API modified so server side can get mki value

+ client side discards self mki if server does not support it Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-26 22:45:58 +01:00 · 2020-10-26 22:45:58 +01:00 · 20c7db3a67
commit 20c7db3a67
parent adbd9449ec
6 changed files with 63 additions and 10 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -3257,7 +3257,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                         unsigned char *mki_value,
                                         uint16_t mki_len );
 /**
- * \brief          Get the negotiated DTLS-SRTP Protection Profile.
+ * \brief          Get the negotiated DTLS-SRTP informations:
+ *                 Protection profile and MKI value.
 *
 * \warning        This function must be called after the handshake is
 *                 completed. The value returned by this function must
@ -3265,14 +3266,20 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
 *
 * \param ssl      The SSL context to query.
 *
- * \return         The DTLS SRTP protection profile in use. The return type is
- *                 a direct mapping of the iana defined value for protection
+ * \return         The negotiated DTLS-SRTP informations:
+ *                 - Protection profile in use.
+ *                 A direct mapping of the iana defined value for protection
 *                 profile on an uint16_t.
 *                 http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * \return         #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ *                 #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
 *                 or peer's Hello packet was not parsed yet.
+ *                 - mki size and value (if size is > 0). These informations are valid only
+ *                 if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET.
+ *                 Ownership of the returned structure is kept by the ssl context,
+ *                 the caller must duplicate any information that must live longer than
+ *                 the context (typically MKI size and value if any)
 */
-mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
+const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result
                                             ( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_DTLS_SRTP */