[Freeswitch-dev] Debugging DTLS for WebRTC

Sam Russell sam.h.russell at gmail.com
Wed Sep 25 08:09:39 MSD 2013 

I've had a bit more of a play - it looks like I had decrypted it properly
at the start, but wireshark was just not detecting it as RTP. If I go into
protocol preferences and tick the box to try and decode RTP outside of
conversations it generally picks them up, and sometimes I need to force it.


On Wed, Sep 25, 2013 at 3:49 PM, Anthony Minessale <
anthony.minessale at gmail.com> wrote:

> You'll have to get the key from the dtls stream, the srtp key is exchanged
> over the DTLS and applied to the session.  You can see it in the rtp stack
> code.
>
>
>
> On Tue, Sep 24, 2013 at 6:22 PM, Sam Russell <sam.h.russell at gmail.com>wrote:
>
>> Your last email helped me disable DTLS from the client end, and I have
>> the FreeSwitch DTLS key so I can decrypt the DTLS stream - it's just that
>> wireshark now doesn't know what to do with the decrypted payload. Each
>> decrypted DTLS packet starts with 0x80 and then often 0x00 like the RTP
>> packets that come through in plaintext, but I can't make the RTP dissector
>> work on the decrypted payload - should I just be turning off DTLS
>> altogether so I can focus on the payload?
>>
>>
>> On Wed, Sep 25, 2013 at 11:18 AM, Anthony Minessale <
>> anthony.minessale at gmail.com> wrote:
>>
>>> I already told you about the constraints bit in the last email. =D
>>>
>>>
>>>
>>>
>>> On Tue, Sep 24, 2013 at 6:05 PM, Sam Russell <sam.h.russell at gmail.com>wrote:
>>>
>>>> Thanks Anthony.
>>>>
>>>> For future reference, Chrome has DTLS disabled by default, so in JsSIP
>>>> (check their source for how to clone your own full copy and hack on it) you
>>>> just need to override this bit in js/gui.js
>>>>
>>>> RTCConstraints: {"optional": [{'DtlsSrtpKeyAgreement': 'true'}]} //
>>>> change true to false
>>>>
>>>> After this, it only uses FreeSwitch's key, and you can then decrypt the
>>>> handshake correctly in Wireshark - but it looks like Wireshark won't let
>>>> you decode SRTP (it doesn't seem to handle the 0x80->RTCP muxing in the
>>>> DTLS packets, and it won't let you choose SRTP as the inner protocol) -
>>>> screenshot shows the output I get from wireshark 1.10.2 -
>>>> http://i.imgur.com/NyVHAdy.png
>>>>
>>>> Am I being a bit silly here, or does wireshark not yet have the
>>>> capability to decode SRTP in DTLS?
>>>>
>>>> Cheers
>>>> Sam
>>>>
>>>>
>>>> On Wed, Sep 25, 2013 at 3:07 AM, Anthony Minessale <
>>>> anthony.minessale at gmail.com> wrote:
>>>>
>>>>> They generate them iirc.
>>>>> There is a constraints field in the javascript that tells if you want
>>>>> to use dtls or not.
>>>>> Have you tried it with jssip?
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Sep 24, 2013 at 5:00 AM, Sam Russell <sam.h.russell at gmail.com>wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've spent a few hours digging through captures and RFCs and I think
>>>>>> I found where I'm getting caught - having the server key isn't enough - you
>>>>>> need the client key (i.e. from your browser). I've got a couple of issues
>>>>>> I'm tracking down with WebRTC support for FreeSwitch, does anybody know how
>>>>>> to export private keys from Chrome/Firefox that they use for WebRTC? If I
>>>>>> can get the browser private key AND the key from Freeswitch (dtls-srtp.key
>>>>>> by the looks) then I can decrypt a DTLS stream and figure out what's going
>>>>>> on.
>>>>>>
>>>>>> Cheers
>>>>>> Sam
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-dev mailing list
>>>>>> FreeSWITCH-dev at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Anthony Minessale II
>>>>>
>>>>> FreeSWITCH http://www.freeswitch.org/
>>>>> ClueCon http://www.cluecon.com/
>>>>> Twitter: http://twitter.com/FreeSWITCH_wire
>>>>>
>>>>> AIM: anthm
>>>>> MSN:anthony_minessale at hotmail.com
>>>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>>>> IRC: irc.freenode.net #freeswitch
>>>>>
>>>>> FreeSWITCH Developer Conference
>>>>> sip:888 at conference.freeswitch.org
>>>>> googletalk:conf+888 at conference.freeswitch.org
>>>>> pstn:+19193869900
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-dev mailing list
>>>>> FreeSWITCH-dev at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-dev mailing list
>>>> FreeSWITCH-dev at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>> ClueCon http://www.cluecon.com/
>>> Twitter: http://twitter.com/FreeSWITCH_wire
>>>
>>> AIM: anthm
>>> MSN:anthony_minessale at hotmail.com
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>> sip:888 at conference.freeswitch.org
>>> googletalk:conf+888 at conference.freeswitch.org
>>> pstn:+19193869900
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-dev mailing list
>>> FreeSWITCH-dev at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
> Twitter: http://twitter.com/FreeSWITCH_wire
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> googletalk:conf+888 at conference.freeswitch.org
> pstn:+19193869900
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20130925/9634db4f/attachment.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-dev mailing list