Skip to content

Signalling support for SRTP

Evangelos Ribeiro Tzaras requested to merge devrtz/calls:wip/srtp into master

This is on top of !541 (merged)

  • Provide utilities for generating and parsing RFC 4568 crypto attributes for SDP
  • Extensive tests
  • Offer/Answer negotiation of cryptographic parameters
  • Plug results from offer/answer into pipeline
  • Add SIP account option for SRTP

A note about SRTP support:

In order to signal SRTP being optional (for outgoing calls) we would need to support RFC 5939 SDP Capability Negotiation. This means that we can only force SRTP being enabled or disabled, and cannot use opportunistic encryption. RFC4568 says media lines MUST be rejected if parameters are not supported or not allowed by policy.

Potentially we could use the OPTIONS request to query capabilities of the callee and get around the issue of having to force encryption on or off for outgoing calls.

For incoming calls we can allow or force it by accepting/refusing (with 488).

Maybe relevant https://www.rfc-editor.org/rfc/rfc5027

Edit: Seems capabilities can be queried by the rules specified in https://datatracker.ietf.org/doc/html/rfc3264#section-9 will have to see if that also works with the crypto attributes.

Edited by Evangelos Ribeiro Tzaras

Merge request reports