Change key derivation for srtp

Use the export keys functionality, to call the public API `mbedtls_ssl_tls_prf()`, and remove the function `mbedtls_ssl_get_dtls_srtp_key_material()`. Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2025-07-30 22:43:08 +03:00 · 2019-09-26 16:40:48 +03:00
parent 5d991c9549
commit 65b56ef87f
4 changed files with 204 additions and 119 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -257,10 +257,26 @@ int main( void )
    "                             This cannot be used with eap_tls=1\n"
 #define USAGE_NSS_KEYLOG_FILE                               \
    "    nss_keylog_file=%%s\n"
-#else
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+#define USAGE_SRTP \
+    "    use_srtp=%%d         default: 0 (disabled)\n" \
+    "                          This cannot be used with eap_tls=1 or "\
+    "                          nss_keylog=1\n"             \
+    "    srtp_force_profile=%%d  default: all enabled\n"   \
+    "                        available profiles:\n"       \
+    "                        1 - SRTP_AES128_CM_HMAC_SHA1_80\n"  \
+    "                        2 - SRTP_AES128_CM_HMAC_SHA1_32\n"  \
+    "                        3 - SRTP_NULL_HMAC_SHA1_80\n"       \
+    "                        4 - SRTP_NULL_HMAC_SHA1_32\n"       \
+    "    mki=%%s              default: \"\" (in hex, without 0x)\n"
+#else /* MBEDTLS_SSL_DTLS_SRTP */
+#define USAGE_SRTP ""
+#endif
+#else /* MBEDTLS_SSL_EXPORT_KEYS */
 #define USAGE_EAP_TLS ""
 #define USAGE_NSS_KEYLOG ""
 #define USAGE_NSS_KEYLOG_FILE ""
+#define USAGE_SRTP ""
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */

 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
@ -324,20 +340,6 @@ int main( void )
 #define USAGE_DTLS ""
 #endif

-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#define USAGE_SRTP \
-    "    use_srtp=%%d         default: 0 (disabled)\n" \
-    "    srtp_force_profile=%%d  default: all enabled\n"   \
-    "                        available profiles:\n"       \
-    "                        1 - SRTP_AES128_CM_HMAC_SHA1_80\n"  \
-    "                        2 - SRTP_AES128_CM_HMAC_SHA1_32\n"  \
-    "                        3 - SRTP_NULL_HMAC_SHA1_80\n"       \
-    "                        4 - SRTP_NULL_HMAC_SHA1_32\n"       \
-    "    mki=%%s              default: \"\" (in hex, without 0x)\n"
-#else
-#define USAGE_SRTP ""
-#endif
-
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
 #define USAGE_FALLBACK \
    "    fallback=0/1        default: (library default: off)\n"
@ -676,7 +678,43 @@ exit:
                              sizeof( nss_keylog_line ) );
    return( ret );
 }
-#endif
+
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+typedef struct dtls_srtp_keys
+{
+    unsigned char master_secret[48];
+    unsigned char randbytes[64];
+    mbedtls_tls_prf_types tls_prf_type;
+} dtls_srtp_keys;
+
+static int dtls_srtp_key_derivation( void *p_expkey,
+                                     const unsigned char *ms,
+                                     const unsigned char *kb,
+                                     size_t maclen,
+                                     size_t keylen,
+                                     size_t ivlen,
+                                     const unsigned char client_random[32],
+                                     const unsigned char server_random[32],
+                                     mbedtls_tls_prf_types tls_prf_type )
+{
+    dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
+
+    ( ( void ) kb );
+    memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+    memcpy( keys->randbytes, client_random, 32 );
+    memcpy( keys->randbytes + 32, server_random, 32 );
+    keys->tls_prf_type = tls_prf_type;
+
+    if( opt.debug_level > 2 )
+    {
+        mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
+        mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
+        mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+    }
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */

 static void my_debug( void *ctx, int level,
                      const char *file, int line,
@ -1157,7 +1195,6 @@ int main( int argc, char *argv[] )
 #endif
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
    unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
-    size_t mki_len = 0;
 #endif

    const char *pers = "ssl_client2";
@ -1202,7 +1239,13 @@ int main( int argc, char *argv[] )
    unsigned char eap_tls_iv[8];
    const char* eap_tls_label = "client EAP encryption";
    eap_tls_keys eap_tls_keying;
-#endif
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+    /*! master keys and master salt for SRTP generated during handshake */
+     unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+     const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+     dtls_srtp_keys dtls_srtp_keying;
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */

 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
    mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
@ -2344,7 +2387,14 @@ int main( int argc, char *argv[] )
                                             nss_keylog_export,
                                             NULL );
    }
-#endif
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+    else if( opt.use_srtp != 0 )
+    {
+        mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
+                                             &dtls_srtp_keying );
+    }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */

 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
    if( opt.recsplit != DFL_RECSPLIT )
@ -2553,7 +2603,7 @@ int main( int argc, char *argv[] )
        mbedtls_ecp_set_max_ops( opt.ec_max_ops );
 #endif

-    #if defined(MBEDTLS_SSL_DTLS_SRTP)
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
    if( opt.use_srtp != DFL_USE_SRTP &&  strlen( opt.mki ) != 0 )
    {
        if( mbedtls_test_unhexify( mki, sizeof( mki ),
@ -2565,7 +2615,7 @@ int main( int argc, char *argv[] )

        mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
        if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
-                                                         strlen( mki ) ) ) != 0 )
+                                                         strlen( opt.mki ) / 2 ) ) != 0 )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
            goto exit;
@ -2694,7 +2744,39 @@ int main( int argc, char *argv[] )
        }
        mbedtls_printf("\n");
    }
-#endif
+
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+    else if( opt.use_srtp != 0  )
+    {
+        size_t j = 0;
+
+        if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
+                                         dtls_srtp_keying.master_secret,
+                                         sizeof( dtls_srtp_keying.master_secret ),
+                                         dtls_srtp_label,
+                                         dtls_srtp_keying.randbytes,
+                                         sizeof( dtls_srtp_keying.randbytes ),
+                                         dtls_srtp_key_material,
+                                         sizeof( dtls_srtp_key_material ) ) )
+                                         != 0 )
+        {
+            mbedtls_printf( " failed\n  ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+                            -ret );
+            goto exit;
+        }
+
+        mbedtls_printf( "    DTLS-SRTP key material is:" );
+        for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+        {
+            if( j % 8 == 0 )
+                mbedtls_printf("\n    ");
+            mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
+        }
+
+        mbedtls_printf("\n");
+    }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
    if( opt.reconnect != 0 )
    {
        mbedtls_printf("  . Saving session for reuse..." );