Files
Vikram Dattu e5997168d9 feat(libsrtp): add component (libsrtp v2.8.0 + ESP-IDF mbedTLS port)
Adds libsrtp — an ESP-IDF wrapper around cisco/libsrtp pinned at v2.8.0
(commit 24b3bf8). Crypto routes through ESP-IDF's mbedTLS, so AES
protect/unprotect goes through the chip's on-chip AES peripheral by
default (CONFIG_MBEDTLS_HARDWARE_AES=y on esp32 / s2 / s3 / c3 / c5 /
c6 / p4). Pairs with libwebsockets and (upcoming) usrsctp for the
WebRTC transport stack.

The wrapper bundles cisco/libsrtp as a git submodule and compiles its
sources directly into the IDF component archive — no internal libsrtp2.a
dance. One small port-side delta in port/crypto_kernel.c opts out of
the AES-ICM-192 cipher registration when GCM is enabled (saves binary
size; AES-CM-128 + AES-GCM cover all WebRTC SRTP suites in use).

Naming + version follow cisco's release line. Component is named
'libsrtp' (registry: espressif/libsrtp) tracking whichever 2.x release
is current upstream — v2.8.0 today. The IDF version constraint
(>=5.4,<6) reflects the fact that libsrtp v2.x's mbedTLS adapters
predate the mbedTLS 4 / TF-PSA-Crypto split shipped by IDF v6; bump
when the component tracks a release that speaks mbedTLS 4.

Supported SRTP profiles via the mbedTLS backend:
  AEAD: AEAD_AES_128_GCM, AEAD_AES_256_GCM
  SRTP: AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32

Tests included:
  test_apps/         — embedded Unity smoke (esp32 + esp32c3 via
                       .build-test-rules)
  host_test/         — IDF Linux-target binary, AES-GCM-128 protect/
                       unprotect roundtrip; aborts on the first libsrtp
                       failure with EXPECT() for boolean assertions
  examples/get_started/ — minimal init/shutdown sanity app

License: Apache-2.0 (port glue) AND BSD-3-Clause (bundled cisco/libsrtp).

(Previously prepared as espressif/idf-extra-components#753; relocated to
esp-protocols where it naturally sits alongside libwebsockets and the
other transport-stack components.)
2026-06-22 06:58:32 +02:00
..