pcaputil: SRTP Decryption failing with "err=authentication failure"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to decrypt the SRTP packets whose keys I got from the SIP exchange. However pcaputil is failing in libsrtp with "authentication error". I debugged it and it looks like computed auth data is not matching the authentication tag in srtp packet. I don't care about the codec right now. Just want to decrypt it successfully.

Is there anybody on this forum who can point what should I be looking to fix this problem?

Here is how I ran it:
./pcaputil -c AES_CM_128_HMAC_SHA1_80 -k FPiMIaHQEPxSSrfXm3UCM60SDre0Nt684wxeNlzX packets.pcap packets.wav --src-ip=10.133.11.71

The key is from INVITE SDP:

Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-Disposition: session; handling=optional; ms-proxy-2007fallback
v=0
o=- 0 0 IN IP4 10.133.11.71
s=session
c=IN IP4 10.133.11.71
b=CT:99980
t=0 0
m=audio 2689 RTP/AVP 114 111 112 115 116 4 8 0 97 13 118 101
k=base64:9WMKScPhNmNyz9PU3xB4o1TLW19IFp8h2ULXeaiTpIb0MqxDV5yVSCKV4s8j
a=candidate:upIaZBzTFifcAr+B+BPCObFxWSbYVcSCtEBHpzT2ki4 1 PsxX3VVNLmcjpJA/9KO1Hg UDP 0.830 10.133.11.71 2689 
a=candidate:upIaZBzTFifcAr+B+BPCObFxWSbYVcSCtEBHpzT2ki4 2 PsxX3VVNLmcjpJA/9KO1Hg UDP 0.830 10.133.11.71 2181 
a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:EfUVxWAGW9puUSfWkWtzB/bo6kZ3yPOHbRuR2gPD|2^31|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:FPiMIaHQEPxSSrfXm3UCM60SDre0Nt684wxeNlzX|2^31|1:1
a=maxptime:200
a=rtcp:2181
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:4 G723/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=encryption:required

The packet looks like this:
Ethernet II, Src: Dell_4a:b8:78 (00:14:22:4a:b8:78), Dst: Dell_4b:4f:ef (00:14:22:4b:4f:ef)
Internet Protocol, Src: 10.133.11.71 (10.133.11.71), Dst: 10.133.11.73 (10.133.11.73)
User Datagram Protocol, Src Port: 24082 (24082), Dst Port: 8454 (8454)
Real-Time Transport Protocol
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...0 .... = Extension: False
    .... 0000 = Contributing source identifiers count: 0
    1... .... = Marker: True
    Payload type: Unknown (114)
    Sequence number: 4553
    Timestamp: 4267288183
    Synchronization Source identifier: 0xb2398e25 (2990116389)
    Payload: 9E34919CAD3D7534CA58D9F25DD1B507CCC9A85098AA6E0E...

0000  00 14 22 4b 4f ef 00 14 22 4a b8 78 08 00 45 00   .."KO..."J.x..E.
0010  00 97 59 e7 00 00 80 11 b4 d5 0a 85 0b 47 0a 85   ..Y..........G..
0020  0b 49 5e 12 21 06 00 83 f2 77 80 f2 11 c9 fe 59   .I^.!....w.....Y
0030  a6 77 b2 39 8e 25 9e 34 91 9c ad 3d 75 34 ca 58   .w.9.%.4...=u4.X
0040  d9 f2 5d d1 b5 07 cc c9 a8 50 98 aa 6e 0e c1 13   ..]......P..n...
0050  87 78 e1 38 a9 f8 ab f1 b6 e1 19 1b 80 51 52 cf   .x.8.........QR.
0060  29 75 26 38 d0 31 34 51 3c 92 e7 e1 1b 6d 1f 46   )u&8.14Q<....m.F
0070  23 3c 2e 3d df d6 0a 04 9d d1 02 47 4b b8 78 5e   #<.=.......GK.x^
0080  c3 2e a0 ff aa 3c 5d 2e fd 2c bc f7 ae 16 d9 5c   .....<]..,.....\
0090  9f 33 e6 b5 19 fd 94 63 65 0d 01 6c f6 4e 9d 53   .3.....ce..l.N.S
00a0  5d eb 88 6a 2d                                    ]..j-

Error Output:

 10:05:17.485 os_core_unix.c  pjlib 1.5.5 for POSIX initialized
 10:05:17.486       pa_dev.c  PortAudio sound library initialized, status=0
 10:05:17.486       pa_dev.c  PortAudio host api count=1
 10:05:17.486       pa_dev.c  Sound device count=0
 10:05:17.486          pjlib  select() I/O Queue created (0x80bd6dc)
 10:05:17.486     endpoint.c  Warning: no worker thread is created inmedia endpoint for internal ioqueue
 10:05:17.498  srtp0x80c6e78  TX: AES_CM_128_HMAC_SHA1_80 key=14f88c21a1d010fc524ab7d79b750233ad120eb7b436debce30c5e365cd7
 10:05:17.498  srtp0x80c6e78  RX: AES_CM_128_HMAC_SHA1_80 key=14f88c21a1d010fc524ab7d79b750233ad120eb7b436debce30c5e365cd7
 10:05:17.498          rtp.c  pjmedia_rtp_session_init: ses=0x80ba1a0, default_pt=0, ssrc=0x0
 10:05:17.498  srtp0x80c6e78  Failed to unprotect SRTP, pkt size=24, err=authentication failure
SRTP packet decryption failed, skipping packet: authentication failure
 10:37:03.180  srtp0x80c6e78  Failed to unprotect SRTP, pkt size=123, err=authentication failure
SRTP packet decryption failed, skipping packet: authentication failure


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20100512/c2942b62/attachment.html>
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux