Home | History | Annotate | Download | only in ssl
      1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      2  * All rights reserved.
      3  *
      4  * This package is an SSL implementation written
      5  * by Eric Young (eay (at) cryptsoft.com).
      6  * The implementation was written so as to conform with Netscapes SSL.
      7  *
      8  * This library is free for commercial and non-commercial use as long as
      9  * the following conditions are aheared to.  The following conditions
     10  * apply to all code found in this distribution, be it the RC4, RSA,
     11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     12  * included with this distribution is covered by the same copyright terms
     13  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     14  *
     15  * Copyright remains Eric Young's, and as such any Copyright notices in
     16  * the code are not to be removed.
     17  * If this package is used in a product, Eric Young should be given attribution
     18  * as the author of the parts of the library used.
     19  * This can be in the form of a textual message at program startup or
     20  * in documentation (online or textual) provided with the package.
     21  *
     22  * Redistribution and use in source and binary forms, with or without
     23  * modification, are permitted provided that the following conditions
     24  * are met:
     25  * 1. Redistributions of source code must retain the copyright
     26  *    notice, this list of conditions and the following disclaimer.
     27  * 2. Redistributions in binary form must reproduce the above copyright
     28  *    notice, this list of conditions and the following disclaimer in the
     29  *    documentation and/or other materials provided with the distribution.
     30  * 3. All advertising materials mentioning features or use of this software
     31  *    must display the following acknowledgement:
     32  *    "This product includes cryptographic software written by
     33  *     Eric Young (eay (at) cryptsoft.com)"
     34  *    The word 'cryptographic' can be left out if the rouines from the library
     35  *    being used are not cryptographic related :-).
     36  * 4. If you include any Windows specific code (or a derivative thereof) from
     37  *    the apps directory (application code) you must include an acknowledgement:
     38  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     50  * SUCH DAMAGE.
     51  *
     52  * The licence and distribution terms for any publically available version or
     53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     54  * copied and put under another distribution licence
     55  * [including the GNU Public Licence.]
     56  */
     57 /* ====================================================================
     58  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
     59  *
     60  * Redistribution and use in source and binary forms, with or without
     61  * modification, are permitted provided that the following conditions
     62  * are met:
     63  *
     64  * 1. Redistributions of source code must retain the above copyright
     65  *    notice, this list of conditions and the following disclaimer.
     66  *
     67  * 2. Redistributions in binary form must reproduce the above copyright
     68  *    notice, this list of conditions and the following disclaimer in
     69  *    the documentation and/or other materials provided with the
     70  *    distribution.
     71  *
     72  * 3. All advertising materials mentioning features or use of this
     73  *    software must display the following acknowledgment:
     74  *    "This product includes software developed by the OpenSSL Project
     75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     76  *
     77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     78  *    endorse or promote products derived from this software without
     79  *    prior written permission. For written permission, please contact
     80  *    openssl-core (at) openssl.org.
     81  *
     82  * 5. Products derived from this software may not be called "OpenSSL"
     83  *    nor may "OpenSSL" appear in their names without prior written
     84  *    permission of the OpenSSL Project.
     85  *
     86  * 6. Redistributions of any form whatsoever must retain the following
     87  *    acknowledgment:
     88  *    "This product includes software developed by the OpenSSL Project
     89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     90  *
     91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    102  * OF THE POSSIBILITY OF SUCH DAMAGE.
    103  * ====================================================================
    104  *
    105  * This product includes cryptographic software written by Eric Young
    106  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    107  * Hudson (tjh (at) cryptsoft.com).
    108  *
    109  */
    110 /*
    111   DTLS code by Eric Rescorla <ekr (at) rtfm.com>
    112 
    113   Copyright (C) 2006, Network Resonance, Inc.
    114   Copyright (C) 2011, RTFM, Inc.
    115 */
    116 
    117 #ifndef OPENSSL_NO_SRTP
    118 
    119 #include <stdio.h>
    120 
    121 #include <openssl/bytestring.h>
    122 #include <openssl/obj.h>
    123 #include <openssl/err.h>
    124 
    125 #include "ssl_locl.h"
    126 #include <openssl/srtp.h>
    127 
    128 
    129 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
    130     {
    131     {
    132     "SRTP_AES128_CM_SHA1_80",
    133     SRTP_AES128_CM_SHA1_80,
    134     },
    135     {
    136     "SRTP_AES128_CM_SHA1_32",
    137     SRTP_AES128_CM_SHA1_32,
    138     },
    139 #if 0
    140     {
    141     "SRTP_NULL_SHA1_80",
    142     SRTP_NULL_SHA1_80,
    143     },
    144     {
    145     "SRTP_NULL_SHA1_32",
    146     SRTP_NULL_SHA1_32,
    147     },
    148 #endif
    149     {0}
    150     };
    151 
    152 static int find_profile_by_name(char *profile_name,
    153 				SRTP_PROTECTION_PROFILE **pptr,unsigned len)
    154 	{
    155 	SRTP_PROTECTION_PROFILE *p;
    156 
    157 	p=srtp_known_profiles;
    158 	while(p->name)
    159 		{
    160 		if((len == strlen(p->name)) && !strncmp(p->name,profile_name,
    161 							len))
    162 			{
    163 			*pptr=p;
    164 			return 1;
    165 			}
    166 
    167 		p++;
    168 		}
    169 
    170 	return 0;
    171 	}
    172 
    173 static int find_profile_by_num(unsigned profile_num,
    174 			       SRTP_PROTECTION_PROFILE **pptr)
    175 	{
    176 	SRTP_PROTECTION_PROFILE *p;
    177 
    178 	p=srtp_known_profiles;
    179 	while(p->name)
    180 		{
    181 		if(p->id == profile_num)
    182 			{
    183 			*pptr=p;
    184 			return 1;
    185 			}
    186 		p++;
    187 		}
    188 
    189 	return 0;
    190 	}
    191 
    192 static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
    193 	{
    194 	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
    195 
    196 	char *col;
    197 	char *ptr=(char *)profiles_string;
    198 
    199 	SRTP_PROTECTION_PROFILE *p;
    200 
    201 	if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))
    202 		{
    203 		OPENSSL_PUT_ERROR(SSL, ssl_ctx_make_profiles, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
    204 		return 0;
    205 		}
    206 
    207 	do
    208 		{
    209 		col=strchr(ptr,':');
    210 
    211 		if(find_profile_by_name(ptr,&p,
    212 					 col ? col-ptr : (int)strlen(ptr)))
    213 			{
    214 			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
    215 			}
    216 		else
    217 			{
    218 			OPENSSL_PUT_ERROR(SSL, ssl_ctx_make_profiles, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
    219 			return 0;
    220 			}
    221 
    222 		if(col) ptr=col+1;
    223 		} while (col);
    224 
    225 	*out=profiles;
    226 
    227 	return 1;
    228 	}
    229 
    230 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
    231 	{
    232 	/* This API inverts its return value. */
    233 	return !ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
    234 	}
    235 
    236 int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles)
    237 	{
    238 	/* This API inverts its return value. */
    239 	return !ssl_ctx_make_profiles(profiles,&s->srtp_profiles);
    240 	}
    241 
    242 
    243 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
    244 	{
    245 	if(s != NULL)
    246 		{
    247 		if(s->srtp_profiles != NULL)
    248 			{
    249 			return s->srtp_profiles;
    250 			}
    251 		else if((s->ctx != NULL) &&
    252 			(s->ctx->srtp_profiles != NULL))
    253 			{
    254 			return s->ctx->srtp_profiles;
    255 			}
    256 		}
    257 
    258 	return NULL;
    259 	}
    260 
    261 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
    262 	{
    263 	return s->srtp_profile;
    264 	}
    265 
    266 /* Note: this function returns 0 length if there are no
    267    profiles specified */
    268 int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
    269 	{
    270 	int ct=0;
    271 	int i;
    272 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;
    273 	SRTP_PROTECTION_PROFILE *prof;
    274 
    275 	clnt=SSL_get_srtp_profiles(s);
    276 	ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
    277 
    278 	if(p)
    279 		{
    280 		if(ct==0)
    281 			{
    282 			OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_use_srtp_ext, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
    283 			return 0;
    284 			}
    285 
    286 		if((2 + ct*2 + 1) > maxlen)
    287 			{
    288 			OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_use_srtp_ext, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
    289 			return 0;
    290 			}
    291 
    292                 /* Add the length */
    293                 s2n(ct * 2, p);
    294 		for(i=0;i<ct;i++)
    295 			{
    296 			prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
    297 			s2n(prof->id,p);
    298 			}
    299 
    300                 /* Add an empty use_mki value */
    301                 *p++ = 0;
    302 		}
    303 
    304 	*len=2 + ct*2 + 1;
    305 
    306 	return 1;
    307 	}
    308 
    309 
    310 int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert)
    311 	{
    312 	CBS profile_ids, srtp_mki;
    313 	SRTP_PROTECTION_PROFILE *cprof, *sprof;
    314 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0,*srvr;
    315 	int i,j;
    316 	int ret = 0;
    317 
    318 	if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) ||
    319 		CBS_len(&profile_ids) < 2 ||
    320 		!CBS_get_u8_length_prefixed(cbs, &srtp_mki) ||
    321 		CBS_len(cbs) != 0)
    322 		{
    323 		OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
    324 		*out_alert = SSL_AD_DECODE_ERROR;
    325 		goto done;
    326 		}
    327 
    328 	clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
    329 
    330 	while (CBS_len(&profile_ids) > 0)
    331 		{
    332 		uint16_t profile_id;
    333 
    334 		if (!CBS_get_u16(&profile_ids, &profile_id))
    335 			{
    336 			*out_alert = SSL_AD_DECODE_ERROR;
    337 			goto done;
    338 			}
    339 
    340 		if (find_profile_by_num(profile_id, &cprof))
    341 			{
    342 			sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
    343 			}
    344 		}
    345 
    346 	/* Discard the MKI value for now. */
    347 
    348 	srvr = SSL_get_srtp_profiles(s);
    349 
    350 	/* Pick our most preferred profile. If no profiles have been
    351 	 configured then the outer loop doesn't run
    352 	 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
    353 	 and so we just return without doing anything */
    354 	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)
    355 		{
    356 		sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);
    357 
    358 		for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)
    359 			{
    360 			cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);
    361 
    362 			if(cprof->id==sprof->id)
    363 				{
    364 				s->srtp_profile = sprof;
    365 				ret = 1;
    366 				goto done;
    367 				}
    368 			}
    369 		}
    370 
    371 	ret = 1;
    372 
    373 done:
    374 	if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);
    375 
    376 	return ret;
    377 	}
    378 
    379 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
    380 	{
    381 	if(p)
    382 		{
    383 		if(maxlen < 5)
    384 			{
    385 			OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_use_srtp_ext, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
    386 			return 0;
    387 			}
    388 
    389 		if(s->srtp_profile==0)
    390 			{
    391 			OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_use_srtp_ext, SSL_R_USE_SRTP_NOT_NEGOTIATED);
    392 			return 0;
    393 			}
    394                 s2n(2, p);
    395 		s2n(s->srtp_profile->id,p);
    396                 *p++ = 0;
    397 		}
    398 	*len=5;
    399 
    400 	return 1;
    401 	}
    402 
    403 
    404 int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert)
    405 	{
    406 	CBS profile_ids, srtp_mki;
    407 	uint16_t profile_id;
    408 	int i;
    409 
    410 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
    411 	SRTP_PROTECTION_PROFILE *prof;
    412 
    413 	/* The extension consists of a u16-prefixed profile ID list containing a
    414 	 * single uint16_t profile ID, then followed by a u8-prefixed srtp_mki
    415 	 * field.
    416 	 *
    417 	 * See https://tools.ietf.org/html/rfc5764#section-4.1.1
    418 	 */
    419 	if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) ||
    420 		!CBS_get_u16(&profile_ids, &profile_id) ||
    421 		CBS_len(&profile_ids) != 0 ||
    422 		!CBS_get_u8_length_prefixed(cbs, &srtp_mki) ||
    423 		CBS_len(cbs) != 0)
    424 		{
    425 		OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
    426 		*out_alert = SSL_AD_DECODE_ERROR;
    427 		return 0;
    428 		}
    429 
    430 	if (CBS_len(&srtp_mki) != 0)
    431 		{
    432 		/* Must be no MKI, since we never offer one. */
    433 		OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_MKI_VALUE);
    434 		*out_alert = SSL_AD_ILLEGAL_PARAMETER;
    435 		return 0;
    436 		}
    437 
    438 	clnt=SSL_get_srtp_profiles(s);
    439 
    440 	/* Throw an error if the server gave us an unsolicited extension */
    441 	if (clnt == NULL)
    442 		{
    443 		OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_NO_SRTP_PROFILES);
    444 		*out_alert = SSL_AD_DECODE_ERROR;
    445 		return 0;
    446 		}
    447 
    448 	/* Check to see if the server gave us something we support
    449 	   (and presumably offered)
    450 	*/
    451 	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)
    452 		{
    453 		prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
    454 
    455 		if(prof->id == profile_id)
    456 			{
    457 			s->srtp_profile=prof;
    458 			*out_alert = 0;
    459 			return 1;
    460 			}
    461 		}
    462 
    463 	OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
    464 	*out_alert = SSL_AD_ILLEGAL_PARAMETER;
    465 	return 0;
    466 	}
    467 
    468 
    469 #endif
    470