diff options
author | Kijin Kim <msrndsy@gmail.com> | 2022-04-04 15:31:04 +0900 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-05-23 10:07:51 +0200 |
commit | a425c0fec6eb74c942ca5bca8e27ff0c9f126d48 (patch) | |
tree | 0c184574aa4ffe33898765c41031145cf4a8e12d | |
parent | 091e60c42c5d2a194936da7f4de3ce82527b27a3 (diff) |
Add more SRTP protection profiles
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18030)
-rw-r--r-- | CHANGES.md | 4 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_set_tlsext_use_srtp.pod | 32 | ||||
-rw-r--r-- | include/openssl/srtp.h | 28 | ||||
-rw-r--r-- | ssl/d1_srtp.c | 32 |
4 files changed, 88 insertions, 8 deletions
diff --git a/CHANGES.md b/CHANGES.md index 4f256e65a6..d8c20dba0a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,10 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] + * Add more SRTP protection profiles from RFC8723 and RFC8269. + + *Kijin Kim* + * Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload. *Daiki Ueno, John Baldwin and Dmitry Podgorny* diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod index e91f32b7f8..046cdb8afe 100644 --- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod +++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod @@ -56,6 +56,38 @@ This corresponds to the profile of the same name defined in RFC7714. This corresponds to the profile of the same name defined in RFC7714. +=item SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM + +This corresponds to the profile of the same name defined in RFC8723. + +=item SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM + +This corresponds to the profile of the same name defined in RFC8723. + +=item SRTP_ARIA_128_CTR_HMAC_SHA1_80 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_128_CTR_HMAC_SHA1_32 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_256_CTR_HMAC_SHA1_80 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_ARIA_256_CTR_HMAC_SHA1_32 + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_AEAD_ARIA_128_GCM + +This corresponds to the profile of the same name defined in RFC8269. + +=item SRTP_AEAD_ARIA_256_GCM + +This corresponds to the profile of the same name defined in RFC8269. + =back Supplying an unrecognised protection profile name will result in an error. diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h index d64606e5d9..2c2c334443 100644 --- a/include/openssl/srtp.h +++ b/include/openssl/srtp.h @@ -28,16 +28,28 @@ extern "C" { #endif -# define SRTP_AES128_CM_SHA1_80 0x0001 -# define SRTP_AES128_CM_SHA1_32 0x0002 -# define SRTP_AES128_F8_SHA1_80 0x0003 -# define SRTP_AES128_F8_SHA1_32 0x0004 -# define SRTP_NULL_SHA1_80 0x0005 -# define SRTP_NULL_SHA1_32 0x0006 +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 /* AEAD SRTP protection profiles from RFC 7714 */ -# define SRTP_AEAD_AES_128_GCM 0x0007 -# define SRTP_AEAD_AES_256_GCM 0x0008 +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */ +# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009 +# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A + +/* ARIA SRTP protection profiles from RFC 8269 */ +# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B +# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C +# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D +# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E +# define SRTP_AEAD_ARIA_128_GCM 0x000F +# define SRTP_AEAD_ARIA_256_GCM 0x0010 # ifndef OPENSSL_NO_SRTP diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 2300753382..1fd5947986 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -36,6 +36,38 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM, }, + { + "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM", + SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM, + }, + { + "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM", + SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_80", + SRTP_ARIA_128_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_32", + SRTP_ARIA_128_CTR_HMAC_SHA1_32, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_80", + SRTP_ARIA_256_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_32", + SRTP_ARIA_256_CTR_HMAC_SHA1_32, + }, + { + "SRTP_AEAD_ARIA_128_GCM", + SRTP_AEAD_ARIA_128_GCM, + }, + { + "SRTP_AEAD_ARIA_256_GCM", + SRTP_AEAD_ARIA_256_GCM, + }, {0} }; |