Add more SRTP protection profiles

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18030)
author: Kijin Kim <msrndsy@gmail.com> 2022-04-04 15:31:04 +0900
committer: Tomas Mraz <tomas@openssl.org> 2022-05-23 10:07:51 +0200
commit: a425c0fec6eb74c942ca5bca8e27ff0c9f126d48 (patch)
tree: 0c184574aa4ffe33898765c41031145cf4a8e12d
parent: 091e60c42c5d2a194936da7f4de3ce82527b27a3 (diff)
4 files changed, 88 insertions, 8 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 4f256e65a6..d8c20dba0a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,10 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * Add more SRTP protection profiles from RFC8723 and RFC8269.
+
+   *Kijin Kim*
+
  * Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload.
 
    *Daiki Ueno, John Baldwin and Dmitry Podgorny*
diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
index e91f32b7f8..046cdb8afe 100644
--- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
@@ -56,6 +56,38 @@ This corresponds to the profile of the same name defined in RFC7714.
 
 This corresponds to the profile of the same name defined in RFC7714.
 
+=item SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM
+
+This corresponds to the profile of the same name defined in RFC8723.
+
+=item SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM
+
+This corresponds to the profile of the same name defined in RFC8723.
+
+=item SRTP_ARIA_128_CTR_HMAC_SHA1_80
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_128_CTR_HMAC_SHA1_32
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_256_CTR_HMAC_SHA1_80
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_ARIA_256_CTR_HMAC_SHA1_32
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_AEAD_ARIA_128_GCM
+
+This corresponds to the profile of the same name defined in RFC8269.
+
+=item SRTP_AEAD_ARIA_256_GCM
+
+This corresponds to the profile of the same name defined in RFC8269.
+
 =back
 
 Supplying an unrecognised protection profile name will result in an error.
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
index d64606e5d9..2c2c334443 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 2300753382..1fd5947986 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -36,6 +36,38 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      "SRTP_AEAD_AES_256_GCM",
      SRTP_AEAD_AES_256_GCM,
      },
+    {
+     "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
+     SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
+     SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_ARIA_128_GCM",
+     SRTP_AEAD_ARIA_128_GCM,
+     },
+    {
+     "SRTP_AEAD_ARIA_256_GCM",
+     SRTP_AEAD_ARIA_256_GCM,
+     },
     {0}
 };
author	Kijin Kim <msrndsy@gmail.com>	2022-04-04 15:31:04 +0900
committer	Tomas Mraz <tomas@openssl.org>	2022-05-23 10:07:51 +0200
commit	a425c0fec6eb74c942ca5bca8e27ff0c9f126d48 (patch)
tree	0c184574aa4ffe33898765c41031145cf4a8e12d
parent	091e60c42c5d2a194936da7f4de3ce82527b27a3 (diff)