error: srtp unprotection failed with code 7 (auth check failed)

[snowuyl]

Server: PEER_V=20000 PEER_IP=127.0.0.1 \ SELF_PATH="/home/snowuyl/Videos/1080p_30fps_217s.ts" \ SELF_VSSRC=0xdeadbeef \ SELF_KEY="4142434445464748494A4B4C4D4E4F505152535455565758595A31323334" \ bash -c 'gst-launch-1.0 -e \ uridecodebin uri="file://$SELF_PATH" \ ! videoconvert \ ! x264enc tune=zerolatency \ ! rtph264pay \ ! "application/x-rtp,payload=(int)103,ssrc=(uint)$SELF_VSSRC" \ ! srtpenc key="$SELF_KEY" \ rtp-cipher="aes-128-icm" rtp-auth="hmac-sha1-80" \ rtcp-cipher="aes-128-icm" rtcp-auth="hmac-sha1-80" \ ! udpsink host=$PEER_IP port=$PEER_V'

Client: ./rtpw -k $key -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.5.0 [0x2050000] security services: confidentiality message authentication set master key/salt to 4142434445464748494a4b4c4d4e4f50/5152535455565758595a31323334 srtp_add_stream E srtp_add_stream E srtp_unprotect_mki ctx=0xac8dc190, hdr->ssrc=0xefbeadde, stream=0xac8dc1b0 computed auth tag: 24bf11188fe64571f97a packet auth tag: 12e232e899f43a23fe84 srtp_unprotect_mki 1 return srtp_err_status_auth_fail error: srtp unprotection failed with code 7 (auth check failed) rtp_recvfrom 2 return -1

[pabuhler]

I am guessing this is a kind of duplicate of #575 . Have you done any investigation in to how this is failing ? Is it the first packet or is it only after some time? Have you tried with older libsrtp versions?

Would be great if you have any extra info. Will try to reproduce myself later this week.

[snowuyl]

575 is due to FFmpeg doesn't have fixed ssrc. But rtpw.c fixed ssrc to 0xdeadbeef.

[snowuyl]

Is it the first packet or is it only after some time? From the following log messages, it is okay for first packet but failed after some time. ./rtpw -k $key -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.5.0 [0x2050000] security services: confidentiality message authentication main calls srtp_crypto_policy_set_rtp_default() set master key/salt to 4142434445464748494a4b4c4d4e4f50/5152535455565758595a31323334 srtp_add_stream E srtp_add_stream E srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: 30d9c1599efa0137b30e packet auth tag: 30d9c1599efa0137b30e srtp_unprotect_mki return srtp_err_status_ok srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: 07e319098905d9eb0303 packet auth tag: 07e319098905d9eb0303 srtp_unprotect_mki return srtp_err_status_ok srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: ca8005a3eb5b44efe6af packet auth tag: ca8005a3eb5b44efe6af srtp_unprotect_mki return srtp_err_status_ok srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: d6e10c563c18d595edd5 packet auth tag: c48dc5daff3148a781e6 srtp_unprotect_mki 1 return srtp_err_status_auth_fail error: srtp unprotection failed with code 7 (auth check failed) rtp_recvfrom 2 return -1 srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: d58dec8f07ff9de5bc79 packet auth tag: d58dec8f07ff9de5bc79 srtp_unprotect_mki return srtp_err_status_ok srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: 0710767ff557d2422898 packet auth tag: a814b0bdc0a5505950fe srtp_unprotect_mki 1 return srtp_err_status_auth_fail error: srtp unprotection failed with code 7 (auth check failed) rtp_recvfrom 2 return -1 srtp_unprotect_mki ctx=0xd3e11190, hdr->ssrc=0xefbeadde, stream=0xd3e111b0 computed auth tag: 2e521ccfeb9e9cb841f9 packet auth tag: e4546553f34de04ab867 srtp_unprotect_mki 1 return srtp_err_status_auth_fail error: srtp unprotection failed with code 7 (auth check failed)

[snowuyl]

Have you tried with older libsrtp versions? I tried 2.4.2 and 2.5. Both are failed. Do you have suggestion which version I can test?

[pabuhler]

Have you tried with older libsrtp versions? I tried 2.4.2 and 2.5. Both are failed. Do you have suggestion which version I can test?

2.4.2 & 2.5 are very similar, if you can try with 2.3 that would be good.

[snowuyl]

./rtpw -k $key -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.3.0 [0x2030000] security services: confidentiality message authentication set master key/salt to 4142434445464748494a4b4c4d4e4f50/5152535455565758595a31323334 word: 0WYŚm� �+� word: 2����?� error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) word: 0��})f���|�� �d word: 2�0#�,\Fa�+19l error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed) �d word: 0��--����0+�+19l �d word: 2���V��s�]��Ϛl error: srtp unprotection failed with code 7 (auth check failed) error: srtp unprotection failed with code 7 (auth check failed)

[pabuhler]

@snowuyl you do know that rtpw is not a generic srtp receiver right, you have read the source code for it? It is a program for testing libsrtp where it is either a sender or receiver and in either case there is a max message size of 128. So if you are trying to use it to verify from a different application you will need to ensure the rtp packets are smaller than 128.

[snowuyl]

Thanks for your reply. Could you kindly to tell me how to modify rtpw.c for increasing max message size?

[pabuhler]

With out really testing I am not sure but you can probably just increase MAX_WORD_LEN to be 2048 . You might want to avoid printing the words if you will be sending binary H264 data.

No promises that this will work for you but I think that these issues are invalid based on this?

[snowuyl]

I have modified MAX_WORD_LEN to 2048. The following error message doesn't show anymore. error: srtp unprotection failed with code 7 (auth check failed) Thanks for your great help!