[asterisk-bugs] [JIRA] (ASTERISK-22832) Support AES-GCM mode in SRTP

A. Sresnewsky (JIRA) noreply at issues.asterisk.org
Sun Jul 3 21:49:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231284#comment-231284 ] 

A. Sresnewsky edited comment on ASTERISK-22832 at 7/3/16 9:49 PM:
------------------------------------------------------------------

How this patch would work for Asterisk versions 1.8 and/or 11 ? It can´t find sdp_srtp.h and sdp_srtp.c (closest is channels/sip/sdp_crypto.c) but I´ve tried applying it manually anyways without success obviously (ended-up with a res_srtp.c:256: error: ‘AES_128_GCM’ undeclared first use in this function error). Using libsrtp 1.5.2 compiled with latest OpenSSL (passed the AES-GCM test). Recently Freeswitch and pjSIP based clients have implemented AES-128-GCM/AES-256-GCM but Asterisk seens to be lagging behind.
(Restricted to Public group)

was (Author: agbsres):
How this patch would work for Asterisk versions 1.8 and/or 11 ? It can´t find sdp_srtp.h and sdp_srtp.c (closest is channels/sip/sdp_crypto.c) but I´ve tried applying it manually to end-up with a res_srtp.c:256: error: ‘AES_128_GCM’ undeclared (first use in this function) error. Using libsrtp 1.5.2 compiled with latest OpenSSL (passed the AES-GCM test). Recently Freeswitch and pjSIP based clients have implemented AES-128-GCM/AES-256-GCM but Asterisk seens to be lagging behind.
(Restricted to Public group)
> Support AES-GCM mode in SRTP
> ----------------------------
>
>                 Key: ASTERISK-22832
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22832
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: SVN
>         Environment: Linux x86_64
>            Reporter: Kristian Kielhofner
>            Severity: Minor
>         Attachments: asterisk-1.8-srtp-crypto_kernel-include.patch, asterisk_gcm_draft10.patch, asterisk_gcm.patch
>
>
> There is a version of libsrtp that supports AES-NI and AES-GCM mode:
> https://github.com/cisco/libsrtp/pull/34
> More on AES-GCM mode:
> http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10
> https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf
> AES-GCM mode improves the performance of SRTP on systems with and without support for the AES-NI instruction set.
> Performance test results pending.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list