lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

SRTP-DTLS protection profile configuration list not copied into ssl_config

Browse Source 
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal
2020-09-21 23:44:45 +02:00
parent 8f70fba988
commit 9bc97ca19d
7 changed files with 173 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
programs/ssl/ssl_client2.c
View File

@ -262,7 +262,7 @@ int main( void )
" use_srtp=%%d default: 0 (disabled)\n" \
" This cannot be used with eap_tls=1 or "\
" nss_keylog=1\n" \
" srtp_force_profile=%%d default: all enabled\n" \
" srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
@ -707,9 +707,9 @@ static int dtls_srtp_key_derivation( void *p_expkey,
if( opt.debug_level > 2 )
{
mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
}
@ -1242,9 +1242,15 @@ int main( int argc, char *argv[] )
eap_tls_keys eap_tls_keying;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
/*! master keys and master salt for SRTP generated during handshake */
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
const mbedtls_ssl_srtp_profile default_profiles[] = {
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@ -2324,9 +2330,9 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP )
if( opt.use_srtp == 1 )
{
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
@ -2336,11 +2342,6 @@ int main( int argc, char *argv[] )
}
else
{
const mbedtls_ssl_srtp_profile default_profiles[] =
{ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
( &conf,
default_profiles,
@ -2349,12 +2350,14 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
mbedtls_printf( " failed\n ! "
"mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
ret );
goto exit;
}
}
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
else if( opt.force_srtp_profile != 0 )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
@ -2605,13 +2608,13 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
{
if( mbedtls_test_unhexify( mki, sizeof( mki ),
opt.mki,&mki_len ) != 0 )
{
mbedtls_printf( "mki value not valid hex\n" );
goto exit;
goto exit;
}
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
@ -2751,30 +2754,39 @@ int main( int argc, char *argv[] )
{
size_t j = 0;
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
== MBEDTLS_SRTP_UNSET_PROFILE ) )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
mbedtls_printf( " DTLS-SRTP unable to negotiate "
"protection profile\n" );
}
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
else
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf("\n");
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
mbedtls_printf("\n");
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */