[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-developers] How to set AES 256 bit encryption?
|
From: |
Eli Burke |
|
Subject: |
Re: [Linphone-developers] How to set AES 256 bit encryption? |
|
Date: |
Wed, 28 Nov 2018 08:16:53 -0500 |
> Date: Wed, 28 Nov 2018 05:34:07 -0700
> From: Yoshi Takagawa <address@hidden>
> To: address@hidden
> Subject: Re: [Linphone-developers] How to set AES 256 bit encryption?
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello Gaurang Gohil,
>
> Thank you very much for your very prompt reply.
>
> I found the files you referenced and I see no parameter obviously listed in
> ether file to modify an AES parameter. What do I need to add and which file
> to do I need to add it?
>
> The totality of my /home/username/.config/Unknown Organization/linphone.conf
> file contents are as follows:
You can control the SRTP and ZRTP ciphers with the following.
[sip]
srtp_crypto_suites=AES_CM_256_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32,
AES_CM_128_HMAC_SHA1_80
zrtp_key_agreements_suites=MS_ZRTP_KEY_AGREEMENT_DH3K
zrtp_cipher_suites=MS_ZRTP_CIPHER_AES3
zrtp_auth_suites=MS_ZRTP_AUTHTAG_HS80
zrtp_hash_suites=MS_ZRTP_HASH_S384
zrtp_sas_suites=MS_ZRTP_SAS_B256
You need to look through source code to find valid values (grep helps).
submodules/mediastreamer2/include/mediastreamer2/zrtp.h
and
submodules/mediastreamer2/include/mediastreamer2/ms_srtp.h
(SRTP crypto suites are mapped ASCII -> enum in
submodules//mediastreamer2/src/voip/mediastream.c)
I also have a note to myself:
"; AES_CM_256_HMAC_SHA1_80 and AES_CM_256_HMAC_SHA1_32 require server-side
support”
Unfortunately… I don’t remember the circumstances for writing that note.
Possibly it was related to our Freeswitch VOIP server. For sanity’s sake I
suggest you edit your srtp_crypto_suites down to one working 128 bit cipher,
verify it, and then test the two 256 bit ciphers individually (one-leg and
two-leg calls) to make sure they work in your environment.
-Eli