diff options
author | Riza Sulistyo <riza@teluu.com> | 2016-08-15 07:32:29 +0000 |
---|---|---|
committer | Riza Sulistyo <riza@teluu.com> | 2016-08-15 07:32:29 +0000 |
commit | 362b818503999e298b3ab4b1796b917183a39d84 (patch) | |
tree | 7945e964f9134ada3a5237317e1c0afbeef99991 | |
parent | 818919149c6a062a1e138b1ed03260086eab30f2 (diff) |
Re #1943: Raise linking error if libsrtp doesn't support the crypto.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5418 74dad513-b988-da41-8d7b-12977e46ad98
-rw-r--r-- | pjmedia/include/pjmedia/config.h | 16 | ||||
-rw-r--r-- | pjmedia/src/pjmedia/transport_srtp.c | 29 |
2 files changed, 36 insertions, 9 deletions
diff --git a/pjmedia/include/pjmedia/config.h b/pjmedia/include/pjmedia/config.h index a173af42..c01d7976 100644 --- a/pjmedia/include/pjmedia/config.h +++ b/pjmedia/include/pjmedia/config.h @@ -972,7 +972,13 @@ /** - * Enable AES_CM_192 cryptos in SRTP + * Enable AES_CM_192 cryptos in SRTP. + * It was reported that this crypto only works among libsrtp backends, + * so we recommend to disable this. + * + * To enable this, you would require OpenSSL which supports it. + * See https://trac.pjsip.org/repos/ticket/1943 for more info. + * * Default: disabled. */ #ifndef PJMEDIA_SRTP_HAS_AES_CM_192 @@ -991,6 +997,10 @@ /** * Enable AES_GCM_256 cryptos in SRTP. + * + * To enable this, you would require OpenSSL which supports it. + * See https://trac.pjsip.org/repos/ticket/1943 for more info. + * * Default: disabled. */ #ifndef PJMEDIA_SRTP_HAS_AES_GCM_256 @@ -1000,6 +1010,10 @@ /** * Enable AES_GCM_128 cryptos in SRTP. + * + * To enable this, you would require OpenSSL which supports it. + * See https://trac.pjsip.org/repos/ticket/1943 for more info. + * * Default: disabled. */ #ifndef PJMEDIA_SRTP_HAS_AES_GCM_128 diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c index 304d0a6f..16d0adfd 100644 --- a/pjmedia/src/pjmedia/transport_srtp.c +++ b/pjmedia/src/pjmedia/transport_srtp.c @@ -72,6 +72,8 @@ static const pj_str_t ID_RTP_SAVP = { "RTP/SAVP", 8 }; static const pj_str_t ID_INACTIVE = { "inactive", 8 }; static const pj_str_t ID_CRYPTO = { "crypto", 6 }; +typedef void (*crypto_method_t)(crypto_policy_t *policy); + typedef struct crypto_suite { char *name; @@ -82,8 +84,17 @@ typedef struct crypto_suite unsigned srtp_auth_tag_len; unsigned srtcp_auth_tag_len; sec_serv_t service; + /* This is an attempt to validate crypto support by libsrtp, i.e: it should + * raise linking error if the libsrtp does not support the crypto. + */ + cipher_type_t *ext_cipher_type; + crypto_method_t ext_crypto_method; } crypto_suite; +extern cipher_type_t aes_gcm_256_openssl; +extern cipher_type_t aes_gcm_128_openssl; +extern cipher_type_t aes_icm_192; + /* https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml */ static crypto_suite crypto_suites[] = { /* plain RTP/RTCP (no cipher & no auth) */ @@ -92,38 +103,40 @@ static crypto_suite crypto_suites[] = { (PJMEDIA_SRTP_HAS_AES_GCM_256 != 0) /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ {"AEAD_AES_256_GCM", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, - NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, + NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ {"AEAD_AES_256_GCM_8", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, - NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, + NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, #endif #if defined(PJMEDIA_SRTP_HAS_AES_CM_256) && \ (PJMEDIA_SRTP_HAS_AES_CM_256 != 0) /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ {"AES_256_CM_HMAC_SHA1_80", AES_ICM, 46, HMAC_SHA1, 20, 10, 10, - sec_serv_conf_and_auth}, + sec_serv_conf_and_auth, NULL, + &crypto_policy_set_aes_cm_256_hmac_sha1_80}, /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ {"AES_256_CM_HMAC_SHA1_32", AES_ICM, 46, HMAC_SHA1, 20, 4, 10, - sec_serv_conf_and_auth}, + sec_serv_conf_and_auth, NULL, + &crypto_policy_set_aes_cm_256_hmac_sha1_32}, #endif #if defined(PJMEDIA_SRTP_HAS_AES_CM_192) && \ (PJMEDIA_SRTP_HAS_AES_CM_192 != 0) /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 10 octets */ {"AES_192_CM_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 10, 10, - sec_serv_conf_and_auth}, + sec_serv_conf_and_auth, &aes_icm_192}, /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 4 octets */ {"AES_192_CM_HMAC_SHA1_32", AES_ICM, 38, HMAC_SHA1, 20, 4, 10, - sec_serv_conf_and_auth}, + sec_serv_conf_and_auth, &aes_icm_192}, #endif #if defined(PJMEDIA_SRTP_HAS_AES_GCM_128) && \ (PJMEDIA_SRTP_HAS_AES_GCM_128 != 0) /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ {"AEAD_AES_128_GCM", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, - NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, + NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ {"AEAD_AES_128_GCM_8", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, - NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, + NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, #endif #if defined(PJMEDIA_SRTP_HAS_AES_CM_128) && \ (PJMEDIA_SRTP_HAS_AES_CM_128 != 0) |