Do I need a particular version of Voice/HMP Elements to use SRTP or SIP TLS?

From VESupport

Jump to: navigation, search

Yes, HMP Elements must be at version 2.2.9.3 or later.

To receive secure calls, the sender must include a cryptography key in the INVITE for the new call.

This is done by sending an INVITE with a crypto attribute of AES_CM_128_HMAC_SHA1_80, and SAVP in the m=audio line like this:

INVITE sip:184@123.45.67 SIP/2.0
...
v=0
o=- 20038 20038 IN IP4 192.168.50.22
s=SDP data
c=IN IP4 192.168.50.22
t=0 0
m=audio 11848 RTP/SAVP 0 8 18 9 101
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendrecv
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:YjU5OWUwZTdddIyMTdjzzUzMzE5ODk5NjJj5WZi

This method is known as SDES (Session Description Protocol Security Descriptions) and is defined in RFC 4568.

(When using the above method, it is best to have the user or carrier connecting to HMPelements using TLS so that the SDP is encrypted. Otherwise the session key is sent in plain text.) But it will still work with UDP or TCP.

To PLACE secure calls you must cast the ChannelResource to a SipChannel:

           SipChannel sipChannel = m_ChannelResource as SipChannel;
           if (sipChannel != null)
           {
               sipChannel.OriginatingCallerIdName = nextStationData.CallerIdName;
               sipChannel.TransportProtocol = TransportProtocol.TLS;
               sipChannel.RtpEncryptionMode = RtpEncryptionMode.SecuredOnly;
           }
           m_channelResource.Dial(...);

Where Transport Protocol is:

   //
   // Summary:
   //     The Transport Protocol used for the SIP Session
   public enum TransportProtocol
   {
       //
       // Summary:
       //     Transport is unspecified
       Unspecified = 0,
       //
       // Summary:
       //     UDP Transport
       UDP = 1,
       //
       // Summary:
       //     TCP Transport
       TCP = 2,
       //
       // Summary:
       //     TLS over TCP Transport
       TLS = 3,
       //
       // Summary:
       //     WebRTC Socket
       WebRTC = 101
   }

And:

   //
   // Summary:
   //     The requested encryption mode for the call's RTP stream
   public enum RtpEncryptionMode
   {
       //
       // Summary:
       //     Only unsecured RTP will be used
       UnsecuredOnly = 0,
       //
       // Summary:
       //     Only secured RTP will be used
       SecuredOnly = 1,
       //
       // Summary:
       //     Secure RTP is preferred but unsecured is allowed
       SecuredPreferredUnsecuredAllowed = 2,
       //
       // Summary:
       //     Unsecured RTP is preferred but secured is allowed
       UnsecuredPreferredSecuredAllowed = 3
   }
Personal tools