Yealink Forums
Yealink SRTP on Metaswitch Perimeta failures - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: T4x Series (/forumdisplay.php?fid=31)
+--- Thread: Yealink SRTP on Metaswitch Perimeta failures (/showthread.php?tid=40721)



Yealink SRTP on Metaswitch Perimeta failures - Jason77 - 03-25-2017 08:59 AM

It looks like there is a bug which causes inbound calls using SRTP on Metaswitch to fail. The issue is that the Yealink (I am using a T48G for my testing so do not know if all phones have the same issue) is not properly handling the offer/answer exchange of the MKI. Per RFC 4568, the answer must correspond to the offer but it looks like the Yealink is not doing this. Below is what I am seeing:

Offer:
m=audio 19098 RTP/SAVP 0 8 18 9 101
a=rtpmap:101 telephone-event/8000
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:tcZhj5iMNMuoU+JiBfJw1m4xhAk2Ubua90y6EAjb|2^20|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:BbivO5FOFa8aXP3DNWUzViTBxVVrRfNGJqrmixiq|2^20|1:1
a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:I2KC6b2vuZlMeHXcoDTp5zTClupjOt+yXWZbC9cO|2^20
a=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:7OaE95M+RqgBuSLx7RH4LCcw70BvHLFqBphaugCG|2^20

Answer:
m=audio 11780 RTP/SAVP 0 101
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:ZDBlYzBjMWZjMzM2NjgzNzgyN2Y5M2RhMjQ1Mzhj
a=sendrecv

If you look, you can see that the answer is replying that it wants to use crypto:1. However, the answer does not include the MKI and byte length field of 1:1. Since the MKI and byte length were given in the offer it must also be used in the answer. Since crypto:3 does not include the mki and byte length had the Yealink selected crypto:3 the call would have completed just fine. I have created a Lua SDP editing script to remove crypto:1 and crypto:2, which contain the mki and byte length parameters, and the calls work fine but it would be preferable for the Yealink to handle the Key parameters properly. Other phones we have tested all pick crypto:3 as their key and work fine, Yealink is the only phone I have found so far which does not handle the crypto key parameters properly.