gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] Add support for DTLS-SRTP profile negotiation (RFC 5764)

From: Martin Storsjö
Subject: Re: [PATCH 1/2] Add support for DTLS-SRTP profile negotiation (RFC 5764)
Date: Wed, 31 Oct 2012 20:10:50 +0200 (EET)
User-agent: Alpine 2.00 (DEB 1167 2008-08-23) 
On Wed, 31 Oct 2012, Nikos Mavrogiannopoulos wrote:


On 10/31/2012 02:46 PM, Martin Storsjo wrote:


The code is heavily modelled on the server_name extension



implementation.


Hello,
Thank you for the patch. After the negotiation though, how does the
SRTP layer gets the keys? Or would a later patch make gnutls output SRTP?
The actual keys for SRTP are generated using RFC 5705, which can be handled via gnutls_prf. (For the context parameter in RFC 5705, one has to manually construct such a buffer to pass as the extra parameter to gnutls_prf, but other than that, it's all there already.) 


Open questions:
- Would it be necessary to add an accessor function for quering
  the offered profiles that have been set?
- The profile name strings match the ones used in OpenSSL, but
  compared with the RFC, they lack a "HMAC_" before "SHA1". Is
  this ok?



I don't know. How do you expect users to get those names? If they get it
from the RFC then being identical to it would help. Otherwise you may
just add a small section in the gnutls manual with the available options.


- Is it ok to have both the setter and getter functions use strings?
  The corresponding APIs in OpenSSL set the profiles based on a string,
  but expose the selected profile via a struct.



see below.


+int
+gnutls_srtp_get_selected_profile (gnutls_session_t session, char *profile,
+                                  size_t *profile_length)



I think it would be easier for a user of this function to have profiles
in an enumeration and this function to return a member of this enumeration.

That may need though a function such as
const char* gnutls_srtp_get_profile_name(gnutls_srtp_profile_t)
to return a printable name.


+/**
+ * gnutls_srtp_set_profiles:
+ * @session: is a #gnutls_session_t structure.
+ * @profiles: is a string that contains the supported SRTP profiles,
+ *   separated by colons.
+ *
+ * This function is to be used by both clients and servers, to declare
+ * what SRTP profiles they support, to negotiate with the peer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
+ *   otherwise a negative error code is returned.
+ **/
+int
+gnutls_srtp_set_profiles (gnutls_session_t session,
+                          const char *profiles)



I see that here a string helps because multiple profiles can be
specified. However an interface similar to gnutls_priority_set_direct()
would suit better human-provided strings since it would allow pointing
out the typo.

e.g.
gnutls_srtp_set_profiles (gnutls_session_t session,
                         const char *profiles, char** err_pos)


That sounds like a good idea, I'll return with an improved patch later.


btw. Would you be willing to transfer copyright to the FSF?


Yes, that's ok with me.

// Martin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]