Files
Vikram Dattu e5997168d9 feat(libsrtp): add component (libsrtp v2.8.0 + ESP-IDF mbedTLS port)
Adds libsrtp — an ESP-IDF wrapper around cisco/libsrtp pinned at v2.8.0
(commit 24b3bf8). Crypto routes through ESP-IDF's mbedTLS, so AES
protect/unprotect goes through the chip's on-chip AES peripheral by
default (CONFIG_MBEDTLS_HARDWARE_AES=y on esp32 / s2 / s3 / c3 / c5 /
c6 / p4). Pairs with libwebsockets and (upcoming) usrsctp for the
WebRTC transport stack.

The wrapper bundles cisco/libsrtp as a git submodule and compiles its
sources directly into the IDF component archive — no internal libsrtp2.a
dance. One small port-side delta in port/crypto_kernel.c opts out of
the AES-ICM-192 cipher registration when GCM is enabled (saves binary
size; AES-CM-128 + AES-GCM cover all WebRTC SRTP suites in use).

Naming + version follow cisco's release line. Component is named
'libsrtp' (registry: espressif/libsrtp) tracking whichever 2.x release
is current upstream — v2.8.0 today. The IDF version constraint
(>=5.4,<6) reflects the fact that libsrtp v2.x's mbedTLS adapters
predate the mbedTLS 4 / TF-PSA-Crypto split shipped by IDF v6; bump
when the component tracks a release that speaks mbedTLS 4.

Supported SRTP profiles via the mbedTLS backend:
  AEAD: AEAD_AES_128_GCM, AEAD_AES_256_GCM
  SRTP: AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32

Tests included:
  test_apps/         — embedded Unity smoke (esp32 + esp32c3 via
                       .build-test-rules)
  host_test/         — IDF Linux-target binary, AES-GCM-128 protect/
                       unprotect roundtrip; aborts on the first libsrtp
                       failure with EXPECT() for boolean assertions
  examples/get_started/ — minimal init/shutdown sanity app

License: Apache-2.0 (port glue) AND BSD-3-Clause (bundled cisco/libsrtp).

(Previously prepared as espressif/idf-extra-components#753; relocated to
esp-protocols where it naturally sits alongside libwebsockets and the
other transport-stack components.)
2026-06-22 06:58:32 +02:00

2.5 KiB

libsrtp

Component Registry

libsrtp (Cisco) port for ESP-IDF using the mbedtls crypto backend with AES-GCM.

Used for SRTP/SRTCP packet protection in WebRTC and other RTP-based protocols on ESP32-series chips.

Not the same as espressif/esp_libsrtp. The existing espressif/esp_libsrtp component is a pre-built closed-source libSRTP binary distributed via esp-adf-libs (Custom license). libsrtp is an open-source wrapper around upstream cisco/libsrtp 2.x — built from source as part of your project, BSD-3-Clause upstream + Apache-2.0 port code. Pick libsrtp when you need the source-built, open-source path (e.g. for WebRTC integrations); pick esp_libsrtp when you're already on the ADF binary stack.

Features

  • libsrtp v2.8.0 (commit 24b3bf8)
  • mbedtls crypto backend (AES-CM, AES-GCM, HMAC-SHA1) — IDF's mbedTLS routes AES through the on-chip AES peripheral when CONFIG_MBEDTLS_HARDWARE_AES=y (default)
  • AEAD profiles: AEAD_AES_128_GCM, AEAD_AES_256_GCM
  • SRTP profiles: AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32

Add to a project

idf.py add-dependency "espressif/libsrtp^2.8.0"

Or in your project's main/idf_component.yml:

dependencies:
  espressif/libsrtp: "^2.8.0"

Requires ESP-IDF ≥ 5.4.

Tests

  • test_apps/ — embedded Unity smoke test (init/shutdown + version). Run with pytest_libsrtp.py against esp32 / esp32c3.
  • host_test/ — IDF Linux-target binary that performs an AES-GCM-128 protect/unprotect roundtrip. Run with pytest_libsrtp_linux.py.

Source

This wrapper bundles cisco/libsrtp as a git submodule pinned at the upstream release tag. All SRTP cryptographic implementation is upstream; this repo adds only the ESP-IDF build glue (CMakeLists.txt, port/config.h) plus one small port-side delta in port/crypto_kernel.c (replaces the upstream crypto/kernel/crypto_kernel.c) to opt out of the AES-ICM-192 cipher registration when GCM is enabled. Re-port from upstream when bumping the libsrtp submodule.

License

Apache-2.0 AND BSD-3-Clause — the ESP-IDF port glue under this repo (CMakeLists.txt, port/, Kconfig, build scripts) is Apache-2.0 (see LICENSE); the bundled libsrtp/ submodule remains under upstream's BSD-3-Clause (see libsrtp/LICENSE).