[jitsi-dev] [libjitsi] Rework encryption openssl offloading (#83)


#1

This is a WIP, but it's working :slight_smile:
- drop F8 mode as it's optional and apparently designed for UMTS
- cleanup & rework SRTPCipherCTR (our current java AES CTR implementation)
- rename SRTPCipherCTR to SRTPCipherCTRJava, make SRTPCipherCTR an interface
- add SRTPCipherCTROpenSSL (1 JNI call to encrypt a packet instead of 1 for every 16 bytes)
- use dlopen to load libcrypto, this allow us to work with all libcrypto 1.0.x version (we only depend on the functions that we use) for now this is linux only but making it work on windows and mac shouldn't be hard
- remove OpenSSLBlockCipher

according to my benchmark SRTPCipherCTROpenSSL is 6 times faster than SRTPCipherCTRJava (with JCE provider), and now aes enc/dec is outside of the top 10 in perf-java-top

Comments welcome
You can view, comment on, or merge this pull request online at:

聽聽https://github.com/jitsi/libjitsi/pull/83

-- Commit Summary --

聽聽* Normalize EOL for java files
聽聽* Drop F8 mode support, it's optionnal and for UMTS network
聽聽* Rework SRTPCipherCTR.getCipherStream
聽聽* Call SRTPCipherCTR getStreamCipher with a len modulo BLKLEN
聽聽* Hide cipher inside SRTPCipherCTR
聽聽* Make SRTPCipherCTR.getCipherStream private
聽聽* Make SRTPCipherCTR an interface
聽聽* Add SRTPCipherCTROpenSSL, use it by default if available
聽聽* dynamically load libcrypto
聽聽* Remove OpenSSLBlockCipher

-- File Changes --

聽聽聽聽D src/native/openssl/BlockCipher.c (303)
聽聽聽聽D src/native/openssl/BlockCipher.h (101)
聽聽聽聽A src/native/openssl/OpenSSLWrapperLoader.c (21)
聽聽聽聽A src/native/openssl/OpenSSLWrapperLoader.h (21)
聽聽聽聽A src/native/openssl/SRTPCipherCTROpenSSL.c (92)
聽聽聽聽A src/native/openssl/SRTPCipherCTROpenSSL.h (45)
聽聽聽聽M src/org/jitsi/examples/AVReceive2.java (782)
聽聽聽聽M src/org/jitsi/examples/AVTransmit2.java (848)
聽聽聽聽M src/org/jitsi/impl/configuration/ConfigurationStore.java (234)
聽聽聽聽M src/org/jitsi/impl/configuration/DatabaseConfigurationStore.java (206)
聽聽聽聽M src/org/jitsi/impl/configuration/HashtableConfigurationStore.java (282)
聽聽聽聽M src/org/jitsi/impl/configuration/PropertyConfigurationStore.java (194)
聽聽聽聽M src/org/jitsi/impl/configuration/SortedProperties.java (150)
聽聽聽聽M src/org/jitsi/impl/configuration/xml/XMLConfigurationStore.java (1178)
聽聽聽聽M src/org/jitsi/impl/neomedia/RTPConnectorInputStream.java (1972)
聽聽聽聽M src/org/jitsi/impl/neomedia/RTPConnectorOutputStream.java (1766)
聽聽聽聽M src/org/jitsi/impl/neomedia/RawPacket.java (2676)
聽聽聽聽M src/org/jitsi/impl/neomedia/codec/AbstractCodec2.java (1078)
聽聽聽聽M src/org/jitsi/impl/neomedia/codec/audio/ilbc/JavaEncoder.java (584)
聽聽聽聽M src/org/jitsi/impl/neomedia/codec/video/HFlip.java (740)
聽聽聽聽M src/org/jitsi/impl/neomedia/codec/video/h264/JNIDecoder.java (968)
聽聽聽聽M src/org/jitsi/impl/neomedia/control/DiagnosticsControl.java (80)
聽聽聽聽M src/org/jitsi/impl/neomedia/device/DirectShowSystem.java (262)
聽聽聽聽M src/org/jitsi/impl/neomedia/device/WASAPISystem.java (3364)
聽聽聽聽M src/org/jitsi/impl/neomedia/format/ParameterizedVideoFormat.java (594)
聽聽聽聽M src/org/jitsi/impl/neomedia/jmfext/media/protocol/AbstractBufferCaptureDevice.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/AbstractBufferStream.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/AbstractVideoPullBufferCaptureDevice.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/AbstractVideoPullBufferStream.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/directshow/DataSource.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/directshow/DirectShowStream.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/wasapi/DataSource.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/wasapi/HResultException.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/wasapi/IMMNotificationClient.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/wasapi/MMNotificationClient.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/protocol/wasapi/WASAPI.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/renderer/audio/WASAPIRenderer.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/renderer/video/Java2DRenderer.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/jmfext/media/renderer/video/Java2DRendererVideoComponent.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/PacketTransformer.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/TransformEngine.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/dtls/DatagramTransportImpl.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/AES.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/BaseSRTPCryptoContext.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/CryptoBenchmark.java (0)
聽聽聽聽D src/org/jitsi/impl/neomedia/transform/srtp/OpenSSLBlockCipher.java (0)
聽聽聽聽A src/org/jitsi/impl/neomedia/transform/srtp/OpenSSLWrapperLoader.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/SRTCPCryptoContext.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/SRTPCipherCTR.java (0)
聽聽聽聽A src/org/jitsi/impl/neomedia/transform/srtp/SRTPCipherCTRJava.java (0)
聽聽聽聽A src/org/jitsi/impl/neomedia/transform/srtp/SRTPCipherCTROpenSSL.java (0)
聽聽聽聽D src/org/jitsi/impl/neomedia/transform/srtp/SRTPCipherF8.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/SRTPContextFactory.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/srtp/SRTPCryptoContext.java (0)
聽聽聽聽I src/org/jitsi/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java (0)
聽聽聽聽I src/org/jitsi/service/libjitsi/LibJitsiActivator.java (0)
聽聽聽聽I src/org/jitsi/service/neomedia/SDesControl.java (0)
聽聽聽聽I src/org/jitsi/service/neomedia/SrtpControlType.java (0)
聽聽聽聽I src/org/jitsi/service/neomedia/control/KeyFrameControl.java (0)
聽聽聽聽I src/org/jitsi/util/event/PropertyChangeNotifier.java (0)
聽聽聽聽I src/org/jitsi/util/swing/FitLayout.java (0)
聽聽聽聽I src/org/jitsi/util/swing/VideoContainer.java (0)
聽聽聽聽I src/org/jitsi/util/swing/VideoLayout.java (0)

-- Patch Links --

https://github.com/jitsi/libjitsi/pull/83.patch
https://github.com/jitsi/libjitsi/pull/83.diff

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83


#2

Please remove the normalize commit, it shouldn't be necessary anymore.

I'm very reluctant to remove the F8 mode. It is a mandatory option for the SDES key exchange and AFAIK also for ZRTP. Remember that libjitsi isn't just for the Videobridge.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-189927619


#3

Also, please make sure that the code formatting is correct in all files. There are a lot of incorrect brace positions and lines that are too long.

Before you spend more work though, wait for confirmation from @lyubomir that replacing the BlockCipher with SrtpCipherCtrJava/OpenSsl is fine. It does make a lot of sense to me.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-189937043


#4

@ibauersachs in RFC3711 AES-f8 is optionnal (https://tools.ietf.org/html/rfc3711#section-5), can you show me where it's mandatory?
I see no mention of AES-f8 in http://www.rfc-editor.org/rfc/rfc6189.txt (ZRTP)
It's in https://tools.ietf.org/html/rfc4568#section-6.2, but it's not mandatory, as AES GCM is not mandatory but do exists

Also i already asked on the ML (http://lists.jitsi.org/pipermail/dev/2016-February/026832.html) but nobody gave me a user of AES-f8, that's why i dropped it (and it simplify my rework)

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-190224165


#5

RFC4568, section 6.2.3.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-190254186


#6

RFC4568 section 6.2 unfortunately lacks any definition of which cipher suites are mandatory. However I'd consider an implementation incomplete because it is defined in the original spec and not in an extension (like 256bit encryption or as you mentioned the gcm suites).

Lets discuss that in TheCall in an hour.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-190263620


#7

Closed #83.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#event-576299722


#8

@champtar, could you please explain why you closed this PR? I started reviewing it yesterday.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-191820165


#9

I've a better version comming, where i don't drop F8, and do some more cleanup.
Doing final tests right now.
Many parts are similar so you haven't lost too much time,
sorry for the lack of communication.

路路路

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/83#issuecomment-191824316