diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 44530cb24..1ded993bc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -414,6 +414,7 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 +#if defined(MBEDTLS_SSL_DTLS_SRTP) /* * Use_srtp extension protection profiles values as defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml @@ -422,6 +423,9 @@ #define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 0x0002 #define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 0x0005 #define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 0x0006 +/* This one is not iana defined, but for code readability. */ +#define MBEDTLS_TLS_SRTP_UNSET 0x0000 +#endif /* MBEDTLS_SSL_DTLS_SRTP*/ /* * Size defines @@ -870,24 +874,15 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 /* - * List of SRTP profiles for DTLS-SRTP + * For code readability use a typedef for DTLS-SRTP profiles + * The supported profiles are defines as macro above: + * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 + * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 + * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 + * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 + * MBEDTLS_TLS_SRTP_UNSET */ -typedef enum -{ - MBEDTLS_SRTP_UNSET_PROFILE, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32, -} -mbedtls_ssl_srtp_profile; - -typedef struct -{ - const mbedtls_ssl_srtp_profile profile; - const char *name; -} -mbedtls_ssl_srtp_profile_info; +typedef uint16_t mbedtls_ssl_srtp_profile; typedef struct mbedtls_dtls_srtp_info_t { @@ -3248,23 +3243,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * \param ssl The SSL context to query. * * \return The DTLS SRTP protection profile in use. - * \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated + * \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated * or peer's Hello packet was not parsed yet. */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); - -/** - * \brief Utility function to get information on DTLS-SRTP profile. - * - * \param profile The DTLS-SRTP profile id to get info on. - * - * \return The address of the SRTP profile information structure on - * success. - * \return \c NULL if the protection profile \p profile was not found. - */ -const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id - ( mbedtls_ssl_srtp_profile profile ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index a4c0467df..e1ba5cdb6 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1096,50 +1096,23 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) -static inline uint16_t mbedtls_ssl_get_srtp_profile_iana_value - ( mbedtls_ssl_srtp_profile profile ) -{ - uint16_t profile_value = 0xffff; - switch( profile ) - { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32; - break; - default: break; - } - return( profile_value ); -} +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ); +#endif /* MBEDTLS_DEBUG_C */ -static inline mbedtls_ssl_srtp_profile mbedtls_ssl_get_srtp_profile_value - ( uint16_t srtp_iana_value ) +static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value + ( const uint16_t srtp_profile_value ) { - mbedtls_ssl_srtp_profile profile_value = MBEDTLS_SRTP_UNSET_PROFILE; - switch( srtp_iana_value ) + switch( srtp_profile_value ) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; - break; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; - break; + return srtp_profile_value; default: break; } - return( profile_value ); + return( MBEDTLS_TLS_SRTP_UNSET ); } #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b8acc7562..185997ddf 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -811,9 +811,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) { - profile_value = mbedtls_ssl_get_srtp_profile_iana_value + profile_value = mbedtls_ssl_check_srtp_profile_value ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); - if( profile_value != 0xFFFF ) + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", profile_value ) ); @@ -1823,10 +1823,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; - const mbedtls_ssl_srtp_profile_info * profile_info; /* If use_srtp is not configured, just ignore the extension */ if( ssl->conf->dtls_srtp_profile_list == NULL || @@ -1870,14 +1869,16 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; - server_protection = mbedtls_ssl_get_srtp_profile_value( server_protection_profile_value ); - profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection ); - if( profile_info != NULL ) + server_protection = mbedtls_ssl_check_srtp_profile_value( + server_protection_profile_value ); + if( server_protection != MBEDTLS_TLS_SRTP_UNSET ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* * Check we have the server profile in our list @@ -1886,13 +1887,15 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); break; } } /* If no match was found : server problem, it shall never answer with incompatible profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f774b407f..9dc08d299 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -781,10 +781,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i,j; size_t profile_length,mki_length; - const mbedtls_ssl_srtp_profile_info *profile_info; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; @@ -818,7 +817,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* first 2 bytes are protection profile length(in bytes) */ profile_length = ( buf[0] << 8 ) | buf[1]; @@ -839,12 +838,13 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, for( j=0; j < profile_length; j += 2 ) { uint16_t protection_profile_value = buf[j] << 8 | buf[j+1]; - client_protection = mbedtls_ssl_get_srtp_profile_value( protection_profile_value ); + client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); - profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection ); - if( profile_info != NULL ) + if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); } else { @@ -856,11 +856,13 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); break; } } - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET ) break; } buf += profile_length; /* buf points to the mki length */ @@ -2639,7 +2641,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { return; } @@ -2679,9 +2681,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; - profile_value = mbedtls_ssl_get_srtp_profile_iana_value( + profile_value = mbedtls_ssl_check_srtp_profile_value( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); - if( profile_value != 0xFFFF ) + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) { buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); buf[7] = (unsigned char)( profile_value & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6b084450c..caaba2428 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4690,29 +4690,24 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static const mbedtls_ssl_srtp_profile_info srtp_profile_definitions[] = +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) { - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" }, - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" }, - { MBEDTLS_SRTP_NULL_HMAC_SHA1_80, "MBEDTLS_SRTP_NULL_HMAC_SHA1_80" }, - { MBEDTLS_SRTP_NULL_HMAC_SHA1_32, "MBEDTLS_SRTP_NULL_HMAC_SHA1_32" }, - { MBEDTLS_SRTP_UNSET_PROFILE, "" } -}; - -const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile ) -{ - const mbedtls_ssl_srtp_profile_info *cur = srtp_profile_definitions; - - while( cur->profile != MBEDTLS_SRTP_UNSET_PROFILE ) + switch( profile ) { - if( cur->profile == profile ) - return( cur ); - - cur++; + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; + default: break; } - - return( NULL ); + return( "" ); } +#endif /* MBEDTLS_DEBUG_C */ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) @@ -4758,10 +4753,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, { switch( profiles[i] ) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: break; default: conf->dtls_srtp_profile_list = NULL; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d727ebcad..33fbc0538 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1246,10 +1246,10 @@ int main( int argc, char *argv[] ) const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -2755,7 +2755,7 @@ int main( int argc, char *argv[] ) size_t j = 0; if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6dc783215..b6f0736a8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1877,10 +1877,10 @@ int main( int argc, char *argv[] ) const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -3864,7 +3864,7 @@ handshake: size_t j = 0; if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b820a735b..be57f9ddd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1074,7 +1074,7 @@ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" -O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" +O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" @@ -8734,33 +8734,33 @@ run_test "DTLS-SRTP all profiles supported" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=3 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8771,13 +8771,13 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8785,10 +8785,10 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ -S "DTLS-SRTP key material is"\ @@ -8944,7 +8944,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8967,7 +8967,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8979,7 +8979,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8991,7 +8991,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8999,7 +8999,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ @@ -9067,8 +9067,8 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" @@ -9076,12 +9076,12 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_SHA1_32" @@ -9132,7 +9132,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9145,7 +9145,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9157,7 +9157,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9170,7 +9170,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9183,7 +9183,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9192,7 +9192,7 @@ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \