Implement RFC 5764 (DTLS-SRTP).

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
@@ skipping 207 matching lines @@
 PRBool                  locksEverDisabled;      /* implicitly PR_FALSE */
 PRBool                  ssl_force_locks;        /* implicitly PR_FALSE */
 int                     ssl_lock_readers        = 1;    /* default true. */
 char                    ssl_debug;
 char                    ssl_trace;
 FILE *                  ssl_trace_iob;
 FILE *                  ssl_keylog_iob;
 char lockStatus[] = "Locks are ENABLED.  ";
 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
 
+static PRUint16 srtpCiphers[] = {
+    SRTP_AES128_CM_SHA1_80,
+    SRTP_AES128_CM_SHA1_32,
+    0
+};
+
 /* forward declarations. */
 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
 static SECStatus  ssl_MakeLocks(sslSocket *ss);
 static void       ssl_SetDefaultsFromEnvironment(void);
 static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, 
                                   PRDescIdentity id);
 
 /************************************************************************/
 
 /*
@@ skipping 1351 matching lines @@
         }
         PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
         *bufLen = ss->ssl3.nextProto.len;
     } else {
         *bufLen = 0;
     }
 
     return SECSuccess;
 }
 
+SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *socket,
+                                        const PRUint16 *ciphers,
+                                        unsigned int num_ciphers)
+{
+    sslSocket * ss;
+    int i;
+
+    ss = ssl_FindSocket(socket);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers"));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    for (i=0; i<num_ciphers; i++) {
+        PRUint16 *srtpCipher = srtpCiphers;
+
+        while (*srtpCipher) {
+            if (ciphers[i] == *srtpCipher)
+                break;
+            srtpCipher++;
+        }
+        if (!*srtpCipher) {
+            SSL_DBG(("%d: SSL[%d]: invalid SRTP cipher suite specified"));
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+    }
+    
+    if (num_ciphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    memcpy(ss->ssl3.dtlsSRTPCiphers, ciphers, sizeof(PRUint16) * num_ciphers);
+    ss->ssl3.dtlsSRTPCipherCt = num_ciphers;
+    
+    return SECSuccess;
+}
+
+
+SECStatus
+SSL_GetSRTPCipher(PRFileDesc *socket, PRUint16 *cipher)
+{
+    sslSocket * ss;
+
+    ss = ssl_FindSocket(socket);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher"));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!ss->ssl3.dtlsSRTPCipherSuite)
+        return SECFailure;
+
+    *cipher = ss->ssl3.dtlsSRTPCipherSuite;
+    return SECSuccess;
+}
+
 PRFileDesc *
 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
 {
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     PR_NOT_REACHED("not implemented");
     return NULL;
 
 #if 0
     sslSocket * sm = NULL, *ss = NULL;
     int i;
@@ skipping 1372 matching lines @@
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
         ss->protocolVariant = protocolVariant;
     }
     return ss;
 }