[FS-5937] Support AES-GCM mode in SRTP Created: 02/Nov/13  Updated: 01/Mar/14  Resolved: 25/Feb/14

Status: Closed
Project: FreeSWITCH
Component/s: mod_sofia, RTP
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Kristian Kielhofner Assignee: Anthony Minessale II
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File aead_aes_gcm.patch     Text File freeswitch_gcm.patch     Text File jfoley-pjsip-aead_aes-crypto-suites.patch     Text File pjsip-jfigus-128_only.patch     Text File pjsip_gcm.patch    
CPU Architecture:
x86
Kernel:
Linux
Userland:
GNU/Linux
Compiler:
gcc
FreeSWITCH GIT Revision: All
GIT Master Revision hash:: Yes

 Description   
When libsrtp can be updated to use openssl and a version of libsrtp that supports AES-GCM:

http://jira.freeswitch.org/browse/FS-5422

FreeSWITCH will already be able to realize some performance improvements with CPUs that support AES-NI. However, the real win is using AES-GCM mode:

https://github.com/cisco/libsrtp/pull/34

http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10

https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf

I'm told there is already a patch to implement this for pjsip. It would be nice to get this implemented in FreeSWITCH as well.

 Comments   
Comment by John Foley [ 04/Nov/13 ]
Patch for PJSIP to enable counter mode AES 192/256 and AES-GCM mode. Note, this patch does not include the changes to the third_party/srtp code, which is required to support these new modes of AES encryption. The SRTP code should be pulled from the libsrtp feature-openssl branch in github.
Comment by John Foley [ 06/Nov/13 ]
There's now a forked version of PJSIP that has GCM support located at:

https://github.com/jfigus/PJSIP

When building this, the OpenSSL 1.0.1 devel package needs to be installed on the build host. Build PJSIP normally:
./configure
make dep
make
Comment by Kristian Kielhofner [ 06/Nov/13 ]
Patch for FreeSWITCH to enable AES-GCM mode (128 bit only). Requires OpenSSL 1.0.1 and the libsrtp-openssl patch from http://jira.freeswitch.org/browse/FS-5422

If testing with pjsip you'll also have to use John's github fork and apply pjsip-jfigus-128_only.patch to disable non-128 bit cipher suites in pjsip.
Comment by Git [ 24/Feb/14 ]
Repository: freeswitch
Branch: refs/heads/master
Commit: a900ead http://fisheye.freeswitch.org/changelog/freeswitch/?cs=a900ead
Closed By: anthm@freeswitch.org

Comment:
FS-5937 --resolve


FreeSWITCH Support Contracts and Consulting Services available!

Contact us:
Email: consulting@freeswitch.org
Web: http://www.freeswitch.org
Phone: +1-918-420-9266
Tollfree: +1-877-742-2583
Fax: +1-918-420-9267
iNum: +883 5100 1420 9266


Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony!
http://www.cluecon.com

Comment by Kristian Kielhofner [ 24/Feb/14 ]
According to the draft these crypto suites are wrong:

http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10#section-15.1

I've attached a patch (aead_aes_gcm.patch) that should fix this but I still get a parse error. Here's the relevant FS log output:

2014-02-24 22:02:56.445472 [INFO] mod_dialplan_xml.c:558 Processing 1000 <1000>->9197 in context default
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->unloop] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [unloop] ${unroll_loops}(true) =~ /^true$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [unloop] ${sip_looped_call}() =~ /^true$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->tod_example] continue=true
Dialplan: sofia/internal/1000@192.168.111.5 Date/TimeMatch (FAIL) [tod_example] break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->holiday_example] continue=true
Dialplan: sofia/internal/1000@192.168.111.5 Date/TimeMatch (FAIL) [holiday_example] break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->global-intercept] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [global-intercept] destination_number(9197) =~ /^886$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->group-intercept] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [group-intercept] destination_number(9197) =~ /^\*8$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->intercept-ext] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [intercept-ext] destination_number(9197) =~ /^\*\*(\d+)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->redial] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [redial] destination_number(9197) =~ /^(redial|870)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->global] continue=true
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [global] ${call_debug}(false) =~ /^true$/ break=never
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [global] ${rtp_has_crypto}() =~ /^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$/ break=never
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [global] ${endpoint_disposition}(DELAYED NEGOTIATION) =~ /^(DELAYED NEGOTIATION)/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [global] ${switch_r_sdp}(v=0
o=- 3602286176 3602286176 IN IP4 192.168.111.5
s=pjmedia
b=AS:84
t=0 0
a=X-nat:0
m=audio 4000 RTP/SAVP 98 97 99 104 3 0 8 9 96
c=IN IP4 192.168.111.5
b=AS:64000
a=rtpmap:98 speex/16000
a=rtpmap:97 speex/8000
a=rtpmap:99 speex/32000
a=rtpmap:104 iLBC/8000
a=fmtp:104 mode=30
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15
a=rtcp:4001 IN IP4 192.168.111.5
a=crypto:1 AEAD_AES_256_GCM_8 inline:46nPB0X2kuML6iJWkOkCLOzKcybBVYLurRBoKKbd5/HIlGNQ5TBmVqK3jSfIxQ==
a=crypto:2 AEAD_AES_128_GCM_8 inline:rDhkczt6MZUF7dYU2nadKr1d8G5nF58wEGdCykI3
a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:35EuxVIahuHN6G+GPz5/OSnLavg/7EfPqMql7XjbP+Gg8ncgadEuIylGc+9pEQ==
a=crypto:4 AES_CM_192_HMAC_SHA1_80 inline:KLeJilIJUaebSZguIEPVsAVgkis90FP5sCjff43NUdYbfNGiNP4=
a=crypto:5 AES_CM_128_HMAC_SHA1_80 inline:xI1XRNeefUKObZKfgWZMV+sBo2KbRRPkPoGXeVJc
a=crypto:6 AES_CM_256_HMAC_SHA1_32 inline:m9eX+dGr3SeuKhixz+C7uDgSznqEZXfHEuZ4Nt8RkwR0U8+qCibkSHx5BIllXg==
a=crypto:7 AES_CM_192_HMAC_SHA1_32 inline:9Zzxd5QkY2Y82n+gjMKzbodRtoPhAl9ozqdLiTJteBO9m4b9HAs=
a=crypto:8 AES_CM_128_HMAC_SHA1_32 inline:nkFvwUs5GmaLjSHbntIFYGG344F11V2CC/Ml9rzs
) =~ /(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)/ break=never
Dialplan: sofia/internal/1000@192.168.111.5 Action set(rtp_secure_media=true)
Dialplan: sofia/internal/1000@192.168.111.5 Absolute Condition [global]
Dialplan: sofia/internal/1000@192.168.111.5 Action hash(insert/${domain_name}-spymap/${caller_id_number}/${uuid})
Dialplan: sofia/internal/1000@192.168.111.5 Action hash(insert/${domain_name}-last_dial/${caller_id_number}/${destination_number})
Dialplan: sofia/internal/1000@192.168.111.5 Action hash(insert/${domain_name}-last_dial/global/${uuid})
Dialplan: sofia/internal/1000@192.168.111.5 Action export(RFC2822_DATE=${strftime(%a, %d %b %Y %T %z)})
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->snom-demo-2] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [snom-demo-2] destination_number(9197) =~ /^9001$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->snom-demo-1] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [snom-demo-1] destination_number(9197) =~ /^9000$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->eavesdrop] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [eavesdrop] destination_number(9197) =~ /^88(\d{4})$|^\*0(.*)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->eavesdrop] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [eavesdrop] destination_number(9197) =~ /^779$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->call_return] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [call_return] destination_number(9197) =~ /^\*69$|^869$|^lcr$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->del-group] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [del-group] destination_number(9197) =~ /^80(\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->add-group] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [add-group] destination_number(9197) =~ /^81(\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->call-group-simo] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [call-group-simo] destination_number(9197) =~ /^82(\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->call-group-order] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [call-group-order] destination_number(9197) =~ /^83(\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->extension-intercom] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [extension-intercom] destination_number(9197) =~ /^8(10[01][0-9])$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->Local_Extension] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [Local_Extension] destination_number(9197) =~ /^(10[01][0-9])$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->Local_Extension_Skinny] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [Local_Extension_Skinny] destination_number(9197) =~ /^(11[01][0-9])$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->group_dial_sales] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [group_dial_sales] destination_number(9197) =~ /^2000$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->group_dial_support] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [group_dial_support] destination_number(9197) =~ /^2001$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->group_dial_billing] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [group_dial_billing] destination_number(9197) =~ /^2002$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->operator] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [operator] destination_number(9197) =~ /^(operator|0)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->vmain] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [vmain] destination_number(9197) =~ /^vmain$|^4000$|^\*98$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->sip_uri] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [sip_uri] destination_number(9197) =~ /^sip:(.*)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->nb_conferences] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [nb_conferences] destination_number(9197) =~ /^(30\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->wb_conferences] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [wb_conferences] destination_number(9197) =~ /^(31\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->uwb_conferences] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [uwb_conferences] destination_number(9197) =~ /^(32\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->cdquality_conferences] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [cdquality_conferences] destination_number(9197) =~ /^(33\d{2})$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->freeswitch_public_conf_via_sip] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [freeswitch_public_conf_via_sip] destination_number(9197) =~ /^9(888|8888|1616|3232)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->mad_boss_intercom] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [mad_boss_intercom] destination_number(9197) =~ /^0911$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->mad_boss_intercom] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [mad_boss_intercom] destination_number(9197) =~ /^0912$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->mad_boss] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [mad_boss] destination_number(9197) =~ /^0913$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ivr_demo] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ivr_demo] destination_number(9197) =~ /^5000$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->dynamic_conference] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [dynamic_conference] destination_number(9197) =~ /^5001$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->rtp_multicast_page] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [rtp_multicast_page] destination_number(9197) =~ /^pagegroup$|^7243$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->park] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [park] destination_number(9197) =~ /^5900$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->unpark] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [unpark] destination_number(9197) =~ /^5901$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->valet_park] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [valet_park] destination_number(9197) =~ /^(6000)$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->valet_park] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [valet_park] destination_number(9197) =~ /^(60\d[1-9])$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->park] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [park] source(mod_sofia) =~ /mod_sofia/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [park] destination_number(9197) =~ /park\+(\d+)/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->unpark] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [unpark] source(mod_sofia) =~ /mod_sofia/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [unpark] destination_number(9197) =~ /^parking$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->park] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [park] source(mod_sofia) =~ /mod_sofia/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [park] destination_number(9197) =~ /callpark/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->unpark] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [unpark] source(mod_sofia) =~ /mod_sofia/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [unpark] destination_number(9197) =~ /pickup/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->wait] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [wait] destination_number(9197) =~ /^wait$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->fax_receive] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [fax_receive] destination_number(9197) =~ /^9178$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->fax_transmit] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [fax_transmit] destination_number(9197) =~ /^9179$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ringback_180] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ringback_180] destination_number(9197) =~ /^9180$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ringback_183_uk_ring] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ringback_183_uk_ring] destination_number(9197) =~ /^9181$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ringback_183_music_ring] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ringback_183_music_ring] destination_number(9197) =~ /^9182$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ringback_post_answer_uk_ring] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ringback_post_answer_uk_ring] destination_number(9197) =~ /^9183$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ringback_post_answer_music] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ringback_post_answer_music] destination_number(9197) =~ /^9184$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->ClueCon] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [ClueCon] destination_number(9197) =~ /^9191$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->show_info] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [show_info] destination_number(9197) =~ /^9192$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->video_record] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [video_record] destination_number(9197) =~ /^9193$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->video_playback] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [video_playback] destination_number(9197) =~ /^9194$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->delay_echo] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [delay_echo] destination_number(9197) =~ /^9195$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->echo] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (FAIL) [echo] destination_number(9197) =~ /^9196$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 parsing [default->milliwatt] continue=false
Dialplan: sofia/internal/1000@192.168.111.5 Regex (PASS) [milliwatt] destination_number(9197) =~ /^9197$/ break=on-false
Dialplan: sofia/internal/1000@192.168.111.5 Action answer()
Dialplan: sofia/internal/1000@192.168.111.5 Action playback({loops=-1}tone_stream://%(251,0,1004))
2014-02-24 22:02:56.465395 [DEBUG] switch_core_state_machine.c:214 (sofia/internal/1000@192.168.111.5) State Change CS_ROUTING -> CS_EXECUTE
2014-02-24 22:02:56.465395 [DEBUG] switch_core_session.c:1384 Send signal sofia/internal/1000@192.168.111.5 [BREAK]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_state_machine.c:523 (sofia/internal/1000@192.168.111.5) State ROUTING going to sleep
2014-02-24 22:02:56.465395 [DEBUG] switch_core_state_machine.c:467 (sofia/internal/1000@192.168.111.5) Running State Change CS_EXECUTE
2014-02-24 22:02:56.465395 [DEBUG] switch_core_state_machine.c:530 (sofia/internal/1000@192.168.111.5) State EXECUTE
2014-02-24 22:02:56.465395 [DEBUG] mod_sofia.c:178 sofia/internal/1000@192.168.111.5 SOFIA EXECUTE
2014-02-24 22:02:56.465395 [DEBUG] switch_core_state_machine.c:256 sofia/internal/1000@192.168.111.5 Standard EXECUTE
EXECUTE sofia/internal/1000@192.168.111.5 set(rtp_secure_media=true)
2014-02-24 22:02:56.465395 [DEBUG] mod_dptools.c:1409 sofia/internal/1000@192.168.111.5 SET [rtp_secure_media]=[true]
EXECUTE sofia/internal/1000@192.168.111.5 hash(insert/192.168.111.5-spymap/1000/fc61ef8c-b61c-4d8e-baf2-db39f5049d53)
EXECUTE sofia/internal/1000@192.168.111.5 hash(insert/192.168.111.5-last_dial/1000/9197)
EXECUTE sofia/internal/1000@192.168.111.5 hash(insert/192.168.111.5-last_dial/global/fc61ef8c-b61c-4d8e-baf2-db39f5049d53)
EXECUTE sofia/internal/1000@192.168.111.5 export(RFC2822_DATE=Mon, 24 Feb 2014 22:02:56 -0500)
2014-02-24 22:02:56.465395 [DEBUG] switch_channel.c:1245 EXPORT (export_vars) [RFC2822_DATE]=[Mon, 24 Feb 2014 22:02:56 -0500]
EXECUTE sofia/internal/1000@192.168.111.5 answer()
2014-02-24 22:02:56.465395 [WARNING] switch_channel.c:3341 rtp_secure_media invalid in this context.
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:1079 Set Remote Key [1 AEAD_AES_256_GCM_8 inline:46nPB0X2kuML6iJWkOkCLOzKcybBVYLurRBoKKbd5/HIlGNQ5TBmVqK3jSfIxQ==]
2014-02-24 22:02:56.465395 [ERR] switch_core_media.c:1095 Crypto Setup Failed!.
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:98:16000:20:0]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:98:16000:20:0]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:98:16000:20:0]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:98:16000:20:0]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:97:8000:20:0]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:97:8000:20:0]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:97:8000:20:0]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:97:8000:20:0]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:99:32000:20:0]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:99:32000:20:0]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:99:32000:20:0]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [speex:99:32000:20:0]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [iLBC:104:8000:30:0]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [iLBC:104:8000:30:0]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [iLBC:104:8000:30:0]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [iLBC:104:8000:30:0]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [GSM:3:8000:20:13200]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [GSM:3:8000:20:13200]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [GSM:3:8000:20:13200]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [GSM:3:8000:20:13200]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3270 Audio Codec Compare [GSM:3:8000:20:13200] ++++ is saved as a match
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMU:0:8000:20:64000]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMU:0:8000:20:64000]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3270 Audio Codec Compare [PCMU:0:8000:20:64000] ++++ is saved as a match
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMU:0:8000:20:64000]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMU:0:8000:20:64000]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMA:8:8000:20:64000]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMA:8:8000:20:64000]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMA:8:8000:20:64000]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3270 Audio Codec Compare [PCMA:8:8000:20:64000] ++++ is saved as a match
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [PCMA:8:8000:20:64000]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [G722:9:8000:20:64000]/[G722:9:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3270 Audio Codec Compare [G722:9:8000:20:64000] ++++ is saved as a match
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [G722:9:8000:20:64000]/[PCMU:0:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [G722:9:8000:20:64000]/[PCMA:8:8000:20:64000]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3216 Audio Codec Compare [G722:9:8000:20:64000]/[GSM:3:8000:20:13200]
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3142 Set telephone-event payload to 96
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:2159 Set Codec sofia/internal/1000@192.168.111.5 GSM/8000 20 ms 160 samples 13200 bits
2014-02-24 22:02:56.465395 [DEBUG] switch_core_codec.c:111 sofia/internal/1000@192.168.111.5 Original read codec set to GSM:3
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:3452 Set 2833 dtmf send/recv payload to 96
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:4663 AUDIO RTP [sofia/internal/1000@192.168.111.5] 192.168.111.5 port 30088 -> 192.168.111.5 port 4000 codec: 3 ms: 20
2014-02-24 22:02:56.465395 [DEBUG] switch_rtp.c:3325 Starting timer [soft] 160 bytes per 20ms
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:5007 Set 2833 dtmf send payload to 96
2014-02-24 22:02:56.465395 [DEBUG] switch_core_media.c:5013 Set 2833 dtmf receive payload to 96
2014-02-24 22:02:56.465395 [ERR] switch_core_media.c:907 Parse Error near [AEAD_AES_256_GCM_8 inline:46nPB0X2kuML6iJWkOkCLOzKcybBVYLurRBoKKbd5/HIlGNQ5TBmVqK3jSfIxQ==]
2014-02-24 22:02:56.465395 [ERR] switch_core_media.c:936 Error!
2014-02-24 22:02:56.465395 [INFO] switch_rtp.c:3142 Activating Audio Secure RTP SEND
2014-02-24 22:02:56.465395 [INFO] switch_rtp.c:3120 Activating Audio Secure RTP RECV
2014-02-24 22:02:56.465395 [DEBUG] switch_core_sqldb.c:2357 Secure Type: srtp:sdes:(null)
2014-02-24 22:02:56.465395 [DEBUG] switch_core_sqldb.c:2357 Secure Type: srtp:sdes:(null)
2014-02-24 22:02:56.465395 [NOTICE] sofia_media.c:92 Pre-Answer sofia/internal/1000@192.168.111.5!
2014-02-24 22:02:56.465395 [DEBUG] switch_channel.c:3407 (sofia/internal/1000@192.168.111.5) Callstate Change RINGING -> EARLY
2014-02-24 22:02:56.465395 [DEBUG] mod_sofia.c:775 Local SDP sofia/internal/1000@192.168.111.5:
v=0
o=FreeSWITCH 1393267288 1393267289 IN IP4 192.168.111.5
s=FreeSWITCH
c=IN IP4 192.168.111.5
t=0 0
m=audio 30088 RTP/AVP 3 96
a=rtpmap:3 GSM/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
a=ptime:20
a=sendrecv

2014-02-24 22:02:56.465395 [DEBUG] switch_core_session.c:904 Send signal sofia/internal/1000@192.168.111.5 [BREAK]


With the serious error here:

2014-02-24 22:02:56.465395 [ERR] switch_core_media.c:907 Parse Error near [AEAD_AES_256_GCM_8 inline:46nPB0X2kuML6iJWkOkCLOzKcybBVYLurRBoKKbd5/HIlGNQ5TBmVqK3jSfIxQ==]
2014-02-24 22:02:56.465395 [ERR] switch_core_media.c:936 Error!

It looks like the default dialplan match will need to be updated as well.

Note I needed to patch John's PJSIP fork to use the proper SDES crypto suite names too.


Comment by Kristian Kielhofner [ 24/Feb/14 ]
Use proper SDES crypto suite names for AEAD_AES_256_GCM_8/AEAD_AES_128_GCM_8
Comment by Git [ 24/Feb/14 ]
Repository: freeswitch
Branch: refs/heads/master
Commit: 463f32c http://fisheye.freeswitch.org/changelog/freeswitch/?cs=463f32c
Updated By: brian@freeswitch.org

Comment:
FS-5937: i need to build a test rig for this, go go gadget iphone commit


FreeSWITCH Support Contracts and Consulting Services available!

Contact us:
Email: consulting@freeswitch.org
Web: http://www.freeswitch.org
Phone: +1-918-420-9266
Tollfree: +1-877-742-2583
Fax: +1-918-420-9267
iNum: +883 5100 1420 9266


Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony!
http://www.cluecon.com

Comment by Brian West [ 24/Feb/14 ]
I totally seen this but it didn't properly register at the time. Compiled and push via iPhone ;).

The fun of a Draft :) I'll have to monitor this along with reviewing the diffs of each draft iteration.

/b
Comment by Brian West [ 24/Feb/14 ]
Updated the crypto suite names to properly match the draft.
Comment by Kristian Kielhofner [ 25/Feb/14 ]
I should have been more clear - I still get the parse error AFTER applying the patch I've supplied. Rebuilding this morning (with the patch you committed) I'm still getting the parse error I included above.
Comment by Brian West [ 25/Feb/14 ]
Doh thats what I get for reading this on my iPhone, I'm actually working on this already for testing. Let me see if I can replicate this and craft a fix.

/b
Comment by Brian West [ 25/Feb/14 ]
I see the problem, I'll need to work with Tony to resolve this.

/b
Comment by Kristian Kielhofner [ 25/Feb/14 ]
Use this patch with the jfigus pjsip fork for testing with FreeSWITCH using proper SDES crypto suite names.
Comment by Brian West [ 25/Feb/14 ]
I have it fixed, I'll review it with anthony and commit it shortly.

/b
Comment by Git [ 25/Feb/14 ]
Repository: freeswitch
Branch: refs/heads/master
Commit: 33780fc http://fisheye.freeswitch.org/changelog/freeswitch/?cs=33780fc
Updated By: brian@freeswitch.org

Comment:
FS-5937 now with more working


FreeSWITCH Support Contracts and Consulting Services available!

Contact us:
Email: consulting@freeswitch.org
Web: http://www.freeswitch.org
Phone: +1-918-420-9266
Tollfree: +1-877-742-2583
Fax: +1-918-420-9267
iNum: +883 5100 1420 9266


Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony!
http://www.cluecon.com

Comment by Kristian Kielhofner [ 25/Feb/14 ]
Getting closer. PJSIP now kills the call after receiving the 200 OK from FreeSWITCH because the key length is invalid:

11:09:19.575 pjsua_core.c .RX 1311 bytes Response msg 200/INVITE/cseq=2789 (rdata0x26f9fe8) from TCP 192.168.111.5:5060:
SIP/2.0 200 OK
Via: SIP/2.0/TCP 192.168.111.5:52966;rport=52966;branch=z9hG4bKPj7437df51-dbdc-4900-8b01-a115f7fe84f9
From: sip:1000@192.168.111.5;tag=9c452572-43c3-453d-a03f-c66399a12ed1
To: <sip:9197@192.168.111.5>;tag=pm7meaX87FK0p
Call-ID: f467ab3d-0b55-4f44-9d35-26a856eefab7
CSeq: 2789 INVITE
Contact: <sip:9197@192.168.111.5:5060;transport=udp>
User-Agent: FreeSWITCH-mod_sofia/1.5.8b+git~20140225T155521Z~33780fca07~64bit
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Require: timer
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Session-Expires: 1800;refresher=uac
Min-SE: 120
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 298
Remote-Party-ID: "9197" <sip:9197@192.168.111.5>;party=calling;privacy=off;screen=no

v=0
o=FreeSWITCH 1393320085 1393320086 IN IP4 192.168.111.5
s=FreeSWITCH
c=IN IP4 192.168.111.5
t=0 0
m=audio 24474 RTP/SAVP 3 96
a=rtpmap:3 GSM/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
a=ptime:20
a=crypto:1 AEAD_AES_256_GCM_8 inline:BvXSPXHWLeV/q2HcEE3H2vobWm7RDFywbap/Escx

--end msg--
11:09:19.575 pjsua_app.c .....Call 0 state changed to CONNECTING
11:09:19.575 pjsua_media.c .....Call 0: updating media..
11:09:19.575 pjsua_media.c ......pjmedia_transport_media_start() failed for call_id 0 media 0: Invalid SRTP key length for specific crypto (PJMEDIA_SRTP_EINKEYLEN)
11:09:19.575 pjsua_call.c .....Unable to create media session: No active media stream after negotiation (PJMEDIA_SDPNEG_ENOMEDIA) [status=220048]
11:09:19.575 pjsua_core.c ........TX 371 bytes Request msg BYE/cseq=2790 (tdta0x7f260800b500) to UDP 192.168.111.5:5060:
BYE sip:9197@192.168.111.5:5060;transport=udp SIP/2.0
Via: SIP/2.0/UDP 192.168.111.5:9190;rport;branch=z9hG4bKPj84ef207c-9a30-4652-bbcf-0b5c73321337
Max-Forwards: 70
From: sip:1000@192.168.111.5;tag=9c452572-43c3-453d-a03f-c66399a12ed1
To: sip:9197@192.168.111.5;tag=pm7meaX87FK0p
Call-ID: f467ab3d-0b55-4f44-9d35-26a856eefab7
CSeq: 2790 BYE
Content-Length: 0
Comment by Brian West [ 25/Feb/14 ]
We are reviewing this.

/b
Comment by Kristian Kielhofner [ 25/Feb/14 ]
Nope, AEAD_AES_128_GCM_8 and AEAD_AES_256_GCM_8 are correct:

http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10#section-15.1
Comment by Brian West [ 25/Feb/14 ]
Ok confusion sorted getting the rubixcube put back together now.

/b
Comment by Kristian Kielhofner [ 25/Feb/14 ]
BTW, "latest" pjsip is also wrong. I made this patch: http://jira.freeswitch.org/secure/attachment/20197/jfoley-pjsip-aead_aes-crypto-suites.patch
Comment by Brian West [ 25/Feb/14 ]
Yah thats the bit that tripped me up I had done that before but I had to move to a different system so I had missed that step, which caused me pain this morning :P I had also given tony the wrong instruction and he was in the same boat thinking WTF, Now the confusion is cleared.

/b
Comment by Brian West [ 25/Feb/14 ]
SIP/2.0 200 OK
Via: SIP/2.0/TCP 192.168.1.100:60902;rport=55157;branch=z9hG4bKPjovnFmV5bXnRnZPE1Q2ZT4XEqtvpv6vQx;received=70.169.192.17
From: <sip:192.168.1.100>;tag=BzIg7o3E509-8uiYjOCFUZ4v6hzU6Rlm
To: <sip:6789@sidious.freeswitch.org>;tag=0HNjU0gr6Z45B
Call-ID: 6Q-fBLnLSL05if7gww3N9io6YzFaqvKj
CSeq: 16704 INVITE
Contact: <sip:6789@198.22.64.229:5060;transport=udp>
User-Agent: FreeSWITCH-mod_sofia/1.5.8b+git~20140225T144457Z~90b0ea7243~64bit
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 324
Remote-Party-ID: "6789" <sip:6789@sidious.freeswitch.org>;party=calling;privacy=off;screen=no

v=0
o=FreeSWITCH 1393340794 1393340795 IN IP4 198.22.64.229
s=FreeSWITCH
c=IN IP4 198.22.64.229
t=0 0
m=audio 20448 RTP/SAVP 97 96
a=rtpmap:97 speex/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
a=ptime:20
a=crypto:1 AEAD_AES_256_GCM_8 inline:Dkp2TDD3YS8W+QUTc1JIC30ttmc40elSX+bX6dgC5rymIOd3Bsamd3vLvXuZ+g

--end msg--
14:47:20.429 pjsua_app.c .....Call 0 state changed to CONNECTING
14:47:20.429 pjsua_media.c .....Call 0: updating media..
14:47:20.436 pjsua_aud.c ......Audio channel update..
14:47:20.436 strm0x7fbafa80 .......VAD temporarily disabled
14:47:20.436 strm0x7fbafa80 .......Encoder stream started
14:47:20.436 strm0x7fbafa80 .......Decoder stream started
14:47:20.436 pjsua_media.c ......Audio updated, stream #0: speex (sendrecv)
14:47:20.436 pjsua_app.c .....Call 0 media 0 [type=audio], status is Active
14:47:20.436 pjsua_aud.c .....Conf connect: 3 --> 0
14:47:20.436 conference.c ......Port 3 (sip:6789@sidious.freeswitch.org) transmitting to port 0 (Built-in Microph)
14:47:20.436 pjsua_aud.c .....Conf connect: 0 --> 3
14:47:20.436 conference.c ......Port 0 (Built-in Microph) transmitting to port 3 (sip:6789@sidious.freeswitch.org)
14:47:20.436 pjsua_core.c .....TX 366 bytes Request msg ACK/cseq=16704 (tdta0x7fbafa801000) to UDP 198.22.64.229:5060:
ACK sip:6789@198.22.64.229:5060;transport=udp SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bKPjzZjr5h2glSFfm6yxhUUXLvHkWT0PqnBd
Max-Forwards: 70
From: <sip:192.168.1.100>;tag=BzIg7o3E509-8uiYjOCFUZ4v6hzU6Rlm
To: sip:6789@sidious.freeswitch.org;tag=0HNjU0gr6Z45B
Call-ID: 6Q-fBLnLSL05if7gww3N9io6YzFaqvKj
CSeq: 16704 ACK
Content-Length: 0
Comment by Kristian Kielhofner [ 25/Feb/14 ]
That looks better :)!
Comment by Brian West [ 25/Feb/14 ]
--end msg--
14:55:39.374 pjsua_core.c .RX 1743 bytes Request msg INVITE/cseq=56344806 (rdata0x7fce98836028) from UDP 198.22.64.229:5060:
INVITE sip:1005@70.169.192.17:53881;ob SIP/2.0
Via: SIP/2.0/UDP 198.22.64.229;rport;branch=z9hG4bK4KaryUv6e7cXa
Max-Forwards: 70
From: "" <sip:0000000000@sidious.freeswitch.org>;tag=KXN9v2gUF9B9Q
To: <sip:1005@70.169.192.17:53881;ob>
Call-ID: 07058042-1902-1232-efaa-0025903377dc
CSeq: 56344806 INVITE
Contact: <sip:mod_sofia@198.22.64.229:5060>
User-Agent: FreeSWITCH-mod_sofia/1.5.8b+git~20140225T144457Z~90b0ea7243~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summa
ry, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 783
X-FS-Support: update_display,send_info
Remote-Party-ID: <sip:0000000000@sidious.freeswitch.org>;party=calling;screen=yes;privacy=off

v=0
o=FreeSWITCH 1393333642 1393333643 IN IP4 198.22.64.229
s=FreeSWITCH
c=IN IP4 198.22.64.229
t=0 0
m=audio 28098 RTP/SAVP 100 9 0 8 3 101
a=rtpmap:100 SPEEX/8000
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:BMpA5VcWxG+K3zq5Xqu9aLy8uqP2Z0JjaytbuJpK
a=ptime:20
m=audio 28098 RTP/AVP 100 9 0 8 3 101
a=rtpmap:100 SPEEX/8000
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
m=video 30322 RTP/SAVP 98 99
a=rtpmap:98 H264/90000
a=rtpmap:99 VP8/90000
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:GIFQkqixBUWhyA+d/SJ1GUyWa3vhDnGK/4MbRZcI



Answer with code (100-699) (empty to cancel): 200
14:55:47.998 pjsua_call.c !Answering call 2: code=200
14:55:47.998 pjsua_media.c ...Call 2: updating media..
14:55:47.998 pjsua_aud.c ....Audio channel update..
14:55:47.999 strm0x7fce9901 .....VAD temporarily disabled
14:55:47.999 strm0x7fce9901 .....Encoder stream started
14:55:47.999 strm0x7fce9901 .....Decoder stream started
14:55:47.999 pjsua_media.c ....Audio updated, stream #0: speex (sendrecv)
14:55:47.999 pjsua_media.c ....Audio updated, stream #1: (inactive)
14:55:47.999 pjsua_media.c ....Error updating media call02:2: Invalid media type (PJMEDIA_EINVALIMEDIATYPE)
14:55:47.999 pjsua_app.c ...Call 2 media 0 [type=audio], status is Active
14:55:47.999 pjsua_aud.c ...Conf disconnect: 2 -x- 0
14:55:47.999 conference.c ....Port 2 (ring) stop transmitting to port 0 (Built-in Microph)
14:55:47.999 pjsua_aud.c ...Conf connect: 3 --> 0
14:55:47.999 conference.c ....Port 3 (sip:0000000000@sidious.freeswitch.org) transmitting to port 0 (Built-in Microph)
14:55:47.999 pjsua_aud.c ...Conf connect: 0 --> 3
14:55:47.999 conference.c ....Port 0 (Built-in Microph) transmitting to port 3 (sip:0000000000@sidious.freeswitch.org)
14:55:47.999 pjsua_app.c ...Call 2 media 1 [type=audio], status is None
14:55:47.999 pjsua_core.c ....TX 1029 bytes Response msg 200/INVITE/cseq=56344806 (tdta0x7fce99868200) to UDP 198.22.64.229:5060:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 198.22.64.229;rport=5060;received=198.22.64.229;branch=z9hG4bK4KaryUv6e7cXa
Call-ID: 07058042-1902-1232-efaa-0025903377dc
From: <sip:0000000000@sidious.freeswitch.org>;tag=KXN9v2gUF9B9Q
To: <sip:1005@70.169.192.17;ob>;tag=xzHlKnvMzVBCZDgwQ10tRiRM8zV4vO2E
CSeq: 56344806 INVITE
Contact: <sip:1005@70.169.192.17:53881;ob>
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Supported: replaces, 100rel, timer, norefersub
Content-Type: application/sdp
Content-Length: 468

v=0
o=- 3602350539 3602350540 IN IP4 192.168.1.100
s=pjmedia
b=AS:84
t=0 0
a=X-nat:0
m=audio 4000 RTP/SAVP 100 101
c=IN IP4 192.168.1.100
b=TIAS:64000
a=rtcp:4001 IN IP4 192.168.1.100
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:J6MKWOKbflY4eN4fwAjV7y9mk1YdfzkzIXmgLQpn
a=rtpmap:100 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
m=audio 0 RTP/AVP 100 9 0 8 3 101
c=IN IP4 127.0.0.1
m=video 0 RTP/SAVP 98 99
c=IN IP4 127.0.0.1
Comment by Git [ 25/Feb/14 ]
Repository: freeswitch
Branch: refs/heads/master
Commit: 5646957 http://fisheye.freeswitch.org/changelog/freeswitch/?cs=5646957
Updated By: anthm@freeswitch.org

Comment:
FS-5937


FreeSWITCH Support Contracts and Consulting Services available!

Contact us:
Email: consulting@freeswitch.org
Web: http://www.freeswitch.org
Phone: +1-918-420-9266
Tollfree: +1-877-742-2583
Fax: +1-918-420-9267
iNum: +883 5100 1420 9266


Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony!
http://www.cluecon.com

Comment by Brian West [ 25/Feb/14 ]
Test and let us know how you like this.

/b
Comment by Kristian Kielhofner [ 25/Feb/14 ]
Looks good, even selecting the offer on inbound using late negotiation works. I have noticed that the "big AES" crypto suites (192/256) seem broken in this version of pjsip, not sure what's up with that but I was able to successfully test AEAD_AES_256_GCM_8, AEAD_AES_128_GCM_8, AES_CM_128_HMAC_SHA1_80, and AES_CM_128_HMAC_SHA1_32.
Comment by Brian West [ 25/Feb/14 ]
Do you happen to know anything besides PJSIP that can do the "big AES" suites? I'll have to try those out, we for sure tested the original two again and the two AES_*_GCM methods added.

/b
Comment by Kristian Kielhofner [ 25/Feb/14 ]
Unfortunately I do not know of any other implementations.
Comment by John Foley [ 01/Mar/14 ]
It looks like my PJSIP fork had dyslexic SDES values for RFC6188 too (big AES). Sorry about that. Check my PJSIP fork for the fix. In my defense, they changed the convention between RFC4568 and RFC6188 when registering the crypto suite values with IANA.
Generated at Wed Aug 16 12:21:24 CDT 2017 using JIRA 7.3.3#73014-sha1:d5be8da522213be2ca9ad7b043c51da6e4cc9754.