ssl/d1_srtp.c

   1 /*
   2  * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11  * DTLS code by Eric Rescorla <ekr@rtfm.com>
  12  *
  13  * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
  14  */
  15
  16 #include <stdio.h>
  17 #include <openssl/objects.h>
  18 #include "ssl_local.h"
  19
  20 #ifndef OPENSSL_NO_SRTP
  21
  22 DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
  23
  24 static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
  25     {
  26      "SRTP_AES128_CM_SHA1_80",
  27      SRTP_AES128_CM_SHA1_80,
  28      },
  29     {
  30      "SRTP_AES128_CM_SHA1_32",
  31      SRTP_AES128_CM_SHA1_32,
  32      },
  33     {
  34      "SRTP_AEAD_AES_128_GCM",
  35      SRTP_AEAD_AES_128_GCM,
  36      },
  37     {
  38      "SRTP_AEAD_AES_256_GCM",
  39      SRTP_AEAD_AES_256_GCM,
  40      },
  41     {0}
  42 };
  43
  44 static int find_profile_by_name(char *profile_name,
  45                                 SRTP_PROTECTION_PROFILE **pptr, size_t len)
  46 {
  47     SRTP_PROTECTION_PROFILE *p;
  48
  49     p = srtp_known_profiles;
  50     while (p->name) {
  51         if ((len == strlen(p->name))
  52             && strncmp(p->name, profile_name, len) == 0) {
  53             *pptr = p;
  54             return 0;
  55         }
  56
  57         p++;
  58     }
  59
  60     return 1;
  61 }
  62
  63 static int ssl_ctx_make_profiles(const char *profiles_string,
  64                                  STACK_OF(SRTP_PROTECTION_PROFILE) **out)
  65 {
  66     STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
  67
  68     char *col;
  69     char *ptr = (char *)profiles_string;
  70     SRTP_PROTECTION_PROFILE *p;
  71
  72     if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
  73         SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
  74                SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  75         return 1;
  76     }
  77
  78     do {
  79         col = strchr(ptr, ':');
  80
  81         if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
  82                                                : strlen(ptr))) {
  83             if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
  84                 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
  85                        SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
  86                 goto err;
  87             }
  88
  89             if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
  90                 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
  91                        SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  92                 goto err;
  93             }
  94         } else {
  95             SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
  96                    SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
  97             goto err;
  98         }
  99
 100         if (col)
 101             ptr = col + 1;
 102     } while (col);
 103
 104     sk_SRTP_PROTECTION_PROFILE_free(*out);
 105
 106     *out = profiles;
 107
 108     return 0;
 109  err:
 110     sk_SRTP_PROTECTION_PROFILE_free(profiles);
 111     return 1;
 112 }
 113
 114 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 115 {
 116     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 117 }
 118
 119 int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
 120 {
 121     return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
 122 }
 123
 124 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
 125 {
 126     if (s != NULL) {
 127         if (s->srtp_profiles != NULL) {
 128             return s->srtp_profiles;
 129         } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
 130             return s->ctx->srtp_profiles;
 131         }
 132     }
 133
 134     return NULL;
 135 }
 136
 137 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
 138 {
 139     return s->srtp_profile;
 140 }
 141 #endif