xref: /freebsd/crypto/openssl/ssl/d1_srtp.c (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim /*
2*b077aed3SPierre Pronchery  * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
31f13597dSJung-uk Kim  *
4*b077aed3SPierre Pronchery  * Licensed under the Apache License 2.0 (the "License").  You may not use
5e71b7053SJung-uk Kim  * this file except in compliance with the License.  You can obtain a copy
6e71b7053SJung-uk Kim  * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim  * https://www.openssl.org/source/license.html
81f13597dSJung-uk Kim  */
9e71b7053SJung-uk Kim 
101f13597dSJung-uk Kim /*
116f9291ceSJung-uk Kim  * DTLS code by Eric Rescorla <ekr@rtfm.com>
126f9291ceSJung-uk Kim  *
136f9291ceSJung-uk Kim  * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
141f13597dSJung-uk Kim  */
151f13597dSJung-uk Kim 
161f13597dSJung-uk Kim #include <stdio.h>
171f13597dSJung-uk Kim #include <openssl/objects.h>
1817f01e99SJung-uk Kim #include "ssl_local.h"
1909286989SJung-uk Kim 
2009286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP
2109286989SJung-uk Kim 
226f9291ceSJung-uk Kim static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
231f13597dSJung-uk Kim     {
241f13597dSJung-uk Kim      "SRTP_AES128_CM_SHA1_80",
251f13597dSJung-uk Kim      SRTP_AES128_CM_SHA1_80,
261f13597dSJung-uk Kim      },
271f13597dSJung-uk Kim     {
281f13597dSJung-uk Kim      "SRTP_AES128_CM_SHA1_32",
291f13597dSJung-uk Kim      SRTP_AES128_CM_SHA1_32,
301f13597dSJung-uk Kim      },
311f13597dSJung-uk Kim     {
32e71b7053SJung-uk Kim      "SRTP_AEAD_AES_128_GCM",
33e71b7053SJung-uk Kim      SRTP_AEAD_AES_128_GCM,
341f13597dSJung-uk Kim      },
351f13597dSJung-uk Kim     {
36e71b7053SJung-uk Kim      "SRTP_AEAD_AES_256_GCM",
37e71b7053SJung-uk Kim      SRTP_AEAD_AES_256_GCM,
381f13597dSJung-uk Kim      },
391f13597dSJung-uk Kim     {0}
401f13597dSJung-uk Kim };
411f13597dSJung-uk Kim 
find_profile_by_name(char * profile_name,SRTP_PROTECTION_PROFILE ** pptr,size_t len)421f13597dSJung-uk Kim static int find_profile_by_name(char *profile_name,
43e71b7053SJung-uk Kim                                 SRTP_PROTECTION_PROFILE **pptr, size_t len)
441f13597dSJung-uk Kim {
451f13597dSJung-uk Kim     SRTP_PROTECTION_PROFILE *p;
461f13597dSJung-uk Kim 
471f13597dSJung-uk Kim     p = srtp_known_profiles;
486f9291ceSJung-uk Kim     while (p->name) {
49e71b7053SJung-uk Kim         if ((len == strlen(p->name))
50e71b7053SJung-uk Kim             && strncmp(p->name, profile_name, len) == 0) {
511f13597dSJung-uk Kim             *pptr = p;
521f13597dSJung-uk Kim             return 0;
531f13597dSJung-uk Kim         }
541f13597dSJung-uk Kim 
551f13597dSJung-uk Kim         p++;
561f13597dSJung-uk Kim     }
571f13597dSJung-uk Kim 
581f13597dSJung-uk Kim     return 1;
591f13597dSJung-uk Kim }
601f13597dSJung-uk Kim 
ssl_ctx_make_profiles(const char * profiles_string,STACK_OF (SRTP_PROTECTION_PROFILE)** out)616f9291ceSJung-uk Kim static int ssl_ctx_make_profiles(const char *profiles_string,
626f9291ceSJung-uk Kim                                  STACK_OF(SRTP_PROTECTION_PROFILE) **out)
631f13597dSJung-uk Kim {
641f13597dSJung-uk Kim     STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
651f13597dSJung-uk Kim 
661f13597dSJung-uk Kim     char *col;
671f13597dSJung-uk Kim     char *ptr = (char *)profiles_string;
681f13597dSJung-uk Kim     SRTP_PROTECTION_PROFILE *p;
691f13597dSJung-uk Kim 
70e71b7053SJung-uk Kim     if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
71*b077aed3SPierre Pronchery         ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
721f13597dSJung-uk Kim         return 1;
731f13597dSJung-uk Kim     }
741f13597dSJung-uk Kim 
756f9291ceSJung-uk Kim     do {
761f13597dSJung-uk Kim         col = strchr(ptr, ':');
771f13597dSJung-uk Kim 
78e71b7053SJung-uk Kim         if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
79e71b7053SJung-uk Kim                                                : strlen(ptr))) {
806f9291ceSJung-uk Kim             if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
81*b077aed3SPierre Pronchery                 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
82e71b7053SJung-uk Kim                 goto err;
83fa5fddf1SJung-uk Kim             }
84fa5fddf1SJung-uk Kim 
85e71b7053SJung-uk Kim             if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
86*b077aed3SPierre Pronchery                 ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
87e71b7053SJung-uk Kim                 goto err;
88e71b7053SJung-uk Kim             }
896f9291ceSJung-uk Kim         } else {
90*b077aed3SPierre Pronchery             ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
91e71b7053SJung-uk Kim             goto err;
921f13597dSJung-uk Kim         }
931f13597dSJung-uk Kim 
946f9291ceSJung-uk Kim         if (col)
956f9291ceSJung-uk Kim             ptr = col + 1;
961f13597dSJung-uk Kim     } while (col);
971f13597dSJung-uk Kim 
98e71b7053SJung-uk Kim     sk_SRTP_PROTECTION_PROFILE_free(*out);
99e71b7053SJung-uk Kim 
1001f13597dSJung-uk Kim     *out = profiles;
1011f13597dSJung-uk Kim 
1021f13597dSJung-uk Kim     return 0;
103e71b7053SJung-uk Kim  err:
104e71b7053SJung-uk Kim     sk_SRTP_PROTECTION_PROFILE_free(profiles);
105e71b7053SJung-uk Kim     return 1;
1061f13597dSJung-uk Kim }
1071f13597dSJung-uk Kim 
SSL_CTX_set_tlsext_use_srtp(SSL_CTX * ctx,const char * profiles)1081f13597dSJung-uk Kim int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
1091f13597dSJung-uk Kim {
1101f13597dSJung-uk Kim     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
1111f13597dSJung-uk Kim }
1121f13597dSJung-uk Kim 
SSL_set_tlsext_use_srtp(SSL * s,const char * profiles)1131f13597dSJung-uk Kim int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
1141f13597dSJung-uk Kim {
1151f13597dSJung-uk Kim     return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
1161f13597dSJung-uk Kim }
1171f13597dSJung-uk Kim 
STACK_OF(SRTP_PROTECTION_PROFILE)1181f13597dSJung-uk Kim STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
1191f13597dSJung-uk Kim {
1206f9291ceSJung-uk Kim     if (s != NULL) {
1216f9291ceSJung-uk Kim         if (s->srtp_profiles != NULL) {
1221f13597dSJung-uk Kim             return s->srtp_profiles;
1236f9291ceSJung-uk Kim         } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
1241f13597dSJung-uk Kim             return s->ctx->srtp_profiles;
1251f13597dSJung-uk Kim         }
1261f13597dSJung-uk Kim     }
1271f13597dSJung-uk Kim 
1281f13597dSJung-uk Kim     return NULL;
1291f13597dSJung-uk Kim }
1301f13597dSJung-uk Kim 
SSL_get_selected_srtp_profile(SSL * s)1311f13597dSJung-uk Kim SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
1321f13597dSJung-uk Kim {
1331f13597dSJung-uk Kim     return s->srtp_profile;
1341f13597dSJung-uk Kim }
1351f13597dSJung-uk Kim #endif
136