From 4ca18aae38a307a0c88262db74715c9c07f953b5 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 20 May 2021 14:46:20 +0200 Subject: [PATCH] Corrections after the code review Signed-off-by: TRodziewicz --- ChangeLog.d/issue4286.txt | 9 +- ...ve_support_for_tls_1.0_1.1_and_dtls_1.0.md | 4 +- include/mbedtls/ssl.h | 7 +- library/ssl_misc.h | 12 +- library/ssl_msg.c | 66 ++++- library/ssl_srv.c | 15 +- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 2 +- tests/ssl-opt.sh | 255 ++++++++++++++++++ 9 files changed, 339 insertions(+), 33 deletions(-) diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt index f2f2be2184..8fc1af266d 100644 --- a/ChangeLog.d/issue4286.txt +++ b/ChangeLog.d/issue4286.txt @@ -6,9 +6,6 @@ Removals MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_RECORD_CHECKING, MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE, MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions: - ssl_write_split(), mbedtls_ssl_conf_cbc_record_splitting(), tls1_prf(), - ssl_update_checksum_md5sha1(), mbedtls_ssl_get_key_exchange_md_ssl_tls(), - mbedtls_ssl_check_record(), ssl_check_record(), ssl_calc_verify_tls(), - ssl_calc_finished_tls(), mbedtls_ssl_conf_fallback() as well as test - function component_test_variable_ssl_in_out_buffer_len_record_splitting(). - Fixes #4286. + mbedtls_ssl_conf_cbc_record_splitting(), + mbedtls_ssl_get_key_exchange_md_ssl_tls(), + mbedtls_ssl_check_record(), mbedtls_ssl_conf_fallback(). Fixes #4286. diff --git a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md index 899f79aa08..4beebe240d 100644 --- a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md +++ b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md @@ -1,7 +1,7 @@ -Remove suport for TLS 1.0, 1.1 and DLTS 1.0 +Remove suport for TLS 1.0, 1.1 and DTLS 1.0 ------------------------------------------- -This change affects users of the TLS 1.0, 1.1 and DTLS 1.0. +This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols. The versions of (D)TLS that are being removed are not as secure as the latest versions. Keeping them in the library creates opportunities for misconfiguration diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8e6c1ee135..66cbd48e16 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2533,9 +2533,8 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, * \param ciphersuites 0-terminated list of allowed ciphersuites * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 * supported) - * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1, - * MBEDTLS_SSL_MINOR_VERSION_2, - * MBEDTLS_SSL_MINOR_VERSION_3 supported) + * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 + * supported) * * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ @@ -3203,7 +3202,7 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino * \note Input outside of the SSL_MAX_XXXXX_VERSION and * SSL_MIN_XXXXX_VERSION range is ignored. * - * \note With DTLS, MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 + * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 * * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a5a12ceb20..1f1de2bfdf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -72,7 +72,7 @@ #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 +#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 /* Determine maximum supported version */ @@ -113,13 +113,7 @@ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ -#if defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ @@ -147,7 +141,7 @@ #define MBEDTLS_SSL_SOME_SUITES_USE_MAC #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /* Ciphersuites using HMAC */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index b629d79cb6..a75b9190ba 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -86,6 +86,70 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) return( 0 ); } +static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t len, + mbedtls_record *rec ); + +int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t buflen ) +{ + int ret = 0; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); + + /* We don't support record checking in TLS because + * (a) there doesn't seem to be a usecase for it, and + * (b) In TLS 1.0, CBC record decryption has state + * and we'd need to backup the transform here. + */ + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) + { + ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + goto exit; + } +#if defined(MBEDTLS_SSL_PROTO_DTLS) + else + { + mbedtls_record rec; + + ret = ssl_parse_record_header( ssl, buf, buflen, &rec ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret ); + goto exit; + } + + if( ssl->transform_in != NULL ) + { + ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret ); + goto exit; + } + } + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + +exit: + /* On success, we have decrypted the buffer in-place, so make + * sure we don't leak any plaintext data. */ + mbedtls_platform_zeroize( buf, buflen ); + + /* For the purpose of this API, treat messages with unexpected CID + * as well as such from future epochs as unexpected. */ + if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || + ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) + { + ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; + } + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); + return( ret ); +} + #define SSL_DONT_FORCE_FLUSH 0 #define SSL_FORCE_FLUSH 1 @@ -4960,7 +5024,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) * more than the block size of the underlying cipher. */ transform_expansion += block_size; - /* For TLS 1.1 or higher, an explicit IV is added + /* For TLS 1.2 or higher, an explicit IV is added * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e2b2757d67..8f13a2cec0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3148,11 +3148,8 @@ curve_matching_done: /* * 2.1: Choose hash algorithm: - * A: For TLS 1.2, obey signature-hash-algorithm extension - * to choose appropriate hash. - * B: For TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1 - * (RFC 4492, Sec. 5.4) - * C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3) + * For TLS 1.2, obey signature-hash-algorithm extension + * to choose appropriate hash. */ mbedtls_md_type_t md_alg; @@ -3162,7 +3159,7 @@ curve_matching_done: mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - /* A: For TLS 1.2, obey signature-hash-algorithm extension + /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ if( sig_alg == MBEDTLS_PK_NONE || ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, @@ -3175,11 +3172,11 @@ curve_matching_done: } } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - /* C: MD5 + SHA1 */ - md_alg = MBEDTLS_MD_NONE; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index edb41efecc..e60c0726fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -961,7 +961,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, goto end; } -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index af86838e91..12b4bdf7e6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1324,7 +1324,7 @@ int main( int argc, char *argv[] ) if( opt.min_version < ciphersuite_info->min_minor_ver ) { opt.min_version = ciphersuite_info->min_minor_ver; - /* for DTLS 1.2 */ + /* DTLS starts with TLS 1.2 */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 ) opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 59cb834bad..1d49dc5cbf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2622,6 +2622,27 @@ run_test "Session resume using tickets, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +run_test "Session resume using tickets, DTLS: openssl server" \ + "$O_SRV -dtls" \ + "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -c "a session has been resumed" + +run_test "Session resume using tickets, DTLS: openssl client" \ + "$P_SRV dtls=1 debug_level=3 tickets=1" \ + "( $O_CLI -dtls -sess_out $SESSION; \ + $O_CLI -dtls -sess_in $SESSION; \ + rm -f $SESSION )" \ + 0 \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" + # Tests for Session Resume based on session-ID and cache run_test "Session resume using cache: tickets enabled on client" \ @@ -2810,6 +2831,26 @@ run_test "Session resume using cache, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +run_test "Session resume using cache, DTLS: openssl client" \ + "$P_SRV dtls=1 debug_level=3 tickets=0" \ + "( $O_CLI -dtls -sess_out $SESSION; \ + $O_CLI -dtls -sess_in $SESSION; \ + rm -f $SESSION )" \ + 0 \ + -s "found session ticket extension" \ + -S "server hello, adding session ticket extension" \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" + +run_test "Session resume using cache, DTLS: openssl server" \ + "$O_SRV -dtls" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ + 0 \ + -C "found session_ticket extension" \ + -C "parse new session ticket" \ + -c "a session has been resumed" + # Tests for Max Fragment Length extension if [ "$MAX_IN_LEN" -lt "4096" ]; then @@ -6623,6 +6664,34 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ -C "error" \ -s "Extra-header:" +run_test "DTLS reassembly: no fragmentation (openssl server)" \ + "$O_SRV -dtls -mtu 2048" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -C "found fragmented DTLS handshake message" \ + -C "error" + +run_test "DTLS reassembly: some fragmentation (openssl server)" \ + "$O_SRV -dtls -mtu 768" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +run_test "DTLS reassembly: more fragmentation (openssl server)" \ + "$O_SRV -dtls -mtu 256" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ + "$O_SRV -dtls -mtu 256" \ + "$P_CLI dtls=1 nbio=2 debug_level=2" \ + 0 \ + -c "found fragmented DTLS handshake message" \ + -C "error" + # Tests for sending fragmented handshake messages with DTLS # # Use client auth when we need the client to send large messages, @@ -7593,6 +7662,192 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -C "dumping 'received mki' (8 bytes)" \ -C "error" +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -S "selected srtp profile" \ + -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ + -C "SRTP Extension negotiated, profile" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ + "$P_SRV dtls=1 debug_level=3" \ + "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + 0 \ + -s "found use_srtp extension" \ + -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ + -C "SRTP Extension negotiated, profile" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. openssl server" \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ + "$O_SRV -dtls" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ + "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ + "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ + -c "DTLS-SRTP no mki value negotiated"\ + -c "dumping 'sending mki' (8 bytes)" \ + -C "dumping 'received mki' (8 bytes)" \ + -C "error" + requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP all profiles supported. gnutls client." \