[asterisk-bugs] [JIRA] (ASTERISK-22832) Support AES-GCM mode in SRTP

Alexander Traud (JIRA) noreply at issues.asterisk.org
Wed Jul 13 07:22:57 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231401#comment-231401 ] 

Alexander Traud commented on ASTERISK-22832:
--------------------------------------------

[~abelbeck], thank you for reporting that issue with {{crypto_get_random}}. It got its own issue report. Therefore, please, continue with ASTERISK-24436.

[~agbsres], the attached patch targeted the master branch at that time, which created Asterisk 13. If you are looking for a backport of AES-GCM for Asterisk 11, please, do give a rationale why you cannot update to Asterisk 13 and why you want AES-GCM. That raises motivation and might help to find an Asterisk team member or a community member, to create such a patch.

@all
In December 2015, that draft matured to RFC 7714. However in June 2014 with draft revision 13, the crypto suite {{AEAD_AES_128_GCM_8}} got dropped. Furthermore even back than, there was a bug in libSRTP because the key length (actually the master salt) was too long. This patch here relied on the fact that the key length was the same as for {{AES_CM_128_HMAC_SHA1_80}}. This is not the case anymore. Therefore, please, let us continue with ASTERISK-26190.

> Support AES-GCM mode in SRTP
> ----------------------------
>
>                 Key: ASTERISK-22832
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22832
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: SVN
>         Environment: Linux x86_64
>            Reporter: Kristian Kielhofner
>            Severity: Minor
>         Attachments: asterisk-1.8-srtp-crypto_kernel-include.patch, asterisk_gcm_draft10.patch, asterisk_gcm.patch
>
>
> There is a version of libsrtp that supports AES-NI and AES-GCM mode:
> https://github.com/cisco/libsrtp/pull/34
> More on AES-GCM mode:
> http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10
> https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf
> AES-GCM mode improves the performance of SRTP on systems with and without support for the AES-NI instruction set.
> Performance test results pending.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list