Skip to content

Add necessary bits for DTLS-SRTP #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: espidf-5.1.x
Choose a base branch
from
Open

Add necessary bits for DTLS-SRTP #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
63d4bbe
Add necessary bits for DTLS-SRTP
bshubenok-sigma Aug 15, 2023
98546ff
Add method for changing advertised ciphersuites
bshubenok-sigma Sep 12, 2023
6f9142d
Switch `Context` and `Config` to using Arc instead of references
bshubenok-sigma Sep 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion mbedtls-sys-espidf/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#![cfg_attr(not(feature = "std"), no_std)]

#[macro_use]
extern crate cfg_if;

pub mod types;
Expand Down
97 changes: 77 additions & 20 deletions mbedtls/src/ssl/context/asynch.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,58 +1,103 @@
use crate::rng::{EspRandom, RngCallback};
use crate::ssl::{config::*, context::*};
use std::sync::Arc;

define!(
#[c_ty(ssl_config)]
#[repr(transparent)]
struct Config<'a>;
const init: fn() -> Self = ssl_config_init;
#[repr(C)]
struct Config {
own_cert: Vec<Arc<Certificate>>,
own_pk: Vec<Arc<Pk>>,
};
const drop: fn(&mut Self) = ssl_config_free;
impl<'b> Into<ptr> {}
impl<'b> UnsafeFrom<ptr> {}
);

unsafe impl<'a> Sync for Config<'a> {}
unsafe impl Sync for Config {}

impl<'a> Config<'a> {
const MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: u16 = 0x0001;
const MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: u16 = 0x0002;
const MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: u16 = 0x0005;
const MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: u16 = 0x0006;
const MBEDTLS_TLS_SRTP_UNSET: u16 = 0x0000;

const DEFAULT_SRTP_PROFILES: [ssl_srtp_profile; 5] = [
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_UNSET,
];

impl Config {
pub fn new(e: Endpoint, t: Transport, p: Preset) -> Self {
let mut config = Self::init();
let conf = config.handle_mut();
let mut inner = ssl_config::default();
unsafe {
ssl_config_defaults(conf, e as c_int, t as c_int, p as c_int);
ssl_conf_rng(conf, Some(EspRandom::call), EspRandom.data_ptr());
ssl_config_init(&mut inner);
ssl_config_defaults(&mut inner, e as c_int, t as c_int, p as c_int);
ssl_conf_rng(&mut inner, Some(EspRandom::call), EspRandom.data_ptr());
};
config

Self {
inner,
own_cert: vec![],
own_pk: vec![],
}
}

pub fn push_cert(&mut self, own_cert: &'a Certificate, own_pk: &'a Pk) -> Result<()> {
pub fn push_cert(&mut self, own_cert: &Arc<Certificate>, own_pk: &Arc<Pk>) -> Result<()> {
unsafe {
ssl_conf_own_cert(
self.into(),
own_cert.inner_ffi_mut(),
own_pk.inner_ffi_mut(),
)
.into_result_discard()
.into_result_discard()?;
}
self.own_cert.push(Arc::clone(own_cert));
self.own_pk.push(Arc::clone(own_pk));

Ok(())
}

/// Required for SRTP negotiation
pub fn set_default_srtp_profiles(&mut self) -> Result<()> {
unsafe {
ssl_conf_dtls_srtp_protection_profiles(self.into(), DEFAULT_SRTP_PROFILES.as_ptr())
.into_result_discard()
}
}

pub fn set_ciphersuites(&mut self, ciphersuites: &[i32]) -> Result<()> {
unsafe { ssl_conf_ciphersuites(self.into(), ciphersuites.as_ptr()) }
Ok(())
}

setter!(set_authmode(am: AuthMode) = ssl_conf_authmode);
}

define!(
#[c_ty(ssl_context)]
#[repr(transparent)]
struct Context<'a>;
const init: fn() -> Self = ssl_init;
#[repr(C)]
struct Context {
config: Arc<Config>,
};
const drop: fn(&mut Self) = ssl_free;
impl<'b> Into<ptr> {}
impl<'b> UnsafeFrom<ptr> {}
);

impl<'a> Context<'a> {
pub fn new(config: &'a Config<'a>) -> Result<Self> {
let mut context = Self::init();
unsafe { ssl_setup(context.handle_mut(), config.handle()) }.into_result()?;
Ok(context)
impl Context {
pub fn new(config: &Arc<Config>) -> Result<Self> {
let mut inner = ssl_context::default();
let config = Arc::clone(&config);
unsafe {
ssl_init(&mut inner);
ssl_setup(&mut inner, (&*config).into()).into_result()?;
};

Ok(Self { inner, config })
}

pub fn read(&mut self, buf: &mut [u8]) -> Result<c_int> {
Expand All @@ -67,6 +112,10 @@ impl<'a> Context<'a> {
unsafe { ssl_close_notify(self.handle_mut()) }.into_result()
}

pub fn handshake(&mut self) -> Result<c_int> {
unsafe { ssl_handshake(self.handle_mut()) }.into_result()
}

/// # Safety
/// TODO
pub unsafe fn set_bio(
Expand All @@ -89,6 +138,14 @@ impl<'a> Context<'a> {
) {
ssl_set_timer_cb(self.handle_mut(), timer, set, get)
}

pub unsafe fn set_key_export_cb(&mut self, cb: ssl_export_keys_t, keys: *mut c_void) {
ssl_set_export_keys_cb(self.handle_mut(), cb, keys)
}

pub unsafe fn get_dtls_srtp_negotiation_result(&self, info: *mut dtls_srtp_info) {
ssl_get_dtls_srtp_negotiation_result(self.handle(), info)
}
}

impl embedded_io::Error for Error {
Expand Down