TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b465539476fc9191c24fa9e839fb84cafb3036ef^! / . / library
commitb465539476fc9191c24fa9e839fb84cafb3036ef[log] [tgz]
authorRon Eldor <Ron.Eldor@arm.com>Thu Jul 05 18:25:39 2018 +0300
committerJohan Pascal <johan.pascal@belledonne-communications.com>Thu Oct 29 01:14:49 2020 +0100
treea0c9c3d2c339053395b85596cb3a871f5111a8d3
parent1c399bdffe2054b8b0ad9729f9e218f8eb469492 [diff]
Add tests and code to support

1. Add DTLS-SRTP tests in `ssl-opts.sh`
2. Add logs for the tests to filter.
3. Add function to get the profile informations.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7d9c9c3..d6b429d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -843,6 +843,7 @@
         {
             *p++ = ssl->dtls_srtp_info.mki_value[i];
         }
+        MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki",  ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
     }
 
     /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/
@@ -1819,6 +1820,7 @@
     mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
     size_t i, mki_len = 0;
     uint16_t server_protection_profile_value = 0;
+    const mbedtls_ssl_srtp_profile_info * profile_info;
 
     /* If use_srtp is not configured, just ignore the extension */
     if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
@@ -1878,9 +1880,15 @@
                 server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
                 break;
         }
+        profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection );
+        if( profile_info != NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
+        }
 
         if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
             ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
             break;
         }
     }
@@ -1904,6 +1912,12 @@
                                         MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+#if defined (MBEDTLS_DEBUG_C)
+    if( len > 5)
+    {
+        MBEDTLS_SSL_DEBUG_BUF( 3, "received mki",  ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
+    }
+#endif
     return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0054964..4c59e5b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -783,6 +783,7 @@
     mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
     size_t i,j;
     size_t profile_length;
+    const mbedtls_ssl_srtp_profile_info * profile_info;
 
     /* If use_srtp is not configured, just ignore the extension */
     if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
@@ -832,12 +833,18 @@
                 client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
                 break;
         }
+        profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection );
+        if( profile_info != NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
+        }
         /* check if suggested profile is in our list */
         for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
         {
             if( client_protection == ssl->conf->dtls_srtp_profile_list[i] )
             {
                 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
                 break;
             }
         }
@@ -861,6 +868,8 @@
         {
             ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ];
         }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "using mki",  ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
     }
 
      return( 0 );

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 02efcb4..18c86a5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4738,6 +4738,30 @@
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
+static const mbedtls_ssl_srtp_profile_info srtp_profile_definitions[] =
+{
+    { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" },
+    { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" },
+    { MBEDTLS_SRTP_NULL_HMAC_SHA1_80, "MBEDTLS_SRTP_NULL_HMAC_SHA1_80" },
+    { MBEDTLS_SRTP_NULL_HMAC_SHA1_32, "MBEDTLS_SRTP_NULL_HMAC_SHA1_32" },
+    { MBEDTLS_SRTP_UNSET_PROFILE, "" }
+};
+
+const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile )
+{
+    const mbedtls_ssl_srtp_profile_info *cur = srtp_profile_definitions;
+
+    while( cur->profile != MBEDTLS_SRTP_UNSET_PROFILE )
+    {
+        if( cur->profile == profile )
+            return( cur );
+
+        cur++;
+    }
+
+    return( NULL );
+}
+
 void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value )
 {
     conf->dtls_srtp_mki_support = support_mki_value;