• Registered: 2017-05-13
  • Posts: 3

Topic: DTLS-SRTP with WolfSSL

Hi,

I'm trying to create a WebRTC application that uses SRTP via DTLS to send media. I've seen a couple code examples on the internet that gather the keying material for SRTP using OpenSSL.

Line 208 of https://github.com/alfredh/baresip/blob … ls_srtp.c:

err = tls_srtp_keyinfo(comp->tls_conn, &suite, cli_key, sizeof(cli_key), srv_key, sizeof(srv_key));

Line 652 of https://github.com/meetecho/janus-gatew … ter/dtls.c

SSL_export_keying_material(dtls->ssl, material, SRTP_MASTER_LENGTH*2, "EXTRACTOR-dtls_srtp", 19, NULL, 0, 0)

This is another source that describes the use of SSL_export_keying_material: http://stackoverflow.com/questions/2269 … decryption

Is something like this possible with WolfSSL? I don't see a similar function in the API. What would be involved in accomplishing this?

Thanks,
Carson

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: DTLS-SRTP with WolfSSL

Hi Carsonbaker,

Currently wolfSSL has not worked on SRTP solution but it is something we would love to discuss with you! Your project sounds interesting and we would love to hear more details, what are your end goals, what problem will SRTP w/ DTLS help you solve?


Warm Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2017-05-13
  • Posts: 3

Re: DTLS-SRTP with WolfSSL

Hi Kaleb,

I'm working on a WebRTC implementation and DTLS-SRTP appears to be the chosen method by which browsers are securing media streams.

Initially I tried DTLS via OpenSSL in my application, but I got confused with all the BIO streams and what-not and could never manage to get the thing working for some reason that I now forget. But I noticed WolfSSL had a much less complex integration and I was able to get DTLS working by following the example code provided.

This is the relevant RFC for building an SRTP profile in WolfSSL:
https://tools.ietf.org/rfc/rfc5764.txt

I'll go through it and see if it's within my capabilities to implement, although I suspect it's not.

As an aside, this is a PR that implements RFC5764 in mbedtls (not merged into master):
https://github.com/ARMmbed/mbedtls/pull/361/files

Only 500 lines of code -- that gives me some hope.

Thanks,
Carson

Share

  • trs
  • Member
  • Offline
  • Registered: 2018-05-17
  • Posts: 3

Re: DTLS-SRTP with WolfSSL

Did you find a solution for DTLS-SRTP keying, either with wolfSSL or mbed TLS?

Share

  • Registered: 2017-05-13
  • Posts: 3

Re: DTLS-SRTP with WolfSSL

No, sorry. In the end I used OpenSSL and borrowed code from <https://github.com/persmule/libdtlssrtp>.

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: DTLS-SRTP with WolfSSL

FYI: As a followup we did add DTLS SRTP support via https://github.com/wolfSSL/wolfssl/pull/4755 in wolfSSL v5.2.0 on Jan 20, 2022

Share