[Freeswitch-users] Hardware crypto support

Kristian Kielhofner kkielhofner at star2star.com
Sat Oct 18 11:34:33 PDT 2008


Hello everyone,

  I've been a big fan of hardware crypto acceleration for some time.
On x86 I especially like VIA Padlock (available in C3/C7 cpus):

http://www.logix.cz/michal/devel/padlock/

  I've patched several apps using OpenSSL 0.9.7 to support padlock and
the results really are pretty amazing.  There are now patches
available for OpenSSL 0.9.8 to init the hardware engine for any app
compiled against the patched version of OpenSSL.  Like the author
says, no more patching apps for padlock!

  However for those of us stuck with OpenSSL 0.9.7 for the time being,
where might I begin to look in the sources to patch SSL/TLS support in
FreeSWITCH?

1) SIP-TLS
2) SRTP
3) Curl w/ HTTPS
4) What else?

  The other question (maybe the first question) is - what ciphers are
typically negotiated for SRTP (where I expect most of the work to be)?
 All I've ever seen is AES_CM_128_HMAC_SHA1_32, which *should* do
fairly well on cores that have hashing in hardware (Esther/C7).

P.S. - I understand that for many configurations I can side step RTP
handing all together, or simply pass it through FreeSWITCH.  However,
in many situations (SIP-TLS SRTP on handset -> SIP UDP RTP SIP
provider) this isn't possible and FreeSWITCH would need to decrypt the
incoming RTP stream/encrypt the outgoing stream (which works
perfectly, btw).

Thoughts?

-- 
Kristian Kielhofner
http://blog.krisk.org
http://www.submityoursip.com
http://www.astlinux.org
http://www.star2star.com




More information about the FreeSWITCH-users mailing list