1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 /* ==================================================================== 58 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core (at) openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay (at) cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh (at) cryptsoft.com). 108 * 109 */ 110 /* 111 DTLS code by Eric Rescorla <ekr (at) rtfm.com> 112 113 Copyright (C) 2006, Network Resonance, Inc. 114 Copyright (C) 2011, RTFM, Inc. 115 */ 116 117 #ifndef OPENSSL_NO_SRTP 118 119 #include <stdio.h> 120 121 #include <openssl/bytestring.h> 122 #include <openssl/obj.h> 123 #include <openssl/err.h> 124 125 #include "ssl_locl.h" 126 #include <openssl/srtp.h> 127 128 129 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= 130 { 131 { 132 "SRTP_AES128_CM_SHA1_80", 133 SRTP_AES128_CM_SHA1_80, 134 }, 135 { 136 "SRTP_AES128_CM_SHA1_32", 137 SRTP_AES128_CM_SHA1_32, 138 }, 139 #if 0 140 { 141 "SRTP_NULL_SHA1_80", 142 SRTP_NULL_SHA1_80, 143 }, 144 { 145 "SRTP_NULL_SHA1_32", 146 SRTP_NULL_SHA1_32, 147 }, 148 #endif 149 {0} 150 }; 151 152 static int find_profile_by_name(char *profile_name, 153 SRTP_PROTECTION_PROFILE **pptr,unsigned len) 154 { 155 SRTP_PROTECTION_PROFILE *p; 156 157 p=srtp_known_profiles; 158 while(p->name) 159 { 160 if((len == strlen(p->name)) && !strncmp(p->name,profile_name, 161 len)) 162 { 163 *pptr=p; 164 return 1; 165 } 166 167 p++; 168 } 169 170 return 0; 171 } 172 173 static int find_profile_by_num(unsigned profile_num, 174 SRTP_PROTECTION_PROFILE **pptr) 175 { 176 SRTP_PROTECTION_PROFILE *p; 177 178 p=srtp_known_profiles; 179 while(p->name) 180 { 181 if(p->id == profile_num) 182 { 183 *pptr=p; 184 return 1; 185 } 186 p++; 187 } 188 189 return 0; 190 } 191 192 static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) 193 { 194 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 195 196 char *col; 197 char *ptr=(char *)profiles_string; 198 199 SRTP_PROTECTION_PROFILE *p; 200 201 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) 202 { 203 OPENSSL_PUT_ERROR(SSL, ssl_ctx_make_profiles, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 204 return 0; 205 } 206 207 do 208 { 209 col=strchr(ptr,':'); 210 211 if(find_profile_by_name(ptr,&p, 212 col ? col-ptr : (int)strlen(ptr))) 213 { 214 sk_SRTP_PROTECTION_PROFILE_push(profiles,p); 215 } 216 else 217 { 218 OPENSSL_PUT_ERROR(SSL, ssl_ctx_make_profiles, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 219 return 0; 220 } 221 222 if(col) ptr=col+1; 223 } while (col); 224 225 *out=profiles; 226 227 return 1; 228 } 229 230 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) 231 { 232 /* This API inverts its return value. */ 233 return !ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); 234 } 235 236 int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) 237 { 238 /* This API inverts its return value. */ 239 return !ssl_ctx_make_profiles(profiles,&s->srtp_profiles); 240 } 241 242 243 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 244 { 245 if(s != NULL) 246 { 247 if(s->srtp_profiles != NULL) 248 { 249 return s->srtp_profiles; 250 } 251 else if((s->ctx != NULL) && 252 (s->ctx->srtp_profiles != NULL)) 253 { 254 return s->ctx->srtp_profiles; 255 } 256 } 257 258 return NULL; 259 } 260 261 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 262 { 263 return s->srtp_profile; 264 } 265 266 /* Note: this function returns 0 length if there are no 267 profiles specified */ 268 int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 269 { 270 int ct=0; 271 int i; 272 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; 273 SRTP_PROTECTION_PROFILE *prof; 274 275 clnt=SSL_get_srtp_profiles(s); 276 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ 277 278 if(p) 279 { 280 if(ct==0) 281 { 282 OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_use_srtp_ext, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); 283 return 0; 284 } 285 286 if((2 + ct*2 + 1) > maxlen) 287 { 288 OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_use_srtp_ext, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 289 return 0; 290 } 291 292 /* Add the length */ 293 s2n(ct * 2, p); 294 for(i=0;i<ct;i++) 295 { 296 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 297 s2n(prof->id,p); 298 } 299 300 /* Add an empty use_mki value */ 301 *p++ = 0; 302 } 303 304 *len=2 + ct*2 + 1; 305 306 return 1; 307 } 308 309 310 int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) 311 { 312 CBS profile_ids, srtp_mki; 313 SRTP_PROTECTION_PROFILE *cprof, *sprof; 314 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0,*srvr; 315 int i,j; 316 int ret = 0; 317 318 if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) || 319 CBS_len(&profile_ids) < 2 || 320 !CBS_get_u8_length_prefixed(cbs, &srtp_mki) || 321 CBS_len(cbs) != 0) 322 { 323 OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 324 *out_alert = SSL_AD_DECODE_ERROR; 325 goto done; 326 } 327 328 clnt = sk_SRTP_PROTECTION_PROFILE_new_null(); 329 330 while (CBS_len(&profile_ids) > 0) 331 { 332 uint16_t profile_id; 333 334 if (!CBS_get_u16(&profile_ids, &profile_id)) 335 { 336 *out_alert = SSL_AD_DECODE_ERROR; 337 goto done; 338 } 339 340 if (find_profile_by_num(profile_id, &cprof)) 341 { 342 sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof); 343 } 344 } 345 346 /* Discard the MKI value for now. */ 347 348 srvr = SSL_get_srtp_profiles(s); 349 350 /* Pick our most preferred profile. If no profiles have been 351 configured then the outer loop doesn't run 352 (sk_SRTP_PROTECTION_PROFILE_num() = -1) 353 and so we just return without doing anything */ 354 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) 355 { 356 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); 357 358 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) 359 { 360 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); 361 362 if(cprof->id==sprof->id) 363 { 364 s->srtp_profile = sprof; 365 ret = 1; 366 goto done; 367 } 368 } 369 } 370 371 ret = 1; 372 373 done: 374 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); 375 376 return ret; 377 } 378 379 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 380 { 381 if(p) 382 { 383 if(maxlen < 5) 384 { 385 OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_use_srtp_ext, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 386 return 0; 387 } 388 389 if(s->srtp_profile==0) 390 { 391 OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_use_srtp_ext, SSL_R_USE_SRTP_NOT_NEGOTIATED); 392 return 0; 393 } 394 s2n(2, p); 395 s2n(s->srtp_profile->id,p); 396 *p++ = 0; 397 } 398 *len=5; 399 400 return 1; 401 } 402 403 404 int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) 405 { 406 CBS profile_ids, srtp_mki; 407 uint16_t profile_id; 408 int i; 409 410 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 411 SRTP_PROTECTION_PROFILE *prof; 412 413 /* The extension consists of a u16-prefixed profile ID list containing a 414 * single uint16_t profile ID, then followed by a u8-prefixed srtp_mki 415 * field. 416 * 417 * See https://tools.ietf.org/html/rfc5764#section-4.1.1 418 */ 419 if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) || 420 !CBS_get_u16(&profile_ids, &profile_id) || 421 CBS_len(&profile_ids) != 0 || 422 !CBS_get_u8_length_prefixed(cbs, &srtp_mki) || 423 CBS_len(cbs) != 0) 424 { 425 OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 426 *out_alert = SSL_AD_DECODE_ERROR; 427 return 0; 428 } 429 430 if (CBS_len(&srtp_mki) != 0) 431 { 432 /* Must be no MKI, since we never offer one. */ 433 OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_MKI_VALUE); 434 *out_alert = SSL_AD_ILLEGAL_PARAMETER; 435 return 0; 436 } 437 438 clnt=SSL_get_srtp_profiles(s); 439 440 /* Throw an error if the server gave us an unsolicited extension */ 441 if (clnt == NULL) 442 { 443 OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_NO_SRTP_PROFILES); 444 *out_alert = SSL_AD_DECODE_ERROR; 445 return 0; 446 } 447 448 /* Check to see if the server gave us something we support 449 (and presumably offered) 450 */ 451 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) 452 { 453 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 454 455 if(prof->id == profile_id) 456 { 457 s->srtp_profile=prof; 458 *out_alert = 0; 459 return 1; 460 } 461 } 462 463 OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 464 *out_alert = SSL_AD_ILLEGAL_PARAMETER; 465 return 0; 466 } 467 468 469 #endif 470