d1_srtp.c 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. /*
  2. * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DTLS code by Eric Rescorla <ekr@rtfm.com>
  11. *
  12. * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
  13. */
  14. #include <stdio.h>
  15. #include <openssl/objects.h>
  16. #include "ssl_local.h"
  17. #include "quic/quic_local.h"
  18. #ifndef OPENSSL_NO_SRTP
  19. static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
  20. {
  21. "SRTP_AES128_CM_SHA1_80",
  22. SRTP_AES128_CM_SHA1_80,
  23. },
  24. {
  25. "SRTP_AES128_CM_SHA1_32",
  26. SRTP_AES128_CM_SHA1_32,
  27. },
  28. {
  29. "SRTP_AEAD_AES_128_GCM",
  30. SRTP_AEAD_AES_128_GCM,
  31. },
  32. {
  33. "SRTP_AEAD_AES_256_GCM",
  34. SRTP_AEAD_AES_256_GCM,
  35. },
  36. {
  37. "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
  38. SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
  39. },
  40. {
  41. "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
  42. SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
  43. },
  44. {
  45. "SRTP_ARIA_128_CTR_HMAC_SHA1_80",
  46. SRTP_ARIA_128_CTR_HMAC_SHA1_80,
  47. },
  48. {
  49. "SRTP_ARIA_128_CTR_HMAC_SHA1_32",
  50. SRTP_ARIA_128_CTR_HMAC_SHA1_32,
  51. },
  52. {
  53. "SRTP_ARIA_256_CTR_HMAC_SHA1_80",
  54. SRTP_ARIA_256_CTR_HMAC_SHA1_80,
  55. },
  56. {
  57. "SRTP_ARIA_256_CTR_HMAC_SHA1_32",
  58. SRTP_ARIA_256_CTR_HMAC_SHA1_32,
  59. },
  60. {
  61. "SRTP_AEAD_ARIA_128_GCM",
  62. SRTP_AEAD_ARIA_128_GCM,
  63. },
  64. {
  65. "SRTP_AEAD_ARIA_256_GCM",
  66. SRTP_AEAD_ARIA_256_GCM,
  67. },
  68. {0}
  69. };
  70. static int find_profile_by_name(char *profile_name,
  71. SRTP_PROTECTION_PROFILE **pptr, size_t len)
  72. {
  73. SRTP_PROTECTION_PROFILE *p;
  74. p = srtp_known_profiles;
  75. while (p->name) {
  76. if ((len == strlen(p->name))
  77. && strncmp(p->name, profile_name, len) == 0) {
  78. *pptr = p;
  79. return 0;
  80. }
  81. p++;
  82. }
  83. return 1;
  84. }
  85. static int ssl_ctx_make_profiles(const char *profiles_string,
  86. STACK_OF(SRTP_PROTECTION_PROFILE) **out)
  87. {
  88. STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
  89. char *col;
  90. char *ptr = (char *)profiles_string;
  91. SRTP_PROTECTION_PROFILE *p;
  92. if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
  93. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  94. return 1;
  95. }
  96. do {
  97. col = strchr(ptr, ':');
  98. if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
  99. : strlen(ptr))) {
  100. if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
  101. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
  102. goto err;
  103. }
  104. if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
  105. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  106. goto err;
  107. }
  108. } else {
  109. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
  110. goto err;
  111. }
  112. if (col)
  113. ptr = col + 1;
  114. } while (col);
  115. sk_SRTP_PROTECTION_PROFILE_free(*out);
  116. *out = profiles;
  117. return 0;
  118. err:
  119. sk_SRTP_PROTECTION_PROFILE_free(profiles);
  120. return 1;
  121. }
  122. int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
  123. {
  124. if (IS_QUIC_METHOD(ctx->method))
  125. return 1;
  126. return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
  127. }
  128. int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
  129. {
  130. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  131. if (sc == NULL)
  132. return 1;
  133. return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
  134. }
  135. STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
  136. {
  137. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  138. if (sc != NULL) {
  139. if (sc->srtp_profiles != NULL) {
  140. return sc->srtp_profiles;
  141. } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
  142. return s->ctx->srtp_profiles;
  143. }
  144. }
  145. return NULL;
  146. }
  147. SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
  148. {
  149. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  150. if (sc == NULL)
  151. return 0;
  152. return sc->srtp_profile;
  153. }
  154. #endif