Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the original libSRTP (without OpenSSL), support for AES-256 was added in May 2010 with commit 5df951a, but AES-192 was not implemented (see
crypto/cipher/aes.c:aes_expand_encryption_key
). Since 2013 with OpenSSL enabled (see pull request #34), libSRTP supports AES-192 as well. Or stated differently:If you want the crypto suite
AES_192_CM_HMAC_SHA1_80
in your VoIP application, you have to go for./configure --enable-openssl
otherwise, just AES-256 and AES-128 work. As a side-effect, you get AES-NI and AES-GCM.
Even with the current source code, AES-192 works only between VoIP applications which use the same library (for example locally on the same computer). I did not squash the two commits on purpose, hopefully to make the overall pull request easier to understand.
This is approach/alternative B to solve this issue. Because I am just a contributor and not a member of the team, I cannot decide whether the approach A or B is the correct one. If you do not like the other approach A, please, consider this simpler change-set here for inclusion, especially because several VoIP/SIP clients leverage AES-192 already (like Acrobits Groundwire and Media5-fone).