User's Manual
This draft defines a cryptographic attribute for SDP to be used for media encryption.
There is no official definition for how to use this in MGCP. Therefore, rules were
developed for the Mediant 2000 and detailed below.
7.1.14.1
Supported Suites
SRTP implementation in DSP is limited to AES_CM_128_HMAC_SHA1_32,
AES_CM_128_HMAC_SHA1_80. All other suites are ignored.
While SRTP suite may hold many keys and key parameters, the Mediant 2000
supports a single key or no key parameters. Suites that are provided with many keys
or keys parameters are ignored and marked as not valid. A suite that contains extra
parameters is rejected even if it is a suite that is a supported suite.
7.1.14.2
Configuration and Activation
The following defines the encryption support level:
1.
DSP template - Template 0 supports SRTP.
2.
Feature Key – Defines if media encryption is enabled on the board.
3.
ini file parameter – The parameter "EnableMediaSecurity" defines SRTP
support when set to Enable, e.g., EnableMediaSecurity = 1.
The local descriptor may contain more parameters regarding the encryption, and
these are described in the following paragraphs.
7.1.14.3
SRTP Local Connection Option Format
Use of SRTP LCO parameters is described below, in Secured Connection
Negotiation.
Parameter
LocalOptionValue=
EncryptionAlgorithm=
algorithmName =
7.1.14.4
SDP Definition
The following attribute is defined in:
www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt.
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
Version 5.0
Table 7-4: SRTP ABNF Parameter Description
Description
("srtp" ":" EncryptionAlgorithm) Or
("x-srtp" ":" EncryptionAlgorithm)
algorithmName 0*(";" algorithmName)
AES_CM_128_HMAC_SHA1_32,
AES_CM_128_HMAC_SHA1_80
F8_128_HMAC_SHA1_32
SRTP_SUITE_NULL
87
7. Standard Control Protocols
June 2006