Changeset 5418


Ignore:
Timestamp:
Aug 15, 2016 7:32:29 AM (3 years ago)
Author:
riza
Message:

Re #1943: Raise linking error if libsrtp doesn't support the crypto.

Location:
pjproject/trunk/pjmedia
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjmedia/include/pjmedia/config.h

    r5412 r5418  
    973973 
    974974/** 
    975  * Enable AES_CM_192 cryptos in SRTP 
     975 * Enable AES_CM_192 cryptos in SRTP. 
     976 * It was reported that this crypto only works among libsrtp backends, 
     977 * so we recommend to disable this. 
     978 * 
     979 * To enable this, you would require OpenSSL which supports it. 
     980 * See https://trac.pjsip.org/repos/ticket/1943 for more info. 
     981 * 
    976982 * Default: disabled. 
    977983 */ 
     
    992998/** 
    993999 * Enable AES_GCM_256 cryptos in SRTP. 
     1000 * 
     1001 * To enable this, you would require OpenSSL which supports it. 
     1002 * See https://trac.pjsip.org/repos/ticket/1943 for more info.  
     1003 * 
    9941004 * Default: disabled. 
    9951005 */ 
     
    10011011/** 
    10021012 * Enable AES_GCM_128 cryptos in SRTP. 
     1013 * 
     1014 * To enable this, you would require OpenSSL which supports it. 
     1015 * See https://trac.pjsip.org/repos/ticket/1943 for more info. 
     1016 * 
    10031017 * Default: disabled. 
    10041018 */ 
  • pjproject/trunk/pjmedia/src/pjmedia/transport_srtp.c

    r5412 r5418  
    7373static const pj_str_t ID_CRYPTO   = { "crypto", 6 }; 
    7474 
     75typedef void (*crypto_method_t)(crypto_policy_t *policy); 
     76 
    7577typedef struct crypto_suite 
    7678{ 
     
    8385    unsigned             srtcp_auth_tag_len; 
    8486    sec_serv_t           service; 
     87    /* This is an attempt to validate crypto support by libsrtp, i.e: it should 
     88     * raise linking error if the libsrtp does not support the crypto.  
     89     */ 
     90    cipher_type_t       *ext_cipher_type; 
     91    crypto_method_t      ext_crypto_method; 
    8592} crypto_suite; 
     93 
     94extern cipher_type_t aes_gcm_256_openssl; 
     95extern cipher_type_t aes_gcm_128_openssl; 
     96extern cipher_type_t aes_icm_192; 
    8697 
    8798/* https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml */ 
     
    93104    /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ 
    94105    {"AEAD_AES_256_GCM", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, 
    95         NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, 
     106        NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, 
    96107    /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ 
    97108    {"AEAD_AES_256_GCM_8", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, 
    98         NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, 
     109        NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, 
    99110#endif 
    100111#if defined(PJMEDIA_SRTP_HAS_AES_CM_256) && \ 
     
    102113    /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ 
    103114    {"AES_256_CM_HMAC_SHA1_80", AES_ICM, 46, HMAC_SHA1, 20, 10, 10, 
    104         sec_serv_conf_and_auth}, 
     115        sec_serv_conf_and_auth, NULL,  
     116        &crypto_policy_set_aes_cm_256_hmac_sha1_80}, 
    105117    /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ 
    106118    {"AES_256_CM_HMAC_SHA1_32", AES_ICM, 46, HMAC_SHA1, 20, 4, 10, 
    107         sec_serv_conf_and_auth}, 
     119        sec_serv_conf_and_auth, NULL, 
     120        &crypto_policy_set_aes_cm_256_hmac_sha1_32}, 
    108121#endif 
    109122#if defined(PJMEDIA_SRTP_HAS_AES_CM_192) && \ 
     
    111124    /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 10 octets */ 
    112125    {"AES_192_CM_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 10, 10, 
    113         sec_serv_conf_and_auth}, 
     126        sec_serv_conf_and_auth, &aes_icm_192}, 
    114127    /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 4 octets */ 
    115128    {"AES_192_CM_HMAC_SHA1_32", AES_ICM, 38, HMAC_SHA1, 20, 4, 10, 
    116         sec_serv_conf_and_auth}, 
     129        sec_serv_conf_and_auth, &aes_icm_192}, 
    117130#endif 
    118131#if defined(PJMEDIA_SRTP_HAS_AES_GCM_128) && \ 
     
    120133    /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ 
    121134    {"AEAD_AES_128_GCM", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, 
    122         NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, 
     135        NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, 
    123136 
    124137    /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ 
    125138    {"AEAD_AES_128_GCM_8", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, 
    126         NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, 
     139        NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, 
    127140#endif 
    128141#if defined(PJMEDIA_SRTP_HAS_AES_CM_128) && \ 
Note: See TracChangeset for help on using the changeset viewer.