Add dtls-srtp to client and server examples

Add dtls-srtp to `ssl_client2` and `ssl_server2` examples,
for reference and for allowing in tests.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Ron Eldor 2018-07-02 10:08:07 +03:00 committed by Johan Pascal
parent 9d36d311e3
commit 6ea64518ad
2 changed files with 180 additions and 3 deletions

View file

@ -150,6 +150,9 @@ int main( void )
#define DFL_NSS_KEYLOG_FILE NULL #define DFL_NSS_KEYLOG_FILE NULL
#define DFL_SKIP_CLOSE_NOTIFY 0 #define DFL_SKIP_CLOSE_NOTIFY 0
#define DFL_QUERY_CONFIG_MODE 0 #define DFL_QUERY_CONFIG_MODE 0
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE
#define DFL_SRTP_MKI ""
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n" #define GET_REQUEST_END "\r\n\r\n"
@ -321,6 +324,20 @@ int main( void )
#define USAGE_DTLS "" #define USAGE_DTLS ""
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define USAGE_SRTP \
" use_srtp=%%d default: 0 (disabled)\n" \
" srtp_force_profile=%%d default: all enabled\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
" 3 - SRTP_NULL_HMAC_SHA1_80\n" \
" 4 - SRTP_NULL_HMAC_SHA1_32\n" \
" mki=%%s default: \"\" (in hex, without 0x)\n"
#else
#define USAGE_SRTP ""
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
#define USAGE_FALLBACK \ #define USAGE_FALLBACK \
" fallback=0/1 default: (library default: off)\n" " fallback=0/1 default: (library default: off)\n"
@ -407,6 +424,7 @@ int main( void )
"\n" \ "\n" \
USAGE_DTLS \ USAGE_DTLS \
USAGE_CID \ USAGE_CID \
USAGE_SRTP \
"\n" "\n"
#define USAGE2 \ #define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
@ -541,6 +559,9 @@ struct options
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */ int skip_close_notify; /* skip sending the close_notify alert */
int query_config_mode; /* whether to read config */ int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
const char* mki; /* The dtls mki value to use */
} opt; } opt;
int query_config( const char *config ); int query_config( const char *config );
@ -1134,6 +1155,10 @@ int main( int argc, char *argv[] )
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur; const mbedtls_ecp_curve_info *curve_cur;
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
size_t mki_len = 0;
#endif
const char *pers = "ssl_client2"; const char *pers = "ssl_client2";
@ -1304,6 +1329,9 @@ int main( int argc, char *argv[] )
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
opt.query_config_mode = DFL_QUERY_CONFIG_MODE; opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
for( i = 1; i < argc; i++ ) for( i = 1; i < argc; i++ )
{ {
@ -1730,6 +1758,18 @@ int main( int argc, char *argv[] )
if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 ) if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
goto usage; goto usage;
} }
else if( strcmp( p, "use_srtp" ) == 0 )
{
opt.use_srtp = atoi ( q );
}
else if( strcmp( p, "srtp_force_profile" ) == 0 )
{
opt.force_srtp_profile = atoi( q );
}
else if( strcmp( p, "mki" ) == 0 )
{
opt.mki = q;
}
else else
goto usage; goto usage;
} }
@ -1837,7 +1877,6 @@ int main( int argc, char *argv[] )
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 ) if( opt.psk_opaque != 0 )
{ {
@ -2240,6 +2279,37 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP )
{
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
}
else
{
const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
}
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
goto exit;
}
}
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC ) if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
@ -2476,6 +2546,25 @@ int main( int argc, char *argv[] )
mbedtls_ecp_set_max_ops( opt.ec_max_ops ); mbedtls_ecp_set_max_ops( opt.ec_max_ops );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
{
if( mbedtls_test_unhexify( mki, sizeof( mki ),
opt.mki,&mki_len ) != 0 )
{
mbedtls_printf( "mki value not valid hex\n" );
goto exit;
}
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, strlen( mki )) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
goto exit;
}
}
#endif
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* /*

View file

@ -183,6 +183,9 @@ int main( void )
#define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG 0
#define DFL_NSS_KEYLOG_FILE NULL #define DFL_NSS_KEYLOG_FILE NULL
#define DFL_QUERY_CONFIG_MODE 0 #define DFL_QUERY_CONFIG_MODE 0
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE
#define DFL_SRTP_MKI ""
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@ -411,6 +414,20 @@ int main( void )
#define USAGE_DTLS "" #define USAGE_DTLS ""
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define USAGE_SRTP \
" use_srtp=%%d default: 0 (disabled)\n" \
" srtp_force_profile=%%d default: all enabled\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
" 3 - SRTP_NULL_HMAC_SHA1_80\n" \
" 4 - SRTP_NULL_HMAC_SHA1_32\n" \
" mki=%%s default: \"\" (in hex, without 0x)\n"
#else
#define USAGE_SRTP ""
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#define USAGE_EMS \ #define USAGE_EMS \
" extended_ms=0/1 default: (library default: on)\n" " extended_ms=0/1 default: (library default: on)\n"
@ -490,6 +507,7 @@ int main( void )
" read_timeout=%%d default: 0 ms (no timeout)\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \
"\n" \ "\n" \
USAGE_DTLS \ USAGE_DTLS \
USAGE_SRTP \
USAGE_COOKIES \ USAGE_COOKIES \
USAGE_ANTI_REPLAY \ USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \ USAGE_BADMAC_LIMIT \
@ -645,6 +663,9 @@ struct options
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
int query_config_mode; /* whether to read config */ int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
const char* mki; /* The dtls mki value to use */
} opt; } opt;
int query_config( const char *config ); int query_config( const char *config );
@ -1792,7 +1813,6 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[MEMORY_HEAP_SIZE]; unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
@ -1804,6 +1824,10 @@ int main( int argc, char *argv[] )
size_t context_buf_len = 0; size_t context_buf_len = 0;
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
size_t mki_len = 0;
#endif
int i; int i;
char *p, *q; char *p, *q;
const int *list; const int *list;
@ -1976,6 +2000,9 @@ int main( int argc, char *argv[] )
opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog = DFL_NSS_KEYLOG;
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
opt.query_config_mode = DFL_QUERY_CONFIG_MODE; opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
for( i = 1; i < argc; i++ ) for( i = 1; i < argc; i++ )
{ {
@ -2424,6 +2451,18 @@ int main( int argc, char *argv[] )
{ {
opt.nss_keylog_file = q; opt.nss_keylog_file = q;
} }
else if( strcmp( p, "use_srtp" ) == 0 )
{
opt.use_srtp = atoi ( q );
}
else if( strcmp( p, "srtp_force_profile" ) == 0 )
{
opt.force_srtp_profile = atoi( q );
}
else if( strcmp( p, "mki" ) == 0 )
{
opt.mki = q;
}
else else
goto usage; goto usage;
} }
@ -3028,7 +3067,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
goto exit; goto exit;
}; }
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -3058,6 +3097,37 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP )
{
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
}
else
{
const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
}
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
goto exit;
}
}
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC ) if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
@ -3464,6 +3534,24 @@ int main( int argc, char *argv[] )
mbedtls_timing_get_delay ); mbedtls_timing_get_delay );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
{
if( unhexify( mki, opt.mki, &mki_len ) != 0 )
{
mbedtls_printf( "mki value not valid hex\n" );
goto exit;
}
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, mki_len) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
goto exit;
}
}
#endif
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
reset: reset: