API modified so server side can get mki value

+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

include/mbedtls/ssl.h

@@ -3257,7 +3257,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                          unsigned char *mki_value,
                                          uint16_t mki_len );
 /**
- * \brief          Get the negotiated DTLS-SRTP Protection Profile.
+ * \brief          Get the negotiated DTLS-SRTP informations:
+ *                 Protection profile and MKI value.
  *
  * \warning        This function must be called after the handshake is
  *                 completed. The value returned by this function must
@@ -3265,14 +3266,20 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
  *
  * \param ssl      The SSL context to query.
  *
- * \return         The DTLS SRTP protection profile in use. The return type is
- *                 a direct mapping of the iana defined value for protection
+ * \return         The negotiated DTLS-SRTP informations:
+ *                 - Protection profile in use.
+ *                 A direct mapping of the iana defined value for protection
  *                 profile on an uint16_t.
  *                 http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * \return         #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ *                 #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
  *                 or peer's Hello packet was not parsed yet.
+ *                 - mki size and value (if size is > 0). These informations are valid only
+ *                 if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET.
+ *                 Ownership of the returned structure is kept by the ssl context,
+ *                 the caller must duplicate any information that must live longer than
+ *                 the context (typically MKI size and value if any)
  */
-mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
+const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result
                                              ( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 

library/ssl_cli.c

@@ -1925,6 +1925,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
                                         MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+
+    /* If server does not use mki in its reply, make sure the client won't keep
+     * one as negotiated */
+    if( len == 5 )
+    {
+        ssl->dtls_srtp_info.mki_len = 0;
+    }
+
     /*
      * RFC5764:
      *  If the client detects a nonzero-length MKI in the server's response

library/ssl_tls.c

@@ -4751,10 +4751,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
     return( 0 );
 }
 
-mbedtls_ssl_srtp_profile
-     mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl )
+const mbedtls_dtls_srtp_info *
+     mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl )
 {
-    return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
+    return( &( ssl->dtls_srtp_info ) );
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 

programs/ssl/ssl_client2.c

@@ -2754,8 +2754,10 @@ int main( int argc, char *argv[] )
     else if( opt.use_srtp != 0  )
     {
         size_t j = 0;
+        const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result =
+                        mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl );
 
-        if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
+        if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile
                                 == MBEDTLS_TLS_SRTP_UNSET ) )
         {
             mbedtls_printf( "    Unable to negotiate "
@@ -2797,6 +2799,20 @@ int main( int argc, char *argv[] )
                 mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
             }
             mbedtls_printf( "\n" );
+
+            if ( dtls_srtp_negotiation_result->mki_len > 0 )
+            {
+                mbedtls_printf( "    DTLS-SRTP mki value: " );
+                for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ )
+                {
+                    mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] );
+                }
+            }
+            else
+            {
+                mbedtls_printf( "    DTLS-SRTP no mki value negociated" );
+            }
+            mbedtls_printf( "\n" );
         }
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */

programs/ssl/ssl_server2.c

@@ -3865,8 +3865,10 @@ handshake:
     else if( opt.use_srtp != 0  )
     {
         size_t j = 0;
+        const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result =
+                        mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl );
 
-        if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
+        if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile
                                 == MBEDTLS_TLS_SRTP_UNSET ) )
         {
             mbedtls_printf( "    Unable to negotiate "
@@ -3908,6 +3910,21 @@ handshake:
                 mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
             }
             mbedtls_printf( "\n" );
+
+            if ( dtls_srtp_negotiation_result->mki_len > 0 )
+            {
+                mbedtls_printf( "    DTLS-SRTP mki value: " );
+                for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ )
+                {
+                    mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] );
+                }
+            }
+            else
+            {
+                mbedtls_printf( "    DTLS-SRTP no mki value negociated" );
+            }
+            mbedtls_printf( "\n" );
+
         }
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */

tests/ssl-opt.sh

@@ -8862,6 +8862,7 @@ run_test  "DTLS-SRTP all profiles supported. mki used" \
           -c "dumping 'received mki' (8 bytes)" \
           -c "DTLS-SRTP key material is"\
           -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
+          -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\
           -C "error"
 
 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8874,12 +8875,14 @@ run_test  "DTLS-SRTP all profiles supported. server doesn't support mki." \
           -s "selected srtp profile" \
           -s "server hello, adding use_srtp extension" \
           -s "DTLS-SRTP key material is"\
+          -s "DTLS-SRTP no mki value negociated"\
           -S "dumping 'using mki' (8 bytes)" \
           -c "client hello, adding use_srtp extension" \
           -c "found use_srtp extension" \
           -c "found srtp profile" \
           -c "selected srtp profile" \
           -c "DTLS-SRTP key material is"\
+          -c "DTLS-SRTP no mki value negociated"\
           -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
           -c "dumping 'sending mki' (8 bytes)" \
           -C "dumping 'received mki' (8 bytes)" \
@@ -9066,6 +9069,7 @@ run_test  "DTLS-SRTP all profiles supported. server doesn't support mki. openssl
           -c "found srtp profile" \
           -c "selected srtp profile" \
           -c "DTLS-SRTP key material is"\
+          -c "DTLS-SRTP no mki value negociated"\
           -c "dumping 'sending mki' (8 bytes)" \
           -C "dumping 'received mki' (8 bytes)" \
           -C "error"
@@ -9261,6 +9265,7 @@ run_test  "DTLS-SRTP all profiles supported. mki used. gnutls server." \
           -c "found srtp profile" \
           -c "selected srtp profile" \
           -c "DTLS-SRTP key material is"\
+          -c "DTLS-SRTP mki value:"\
           -c "dumping 'sending mki' (8 bytes)" \
           -c "dumping 'received mki' (8 bytes)" \
           -C "error"