[asterisk-bugs] [JIRA] (ASTERISK-22832) Support AES-GCM mode in SRTP

abelbeck (JIRA) noreply at issues.asterisk.org
Tue Oct 14 10:07:29 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223013#comment-223013 ] 

abelbeck commented on ASTERISK-22832:
-------------------------------------

Attached is trivial patch to res/res_srtp.c to also include srtp/crypto_kernel.h

This is related to Kristian's issue here as the libsrtp version 1.5.0 ( https://github.com/cisco/libsrtp ) has rearranged some of the header files, and crypto_kernel.h is not longer included in srtp.h.  Without the patch you see:
{noformat}
  [CC] res_srtp.c -> res_srtp.o
res_srtp.c: In function 'ast_srtp_get_random':
res_srtp.c:307: warning: implicit declaration of function 'crypto_get_random'
  [LD] res_srtp.o -> res_srtp.so
{noformat}

The included patch should be backward compatible, and should apply to all versions of Asterisk.

Using libsrtp version 1.5.0  offers OpenSSL support and it's AES optimizations.

> Support AES-GCM mode in SRTP
> ----------------------------
>
>                 Key: ASTERISK-22832
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22832
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: SVN
>         Environment: Linux x86_64
>            Reporter: Kristian Kielhofner
>            Severity: Minor
>         Attachments: asterisk-1.8-srtp-crypto_kernel-include.patch, asterisk_gcm_draft10.patch, asterisk_gcm.patch
>
>
> There is a version of libsrtp that supports AES-NI and AES-GCM mode:
> https://github.com/cisco/libsrtp/pull/34
> More on AES-GCM mode:
> http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10
> https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf
> AES-GCM mode improves the performance of SRTP on systems with and without support for the AES-NI instruction set.
> Performance test results pending.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list