]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
da1c088f | 2 | * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. |
333f926d | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
333f926d | 8 | */ |
846e33c7 | 9 | |
333f926d | 10 | /* |
0f113f3e MC |
11 | * DTLS code by Eric Rescorla <ekr@rtfm.com> |
12 | * | |
13 | * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. | |
14 | */ | |
333f926d BL |
15 | |
16 | #include <stdio.h> | |
17 | #include <openssl/objects.h> | |
706457b7 | 18 | #include "ssl_local.h" |
d6e7ebba | 19 | #include "quic/quic_local.h" |
333f926d | 20 | |
32b07f5a | 21 | #ifndef OPENSSL_NO_SRTP |
333f926d | 22 | |
89dd87e1 | 23 | static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { |
333f926d | 24 | { |
0f113f3e MC |
25 | "SRTP_AES128_CM_SHA1_80", |
26 | SRTP_AES128_CM_SHA1_80, | |
27 | }, | |
333f926d | 28 | { |
0f113f3e MC |
29 | "SRTP_AES128_CM_SHA1_32", |
30 | SRTP_AES128_CM_SHA1_32, | |
31 | }, | |
43e5faa2 DS |
32 | { |
33 | "SRTP_AEAD_AES_128_GCM", | |
a230b26e | 34 | SRTP_AEAD_AES_128_GCM, |
43e5faa2 DS |
35 | }, |
36 | { | |
37 | "SRTP_AEAD_AES_256_GCM", | |
a230b26e | 38 | SRTP_AEAD_AES_256_GCM, |
43e5faa2 | 39 | }, |
a425c0fe KK |
40 | { |
41 | "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM", | |
42 | SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM, | |
43 | }, | |
44 | { | |
45 | "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM", | |
46 | SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM, | |
47 | }, | |
48 | { | |
49 | "SRTP_ARIA_128_CTR_HMAC_SHA1_80", | |
50 | SRTP_ARIA_128_CTR_HMAC_SHA1_80, | |
51 | }, | |
52 | { | |
53 | "SRTP_ARIA_128_CTR_HMAC_SHA1_32", | |
54 | SRTP_ARIA_128_CTR_HMAC_SHA1_32, | |
55 | }, | |
56 | { | |
57 | "SRTP_ARIA_256_CTR_HMAC_SHA1_80", | |
58 | SRTP_ARIA_256_CTR_HMAC_SHA1_80, | |
59 | }, | |
60 | { | |
61 | "SRTP_ARIA_256_CTR_HMAC_SHA1_32", | |
62 | SRTP_ARIA_256_CTR_HMAC_SHA1_32, | |
63 | }, | |
64 | { | |
65 | "SRTP_AEAD_ARIA_128_GCM", | |
66 | SRTP_AEAD_ARIA_128_GCM, | |
67 | }, | |
68 | { | |
69 | "SRTP_AEAD_ARIA_256_GCM", | |
70 | SRTP_AEAD_ARIA_256_GCM, | |
71 | }, | |
333f926d | 72 | {0} |
0f113f3e | 73 | }; |
333f926d BL |
74 | |
75 | static int find_profile_by_name(char *profile_name, | |
89dd87e1 | 76 | const SRTP_PROTECTION_PROFILE **pptr, size_t len) |
0f113f3e | 77 | { |
89dd87e1 | 78 | const SRTP_PROTECTION_PROFILE *p; |
0f113f3e MC |
79 | |
80 | p = srtp_known_profiles; | |
81 | while (p->name) { | |
86885c28 RS |
82 | if ((len == strlen(p->name)) |
83 | && strncmp(p->name, profile_name, len) == 0) { | |
0f113f3e MC |
84 | *pptr = p; |
85 | return 0; | |
86 | } | |
87 | ||
88 | p++; | |
89 | } | |
90 | ||
91 | return 1; | |
92 | } | |
93 | ||
94 | static int ssl_ctx_make_profiles(const char *profiles_string, | |
95 | STACK_OF(SRTP_PROTECTION_PROFILE) **out) | |
96 | { | |
97 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | |
98 | ||
99 | char *col; | |
100 | char *ptr = (char *)profiles_string; | |
89dd87e1 | 101 | const SRTP_PROTECTION_PROFILE *p; |
0f113f3e | 102 | |
75ebbd9a | 103 | if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { |
6849b73c | 104 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
0f113f3e MC |
105 | return 1; |
106 | } | |
107 | ||
108 | do { | |
109 | col = strchr(ptr, ':'); | |
110 | ||
8b0e934a MC |
111 | if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) |
112 | : strlen(ptr))) { | |
89dd87e1 HL |
113 | if (sk_SRTP_PROTECTION_PROFILE_find(profiles, |
114 | (SRTP_PROTECTION_PROFILE *)p) >= 0) { | |
6849b73c | 115 | ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
3c82e437 | 116 | goto err; |
0f113f3e MC |
117 | } |
118 | ||
89dd87e1 HL |
119 | if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, |
120 | (SRTP_PROTECTION_PROFILE *)p)) { | |
6849b73c | 121 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
3c82e437 F |
122 | goto err; |
123 | } | |
0f113f3e | 124 | } else { |
6849b73c | 125 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); |
3c82e437 | 126 | goto err; |
0f113f3e MC |
127 | } |
128 | ||
129 | if (col) | |
130 | ptr = col + 1; | |
131 | } while (col); | |
132 | ||
fbdf0299 MC |
133 | sk_SRTP_PROTECTION_PROFILE_free(*out); |
134 | ||
0f113f3e MC |
135 | *out = profiles; |
136 | ||
137 | return 0; | |
a230b26e | 138 | err: |
3c82e437 F |
139 | sk_SRTP_PROTECTION_PROFILE_free(profiles); |
140 | return 1; | |
0f113f3e MC |
141 | } |
142 | ||
143 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) | |
144 | { | |
f082205b HL |
145 | if (IS_QUIC_METHOD(ctx->method)) |
146 | return 1; | |
147 | ||
0f113f3e MC |
148 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); |
149 | } | |
150 | ||
151 | int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) | |
152 | { | |
38b051a1 TM |
153 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
154 | ||
155 | if (sc == NULL) | |
f082205b | 156 | return 1; |
38b051a1 TM |
157 | |
158 | return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles); | |
0f113f3e | 159 | } |
333f926d BL |
160 | |
161 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) | |
0f113f3e | 162 | { |
38b051a1 TM |
163 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
164 | ||
165 | if (sc != NULL) { | |
166 | if (sc->srtp_profiles != NULL) { | |
167 | return sc->srtp_profiles; | |
0f113f3e MC |
168 | } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { |
169 | return s->ctx->srtp_profiles; | |
170 | } | |
171 | } | |
172 | ||
173 | return NULL; | |
174 | } | |
333f926d BL |
175 | |
176 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) | |
0f113f3e | 177 | { |
38b051a1 TM |
178 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
179 | ||
180 | if (sc == NULL) | |
181 | return 0; | |
182 | ||
183 | return sc->srtp_profile; | |
0f113f3e | 184 | } |
333f926d | 185 | #endif |