xref: /freebsd/crypto/openssl/ssl/d1_srtp.c (revision 57718be8fa0bd5edc11ab9a72e68cc71982939a6)
1 /* ssl/t1_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /*
112   DTLS code by Eric Rescorla <ekr@rtfm.com>
113 
114   Copyright (C) 2006, Network Resonance, Inc.
115   Copyright (C) 2011, RTFM, Inc.
116 */
117 
118 #include <stdio.h>
119 #include <openssl/objects.h>
120 #include "ssl_locl.h"
121 
122 #ifndef OPENSSL_NO_SRTP
123 
124 #include "srtp.h"
125 
126 
127 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
128     {
129     {
130     "SRTP_AES128_CM_SHA1_80",
131     SRTP_AES128_CM_SHA1_80,
132     },
133     {
134     "SRTP_AES128_CM_SHA1_32",
135     SRTP_AES128_CM_SHA1_32,
136     },
137 #if 0
138     {
139     "SRTP_NULL_SHA1_80",
140     SRTP_NULL_SHA1_80,
141     },
142     {
143     "SRTP_NULL_SHA1_32",
144     SRTP_NULL_SHA1_32,
145     },
146 #endif
147     {0}
148     };
149 
150 static int find_profile_by_name(char *profile_name,
151 				SRTP_PROTECTION_PROFILE **pptr,unsigned len)
152 	{
153 	SRTP_PROTECTION_PROFILE *p;
154 
155 	p=srtp_known_profiles;
156 	while(p->name)
157 		{
158 		if((len == strlen(p->name)) && !strncmp(p->name,profile_name,
159 							len))
160 			{
161 			*pptr=p;
162 			return 0;
163 			}
164 
165 		p++;
166 		}
167 
168 	return 1;
169 	}
170 
171 static int find_profile_by_num(unsigned profile_num,
172 			       SRTP_PROTECTION_PROFILE **pptr)
173 	{
174 	SRTP_PROTECTION_PROFILE *p;
175 
176 	p=srtp_known_profiles;
177 	while(p->name)
178 		{
179 		if(p->id == profile_num)
180 			{
181 			*pptr=p;
182 			return 0;
183 			}
184 		p++;
185 		}
186 
187 	return 1;
188 	}
189 
190 static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
191 	{
192 	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
193 
194 	char *col;
195 	char *ptr=(char *)profiles_string;
196 
197 	SRTP_PROTECTION_PROFILE *p;
198 
199 	if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))
200 		{
201 		SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
202 		return 1;
203 		}
204 
205 	do
206 		{
207 		col=strchr(ptr,':');
208 
209 		if(!find_profile_by_name(ptr,&p,
210 					 col ? col-ptr : (int)strlen(ptr)))
211 			{
212 			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
213 			}
214 		else
215 			{
216 			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
217 			return 1;
218 			}
219 
220 		if(col) ptr=col+1;
221 		} while (col);
222 
223 	*out=profiles;
224 
225 	return 0;
226 	}
227 
228 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
229 	{
230 	return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
231 	}
232 
233 int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles)
234 	{
235 	return ssl_ctx_make_profiles(profiles,&s->srtp_profiles);
236 	}
237 
238 
239 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
240 	{
241 	if(s != NULL)
242 		{
243 		if(s->srtp_profiles != NULL)
244 			{
245 			return s->srtp_profiles;
246 			}
247 		else if((s->ctx != NULL) &&
248 			(s->ctx->srtp_profiles != NULL))
249 			{
250 			return s->ctx->srtp_profiles;
251 			}
252 		}
253 
254 	return NULL;
255 	}
256 
257 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
258 	{
259 	return s->srtp_profile;
260 	}
261 
262 /* Note: this function returns 0 length if there are no
263    profiles specified */
264 int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
265 	{
266 	int ct=0;
267 	int i;
268 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;
269 	SRTP_PROTECTION_PROFILE *prof;
270 
271 	clnt=SSL_get_srtp_profiles(s);
272 	ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
273 
274 	if(p)
275 		{
276 		if(ct==0)
277 			{
278 			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
279 			return 1;
280 			}
281 
282 		if((2 + ct*2 + 1) > maxlen)
283 			{
284 			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
285 			return 1;
286 			}
287 
288                 /* Add the length */
289                 s2n(ct * 2, p);
290 		for(i=0;i<ct;i++)
291 			{
292 			prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
293 			s2n(prof->id,p);
294 			}
295 
296                 /* Add an empty use_mki value */
297                 *p++ = 0;
298 		}
299 
300 	*len=2 + ct*2 + 1;
301 
302 	return 0;
303 	}
304 
305 
306 int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
307 	{
308 	SRTP_PROTECTION_PROFILE *cprof,*sprof;
309 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr;
310         int ct;
311         int mki_len;
312 	int i,j;
313 	int id;
314 	int ret;
315 
316          /* Length value + the MKI length */
317         if(len < 3)
318 		{
319 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
320 		*al=SSL_AD_DECODE_ERROR;
321 		return 1;
322                 }
323 
324         /* Pull off the length of the cipher suite list */
325         n2s(d, ct);
326         len -= 2;
327 
328         /* Check that it is even */
329 	if(ct%2)
330 		{
331 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
332 		*al=SSL_AD_DECODE_ERROR;
333 		return 1;
334 		}
335 
336         /* Check that lengths are consistent */
337 	if(len < (ct + 1))
338 		{
339 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
340 		*al=SSL_AD_DECODE_ERROR;
341 		return 1;
342 		}
343 
344 
345 	clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
346 
347 	while(ct)
348 		{
349 		n2s(d,id);
350 		ct-=2;
351                 len-=2;
352 
353 		if(!find_profile_by_num(id,&cprof))
354 			{
355 			sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof);
356 			}
357 		else
358 			{
359 			; /* Ignore */
360 			}
361 		}
362 
363         /* Now extract the MKI value as a sanity check, but discard it for now */
364         mki_len = *d;
365         d++; len--;
366 
367         if (mki_len != len)
368 		{
369 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
370 		*al=SSL_AD_DECODE_ERROR;
371 		return 1;
372 		}
373 
374 	srvr=SSL_get_srtp_profiles(s);
375 
376 	/* Pick our most preferred profile. If no profiles have been
377 	 configured then the outer loop doesn't run
378 	 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
379 	 and so we just return without doing anything */
380 	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)
381 		{
382 		sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);
383 
384 		for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)
385 			{
386 			cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);
387 
388 			if(cprof->id==sprof->id)
389 				{
390 				s->srtp_profile=sprof;
391 				*al=0;
392 				ret=0;
393 				goto done;
394 				}
395 			}
396 		}
397 
398 	ret=0;
399 
400 done:
401 	if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);
402 
403 	return ret;
404 	}
405 
406 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
407 	{
408 	if(p)
409 		{
410 		if(maxlen < 5)
411 			{
412 			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
413 			return 1;
414 			}
415 
416 		if(s->srtp_profile==0)
417 			{
418 			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
419 			return 1;
420 			}
421                 s2n(2, p);
422 		s2n(s->srtp_profile->id,p);
423                 *p++ = 0;
424 		}
425 	*len=5;
426 
427 	return 0;
428 	}
429 
430 
431 int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
432 	{
433 	unsigned id;
434 	int i;
435         int ct;
436 
437 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
438 	SRTP_PROTECTION_PROFILE *prof;
439 
440 	if(len!=5)
441 		{
442 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
443 		*al=SSL_AD_DECODE_ERROR;
444 		return 1;
445 		}
446 
447         n2s(d, ct);
448 	if(ct!=2)
449 		{
450 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
451 		*al=SSL_AD_DECODE_ERROR;
452 		return 1;
453 		}
454 
455 	n2s(d,id);
456         if (*d)  /* Must be no MKI, since we never offer one */
457 		{
458 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
459 		*al=SSL_AD_ILLEGAL_PARAMETER;
460 		return 1;
461 		}
462 
463 	clnt=SSL_get_srtp_profiles(s);
464 
465 	/* Throw an error if the server gave us an unsolicited extension */
466 	if (clnt == NULL)
467 		{
468 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES);
469 		*al=SSL_AD_DECODE_ERROR;
470 		return 1;
471 		}
472 
473 	/* Check to see if the server gave us something we support
474 	   (and presumably offered)
475 	*/
476 	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)
477 		{
478 		prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
479 
480 		if(prof->id == id)
481 			{
482 			s->srtp_profile=prof;
483 			*al=0;
484 			return 0;
485 			}
486 		}
487 
488 	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
489 	*al=SSL_AD_DECODE_ERROR;
490 	return 1;
491 	}
492 
493 
494 #endif
495