Improve DTLS SRTP API with a dedicated function to get generated keys

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2025-01-22 15:30:57 +00:00 · 2016-02-08 22:35:41 +01:00 · 2016-02-08 22:35:41 +01:00 · 2d9470be76
parent bbc057af73
commit 2d9470be76
2 changed files with 28 additions and 1 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -3180,9 +3180,23 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co
 *
 * \param ssl      SSL context
 *
- * \return         Protection Profile enum member, SRTP_UNSET_PROFILE if no protocol was negotiated.
+ * \return         Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
 */
 enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl);
+
+/**
+ * \brief                  Get the generated DTLS-SRTP key material.
+ *                         This function should be called after the handshake is
+ *                         completed. It shall returns 80 bytes of key material generated according to RFC5764
+ *
+ * \param ssl              SSL context
+ * \param key              Buffer to hold the generated key material
+ * \param key_buffer_len   Length in bytes of the key buffer
+ * \param key_len          Actual length of data written in the key buffer
+ *
+ * \return         0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key
+ */
+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len );
 #endif /* MBEDTLS_SSL_DTLS_SRTP */

 /**
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4755,6 +4755,19 @@ enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_
    return( ssl->chosen_dtls_srtp_profile);
 }

+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) {
+    *key_len = 0;
+
+    /* check output buffer size */
+    if ( key_buffer_len < ssl->dtls_srtp_keys_len) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
+
+    memcpy( key, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len);
+    *key_len = ssl->dtls_srtp_keys_len;
+
+    return 0;
+}
 #endif /* MBEDTLS_SSL_DTLS_SRTP */

 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )