1 Reply by carsonbaker

(5 replies, posted in wolfSSL)

No, sorry. In the end I used OpenSSL and borrowed code from <https://github.com/persmule/libdtlssrtp>.

Go to forum: wolfSSL

2 Reply by carsonbaker

(5 replies, posted in wolfSSL)

Hi Kaleb,

I'm working on a WebRTC implementation and DTLS-SRTP appears to be the chosen method by which browsers are securing media streams.

Initially I tried DTLS via OpenSSL in my application, but I got confused with all the BIO streams and what-not and could never manage to get the thing working for some reason that I now forget. But I noticed WolfSSL had a much less complex integration and I was able to get DTLS working by following the example code provided.

This is the relevant RFC for building an SRTP profile in WolfSSL:
https://tools.ietf.org/rfc/rfc5764.txt

I'll go through it and see if it's within my capabilities to implement, although I suspect it's not.

As an aside, this is a PR that implements RFC5764 in mbedtls (not merged into master):
https://github.com/ARMmbed/mbedtls/pull/361/files

Only 500 lines of code -- that gives me some hope.

Thanks,
Carson

Go to forum: wolfSSL

3 Topic by carsonbaker

(5 replies, posted in wolfSSL)

Hi,

I'm trying to create a WebRTC application that uses SRTP via DTLS to send media. I've seen a couple code examples on the internet that gather the keying material for SRTP using OpenSSL.

Line 208 of https://github.com/alfredh/baresip/blob … ls_srtp.c:

err = tls_srtp_keyinfo(comp->tls_conn, &suite, cli_key, sizeof(cli_key), srv_key, sizeof(srv_key));

Line 652 of https://github.com/meetecho/janus-gatew … ter/dtls.c

SSL_export_keying_material(dtls->ssl, material, SRTP_MASTER_LENGTH*2, "EXTRACTOR-dtls_srtp", 19, NULL, 0, 0)

This is another source that describes the use of SSL_export_keying_material: http://stackoverflow.com/questions/2269 … decryption

Is something like this possible with WolfSSL? I don't see a similar function in the API. What would be involved in accomplishing this?

Thanks,
Carson

Go to forum: wolfSSL