From: Kijin Kim Date: Mon, 4 Apr 2022 06:31:04 +0000 (+0900) Subject: Add more SRTP protection profiles X-Git-Tag: openssl-3.2.0-alpha1~2629 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a425c0fec6eb74c942ca5bca8e27ff0c9f126d48;p=thirdparty%2Fopenssl.git Add more SRTP protection profiles Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18030) --- diff --git a/CHANGES.md b/CHANGES.md index 4f256e65a6d..d8c20dba0aa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,10 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] + * Add more SRTP protection profiles from RFC8723 and RFC8269. + + *Kijin Kim* + * Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload. *Daiki Ueno, John Baldwin and Dmitry Podgorny* diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod index e91f32b7f8e..046cdb8afee 100644 --- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod +++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod @@ -56,6 +56,38 @@ This corresponds to the profile of the same name defined in RFC7714. This corresponds to the profile of the same name defined in RFC7714. +=item SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM + +This corresponds to the profile of the same name defined in RFC8723. + +=item SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM + +This corresponds to the profile of the same name defined in RFC8723. + +=item SRTP_ARIA_128_CTR_HMAC_SHA1_80 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_128_CTR_HMAC_SHA1_32 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_256_CTR_HMAC_SHA1_80 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_256_CTR_HMAC_SHA1_32 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_AEAD_ARIA_128_GCM + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_AEAD_ARIA_256_GCM + +This corresponds to the profile of the same name defined in RFC8269. + =back Supplying an unrecognised protection profile name will result in an error. diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h index d64606e5d9c..2c2c334443c 100644 --- a/include/openssl/srtp.h +++ b/include/openssl/srtp.h @@ -28,16 +28,28 @@ extern "C" { #endif -# define SRTP_AES128_CM_SHA1_80 0x0001 -# define SRTP_AES128_CM_SHA1_32 0x0002 -# define SRTP_AES128_F8_SHA1_80 0x0003 -# define SRTP_AES128_F8_SHA1_32 0x0004 -# define SRTP_NULL_SHA1_80 0x0005 -# define SRTP_NULL_SHA1_32 0x0006 +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 /* AEAD SRTP protection profiles from RFC 7714 */ -# define SRTP_AEAD_AES_128_GCM 0x0007 -# define SRTP_AEAD_AES_256_GCM 0x0008 +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */ +# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009 +# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A + +/* ARIA SRTP protection profiles from RFC 8269 */ +# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B +# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C +# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D +# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E +# define SRTP_AEAD_ARIA_128_GCM 0x000F +# define SRTP_AEAD_ARIA_256_GCM 0x0010 # ifndef OPENSSL_NO_SRTP diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 23007533826..1fd5947986a 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -36,6 +36,38 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM, }, + { + "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM", + SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM, + }, + { + "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM", + SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_80", + SRTP_ARIA_128_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_32", + SRTP_ARIA_128_CTR_HMAC_SHA1_32, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_80", + SRTP_ARIA_256_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_32", + SRTP_ARIA_256_CTR_HMAC_SHA1_32, + }, + { + "SRTP_AEAD_ARIA_128_GCM", + SRTP_AEAD_ARIA_128_GCM, + }, + { + "SRTP_AEAD_ARIA_256_GCM", + SRTP_AEAD_ARIA_256_GCM, + }, {0} };