1/*
2 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * DTLS code by Eric Rescorla <ekr@rtfm.com>
12 *
13 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
14 */
15
16#include <stdio.h>
17#include <openssl/objects.h>
18#include "ssl_local.h"
19
20#ifndef OPENSSL_NO_SRTP
21
22static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
23 {
24 "SRTP_AES128_CM_SHA1_80",
25 SRTP_AES128_CM_SHA1_80,
26 },
27 {
28 "SRTP_AES128_CM_SHA1_32",
29 SRTP_AES128_CM_SHA1_32,
30 },
31 {
32 "SRTP_AEAD_AES_128_GCM",
33 SRTP_AEAD_AES_128_GCM,
34 },
35 {
36 "SRTP_AEAD_AES_256_GCM",
37 SRTP_AEAD_AES_256_GCM,
38 },
39 {0}
40};
41
42static int find_profile_by_name(char *profile_name,
43 SRTP_PROTECTION_PROFILE **pptr, size_t len)
44{
45 SRTP_PROTECTION_PROFILE *p;
46
47 p = srtp_known_profiles;
48 while (p->name) {
49 if ((len == strlen(p->name))
50 && strncmp(p->name, profile_name, len) == 0) {
51 *pptr = p;
52 return 0;
53 }
54
55 p++;
56 }
57
58 return 1;
59}
60
61static int ssl_ctx_make_profiles(const char *profiles_string,
62 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
63{
64 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
65
66 char *col;
67 char *ptr = (char *)profiles_string;
68 SRTP_PROTECTION_PROFILE *p;
69
70 if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
71 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
72 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
73 return 1;
74 }
75
76 do {
77 col = strchr(ptr, ':');
78
79 if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
80 : strlen(ptr))) {
81 if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
82 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
83 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
84 goto err;
85 }
86
87 if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
88 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
89 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
90 goto err;
91 }
92 } else {
93 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
94 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
95 goto err;
96 }
97
98 if (col)
99 ptr = col + 1;
100 } while (col);
101
102 sk_SRTP_PROTECTION_PROFILE_free(*out);
103
104 *out = profiles;
105
106 return 0;
107 err:
108 sk_SRTP_PROTECTION_PROFILE_free(profiles);
109 return 1;
110}
111
112int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
113{
114 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
115}
116
117int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
118{
119 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
120}
121
122STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
123{
124 if (s != NULL) {
125 if (s->srtp_profiles != NULL) {
126 return s->srtp_profiles;
127 } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
128 return s->ctx->srtp_profiles;
129 }
130 }
131
132 return NULL;
133}
134
135SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
136{
137 return s->srtp_profile;
138}
139#endif
140