Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
bctoolbox
Commits
367739f0
Commit
367739f0
authored
Feb 10, 2016
by
johan
Browse files
Add DTLS-SRTP to mbedtls wrapper
parent
28de772d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
39 additions
and
33 deletions
+39
-33
CMakeLists.txt
CMakeLists.txt
+7
-4
cmake/FindMbedTLS.cmake
cmake/FindMbedTLS.cmake
+9
-1
src/crypto_mbedtls.c
src/crypto_mbedtls.c
+23
-28
No files found.
CMakeLists.txt
View file @
367739f0
...
...
@@ -55,10 +55,6 @@ elseif (ENABLE_POLARSSL)
find_package
(
PolarSSL
)
if
(
POLARSSL_FOUND
)
message
(
"Use polarSSL"
)
if
(
HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE
)
message
(
"DTLS SRTP available"
)
set
(
HAVE_DTLS_SRTP 1
)
endif
()
else
()
message
(
FATAL_ERROR
" No polarSSL or mbedTLS found"
)
endif
()
...
...
@@ -66,6 +62,13 @@ else ()
message
(
FATAL_ERROR
"Neither polarSSL nor mbedTLS enabled"
)
endif
()
if
(
HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE
)
message
(
"DTLS SRTP available"
)
set
(
HAVE_DTLS_SRTP 1
)
else
()
message
(
"DTLS SRTP not available"
)
endif
()
set
(
prefix
${
CMAKE_INSTALL_PREFIX
}
)
set
(
exec_prefix
${
prefix
}
/bin
)
set
(
libdir
${
prefix
}
/lib
)
...
...
cmake/FindMbedTLS.cmake
View file @
367739f0
...
...
@@ -81,10 +81,18 @@ if (MBEDTLS_V2)
)
endif
()
if
(
MBEDTLS_LIBRARIES
)
cmake_push_check_state
(
RESET
)
set
(
CMAKE_REQUIRED_INCLUDES
${
MBEDTLS_INCLUDE_DIRS
}
)
set
(
CMAKE_REQUIRED_LIBRARIES
${
MBEDTLS_LIBRARIES
}
)
check_symbol_exists
(
mbedtls_ssl_get_dtls_srtp_protection_profile
"mbedtls/ssl.h"
HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE
)
cmake_pop_check_state
()
endif
()
include
(
FindPackageHandleStandardArgs
)
find_package_handle_standard_args
(
MbedTLS
DEFAULT_MSG
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
)
mark_as_advanced
(
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
)
mark_as_advanced
(
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE
)
src/crypto_mbedtls.c
View file @
367739f0
...
...
@@ -823,33 +823,33 @@ uint8_t bctoolbox_dtls_srtp_supported(void) {
return
1
;
}
static
bctoolbox_dtls_srtp_profile_t
bctoolbox_srtp_profile_
polarssl
2bctoolbox
(
enum
DTLS_SRTP_protection_profiles
polarssl
_profile
)
{
switch
(
polarssl
_profile
)
{
case
SRTP_AES128_CM_HMAC_SHA1_80
:
static
bctoolbox_dtls_srtp_profile_t
bctoolbox_srtp_profile_
mbedtls
2bctoolbox
(
enum
mbedtls_
DTLS_SRTP_protection_profiles
mbedtls
_profile
)
{
switch
(
mbedtls
_profile
)
{
case
MBEDTLS_
SRTP_AES128_CM_HMAC_SHA1_80
:
return
BCTOOLBOX_SRTP_AES128_CM_HMAC_SHA1_80
;
case
SRTP_AES128_CM_HMAC_SHA1_32
:
case
MBEDTLS_
SRTP_AES128_CM_HMAC_SHA1_32
:
return
BCTOOLBOX_SRTP_AES128_CM_HMAC_SHA1_32
;
case
SRTP_NULL_HMAC_SHA1_80
:
case
MBEDTLS_
SRTP_NULL_HMAC_SHA1_80
:
return
BCTOOLBOX_SRTP_NULL_HMAC_SHA1_80
;
case
SRTP_NULL_HMAC_SHA1_32
:
case
MBEDTLS_
SRTP_NULL_HMAC_SHA1_32
:
return
BCTOOLBOX_SRTP_NULL_HMAC_SHA1_32
;
default:
return
BCTOOLBOX_SRTP_UNDEFINED
;
}
}
static
enum
DTLS_SRTP_protection_profiles
bctoolbox_srtp_profile_bctoolbox2
polarssl
(
bctoolbox_dtls_srtp_profile_t
bctoolbox_profile
)
{
static
enum
mbedtls_
DTLS_SRTP_protection_profiles
bctoolbox_srtp_profile_bctoolbox2
mbedtls
(
bctoolbox_dtls_srtp_profile_t
bctoolbox_profile
)
{
switch
(
bctoolbox_profile
)
{
case
BCTOOLBOX_SRTP_AES128_CM_HMAC_SHA1_80
:
return
SRTP_AES128_CM_HMAC_SHA1_80
;
return
MBEDTLS_
SRTP_AES128_CM_HMAC_SHA1_80
;
case
BCTOOLBOX_SRTP_AES128_CM_HMAC_SHA1_32
:
return
SRTP_AES128_CM_HMAC_SHA1_32
;
return
MBEDTLS_
SRTP_AES128_CM_HMAC_SHA1_32
;
case
BCTOOLBOX_SRTP_NULL_HMAC_SHA1_80
:
return
SRTP_NULL_HMAC_SHA1_80
;
return
MBEDTLS_
SRTP_NULL_HMAC_SHA1_80
;
case
BCTOOLBOX_SRTP_NULL_HMAC_SHA1_32
:
return
SRTP_NULL_HMAC_SHA1_32
;
return
MBEDTLS_
SRTP_NULL_HMAC_SHA1_32
;
default:
return
SRTP_UNSET_PROFILE
;
return
MBEDTLS_
SRTP_UNSET_PROFILE
;
}
}
...
...
@@ -858,23 +858,23 @@ bctoolbox_dtls_srtp_profile_t bctoolbox_ssl_get_dtls_srtp_protection_profile(bct
return
BCTOOLBOX_ERROR_INVALID_SSL_CONTEXT
;
}
return
bctoolbox_srtp_profile_polarssl2bctoolbox
(
ssl_get_dtls_srtp_protection_profile
(
&
(
ssl_ctx
->
ssl_ctx
)));
return
bctoolbox_srtp_profile_polarssl2bctoolbox
(
mbedtls_
ssl_get_dtls_srtp_protection_profile
(
&
(
ssl_ctx
->
ssl_ctx
)));
};
int32_t
bctoolbox_ssl_get_dtls_srtp_key_material
(
bctoolbox_ssl_context_t
*
ssl_ctx
,
char
*
output
,
size_t
*
output_length
)
{
int
ret
0
;
if
(
ssl_ctx
==
NULL
)
{
return
BCTOOLBOX_ERROR_INVALID_SSL_CONTEXT
;
}
/* check output buffer size */
if
(
*
output_length
<
ssl_ctx
->
ssl_ctx
.
dtls_srtp_keys_len
)
{
ret
=
mbedtls_ssl_get_dtls_srtp_key_material
(
&
(
ssl_ctx
->
ssl_ctx
),
output
,
*
output_length
,
output_length
);
/* remap the output error code */
if
(
ret
==
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
)
{
return
BCTOOLBOX_ERROR_OUTPUT_BUFFER_TOO_SMALL
;
}
memcpy
(
output
,
ssl_ctx
->
ssl_ctx
.
dtls_srtp_keys
,
ssl_ctx
->
ssl_ctx
.
dtls_srtp_keys_len
);
*
output_length
=
ssl_ctx
->
ssl_ctx
.
dtls_srtp_keys_len
;
return
0
;
}
#else
/* HAVE_DTLS_SRTP */
...
...
@@ -1111,22 +1111,21 @@ int32_t bctoolbox_ssl_config_set_own_cert(bctoolbox_ssl_config_t *ssl_config, bc
#ifdef HAVE_DTLS_SRTP
int32_t
bctoolbox_ssl_config_set_dtls_srtp_protection_profiles
(
bctoolbox_ssl_config_t
*
ssl_config
,
const
bctoolbox_dtls_srtp_profile_t
*
profiles
,
size_t
profiles_number
)
{
int
i
;
enum
mbedtls_DTLS_SRTP_protection_profiles
dtls_srtp_mbedtls_profiles
[
4
];
if
(
ssl_config
==
NULL
)
{
return
BCTOOLBOX_ERROR_INVALID_SSL_CONFIG
;
}
/* convert the profiles array into a
polarssl
profiles array */
/* convert the profiles array into a
mbedtls
profiles array */
for
(
i
=
0
;
i
<
profiles_number
&&
i
<
4
;
i
++
)
{
/* 4 profiles defined max */
ssl_config
->
dtls_srtp_profiles
[
i
]
=
bctoolbox_srtp_profile_bctoolbox2
polarssl
(
profiles
[
i
]);
dtls_srtp_
mbedtls_
profiles
[
i
]
=
bctoolbox_srtp_profile_bctoolbox2
mbedtls
(
profiles
[
i
]);
}
for
(;
i
<
4
;
i
++
)
{
/* make sure to have harmless values in the rest of the array */
ssl_config
->
dtls_srtp_profiles
[
i
]
=
SRTP_UNSET_PROFILE
;
dtls_srtp_
mbedtls_
profiles
[
i
]
=
MBEDTLS_
SRTP_UNSET_PROFILE
;
}
ssl_config
->
dtls_srtp_profiles_number
=
profiles_number
;
return
0
;
return
mbedtls_ssl_conf_dtls_srtp_protection_profiles
(
ssl_config
->
ssl_config
,
dtls_srtp_mbedtls_profiles
,
profiles_number
);
}
#else
/* HAVE_DTLS_SRTP */
...
...
@@ -1153,10 +1152,6 @@ int32_t bctoolbox_ssl_context_setup(bctoolbox_ssl_context_t *ssl_ctx, bctoolbox_
}
#ifdef HAVE_DTLS_SRTP
if
(
ssl_config
->
dtls_srtp_profiles_number
>
0
)
{
ssl_set_dtls_srtp_protection_profiles
(
&
(
ssl_ctx
->
ssl_ctx
),
ssl_config
->
dtls_srtp_profiles
,
ssl_config
->
dtls_srtp_profiles_number
);
}
/* We do not use DTLS SRTP cookie, so we must set to NULL the callbacks. Cookies are used to prevent DoS attack but our server is on only when during a brief period so we do not need this */
mbedtls_ssl_conf_dtls_cookies
(
ssl_config
->
ssl_config
,
NULL
,
NULL
,
NULL
);
#endif
/* HAVE_DTLS_SRTP */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment