Rejects calls that offer an `encryption` node for SRTP (#538)
Unknown opened 3 years ago

While testing Siskin with Dino, I found that Siskin rejects calls that offer SRTP encryption as per XEP-0167 (7).

When Siskin receives a session-initiate like

<iq id='50b14677-2ed2-4929-94dc-0dde9abca07c' type='set' to='bla@example.com/iPad'>
  <jingle xmlns='urn:xmpp:jingle:1' action='session-initiate' initiator='user@example.com/dino' sid='fa3ffc64-7cdb-4caa-a07c-cd15efb8e181'>
    <content creator='initiator' name='audio' senders='both'>
      <description xmlns='urn:xmpp:jingle:apps:rtp:1' media='audio'>
        <encryption>
          <crypto crypto-suite='AES_CM_128_HMAC_SHA1_80' key-params='inline:Ya5dYAuXuGPVz/7XT+ym4Q05nTg+b8C9fGZSjWIL' tag='1' />
        </encryption>
        ...
      </description>
      <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1' ufrag='iNWd' pwd='6p2LnHEQLmnecwkRDfRq6t'>
        <fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' hash='sha-256' setup='actpass'>
          1C:CA:3A:BA:A5:D2:76:1C:9C:17:E9:72:96:1B:FE:70:01:2A:63:D1:E8:DB:8C:05:8A:05:85:B7:1D:D5:BA:AE
        </fingerprint>
        ...
      </transport>
    </content>
  </jingle>
</iq>

it rejects the call by directly sending a session-terminate.

Dino supports simple RTP calls with SRTP encryption and thus includes the respective information. However, this is merely an offer to the recipient and WebRTC is also supported. Everything necessary for a WebRTC connection is announced and calls establish if Dino doesn't include the <encryption> node.

It would be good if you would just ignore the presence of the <encryption> node and just proceed to negotiate a WebRTC connection.

Siskin version: 7.0.1

Unknown commented 3 years ago

I'm going to add a workaround here, however, according to WebRTC specification SRTP "crypto" attribute (used only for SDES) is forbidden and due to the fact that you are sending it, the WebRTC is rejecting the payload. So you are correct, that you are sending everything required for WebRTC to work but also are sending data that forbids WebRTC to work properly.

issue 1 of 1
Type
Bug
Issue Votes (0)
Watchers (0)
Reference
tigase/_clients/siskin-im#538
Please wait...
Page is in error, reload to recover