Fix mki issues
1. Set correct mki from the `use_srtp` extension.
2. Use mki value received from the client as the mki used by server.
3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4073f89..7d9c9c3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1851,7 +1851,7 @@
if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} else {
- server_protection_profile_value = ( buf[2]<<8 ) | buf[3];
+ server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
}
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1f497ae..82baeca 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -800,13 +800,13 @@
*
*/
- /* Min length is 5 : at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */
+ /* Min length is 5: at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */
if( len < 5 )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE;
- profile_length = ( buf[0]<<8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */
+ profile_length = ( buf[0] << 8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */
/* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */
@@ -856,9 +856,10 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ];
for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ )
{
- ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + i ];
+ ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ];
}
}