Re: ice-pwd is too short, RFC5245 need at least 128 bits of randomness

[Morgan Chen <jacksonchenjp@xxxxxxxxxxx>]

Checked in src code:

In ice_session.c, method pj_ice_sess_create() to create a ICE session, has below code block:

    if (local_ufrag == NULL) {
        ice->rx_ufrag.ptr = (char*) pj_pool_alloc(ice->pool, PJ_ICE_UFRAG_LEN);
        pj_create_random_string(ice->rx_ufrag.ptr, PJ_ICE_UFRAG_LEN);
        ice->rx_ufrag.slen = PJ_ICE_UFRAG_LEN;
    } else {
        pj_strdup(ice->pool, &ice->rx_ufrag, local_ufrag);
    }

    if (local_passwd == NULL) {
        ice->rx_pass.ptr = (char*) pj_pool_alloc(ice->pool, PJ_ICE_UFRAG_LEN);
        pj_create_random_string(ice->rx_pass.ptr, PJ_ICE_UFRAG_LEN);
        ice->rx_pass.slen = PJ_ICE_UFRAG_LEN;
    } else {
        pj_strdup(ice->pool, &ice->rx_pass, local_passwd);
    }

PJ_ICE_UFRAG_LEN is defined in config.h as below:

#ifndef PJ_ICE_UFRAG_LEN
#   define PJ_ICE_UFRAG_LEN                8
#endif

The problem is that in RFC5245 (https://tools.ietf.org/pdf/rfc5245.pdf  )

the minimal length of ice-pwd is 128 bits.

So this should be a bug which need to be fixed .

Thanks.

Jackson

---

发件人: Morgan Chen <jacksonchenjp@xxxxxxxxxxx>
发送时间: 2017年12月28日 11:52
收件人: pjsip@xxxxxxxxxxxxxxx
主题: ice-pwd is too short, RFC5245 need at least 128 bits of randomness

 

Hi, PJSIP experts, 

I am new to PJSIP, now I am trying to make call using SIP to WebRTC. 

I am using MicroSIP to simulate SIP client, and using latest Chrome/Firefox for WebRTC side. 

>From PJSIP Datasheet page, https://trac.pjsip.org/repos/wiki/PJSIP-Datasheet

PJSIP should support ICE protocol RFC5245 (https://tools.ietf.org/pdf/rfc5245.pdf  )

And from RFC 5245 Page 76(section 15.4: "ice-ufrag" and "ice-pwd" Attributes) 

   The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the

beginning of a session. The ice-ufrag attribute MUST contain at

least 24 bits of randomness, and the ice-pwd attribute MUST contain

at least 128 bits of randomness.

But from captured packet in Wireshark, the length "ice-pwd" generated in pjmedia is less than 128 bits,  only 8 char actually, refer to attached screenshot for details. 

Also from this page, https://trac.pjsip.org/repos/wiki/Using_Standalone_ICE

The sample ic-pwd is just 8 char. 

a=ice-ufrag:2b2c6196 
a=ice-pwd:06ea0fa8 

Because ice-pwd is too short here, the browser side rejected this. 

Anyone can help to explain this ?

Appreciate your support in advance. 

Happy New Year.

Jackson

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org