrecv
xa=nortpproxy:yes

Asterisk accepting it and replying 100 Trying and so on
I mean that media can be established and voice can be heared
That case shown that Asterisk supports and cipher 256 too but only as incoming.
Concerning outgoing calls I don’t know why asterisk using only 128 ciphers

jcolp · November 15, 2018, 12:34pm

There are multiple crypto lines. Asterisk would respond with the one that was accepted and use that for the encryption.

nodorgrom · November 15, 2018, 12:44pm

They choosing 256, 200 OK (SDP) confirm it:

xv=0
xo=- 2547899744 3 IN IP4 172.25.73.249
xs=Asterisk
xc=IN IP4 172.25.73.249
xt=0 0
xm=audio 10854 RTP/SAVP 18 101
xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:2xwbrvIZOV7hBuH+JzrYLl/cMYug4MwoQbQS22VQrFczZ0zuOvgbUdiGGA5Rxg==
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-16
xa=ptime:20
xa=maxptime:230
xa=sendrecv

jcolp · November 15, 2018, 12:46pm

That is from Asterisk, in which case we’re already doing 256. It appears support was added about 2 years ago:

commit 1d2173c7aed0587cdd434e69e89a3972a2642cd8
Author: Alexander Traud <pabstraud@compuserve.com>
Date:   Wed Jul 13 12:24:46 2016 +0200

    res_srtp: Enable AES-256 and AES-GCM.
    
    ASTERISK-26190 #close
    
    Change-Id: I11326d80edd656524a51a19450e586c583aa0a0b

nodorgrom · November 15, 2018, 12:49pm

Good, but question is still actual. Why Asterisk choose only 128 cipher line (during outgoing calls) if callee supports both 128 and 256?

jcolp · November 15, 2018, 12:54pm

Nothing stands out showing why it would not have multiple in the outgoing, so I do not know. You could file an issue[1] but you would need to provide full information and there is no timeframe on when it would get looked into.

[1] https://issues.asterisk.org/jira

nodorgrom · November 15, 2018, 12:57pm

Nothing stands out showing why it would not have multiple in the outgoing

You right, maybe I’ll make an issue
And last question, do you know how can I set more than one cypher lines?

jcolp · November 15, 2018, 12:58pm

According to the code it is supposed to do so already. I do not know why it isn’t.

nodorgrom · November 15, 2018, 1:03pm

Thank you for help I’ll make an issue, have a nice day!

nodorgrom · November 15, 2018, 1:42pm

Do you know, are these options works correct for endpoint?

media_encryption=dtls
bind_rtp_to_media_address=yes
dtls_cert_file=/etc/asterisk/keys/asterisk.crt
dtls_private_key=/etc/asterisk/keys/asterisk.key
dtls_cipher=AES256-SHA

openssl ciphers shows a lot of ciphers
Which chipher I’m needed to set if Bria’s incoming INVITE contains AES_256_CM_HMAC_SHA1_80?
Something like AES_256 ?

jcolp · November 15, 2018, 1:43pm

None. The crypto line is used for “sdes” encryption, not dtls.

eh_whatevs · November 21, 2018, 7:04pm

Were you able to resolve this? I am also using Bria and would like to use AES_256_CM_HMAC_SHA1_80. Thanks.

Topic		Replies	Views
Pjsip tls trouble Asterisk SIP	3	8087	March 24, 2018
How to install new PJSIP TLS cipher Asterisk SIP	1	394	September 24, 2021
Asterisk 18 + TLS Asterisk SIP	2	744	July 2, 2023
PJSIP debug TLS issues with Wireshark Asterisk Support	1	1715	October 11, 2017
Pjsip trying to use tls with sdes Asterisk SIP	10	1794	May 3, 2020

Pjsip cipher 256

Related topics