[Home]

Summary:ASTERISK-26979: res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
Reporter:Javier Riveros (goseeped)Labels:
Date Opened:2017-05-03 13:22:44Date Closed:2017-05-23 08:40:00
Priority:MajorRegression?
Status:Closed/CompleteComponents:Resources/res_rtp_asterisk Resources/res_srtp
Versions:13.15.0 Frequency of
Occurrence
Constant
Related
Issues:
Environment:Attachments:( 0) Logs_config_packets_captures.zip
Description:As soon as I give it a try to RTCP-MUX in webRTC-land I start getting those warnings.

I take a look to srtp library and libsrtp error err_status_auth_fail (see crypto/include/err.h, enum err_status_t) for version 1.5.x . It usually means that a wrong key is used to decrypt or a packet is modified after encryption (so computed auth tag doesn't match the one from the packet)  normally an "authentication failure".

So in asterisk looks like this warnning is being fire on 10 packets or 110 pkts
in res_srtp.c.

{code}
if (res != err_status_ok && res != err_status_replay_fail ) {
               if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {
                       ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned);
                       srtp->warned = 11;
               } else {
                       srtp->warned++;
               }
               errno = EAGAIN;
               return -1;
       }
{code}

Call example.

ASTERISK (tcp)-> (tcp) SIP-proxy (WS) -> (WS) WebRTC.

{code}
call start at : 2017-05-02T17:36:35Z
- First log (warining)

[2017-05-02 17:37:06.005] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 10

--second log (warining)
[2017-05-02 17:41:17.601] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 110

--call ends at
~2017-05-02T17:42:25Z
{code}

asterisk version: 13.15.0
libsrtp : libsrtp0-dev (1.5.0)
pjsip: (using pjsip bundle) v2.6
openssl: 1.0.2g-1ubuntu4.6
O.S : ubuntu 14.04.1
Browser: chrome 56,57,58 (windows/linux/mac)

I will attach the logs, config, packet captures.

If more info is needed let me know.

Thanks,
Comments:By: Asterisk Team (asteriskteam) 2017-05-03 13:22:44.915-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Friendly Automation (friendly-automation) 2017-05-23 08:40:01.527-0500

Change 5678 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5678|https://gerrit.asterisk.org/5678]

By: Friendly Automation (friendly-automation) 2017-05-24 10:37:00.352-0500

Change 5709 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5709|https://gerrit.asterisk.org/5709]

By: Friendly Automation (friendly-automation) 2017-05-24 10:43:48.823-0500

Change 5710 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5710|https://gerrit.asterisk.org/5710]

By: Friendly Automation (friendly-automation) 2017-05-24 11:13:41.608-0500

Change 5677 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5677|https://gerrit.asterisk.org/5677]

By: Friendly Automation (friendly-automation) 2017-05-24 11:27:28.924-0500

Change 5679 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5679|https://gerrit.asterisk.org/5679]