Authentication failure with crypto suite AES_CM_128_HMAC_SHA1_80

[manikanta222010]

I am attempting to decrypt the Secure Real-time Transport Protocol (SRTP) stream contained within a capture file named temp.pcap. The data within this file is encrypted using the AES_CM_128_HMAC_SHA1_80 crypto suite.

1. Decryption Command:
   srtp-decrypt.exe -s AES_CM_128_HMAC_SHA1_80 -b cL2VhwSL12YShG/u/eNSrfaqgsSCOjjlyUwJBywl -p temp.pcap -d srtp -m rtp -a
2. The crypto suite information, as retrieved from the Session Description Protocol (SDP) portion of a SIP message, is:
   crypto:3 AES_CM_128_HMAC_SHA1_80 inline:cL2VhwSL12YShG/u/eNSrfaqgsSCOjjlyUwJBywl

When executing the provided decryption command, I am consistently receiving an authentication failure error for all RTP packets.

1. Sample Capture File:
   If possible, could you kindly provide a sample Wireshark capture file that I can use for decryption purposes? This would be immensely helpful in verifying the decryption process and ensuring the correctness of my command.

2. Command Verification:
   If a sample capture file is unavailable, could you please review the decryption command I have provided and confirm if there are any potential errors or syntax issues that might be causing the authentication failure?

I appreciate your time and assistance in resolving this decryption challenge.

[gteissier]

Hi,

I am not sure the exe you use comes from this project, as the build system does not generate exe and the options you use do not make sense.

Take a look at Makefile: there is a correct invocation of srtp-decrypt together with a pcap that contains srtp packets.

The error you face typically comes from the use of a wrong sdes key. It may also come from a mismatch of ciphersuites, causing an incoherent tag to be extracted from packets.

BR