Steven Cooreman
162ec8758f
Detecting bit size is no longer required
...
Storage format has been changed to always store the key's bit size
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Steven Cooreman
c4813a6e80
Rename 'keygen' to 'key management'
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Bence Szépkúti
423d3e7fcf
Update support macros for IV/nonce sizes
...
This commit defines the following new macros added to the PSA Crypto API
between versions 1.0 beta 3 and 1.0.0 final:
PSA_AEAD_NONCE_LENGTH
PSA_AEAD_NONCE_MAX_SIZE
PSA_CIPHER_IV_LENGTH
PSA_CIPHER_IV_MAX_SIZE
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-10-29 11:07:39 +01:00
Johan Pascal
5fbe9e7ac0
remove useless parentheses
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 10:50:54 +01:00
Johan Pascal
c3ccd98a91
Check transport in the extension parser/writer
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
5ef72d214f
Style and typos
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481
Do not return a structure, use a return parameter
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0
Make API safer
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
275874bc47
Fix previous commit
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67
API modified so server side can get mki value
...
+ client side discards self mki if server does not support it
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
adbd9449ec
More minor fix
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e
Minor fix and improvements
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
104031547f
style
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
9bc50b0122
Test check the key material exported match
...
- include interop with openssl client
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
39cfd3b96e
interop test: openssl generate the DTLS-SRTP keys
...
Missing a command in the test script to compare with peer's output
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586
style + missing cast
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
842d671316
Update include/mbedtls/config.h
...
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
77696eedac
Add bound check in the client ssl_write_use_srtp_ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
aae4d22b16
Improve code readability
...
+micro optimization
+style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
e79c1e8121
style
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a455cd9a47
mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
f6417ecf60
mki length feats in a uint16_t
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
253d0263a6
set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52
SRTP profiles definition use macros only
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
4f099264b5
use_srtp extension shall not interfere in the handshake settings
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6
Style + fix bound check in write_use_srt_ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d
SRTP-DTLS protection profile configuration list not copied into ssl_config
...
+ improve test
+ minor style fix
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8f70fba988
Check the server hello output buffer size when writing the use_srtp ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
042d456832
Improve client Hello use_srtp parsing
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a89ca8679f
The client shall not enforce the use of client certificate with use_srtp extension
...
This is server's task to request it if needed
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8526957cd5
Minor style modifications
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
48f62e98a8
Fix ssl_client2 after rebase
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
1d957e61eb
Fix build warning
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
b64eab7656
fix style
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
44c0a0a60a
Stick to ChangeLog rules
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
8f284c1b05
Add the SRTP configuration to query_config
...
Add the DTLS_SRTP configuration to `query_config`.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
65b56ef87f
Change key derivation for srtp
...
Use the export keys functionality, to call the public API
`mbedtls_ssl_tls_prf()`, and remove the function
`mbedtls_ssl_get_dtls_srtp_key_material()`.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
5d991c9549
Force IPv4 in gnutls_cli srtp tests
...
Force using IPv4 in the GNU_CLI SRTP tests, as introduced for
other tests in #1918 .
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
9cfb5ebff1
Disable SRTP by default
...
Disable `MBEDTLS_SSL_DTLS_SRTP` by default in the configuration file.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
313d7b5d74
Add variable validation
...
1. Check allocation success.
2. Check parameter correctness in the use_srtp extension
in server and client.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
75870ec6a7
Change byte copy to memcpy
...
Change setting the mki value byte after byte with `memcpy()`.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
f0f7c19457
Add comment describing the feature
...
Add a comment that describes that the feature only supportes the
`use_srtp` extension, and not hte full DTLS-SRTP RFC.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
089c9fe9fa
Improve readability
...
Improve readability of the code:
1. move common code to `ssl_internal.h` as `static inline`.
2. Add comments.
3. Use local variables for extension size.
4. Change function signature, by adding buffer size and output length.
5. Take server srtp profile out of the loop.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
a978804a1b
Style fixes
...
1. Fix indentations.
2. Remove redundant whitespaces.
3. Keep short lines.
4. Grammar fixes.
5. Rephrase function description.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
ef72faf2bb
Style fixes
...
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
2b3dfe41af
Force IPv6 for DTLS interop tests with gnutls-cli
...
Since `gnutls-cli` resolves `localhost` as an IPv6 address, and the server
is bound to IPv4 address, gnutl-cli fails to negotiate DTLS sessions.
Force the server to bind to IPv6 address, as a workaround.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
3c6a44bed8
Add interop tests
...
Add some interoperability tests with openssl and gnutls, in ssl-opts.sh.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
311b95aafe
Fix compilation errors
...
Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set
1. Add file missed in previous commmit.
2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
b465539476
Add tests and code to support
...
1. Add DTLS-SRTP tests in `ssl-opts.sh`
2. Add logs for the tests to filter.
3. Add function to get the profile informations.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
1c399bdffe
Set authmode to optional, if not set
...
Set authmode to `MBEDTLS_SSL_VERIFY_REQUIRED` when using dtls-srtp,
in case authmode was not set. This is to support self signed certificates
received by the server, which is the case with webRTC. Certificate fingerprints
are verified outside the dtls stack, as defined in RFC 5763.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00