path: root/recipes/libsrtp/libsrtp-meson-port.patch

From cfffc08c60aaba1d63be51fe81146355d39460ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Tue, 9 Jun 2020 16:58:27 +0530
Subject: [PATCH 1/4] test/rtpw: use #ifdef instead of #if HAVE_SIGACTION

It's either defined or undefined, don't rely on implicit
0 value if it's not defined, this will cause compiler
warnings and is a bit crufty.
---
 test/rtpw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/rtpw.c b/test/rtpw.c
index 901816e..41fd0ef 100644
--- a/test/rtpw.c
+++ b/test/rtpw.c
@@ -671,7 +671,7 @@ void handle_signal(int signum)
 
 int setup_signal_handler(char *name)
 {
-#if HAVE_SIGACTION
+#ifdef HAVE_SIGACTION
     struct sigaction act;
     memset(&act, 0, sizeof(act));
 
-- 
2.27.0.windows.1


From e5707dc47ba47c3f703e80dc3224704031c1a94d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Tue, 9 Jun 2020 16:58:27 +0530
Subject: [PATCH 2/4] test/aes_calc: Support checking the ciphertext

Modify aes_calc to optionally accept the expected ciphertext as
a third argument, so it can error with a non-0 exit code if the
calculated ciphertext doesn't match the expected ciphertext. This
makes our test setup with meson much easier, as we don't need to parse
and compare the output of the test binary.

The test is now self-sufficient.
---
 crypto/test/aes_calc.c | 42 ++++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
index b362fd5..18563a1 100644
--- a/crypto/test/aes_calc.c
+++ b/crypto/test/aes_calc.c
@@ -67,7 +67,7 @@
 
 void usage(char *prog_name)
 {
-    printf("usage: %s <key> <plaintext> [-v]\n", prog_name);
+    printf("usage: %s <key> <plaintext> [<ciphertext>] [-v]\n", prog_name);
     exit(255);
 }
 
@@ -75,6 +75,8 @@ void usage(char *prog_name)
 
 int main(int argc, char *argv[])
 {
+    const char *expected_ciphertext = NULL;
+    const char *ciphertext = NULL;
     v128_t data;
     uint8_t key[AES_MAX_KEY_LEN];
     srtp_aes_expanded_key_t exp_key;
@@ -82,22 +84,26 @@ int main(int argc, char *argv[])
     int verbose = 0;
     srtp_err_status_t status;
 
-    if (argc == 3) {
-        /* we're not in verbose mode */
-        verbose = 0;
-    } else if (argc == 4) {
-        if (strncmp(argv[3], "-v", 2) == 0) {
-            /* we're in verbose mode */
-            verbose = 1;
-        } else {
-            /* unrecognized flag, complain and exit */
-            usage(argv[0]);
-        }
-    } else {
+    /* -v must be last if it's passed */
+    if (argc > 0 && strncmp(argv[argc-1], "-v", 2) == 0) {
+        /* we're in verbose mode */
+        verbose = 1;
+        --argc;
+    }
+
+    if (argc < 3 || argc > 4) {
         /* we've been fed the wrong number of arguments - compain and exit */
         usage(argv[0]);
     }
 
+    if (argc == 4) {
+        /* we're being passed the ciphertext to check (in unit test mode) */
+        expected_ciphertext = argv[3];
+        if (strlen(expected_ciphertext) != 16 * 2) {
+            usage(argv[0]);
+        }
+    }
+
     /* read in key, checking length */
     if (strlen(argv[1]) > AES_MAX_KEY_LEN * 2) {
         fprintf(stderr, "error: too many digits in key "
@@ -151,7 +157,15 @@ int main(int argc, char *argv[])
         printf("key:\t\t%s\n", octet_string_hex_string(key, key_len));
         printf("ciphertext:\t");
     }
-    printf("%s\n", v128_hex_string(&data));
+
+    ciphertext = v128_hex_string(&data);
+    printf("%s\n", ciphertext);
+
+    if (expected_ciphertext && strcmp (ciphertext, expected_ciphertext) != 0) {
+        fprintf(stderr, "error: calculated ciphertext %s does not match "
+                "expected ciphertext %s\n", ciphertext, expected_ciphertext);
+        exit(1);
+    }
 
     return 0;
 }
-- 
2.27.0.windows.1


From 638793fd4e7a617f2727b99408ec7466a59ba7b1 Mon Sep 17 00:00:00 2001
From: Nirbheek Chauhan <nirbheek@centricular.com>
Date: Tue, 9 Jun 2020 16:58:27 +0530
Subject: [PATCH 3/4] cipher/aes: Always check whether CPU_RISC is defined

Everywhere else we use `#ifdef`, but here we use `#if`. This causes
a build error when using `#define CPU_RISC` like the meson build files
do.
---
 crypto/cipher/aes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/cipher/aes.c b/crypto/cipher/aes.c
index c9cd774..5955770 100644
--- a/crypto/cipher/aes.c
+++ b/crypto/cipher/aes.c
@@ -1796,7 +1796,7 @@ static inline void aes_inv_final_round(v128_t *state, const v128_t *round_key)
     v128_xor_eq(state, round_key);
 }
 
-#elif CPU_RISC
+#elif defined(CPU_RISC)
 
 static inline void aes_round(v128_t *state, const v128_t *round_key)
 {
-- 
2.27.0.windows.1


From d42306b3efc2d880038204562098ee27c2a89ebc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Tue, 9 Jun 2020 16:58:27 +0530
Subject: [PATCH 4/4] Add support for the Meson build system

These Meson build files have feature-parity with the Autoconf/Make
build files, the Visual Studio solution, and the CMake build files.
It is also simpler, faster, and supports more target platforms. The
following have been tested:

Linux, macOS, Windows (MinGW), Windows (MSVC), Windows (UWP/WinRT),
Android (all arches), iOS (all arches), Cross-Linux, Cross-Windows
(MinGW).

Meson supports a superset of the currently-supported target platforms,
and no platform-specific code should be needed, so this also improves
cross-platform support.

The build outputs should be ABI-compatible with the outputs by
Autoconf, but this has not been verified in detail.

Contributions by: Nirbheek Chauhan <nirbheek@centricular.com>
---
 README.md                 |  30 +++++
 crypto/test/meson.build   |  39 ++++++
 doc/Doxyfile.in           |   2 +-
 doc/Makefile.in           |   2 +-
 doc/meson.build           |  22 +++
 fuzzer/meson.build        |  31 +++++
 include/srtp2/meson.build |   8 ++
 meson.build               | 272 ++++++++++++++++++++++++++++++++++++++
 meson_options.txt         |  18 +++
 test/meson.build          |  69 ++++++++++
 10 files changed, 491 insertions(+), 2 deletions(-)
 create mode 100644 crypto/test/meson.build
 create mode 100644 doc/meson.build
 create mode 100644 fuzzer/meson.build
 create mode 100644 include/srtp2/meson.build
 create mode 100644 meson.build
 create mode 100644 meson_options.txt
 create mode 100644 test/meson.build

diff --git a/README.md b/README.md
index d4b68a5..2c311aa 100644
--- a/README.md
+++ b/README.md
@@ -335,6 +335,36 @@ cmake .. -G "Visual Studio 15 2017"
 cmake .. -G "Visual Studio 15 2017 Win64"
 ```
 
+--------------------------------------------------------------------------------
+<a name="using-meson"></a>
+## Using Meson
+
+On all platforms including Windows, one can build using [Meson](https://mesonbuild.org).
+Steps to download Meson are here: https://mesonbuild.com/Getting-meson.html
+
+To build with Meson, you can do something like:
+
+```
+# Setup the build subdirectory
+meson setup --prefix=/path/to/prefix builddir
+
+# Build the project
+meson compile -C builddir
+
+# Run tests
+meson test -C builddir
+
+# Optionally, install
+meson install -C builddir
+```
+
+To build with Visual Studio, run the above commands from inside a Visual Studio
+command prompt, or run `vcvarsall.bat` with the appropriate arguments inside
+a Command Prompt.
+
+Note that you can also replace the above commands with the appropriate `ninja`
+targets: `ninja -C build`, `ninja -C build test`, `ninja -C build install`.
+
 --------------------------------------------------------------------------------
 
 <a name="applications"></a>
diff --git a/crypto/test/meson.build b/crypto/test/meson.build
new file mode 100644
index 0000000..09c8fde
--- /dev/null
+++ b/crypto/test/meson.build
@@ -0,0 +1,39 @@
+# crypto test suite
+
+test_apps = [
+  'cipher_driver',
+  'datatypes_driver',
+  'stat_driver',
+  'sha1_driver',
+  'kernel_driver',
+  'env',
+]
+
+foreach test_name : test_apps
+  test_exe = executable(test_name,
+    '@0@.c'.format(test_name), '../../test/getopt_s.c', '../../test/util.c',
+    include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs],
+    dependencies: [srtp2_deps, syslibs],
+    link_with: libsrtp2.get_static_lib())
+  test(test_name, test_exe, args: ['-v'])
+endforeach
+
+if not use_openssl and not use_nss
+  test_exe = executable('aes_calc',
+    'aes_calc.c', '../../test/getopt_s.c', '../../test/util.c',
+    include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs],
+    dependencies: [srtp2_deps, syslibs],
+    link_with: libsrtp2.get_static_lib())
+
+  # data values used to test the aes_calc application for AES-128
+  k128 = '000102030405060708090a0b0c0d0e0f'
+  p128 = '00112233445566778899aabbccddeeff'
+  c128 = '69c4e0d86a7b0430d8cdb78070b4c55a'
+  test('aes_calc_128', test_exe, args: [k128, p128, c128])
+
+  # data values used to test the aes_calc application for AES-256
+  k256 = '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'
+  p256 = '00112233445566778899aabbccddeeff'
+  c256 = '8ea2b7ca516745bfeafc49904b496089'
+  test('aes_calc_256', test_exe, args: [k256, p256, c256])
+endif
diff --git a/doc/Doxyfile.in b/doc/Doxyfile.in
index 129a03d..69c6ef6 100644
--- a/doc/Doxyfile.in
+++ b/doc/Doxyfile.in
@@ -38,7 +38,7 @@ PROJECT_NAME           = libSRTP
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = LIBSRTPVERSIONNUMBER
+PROJECT_NUMBER         = @LIBSRTPVERSIONNUMBER@
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 830ccbb..523174a 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -21,7 +21,7 @@ libsrtpdoc:
 	@if test ! -e Doxyfile.in; then \
 		echo "*** Sorry, can't build doc outside source dir"; exit 1; \
 	fi
-	sed 's/LIBSRTPVERSIONNUMBER/$(version)/' Doxyfile.in > Doxyfile
+	sed 's/@LIBSRTPVERSIONNUMBER@/$(version)/' Doxyfile.in > Doxyfile
 	doxygen
 
 clean:
diff --git a/doc/meson.build b/doc/meson.build
new file mode 100644
index 0000000..a693897
--- /dev/null
+++ b/doc/meson.build
@@ -0,0 +1,22 @@
+# libSRTP documentation
+
+doxygen = find_program('doxygen', required: get_option('doc'))
+
+if not doxygen.found()
+  subdir_done()
+endif
+
+doc_config = configuration_data()
+doc_config.set('LIBSRTPVERSIONNUMBER', meson.project_version())
+
+doxyfile = configure_file(input: 'Doxyfile.in',
+  output: 'Doxyfile',
+  configuration: doc_config)
+
+# can be built on demand with ninja -C builddir doc/html
+doxygen_html_docs = custom_target('doc',
+  build_by_default: false,
+  command: [doxygen, doxyfile],
+  output: ['html'])
+
+alias_target('libsrtp2doc', doxygen_html_docs)
diff --git a/fuzzer/meson.build b/fuzzer/meson.build
new file mode 100644
index 0000000..3b1def6
--- /dev/null
+++ b/fuzzer/meson.build
@@ -0,0 +1,31 @@
+# libSRTP fuzzer
+if not add_languages('cpp', required: get_option('fuzzer').enabled())
+  subdir_done()
+endif
+
+cxx = meson.get_compiler('cpp')
+if cxx.get_id() != 'clang'
+  err_msg = 'libSRTP fuzzer requires compilation with clang, but compiler is ' + cxx.get_id()
+  if get_option('fuzzer').enabled()
+    error(err_msg)
+  else
+    warning(err_msg)
+    subdir_done()
+  endif
+endif
+
+libfuzzer = cxx.find_library('libFuzzer', required: get_option('fuzzer'))
+
+# libFuzzer.a seems to need pthread, at least on Linux
+threads = dependency('threads')
+
+if libfuzzer.found()
+  executable('srtp-fuzzer',
+    'fuzzer.c', 'testmem.c', 'mt19937.cpp',
+    include_directories: [config_incs, crypto_incs, srtp2_incs],
+    cpp_args: ['-fsanitize=fuzzer'],
+    override_options : ['cpp_std=c++11'],
+    dependencies: [libfuzzer, threads],
+    link_with: libsrtp2,
+    install: false)
+endif
diff --git a/include/srtp2/meson.build b/include/srtp2/meson.build
new file mode 100644
index 0000000..88d068a
--- /dev/null
+++ b/include/srtp2/meson.build
@@ -0,0 +1,8 @@
+# Copy public headers scattered across the source tree into a single directory
+# so that we can use it in declare_dependency()
+foreach h : public_headers
+  configure_file(input: h,
+    output: '@BASENAME@.h',
+    copy: true)
+endforeach
+public_incs = include_directories('.')
diff --git a/meson.build b/meson.build
new file mode 100644
index 0000000..a9581b2
--- /dev/null
+++ b/meson.build
@@ -0,0 +1,272 @@
+project('libsrtp2', 'c', version: '2.3.0',
+  meson_version: '>= 0.52.0',
+  default_options: ['buildtype=debugoptimized'])
+
+soversion = 1
+
+cc = meson.get_compiler('c')
+host_system = host_machine.system()
+
+srtp2_deps = []
+syslibs = []
+
+if host_system == 'windows'
+  syslibs += [cc.find_library('ws2_32')] # for socket
+endif
+
+cdata = configuration_data()
+cdata.set_quoted('PACKAGE_VERSION', meson.project_version())
+cdata.set_quoted('PACKAGE_STRING', '@0@ @1@'.format(meson.project_name(), meson.project_version()))
+
+check_headers = [
+  'arpa/inet.h',
+  'byteswap.h',
+  'inttypes.h',
+  'machine/types.h',
+  'netinet/in.h',
+  'stdint.h',
+  'stdlib.h',
+  'sys/int_types.h',
+  'sys/socket.h',
+  'sys/types.h',
+  'sys/uio.h',
+  'unistd.h',
+]
+
+if host_system == 'windows'
+  check_headers += ['windows.h', 'winsock2.h']
+endif
+
+foreach h : check_headers
+  if cc.has_header(h)
+    cdata.set('HAVE_' + h.to_upper().underscorify(), true)
+  endif
+endforeach
+
+check_functions = [
+  'sigaction',
+  'inet_aton',
+  'usleep',
+  'socket',
+]
+
+foreach f : check_functions
+  if cc.has_function(f, dependencies: syslibs)
+    cdata.set('HAVE_' + f.to_upper().underscorify(), true)
+  endif
+endforeach
+
+if host_machine.endian() == 'big'
+  cdata.set('WORDS_BIGENDIAN', true)
+endif
+
+# This follows the checks in configure.ac, but is it up-to-date ?!
+if host_machine.cpu_family() in ['x86', 'x86_64']
+  cdata.set('CPU_CISC', true, description: 'Building for a CISC machine (e.g. Intel)')
+  cdata.set('HAVE_X86', true, description: 'Use x86 inlined assembly code')
+else
+  cdata.set('CPU_RISC', true, description: 'Building for a RISC machine (assume slow byte access)')
+endif
+
+# Pretty much all supported platforms have stdint.h nowadays
+assert(cc.has_header('stdint.h'), 'stdint.h not available!')
+
+# we'll just assume these types are available via stdint.h
+foreach type : ['int8_t', 'uint8_t', 'int16_t', 'uint16_t', 'int32_t', 'uint32_t', 'uint64_t']
+  cdata.set('HAVE_' + type.to_upper().underscorify(), true)
+endforeach
+
+if not cc.has_type('size_t', prefix: '#include <sys/types.h>')
+  cdata.set('size_t', 'unsigned int')
+endif
+
+# check type availability and size
+foreach type : ['unsigned long', 'unsigned long long']
+  if cc.has_type(type)
+    cdata.set('HAVE_' + type.to_upper().underscorify(), true)
+    cdata.set('SIZEOF_' + type.to_upper().underscorify(), cc.sizeof(type))
+  endif
+endforeach
+
+if not cc.compiles('inline void func(); void func() { } int main() { func(); return 0; }')
+  if cc.compiles('__inline void func(); void func() { } int main() { func(); return 0; }')
+    cdata.set('inline', '__inline')
+  else
+    cdata.set('inline', '')
+  endif
+endif
+
+if get_option('log-stdout')
+  cdata.set('ERR_REPORTING_STDOUT', true)
+endif
+
+if get_option('log-file') != ''
+  cdata.set('ERR_REPORTING_FILE', get_option('log-file'))
+endif
+
+if cdata.has('ERR_REPORTING_STDOUT') and cdata.has('ERR_REPORTING_FILE')
+  error('The log-stdout and log-file options are mutually exclusive!')
+endif
+
+if get_option('debug-logging')
+  cdata.set('ENABLE_DEBUG_LOGGING', true)
+endif
+
+use_openssl = false
+use_nss = false
+
+crypto_library = get_option('crypto-library')
+if crypto_library == 'openssl'
+  openssl_dep = dependency('openssl', version: '>= 1.0.1', required: true)
+  srtp2_deps += [openssl_dep]
+  cdata.set('GCM', true)
+  cdata.set('OPENSSL', true)
+  cdata.set('USE_EXTERNAL_CRYPTO', true)
+  use_openssl = true
+  # NOTE: This is not available in upstream OpenSSL yet. It's only in 'certain'
+  # forks of OpenSSL: https://github.com/cisco/libsrtp/issues/458
+  if cc.has_function('kdf_srtp', dependencies: openssl_dep)
+    cdata.set('OPENSSL_KDF', true)
+  elif get_option('crypto-library-kdf').enabled()
+    error('KDF support has been enabled, but OpenSSL does not provide it')
+  endif
+elif crypto_library == 'nss'
+  nss_dep = dependency('nss', version: '>= 1.0.1', required: true)
+  srtp2_deps += [nss_dep]
+  cdata.set('GCM', true)
+  cdata.set('NSS', true)
+  cdata.set('USE_EXTERNAL_CRYPTO', true)
+  use_nss = true
+  # TODO(RLB): Use NSS for KDF
+  if get_option('crypto-library-kdf').enabled()
+    error('KDF support has not been implemented for NSS')
+  endif
+endif
+
+configure_file(output: 'config.h', configuration: cdata)
+
+add_project_arguments('-DHAVE_CONFIG_H', language: 'c')
+
+if get_option('buildtype') != 'plain'
+  w_args = ['-Wstrict-prototypes']
+  add_project_arguments(cc.get_supported_arguments(w_args), language: 'c')
+endif
+
+if get_option('optimization') not in ['0', 'g', 's']
+  # -fexpensive-optimizations set already by default for -O2, -O3
+  o_args = ['-funroll-loops']
+  add_project_arguments(cc.get_supported_arguments(o_args), language: 'c')
+endif
+
+sources = files(
+  'srtp/ekt.c',
+  'srtp/srtp.c',
+  )
+
+ciphers_sources = files(
+  'crypto/cipher/cipher.c',
+  'crypto/cipher/null_cipher.c',
+  )
+
+if use_openssl
+  ciphers_sources += files(
+    'crypto/cipher/aes_icm_ossl.c',
+    'crypto/cipher/aes_gcm_ossl.c',
+  )
+elif use_nss
+  ciphers_sources += files(
+    'crypto/cipher/aes_icm_nss.c',
+    'crypto/cipher/aes_gcm_nss.c',
+  )
+else
+  ciphers_sources += files(
+    'crypto/cipher/aes.c',
+    'crypto/cipher/aes_icm.c',
+  )
+endif
+
+hashes_sources = files(
+  'crypto/hash/auth.c',
+  'crypto/hash/null_auth.c',
+  )
+
+if use_openssl
+  hashes_sources += files(
+    'crypto/hash/hmac_ossl.c',
+  )
+elif use_nss
+  # TODO(RLB): Use NSS for HMAC
+  hashes_sources += files(
+    'crypto/hash/hmac.c',
+    'crypto/hash/sha1.c',
+  )
+else
+  hashes_sources += files(
+    'crypto/hash/hmac.c',
+    'crypto/hash/sha1.c',
+  )
+endif
+
+kernel_sources = files(
+  'crypto/kernel/alloc.c',
+  'crypto/kernel/crypto_kernel.c',
+  'crypto/kernel/err.c',
+  'crypto/kernel/key.c',
+)
+
+math_sources = files(
+  'crypto/math/datatypes.c',
+  'crypto/math/stat.c',
+)
+
+replay_sources = files(
+  'crypto/replay/rdb.c',
+  'crypto/replay/rdbx.c',
+  'crypto/replay/ut_sim.c',
+)
+
+public_headers = files(
+  'include/srtp.h',
+  'crypto/include/auth.h',
+  'crypto/include/cipher.h',
+  'crypto/include/crypto_types.h',
+)
+install_headers(public_headers, subdir : 'srtp2')
+
+config_incs = include_directories('.')
+crypto_incs = include_directories('crypto/include')
+srtp2_incs = include_directories('include')
+test_incs = include_directories('test')
+
+libsrtp2 = both_libraries('srtp2', sources, ciphers_sources, hashes_sources,
+  kernel_sources, math_sources, replay_sources,
+  include_directories: [crypto_incs, srtp2_incs],
+  dependencies: [srtp2_deps, syslibs],
+  soversion : soversion,
+  vs_module_defs: 'srtp.def',
+  install: true)
+
+subdir('include/srtp2') # copies public_headers into the builddir and sets public_incs
+
+libsrtp2_dep = declare_dependency(link_with: libsrtp2,
+  include_directories: public_incs)
+
+if not get_option('tests').disabled()
+  subdir('crypto/test')
+  subdir('test')
+endif
+
+if not get_option('fuzzer').disabled()
+  subdir('fuzzer')
+endif
+
+if not get_option('doc').disabled()
+  subdir('doc')
+endif
+
+pkgconfig = import('pkgconfig')
+pkgconfig.generate(libsrtp2,
+  filebase: meson.project_name(),
+  name: meson.project_name(),
+  version: meson.project_version(),
+  description: 'Library for SRTP (Secure Realtime Transport Protocol)')
diff --git a/meson_options.txt b/meson_options.txt
new file mode 100644
index 0000000..1c39b9d
--- /dev/null
+++ b/meson_options.txt
@@ -0,0 +1,18 @@
+option('debug-logging', type : 'boolean', value : false,
+  description : 'Enable debug logging in all modules')
+option('log-stdout', type : 'boolean', value : false,
+  description : 'Redirect logging to stdout')
+option('log-file', type : 'string', value : '',
+  description : 'Write logging output into this file')
+option('crypto-library', type: 'combo', choices : ['none', 'openssl', 'nss'], value : 'none',
+  description : 'What external crypto library to leverage, if any (OpenSSL or NSS)')
+option('crypto-library-kdf', type : 'feature', value : 'auto',
+  description : 'Use the external crypto library for Key Derivation Function support')
+option('fuzzer', type : 'feature', value : 'disabled',
+  description : 'Build libsrtp2 fuzzer (requires build with clang)')
+option('tests', type : 'feature', value : 'auto', yield : true,
+  description : 'Build test applications')
+option('pcap-tests', type : 'feature', value : 'auto',
+  description : 'Build test application that require libpcap')
+option('doc', type : 'feature', value : 'auto', yield : true,
+  description : 'Generate API documentation with doxygen')
diff --git a/test/meson.build b/test/meson.build
new file mode 100644
index 0000000..cb7bbd3
--- /dev/null
+++ b/test/meson.build
@@ -0,0 +1,69 @@
+# test suite
+
+# TODO: add test setup for valgrind: run test_srtp -v + srtp_driver -v
+# through valgrind --leak-check=full
+
+test_apps = [
+  ['srtp_driver', {'extra_sources': 'util.c', 'run_args': '-v'}],
+  ['replay_driver', {'run_args': '-v'}],
+  ['roc_driver', {'run_args': '-v'}],
+  ['rdbx_driver', {'run_args': '-v'}],
+  ['dtls_srtp_driver',  {'extra_sources': 'util.c'}],
+  ['test_srtp'],
+  ['rtpw', {'extra_sources': ['rtp.c', 'util.c', '../crypto/math/datatypes.c'], 'define_test': false}],
+]
+
+foreach t : test_apps
+  test_name = t.get(0)
+  test_dict = t.get(1, {})
+  test_extra_sources = test_dict.get('extra_sources', [])
+  test_run_args = test_dict.get('run_args', [])
+
+  test_exe = executable(test_name,
+    '@0@.c'.format(test_name), 'getopt_s.c', test_extra_sources,
+    include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs],
+    dependencies: [srtp2_deps, syslibs],
+    link_with: libsrtp2.get_static_lib())
+
+  if test_dict.get('define_test', true)
+    test(test_name, test_exe, args: test_run_args)
+  else
+    set_variable(test_name + '_exe', test_exe)
+  endif
+endforeach
+
+# rtpw test needs to be run using shell scripts
+if find_program('sh', 'bash', required: false).found()
+  words_txt = files('words.txt')
+
+  rtpw_test_sh = find_program('rtpw_test.sh', required: false)
+  if rtpw_test_sh.found()
+    test('rtpw_test', rtpw_test_sh,
+         args: ['-w', words_txt],
+         depends: rtpw_exe,
+         is_parallel: false,
+         workdir: meson.current_build_dir())
+  endif
+
+  rtpw_test_gcm_sh = find_program('rtpw_test_gcm.sh', required: false)
+  if (use_openssl or use_nss) and rtpw_test_gcm_sh.found()
+    test('rtpw_test_gcm', rtpw_test_gcm_sh,
+         args: ['-w', words_txt],
+         depends: rtpw_exe,
+         is_parallel: false,
+         workdir: meson.current_build_dir())
+  endif
+endif
+
+# rtp_decoder
+pcap_dep = dependency('libpcap', required: get_option('pcap-tests'))
+
+if pcap_dep.found()
+  executable('rtp_decoder',
+    'rtp_decoder.c', 'getopt_s.c', 'rtp.c', 'util.c', 'getopt_s.c',
+    '../crypto/math/datatypes.c',
+    include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs],
+    dependencies: [srtp2_deps, pcap_dep, syslibs],
+    link_with: libsrtp2,
+    install: false)
+endif
-- 
2.27.0.windows.1