SRTP 256 - SRTP auth Tag not displayed in the RTP packet

asked 2022-11-08 11:29:13 +0000

hari gravatar image

updated 2022-11-08 12:14:13 +0000

grahamb gravatar image

For 128 bit SRTP encryption, total size (182) ->12 bytes header -> the payload of size 160 bytes is displayed in wireshark as "SRTP Encrypted payload" -> 10 bytes of SRTP auth Tag is displayed.

User Datagram Protocol, Src Port: 10000, Dst Port: 4014
    Source Port: 10000
    Destination Port: 4014
    Length: 190
    Checksum: 0x17fa [unverified]
    [Checksum Status: Unverified]
    [Stream index: 1379]
    [Timestamps]
    UDP payload (182 bytes)
Real-Time Transport Protocol
    [Stream setup by SDP (frame 28688)]
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...0 .... = Extension: False
    .... 0000 = Contributing source identifiers count: 0
    0... .... = Marker: False
    Payload type: ITU-T G.711 PCMU (0)
    Sequence number: 0
    [Extended sequence number: 65536]
    Timestamp: 434670322
    Synchronization Source identifier: 0x0af5d54b (183883083)
    **SRTP Encrypted Payload:** 2d64b7464dd84f523edff434efade54a96446c118b2cc8ffc107a21efcd889bebc6d5fa9…
    **SRTP Auth Tag**: ca9be8fde9ec0a192491

In 256 bit encryption, only SRTP Encrypted payload is displayed in wireshark. SRTP auth Tag is not shown. Total of 170 bytes(160 bytes payload + 10 bytes auth tag) is displayed as SRTP encrypted payload. 

Internet Protocol Version 4, Src: 10.90.1.59, Dst: 10.90.1.60
User Datagram Protocol, Src Port: 10000, Dst Port: 4012
    Source Port: 10000
    Destination Port: 4012
    Length: 190
    Checksum: 0x17fa [unverified]
    [Checksum Status: Unverified]
    [Stream index: 295]
    [Timestamps]
    UDP payload (182 bytes)
Real-Time Transport Protocol
    [Stream setup by SDP (frame 7603)]
        [Setup frame: 7603]
        [Setup Method: SDP]
        [Generated Call-ID: [email protected]]
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...0 .... = Extension: False
    .... 0000 = Contributing source identifiers count: 0
    0... .... = Marker: False
    Payload type: ITU-T G.711 PCMU (0)
    Sequence number: 86
    [Extended sequence number: 65622]
    Timestamp: 434225132
    Synchronization Source identifier: 0x682785f4 (1747420660)
    SRTP Encrypted Payload: 6fe717d486ce42a571a0d27e1a692ab36101773ba9c6f35dd30c6794cf6612eb3608770d…
edit retag flag offensive close merge delete

Comments

Can you share a capture file?
There are two checks in packet-rtp.c before

proto_tree_add_item(rtp_tree, hf_srtp_auth_tag, newtvb, offset, srtp_info->auth_tag_len, ENC_NA);

is added and would easier to answer the question when working through in the debugger.

Chuckc gravatar imageChuckc ( 2022-11-08 14:34:42 +0000 )edit

Make sure to include the stream setup information in these captures, e.g., the SDP related to these calls.

Jaap gravatar imageJaap ( 2022-11-08 16:19:23 +0000 )edit
add a comment