Implement Keying Material Extraction

paullouisageneau · Mar 11, 2023 · 755e039 · 755e039
1 parent 7e9ac5b
commit 755e039
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/src/impl/dtlssrtptransport.cpp b/src/impl/dtlssrtptransport.cpp
@@ -263,6 +263,42 @@ void DtlsSrtpTransport::postHandshake() {
 
 	serverKey = reinterpret_cast<const unsigned char *>(serverKeyDatum.data);
 	serverSalt = reinterpret_cast<const unsigned char *>(serverSaltDatum.data);
+#elif USE_MBEDTLS
+	PLOG_INFO << "Deriving SRTP keying material (Mbed TLS)";
+	unsigned int keySize = SRTP_AES_128_KEY_LEN;
+	unsigned int saltSize = SRTP_SALT_LEN;
+	auto srtpProfile = srtp_profile_aes128_cm_sha1_80;
+	auto keySizeWithSalt = SRTP_AES_ICM_128_KEY_LEN_WSALT;
+	mbedtls_dtls_srtp_info srtpInfo;
+
+	mbedtls_ssl_get_dtls_srtp_negotiation_result(&mSsl, &srtpInfo);
+	switch (srtpInfo.private_chosen_dtls_srtp_profile) {
+		case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
+			break;
+		case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
+			srtpProfile = srtp_profile_aes128_cm_sha1_32;
+			break;
+		default:
+			throw std::runtime_error("Failed to get SRTP profile");
+	}
+
+
+	const size_t materialLen = keySizeWithSalt * 2;
+	std::vector<unsigned char> material(materialLen);
+	// The extractor provides the client write master key, the server write master key, the client
+	// write master salt and the server write master salt in that order.
+	const string label = "EXTRACTOR-dtls_srtp";
+
+	if (mbedtls_ssl_tls_prf(tlsProfile, (const unsigned char*) masterSecret, sizeof(masterSecret), label.c_str(),
+				(const unsigned char*) randBytes, sizeof(randBytes), material.data(), materialLen) != 0) {
+		throw std::runtime_error("Failed to derive SRTP keys");
+	}
+
+	// Order is client key, server key, client salt, and server salt
+	clientKey = material.data();
+	serverKey = clientKey + keySize;
+	clientSalt = serverKey + keySize;
+	serverSalt = clientSalt + saltSize;
 #else
 	PLOG_INFO << "Deriving SRTP keying material (OpenSSL)";
 	auto profile = SSL_get_selected_srtp_profile(mSsl);

diff --git a/src/impl/dtlstransport.hpp b/src/impl/dtlstransport.hpp
@@ -77,6 +77,10 @@ class DtlsTransport : public Transport, public std::enable_shared_from_this<Dtls
 	mbedtls_ssl_config mConf;
 	mbedtls_ssl_context mSsl;
 
+	char *masterSecret[48];
+	char *randBytes[64];
+	mbedtls_tls_prf_types tlsProfile;
+
 	static int WriteCallback(void *ctx, const unsigned char *buf, size_t len);
 	static int ReadCallback(void *ctx, unsigned char *buf, size_t len);