cisco · seyednasermoravej · Sep 22, 2025 · Oct 2, 2025 · Oct 9, 2025 · Dec 25, 2025
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -317,7 +317,12 @@ if(WIN32)
   target_compile_definitions(srtp3 PUBLIC _CRT_SECURE_NO_WARNINGS)
 endif()
 
-install(TARGETS srtp3 EXPORT libSRTPTargets)
+install(TARGETS srtp3
+  EXPORT libSRTPTargets
+  RUNTIME DESTINATION bin
+  LIBRARY DESTINATION lib
+  ARCHIVE DESTINATION lib
+)
 
 install(FILES include/srtp.h crypto/include/auth.h
   crypto/include/cipher.h

diff --git a/README.md b/README.md
@@ -60,6 +60,7 @@ because it does its work behind the scenes.
 - [Installing and Building libSRTP](#installing-and-building-libsrtp)
   - [Changing Build Configuration](#changing-build-configuration)
   - [Using Visual Studio](#using-visual-studio)
+  - [Using Meson](#using-meson)
 - [Applications](#applications)
   - [Example Code](#example-code)
 - [Credits](#credits)
@@ -289,6 +290,12 @@ make:
 make
 ~~~
 
+Assuming the mbedtls V4.0 is installed in `mbedtls-4` directory.
+~~~.txt
+cmake -S . -B build   -DCRYPTO_LIBRARY=mbedtls   -DMBEDTLS_INCLUDE_DIRS=/opt/mbedtls-4/include   -DMBEDTLS_LIBRARY="/opt/mbedtls-4/lib/libmbedtls.a;/opt/mbedtls-4/lib/libmbedcrypto.a" && cmake --build build
+~~~
+
+
 The configure script accepts the following options:
 
 Option                         | Description

diff --git a/crypto/cipher/aes_gcm_mbedtls.c b/crypto/cipher/aes_gcm_mbedtls.c
@@ -46,7 +46,8 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
-#include <mbedtls/gcm.h>
+
+#include <psa/crypto.h>
 #include "aes_gcm.h"
 #include "alloc.h"
 #include "err.h" /* for srtp_debug */
@@ -198,7 +199,6 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_alloc(srtp_cipher_t **c,
     if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
         return (srtp_err_status_bad_param);
     }
-
     /* allocate memory a cipher of type aes_gcm */
     *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
     if (*c == NULL) {
@@ -212,15 +212,15 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_alloc(srtp_cipher_t **c,
         return (srtp_err_status_alloc_fail);
     }
 
-    gcm->ctx =
-        (mbedtls_gcm_context *)srtp_crypto_alloc(sizeof(mbedtls_gcm_context));
+    gcm->ctx = (psa_gcm_context *)srtp_crypto_alloc(sizeof(psa_gcm_context));
+
     if (gcm->ctx == NULL) {
         srtp_crypto_free(gcm);
         srtp_crypto_free(*c);
         *c = NULL;
         return srtp_err_status_alloc_fail;
     }
-    mbedtls_gcm_init(gcm->ctx);
+    gcm->ctx->op = psa_aead_operation_init();
 
     /* set pointers */
     (*c)->state = gcm;
@@ -256,7 +256,7 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_dealloc(srtp_cipher_t *c)
     FUNC_ENTRY();
     ctx = (srtp_aes_gcm_ctx_t *)c->state;
     if (ctx) {
-        mbedtls_gcm_free(ctx->ctx);
+        psa_destroy_key(ctx->ctx->key_id);
         srtp_crypto_free(ctx->ctx);
         /* zeroize the key material */
         octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
@@ -275,7 +275,7 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_context_init(void *cv,
     FUNC_ENTRY();
     srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
     uint32_t key_len_in_bits;
-    int errCode = 0;
+    psa_status_t status = PSA_SUCCESS;
     c->dir = srtp_direction_any;
     c->aad_size = 0;
 
@@ -291,10 +291,19 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_context_init(void *cv,
         break;
     }
 
-    errCode =
-        mbedtls_gcm_setkey(c->ctx, MBEDTLS_CIPHER_ID_AES, key, key_len_in_bits);
-    if (errCode != 0) {
-        debug_print(srtp_mod_aes_gcm, "mbedtls error code:  %d", errCode);
+    psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+
+    psa_set_key_usage_flags(&attr,
+                            PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+    psa_set_key_algorithm(
+        &attr, PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len));
+    psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
+    psa_set_key_bits(&attr, key_len_in_bits);
+
+    status = psa_import_key(&attr, key, key_len_in_bits / 8, &c->ctx->key_id);
+
+    if (status != PSA_SUCCESS) {
+        debug_print(srtp_mod_aes_gcm, "mbedtls error code:  %d", status);
         return srtp_err_status_init_fail;
     }
 
@@ -366,7 +375,8 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_encrypt(void *cv,
 {
     FUNC_ENTRY();
     srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
-    int errCode = 0;
+
+    psa_status_t status = PSA_SUCCESS;
 
     if (c->dir != srtp_direction_encrypt) {
         return srtp_err_status_bad_param;
@@ -376,13 +386,16 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_encrypt(void *cv,
         return srtp_err_status_buffer_small;
     }
 
-    errCode = mbedtls_gcm_crypt_and_tag(c->ctx, MBEDTLS_GCM_ENCRYPT, src_len,
-                                        c->iv, c->iv_len, c->aad, c->aad_size,
-                                        src, dst, c->tag_len, dst + src_len);
+    size_t out_len = 0;
+    status = psa_aead_encrypt(
+        c->ctx->key_id,
+        PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len), c->iv,
+        c->iv_len, c->aad, c->aad_size, src, src_len, dst,
+        PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(src_len), &out_len);
 
     c->aad_size = 0;
-    if (errCode != 0) {
-        debug_print(srtp_mod_aes_gcm, "mbedtls error code:  %d", errCode);
+    if (status != PSA_SUCCESS) {
+        debug_print(srtp_mod_aes_gcm, "mbedtls error code:  %d", status);
         return srtp_err_status_bad_param;
     }
 
@@ -407,7 +420,9 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_decrypt(void *cv,
 {
     FUNC_ENTRY();
     srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
-    int errCode = 0;
+
+    psa_status_t status = PSA_SUCCESS;
+    uint8_t full_tag[16] = { 0 };
 
     if (c->dir != srtp_direction_decrypt) {
         return srtp_err_status_bad_param;
@@ -417,26 +432,27 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_decrypt(void *cv,
         return srtp_err_status_bad_param;
     }
 
-    if (*dst_len < (src_len - c->tag_len)) {
+    size_t ciphertext_len = src_len - c->tag_len;
+
+    if (*dst_len < ciphertext_len) {
         return srtp_err_status_buffer_small;
     }
 
+    memcpy(full_tag, src + ciphertext_len, c->tag_len);
+
     debug_print(srtp_mod_aes_gcm, "AAD: %s",
                 srtp_octet_string_hex_string(c->aad, c->aad_size));
 
-    errCode = mbedtls_gcm_auth_decrypt(
-        c->ctx, (src_len - c->tag_len), c->iv, c->iv_len, c->aad, c->aad_size,
-        src + (src_len - c->tag_len), c->tag_len, src, dst);
+    size_t out_len = 0;
+    status = psa_aead_decrypt(
+        c->ctx->key_id,
+        PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len), c->iv,
+        c->iv_len, c->aad, c->aad_size, src, src_len, dst,
+        PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(src_len), &out_len);
+    *dst_len = ciphertext_len;
     c->aad_size = 0;
-    if (errCode != 0) {
+    if (status != PSA_SUCCESS) {
         return srtp_err_status_auth_fail;
     }
-
-    /*
-     * Reduce the buffer size by the tag length since the tag
-     * is not part of the original payload
-     */
-    *dst_len = (src_len - c->tag_len);
-
     return srtp_err_status_ok;
 }
diff --git a/crypto/cipher/aes_icm_mbedtls.c b/crypto/cipher/aes_icm_mbedtls.c
@@ -45,7 +45,9 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
-#include <mbedtls/aes.h>
+#include <psa/crypto_types.h>
+#include <psa/crypto.h>
+
 #include "aes_icm_ext.h"
 #include "crypto_types.h"
 #include "err.h" /* for srtp_debug */
@@ -230,15 +232,17 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_alloc(srtp_cipher_t **c,
     }
 
     icm->ctx =
-        (mbedtls_aes_context *)srtp_crypto_alloc(sizeof(mbedtls_aes_context));
+        (psa_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(psa_aes_icm_ctx_t));
+
     if (icm->ctx == NULL) {
         srtp_crypto_free(icm);
         srtp_crypto_free(*c);
         *c = NULL;
         return srtp_err_status_alloc_fail;
     }
 
-    mbedtls_aes_init(icm->ctx);
+    ((icm->ctx))->key_id = PSA_KEY_ID_NULL;
+    ((icm->ctx)->op) = psa_cipher_operation_init();
 
     /* set pointers */
     (*c)->state = icm;
@@ -284,7 +288,7 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_dealloc(srtp_cipher_t *c)
      */
     ctx = (srtp_aes_icm_ctx_t *)c->state;
     if (ctx != NULL) {
-        mbedtls_aes_free(ctx->ctx);
+        psa_destroy_key(ctx->ctx->key_id);
         srtp_crypto_free(ctx->ctx);
         /* zeroize the key material */
         octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
@@ -302,7 +306,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_context_init(void *cv,
 {
     srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
     uint32_t key_size_in_bits = (c->key_size << 3);
-    int errcode = 0;
+
+    psa_status_t status = psa_crypto_init();
 
     /*
      * set counter and initial values to 'offset' value, being careful not to
@@ -330,9 +335,25 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_context_init(void *cv,
         break;
     }
 
-    errcode = mbedtls_aes_setkey_enc(c->ctx, key, key_size_in_bits);
-    if (errcode != 0) {
-        debug_print(srtp_mod_aes_icm, "errCode: %d", errcode);
+    /* Set key attributes */
+    psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+
+    psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
+    psa_set_key_bits(&attr, key_size_in_bits);
+    psa_set_key_usage_flags(&attr,
+                            PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+    psa_set_key_algorithm(&attr, PSA_ALG_CTR);
+
+    if (c->ctx->key_id != PSA_KEY_ID_NULL) {
+        psa_destroy_key(c->ctx->key_id);
+        c->ctx->key_id = PSA_KEY_ID_NULL;
+    }
+
+    status =
+        psa_import_key(&attr, key, key_size_in_bits / 8, &(c->ctx->key_id));
+
+    if (status != PSA_SUCCESS) {
+        debug_print(srtp_mod_aes_icm, "status: %d", status);
     }
 
     return srtp_err_status_ok;
@@ -355,6 +376,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_set_iv(
     /* set nonce (for alignment) */
     v128_copy_octet_string(&nonce, iv);
 
+    psa_cipher_set_iv(&(c->ctx->op), iv, 16);
+
     debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
 
     v128_xor(&c->counter, &c->offset, &nonce);
@@ -369,7 +392,7 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_set_iv(
  * This function encrypts a buffer using AES CTR mode
  *
  * Parameters:
- *	c	Crypto context
+ *	c	Crypto contextsrtp_aes_icm_mbedtls_encrypt
  *	buf	data to encrypt
  *	enc_len	length of encrypt buffer
  */
@@ -381,22 +404,35 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_encrypt(void *cv,
 {
     srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
 
-    int errCode = 0;
+    psa_status_t status = PSA_SUCCESS;
+    size_t out_len = 0;
+    size_t total_len = 0;
+
     debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+    debug_print(srtp_mod_aes_icm, "source: %s",
+                srtp_octet_string_hex_string(src, src_len));
 
     if (*dst_len < src_len) {
         return srtp_err_status_buffer_small;
     }
 
-    errCode =
-        mbedtls_aes_crypt_ctr(c->ctx, src_len, &(c->nc_off), c->counter.v8,
-                              c->stream_block.v8, src, dst);
-    if (errCode != 0) {
-        debug_print(srtp_mod_aes_icm, "encrypt error: %d", errCode);
+    status =
+        psa_cipher_encrypt_setup(&(c->ctx->op), c->ctx->key_id, PSA_ALG_CTR);
+    status = psa_cipher_set_iv(&c->ctx->op, c->counter.v8, 16);
+    status =
+        psa_cipher_update(&(c->ctx->op), src, src_len, dst, *dst_len, &out_len);
+
+    total_len = out_len;
+    status = psa_cipher_finish(&(c->ctx->op), dst + total_len,
+                               *dst_len - total_len, &out_len);
+    if (status != PSA_SUCCESS) {
+        debug_print(srtp_mod_aes_icm, "encrypt error: %d", status);
         return srtp_err_status_cipher_fail;
     }
-
-    *dst_len = src_len;
+    total_len += out_len;
+    *dst_len = total_len;
+    debug_print(srtp_mod_aes_icm, "encrypted: %s",
+                srtp_octet_string_hex_string(dst, *dst_len));
 
     return srtp_err_status_ok;
-}
+}