Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#2100 closed enhancement (fixed)

Move SRTP setting in PJSUA and PJSUA2 to account setting

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjsua-lib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by nanang)

Currently SRTP crypto and keying method is configurable via callback, i.e: on_create_media_transport_srtp() in PJSUA or onCreateMediaTransportSrtp() in PJSUA2 (only crypto). And after some review and internal discussions, we decided to deprecate the callback and move the settings to account config, here are some reasons:

  • SRTP setting type used in callback param is pjmedia_srtp_setting, which has some fields that are PJMEDIA specifics, e.g: close_member_tp, cb, user_data. So this ticket will also create a new SRTP settings specifically for PJSUA and PJSUA2.
  • media transport settings are usually configurable via account setting (instead of PJSUA/PJSUA2 callback), so it'd better to use the same pattern for SRTP.

Here are sample codes to enable DTLS-SRTP in outgoing SDP offer:

  • using PJSUA: 
     acc_cfg.srtp_opt.keying_count = 2;
 acc_cfg.srtp_opt.keying[0] = PJMEDIA_SRTP_KEYING_DTLS_SRTP;
 acc_cfg.srtp_opt.keying[1] = PJMEDIA_SRTP_KEYING_SDES; // optional, as a fallback for handling incoming call using SRTP with SDES
  • using PJSUA2: 
    acc_cfg.mediaConfig.srtpOpt.keyings.push_back(PJMEDIA_SRTP_KEYING_DTLS_SRTP);
acc_cfg.mediaConfig.srtpOpt.keyings.push_back(PJMEDIA_SRTP_KEYING_SDES); // optional, as a fallback for handling incoming call using SRTP with SDES

Change History (6)

comment:1 Changed 7 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5755:

Close #2100:

  • Added new APIs:
    • PJMEDIA: pjmedia_srtp_enum_crypto(), pjmedia_srtp_enum_keying()
    • PJSUA: pjsua_config.srtp_opt, pjsua_acc_config.srtp_opt, pjsua_srtp_opt_default()
    • PJSUA2: AccountMediaConfig::srtpOpt, Endpoint::srtpCryptoEnum()
  • Deprecated PJSUA callback on_create_media_transport_srtp() (not removed yet, just warnings).
  • Slightly refactored SRTP code:
    • Fixed potential issue with on_create_media_transport_srtp(), some PJSUA internal values in pjmedia_srtp_setting may be overridden by app.
    • Fixed few issues in SRTP and keying mechanism, e.g: premature local SDP modification (it should be done after verification).
    • Potential minor backward compatibility issue: default value of pjmedia_srtp_setting.crypto_count is now zero, previously it was initialized with all crypto via pjmedia_srtp_setting_default(), actually zero and all cryptos in this setting semantically are the same.

comment:2 Changed 7 years ago by nanang

  • Description modified (diff)

comment:3 Changed 7 years ago by ming

In 5775:

Re #2100: Fixed SrtpCrypto? vector definition

comment:4 Changed 6 years ago by ming

In 5872:

Re #2100: Fixed duplication of crypto names and keys to use pj_strdup(). Otherwise, when the account/global config's input strings are modified (or deallocated) after being passed to PJSIP, then the crypto name matching will fail and we will generate error: PJMEDIA_SRTP_ENOTSUPCRYPTO

comment:5 Changed 6 years ago by ming

In 5875:

Re #2100: Fix the optimization part of r5872, which didn't work since we don't preserve the old strings.

comment:6 Changed 6 years ago by ming

In 5876:

Re #2100: Fixed the incorrect string comparisons

Note: See TracTickets for help on using tickets.