1*e71b7053SJung-uk Kim /* 2*e71b7053SJung-uk Kim * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. 31f13597dSJung-uk Kim * 4*e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5*e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6*e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7*e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 81f13597dSJung-uk Kim */ 9*e71b7053SJung-uk Kim 101f13597dSJung-uk Kim /* 116f9291ceSJung-uk Kim * DTLS code by Eric Rescorla <ekr@rtfm.com> 126f9291ceSJung-uk Kim * 136f9291ceSJung-uk Kim * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. 141f13597dSJung-uk Kim */ 151f13597dSJung-uk Kim 161f13597dSJung-uk Kim #include <stdio.h> 171f13597dSJung-uk Kim #include <openssl/objects.h> 181f13597dSJung-uk Kim #include "ssl_locl.h" 1909286989SJung-uk Kim 2009286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 2109286989SJung-uk Kim 226f9291ceSJung-uk Kim static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { 231f13597dSJung-uk Kim { 241f13597dSJung-uk Kim "SRTP_AES128_CM_SHA1_80", 251f13597dSJung-uk Kim SRTP_AES128_CM_SHA1_80, 261f13597dSJung-uk Kim }, 271f13597dSJung-uk Kim { 281f13597dSJung-uk Kim "SRTP_AES128_CM_SHA1_32", 291f13597dSJung-uk Kim SRTP_AES128_CM_SHA1_32, 301f13597dSJung-uk Kim }, 311f13597dSJung-uk Kim { 32*e71b7053SJung-uk Kim "SRTP_AEAD_AES_128_GCM", 33*e71b7053SJung-uk Kim SRTP_AEAD_AES_128_GCM, 341f13597dSJung-uk Kim }, 351f13597dSJung-uk Kim { 36*e71b7053SJung-uk Kim "SRTP_AEAD_AES_256_GCM", 37*e71b7053SJung-uk Kim SRTP_AEAD_AES_256_GCM, 381f13597dSJung-uk Kim }, 391f13597dSJung-uk Kim {0} 401f13597dSJung-uk Kim }; 411f13597dSJung-uk Kim 421f13597dSJung-uk Kim static int find_profile_by_name(char *profile_name, 43*e71b7053SJung-uk Kim SRTP_PROTECTION_PROFILE **pptr, size_t len) 441f13597dSJung-uk Kim { 451f13597dSJung-uk Kim SRTP_PROTECTION_PROFILE *p; 461f13597dSJung-uk Kim 471f13597dSJung-uk Kim p = srtp_known_profiles; 486f9291ceSJung-uk Kim while (p->name) { 49*e71b7053SJung-uk Kim if ((len == strlen(p->name)) 50*e71b7053SJung-uk Kim && strncmp(p->name, profile_name, len) == 0) { 511f13597dSJung-uk Kim *pptr = p; 521f13597dSJung-uk Kim return 0; 531f13597dSJung-uk Kim } 541f13597dSJung-uk Kim 551f13597dSJung-uk Kim p++; 561f13597dSJung-uk Kim } 571f13597dSJung-uk Kim 581f13597dSJung-uk Kim return 1; 591f13597dSJung-uk Kim } 601f13597dSJung-uk Kim 616f9291ceSJung-uk Kim static int ssl_ctx_make_profiles(const char *profiles_string, 626f9291ceSJung-uk Kim STACK_OF(SRTP_PROTECTION_PROFILE) **out) 631f13597dSJung-uk Kim { 641f13597dSJung-uk Kim STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 651f13597dSJung-uk Kim 661f13597dSJung-uk Kim char *col; 671f13597dSJung-uk Kim char *ptr = (char *)profiles_string; 681f13597dSJung-uk Kim SRTP_PROTECTION_PROFILE *p; 691f13597dSJung-uk Kim 70*e71b7053SJung-uk Kim if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { 716f9291ceSJung-uk Kim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 726f9291ceSJung-uk Kim SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 731f13597dSJung-uk Kim return 1; 741f13597dSJung-uk Kim } 751f13597dSJung-uk Kim 766f9291ceSJung-uk Kim do { 771f13597dSJung-uk Kim col = strchr(ptr, ':'); 781f13597dSJung-uk Kim 79*e71b7053SJung-uk Kim if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) 80*e71b7053SJung-uk Kim : strlen(ptr))) { 816f9291ceSJung-uk Kim if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { 826f9291ceSJung-uk Kim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 836f9291ceSJung-uk Kim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 84*e71b7053SJung-uk Kim goto err; 85fa5fddf1SJung-uk Kim } 86fa5fddf1SJung-uk Kim 87*e71b7053SJung-uk Kim if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { 88*e71b7053SJung-uk Kim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 89*e71b7053SJung-uk Kim SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 90*e71b7053SJung-uk Kim goto err; 91*e71b7053SJung-uk Kim } 926f9291ceSJung-uk Kim } else { 936f9291ceSJung-uk Kim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 946f9291ceSJung-uk Kim SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 95*e71b7053SJung-uk Kim goto err; 961f13597dSJung-uk Kim } 971f13597dSJung-uk Kim 986f9291ceSJung-uk Kim if (col) 996f9291ceSJung-uk Kim ptr = col + 1; 1001f13597dSJung-uk Kim } while (col); 1011f13597dSJung-uk Kim 102*e71b7053SJung-uk Kim sk_SRTP_PROTECTION_PROFILE_free(*out); 103*e71b7053SJung-uk Kim 1041f13597dSJung-uk Kim *out = profiles; 1051f13597dSJung-uk Kim 1061f13597dSJung-uk Kim return 0; 107*e71b7053SJung-uk Kim err: 108*e71b7053SJung-uk Kim sk_SRTP_PROTECTION_PROFILE_free(profiles); 109*e71b7053SJung-uk Kim return 1; 1101f13597dSJung-uk Kim } 1111f13597dSJung-uk Kim 1121f13597dSJung-uk Kim int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) 1131f13597dSJung-uk Kim { 1141f13597dSJung-uk Kim return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); 1151f13597dSJung-uk Kim } 1161f13597dSJung-uk Kim 1171f13597dSJung-uk Kim int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) 1181f13597dSJung-uk Kim { 1191f13597dSJung-uk Kim return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); 1201f13597dSJung-uk Kim } 1211f13597dSJung-uk Kim 1221f13597dSJung-uk Kim STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 1231f13597dSJung-uk Kim { 1246f9291ceSJung-uk Kim if (s != NULL) { 1256f9291ceSJung-uk Kim if (s->srtp_profiles != NULL) { 1261f13597dSJung-uk Kim return s->srtp_profiles; 1276f9291ceSJung-uk Kim } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { 1281f13597dSJung-uk Kim return s->ctx->srtp_profiles; 1291f13597dSJung-uk Kim } 1301f13597dSJung-uk Kim } 1311f13597dSJung-uk Kim 1321f13597dSJung-uk Kim return NULL; 1331f13597dSJung-uk Kim } 1341f13597dSJung-uk Kim 1351f13597dSJung-uk Kim SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 1361f13597dSJung-uk Kim { 1371f13597dSJung-uk Kim return s->srtp_profile; 1381f13597dSJung-uk Kim } 1391f13597dSJung-uk Kim #endif 140