Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1943 closed enhancement (fixed)

AES-GCM crypto support for SRTP

Reported by: ming Owned by: nanang
Priority: normal Milestone: release-2.6
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by riza)

For GNU targets:

  1. AES GCM crypto requires OpenSSL, so make sure OpenSSL is enabled. Also this requires PJSIP 2.5, as this version has newer libsrtp version. Then make sure that AES GCM is supported by libcrypto by checking the configure output:
    checking for EVP_aes_128_gcm in -lssl... yes
    OpenSSL has AES GCM support, SRTP will use OpenSSL
    
  1. Enable the desired AES GCM cryptos in your config_site.h (by default, it's not enabled), for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild PJSIP.

For Windows:

  1. Install OpenSSL.
  1. In Visual Studio, go to libsrtp project, into folder crypto.
  1. Multiple-select cipher/aes_gcm_ossl.c, cipher/aes_icm_ossl.c, hash/hmac_ossl.c, rng/rand_source_ossl.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "Yes" to "No".
  1. Multiple-select cipher/aes.c cipher/aes_icm.c cipher/aes_cbc.c hash/sha1.c hash/hmac.c rng/rand_source.c rng/prng.c rng/ctr_prng.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "No" to "Yes".
  1. Click on libsrtp project.
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - C/C++ - Preprocessor, then choose Preprocessor Definitions, and add ";OPENSSL".
  1. Enable the desired AES GCM cryptos in your config_site.h, for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild libsrtp.

Change History (9)

comment:1 Changed 8 years ago by ming

In 5412:

Re #1943: AES-GCM crypto support for SRTP

Special thanks to Alexander Traud for the patch.

comment:2 Changed 8 years ago by ming

In 5414:

Re #1943: Fixed incorrect configure script.

comment:3 Changed 8 years ago by ming

  • Description modified (diff)

comment:4 Changed 8 years ago by ming

  • Description modified (diff)

comment:5 Changed 8 years ago by ming

  • Description modified (diff)

comment:6 Changed 8 years ago by ming

  • Resolution set to fixed
  • Status changed from new to closed

In 5415:

Fixed #1943: (Windows) Add SRTP OpenSSL sources in Visual Studio libsrtp project file.

comment:7 Changed 8 years ago by riza

In 5416:

Re #1943: Improve the clarity of configure log message.

comment:8 Changed 8 years ago by riza

  • Description modified (diff)

comment:9 Changed 8 years ago by riza

In 5418:

Re #1943: Raise linking error if libsrtp doesn't support the crypto.

Note: See TracTickets for help on using tickets.