Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #34 from cisco/feature-openssl
Merge feature openssl branch
  • Loading branch information
jfigus committed Mar 2, 2014
2 parents b1b8016 + bce4f85 commit f34baf3
Show file tree
Hide file tree
Showing 38 changed files with 8,359 additions and 7,200 deletions.
31 changes: 24 additions & 7 deletions Makefile.in
Expand Up @@ -9,10 +9,13 @@
# test builds test applications
# libcrypt.a static library implementing crypto engine
# libsrtp.a static library implementing srtp
# libsrtp.so shared library implementing srtp
# clean removes objects, libs, and executables
# distribution cleans and builds a .tgz
# tags builds etags file from all .c and .h files

USE_OPENSSL = @USE_OPENSSL@

.PHONY: all test build_table_apps

all: test
Expand All @@ -27,6 +30,9 @@ runtest: build_table_apps test
test/replay_driver$(EXE) -v >/dev/null
test/dtls_srtp_driver$(EXE) >/dev/null
cd test; $(abspath $(srcdir))/test/rtpw_test.sh >/dev/null
ifeq (1, $(USE_OPENSSL))
cd test; $(abspath $(srcdir))/test/rtpw_test_gcm.sh >/dev/null
endif
@echo "libsrtp test applications passed."
$(MAKE) -C crypto runtest

Expand Down Expand Up @@ -55,6 +61,9 @@ gdoi = @GDOI_OBJS@

# Random source.
RNG_OBJS = @RNG_OBJS@
HMAC_OBJS = @HMAC_OBJS@
RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
AES_ICM_OBJS = @AES_ICM_OBJS@

srcdir = @srcdir@
top_srcdir = @top_srcdir@
Expand All @@ -77,11 +86,10 @@ libdir = @libdir@

# libcrypt.a (the crypto engine)
ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o \
crypto/cipher/aes.o crypto/cipher/aes_icm.o \
crypto/cipher/aes_cbc.o
$(AES_ICM_OBJS)

hashes = crypto/hash/null_auth.o crypto/hash/sha1.o \
crypto/hash/hmac.o crypto/hash/auth.o # crypto/hash/tmmhv2.o
hashes = crypto/hash/null_auth.o crypto/hash/auth.o \
$(HMAC_OBJS)

replay = crypto/replay/rdb.o crypto/replay/rdbx.o \
crypto/replay/ut_sim.o
Expand All @@ -90,7 +98,7 @@ math = crypto/math/datatypes.o crypto/math/stat.o

ust = crypto/ust/ust.o

rng = crypto/rng/$(RNG_OBJS) crypto/rng/prng.o crypto/rng/ctr_prng.o
rng = crypto/rng/$(RNG_OBJS) $(RNG_EXTRA_OBJS)

err = crypto/kernel/err.o

Expand All @@ -107,6 +115,10 @@ libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
ar cr libsrtp.a $^
$(RANLIB) libsrtp.a

libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
$(CC) -shared -Wl,-soname,libsrtp.so $(LDFLAGS) \
-o libsrtp.so $^

# libcryptomath.a contains general-purpose routines that are used to
# generate tables and verify cryptoalgorithm implementations - this
# library is not meant to be included in production code
Expand All @@ -119,8 +131,11 @@ libcryptomath.a: $(cryptomath)


# test applications
ifneq (1, $(USE_OPENSSL))
AES_CALC = crypto/test/aes_calc$(EXE)
endif

crypto_testapp = crypto/test/aes_calc$(EXE) crypto/test/cipher_driver$(EXE) \
crypto_testapp = $(AES_CALC) crypto/test/cipher_driver$(EXE) \
crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \
crypto/test/stat_driver$(EXE)
Expand Down Expand Up @@ -200,15 +215,17 @@ install:
cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
if [ -f libsrtp.so ]; then cp libsrtp.so $(DESTDIR)$(libdir)/; fi

uninstall:
rm -f $(DESTDIR)$(includedir)/srtp/*.h
rm -f $(DESTDIR)$(libdir)/libsrtp.a
rm -f $(DESTDIR)$(libdir)/libsrtp.so
-rmdir $(DESTDIR)$(includedir)/srtp

clean:
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
libcryptomath.a libsrtp.a core *.core test/core
libcryptomath.a libsrtp.a libsrtp.so core *.core test/core
for a in * */* */*/*; do \
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
done;
Expand Down
14 changes: 10 additions & 4 deletions README
Expand Up @@ -26,6 +26,7 @@ The configure script accepts the following options:
--enable-syslog use syslog for error reporting
--disable-stdout use stdout for error reporting
--enable-console use /dev/console for error reporting
--enable-openssl use OpenSSL crypto primitives
--gdoi use GDOI key management (disabled at present)

By default, debugging is enabled and stdout is used for debugging.
Expand Down Expand Up @@ -77,7 +78,7 @@ Applications
Manual srtp keying uses the -k option; automated key management
using gdoi will be added later.

usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port
usage: rtpw [-d <debug>]* [-k <key> [-a][-e <key size>][-g]] [-s | -r] dest_ip dest_port
or rtpw -l

Either the -s (sender) or -r (receiver) option must be chosen.
Expand All @@ -95,15 +96,20 @@ or rtpw -l
key is a hexadecimal value (without the
leading "0x")

-e encrypt/decrypt (for data confidentiality)
-e <keysize> encrypt/decrypt (for data confidentiality)
(requires use of -k option as well)
(use 128, 192, or 256 for keysize)

-g use AES-GCM mode (must be used with -e)

-a message authentication
(requires use of -k option as well)

-l list debug modules

-d <debug> turn on debugging for module <debug>
-i specify input/output file
(instead of using dictionary file)


In order to get random 30-byte values for use as key/salt pairs , you
Expand All @@ -119,7 +125,7 @@ An example of an SRTP session using two rtpw programs follows:

set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451

[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999
[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
Security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
setting SSRC to 2078917053
Expand All @@ -129,7 +135,7 @@ sending word: aa
sending word: aal
...

[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999
[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
19 octets received from SSRC 2078917053 word: A
Expand Down
3 changes: 3 additions & 0 deletions config_in.h
Expand Up @@ -141,6 +141,9 @@
/* Define to use GDOI. */
#undef SRTP_GDOI

/* Define to use OpenSSL crypto. */
#undef OPENSSL

/* Define to compile for kernel contexts. */
#undef SRTP_KERNEL

Expand Down

0 comments on commit f34baf3

Please sign in to comment.