| 31 | |
| 32 | ---- |
| 33 | |
| 34 | == Using SRTP == |
| 35 | |
| 36 | SRTP is implemented as media transport in PJMEDIA. In the high level [http://www.pjsip.org/pjsip/docs/html/group__PJSUA__LIB.htm PJSUA-LIB API], the use of SRTP is controlled by couple of settings as explained below. |
| 37 | |
| 38 | |
| 39 | === Using SRTP in PJSUA-LIB === |
| 40 | |
| 41 | In [http://www.pjsip.org/pjsip/docs/html/group__PJSUA__LIB.htm PJSUA-LIB], the use of SRTP is controlled by settings in both [http://www.pjsip.org/pjsip/docs/html/structpjsua__config.htm pjsua_config] and [http://www.pjsip.org/pjsip/docs/html/structpjsua__acc__config.htm pjsua_acc_config]. The settings in [http://www.pjsip.org/pjsip/docs/html/structpjsua__config.htm pjsua_config] specifies the default settings for all accounts, and the settings in [http://www.pjsip.org/pjsip/docs/html/structpjsua__acc__config.htm pjsua_acc_config] can be used to further set the behavior for that specific account. |
| 42 | |
| 43 | In both {{{pjsua_config}}} and {{{pjsua_acc_config}}}, there are two configuration items to control: |
| 44 | |
| 45 | '''{{{use_srtp}}}''':: |
| 46 | This option controls whether secure media transport (SRTP) should be used for this account. Valid values are: |
| 47 | - {{{PJMEDIA_SRTP_DISABLED}}} (0): SRTP is disabled, and incoming call with RTP/SAVP transport will be rejected. |
| 48 | - {{{PJMEDIA_SRTP_OPTIONAL}}} (1): SRTP will be advertised and SRTP will be used if remote supports it, but the call may fall back to unsecure media. |
| 49 | - {{{PJMEDIA_SRTP_MANDATORY}}} (2): secure media is mandatory, and the call can only proceed if secure media can be established. |
| 50 | The default value for this option is {{{PJSUA_DEFAULT_USE_SRTP}}}, which is zero (disabled). |
| 51 | |
| 52 | '''{{{srtp_secure_signaling}}}''':: |
| 53 | This option controls whether SRTP requires secure signaling to be used. This option is only used when {{{use_srtp}}} option above is non-zero. Valid values are: |
| 54 | - 0: SRTP does not require secure signaling |
| 55 | - 1: SRTP requires secure transport such as TLS |
| 56 | - 2: SRTP requires secure end-to-end transport (SIPS) |
| 57 | The default value for this option is {{{PJSUA_DEFAULT_SRTP_SECURE_SIGNALING}}}, which is 1 (require TLS transport). |
| 58 | |
| 59 | |
| 60 | |
| 61 | |
| 62 | === pjsua === |
| 63 | |
| 64 | New option '''---use-srtp''' is added, with valid values are 0, 1, or 2. This corresponds to {{{use_srtp}}} setting above. |
| 65 | |
| 66 | Sample usage: |
| 67 | {{{ |
| 68 | $ ./pjsua --use-tls --use-srtp=1 |
| 69 | }}} |
| 70 | |
| 71 | Note: we need to enable TLS since by default SRTP requires secure signaling to be used (see ''srtp_secure_signaling'' setting above). If you want to use SRTP with non-secure transport (which is not recommended unless for testing purpose only!), you can modify ''srtp_secure_signaling'' setting in pjsua application. |
| 72 | |
| 73 | |
| 74 | === Using SRTP Transport Directly === |
| 75 | |
| 76 | The SRTP transport may also be used directly without having to involve SDP negotiations. However, you will need to have a different mechanism to exchange keys between endpoints. |
| 77 | |
| 78 | To use SRTP transport directly: |
| 79 | - Call pjmedia_transport_srtp_create() to create the SRTP adapter, giving it the actual media transport instance (such as UDP transport). |
| 80 | - Call pjmedia_transport_srtp_start() to active SRTP session, giving it both local and remote crypto settings and keys. |
| 81 | - Call pjmedia_transport_attach() to configure the remote RTP/RTCP addresses and attach your RTP and RTCP callbacks. |
| 82 | - Call pjmedia_transport_send_rtp() and pjmedia_transport_send_rtcp() to send RTP/RTCP packets. |
| 83 | - Once you done with your session, call pjmedia_transport_close() to destroy the SRTP adapter (and optionally the actual transport which is attached to the SRTP adapter, depending on whether ''close_member_tp'' flag is set in the options when creating the SRTP adapter). |
71 | | ---- |
72 | | |
73 | | == Using SRTP Transport == |
74 | | |
75 | | |
76 | | === Using SRTP in PJSUA-LIB === |
77 | | |
78 | | The use of SRTP is controlled by settings in both pjsua_config and pjsua_acc_config. The settings in pjsua_config specifies the default settings for all accounts, and the settings in pjsua_acc_config can be used to further set the behavior for that specific account. |
79 | | |
80 | | In both pjsua_config and pjsua_acc_config, there are two configuration items to control: |
81 | | |
82 | | '''use_srtp''':: |
83 | | This option controls whether secure media transport (SRTP) should be used for this account. Valid values are: |
84 | | - PJMEDIA_SRTP_DISABLED (0): SRTP is disabled, and incoming call with RTP/SAVP transport will be rejected. |
85 | | - PJMEDIA_SRTP_OPTIONAL (1): SRTP will be advertised and SRTP will be used if remote supports it, but the call may fall back to unsecure media. |
86 | | - PJMEDIA_SRTP_MANDATORY (2): secure media is mandatory, and the call can only proceed if secure media can be established. |
87 | | The default value for this option is PJSUA_DEFAULT_USE_SRTP, which is zero (disabled). |
88 | | |
89 | | '''srtp_secure_signaling''':: |
90 | | This option controls whether SRTP requires secure signaling to be used. This option is only used when {{{use_srtp}}} option above is non-zero. Valid values are: |
91 | | - 0: SRTP does not require secure signaling |
92 | | - 1: SRTP requires secure transport such as TLS |
93 | | - 2: SRTP requires secure end-to-end transport (SIPS) |
94 | | The default value for this option is PJSUA_DEFAULT_SRTP_SECURE_SIGNALING, which is 1 (require TLS transport). |
95 | | |
96 | | |
97 | | |
98 | | |
99 | | === pjsua === |
100 | | |
101 | | New option '''---use-srtp''' is added, with valid values are 0, 1, or 2. This corresponds to {{{use_srtp}}} setting above. |
102 | | |
103 | | Sample usage: |
104 | | {{{ |
105 | | $ ./pjsua --use-tls --use-srtp=1 |
106 | | }}} |
107 | | |
108 | | Note: we need to enable TLS since by default SRTP requires secure signaling to be used (see ''srtp_secure_signaling'' setting above). If you want to use SRTP with non-secure transport (which is not recommended unless for testing purpose only!), you can modify ''srtp_secure_signaling'' setting in pjsua application. |
109 | | |
110 | | |
111 | | === Using SRTP Transport Directly === |
112 | | |
113 | | The SRTP transport may also be used directly without having to involve SDP negotiations. However, you will need to have a different mechanism to exchange keys between endpoints. |
114 | | |
115 | | To use SRTP transport directly: |
116 | | - Call pjmedia_transport_srtp_create() to create the SRTP adapter, giving it the actual media transport instance (such as UDP transport). |
117 | | - Call pjmedia_transport_srtp_start() to active SRTP session, giving it both local and remote crypto settings and keys. |
118 | | - Call pjmedia_transport_attach() to configure the remote RTP/RTCP addresses and attach your RTP and RTCP callbacks. |
119 | | - Call pjmedia_transport_send_rtp() and pjmedia_transport_send_rtcp() to send RTP/RTCP packets. |
120 | | - Once you done with your session, call pjmedia_transport_close() to destroy the SRTP adapter (and optionally the actual transport which is attached to the SRTP adapter, depending on whether ''close_member_tp'' flag is set in the options when creating the SRTP adapter). |