[asterisk-dev] [Code Review] 3350: Add AES-GCM support for SRTP

Matt Jordan reviewboard at asterisk.org
Mon Mar 17 19:53:04 CDT 2014 


> On March 13, 2014, 11:12 p.m., Matt Jordan wrote:
> > Ship It!
> 
> Kristian Kielhofner wrote:
>     I appreciate the enthusiasm but I don't think it's ready quite yet...
>     
>     The code isn't conditional in any way and as I said various autoconf checks will need to be included to test for feature-openssl support in system libsrtp as well as AES-GCM support in OpenSSL. If I find myself with some time on my hands I may look into both of these but I'm not sure when that will happen (it almost never does, for some reason)!

Hm. I had missed that in the preamble of your review.

If this is not yet ready for submission, I'd suggest closing out the review for now. You can always re-open it when the patch is complete.


- Matt


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3350/#review11199
-----------------------------------------------------------


On March 13, 2014, 12:54 p.m., Kristian Kielhofner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3350/
> -----------------------------------------------------------
> 
> (Updated March 13, 2014, 12:54 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-22832
>     https://issues.asterisk.org/jira/browse/ASTERISK-22832
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> There is a version of libsrtp that supports AES-NI and AES-GCM mode:
> https://github.com/cisco/libsrtp/pull/34
> 
> More on AES-GCM mode:
> http://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-10
> http://2013.diac.cr.yp.to/slides/gueron.pdf
> 
> AES-GCM mode improves the performance of SRTP on systems with and without support for the AES-NI instruction set.
> 
> This patch implements 128 bit AES GCM mode with SRTP. Significantly more work will be required to support 192 and 256 bit AES regardless of mode. Various build stuffs will also need to be updated with the required checks for AES-GCM support in libsrtp and OpenSSL.
> 
> "Big AES" (including 256 GCM) should probably be implemented with a separate patch/bug/review:
> 
> http://tools.ietf.org/html/rfc6188
> 
> 
> Diffs
> -----
> 
>   /trunk/res/res_srtp.c 402525 
>   /trunk/main/sdp_srtp.c 402525 
>   /trunk/include/asterisk/sdp_srtp.h 402525 
>   /trunk/include/asterisk/res_srtp.h 402525 
> 
> Diff: https://reviewboard.asterisk.org/r/3350/diff/
> 
> 
> Testing
> -------
> 
> Successfully tested call setup and audio exchange with patched pjsip client and FreeSWITCH.
> 
> 
> Thanks,
> 
> Kristian Kielhofner
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140318/1ab344d1/attachment.html>

More information about the asterisk-dev mailing list