Implement RFC 5764 (DTLS-SRTP).

net/third_party/nss/ssl/ssl.h

 /*
  * This file contains prototypes for the public SSL functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 818 matching lines @@
  * a suitable match and send it if one is found.
  */
 SSL_IMPORT SECStatus
 NSS_GetClientAuthData(void *                       arg,
                       PRFileDesc *                 socket,
                       struct CERTDistNamesStr *    caNames,
                       struct CERTCertificateStr ** pRetCert,
                       struct SECKEYPrivateKeyStr **pRetKey);
 
 /*
+** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
+** Input is a list of ciphers in descending preference order and a length
+** of the list. As a side effect, this causes the use_srtp extension to be
+** negotiated.
+*/
+SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *socket,
+                                        const PRUint16 *ciphers,
+                                        unsigned int numCiphers);

[wtc, 2012/04/20 02:02:13]

To enable SSL/TLS cipher suites, one has to call the
SSL_CipherPrefSet function on individual cipher suites.
So SSL_SetSRTPCiphers uses a different method to enable
all SRTP cipher suites in one shot.

I wonder if we should use a SSL_SRTPCipherPrefSet function
instead to be consistent with the SSL_CipherPrefSet style.

[ekr, 2012/04/26 14:33:42]

That seems to be a change consistent with NSS style. I.e., "Yes" :)

[wtc, 2012/04/27 01:06:08]

I just realized that one disadvantage of the
SSL_CipherPrefSet style is that the ordering of cipher
suites is fixed.

So, if you think the number of SRTP cipher suites will
remain small, the SSL_SetSRTPCiphers function seems
better: it allows us to specify all the SRTP cipher to
enable, including their ordering, in one shot.

[ekr, 2012/04/27 03:36:34]

I think it's likely to remain very small; there's no combinatoric explosion
problem with key exchange, so we may just add AEAD (GCM) or something, but
probably no more than 10 cipher suites.

+
+/*
+** Get the selected DTLS-SRTP cipher suite (if any).
+** To be called after the handshake completes.
+** Returns SECFailure if not negotiated.
+*/
+SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *socket,
+                                       PRUint16 *cipher);
+
+/*
  * Look to see if any of the signers in the cert chain for "cert" are found
  * in the list of caNames.  
  * Returns SECSuccess if so, SECFailure if not.
  * Used by NSS_GetClientAuthData.  May be used by other callback functions.
  */
 SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert, 
                                           CERTDistNames *caNames);
 
 /* 
  * Returns key exchange type of the keys in an SSL server certificate.
@@ skipping 182 matching lines @@
  * should continue using the connection. If the application passes a non-zero
  * value for second argument (error), or if SSL_AuthCertificateComplete returns
  * anything other than SECSuccess, then the application should close the
  * connection.
  */
 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
                                                  PRErrorCode error);
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */