Skip to content

Commit

Permalink
DTLS-SRTP (RFC5764). Merge of Mbed-TLS/mbedtls#361
Browse files Browse the repository at this point in the history
  • Loading branch information
@spli
spli committed Oct 13, 2017
1 parent de750e9 commit a290bb5
Show file tree
Hide file tree
Showing 5 changed files with 458 additions and 8 deletions.
11 changes: 11 additions & 0 deletions components/mbedtls/include/mbedtls/config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1292,6 +1292,17 @@
*/
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY

/**
* \def MBEDTLS_SSL_DTLS_SRTP
*
* Enable support for DTLS-SRTP, RFC5764
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Comment this to disable support for DTLS-SRTP.
*/
#define MBEDTLS_SSL_DTLS_SRTP

/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
*
Expand Down
57 changes: 57 additions & 0 deletions components/mbedtls/include/mbedtls/ssl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,14 @@

#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01

/*
* use_srtp extension protection profiles values as defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
*/
#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001
#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002
#define MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE 0x0005
#define MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE 0x0006

/*
* Size defines
*/
Expand Down Expand Up @@ -542,6 +550,19 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
#endif

#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* List of SRTP profiles for DTLS-SRTP
*/
enum mbedtls_DTLS_SRTP_protection_profiles {
MBEDTLS_SRTP_UNSET_PROFILE,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32,
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */

/*
* This structure is used for storing current session data.
*/
Expand Down Expand Up @@ -887,6 +908,17 @@ struct mbedtls_ssl_context
const char *alpn_chosen; /*!< negotiated protocol */
#endif

#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */
size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */
enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated profil */
unsigned char *dtls_srtp_keys; /*<! master keys and master salt for SRTP generated during handshake */
size_t dtls_srtp_keys_len; /*<! length in bytes of master keys and master salt for SRTP generated during handshake */
#endif /* MBEDTLS_SSL_DTLS_SRTP */

/*
* Information for DTLS hello verify
*/
Expand Down Expand Up @@ -1931,6 +1963,31 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ALPN */

#if defined(MBEDTLS_SSL_DTLS_SRTP)
/**
* \brief Set the supported DTLS-SRTP protection profiles.
*
* \param ssl SSL context
* \param protos List of supported protection profiles,
* in decreasing preference order.
* \param profiles_number Number of supported profiles.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
int mbedtls_ssl_set_dtls_srtp_protection_profiles( mbedtls_ssl_context *ssl, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number);

/**
* \brief Get the negotiated DTLS-SRTP Protection Profile.
* This function should be called after the handshake is
* completed.
*
* \param ssl SSL context
*
* \return Protection Profile enum member, SRTP_UNSET_PROFILE if no protocol was negotiated.
*/
enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_DTLS_SRTP */

/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side
Expand Down
169 changes: 167 additions & 2 deletions components/mbedtls/library/ssl_cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,

*olen = 6;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Expand Down Expand Up @@ -663,6 +663,80 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_ALPN */

#if defined (MBEDTLS_SSL_DTLS_SRTP)
static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen )
{
unsigned char *p = buf;
size_t protection_profiles_index = 0;

*olen = 0;

if( (ssl->dtls_srtp_profiles_list == NULL) || (ssl->dtls_srtp_profiles_list_len == 0) )
{
return;
}

MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) );

*p = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
*p = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );

/* RFC5764 section 4.1.1
* uint8 SRTPProtectionProfile[2];
*
* struct {
* SRTPProtectionProfiles SRTPProtectionProfiles;
* opaque srtp_mki<0..255>;
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*
* Note: srtp_mki is not supported
*/

/* Extension length = 2bytes for profiles lenght, ssl->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) 1 byte for the non implemented srtp_mki vector length (always 0) */
*p = (unsigned char)( ( ( 2 2*(ssl->dtls_srtp_profiles_list_len) 1 ) >> 8 ) & 0xFF );
*p = (unsigned char)( ( ( 2 2*(ssl->dtls_srtp_profiles_list_len) 1 ) ) & 0xFF );


/* protection profile length: 2*(ssl->dtls_srtp_profiles_list_len) */
*p = (unsigned char)( ( ( 2*(ssl->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF );
*p = (unsigned char)( ( 2*(ssl->dtls_srtp_profiles_list_len) ) & 0xFF );

for( protection_profiles_index=0; protection_profiles_index < ssl->dtls_srtp_profiles_list_len; protection_profiles_index )
{
switch (ssl->dtls_srtp_profiles_list[protection_profiles_index]) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
*p = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
*p = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
*p = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
*p = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
*p = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
*p = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
*p = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
*p = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
break;
default:
/* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->dtls_srtp_profiles_list[protection_profiles_index]) );
break;
}
}

*p = 0x00; /* non implemented srtp_mki vector length is always 0 */
/* total extension length: extension type (2 bytes) extension length (2 bytes) protection profile length (2 bytes) 2*nb protection profiles srtp_mki vector length(1 byte)*/
*olen = 2 2 2 2*(ssl->dtls_srtp_profiles_list_len) 1;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */


/*
* Generate random bytes for ClientHello
*/
Expand Down Expand Up @@ -1013,6 +1087,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ext_len += olen;
#endif

#if defined(MBEDTLS_SSL_DTLS_SRTP)
ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif

#if defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
Expand Down Expand Up @@ -1247,7 +1326,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Expand Down Expand Up @@ -1350,6 +1429,81 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_ALPN */

#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
enum mbedtls_DTLS_SRTP_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i;
uint16_t server_protection_profile_value = 0;

/* If use_srtp is not configured, just ignore the extension */
if( ( ssl->dtls_srtp_profiles_list == NULL ) || ( ssl->dtls_srtp_profiles_list_len == 0 ) )
return( 0 );

/* RFC5764 section 4.1.1
* uint8 SRTPProtectionProfile[2];
*
* struct {
* SRTPProtectionProfiles SRTPProtectionProfiles;
* opaque srtp_mki<0..255>;
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*
* Note: srtp_mki is not supported
*/

/* Length is 5 : one protection profile(2 bytes) length(2 bytes) and potential srtp_mki which won't be parsed */
if( len < 5 )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );

/*
* get the server protection profile
*/
if (((uint16_t)(buf[0]<<8 | buf[1])) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} else {
server_protection_profile_value = buf[2]<<8 | buf[3];
}

/*
* Check we have the server profile in our list
*/
for( i=0; i < ssl->dtls_srtp_profiles_list_len; i++)
{
switch ( server_protection_profile_value ) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE:
server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80;
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE:
server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32;
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE:
server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80;
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE:
server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32;
break;
default:
server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
break;
}

if (server_protection == ssl->dtls_srtp_profiles_list[i]) {
ssl->chosen_dtls_srtp_profile = ssl->dtls_srtp_profiles_list[i];
return 0;
}
}

/* If we get there, no match was found : server problem, it shall never answer with incompatible profile */
ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE;
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */

/*
* Parse HelloVerifyRequest. Only called after verifying the HS type.
*/
Expand Down Expand Up @@ -1864,6 +2018,17 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
break;
#endif /* MBEDTLS_SSL_ALPN */

#if defined(MBEDTLS_SSL_DTLS_SRTP)
case MBEDTLS_TLS_EXT_USE_SRTP:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );

if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 )
return( ret );

break;
#endif /* MBEDTLS_SSL_DTLS_SRTP */


default:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
ext_id ) );
Expand Down
Loading

0 comments on commit a290bb5

Please sign in to comment.