[331] | 1 | /*
|
---|
| 2 | * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | /*
|
---|
| 11 | * DTLS code by Eric Rescorla <ekr@rtfm.com>
|
---|
| 12 | *
|
---|
| 13 | * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
|
---|
| 14 | */
|
---|
| 15 |
|
---|
| 16 | #include <stdio.h>
|
---|
| 17 | #include <openssl/objects.h>
|
---|
| 18 | #include "ssl_locl.h"
|
---|
| 19 |
|
---|
| 20 | #ifndef OPENSSL_NO_SRTP
|
---|
| 21 |
|
---|
| 22 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
|
---|
| 23 | {
|
---|
| 24 | "SRTP_AES128_CM_SHA1_80",
|
---|
| 25 | SRTP_AES128_CM_SHA1_80,
|
---|
| 26 | },
|
---|
| 27 | {
|
---|
| 28 | "SRTP_AES128_CM_SHA1_32",
|
---|
| 29 | SRTP_AES128_CM_SHA1_32,
|
---|
| 30 | },
|
---|
| 31 | {
|
---|
| 32 | "SRTP_AEAD_AES_128_GCM",
|
---|
| 33 | SRTP_AEAD_AES_128_GCM,
|
---|
| 34 | },
|
---|
| 35 | {
|
---|
| 36 | "SRTP_AEAD_AES_256_GCM",
|
---|
| 37 | SRTP_AEAD_AES_256_GCM,
|
---|
| 38 | },
|
---|
| 39 | {0}
|
---|
| 40 | };
|
---|
| 41 |
|
---|
| 42 | static int find_profile_by_name(char *profile_name,
|
---|
| 43 | SRTP_PROTECTION_PROFILE **pptr, unsigned len)
|
---|
| 44 | {
|
---|
| 45 | SRTP_PROTECTION_PROFILE *p;
|
---|
| 46 |
|
---|
| 47 | p = srtp_known_profiles;
|
---|
| 48 | while (p->name) {
|
---|
| 49 | if ((len == strlen(p->name))
|
---|
| 50 | && strncmp(p->name, profile_name, len) == 0) {
|
---|
| 51 | *pptr = p;
|
---|
| 52 | return 0;
|
---|
| 53 | }
|
---|
| 54 |
|
---|
| 55 | p++;
|
---|
| 56 | }
|
---|
| 57 |
|
---|
| 58 | return 1;
|
---|
| 59 | }
|
---|
| 60 |
|
---|
| 61 | static int ssl_ctx_make_profiles(const char *profiles_string,
|
---|
| 62 | STACK_OF(SRTP_PROTECTION_PROFILE) **out)
|
---|
| 63 | {
|
---|
| 64 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
|
---|
| 65 |
|
---|
| 66 | char *col;
|
---|
| 67 | char *ptr = (char *)profiles_string;
|
---|
| 68 | SRTP_PROTECTION_PROFILE *p;
|
---|
| 69 |
|
---|
| 70 | if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
|
---|
| 71 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
|
---|
| 72 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
|
---|
| 73 | return 1;
|
---|
| 74 | }
|
---|
| 75 |
|
---|
| 76 | do {
|
---|
| 77 | col = strchr(ptr, ':');
|
---|
| 78 |
|
---|
| 79 | if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
|
---|
| 80 | if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
|
---|
| 81 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
|
---|
| 82 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 83 | goto err;
|
---|
| 84 | }
|
---|
| 85 |
|
---|
| 86 | if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
|
---|
| 87 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
|
---|
| 88 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
|
---|
| 89 | goto err;
|
---|
| 90 | }
|
---|
| 91 | } else {
|
---|
| 92 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
|
---|
| 93 | SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
|
---|
| 94 | goto err;
|
---|
| 95 | }
|
---|
| 96 |
|
---|
| 97 | if (col)
|
---|
| 98 | ptr = col + 1;
|
---|
| 99 | } while (col);
|
---|
| 100 |
|
---|
| 101 | sk_SRTP_PROTECTION_PROFILE_free(*out);
|
---|
| 102 |
|
---|
| 103 | *out = profiles;
|
---|
| 104 |
|
---|
| 105 | return 0;
|
---|
| 106 | err:
|
---|
| 107 | sk_SRTP_PROTECTION_PROFILE_free(profiles);
|
---|
| 108 | return 1;
|
---|
| 109 | }
|
---|
| 110 |
|
---|
| 111 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
|
---|
| 112 | {
|
---|
| 113 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
|
---|
| 114 | }
|
---|
| 115 |
|
---|
| 116 | int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
|
---|
| 117 | {
|
---|
| 118 | return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
|
---|
| 119 | }
|
---|
| 120 |
|
---|
| 121 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
|
---|
| 122 | {
|
---|
| 123 | if (s != NULL) {
|
---|
| 124 | if (s->srtp_profiles != NULL) {
|
---|
| 125 | return s->srtp_profiles;
|
---|
| 126 | } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
|
---|
| 127 | return s->ctx->srtp_profiles;
|
---|
| 128 | }
|
---|
| 129 | }
|
---|
| 130 |
|
---|
| 131 | return NULL;
|
---|
| 132 | }
|
---|
| 133 |
|
---|
| 134 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
|
---|
| 135 | {
|
---|
| 136 | return s->srtp_profile;
|
---|
| 137 | }
|
---|
| 138 |
|
---|
| 139 | /*
|
---|
| 140 | * Note: this function returns 0 length if there are no profiles specified
|
---|
| 141 | */
|
---|
| 142 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
|
---|
| 143 | int maxlen)
|
---|
| 144 | {
|
---|
| 145 | int ct = 0;
|
---|
| 146 | int i;
|
---|
| 147 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
|
---|
| 148 | SRTP_PROTECTION_PROFILE *prof;
|
---|
| 149 |
|
---|
| 150 | clnt = SSL_get_srtp_profiles(s);
|
---|
| 151 | ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
|
---|
| 152 |
|
---|
| 153 | if (p) {
|
---|
| 154 | if (ct == 0) {
|
---|
| 155 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 156 | SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 157 | return 1;
|
---|
| 158 | }
|
---|
| 159 |
|
---|
| 160 | if ((2 + ct * 2 + 1) > maxlen) {
|
---|
| 161 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 162 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
|
---|
| 163 | return 1;
|
---|
| 164 | }
|
---|
| 165 |
|
---|
| 166 | /* Add the length */
|
---|
| 167 | s2n(ct * 2, p);
|
---|
| 168 | for (i = 0; i < ct; i++) {
|
---|
| 169 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
|
---|
| 170 | s2n(prof->id, p);
|
---|
| 171 | }
|
---|
| 172 |
|
---|
| 173 | /* Add an empty use_mki value */
|
---|
| 174 | *p++ = 0;
|
---|
| 175 | }
|
---|
| 176 |
|
---|
| 177 | *len = 2 + ct * 2 + 1;
|
---|
| 178 |
|
---|
| 179 | return 0;
|
---|
| 180 | }
|
---|
| 181 |
|
---|
| 182 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
|
---|
| 183 | {
|
---|
| 184 | SRTP_PROTECTION_PROFILE *sprof;
|
---|
| 185 | STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
|
---|
| 186 | unsigned int ct, mki_len, id;
|
---|
| 187 | int i, srtp_pref;
|
---|
| 188 | PACKET subpkt;
|
---|
| 189 |
|
---|
| 190 | /* Pull off the length of the cipher suite list and check it is even */
|
---|
| 191 | if (!PACKET_get_net_2(pkt, &ct)
|
---|
| 192 | || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
|
---|
| 193 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 194 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 195 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 196 | return 1;
|
---|
| 197 | }
|
---|
| 198 |
|
---|
| 199 | srvr = SSL_get_srtp_profiles(s);
|
---|
| 200 | s->srtp_profile = NULL;
|
---|
| 201 | /* Search all profiles for a match initially */
|
---|
| 202 | srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
|
---|
| 203 |
|
---|
| 204 | while (PACKET_remaining(&subpkt)) {
|
---|
| 205 | if (!PACKET_get_net_2(&subpkt, &id)) {
|
---|
| 206 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 207 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 208 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 209 | return 1;
|
---|
| 210 | }
|
---|
| 211 |
|
---|
| 212 | /*
|
---|
| 213 | * Only look for match in profiles of higher preference than
|
---|
| 214 | * current match.
|
---|
| 215 | * If no profiles have been have been configured then this
|
---|
| 216 | * does nothing.
|
---|
| 217 | */
|
---|
| 218 | for (i = 0; i < srtp_pref; i++) {
|
---|
| 219 | sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
|
---|
| 220 | if (sprof->id == id) {
|
---|
| 221 | s->srtp_profile = sprof;
|
---|
| 222 | srtp_pref = i;
|
---|
| 223 | break;
|
---|
| 224 | }
|
---|
| 225 | }
|
---|
| 226 | }
|
---|
| 227 |
|
---|
| 228 | /*
|
---|
| 229 | * Now extract the MKI value as a sanity check, but discard it for now
|
---|
| 230 | */
|
---|
| 231 | if (!PACKET_get_1(pkt, &mki_len)) {
|
---|
| 232 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 233 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 234 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 235 | return 1;
|
---|
| 236 | }
|
---|
| 237 |
|
---|
| 238 | if (!PACKET_forward(pkt, mki_len)
|
---|
| 239 | || PACKET_remaining(pkt)) {
|
---|
| 240 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
---|
| 241 | SSL_R_BAD_SRTP_MKI_VALUE);
|
---|
| 242 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 243 | return 1;
|
---|
| 244 | }
|
---|
| 245 |
|
---|
| 246 | return 0;
|
---|
| 247 | }
|
---|
| 248 |
|
---|
| 249 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
|
---|
| 250 | int maxlen)
|
---|
| 251 | {
|
---|
| 252 | if (p) {
|
---|
| 253 | if (maxlen < 5) {
|
---|
| 254 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 255 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
|
---|
| 256 | return 1;
|
---|
| 257 | }
|
---|
| 258 |
|
---|
| 259 | if (s->srtp_profile == 0) {
|
---|
| 260 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 261 | SSL_R_USE_SRTP_NOT_NEGOTIATED);
|
---|
| 262 | return 1;
|
---|
| 263 | }
|
---|
| 264 | s2n(2, p);
|
---|
| 265 | s2n(s->srtp_profile->id, p);
|
---|
| 266 | *p++ = 0;
|
---|
| 267 | }
|
---|
| 268 | *len = 5;
|
---|
| 269 |
|
---|
| 270 | return 0;
|
---|
| 271 | }
|
---|
| 272 |
|
---|
| 273 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
|
---|
| 274 | {
|
---|
| 275 | unsigned int id, ct, mki;
|
---|
| 276 | int i;
|
---|
| 277 |
|
---|
| 278 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
|
---|
| 279 | SRTP_PROTECTION_PROFILE *prof;
|
---|
| 280 |
|
---|
| 281 | if (!PACKET_get_net_2(pkt, &ct)
|
---|
| 282 | || ct != 2 || !PACKET_get_net_2(pkt, &id)
|
---|
| 283 | || !PACKET_get_1(pkt, &mki)
|
---|
| 284 | || PACKET_remaining(pkt) != 0) {
|
---|
| 285 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 286 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 287 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 288 | return 1;
|
---|
| 289 | }
|
---|
| 290 |
|
---|
| 291 | if (mki != 0) {
|
---|
| 292 | /* Must be no MKI, since we never offer one */
|
---|
| 293 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 294 | SSL_R_BAD_SRTP_MKI_VALUE);
|
---|
| 295 | *al = SSL_AD_ILLEGAL_PARAMETER;
|
---|
| 296 | return 1;
|
---|
| 297 | }
|
---|
| 298 |
|
---|
| 299 | clnt = SSL_get_srtp_profiles(s);
|
---|
| 300 |
|
---|
| 301 | /* Throw an error if the server gave us an unsolicited extension */
|
---|
| 302 | if (clnt == NULL) {
|
---|
| 303 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 304 | SSL_R_NO_SRTP_PROFILES);
|
---|
| 305 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 306 | return 1;
|
---|
| 307 | }
|
---|
| 308 |
|
---|
| 309 | /*
|
---|
| 310 | * Check to see if the server gave us something we support (and
|
---|
| 311 | * presumably offered)
|
---|
| 312 | */
|
---|
| 313 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
|
---|
| 314 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
|
---|
| 315 |
|
---|
| 316 | if (prof->id == id) {
|
---|
| 317 | s->srtp_profile = prof;
|
---|
| 318 | *al = 0;
|
---|
| 319 | return 0;
|
---|
| 320 | }
|
---|
| 321 | }
|
---|
| 322 |
|
---|
| 323 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
|
---|
| 324 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
---|
| 325 | *al = SSL_AD_DECODE_ERROR;
|
---|
| 326 | return 1;
|
---|
| 327 | }
|
---|
| 328 |
|
---|
| 329 | #endif
|
---|