mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 11:05:29 +00:00
Add dtls-srtp to client and server examples
Add dtls-srtp to `ssl_client2` and `ssl_server2` examples, for reference and for allowing in tests. Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
parent
9d36d311e3
commit
6ea64518ad
|
@ -150,6 +150,9 @@ int main( void )
|
|||
#define DFL_NSS_KEYLOG_FILE NULL
|
||||
#define DFL_SKIP_CLOSE_NOTIFY 0
|
||||
#define DFL_QUERY_CONFIG_MODE 0
|
||||
#define DFL_USE_SRTP 0
|
||||
#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE
|
||||
#define DFL_SRTP_MKI ""
|
||||
|
||||
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
||||
#define GET_REQUEST_END "\r\n\r\n"
|
||||
|
@ -321,6 +324,20 @@ int main( void )
|
|||
#define USAGE_DTLS ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
#define USAGE_SRTP \
|
||||
" use_srtp=%%d default: 0 (disabled)\n" \
|
||||
" srtp_force_profile=%%d default: all enabled\n" \
|
||||
" available profiles:\n" \
|
||||
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
|
||||
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
|
||||
" 3 - SRTP_NULL_HMAC_SHA1_80\n" \
|
||||
" 4 - SRTP_NULL_HMAC_SHA1_32\n" \
|
||||
" mki=%%s default: \"\" (in hex, without 0x)\n"
|
||||
#else
|
||||
#define USAGE_SRTP ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
#define USAGE_FALLBACK \
|
||||
" fallback=0/1 default: (library default: off)\n"
|
||||
|
@ -407,6 +424,7 @@ int main( void )
|
|||
"\n" \
|
||||
USAGE_DTLS \
|
||||
USAGE_CID \
|
||||
USAGE_SRTP \
|
||||
"\n"
|
||||
#define USAGE2 \
|
||||
" auth_mode=%%s default: (library default: none)\n" \
|
||||
|
@ -541,6 +559,9 @@ struct options
|
|||
int reproducible; /* make communication reproducible */
|
||||
int skip_close_notify; /* skip sending the close_notify alert */
|
||||
int query_config_mode; /* whether to read config */
|
||||
int use_srtp; /* Support SRTP */
|
||||
int force_srtp_profile; /* SRTP protection profile to use or all */
|
||||
const char* mki; /* The dtls mki value to use */
|
||||
} opt;
|
||||
|
||||
int query_config( const char *config );
|
||||
|
@ -1134,6 +1155,10 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
|
||||
const mbedtls_ecp_curve_info *curve_cur;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
|
||||
size_t mki_len = 0;
|
||||
#endif
|
||||
|
||||
const char *pers = "ssl_client2";
|
||||
|
||||
|
@ -1304,6 +1329,9 @@ int main( int argc, char *argv[] )
|
|||
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
|
||||
opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
|
||||
opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
|
||||
opt.use_srtp = DFL_USE_SRTP;
|
||||
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
|
||||
opt.mki = DFL_SRTP_MKI;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
|
@ -1729,6 +1757,18 @@ int main( int argc, char *argv[] )
|
|||
opt.skip_close_notify = atoi( q );
|
||||
if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "use_srtp" ) == 0 )
|
||||
{
|
||||
opt.use_srtp = atoi ( q );
|
||||
}
|
||||
else if( strcmp( p, "srtp_force_profile" ) == 0 )
|
||||
{
|
||||
opt.force_srtp_profile = atoi( q );
|
||||
}
|
||||
else if( strcmp( p, "mki" ) == 0 )
|
||||
{
|
||||
opt.mki = q;
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
|
@ -1837,7 +1877,6 @@ int main( int argc, char *argv[] )
|
|||
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
|
||||
}
|
||||
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
{
|
||||
|
@ -2240,6 +2279,37 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
if( opt.use_srtp != DFL_USE_SRTP )
|
||||
{
|
||||
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
}
|
||||
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
|
@ -2476,6 +2546,25 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ecp_set_max_ops( opt.ec_max_ops );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
|
||||
{
|
||||
if( mbedtls_test_unhexify( mki, sizeof( mki ),
|
||||
opt.mki,&mki_len ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "mki value not valid hex\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
|
||||
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, strlen( mki )) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
|
|
|
@ -183,6 +183,9 @@ int main( void )
|
|||
#define DFL_NSS_KEYLOG 0
|
||||
#define DFL_NSS_KEYLOG_FILE NULL
|
||||
#define DFL_QUERY_CONFIG_MODE 0
|
||||
#define DFL_USE_SRTP 0
|
||||
#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE
|
||||
#define DFL_SRTP_MKI ""
|
||||
|
||||
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
|
||||
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
|
||||
|
@ -411,6 +414,20 @@ int main( void )
|
|||
#define USAGE_DTLS ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
#define USAGE_SRTP \
|
||||
" use_srtp=%%d default: 0 (disabled)\n" \
|
||||
" srtp_force_profile=%%d default: all enabled\n" \
|
||||
" available profiles:\n" \
|
||||
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
|
||||
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
|
||||
" 3 - SRTP_NULL_HMAC_SHA1_80\n" \
|
||||
" 4 - SRTP_NULL_HMAC_SHA1_32\n" \
|
||||
" mki=%%s default: \"\" (in hex, without 0x)\n"
|
||||
#else
|
||||
#define USAGE_SRTP ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
#define USAGE_EMS \
|
||||
" extended_ms=0/1 default: (library default: on)\n"
|
||||
|
@ -490,6 +507,7 @@ int main( void )
|
|||
" read_timeout=%%d default: 0 ms (no timeout)\n" \
|
||||
"\n" \
|
||||
USAGE_DTLS \
|
||||
USAGE_SRTP \
|
||||
USAGE_COOKIES \
|
||||
USAGE_ANTI_REPLAY \
|
||||
USAGE_BADMAC_LIMIT \
|
||||
|
@ -645,6 +663,9 @@ struct options
|
|||
* after renegotiation */
|
||||
int reproducible; /* make communication reproducible */
|
||||
int query_config_mode; /* whether to read config */
|
||||
int use_srtp; /* Support SRTP */
|
||||
int force_srtp_profile; /* SRTP protection profile to use or all */
|
||||
const char* mki; /* The dtls mki value to use */
|
||||
} opt;
|
||||
|
||||
int query_config( const char *config );
|
||||
|
@ -1792,7 +1813,6 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
|
||||
unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
|
||||
|
@ -1804,6 +1824,10 @@ int main( int argc, char *argv[] )
|
|||
size_t context_buf_len = 0;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
|
||||
size_t mki_len = 0;
|
||||
#endif
|
||||
int i;
|
||||
char *p, *q;
|
||||
const int *list;
|
||||
|
@ -1976,6 +2000,9 @@ int main( int argc, char *argv[] )
|
|||
opt.nss_keylog = DFL_NSS_KEYLOG;
|
||||
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
|
||||
opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
|
||||
opt.use_srtp = DFL_USE_SRTP;
|
||||
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
|
||||
opt.mki = DFL_SRTP_MKI;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
|
@ -2424,6 +2451,18 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
opt.nss_keylog_file = q;
|
||||
}
|
||||
else if( strcmp( p, "use_srtp" ) == 0 )
|
||||
{
|
||||
opt.use_srtp = atoi ( q );
|
||||
}
|
||||
else if( strcmp( p, "srtp_force_profile" ) == 0 )
|
||||
{
|
||||
opt.force_srtp_profile = atoi( q );
|
||||
}
|
||||
else if( strcmp( p, "mki" ) == 0 )
|
||||
{
|
||||
opt.mki = q;
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
|
@ -3028,7 +3067,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
|
||||
goto exit;
|
||||
};
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
|
@ -3058,6 +3097,37 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
if( opt.use_srtp != DFL_USE_SRTP )
|
||||
{
|
||||
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
}
|
||||
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
|
@ -3464,6 +3534,24 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_timing_get_delay );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
|
||||
{
|
||||
if( unhexify( mki, opt.mki, &mki_len ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "mki value not valid hex\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
|
||||
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, mki_len) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
reset:
|
||||
|
|
Loading…
Reference in a new issue