Adds libsrtp — an ESP-IDF wrapper around cisco/libsrtp pinned at v2.8.0
(commit 24b3bf8). Crypto routes through ESP-IDF's mbedTLS, so AES
protect/unprotect goes through the chip's on-chip AES peripheral by
default (CONFIG_MBEDTLS_HARDWARE_AES=y on esp32 / s2 / s3 / c3 / c5 /
c6 / p4). Pairs with libwebsockets and (upcoming) usrsctp for the
WebRTC transport stack.
The wrapper bundles cisco/libsrtp as a git submodule and compiles its
sources directly into the IDF component archive — no internal libsrtp2.a
dance. One small port-side delta in port/crypto_kernel.c opts out of
the AES-ICM-192 cipher registration when GCM is enabled (saves binary
size; AES-CM-128 + AES-GCM cover all WebRTC SRTP suites in use).
Naming + version follow cisco's release line. Component is named
'libsrtp' (registry: espressif/libsrtp) tracking whichever 2.x release
is current upstream — v2.8.0 today. The IDF version constraint
(>=5.4,<6) reflects the fact that libsrtp v2.x's mbedTLS adapters
predate the mbedTLS 4 / TF-PSA-Crypto split shipped by IDF v6; bump
when the component tracks a release that speaks mbedTLS 4.
Supported SRTP profiles via the mbedTLS backend:
AEAD: AEAD_AES_128_GCM, AEAD_AES_256_GCM
SRTP: AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32
Tests included:
test_apps/ — embedded Unity smoke (esp32 + esp32c3 via
.build-test-rules)
host_test/ — IDF Linux-target binary, AES-GCM-128 protect/
unprotect roundtrip; aborts on the first libsrtp
failure with EXPECT() for boolean assertions
examples/get_started/ — minimal init/shutdown sanity app
License: Apache-2.0 (port glue) AND BSD-3-Clause (bundled cisco/libsrtp).
(Previously prepared as espressif/idf-extra-components#753; relocated to
esp-protocols where it naturally sits alongside libwebsockets and the
other transport-stack components.)
2.5 KiB
libsrtp
libsrtp (Cisco) port for ESP-IDF using the mbedtls crypto backend with AES-GCM.
Used for SRTP/SRTCP packet protection in WebRTC and other RTP-based protocols on ESP32-series chips.
Not the same as
espressif/esp_libsrtp. The existingespressif/esp_libsrtpcomponent is a pre-built closed-source libSRTP binary distributed viaesp-adf-libs(Custom license).libsrtpis an open-source wrapper around upstreamcisco/libsrtp2.x — built from source as part of your project, BSD-3-Clause upstream + Apache-2.0 port code. Picklibsrtpwhen you need the source-built, open-source path (e.g. for WebRTC integrations); pickesp_libsrtpwhen you're already on the ADF binary stack.
Features
- libsrtp
v2.8.0(commit24b3bf8) - mbedtls crypto backend (AES-CM, AES-GCM, HMAC-SHA1) — IDF's mbedTLS routes AES through the on-chip AES peripheral when
CONFIG_MBEDTLS_HARDWARE_AES=y(default) - AEAD profiles:
AEAD_AES_128_GCM,AEAD_AES_256_GCM - SRTP profiles:
AES_CM_128_HMAC_SHA1_80,AES_CM_128_HMAC_SHA1_32
Add to a project
idf.py add-dependency "espressif/libsrtp^2.8.0"
Or in your project's main/idf_component.yml:
dependencies:
espressif/libsrtp: "^2.8.0"
Requires ESP-IDF ≥ 5.4.
Tests
test_apps/— embedded Unity smoke test (init/shutdown + version). Run withpytest_libsrtp.pyagainstesp32/esp32c3.host_test/— IDF Linux-target binary that performs an AES-GCM-128 protect/unprotect roundtrip. Run withpytest_libsrtp_linux.py.
Source
This wrapper bundles cisco/libsrtp as a git submodule pinned at the upstream release tag. All SRTP cryptographic implementation is upstream; this repo adds only the ESP-IDF build glue (CMakeLists.txt, port/config.h) plus one small port-side delta in port/crypto_kernel.c (replaces the upstream crypto/kernel/crypto_kernel.c) to opt out of the AES-ICM-192 cipher registration when GCM is enabled. Re-port from upstream when bumping the libsrtp submodule.
License
Apache-2.0 AND BSD-3-Clause — the ESP-IDF port glue under this repo (CMakeLists.txt, port/, Kconfig, build scripts) is Apache-2.0 (see LICENSE); the bundled libsrtp/ submodule remains under upstream's BSD-3-Clause (see libsrtp/LICENSE).