[Freeswitch-dev] Debugging DTLS for WebRTC

Anthony Minessale anthony.minessale at gmail.com
Wed Sep 25 07:49:41 MSD 2013 

You'll have to get the key from the dtls stream, the srtp key is exchanged
over the DTLS and applied to the session.  You can see it in the rtp stack
code.



On Tue, Sep 24, 2013 at 6:22 PM, Sam Russell <sam.h.russell at gmail.com>wrote:

> Your last email helped me disable DTLS from the client end, and I have the
> FreeSwitch DTLS key so I can decrypt the DTLS stream - it's just that
> wireshark now doesn't know what to do with the decrypted payload. Each
> decrypted DTLS packet starts with 0x80 and then often 0x00 like the RTP
> packets that come through in plaintext, but I can't make the RTP dissector
> work on the decrypted payload - should I just be turning off DTLS
> altogether so I can focus on the payload?
>
>
> On Wed, Sep 25, 2013 at 11:18 AM, Anthony Minessale <
> anthony.minessale at gmail.com> wrote:
>
>> I already told you about the constraints bit in the last email. =D
>>
>>
>>
>>
>> On Tue, Sep 24, 2013 at 6:05 PM, Sam Russell <sam.h.russell at gmail.com>wrote:
>>
>>> Thanks Anthony.
>>>
>>> For future reference, Chrome has DTLS disabled by default, so in JsSIP
>>> (check their source for how to clone your own full copy and hack on it) you
>>> just need to override this bit in js/gui.js
>>>
>>> RTCConstraints: {"optional": [{'DtlsSrtpKeyAgreement': 'true'}]} //
>>> change true to false
>>>
>>> After this, it only uses FreeSwitch's key, and you can then decrypt the
>>> handshake correctly in Wireshark - but it looks like Wireshark won't let
>>> you decode SRTP (it doesn't seem to handle the 0x80->RTCP muxing in the
>>> DTLS packets, and it won't let you choose SRTP as the inner protocol) -
>>> screenshot shows the output I get from wireshark 1.10.2 -
>>> http://i.imgur.com/NyVHAdy.png
>>>
>>> Am I being a bit silly here, or does wireshark not yet have the
>>> capability to decode SRTP in DTLS?
>>>
>>> Cheers
>>> Sam
>>>
>>>
>>> On Wed, Sep 25, 2013 at 3:07 AM, Anthony Minessale <
>>> anthony.minessale at gmail.com> wrote:
>>>
>>>> They generate them iirc.
>>>> There is a constraints field in the javascript that tells if you want
>>>> to use dtls or not.
>>>> Have you tried it with jssip?
>>>>
>>>>
>>>>
>>>> On Tue, Sep 24, 2013 at 5:00 AM, Sam Russell <sam.h.russell at gmail.com>wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I've spent a few hours digging through captures and RFCs and I think I
>>>>> found where I'm getting caught - having the server key isn't enough - you
>>>>> need the client key (i.e. from your browser). I've got a couple of issues
>>>>> I'm tracking down with WebRTC support for FreeSwitch, does anybody know how
>>>>> to export private keys from Chrome/Firefox that they use for WebRTC? If I
>>>>> can get the browser private key AND the key from Freeswitch (dtls-srtp.key
>>>>> by the looks) then I can decrypt a DTLS stream and figure out what's going
>>>>> on.
>>>>>
>>>>> Cheers
>>>>> Sam
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-dev mailing list
>>>>> FreeSWITCH-dev at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Anthony Minessale II
>>>>
>>>> FreeSWITCH http://www.freeswitch.org/
>>>> ClueCon http://www.cluecon.com/
>>>> Twitter: http://twitter.com/FreeSWITCH_wire
>>>>
>>>> AIM: anthm
>>>> MSN:anthony_minessale at hotmail.com
>>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>>> IRC: irc.freenode.net #freeswitch
>>>>
>>>> FreeSWITCH Developer Conference
>>>> sip:888 at conference.freeswitch.org
>>>> googletalk:conf+888 at conference.freeswitch.org
>>>> pstn:+19193869900
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-dev mailing list
>>>> FreeSWITCH-dev at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-dev mailing list
>>> FreeSWITCH-dev at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>> http://www.freeswitch.org
>>>
>>>
>>
>>
>> --
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>> Twitter: http://twitter.com/FreeSWITCH_wire
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:+19193869900
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
>


-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
googletalk:conf+888 at conference.freeswitch.org
pstn:+19193869900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20130924/e9ee5d1f/attachment-0001.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-dev mailing list