[RFC] Support for libsrtp

MAINTAINERS.yml

@@ -5853,6 +5853,16 @@ West:
   labels:
     - "area: Audio"
 
+"West project: libsrtp":
+  status: maintained
+  maintainers:
+    - josuah
+  files:
+    - modules/libsrtp/
+    - samples/modules/libsrtp/
+  labels:
+    - "area: Networking"
+
 "West project: littlefs":
   status: odd fixes
   files:

modules/libsrtp/CMakeLists.txt

@@ -0,0 +1,43 @@
+# Copyright (c) 2025 Sayed Naser Moravej <seyednasermoravej@gmail.com>
+# SPDX-License-Identifier: Apache-2.0
+
+if(CONFIG_LIBSRTP)
+
+zephyr_include_directories(
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/include
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/include
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/test
+)
+
+zephyr_library_named(libsrtp)
+
+zephyr_library_compile_definitions(MBEDTLS)
+
+zephyr_library_sources(
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/srtp/srtp.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/cipher/cipher.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/cipher/cipher_test_cases.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/cipher/null_cipher.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/math/datatypes.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/kernel/alloc.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/kernel/key.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/kernel/err.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/kernel/crypto_kernel.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/replay/rdb.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/replay/rdbx.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/hash/auth.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/hash/auth_test_cases.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/test/rtp.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/hash/null_auth.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/test/util.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/hash/hmac_mbedtls.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/cipher/aes_icm_mbedtls.c
+  ${ZEPHYR_LIBSRTP_MODULE_DIR}/crypto/cipher/aes_gcm_mbedtls.c
+)
+
+zephyr_library_compile_definitions(libsrtp HAVE_CONFIG_H)
+
+zephyr_library_link_libraries(mbedTLS)
+
+endif()

modules/libsrtp/Kconfig

@@ -0,0 +1,18 @@
+# Copyright (c) 2025 Sayed Naser Moravej <seyednasermoravej@gmail.com>
+# SPDX-License-Identifier: Apache-2.0
+
+config LIBSRTP
+	bool "libsrtp support"
+	depends on MBEDTLS
+	select MBEDTLS_CIPHER_AES_ENABLED
+	select MBEDTLS_CIPHER_CAMELLIA_ENABLED
+	select MBEDTLS_CIPHER_DES_ENABLED
+	select MBEDTLS_CIPHER_CHACHA20_ENABLED
+	select MBEDTLS_CIPHER_CCM_ENABLED
+	select MBEDTLS_CIPHER_GCM_ENABLED
+	select MBEDTLS_CIPHER_MODE_XTS_ENABLED
+	select MBEDTLS_CIPHER_MODE_CBC_ENABLED
+	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
+
+	help
+	  Enable libsrtp library integration as a Zephyr module.

modules/libsrtp/config.h

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2025 Sayed Naser Moravej <seyednasermoravej@gmail.com>
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <stdbool.h>
+
+#define PACKAGE_VERSION "1.0.0"
+
+#define PACKAGE_STRING "Zephyr 1.0.0"
+
+#define ENABLE_DEBUG_LOGGING 1
+
+#define CPU_CISC 1
+
+#define HAVE_ARPA_INET_H 1
+
+#define HAVE_INTTYPES_H 1
+
+#define HAVE_NETINET_IN_H 1
+
+#define HAVE_STDINT_H 1
+
+#define HAVE_STDLIB_H 1
+
+#define HAVE_SYS_SOCKET_H 1
+
+#define HAVE_SYS_TYPES_H 1
+
+#define HAVE_UNISTD_H 1
+
+#define HAVE_INET_ATON 1
+
+#define HAVE_USLEEP 1
+
+#define HAVE_UINT8_T 1
+
+#define HAVE_UINT16_T 1
+
+#define HAVE_UINT32_T 1
+
+#define HAVE_UINT64_T 1
+
+#define HAVE_INT32_T 1
+
+#define SIZEOF_UNSIGNED_LONG 4
+
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+#define _SYS_SOCKET_H	1
+
+#include <zephyr/net/socket.h>
+
+#define MBEDTLS_AES_C
+
+#define MBEDTLS_CIPHER_C
+
+#define MBEDTLS_GCM_C
+
+#define MBEDTLS_CTR_DRBG_C
+
+#define MBEDTLS_MD_C
+
+#define MBEDTLS_HMAC_DRBG_C
+
+#define MBEDTLS 1
+
+#define HAVE_INLINE 1

samples/modules/libsrtp/rtpw/CMakeLists.txt

@@ -0,0 +1,4 @@
+cmake_minimum_required(VERSION 3.20.0)
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(rtpw)
+target_sources(app PRIVATE src/main.c)

samples/modules/libsrtp/rtpw/Kconfig

@@ -0,0 +1,44 @@
+# Copyright (c) 2025 Sayed Naser Moravej <seyednasermoravej@gmail.com>
+# SPDX-License-Identifier: Apache-2.0
+
+mainmenu "RTPW Sample Application"
+
+config NET_SAMPLE_SRTP_KEY
+	string "SRTP master key for RTPW example."
+	default "c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451"
+	help
+	  This key in hexadecimal which is used by the application. You can override it in prj.conf
+	  or via menuconfig / guiconfig.
+
+choice
+	prompt "Program mode"
+	default NET_SAMPLE_SENDER
+	help
+	  Select whether this application runs as sender or receiver.
+
+config NET_SAMPLE_SENDER
+	bool "Sender mode"
+	help
+	  Build the application as an RTP sender.
+
+config NET_SAMPLE_RECEIVER
+	bool "Receiver mode"
+	help
+	  Build the application as an RTP receiver.
+
+endchoice
+
+config NET_CONFIG_PEER_IPV4_ADDR
+	string
+	default "10.42.0.1" if NET_SAMPLE_SENDER
+	default "0.0.0.0" if NET_SAMPLE_RECEIVER
+	help
+	  Peer IPv4 address used by the RTPW example.
+
+config NET_SAMPLE_SRTP_SERVER_PORT
+	int "SRTP port"
+	default 9999
+	help
+	  SRTP port that the application sends or receives over that port.
+
+source "Kconfig.zephyr"

samples/modules/libsrtp/rtpw/README.rst

@@ -0,0 +1,105 @@
+.. zephyr:code-sample:: rtpw
+   :name: SRTP client and server
+
+   Send and receive data using (S)RTP protocol.
+
+Overveiw
+********
+
+A simple demo of using (S)RTP protocol to send and receive data over network. The sample could be sender or receiver.
+
+To test (S)RTP via a Linux machine, you should build the libsrtp.
+
+To test the sender while PC is receiver, the peer IP address should be set in Kconfig file. Next open a terminal and enter command:
+
+.. code-block:: shell
+
+   ~/libsrtp/test$ ./rtpw -r -k c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 -e 128 -a 0.0.0.0 9999
+
+You should see in PC side:
+
+.. code-block:: console
+
+   Using libsrtp3 3.0.0-pre [0x3000000]
+   security services: confidentiality message authentication
+   set master key/salt to c1eec3717da76195bb878578790af71c/4ee9f859e197a414a78d5abc7451
+      word: SRTP test0.
+      word: SRTP test1.
+      word: SRTP test2.
+      word: SRTP test3.
+
+You should see in device side:
+
+.. code-block:: console
+
+   *** Booting Zephyr OS build v4.2.0-5032-g84d1da7ea2a6 ***
+   [00:00:00.060,000] <inf> net_config: Initializing network
+   [00:00:00.068,000] <inf> net_config: Waiting interface 1 (0x341b0380) to be up...
+   [00:00:01.651,000] <inf> phy_mii: PHY (0) Link speed 100 Mb, full duplex
+   [00:00:01.660,000] <inf> net_config: Interface 1 (0x341b0380) coming up
+   [00:00:01.670,000] <inf> net_config: IPv4 address: 10.42.0.2
+   [00:00:01.678,000] <inf> rtpw_sample: Using Zephyr 1.0.0 [0x1000000]
+   [00:00:01.770,000] <inf> rtpw_sample: peer IPv4 address: 10.42.0.1.
+   [00:00:01.779,000] <inf> rtpw_sample: my IPv4 address: 10.42.0.2.
+   [00:00:01.788,000] <inf> rtpw_sample: sending word: SRTP test0.
+   [00:00:02.297,000] <inf> rtpw_sample: sending word: SRTP test1.
+   [00:00:02.806,000] <inf> rtpw_sample: sending word: SRTP test2.
+   [00:00:03.315,000] <inf> rtpw_sample: sending word: SRTP test3.
+
+To test (S)RTP via a Linux machine, you should build the libsrtp.
+To test the receiver while PC is sender, the peer IP address should be set in Kconfig file. Next open a terminal and enter command:
+
+.. code-block:: shell
+
+   ~/libsrtp/test$ ./rtpw -s -k c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 -e 128 -a <CONFIG_NET_CONFIG_MY_IPV4_ADDR> 9999
+
+for example:
+
+.. code-block:: shell
+
+   ~/libsrtp/test$ ./rtpw -s -k c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 -e 128 -a 10.42.0.2 9999
+
+You should see in PC side:
+
+.. code-block:: console
+
+   Using libsrtp3 3.0.0-pre [0x3000000]
+   security services: confidentiality message authentication
+   set master key/salt to c1eec3717da76195bb878578790af71c/4ee9f859e197a414a78d5abc7451
+   sending word: abducing
+   sending word: acidheads
+   sending word: acidness
+   sending word: actons
+
+You should see in device side:
+
+.. code-block:: console
+
+   *** Booting Zephyr OS build v4.2.0-5032-g84d1da7ea2a6 ***
+   [00:00:00.060,000] <inf> net_config: Initializing network
+   [00:00:00.068,000] <inf> net_config: Waiting interface 1 (0x341b04c0) to be up...
+   [00:00:01.651,000] <inf> phy_mii: PHY (0) Link speed 100 Mb, full duplex
+   [00:00:01.660,000] <inf> net_config: Interface 1 (0x341b04c0) coming up
+   [00:00:01.670,000] <inf> net_config: IPv4 address: 10.42.0.2
+   [00:00:01.678,000] <inf> rtpw_sample: Using Zephyr 1.0.0 [0x1000000]
+   [00:00:01.770,000] <inf> rtpw_sample: peer IPv4 address: 0.0.0.0.
+   [00:00:01.779,000] <inf> rtpw_sample: my IPv4 address: 10.42.0.2.
+   [00:00:18.010,000] <inf> rtpw_sample: receiving word: abducing
+   [00:00:18.510,000] <inf> rtpw_sample: receiving word: acidheads
+   [00:00:19.010,000] <inf> rtpw_sample: receiving word: acidness
+   [00:00:19.510,000] <inf> rtpw_sample: receiving word: actons
+
+Configuration
+*************
+
+The sender/receiver type and the SRTP key can be changed via Kconfig file.
+
+Building and Running
+********************
+
+This application can be built as follows:
+
+.. zephyr-app-commands::
+   :zephyr-app: samples/modules/rtpw
+   :host-os: unix
+   :board: frdm_mcxn947/mcxn947/cpu0

samples/modules/libsrtp/rtpw/prj.conf

@@ -0,0 +1,52 @@
+#network
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_DHCPV4=n
+CONFIG_NET_ARP=y
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="10.42.0.2"
+CONFIG_NET_CONFIG_MY_IPV4_NETMASK="255.255.255.0"
+CONFIG_NET_L2_ETHERNET=y
+CONFIG_NET_UDP=y
+CONFIG_NET_MGMT_EVENT_INFO=y
+CONFIG_NET_MGMT=y
+CONFIG_NET_MGMT_EVENT_STACK_SIZE=2048
+CONFIG_NET_MGMT_EVENT=y
+CONFIG_SLIP_STATISTICS=n
+CONFIG_NET_SOCKETS=y
+
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_NET_LOG=y
+CONFIG_NET_SHELL=y
+CONFIG_POSIX_API=y
+
+# Logging
+CONFIG_LOG=y
+CONFIG_LOG_DEFAULT_LEVEL=3
+
+# Console
+CONFIG_SERIAL=y
+CONFIG_CONSOLE=y
+CONFIG_UART_CONSOLE=y
+
+# Crypto (mbedTLS)
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_BUILTIN=y
+CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_HEAP_SIZE=60000
+CONFIG_MBEDTLS_MD=y
+CONFIG_HEAP_MEM_POOL_SIZE=65536
+CONFIG_MBEDTLS_SHA1=y
+
+# LibSRTP
+CONFIG_LIBSRTP=y
+
+CONFIG_MAIN_STACK_SIZE=4096
+CONFIG_IDLE_STACK_SIZE=2048
+CONFIG_LOG_MODE_IMMEDIATE=y
+CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=8192
+CONFIG_NET_MGMT_EVENT_STACK_SIZE=8192
+CONFIG_NET_RX_STACK_SIZE=4096
+CONFIG_NET_TX_STACK_SIZE=2048

samples/modules/libsrtp/rtpw/sample.yaml

@@ -0,0 +1,10 @@
+sample:
+  name: sender and receiver (S)RTP protocol
+tests:
+  samples.modules.libsrtp.rtpw:
+    depends_on: netif
+    tags:
+      - net
+    build_only: true
+    platform_type:
+      - mcu