From a425c0fec6eb74c942ca5bca8e27ff0c9f126d48 Mon Sep 17 00:00:00 2001
From: Kijin Kim <msrndsy@gmail.com>
Date: Mon, 4 Apr 2022 15:31:04 +0900
Subject: [PATCH] Add more SRTP protection profiles

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18030)
---
 CHANGES.md                               |  4 +++
 doc/man3/SSL_CTX_set_tlsext_use_srtp.pod | 32 ++++++++++++++++++++++++
 include/openssl/srtp.h                   | 28 +++++++++++++++------
 ssl/d1_srtp.c                            | 32 ++++++++++++++++++++++++
 4 files changed, 88 insertions(+), 8 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 4f256e65a6d..d8c20dba0aa 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,10 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * Add more SRTP protection profiles from RFC8723 and RFC8269.
+
+   *Kijin Kim*
+
  * Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload.
 
    *Daiki Ueno, John Baldwin and Dmitry Podgorny*
diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
index e91f32b7f8e..046cdb8afee 100644
--- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
@@ -56,6 +56,38 @@ This corresponds to the profile of the same name defined in RFC7714.
 
 This corresponds to the profile of the same name defined in RFC7714.
 
+=item SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM
+
+This corresponds to the profile of the same name defined in RFC8723.
+
+=item SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM
+
+This corresponds to the profile of the same name defined in RFC8723.
+
+=item SRTP_ARIA_128_CTR_HMAC_SHA1_80
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_128_CTR_HMAC_SHA1_32
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_256_CTR_HMAC_SHA1_80
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_256_CTR_HMAC_SHA1_32
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_AEAD_ARIA_128_GCM
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_AEAD_ARIA_256_GCM
+
+This corresponds to the profile of the same name defined in RFC8269.
+
 =back
 
 Supplying an unrecognised protection profile name will result in an error.
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
index d64606e5d9c..2c2c334443c 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 23007533826..1fd5947986a 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -36,6 +36,38 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      "SRTP_AEAD_AES_256_GCM",
      SRTP_AEAD_AES_256_GCM,
      },
+    {
+     "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
+     SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
+     SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_ARIA_128_GCM",
+     SRTP_AEAD_ARIA_128_GCM,
+     },
+    {
+     "SRTP_AEAD_ARIA_256_GCM",
+     SRTP_AEAD_ARIA_256_GCM,
+     },
     {0}
 };
 
-- 
2.47.2