openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Add more SRTP protection profiles 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18030)
This commit is contained in:
Kijin Kim 2022-04-04 15:31:04 +09:00 committed by Tomas Mraz
parent 091e60c42c
commit a425c0fec6
4 changed files with 88 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES.md
View File

@ -24,6 +24,10 @@ OpenSSL 3.1
### Changes between 3.0 and 3.1 [xx XXX xxxx]
* Add more SRTP protection profiles from RFC8723 and RFC8269.
*Kijin Kim*
* Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload.
*Daiki Ueno, John Baldwin and Dmitry Podgorny*

32
doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
View File

@ -56,6 +56,38 @@ This corresponds to the profile of the same name defined in RFC7714.
This corresponds to the profile of the same name defined in RFC7714.
=item SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM
This corresponds to the profile of the same name defined in RFC8723.
=item SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM
This corresponds to the profile of the same name defined in RFC8723.
=item SRTP_ARIA_128_CTR_HMAC_SHA1_80
This corresponds to the profile of the same name defined in RFC8269.
=item SRTP_ARIA_128_CTR_HMAC_SHA1_32
This corresponds to the profile of the same name defined in RFC8269.
=item SRTP_ARIA_256_CTR_HMAC_SHA1_80
This corresponds to the profile of the same name defined in RFC8269.
=item SRTP_ARIA_256_CTR_HMAC_SHA1_32
This corresponds to the profile of the same name defined in RFC8269.
=item SRTP_AEAD_ARIA_128_GCM
This corresponds to the profile of the same name defined in RFC8269.
=item SRTP_AEAD_ARIA_256_GCM
This corresponds to the profile of the same name defined in RFC8269.
=back
Supplying an unrecognised protection profile name will result in an error.

28
include/openssl/srtp.h
View File

@ -28,16 +28,28 @@
extern "C" {
#endif
# define SRTP_AES128_CM_SHA1_80 0x0001
# define SRTP_AES128_CM_SHA1_32 0x0002
# define SRTP_AES128_F8_SHA1_80 0x0003
# define SRTP_AES128_F8_SHA1_32 0x0004
# define SRTP_NULL_SHA1_80 0x0005
# define SRTP_NULL_SHA1_32 0x0006
# define SRTP_AES128_CM_SHA1_80 0x0001
# define SRTP_AES128_CM_SHA1_32 0x0002
# define SRTP_AES128_F8_SHA1_80 0x0003
# define SRTP_AES128_F8_SHA1_32 0x0004
# define SRTP_NULL_SHA1_80 0x0005
# define SRTP_NULL_SHA1_32 0x0006
/* AEAD SRTP protection profiles from RFC 7714 */
# define SRTP_AEAD_AES_128_GCM 0x0007
# define SRTP_AEAD_AES_256_GCM 0x0008
# define SRTP_AEAD_AES_128_GCM 0x0007
# define SRTP_AEAD_AES_256_GCM 0x0008
/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009
# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A
/* ARIA SRTP protection profiles from RFC 8269 */
# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B
# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C
# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D
# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E
# define SRTP_AEAD_ARIA_128_GCM 0x000F
# define SRTP_AEAD_ARIA_256_GCM 0x0010
# ifndef OPENSSL_NO_SRTP

32
ssl/d1_srtp.c
View File

@ -36,6 +36,38 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
"SRTP_AEAD_AES_256_GCM",
SRTP_AEAD_AES_256_GCM,
},
{
"SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
},
{
"SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
},
{
"SRTP_ARIA_128_CTR_HMAC_SHA1_80",
SRTP_ARIA_128_CTR_HMAC_SHA1_80,
},
{
"SRTP_ARIA_128_CTR_HMAC_SHA1_32",
SRTP_ARIA_128_CTR_HMAC_SHA1_32,
},
{
"SRTP_ARIA_256_CTR_HMAC_SHA1_80",
SRTP_ARIA_256_CTR_HMAC_SHA1_80,
},
{
"SRTP_ARIA_256_CTR_HMAC_SHA1_32",
SRTP_ARIA_256_CTR_HMAC_SHA1_32,
},
{
"SRTP_AEAD_ARIA_128_GCM",
SRTP_AEAD_ARIA_128_GCM,
},
{
"SRTP_AEAD_ARIA_256_GCM",
SRTP_AEAD_ARIA_256_GCM,
},
{0}
};