yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 04:25:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

SRTP-DTLS protection profile configuration list not copied into ssl_config

Browse Source 
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal 2020-09-21 23:44:45 +02:00
parent 8f70fba988
commit 9bc97ca19d
7 changed files with 173 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
include/mbedtls/ssl.h
View File

@ -891,12 +891,12 @@ mbedtls_ssl_srtp_profile_info;
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated*/
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
/*! The mki_value used, with max size of 256 bytes */
/*! The mki_value used, with max size of 256 bytes. */
unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
/*! The length of mki_value */
size_t mki_len;
/*! The length of mki_value. */
size_t mki_len;
}
mbedtls_dtls_srtp_info;
@ -1110,7 +1110,7 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
/*! number of supported profiles */
size_t dtls_srtp_profile_list_len;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@ -3190,13 +3190,14 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/**
* \brief Add support for mki(master key id) value in use_srtp extension.
* MKI is an optional part of SRTP used for key management and
* re-keying. See RFC3711 section 3.1 for details
* \brief Manage support for mki(master key id) value
* in use_srtp extension.
* MKI is an optional part of SRTP used for key management
* and re-keying. See RFC3711 section 3.1 for details.
* The default value is
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED.
*
* \param conf SSL configuration
* \param conf The SSL configuration to manage mki support.
* \param support_mki_value Enable or disable mki usage. Values are
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
* or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
@ -3210,10 +3211,15 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
* \param conf SSL configuration
* \param profiles List of supported protection profiles,
* in decreasing preference order.
* The pointer to the list is
* recorded by the library for later reference as required,
* so the lifetime of the table must be at least as long
* as the lifetime of the SSL configuration structure.
* \param profiles_number Number of supported profiles.
*
* \return 0 on success
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
* protection profiles is incorrect.
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
( mbedtls_ssl_config *conf,
@ -3239,11 +3245,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
* This function should be called after the handshake is
* completed.
*
* \param ssl The SSL context to query
* \param ssl The SSL context to query.
*
* \return The DTLS SRTP protection profile in use
* \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on
* early stage
* \return The DTLS SRTP protection profile in use.
* \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated
* or peer's Hello packet was not parsed yet.
*/
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
( const mbedtls_ssl_context *ssl );
@ -3253,9 +3259,9 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
*
* \param profile The DTLS-SRTP profile id to get info on.
*
* \return Address of the SRTP profile information structure on
* success
* \return \c NULL if not found.
* \return The address of the SRTP profile information structure on
* success.
* \return \c NULL if the protection profile \p profile was not found.
*/
const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id
( mbedtls_ssl_srtp_profile profile );

3
library/ssl_cli.c
View File

@ -788,8 +788,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*/
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
ssl->dtls_srtp_info.mki_len != 0 )
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}

8
library/ssl_srv.c
View File

@ -2651,6 +2651,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
mki_len = ssl->dtls_srtp_info.mki_len;
}
/* The extension total size is 9 bytes :
* - 2 bytes for the extension tag
* - 2 bytes for the total size
* - 2 bytes for the protection profile length
* - 2 bytes for the protection profile
* - 1 byte for the mki length
* + the actual mki length
* Check we have enough room in the output buffer */
if( end < buf + mki_len + 9 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );

14
library/ssl_tls.c
View File

@ -4778,12 +4778,6 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
mbedtls_free( conf->dtls_srtp_profile_list );
conf->dtls_srtp_profile_list =
(mbedtls_ssl_srtp_profile*)mbedtls_calloc(1,
profiles_number * sizeof( mbedtls_ssl_srtp_profile ) );
if( conf->dtls_srtp_profile_list == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
for( i=0; i < profiles_number; i++ ) {
switch( profiles[i] ) {
@ -4791,17 +4785,15 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
conf->dtls_srtp_profile_list[i] = profiles[i];
break;
default:
mbedtls_free( conf->dtls_srtp_profile_list );
conf->dtls_srtp_profile_list = NULL;
conf->dtls_srtp_profile_list_len = 0;
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
}
/* assign array length */
conf->dtls_srtp_profile_list = profiles;
conf->dtls_srtp_profile_list_len = profiles_number;
return( 0 );
@ -7164,10 +7156,6 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
ssl_key_cert_free( conf->key_cert );
#endif
#if defined (MBEDTLS_SSL_DTLS_SRTP)
mbedtls_free( conf->dtls_srtp_profile_list );
#endif
mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
}

88
programs/ssl/ssl_client2.c
View File

@ -262,7 +262,7 @@ int main( void )
" use_srtp=%%d default: 0 (disabled)\n" \
" This cannot be used with eap_tls=1 or "\
" nss_keylog=1\n" \
" srtp_force_profile=%%d default: all enabled\n" \
" srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
@ -707,9 +707,9 @@ static int dtls_srtp_key_derivation( void *p_expkey,
if( opt.debug_level > 2 )
{
mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
}
@ -1242,9 +1242,15 @@ int main( int argc, char *argv[] )
eap_tls_keys eap_tls_keying;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
/*! master keys and master salt for SRTP generated during handshake */
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
const mbedtls_ssl_srtp_profile default_profiles[] = {
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@ -2324,9 +2330,9 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP )
if( opt.use_srtp == 1 )
{
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
@ -2336,11 +2342,6 @@ int main( int argc, char *argv[] )
}
else
{
const mbedtls_ssl_srtp_profile default_profiles[] =
{ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
( &conf,
default_profiles,
@ -2349,12 +2350,14 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
mbedtls_printf( " failed\n ! "
"mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
ret );
goto exit;
}
}
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
else if( opt.force_srtp_profile != 0 )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
@ -2605,13 +2608,13 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
{
if( mbedtls_test_unhexify( mki, sizeof( mki ),
opt.mki,&mki_len ) != 0 )
{
mbedtls_printf( "mki value not valid hex\n" );
goto exit;
goto exit;
}
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
@ -2751,30 +2754,39 @@ int main( int argc, char *argv[] )
{
size_t j = 0;
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
== MBEDTLS_SRTP_UNSET_PROFILE ) )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
mbedtls_printf( " DTLS-SRTP unable to negotiate "
"protection profile\n" );
}
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
else
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf("\n");
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
mbedtls_printf("\n");
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */

73
programs/ssl/ssl_server2.c
View File

@ -331,7 +331,7 @@ int main( void )
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define USAGE_SRTP \
" use_srtp=%%d default: 0 (disabled)\n" \
" srtp_force_profile=%%d default: all enabled\n" \
" srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
@ -809,9 +809,9 @@ static int dtls_srtp_key_derivation( void *p_expkey,
if( opt.debug_level > 2 )
{
mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
}
@ -1876,6 +1876,12 @@ int main( int argc, char *argv[] )
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
const mbedtls_ssl_srtp_profile default_profiles[] = {
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@ -3136,9 +3142,9 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP )
if( opt.use_srtp == 1 )
{
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
@ -3147,10 +3153,6 @@ int main( int argc, char *argv[] )
}
else
{
const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
default_profiles,
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
@ -3168,7 +3170,7 @@ int main( int argc, char *argv[] )
MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED );
}
else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
else if( opt.force_srtp_profile != 0 )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
@ -3861,30 +3863,39 @@ handshake:
{
size_t j = 0;
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
== MBEDTLS_SRTP_UNSET_PROFILE ) )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
mbedtls_printf( " DTLS-SRTP unable to negotiate "
"protection profile\n" );
}
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
else
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
dtls_srtp_keying.master_secret,
sizeof( dtls_srtp_keying.master_secret ),
dtls_srtp_label,
dtls_srtp_keying.randbytes,
sizeof( dtls_srtp_keying.randbytes ),
dtls_srtp_key_material,
sizeof( dtls_srtp_key_material ) ) )
!= 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf("\n");
mbedtls_printf( " DTLS-SRTP key material is:" );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{
if( j % 8 == 0 )
mbedtls_printf("\n ");
mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
}
mbedtls_printf("\n");
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */

50
tests/ssl-opt.sh
View File

@ -1074,7 +1074,7 @@ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
@ -8723,10 +8723,12 @@ run_test "DTLS-SRTP all profiles supported" \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8738,10 +8740,12 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile."
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8753,10 +8757,12 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles."
-s "found srtp profile" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8768,10 +8774,12 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \
-s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8783,10 +8791,12 @@ run_test "DTLS-SRTP server and Client support only one different profile." \
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8796,10 +8806,12 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension." \
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8812,12 +8824,14 @@ run_test "DTLS-SRTP all profiles supported. mki used" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "dumping 'using mki' (8 bytes)" \
-s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8829,11 +8843,13 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-S "dumping 'using mki' (8 bytes)" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
@ -8847,6 +8863,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8858,6 +8875,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles,
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8869,6 +8887,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile.
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8880,6 +8899,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles.
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8891,6 +8911,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8902,6 +8923,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens
-s "found srtp profile" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8911,6 +8933,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client"
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8922,6 +8945,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8933,6 +8957,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles,
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8944,6 +8969,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile.
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8955,6 +8981,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles.
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8966,6 +8993,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8977,6 +9005,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8988,6 +9017,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server"
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8999,6 +9029,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
@ -9013,6 +9044,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9025,6 +9057,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles,
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_NULL_HMAC_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9037,6 +9070,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile.
-s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9049,6 +9083,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles.
-s "found srtp profile" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_NULL_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9061,6 +9096,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9073,6 +9109,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl
-s "found srtp profile" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-C "SRTP profile:"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9083,6 +9120,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
-S "DTLS-SRTP key material is"\
-C "SRTP profile:"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9095,6 +9133,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9107,6 +9146,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles,
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9119,18 +9159,20 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile.
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \
"$P_CLI dtls=1 use_srtp=30 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9143,6 +9185,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9155,6 +9198,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9167,6 +9211,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -9179,6 +9224,7 @@ run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
-C "error"