1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
From 95b45d1c46b35232ee0b9bdb3135b080c164c7c6 Mon Sep 17 00:00:00 2001
From: Alexander Traud <pabstraud@compuserve.com>
Date: Wed, 18 Oct 2017 10:30:25 +0200
Subject: [PATCH] res_srtp: Add support for libsrtp2 with AES-GCM.
Beside allowing AES-GCM again, this adds AES-192 again.
ASTERISK-27356
Change-Id: Ia97a435faf26300335d9552fa676b5d17e5f7233
[yann.morin.1998@free.fr: backport from upstream]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
configure | 104 +++++++++++++++++++++++++++++++++++++++++++++++++
configure.ac | 1 +
res/srtp/srtp_compat.h | 12 ++++++
3 files changed, 117 insertions(+)
diff --git a/configure b/configure
index 59bc3b10b1..588fbfd0be 100755
--- a/configure
+++ b/configure
@@ -33793,6 +33793,110 @@ fi
+if test "x${PBX_SRTP_192}" != "x1" -a "${USE_SRTP_192}" != "no"; then
+ pbxlibdir=""
+ # if --with-SRTP_192=DIR has been specified, use it.
+ if test "x${SRTP_192_DIR}" != "x"; then
+ if test -d ${SRTP_192_DIR}/lib; then
+ pbxlibdir="-L${SRTP_192_DIR}/lib"
+ else
+ pbxlibdir="-L${SRTP_192_DIR}"
+ fi
+ fi
+ pbxfuncname="srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80"
+ if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers
+ AST_SRTP_192_FOUND=yes
+ else
+ ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
+ CFLAGS="${CFLAGS} "
+ as_ac_Lib=`$as_echo "ac_cv_lib_srtp2_${pbxfuncname}" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${pbxfuncname} in -lsrtp2" >&5
+$as_echo_n "checking for ${pbxfuncname} in -lsrtp2... " >&6; }
+if eval \${$as_ac_Lib+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsrtp2 ${pbxlibdir} $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ${pbxfuncname} ();
+int
+main ()
+{
+return ${pbxfuncname} ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$as_ac_Lib=yes"
+else
+ eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
+ AST_SRTP_192_FOUND=yes
+else
+ AST_SRTP_192_FOUND=no
+fi
+
+ CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
+ fi
+
+ # now check for the header.
+ if test "${AST_SRTP_192_FOUND}" = "yes"; then
+ SRTP_192_LIB="${pbxlibdir} -lsrtp2 "
+ # if --with-SRTP_192=DIR has been specified, use it.
+ if test "x${SRTP_192_DIR}" != "x"; then
+ SRTP_192_INCLUDE="-I${SRTP_192_DIR}/include"
+ fi
+ SRTP_192_INCLUDE="${SRTP_192_INCLUDE} "
+ if test "x" = "x" ; then # no header, assume found
+ SRTP_192_HEADER_FOUND="1"
+ else # check for the header
+ ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
+ CPPFLAGS="${CPPFLAGS} ${SRTP_192_INCLUDE}"
+ ac_fn_c_check_header_mongrel "$LINENO" "" "ac_cv_header_" "$ac_includes_default"
+if test "x$ac_cv_header_" = xyes; then :
+ SRTP_192_HEADER_FOUND=1
+else
+ SRTP_192_HEADER_FOUND=0
+fi
+
+
+ CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
+ fi
+ if test "x${SRTP_192_HEADER_FOUND}" = "x0" ; then
+ SRTP_192_LIB=""
+ SRTP_192_INCLUDE=""
+ else
+ if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library
+ SRTP_192_LIB=""
+ fi
+ PBX_SRTP_192=1
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SRTP_192 1
+_ACEOF
+
+ fi
+ fi
+fi
+
+
+
if test "x${PBX_SRTP_GCM}" != "x1" -a "${USE_SRTP_GCM}" != "no"; then
pbxlibdir=""
# if --with-SRTP_GCM=DIR has been specified, use it.
diff --git a/configure.ac b/configure.ac
index 9f95786e11..c729b94aba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2520,6 +2520,7 @@ AST_EXT_LIB_CHECK_SHARED([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [
if test "x$PBX_SRTP" = x1;
then
AST_EXT_LIB_CHECK([SRTP_256], [srtp2], [srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80])
+ AST_EXT_LIB_CHECK([SRTP_192], [srtp2], [srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80])
AST_EXT_LIB_CHECK([SRTP_GCM], [srtp2], [srtp_crypto_policy_set_aes_gcm_128_8_auth])
AST_EXT_LIB_CHECK([SRTP_SHUTDOWN], [srtp2], [srtp_shutdown], [srtp2/srtp.h])
diff --git a/res/srtp/srtp_compat.h b/res/srtp/srtp_compat.h
index 56ffca1cc2..dbd8ddee0f 100644
--- a/res/srtp/srtp_compat.h
+++ b/res/srtp/srtp_compat.h
@@ -16,6 +16,18 @@
#define crypto_policy_set_aes_gcm_128_8_auth srtp_crypto_policy_set_aes_gcm_128_8_auth
#define crypto_policy_set_aes_gcm_256_8_auth srtp_crypto_policy_set_aes_gcm_256_8_auth
+#if defined(SRTP_AES_GCM_128_KEY_LEN_WSALT)
+#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_GCM_128_KEY_LEN_WSALT
+#else
+#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_128_GCM_KEYSIZE_WSALT
+#endif
+
+#if defined(SRTP_AES_GCM_256_KEY_LEN_WSALT)
+#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_GCM_256_KEY_LEN_WSALT
+#else
+#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_256_GCM_KEYSIZE_WSALT
+#endif
+
#define err_status_t srtp_err_status_t
#define err_status_ok srtp_err_status_ok
#define err_status_fail srtp_err_status_fail
--
2.14.1
|
