Opened 8 years ago

Last modified 8 years ago

#1943 closed enhancement

AES-GCM crypto support for SRTP — at Version 5

Reported by: ming Owned by: nanang
Priority: normal Milestone: release-2.6
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by ming)

For GNU targets:

  1. AES GCM crypto requires OpenSSL, so make sure OpenSSL is enabled. Also this requires PJSIP 2.5, as this version has newer libsrtp version. Then make sure that AES GCM is supported by libcrypto by checking the configure output:
    checking for EVP_aes_128_gcm in -lssl... yes
    OpenSSL has AES GCM support, SRTP will use OpenSSl version
    
  1. Enable the desired AES GCM cryptos in your config_site.h (by default, it's not enabled), for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild PJSIP.

For Windows:

  1. Install OpenSSL.
  1. In Visual Studio, go to libsrtp project, into folder crypto.
  1. Multiple-select cipher/aes_gcm_ossl.c, cipher/aes_icm_ossl.c, hash/hmac_ossl.c, rng/rand_source_ossl.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "Yes" to "No".
  1. Multiple-select cipher/aes.c cipher/aes_icm.c cipher/aes_cbc.c hash/sha1.c hash/hmac.c rng/rand_source.c rng/prng.c rng/ctr_prng.c
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - General, then change Excluded From Build from "No" to "Yes".
  1. Click on libsrtp project.
    Right-click, then click Properties. Change Configuration to "All Configurations" and Platform to "All Platforms". Go to Configuration Properties - C/C++ - Preprocessor, then choose Preprocessor Definitions, and add ";OPENSSL".
  1. Enable the desired AES GCM cryptos in your config_site.h, for example:
        #define PJMEDIA_SRTP_HAS_AES_GCM_256      1
        #define PJMEDIA_SRTP_HAS_AES_GCM_128      1
    
  1. Rebuild libsrtp.

Change History (5)

comment:1 Changed 8 years ago by ming

In 5412:

Re #1943: AES-GCM crypto support for SRTP

Special thanks to Alexander Traud for the patch.

comment:2 Changed 8 years ago by ming

In 5414:

Re #1943: Fixed incorrect configure script.

comment:3 Changed 8 years ago by ming

  • Description modified (diff)

comment:4 Changed 8 years ago by ming

  • Description modified (diff)

comment:5 Changed 8 years ago by ming

  • Description modified (diff)
Note: See TracTickets for help on using tickets.