Programmable Voice

  1. Home
  2. Docs
  3. Programmable Voice
  4. SIP
  5. Do I need a particular version of Voice/HMP Elements to use SRTP or SIP TLS

Do I need a particular version of Voice/HMP Elements to use SRTP or SIP TLS

Yes, HMP Elements must be at version 2.2.9.3 or later.

To receive secure calls, the sender must include a cryptography key in the INVITE for the new call.

This is done by sending an INVITE with a crypto attribute of AES_CM_128_HMAC_SHA1_80, and SAVP in the m=audio line like this:

INVITE sip:184@123.45.67 SIP/2.0
...
v=0
o=- 20038 20038 IN IP4 192.168.50.22
s=SDP data
c=IN IP4 192.168.50.22
t=0 0
m=audio 11848 RTP/SAVP 0 8 18 9 101
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendrecv
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:YjU5OWUwZTdddIyMTdjzzUzMzE5ODk5NjJj5WZi

This method is known as SDES (Session Description Protocol Security Descriptions) and is defined in RFC 4568.

(When using the above method, it is best to have the user or carrier connecting to HMPelements using TLS so that the SDP is encrypted. Otherwise the session key is sent in plain text.) But it will still work with UDP or TCP.

To PLACE secure calls you must cast the ChannelResource to a SipChannel:

           
SipChannel sipChannel = m_ChannelResource as SipChannel;
if (sipChannel != null)
{
    sipChannel.OriginatingCallerIdName = nextStationData.CallerIdName;
    sipChannel.TransportProtocol = TransportProtocol.TLS;
    sipChannel.RtpEncryptionMode = RtpEncryptionMode.SecuredOnly;
}
m_channelResource.Dial(...);

Where Transport Protocol is:

// Summary:
//     The Transport Protocol used for the SIP Session
public enum TransportProtocol
{
    //
    // Summary:
    //     Transport is unspecified
    Unspecified = 0,
    //
    // Summary:
    //     UDP Transport
    UDP = 1,
    //
    // Summary:
    //     TCP Transport
    TCP = 2,
    //
    // Summary:
    //     TLS over TCP Transport
    TLS = 3,
    //
    // Summary:
    //     WebRTC Socket
    WebRTC = 101
}

And:

// Summry:
//     The requested encryption mode for the call's RTP stream
public enum RtpEncryptionMode
{
    //
    // Summary:
    //     Only unsecured RTP will be used
    UnsecuredOnly = 0,
    //
    // Summary:
    //     Only secured RTP will be used
    SecuredOnly = 1,
    //
    // Summary:
    //     Secure RTP is preferred but unsecured is allowed
    SecuredPreferredUnsecuredAllowed = 2,
    //
    // Summary:
    //     Unsecured RTP is preferred but secured is allowed
    UnsecuredPreferredSecuredAllowed = 3
}
Was this article helpful to you? Yes 8 No

How can we help?