2
0

d1_srtp.c 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. /*
  2. * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DTLS code by Eric Rescorla <ekr@rtfm.com>
  11. *
  12. * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
  13. */
  14. #include <stdio.h>
  15. #include <openssl/objects.h>
  16. #include "ssl_local.h"
  17. #include "quic/quic_local.h"
  18. #ifndef OPENSSL_NO_SRTP
  19. static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
  20. {
  21. "SRTP_AES128_CM_SHA1_80",
  22. SRTP_AES128_CM_SHA1_80,
  23. },
  24. {
  25. "SRTP_AES128_CM_SHA1_32",
  26. SRTP_AES128_CM_SHA1_32,
  27. },
  28. {
  29. "SRTP_AEAD_AES_128_GCM",
  30. SRTP_AEAD_AES_128_GCM,
  31. },
  32. {
  33. "SRTP_AEAD_AES_256_GCM",
  34. SRTP_AEAD_AES_256_GCM,
  35. },
  36. {
  37. "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
  38. SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
  39. },
  40. {
  41. "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
  42. SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
  43. },
  44. {
  45. "SRTP_ARIA_128_CTR_HMAC_SHA1_80",
  46. SRTP_ARIA_128_CTR_HMAC_SHA1_80,
  47. },
  48. {
  49. "SRTP_ARIA_128_CTR_HMAC_SHA1_32",
  50. SRTP_ARIA_128_CTR_HMAC_SHA1_32,
  51. },
  52. {
  53. "SRTP_ARIA_256_CTR_HMAC_SHA1_80",
  54. SRTP_ARIA_256_CTR_HMAC_SHA1_80,
  55. },
  56. {
  57. "SRTP_ARIA_256_CTR_HMAC_SHA1_32",
  58. SRTP_ARIA_256_CTR_HMAC_SHA1_32,
  59. },
  60. {
  61. "SRTP_AEAD_ARIA_128_GCM",
  62. SRTP_AEAD_ARIA_128_GCM,
  63. },
  64. {
  65. "SRTP_AEAD_ARIA_256_GCM",
  66. SRTP_AEAD_ARIA_256_GCM,
  67. },
  68. {0}
  69. };
  70. static int find_profile_by_name(char *profile_name,
  71. const SRTP_PROTECTION_PROFILE **pptr, size_t len)
  72. {
  73. const SRTP_PROTECTION_PROFILE *p;
  74. p = srtp_known_profiles;
  75. while (p->name) {
  76. if ((len == strlen(p->name))
  77. && strncmp(p->name, profile_name, len) == 0) {
  78. *pptr = p;
  79. return 0;
  80. }
  81. p++;
  82. }
  83. return 1;
  84. }
  85. static int ssl_ctx_make_profiles(const char *profiles_string,
  86. STACK_OF(SRTP_PROTECTION_PROFILE) **out)
  87. {
  88. STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
  89. char *col;
  90. char *ptr = (char *)profiles_string;
  91. const SRTP_PROTECTION_PROFILE *p;
  92. if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
  93. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  94. return 1;
  95. }
  96. do {
  97. col = strchr(ptr, ':');
  98. if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
  99. : strlen(ptr))) {
  100. if (sk_SRTP_PROTECTION_PROFILE_find(profiles,
  101. (SRTP_PROTECTION_PROFILE *)p) >= 0) {
  102. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
  103. goto err;
  104. }
  105. if (!sk_SRTP_PROTECTION_PROFILE_push(profiles,
  106. (SRTP_PROTECTION_PROFILE *)p)) {
  107. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
  108. goto err;
  109. }
  110. } else {
  111. ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
  112. goto err;
  113. }
  114. if (col)
  115. ptr = col + 1;
  116. } while (col);
  117. sk_SRTP_PROTECTION_PROFILE_free(*out);
  118. *out = profiles;
  119. return 0;
  120. err:
  121. sk_SRTP_PROTECTION_PROFILE_free(profiles);
  122. return 1;
  123. }
  124. int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
  125. {
  126. if (IS_QUIC_METHOD(ctx->method))
  127. return 1;
  128. return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
  129. }
  130. int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
  131. {
  132. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  133. if (sc == NULL)
  134. return 1;
  135. return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
  136. }
  137. STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
  138. {
  139. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  140. if (sc != NULL) {
  141. if (sc->srtp_profiles != NULL) {
  142. return sc->srtp_profiles;
  143. } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
  144. return s->ctx->srtp_profiles;
  145. }
  146. }
  147. return NULL;
  148. }
  149. SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
  150. {
  151. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  152. if (sc == NULL)
  153. return 0;
  154. return sc->srtp_profile;
  155. }
  156. #endif