Opened 8 years ago
Last modified 7 years ago
#2018 closed enhancement
Support DTLS for SRTP keying — at Initial Version
Reported by: | nanang | Owned by: | nanang |
---|---|---|---|
Priority: | normal | Milestone: | release-2.7 |
Component: | pjmedia | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description
DTLS-SRTP is an SRTP keying method that uses media channel for SRTP key negotiation which is secured using TLS. As SRTP key negotiation is done in media channel, confidentiality in SIP signaling is not required, but it needs SIP message integrity for authentication. Peer authentication is done by matching TLS certificate fingerprint (sent via SIP signaling) to actual TLS certificate received in DTLS-SRTP handshake (sent via media channel), so SIP message integrity will guarantee that the TLS certificate fingerprint is not altered from end to end.
DTLS handshake in DTLS-SRTP is basically very similar to TLS handshake, it is just done on UDP socket so it has retransmission mechanism and using a TLS extension for attaching SRTP keying materials (e.g: SRTP crypto profile and key).
Specification
- SDES (the only SRTP keying mechanism currently available in PJMEDIA) and DTLS-SRTP may coexist in run-time, any of them may be disabled (via run-time or compile-time).
- As currently best effort media encryption via SDP capability negotiation is not supported yet, it should be configurable which SRTP keying method to be used in generating offer. And for generating answer, it should detect and use the keying method used by the offer.
- Support DTLS-SRTP handshake before SDP answer is sent/received.
How to build
Requirement
- OpenSSL version 1.1.0 or newer. DTLS with SRTP extension seems to be available since OpenSSL 1.0.1, but we haven't tried it ourselves.
Build
- Set macro PJMEDIA_SRTP_HAS_DTLS to 1 in config_site.h:
#define PJMEDIA_SRTP_HAS_DTLS 1
- Build PJSIP with TLS enabled using OpenSSL backend.
Sample code for PJSUA app
In generating SDP answer, SRTP will automatically detect and match the keying method to the SDP offer's, e.g: if remote sends offer using DTLS-SRTP, we will start DTLS nego immediately and answer using DTLS-SRTP too. However, in generating SDP offer, SRTP will use SDES by default. So to generate SDP offer using DTLS-SRTP, application needs to implement PJSUA callback on_create_media_transport_srtp and sets the priority of DTLS-SRTP higher than SDES from that callback, e.g:
void on_create_media_transport_srtp(pjsua_call_id call_id, unsigned media_idx, pjmedia_srtp_setting *srtp_opt) { srtp_opt->keying_count = 2; srtp_opt->keying[0] = PJMEDIA_SRTP_KEYING_DTLS_SRTP; srtp_opt->keying[1] = PJMEDIA_SRTP_KEYING_SDES; }
Limitation
This ticket will only implement the core part of DTLS-SRTP, i.e: SRTP key negotiation via DTLS, while DTLS-SRTP itself also depends on other features that we haven't supported yet:
- SIP signaling integrity protection, provided via:
- SIP Identity, specified by RFC4474 and RFC4916, only Authentication Service is needed.
- S/MIME, specified by RFC3261 section 23.
- SIPS, actually we already support this, but as SIPS can't guarantee that all proxies are trusted, the security provided by SIPS is considered weaker.
- Best effort media encryption via SDP capability negotiation, to offer media channel with multiple configurations (e.g: offering SRTP but also accept plain RTP), this seems to be a MUST.
Reference
- DTLS-SRTP framework: https://tools.ietf.org/html/rfc5763
- DTLS extension for SRTP: https://tools.ietf.org/html/rfc5764