commit 2d9470be76fc4907635d1d973ae2f7cb6c2842b2
author Johan Pascal <johan.pascal@belledonne-communications.com> Mon Feb 08 22:35:41 2016 +0100
committer Johan Pascal <johan.pascal@belledonne-communications.com> Thu Oct 29 01:14:49 2020 +0100
tree a0f73857f665b9cc583d87b596f1377fcc0c4be9
parent bbc057af735d5961183a7cbeb396673e43201e6e

Improve DTLS SRTP API with a dedicated function to get generated keys

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4ba8338..cee2ba8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3180,9 +3180,23 @@
  *
  * \param ssl      SSL context
  *
- * \return         Protection Profile enum member, SRTP_UNSET_PROFILE if no protocol was negotiated.
+ * \return         Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
  */
 enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl);
+
+/**
+ * \brief                  Get the generated DTLS-SRTP key material.
+ *                         This function should be called after the handshake is
+ *                         completed. It shall returns 80 bytes of key material generated according to RFC5764
+ *
+ * \param ssl              SSL context
+ * \param key              Buffer to hold the generated key material
+ * \param key_buffer_len   Length in bytes of the key buffer
+ * \param key_len          Actual length of data written in the key buffer
+ *
+ * \return         0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key
+ */
+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len );
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 /**

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 09a1409..2b9f78a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4755,6 +4755,19 @@
     return( ssl->chosen_dtls_srtp_profile);
 }
 
+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) {
+    *key_len = 0;
+
+    /* check output buffer size */
+    if ( key_buffer_len < ssl->dtls_srtp_keys_len) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
+
+    memcpy( key, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len);
+    *key_len = ssl->dtls_srtp_keys_len;
+
+    return 0;
+}
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )