1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 *    notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 *    notice, this list of conditions and the following disclaimer in
70 *    the documentation and/or other materials provided with the
71 *    distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 *    software must display the following acknowledgment:
75 *    "This product includes software developed by the OpenSSL Project
76 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 *    endorse or promote products derived from this software without
80 *    prior written permission. For written permission, please contact
81 *    openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 *    nor may "OpenSSL" appear in their names without prior written
85 *    permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 *    acknowledgment:
89 *    "This product includes software developed by the OpenSSL Project
90 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com).  This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112  DTLS code by Eric Rescorla <ekr@rtfm.com>
113
114  Copyright (C) 2006, Network Resonance, Inc.
115  Copyright (C) 2011, RTFM, Inc.
116*/
117
118#include <stdio.h>
119#include <openssl/objects.h>
120#include "ssl_locl.h"
121
122#ifndef OPENSSL_NO_SRTP
123
124#include "srtp.h"
125
126
127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
128    {
129    {
130    "SRTP_AES128_CM_SHA1_80",
131    SRTP_AES128_CM_SHA1_80,
132    },
133    {
134    "SRTP_AES128_CM_SHA1_32",
135    SRTP_AES128_CM_SHA1_32,
136    },
137#if 0
138    {
139    "SRTP_NULL_SHA1_80",
140    SRTP_NULL_SHA1_80,
141    },
142    {
143    "SRTP_NULL_SHA1_32",
144    SRTP_NULL_SHA1_32,
145    },
146#endif
147    {0}
148    };
149
150static int find_profile_by_name(char *profile_name,
151				SRTP_PROTECTION_PROFILE **pptr,unsigned len)
152	{
153	SRTP_PROTECTION_PROFILE *p;
154
155	p=srtp_known_profiles;
156	while(p->name)
157		{
158		if((len == strlen(p->name)) && !strncmp(p->name,profile_name,
159							len))
160			{
161			*pptr=p;
162			return 0;
163			}
164
165		p++;
166		}
167
168	return 1;
169	}
170
171static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
172	{
173	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
174
175	char *col;
176	char *ptr=(char *)profiles_string;
177
178	SRTP_PROTECTION_PROFILE *p;
179
180	if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))
181		{
182		SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
183		return 1;
184		}
185
186	do
187		{
188		col=strchr(ptr,':');
189
190		if(!find_profile_by_name(ptr,&p,
191					 col ? col-ptr : (int)strlen(ptr)))
192			{
193			if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0)
194				{
195				SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
196				sk_SRTP_PROTECTION_PROFILE_free(profiles);
197				return 1;
198				}
199
200			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
201			}
202		else
203			{
204			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
205			sk_SRTP_PROTECTION_PROFILE_free(profiles);
206			return 1;
207			}
208
209		if(col) ptr=col+1;
210		} while (col);
211
212	*out=profiles;
213
214	return 0;
215	}
216
217int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
218	{
219	return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
220	}
221
222int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles)
223	{
224	return ssl_ctx_make_profiles(profiles,&s->srtp_profiles);
225	}
226
227
228STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
229	{
230	if(s != NULL)
231		{
232		if(s->srtp_profiles != NULL)
233			{
234			return s->srtp_profiles;
235			}
236		else if((s->ctx != NULL) &&
237			(s->ctx->srtp_profiles != NULL))
238			{
239			return s->ctx->srtp_profiles;
240			}
241		}
242
243	return NULL;
244	}
245
246SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
247	{
248	return s->srtp_profile;
249	}
250
251/* Note: this function returns 0 length if there are no
252   profiles specified */
253int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
254	{
255	int ct=0;
256	int i;
257	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;
258	SRTP_PROTECTION_PROFILE *prof;
259
260	clnt=SSL_get_srtp_profiles(s);
261	ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
262
263	if(p)
264		{
265		if(ct==0)
266			{
267			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
268			return 1;
269			}
270
271		if((2 + ct*2 + 1) > maxlen)
272			{
273			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
274			return 1;
275			}
276
277                /* Add the length */
278                s2n(ct * 2, p);
279		for(i=0;i<ct;i++)
280			{
281			prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
282			s2n(prof->id,p);
283			}
284
285                /* Add an empty use_mki value */
286                *p++ = 0;
287		}
288
289	*len=2 + ct*2 + 1;
290
291	return 0;
292	}
293
294
295int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
296	{
297	SRTP_PROTECTION_PROFILE *sprof;
298	STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
299        int ct;
300        int mki_len;
301	int i, srtp_pref;
302	unsigned int id;
303
304         /* Length value + the MKI length */
305        if(len < 3)
306		{
307		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
308		*al=SSL_AD_DECODE_ERROR;
309		return 1;
310                }
311
312        /* Pull off the length of the cipher suite list */
313        n2s(d, ct);
314        len -= 2;
315
316        /* Check that it is even */
317	if(ct%2)
318		{
319		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
320		*al=SSL_AD_DECODE_ERROR;
321		return 1;
322		}
323
324        /* Check that lengths are consistent */
325	if(len < (ct + 1))
326		{
327		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
328		*al=SSL_AD_DECODE_ERROR;
329		return 1;
330		}
331
332	srvr=SSL_get_srtp_profiles(s);
333	s->srtp_profile = NULL;
334	/* Search all profiles for a match initially */
335	srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
336
337	while(ct)
338		{
339		n2s(d,id);
340		ct-=2;
341                len-=2;
342
343		/*
344		 * Only look for match in profiles of higher preference than
345		 * current match.
346		 * If no profiles have been have been configured then this
347		 * does nothing.
348		 */
349		for (i = 0; i < srtp_pref; i++)
350			{
351			sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
352			if (sprof->id == id)
353				{
354				s->srtp_profile = sprof;
355				srtp_pref = i;
356				break;
357				}
358			}
359		}
360
361        /* Now extract the MKI value as a sanity check, but discard it for now */
362        mki_len = *d;
363        d++; len--;
364
365        if (mki_len != len)
366		{
367		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
368		*al=SSL_AD_DECODE_ERROR;
369		return 1;
370		}
371
372	return 0;
373	}
374
375int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
376	{
377	if(p)
378		{
379		if(maxlen < 5)
380			{
381			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
382			return 1;
383			}
384
385		if(s->srtp_profile==0)
386			{
387			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
388			return 1;
389			}
390                s2n(2, p);
391		s2n(s->srtp_profile->id,p);
392                *p++ = 0;
393		}
394	*len=5;
395
396	return 0;
397	}
398
399
400int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
401	{
402	unsigned id;
403	int i;
404        int ct;
405
406	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
407	SRTP_PROTECTION_PROFILE *prof;
408
409	if(len!=5)
410		{
411		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
412		*al=SSL_AD_DECODE_ERROR;
413		return 1;
414		}
415
416        n2s(d, ct);
417	if(ct!=2)
418		{
419		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
420		*al=SSL_AD_DECODE_ERROR;
421		return 1;
422		}
423
424	n2s(d,id);
425        if (*d)  /* Must be no MKI, since we never offer one */
426		{
427		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
428		*al=SSL_AD_ILLEGAL_PARAMETER;
429		return 1;
430		}
431
432	clnt=SSL_get_srtp_profiles(s);
433
434	/* Throw an error if the server gave us an unsolicited extension */
435	if (clnt == NULL)
436		{
437		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES);
438		*al=SSL_AD_DECODE_ERROR;
439		return 1;
440		}
441
442	/* Check to see if the server gave us something we support
443	   (and presumably offered)
444	*/
445	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)
446		{
447		prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
448
449		if(prof->id == id)
450			{
451			s->srtp_profile=prof;
452			*al=0;
453			return 0;
454			}
455		}
456
457	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
458	*al=SSL_AD_DECODE_ERROR;
459	return 1;
460	}
461
462
463#endif
464