Add mki value and some review comments
1. Add check for prerequisites in check_config.h
2. Add mki value to use_srtp extension
3. address some review comments
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e3459cd..3c84bb7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -862,6 +862,9 @@
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
+
+#define MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
+#define MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH 255
/*
* List of SRTP profiles for DTLS-SRTP
*/
@@ -873,7 +876,17 @@
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_SRTP_NULL_HMAC_SHA1_32,
}
-mbedtls_dtls_srtp_protection_profiles;
+mbedtls_ssl_srtp_profile;
+
+typedef struct mbedtls_dtls_srtp_info_t
+{
+ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */
+ unsigned char dtls_srtp_keys[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; /*!< master keys and master salt for SRTP generated during handshake */
+ size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */
+ unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; /* opaque srtp_mki<0..255> */
+ size_t mki_len;
+}mbedtls_dtls_srtp_info;
+
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
@@ -1083,11 +1096,8 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /*
- * use_srtp extension
- */
- mbedtls_dtls_srtp_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */
- size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */
+ mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; /*!< ordered list of supported srtp profile */
+ size_t dtls_srtp_profile_list_len; /*!< number of supported profiles */
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
@@ -1170,9 +1180,12 @@
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
+ in the use_srtp extension */
+#endif
};
-
struct mbedtls_ssl_context
{
const mbedtls_ssl_config *conf; /*!< configuration information */
@@ -1335,9 +1348,7 @@
/*
* use_srtp extension
*/
- mbedtls_dtls_srtp_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */
- unsigned char *dtls_srtp_keys; /*!< master keys and master salt for SRTP generated during handshake */
- size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */
+ mbedtls_dtls_srtp_info dtls_srtp_info;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
@@ -3173,8 +3184,7 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_dtls_srtp_protection_profiles *profiles, size_t profiles_number);
-
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number);
/**
* \brief Get the negotiated DTLS-SRTP Protection Profile.
* This function should be called after the handshake is
@@ -3184,7 +3194,7 @@
*
* \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
*/
-mbedtls_dtls_srtp_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl);
+mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl);
/**
* \brief Get the generated DTLS-SRTP key material.