mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-13 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add tests and code to support

Browse Source 
1. Add DTLS-SRTP tests in `ssl-opts.sh`
2. Add logs for the tests to filter.
3. Add function to get the profile informations.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Ron Eldor 2018-07-05 18:25:39 +03:00 committed by Johan Pascal
parent 1c399bdffe
commit b465539476
4 changed files with 172 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
library/ssl_cli.c
View File

@ -843,6 +843,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
{ {
*p++ = ssl->dtls_srtp_info.mki_value[i]; *p++ = ssl->dtls_srtp_info.mki_value[i];
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
} }
/* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/
@ -1819,6 +1820,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i, mki_len = 0; size_t i, mki_len = 0;
uint16_t server_protection_profile_value = 0; uint16_t server_protection_profile_value = 0;
const mbedtls_ssl_srtp_profile_info * profile_info;
/* If use_srtp is not configured, just ignore the extension */ /* If use_srtp is not configured, just ignore the extension */
if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
@ -1878,9 +1880,15 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
server_protection = MBEDTLS_SRTP_UNSET_PROFILE; server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
break; break;
} }
profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection );
if( profile_info != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
}
if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
break; break;
} }
} }
@ -1904,6 +1912,12 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
#if defined (MBEDTLS_DEBUG_C)
if( len > 5)
{
MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
}
#endif
return 0; return 0;
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */

9
library/ssl_srv.c
View File

@ -783,6 +783,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i,j; size_t i,j;
size_t profile_length; size_t profile_length;
const mbedtls_ssl_srtp_profile_info * profile_info;
/* If use_srtp is not configured, just ignore the extension */ /* If use_srtp is not configured, just ignore the extension */
if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
@ -832,12 +833,18 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
client_protection = MBEDTLS_SRTP_UNSET_PROFILE; client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
break; break;
} }
profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection );
if( profile_info != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
}
/* check if suggested profile is in our list */ /* check if suggested profile is in our list */
for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
{ {
if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) if( client_protection == ssl->conf->dtls_srtp_profile_list[i] )
{ {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
break; break;
} }
} }
@ -861,6 +868,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
{ {
ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ]; ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ];
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
} }
return( 0 ); return( 0 );

24
library/ssl_tls.c
View File

@ -4738,6 +4738,30 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
static const mbedtls_ssl_srtp_profile_info srtp_profile_definitions[] =
{
{ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" },
{ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" },
{ MBEDTLS_SRTP_NULL_HMAC_SHA1_80, "MBEDTLS_SRTP_NULL_HMAC_SHA1_80" },
{ MBEDTLS_SRTP_NULL_HMAC_SHA1_32, "MBEDTLS_SRTP_NULL_HMAC_SHA1_32" },
{ MBEDTLS_SRTP_UNSET_PROFILE, "" }
};
const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile )
{
const mbedtls_ssl_srtp_profile_info *cur = srtp_profile_definitions;
while( cur->profile != MBEDTLS_SRTP_UNSET_PROFILE )
{
if( cur->profile == profile )
return( cur );
cur++;
}
return( NULL );
}
void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value )
{ {
conf->dtls_srtp_mki_support = support_mki_value; conf->dtls_srtp_mki_support = support_mki_value;

125
tests/ssl-opt.sh
View File

@ -8713,6 +8713,131 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported" \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=3 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports one profile. Client supports profiles." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-c "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one matching profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one different profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server doesn't support use_srtp extension." \
"$P_SRV dtls=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported. mki used" \
"$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "dumping 'using mki' (8 bytes)" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-S "dumping 'using mki' (8 bytes)" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
# Tests for specific things with "unreliable" UDP connection # Tests for specific things with "unreliable" UDP connection
not_with_valgrind # spurious resend due to timeout not_with_valgrind # spurious resend due to timeout