Ticket #1943 (closed enhancement: fixed)

Opened 17 months ago

Last modified 16 months ago

AES-GCM crypto support for SRTP

Reported by: ming Owned by: nanang
Priority: normal Milestone: release-2.6
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by riza) (diff)

For GNU targets:

  1. AES GCM crypto requires OpenSSL, so make sure OpenSSL is enabled. Also this requires PJSIP 2.5, as this version has newer libsrtp version. Then make sure that AES GCM is supported by libcrypto by checking the configure output:
    checking for EVP_aes_128_gcm in -lssl... yes
    OpenSSL has AES GCM support, SRTP will use OpenSSL
    
  1. Enable the desired AES GCM cryptos in your config_site.h (by default, it's not enabled), for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild PJSIP.

For Windows:

  1. Install OpenSSL.
  1. In Visual Studio, go to libsrtp project, into folder crypto.
  1. Multiple-select cipher/aes_gcm_ossl.c, cipher/aes_icm_ossl.c, hash/hmac_ossl.c, rng/rand_source_ossl.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "Yes" to "No".
  1. Multiple-select cipher/aes.c cipher/aes_icm.c cipher/aes_cbc.c hash/sha1.c hash/hmac.c rng/rand_source.c rng/prng.c rng/ctr_prng.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "No" to "Yes".
  1. Click on libsrtp project.
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - C/C++ - Preprocessor, then choose Preprocessor Definitions, and add ";OPENSSL".
  1. Enable the desired AES GCM cryptos in your config_site.h, for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild libsrtp.

Change History

comment:1 Changed 16 months ago by ming

In 5412:

Re #1943: AES-GCM crypto support for SRTP

Special thanks to Alexander Traud for the patch.

comment:2 Changed 16 months ago by ming

In 5414:

Re #1943: Fixed incorrect configure script.

comment:3 Changed 16 months ago by ming

  • Description modified (diff)

comment:4 Changed 16 months ago by ming

  • Description modified (diff)

comment:5 Changed 16 months ago by ming

  • Description modified (diff)

comment:6 Changed 16 months ago by ming

  • Status changed from new to closed
  • Resolution set to fixed

In 5415:

Fixed #1943: (Windows) Add SRTP OpenSSL sources in Visual Studio libsrtp project file.

comment:7 Changed 16 months ago by riza

In 5416:

Re #1943: Improve the clarity of configure log message.

comment:8 Changed 16 months ago by riza

  • Description modified (diff)

comment:9 Changed 16 months ago by riza

In 5418:

Re #1943: Raise linking error if libsrtp doesn't support the crypto.

Note: See TracTickets for help on using tickets.