diff options
author | Liong Sauw Ming <ming@teluu.com> | 2016-08-08 09:09:29 +0000 |
---|---|---|
committer | Liong Sauw Ming <ming@teluu.com> | 2016-08-08 09:09:29 +0000 |
commit | de5891815932de36675e2f49faef3cbd7b479b96 (patch) | |
tree | 51f14d50e17ff119d48c656e6235c269761842fa /pjmedia | |
parent | e4e49af40f2f327610fb066e2313dbfffc57f717 (diff) |
Re #1943: AES-GCM crypto support for SRTP
Special thanks to Alexander Traud for the patch.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5412 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjmedia')
-rw-r--r-- | pjmedia/include/pjmedia/config.h | 55 | ||||
-rw-r--r-- | pjmedia/include/pjmedia/transport_srtp.h | 2 | ||||
-rw-r--r-- | pjmedia/src/pjmedia/transport_srtp.c | 59 |
3 files changed, 96 insertions, 20 deletions
diff --git a/pjmedia/include/pjmedia/config.h b/pjmedia/include/pjmedia/config.h index cbcd08fb..a173af42 100644 --- a/pjmedia/include/pjmedia/config.h +++ b/pjmedia/include/pjmedia/config.h @@ -953,6 +953,61 @@ /** + * Maximum number of SRTP cryptos. + * + * Default: 16 + */ +#ifndef PJMEDIA_SRTP_MAX_CRYPTOS +# define PJMEDIA_SRTP_MAX_CRYPTOS 16 +#endif + + +/** + * Enable AES_CM_256 cryptos in SRTP. + * Default: enabled. + */ +#ifndef PJMEDIA_SRTP_HAS_AES_CM_256 +# define PJMEDIA_SRTP_HAS_AES_CM_256 1 +#endif + + +/** + * Enable AES_CM_192 cryptos in SRTP + * Default: disabled. + */ +#ifndef PJMEDIA_SRTP_HAS_AES_CM_192 +# define PJMEDIA_SRTP_HAS_AES_CM_192 0 +#endif + + +/** + * Enable AES_CM_128 cryptos in SRTP. + * Default: enabled. + */ +#ifndef PJMEDIA_SRTP_HAS_AES_CM_128 +# define PJMEDIA_SRTP_HAS_AES_CM_128 1 +#endif + + +/** + * Enable AES_GCM_256 cryptos in SRTP. + * Default: disabled. + */ +#ifndef PJMEDIA_SRTP_HAS_AES_GCM_256 +# define PJMEDIA_SRTP_HAS_AES_GCM_256 0 +#endif + + +/** + * Enable AES_GCM_128 cryptos in SRTP. + * Default: disabled. + */ +#ifndef PJMEDIA_SRTP_HAS_AES_GCM_128 +# define PJMEDIA_SRTP_HAS_AES_GCM_128 0 +#endif + + +/** * Let the library handle libsrtp initialization and deinitialization. * Application may want to disable this and manually perform libsrtp * initialization and deinitialization when it needs to use libsrtp diff --git a/pjmedia/include/pjmedia/transport_srtp.h b/pjmedia/include/pjmedia/transport_srtp.h index 910ec1d0..fe5337ac 100644 --- a/pjmedia/include/pjmedia/transport_srtp.h +++ b/pjmedia/include/pjmedia/transport_srtp.h @@ -155,7 +155,7 @@ typedef struct pjmedia_srtp_setting /** * Specify individual crypto suite setting. */ - pjmedia_srtp_crypto crypto[8]; + pjmedia_srtp_crypto crypto[PJMEDIA_SRTP_MAX_CRYPTOS]; } pjmedia_srtp_setting; diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c index c262f070..304d0a6f 100644 --- a/pjmedia/src/pjmedia/transport_srtp.c +++ b/pjmedia/src/pjmedia/transport_srtp.c @@ -84,35 +84,56 @@ typedef struct crypto_suite sec_serv_t service; } crypto_suite; -/* Crypto suites as defined on RFC 4568 */ +/* https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml */ static crypto_suite crypto_suites[] = { /* plain RTP/RTCP (no cipher & no auth) */ {"NULL", NULL_CIPHER, 0, NULL_AUTH, 0, 0, 0, sec_serv_none}, - +#if defined(PJMEDIA_SRTP_HAS_AES_GCM_256) && \ + (PJMEDIA_SRTP_HAS_AES_GCM_256 != 0) + /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ + {"AEAD_AES_256_GCM", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, + NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, + /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ + {"AEAD_AES_256_GCM_8", AES_256_GCM, AES_256_GCM_KEYSIZE_WSALT, + NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, +#endif +#if defined(PJMEDIA_SRTP_HAS_AES_CM_256) && \ + (PJMEDIA_SRTP_HAS_AES_CM_256 != 0) /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ {"AES_256_CM_HMAC_SHA1_80", AES_ICM, 46, HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth}, - /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */ {"AES_256_CM_HMAC_SHA1_32", AES_ICM, 46, HMAC_SHA1, 20, 4, 10, - sec_serv_conf_and_auth}, - - /* cipher AES_192_CM, auth HMAC_SHA1, auth tag len = 10 octets */ - //{"AES_192_CM_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 10, 10, - //sec_serv_conf_and_auth}, - - /* cipher AES_192_CM, auth HMAC_SHA1, auth tag len = 4 octets */ - //{"AES_192_CM_HMAC_SHA1_32", AES_ICM, 38, HMAC_SHA1, 20, 4, 10, - //sec_serv_conf_and_auth}, - - /* cipher AES_CM, auth HMAC_SHA1, auth tag len = 10 octets */ - {"AES_CM_128_HMAC_SHA1_80", AES_128_ICM, 30, HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth}, - - /* cipher AES_CM, auth HMAC_SHA1, auth tag len = 4 octets */ - {"AES_CM_128_HMAC_SHA1_32", AES_128_ICM, 30, HMAC_SHA1, 20, 4, 10, +#endif +#if defined(PJMEDIA_SRTP_HAS_AES_CM_192) && \ + (PJMEDIA_SRTP_HAS_AES_CM_192 != 0) + /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 10 octets */ + {"AES_192_CM_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth}, - + /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 4 octets */ + {"AES_192_CM_HMAC_SHA1_32", AES_ICM, 38, HMAC_SHA1, 20, 4, 10, + sec_serv_conf_and_auth}, +#endif +#if defined(PJMEDIA_SRTP_HAS_AES_GCM_128) && \ + (PJMEDIA_SRTP_HAS_AES_GCM_128 != 0) + /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ + {"AEAD_AES_128_GCM", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, + NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth}, + + /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ + {"AEAD_AES_128_GCM_8", AES_128_GCM, AES_128_GCM_KEYSIZE_WSALT, + NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth}, +#endif +#if defined(PJMEDIA_SRTP_HAS_AES_CM_128) && \ + (PJMEDIA_SRTP_HAS_AES_CM_128 != 0) + /* cipher AES_CM_128, auth HMAC_SHA1, auth tag len = 10 octets */ + {"AES_CM_128_HMAC_SHA1_80", AES_ICM, 30, HMAC_SHA1, 20, 10, 10, + sec_serv_conf_and_auth}, + /* cipher AES_CM_128, auth HMAC_SHA1, auth tag len = 4 octets */ + {"AES_CM_128_HMAC_SHA1_32", AES_ICM, 30, HMAC_SHA1, 20, 4, 10, + sec_serv_conf_and_auth}, +#endif /* * F8_128_HMAC_SHA1_8 not supported by libsrtp? * {"F8_128_HMAC_SHA1_8", NULL_CIPHER, 0, NULL_AUTH, 0, 0, 0, sec_serv_none} |