2 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DTLS code by Eric Rescorla <ekr@rtfm.com>
13 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
17 #include <openssl/objects.h>
20 #ifndef OPENSSL_NO_SRTP
22 static SRTP_PROTECTION_PROFILE srtp_known_profiles
[] = {
24 "SRTP_AES128_CM_SHA1_80",
25 SRTP_AES128_CM_SHA1_80
,
28 "SRTP_AES128_CM_SHA1_32",
29 SRTP_AES128_CM_SHA1_32
,
32 "SRTP_AEAD_AES_128_GCM",
33 SRTP_AEAD_AES_128_GCM
,
36 "SRTP_AEAD_AES_256_GCM",
37 SRTP_AEAD_AES_256_GCM
,
42 static int find_profile_by_name(char *profile_name
,
43 SRTP_PROTECTION_PROFILE
**pptr
, unsigned len
)
45 SRTP_PROTECTION_PROFILE
*p
;
47 p
= srtp_known_profiles
;
49 if ((len
== strlen(p
->name
))
50 && strncmp(p
->name
, profile_name
, len
) == 0) {
61 static int ssl_ctx_make_profiles(const char *profiles_string
,
62 STACK_OF(SRTP_PROTECTION_PROFILE
) **out
)
64 STACK_OF(SRTP_PROTECTION_PROFILE
) *profiles
;
67 char *ptr
= (char *)profiles_string
;
68 SRTP_PROTECTION_PROFILE
*p
;
70 if ((profiles
= sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL
) {
71 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES
,
72 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES
);
77 col
= strchr(ptr
, ':');
79 if (!find_profile_by_name(ptr
, &p
, col
? col
- ptr
: (int)strlen(ptr
))) {
80 if (sk_SRTP_PROTECTION_PROFILE_find(profiles
, p
) >= 0) {
81 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES
,
82 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
86 if (!sk_SRTP_PROTECTION_PROFILE_push(profiles
, p
)) {
87 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES
,
88 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES
);
92 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES
,
93 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE
);
101 sk_SRTP_PROTECTION_PROFILE_free(*out
);
107 sk_SRTP_PROTECTION_PROFILE_free(profiles
);
111 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX
*ctx
, const char *profiles
)
113 return ssl_ctx_make_profiles(profiles
, &ctx
->srtp_profiles
);
116 int SSL_set_tlsext_use_srtp(SSL
*s
, const char *profiles
)
118 return ssl_ctx_make_profiles(profiles
, &s
->srtp_profiles
);
121 STACK_OF(SRTP_PROTECTION_PROFILE
) *SSL_get_srtp_profiles(SSL
*s
)
124 if (s
->srtp_profiles
!= NULL
) {
125 return s
->srtp_profiles
;
126 } else if ((s
->ctx
!= NULL
) && (s
->ctx
->srtp_profiles
!= NULL
)) {
127 return s
->ctx
->srtp_profiles
;
134 SRTP_PROTECTION_PROFILE
*SSL_get_selected_srtp_profile(SSL
*s
)
136 return s
->srtp_profile
;
139 int ssl_parse_clienthello_use_srtp_ext(SSL
*s
, PACKET
*pkt
, int *al
)
141 SRTP_PROTECTION_PROFILE
*sprof
;
142 STACK_OF(SRTP_PROTECTION_PROFILE
) *srvr
;
143 unsigned int ct
, mki_len
, id
;
147 /* Pull off the length of the cipher suite list and check it is even */
148 if (!PACKET_get_net_2(pkt
, &ct
)
149 || (ct
& 1) != 0 || !PACKET_get_sub_packet(pkt
, &subpkt
, ct
)) {
150 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT
,
151 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
152 *al
= SSL_AD_DECODE_ERROR
;
156 srvr
= SSL_get_srtp_profiles(s
);
157 s
->srtp_profile
= NULL
;
158 /* Search all profiles for a match initially */
159 srtp_pref
= sk_SRTP_PROTECTION_PROFILE_num(srvr
);
161 while (PACKET_remaining(&subpkt
)) {
162 if (!PACKET_get_net_2(&subpkt
, &id
)) {
163 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT
,
164 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
165 *al
= SSL_AD_DECODE_ERROR
;
170 * Only look for match in profiles of higher preference than
172 * If no profiles have been have been configured then this
175 for (i
= 0; i
< srtp_pref
; i
++) {
176 sprof
= sk_SRTP_PROTECTION_PROFILE_value(srvr
, i
);
177 if (sprof
->id
== id
) {
178 s
->srtp_profile
= sprof
;
186 * Now extract the MKI value as a sanity check, but discard it for now
188 if (!PACKET_get_1(pkt
, &mki_len
)) {
189 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT
,
190 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
191 *al
= SSL_AD_DECODE_ERROR
;
195 if (!PACKET_forward(pkt
, mki_len
)
196 || PACKET_remaining(pkt
)) {
197 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT
,
198 SSL_R_BAD_SRTP_MKI_VALUE
);
199 *al
= SSL_AD_DECODE_ERROR
;
206 int ssl_parse_serverhello_use_srtp_ext(SSL
*s
, PACKET
*pkt
, int *al
)
208 unsigned int id
, ct
, mki
;
211 STACK_OF(SRTP_PROTECTION_PROFILE
) *clnt
;
212 SRTP_PROTECTION_PROFILE
*prof
;
214 if (!PACKET_get_net_2(pkt
, &ct
)
215 || ct
!= 2 || !PACKET_get_net_2(pkt
, &id
)
216 || !PACKET_get_1(pkt
, &mki
)
217 || PACKET_remaining(pkt
) != 0) {
218 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT
,
219 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
220 *al
= SSL_AD_DECODE_ERROR
;
225 /* Must be no MKI, since we never offer one */
226 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT
,
227 SSL_R_BAD_SRTP_MKI_VALUE
);
228 *al
= SSL_AD_ILLEGAL_PARAMETER
;
232 clnt
= SSL_get_srtp_profiles(s
);
234 /* Throw an error if the server gave us an unsolicited extension */
236 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT
,
237 SSL_R_NO_SRTP_PROFILES
);
238 *al
= SSL_AD_DECODE_ERROR
;
243 * Check to see if the server gave us something we support (and
244 * presumably offered)
246 for (i
= 0; i
< sk_SRTP_PROTECTION_PROFILE_num(clnt
); i
++) {
247 prof
= sk_SRTP_PROTECTION_PROFILE_value(clnt
, i
);
249 if (prof
->id
== id
) {
250 s
->srtp_profile
= prof
;
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT
,
257 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST
);
258 *al
= SSL_AD_DECODE_ERROR
;