[jitsi-dev] [zrtp4j] Lot of null packets when trying to use reverse transform with SRTP.


#1

Hi,

I'm currently trying to use DTLS-SRTP (using bouncycastle 1.49) with SRTP
(using ZRTP4J implementation).

Starting from SDES4J, I was able to initialize a SRTPTransformEngine (I'm
using SrtpCryptoSuite in order to get correct encryption settings) :

private SRTPTransformEngine getSRTPTransformEngine(byte[] key, byte[] salt)
{
        SrtpCryptoSuite cryptoSuite = new
SrtpCryptoSuite(SrtpCryptoSuite.AES_CM_128_HMAC_SHA1_80);

        SRTPPolicy srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION,
cryptoSuite.getEncKeyLength() / 8,

SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtpAuthKeyLength() / 8,

cryptoSuite.getSrtpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() / 8
);
        SRTPPolicy srtcpPolicy = new
SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,

SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtcpAuthKeyLength() / 8,

cryptoSuite.getSrtcpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() /
8);

        return new SRTPTransformEngine(key, salt, srtpPolicy, srtcpPolicy);
}

Using this SRTPTransformEngine, I'm getting the corresponding
PacketTransformer, and tried to uncrypt SRTP to basic RTP packet (using :
getIncomingSrtpTransformEngine().getRTPTransformer(); )

public void process(RawPacket cryptedPacket) {
        try
        {
            _packets ++;
            RawPacket clearPacket =
_packetTransformer.reverseTransform(cryptedPacket);
            if (clearPacket != null) {
                ByteBuffer buff = ByteBuffer.wrap(clearPacket.getBuffer(),
0, clearPacket.getLength());
                _localChannel.send(buff, _remoteSocket);
                _sentPacket ++;
            } else {
                _nullPackets ++;
            }
        }
        catch (Throwable e)
        {
            __logger.warn("[Call {}] Failed to process SRTP packet for S{}
: {}", new Object[]{_call.getId(), _type, e});
        }
    }

For an audio stream (using G711µ), this is working correctly, with the
following statistics (using basic counters _packets, _sentPacket and
_nullPackets) :

SRTP Audio - Received 690 crypted packets - sent 679 clear packet - null
packets : 11

But, for a video stream (same key exchange, same engine initialization),
I'm getting a lot of null packets :

SRTP Video - Received 697 crypted packets - sent 531 clear packet - null
packets : 166

My keys seems ok (I'm able to listen to the resulting audio, and I'm seeing
the first picture of my video stream).

What can I do to limit the numbers of null packets ? Did I miss something
when initializing my SRTPTransformEngine ?

Thanks a lot for the help,

···

--
Pierrick Grasland


#2

I don't see anything obvious right now, but I'm on the way. Have you debugged why the packet results as null? Is it the authentication or something else?
Is the sending part also from Jitsi code or could it be that something is wrong on the remote side?

Ingo

-- sent from my mobile

···

Le 01.08.2013 à 10:32, "Pierrick Grasland" <pierrick.grasland@gmail.com> a écrit :

Hi,

I'm currently trying to use DTLS-SRTP (using bouncycastle 1.49) with SRTP (using ZRTP4J implementation).

Starting from SDES4J, I was able to initialize a SRTPTransformEngine (I'm using SrtpCryptoSuite in order to get correct encryption settings) :

private SRTPTransformEngine getSRTPTransformEngine(byte[] key, byte[] salt) {
        SrtpCryptoSuite cryptoSuite = new SrtpCryptoSuite(SrtpCryptoSuite.AES_CM_128_HMAC_SHA1_80);

        SRTPPolicy srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
                                                                     SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtpAuthKeyLength() / 8,
                                                                     cryptoSuite.getSrtpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() / 8 );
        SRTPPolicy srtcpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
                                                                     SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtcpAuthKeyLength() / 8,
                                                                     cryptoSuite.getSrtcpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() / 8);
        
        return new SRTPTransformEngine(key, salt, srtpPolicy, srtcpPolicy);
}

Using this SRTPTransformEngine, I'm getting the corresponding PacketTransformer, and tried to uncrypt SRTP to basic RTP packet (using : getIncomingSrtpTransformEngine().getRTPTransformer(); )

public void process(RawPacket cryptedPacket) {
        try
        {
            _packets ++;
            RawPacket clearPacket = _packetTransformer.reverseTransform(cryptedPacket);
            if (clearPacket != null) {
                ByteBuffer buff = ByteBuffer.wrap(clearPacket.getBuffer(), 0, clearPacket.getLength());
                _localChannel.send(buff, _remoteSocket);
                _sentPacket ++;
            } else {
                _nullPackets ++;
            }
        }
        catch (Throwable e)
        {
            __logger.warn("[Call {}] Failed to process SRTP packet for S{} : {}", new Object[]{_call.getId(), _type, e});
        }
    }

For an audio stream (using G711µ), this is working correctly, with the following statistics (using basic counters _packets, _sentPacket and _nullPackets) :

SRTP Audio - Received 690 crypted packets - sent 679 clear packet - null packets : 11

But, for a video stream (same key exchange, same engine initialization), I'm getting a lot of null packets :

SRTP Video - Received 697 crypted packets - sent 531 clear packet - null packets : 166

My keys seems ok (I'm able to listen to the resulting audio, and I'm seeing the first picture of my video stream).

What can I do to limit the numbers of null packets ? Did I miss something when initializing my SRTPTransformEngine ?

Thanks a lot for the help,
--
Pierrick Grasland

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

I'm receiving SRTP packets from Firefox 22 and Chrome 29 (beta), using
WebRTC.

With firefox, I have the following stats for audio : 4/1287 (null packets /
total packets) and for video : 384/1323.
Chrome has the same ratio (audio = 4/1762 and video = 251/868).

This seems to result from an authentication problem.

I seing my trace (added to SRTPCryptoContext.reverseTransformPacket ) when
I'm running a test :

            // save computed authentication in tagStore
            authenticatePacket(pkt, guessedROC);

            for (int i = 0; i < tagLength; i++) {
                if ((tempStore[i]&0xff) == (tagStore[i]&0xff))
                    continue;
                else {
                    System.out.println("Packet has authentication problem -
tempStore != tagStore");
                    return false;
                }
            }

···

2013/8/1 Ingo Bauersachs <ingo@jitsi.org>

I don't see anything obvious right now, but I'm on the way. Have you
debugged why the packet results as null? Is it the authentication or
something else?
Is the sending part also from Jitsi code or could it be that something is
wrong on the remote side?

Ingo

-- sent from my mobile

Le 01.08.2013 à 10:32, "Pierrick Grasland" <pierrick.grasland@gmail.com> > a écrit :

> Hi,
>
> I'm currently trying to use DTLS-SRTP (using bouncycastle 1.49) with
SRTP (using ZRTP4J implementation).
>
> Starting from SDES4J, I was able to initialize a SRTPTransformEngine
(I'm using SrtpCryptoSuite in order to get correct encryption settings) :
>
> private SRTPTransformEngine getSRTPTransformEngine(byte[] key, byte[]
salt) {
> SrtpCryptoSuite cryptoSuite = new
SrtpCryptoSuite(SrtpCryptoSuite.AES_CM_128_HMAC_SHA1_80);
>
> SRTPPolicy srtpPolicy = new
SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
>
SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtpAuthKeyLength() / 8,
>
cryptoSuite.getSrtpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() / 8
);
> SRTPPolicy srtcpPolicy = new
SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
>
SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtcpAuthKeyLength() /
8,
>
cryptoSuite.getSrtcpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() /
8);
>
> return new SRTPTransformEngine(key, salt, srtpPolicy,
srtcpPolicy);
> }
>
> Using this SRTPTransformEngine, I'm getting the corresponding
PacketTransformer, and tried to uncrypt SRTP to basic RTP packet (using :
getIncomingSrtpTransformEngine().getRTPTransformer(); )
>
> public void process(RawPacket cryptedPacket) {
> try
> {
> _packets ++;
> RawPacket clearPacket =
_packetTransformer.reverseTransform(cryptedPacket);
> if (clearPacket != null) {
> ByteBuffer buff =
ByteBuffer.wrap(clearPacket.getBuffer(), 0, clearPacket.getLength());
> _localChannel.send(buff, _remoteSocket);
> _sentPacket ++;
> } else {
> _nullPackets ++;
> }
> }
> catch (Throwable e)
> {
> __logger.warn("[Call {}] Failed to process SRTP packet for
S{} : {}", new Object[]{_call.getId(), _type, e});
> }
> }
>
> For an audio stream (using G711µ), this is working correctly, with the
following statistics (using basic counters _packets, _sentPacket and
_nullPackets) :
>
> SRTP Audio - Received 690 crypted packets - sent 679 clear packet - null
packets : 11
>
> But, for a video stream (same key exchange, same engine initialization),
I'm getting a lot of null packets :
>
> SRTP Video - Received 697 crypted packets - sent 531 clear packet - null
packets : 166
>
> My keys seems ok (I'm able to listen to the resulting audio, and I'm
seeing the first picture of my video stream).
>
> What can I do to limit the numbers of null packets ? Did I miss
something when initializing my SRTPTransformEngine ?
>
> Thanks a lot for the help,
> --
> Pierrick Grasland
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
Pierrick Grasland


#4

I finally nailed it. It was due to a bug in my RTP handling code.

Each packet was received by a reading thread (one for each port). This
thread is delegating the packet processing to other thread (I'm using a
thread pool, and each packet is manage in its own thread).

My reading thread was reusing the incoming buffer for every new srtp
packet. Because this buffer isn't copied when creating a new RawPacket, I
triggered a case when a new packet has overwritten an old one, currently
being processing.

So, authentication was failing correctly. After fixing this, I'm not
encountering null packets anymore.

Regards,

···

2013/8/1 Pierrick Grasland <pierrick.grasland@gmail.com>

I'm receiving SRTP packets from Firefox 22 and Chrome 29 (beta), using
WebRTC.

With firefox, I have the following stats for audio : 4/1287 (null packets
/ total packets) and for video : 384/1323.
Chrome has the same ratio (audio = 4/1762 and video = 251/868).

This seems to result from an authentication problem.

I seing my trace (added to SRTPCryptoContext.reverseTransformPacket ) when
I'm running a test :

            // save computed authentication in tagStore
            authenticatePacket(pkt, guessedROC);

            for (int i = 0; i < tagLength; i++) {
                if ((tempStore[i]&0xff) == (tagStore[i]&0xff))
                    continue;
                else {
                    System.out.println("Packet has authentication problem
- tempStore != tagStore");
                    return false;
                }
            }

2013/8/1 Ingo Bauersachs <ingo@jitsi.org>

I don't see anything obvious right now, but I'm on the way. Have you
debugged why the packet results as null? Is it the authentication or
something else?
Is the sending part also from Jitsi code or could it be that something is
wrong on the remote side?

Ingo

-- sent from my mobile

Le 01.08.2013 à 10:32, "Pierrick Grasland" <pierrick.grasland@gmail.com> >> a écrit :

> Hi,
>
> I'm currently trying to use DTLS-SRTP (using bouncycastle 1.49) with
SRTP (using ZRTP4J implementation).
>
> Starting from SDES4J, I was able to initialize a SRTPTransformEngine
(I'm using SrtpCryptoSuite in order to get correct encryption settings) :
>
> private SRTPTransformEngine getSRTPTransformEngine(byte[] key, byte[]
salt) {
> SrtpCryptoSuite cryptoSuite = new
SrtpCryptoSuite(SrtpCryptoSuite.AES_CM_128_HMAC_SHA1_80);
>
> SRTPPolicy srtpPolicy = new
SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
>
SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtpAuthKeyLength() / 8,
>
cryptoSuite.getSrtpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() / 8
);
> SRTPPolicy srtcpPolicy = new
SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, cryptoSuite.getEncKeyLength() / 8,
>
SRTPPolicy.HMACSHA1_AUTHENTICATION, cryptoSuite.getSrtcpAuthKeyLength() /
8,
>
cryptoSuite.getSrtcpAuthTagLength() / 8, cryptoSuite.getSaltKeyLength() /
8);
>
> return new SRTPTransformEngine(key, salt, srtpPolicy,
srtcpPolicy);
> }
>
> Using this SRTPTransformEngine, I'm getting the corresponding
PacketTransformer, and tried to uncrypt SRTP to basic RTP packet (using :
getIncomingSrtpTransformEngine().getRTPTransformer(); )
>
> public void process(RawPacket cryptedPacket) {
> try
> {
> _packets ++;
> RawPacket clearPacket =
_packetTransformer.reverseTransform(cryptedPacket);
> if (clearPacket != null) {
> ByteBuffer buff =
ByteBuffer.wrap(clearPacket.getBuffer(), 0, clearPacket.getLength());
> _localChannel.send(buff, _remoteSocket);
> _sentPacket ++;
> } else {
> _nullPackets ++;
> }
> }
> catch (Throwable e)
> {
> __logger.warn("[Call {}] Failed to process SRTP packet for
S{} : {}", new Object[]{_call.getId(), _type, e});
> }
> }
>
> For an audio stream (using G711µ), this is working correctly, with the
following statistics (using basic counters _packets, _sentPacket and
_nullPackets) :
>
> SRTP Audio - Received 690 crypted packets - sent 679 clear packet -
null packets : 11
>
> But, for a video stream (same key exchange, same engine
initialization), I'm getting a lot of null packets :
>
> SRTP Video - Received 697 crypted packets - sent 531 clear packet -
null packets : 166
>
> My keys seems ok (I'm able to listen to the resulting audio, and I'm
seeing the first picture of my video stream).
>
> What can I do to limit the numbers of null packets ? Did I miss
something when initializing my SRTPTransformEngine ?
>
> Thanks a lot for the help,
> --
> Pierrick Grasland
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
Pierrick Grasland

--
Pierrick Grasland