1/*
2 * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * DTLS code by Eric Rescorla <ekr@rtfm.com>
12 *
13 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
14 */
15
16#include <stdio.h>
17#include <openssl/objects.h>
18#include "ssl_local.h"
19
20#ifndef OPENSSL_NO_SRTP
21
22static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
23    {
24     "SRTP_AES128_CM_SHA1_80",
25     SRTP_AES128_CM_SHA1_80,
26     },
27    {
28     "SRTP_AES128_CM_SHA1_32",
29     SRTP_AES128_CM_SHA1_32,
30     },
31    {
32     "SRTP_AEAD_AES_128_GCM",
33     SRTP_AEAD_AES_128_GCM,
34     },
35    {
36     "SRTP_AEAD_AES_256_GCM",
37     SRTP_AEAD_AES_256_GCM,
38     },
39    {0}
40};
41
42static int find_profile_by_name(char *profile_name,
43                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
44{
45    SRTP_PROTECTION_PROFILE *p;
46
47    p = srtp_known_profiles;
48    while (p->name) {
49        if ((len == strlen(p->name))
50            && strncmp(p->name, profile_name, len) == 0) {
51            *pptr = p;
52            return 0;
53        }
54
55        p++;
56    }
57
58    return 1;
59}
60
61static int ssl_ctx_make_profiles(const char *profiles_string,
62                                 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
63{
64    STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
65
66    char *col;
67    char *ptr = (char *)profiles_string;
68    SRTP_PROTECTION_PROFILE *p;
69
70    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
71        ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
72        return 1;
73    }
74
75    do {
76        col = strchr(ptr, ':');
77
78        if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
79                                               : strlen(ptr))) {
80            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
81                ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
82                goto err;
83            }
84
85            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
86                ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
87                goto err;
88            }
89        } else {
90            ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
91            goto err;
92        }
93
94        if (col)
95            ptr = col + 1;
96    } while (col);
97
98    sk_SRTP_PROTECTION_PROFILE_free(*out);
99
100    *out = profiles;
101
102    return 0;
103 err:
104    sk_SRTP_PROTECTION_PROFILE_free(profiles);
105    return 1;
106}
107
108int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
109{
110    return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
111}
112
113int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
114{
115    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
116}
117
118STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
119{
120    if (s != NULL) {
121        if (s->srtp_profiles != NULL) {
122            return s->srtp_profiles;
123        } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
124            return s->ctx->srtp_profiles;
125        }
126    }
127
128    return NULL;
129}
130
131SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
132{
133    return s->srtp_profile;
134}
135#endif
136