1 files changed, 402 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index d3858e4c50..1b2820d78b 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.14 2017/08/27 02:17:51 beck Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.15 2017/08/27 02:58:04 doug Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2257,6 +2257,400 @@ test_tlsext_sessionticket_serverhello(void)
        return (failure);
 }
+#ifndef OPENSSL_NO_SRTP
+/*
+ * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
+ */
+/* Colon separated string values */
+const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
+const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
+const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
+const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
+const uint8_t tlsext_srtp_single[] = {
+        /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
+        0x00, 0x02, /* len */
+        0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
+        0x00        /* opaque srtp_mki<0..255> */
+};
+const uint8_t tlsext_srtp_multiple[] = {
+        /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
+        0x00, 0x04, /* len */
+        0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
+        0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
+        0x00    /* opaque srtp_mki<0..255> */
+};
+const uint8_t tlsext_srtp_multiple_invalid[] = {
+        /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
+        0x00, 0x04, /* len */
+        0x00, 0x08, /* arbitrary value not found in known profiles */
+        0x00, 0x09, /* arbitrary value not found in known profiles */
+        0x00    /* opaque srtp_mki<0..255> */
+};
+const uint8_t tlsext_srtp_single_invalid[] = {
+        /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
+        0x00, 0x02, /* len */
+        0x00, 0x08, /* arbitrary value not found in known profiles */
+        0x00    /* opaque srtp_mki<0..255> */
+};
+const uint8_t tlsext_srtp_multiple_one_valid[] = {
+        /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
+        0x00, 0x04, /* len */
+        0x00, 0x08, /* arbitrary value not found in known profiles */
+        0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
+        0x00        /* opaque srtp_mki<0..255> */
+};
+static int
+test_tlsext_srtp_clienthello(void)
+{
+        SRTP_PROTECTION_PROFILE *prof;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        uint8_t *data = NULL;
+        CBB cbb;
+        CBS cbs;
+        int failure, alert;
+        size_t dlen;
+        CBB_init(&cbb, 0);
+        failure = 1;
+        /* SRTP is for DTLS */
+        if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        /* By default, we don't need this */
+        if (tlsext_srtp_clienthello_needs(ssl)) {
+                FAIL("clienthello should not need SRTP by default\n");
+                goto err;
+        }
+        if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
+                FAIL("should be able to set a single SRTP\n");
+                goto err;
+        }
+        if (!tlsext_srtp_clienthello_needs(ssl)) {
+                FAIL("clienthello should need SRTP\n");
+                goto err;
+        }
+        /* Make sure we can build the clienthello with a single profile. */
+        if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build SRTP\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_srtp_single)) {
+                FAIL("got clienthello SRTP with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_srtp_single));
+                compare_data(data, dlen, tlsext_srtp_single,
+                    sizeof(tlsext_srtp_single));
+                goto err;
+        }
+        if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
+                FAIL("clienthello SRTP differs:\n");
+                compare_data(data, dlen, tlsext_srtp_single,
+                    sizeof(tlsext_srtp_single));
+                goto err;
+        }
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        /* Make sure we can parse the single profile. */
+        if (SSL_get_selected_srtp_profile(ssl) != NULL) {
+                FAIL("SRTP profile should not be set yet\n");
+                goto err;
+        }
+        CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
+        if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse SRTP\n");
+                goto err;
+        }
+        if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
+                FAIL("SRTP profile should be set now\n");
+                goto err;
+        }
+        if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
+                FAIL("SRTP profile was not set properly\n");
+                goto err;
+        }
+        if (!tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("should send server extension when profile selected\n");
+                goto err;
+        }
+        /* Make sure we can build the clienthello with multiple entries. */
+        if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
+                FAIL("should be able to set SRTP to multiple profiles\n");
+                goto err;
+        }
+        if (!tlsext_srtp_clienthello_needs(ssl)) {
+                FAIL("clienthello should need SRTP by now\n");
+                goto err;
+        }
+        if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build SRTP\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_srtp_multiple)) {
+                FAIL("got clienthello SRTP with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_srtp_multiple));
+                compare_data(data, dlen, tlsext_srtp_multiple,
+                    sizeof(tlsext_srtp_multiple));
+                goto err;
+        }
+        if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
+                FAIL("clienthello SRTP differs:\n");
+                compare_data(data, dlen, tlsext_srtp_multiple,
+                    sizeof(tlsext_srtp_multiple));
+                goto err;
+        }
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        /* Make sure we can parse multiple profiles (selects server preferred) */
+        ssl->internal->srtp_profile = NULL;
+        CBS_init(&cbs, tlsext_srtp_multiple,
+            sizeof(tlsext_srtp_multiple));
+        if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse SRTP\n");
+                goto err;
+        }
+        if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
+                FAIL("SRTP profile should be set now\n");
+                goto err;
+        }
+        if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
+                FAIL("SRTP profile was not set properly\n");
+                goto err;
+        }
+        if (!tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("should send server extension when profile selected\n");
+                goto err;
+        }
+        /*
+         * Make sure we can parse the clienthello with multiple entries
+         * where one is unknown.
+         */
+        ssl->internal->srtp_profile = NULL;
+        CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
+            sizeof(tlsext_srtp_multiple_one_valid));
+        if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse SRTP\n");
+                goto err;
+        }
+        if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
+                FAIL("SRTP profile should be set now\n");
+                goto err;
+        }
+        if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
+                FAIL("SRTP profile was not set properly\n");
+                goto err;
+        }
+        if (!tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("should send server extension when profile selected\n");
+                goto err;
+        }
+        /* Make sure we fall back to negotiated when none work. */
+        ssl->internal->srtp_profile = NULL;
+        CBS_init(&cbs, tlsext_srtp_multiple_invalid,
+            sizeof(tlsext_srtp_multiple_invalid));
+        if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("should be able to fall back to negotiated\n");
+                goto err;
+        }
+        /* If we fallback, the server should NOT send the extension. */
+        if (SSL_get_selected_srtp_profile(ssl) != NULL) {
+                FAIL("should not have selected a profile when none found\n");
+                goto err;
+        }
+        if (tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("should not send server tlsext when no profile found\n");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+static int
+test_tlsext_srtp_serverhello(void)
+{
+        SRTP_PROTECTION_PROFILE *prof;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        uint8_t *data = NULL;
+        CBB cbb;
+        CBS cbs;
+        int failure, alert;
+        size_t dlen;
+        CBB_init(&cbb, 0);
+        failure = 1;
+        /* SRTP is for DTLS */
+        if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        /* By default, we don't need this */
+        if (tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("serverhello should not need SRTP by default\n");
+                goto err;
+        }
+        if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof,
+            strlen(tlsext_srtp_aes128cmsha80))) {
+                FAIL("should be able to find the given profile\n");
+                goto err;
+        }
+        ssl->internal->srtp_profile = prof;
+        if (!tlsext_srtp_serverhello_needs(ssl)) {
+                FAIL("serverhello should need SRTP by now\n");
+                goto err;
+        }
+        /* Make sure we can build the serverhello with a single profile. */
+        if (!tlsext_srtp_serverhello_build(ssl, &cbb)) {
+                FAIL("serverhello failed to build SRTP\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_srtp_single)) {
+                FAIL("got serverhello SRTP with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_srtp_single));
+                compare_data(data, dlen, tlsext_srtp_single,
+                    sizeof(tlsext_srtp_single));
+                goto err;
+        }
+        if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
+                FAIL("serverhello SRTP differs:\n");
+                compare_data(data, dlen, tlsext_srtp_single,
+                    sizeof(tlsext_srtp_single));
+                goto err;
+        }
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        /* Make sure we can parse the single profile. */
+        ssl->internal->srtp_profile = NULL;
+        if (SSL_get_selected_srtp_profile(ssl) != NULL) {
+                FAIL("SRTP profile should not be set yet\n");
+                goto err;
+        }
+        /* Setup the environment as if a client sent a list of profiles. */
+        if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
+                FAIL("should be able to set multiple profiles in SRTP\n");
+                goto err;
+        }
+        CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
+        if (!tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse SRTP\n");
+                goto err;
+        }
+        if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
+                FAIL("SRTP profile should be set now\n");
+                goto err;
+        }
+        if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
+                FAIL("SRTP profile was not set properly\n");
+                goto err;
+        }
+        /* Make sure we cannot parse multiple profiles */
+        ssl->internal->srtp_profile = NULL;
+        CBS_init(&cbs, tlsext_srtp_multiple,
+            sizeof(tlsext_srtp_multiple));
+        if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("should not find multiple entries from the server\n");
+                goto err;
+        }
+        /* Make sure we cannot parse a serverhello with unknown profile */
+        ssl->internal->srtp_profile = NULL;
+        CBS_init(&cbs, tlsext_srtp_single_invalid,
+            sizeof(tlsext_srtp_single_invalid));
+        if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("should not be able to parse this\n");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+#endif /* OPENSSL_NO_SRTP */
 int
 main(int argc, char **argv)
 {
@@ -2288,5 +2682,12 @@ main(int argc, char **argv)
        failed |= test_tlsext_sessionticket_clienthello();
        failed |= test_tlsext_sessionticket_serverhello();
+#ifndef OPENSSL_NO_SRTP
+        failed |= test_tlsext_srtp_clienthello();
+        failed |= test_tlsext_srtp_serverhello();
+#else
+        fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
+#endif
        return (failed);
 }

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index d3858e4c50..1b2820d78b 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.14 2017/08/27 02:17:51 beck Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.15 2017/08/27 02:58:04 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2257,6 +2257,400 @@ test_tlsext_sessionticket_serverhello(void)
2257	return (failure);	2257	return (failure);
2258	}	2258	}
2259		2259
		2260	#ifndef OPENSSL_NO_SRTP
		2261	/*
		2262	* Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
		2263	*/
		2264
		2265	/* Colon separated string values */
		2266	const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
		2267	const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
		2268
		2269	const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
		2270	const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
		2271
		2272	const uint8_t tlsext_srtp_single[] = {
		2273	/* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
		2274	0x00, 0x02, /* len */
		2275	0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
		2276	0x00 /* opaque srtp_mki<0..255> */
		2277	};
		2278
		2279	const uint8_t tlsext_srtp_multiple[] = {
		2280	/* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
		2281	0x00, 0x04, /* len */
		2282	0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
		2283	0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
		2284	0x00 /* opaque srtp_mki<0..255> */
		2285	};
		2286
		2287	const uint8_t tlsext_srtp_multiple_invalid[] = {
		2288	/* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
		2289	0x00, 0x04, /* len */
		2290	0x00, 0x08, /* arbitrary value not found in known profiles */
		2291	0x00, 0x09, /* arbitrary value not found in known profiles */
		2292	0x00 /* opaque srtp_mki<0..255> */
		2293	};
		2294
		2295	const uint8_t tlsext_srtp_single_invalid[] = {
		2296	/* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
		2297	0x00, 0x02, /* len */
		2298	0x00, 0x08, /* arbitrary value not found in known profiles */
		2299	0x00 /* opaque srtp_mki<0..255> */
		2300	};
		2301
		2302	const uint8_t tlsext_srtp_multiple_one_valid[] = {
		2303	/* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
		2304	0x00, 0x04, /* len */
		2305	0x00, 0x08, /* arbitrary value not found in known profiles */
		2306	0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
		2307	0x00 /* opaque srtp_mki<0..255> */
		2308	};
		2309
		2310	static int
		2311	test_tlsext_srtp_clienthello(void)
		2312	{
		2313	SRTP_PROTECTION_PROFILE *prof;
		2314	SSL_CTX *ssl_ctx = NULL;
		2315	SSL *ssl = NULL;
		2316	uint8_t *data = NULL;
		2317	CBB cbb;
		2318	CBS cbs;
		2319	int failure, alert;
		2320	size_t dlen;
		2321
		2322	CBB_init(&cbb, 0);
		2323
		2324	failure = 1;
		2325
		2326	/* SRTP is for DTLS */
		2327	if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
		2328	errx(1, "failed to create SSL_CTX");
		2329	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		2330	errx(1, "failed to create SSL");
		2331
		2332	/* By default, we don't need this */
		2333	if (tlsext_srtp_clienthello_needs(ssl)) {
		2334	FAIL("clienthello should not need SRTP by default\n");
		2335	goto err;
		2336	}
		2337
		2338	if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
		2339	FAIL("should be able to set a single SRTP\n");
		2340	goto err;
		2341	}
		2342	if (!tlsext_srtp_clienthello_needs(ssl)) {
		2343	FAIL("clienthello should need SRTP\n");
		2344	goto err;
		2345	}
		2346
		2347	/* Make sure we can build the clienthello with a single profile. */
		2348
		2349	if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
		2350	FAIL("clienthello failed to build SRTP\n");
		2351	goto err;
		2352	}
		2353	if (!CBB_finish(&cbb, &data, &dlen))
		2354	errx(1, "failed to finish CBB");
		2355
		2356	if (dlen != sizeof(tlsext_srtp_single)) {
		2357	FAIL("got clienthello SRTP with length %zu, "
		2358	"want length %zu\n", dlen,
		2359	sizeof(tlsext_srtp_single));
		2360	compare_data(data, dlen, tlsext_srtp_single,
		2361	sizeof(tlsext_srtp_single));
		2362	goto err;
		2363	}
		2364	if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
		2365	FAIL("clienthello SRTP differs:\n");
		2366	compare_data(data, dlen, tlsext_srtp_single,
		2367	sizeof(tlsext_srtp_single));
		2368	goto err;
		2369	}
		2370
		2371	CBB_cleanup(&cbb);
		2372	CBB_init(&cbb, 0);
		2373	free(data);
		2374	data = NULL;
		2375
		2376	/* Make sure we can parse the single profile. */
		2377
		2378	if (SSL_get_selected_srtp_profile(ssl) != NULL) {
		2379	FAIL("SRTP profile should not be set yet\n");
		2380	goto err;
		2381	}
		2382
		2383	CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
		2384	if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
		2385	FAIL("failed to parse SRTP\n");
		2386	goto err;
		2387	}
		2388
		2389	if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
		2390	FAIL("SRTP profile should be set now\n");
		2391	goto err;
		2392	}
		2393	if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
		2394	FAIL("SRTP profile was not set properly\n");
		2395	goto err;
		2396	}
		2397
		2398	if (!tlsext_srtp_serverhello_needs(ssl)) {
		2399	FAIL("should send server extension when profile selected\n");
		2400	goto err;
		2401	}
		2402
		2403	/* Make sure we can build the clienthello with multiple entries. */
		2404
		2405	if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
		2406	FAIL("should be able to set SRTP to multiple profiles\n");
		2407	goto err;
		2408	}
		2409	if (!tlsext_srtp_clienthello_needs(ssl)) {
		2410	FAIL("clienthello should need SRTP by now\n");
		2411	goto err;
		2412	}
		2413
		2414	if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
		2415	FAIL("clienthello failed to build SRTP\n");
		2416	goto err;
		2417	}
		2418	if (!CBB_finish(&cbb, &data, &dlen))
		2419	errx(1, "failed to finish CBB");
		2420
		2421	if (dlen != sizeof(tlsext_srtp_multiple)) {
		2422	FAIL("got clienthello SRTP with length %zu, "
		2423	"want length %zu\n", dlen,
		2424	sizeof(tlsext_srtp_multiple));
		2425	compare_data(data, dlen, tlsext_srtp_multiple,
		2426	sizeof(tlsext_srtp_multiple));
		2427	goto err;
		2428	}
		2429	if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
		2430	FAIL("clienthello SRTP differs:\n");
		2431	compare_data(data, dlen, tlsext_srtp_multiple,
		2432	sizeof(tlsext_srtp_multiple));
		2433	goto err;
		2434	}
		2435
		2436	CBB_cleanup(&cbb);
		2437	CBB_init(&cbb, 0);
		2438	free(data);
		2439	data = NULL;
		2440
		2441	/* Make sure we can parse multiple profiles (selects server preferred) */
		2442
		2443	ssl->internal->srtp_profile = NULL;
		2444
		2445	CBS_init(&cbs, tlsext_srtp_multiple,
		2446	sizeof(tlsext_srtp_multiple));
		2447	if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
		2448	FAIL("failed to parse SRTP\n");
		2449	goto err;
		2450	}
		2451
		2452	if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
		2453	FAIL("SRTP profile should be set now\n");
		2454	goto err;
		2455	}
		2456	if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
		2457	FAIL("SRTP profile was not set properly\n");
		2458	goto err;
		2459	}
		2460
		2461	if (!tlsext_srtp_serverhello_needs(ssl)) {
		2462	FAIL("should send server extension when profile selected\n");
		2463	goto err;
		2464	}
		2465
		2466	/*
		2467	* Make sure we can parse the clienthello with multiple entries
		2468	* where one is unknown.
		2469	*/
		2470	ssl->internal->srtp_profile = NULL;
		2471
		2472	CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
		2473	sizeof(tlsext_srtp_multiple_one_valid));
		2474	if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
		2475	FAIL("failed to parse SRTP\n");
		2476	goto err;
		2477	}
		2478
		2479	if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
		2480	FAIL("SRTP profile should be set now\n");
		2481	goto err;
		2482	}
		2483	if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
		2484	FAIL("SRTP profile was not set properly\n");
		2485	goto err;
		2486	}
		2487
		2488	if (!tlsext_srtp_serverhello_needs(ssl)) {
		2489	FAIL("should send server extension when profile selected\n");
		2490	goto err;
		2491	}
		2492
		2493	/* Make sure we fall back to negotiated when none work. */
		2494
		2495	ssl->internal->srtp_profile = NULL;
		2496
		2497	CBS_init(&cbs, tlsext_srtp_multiple_invalid,
		2498	sizeof(tlsext_srtp_multiple_invalid));
		2499	if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
		2500	FAIL("should be able to fall back to negotiated\n");
		2501	goto err;
		2502	}
		2503
		2504	/* If we fallback, the server should NOT send the extension. */
		2505	if (SSL_get_selected_srtp_profile(ssl) != NULL) {
		2506	FAIL("should not have selected a profile when none found\n");
		2507	goto err;
		2508	}
		2509	if (tlsext_srtp_serverhello_needs(ssl)) {
		2510	FAIL("should not send server tlsext when no profile found\n");
		2511	goto err;
		2512	}
		2513
		2514	failure = 0;
		2515
		2516	err:
		2517	CBB_cleanup(&cbb);
		2518	SSL_CTX_free(ssl_ctx);
		2519	SSL_free(ssl);
		2520	free(data);
		2521
		2522	return (failure);
		2523	}
		2524
		2525	static int
		2526	test_tlsext_srtp_serverhello(void)
		2527	{
		2528	SRTP_PROTECTION_PROFILE *prof;
		2529	SSL_CTX *ssl_ctx = NULL;
		2530	SSL *ssl = NULL;
		2531	uint8_t *data = NULL;
		2532	CBB cbb;
		2533	CBS cbs;
		2534	int failure, alert;
		2535	size_t dlen;
		2536
		2537	CBB_init(&cbb, 0);
		2538
		2539	failure = 1;
		2540
		2541	/* SRTP is for DTLS */
		2542	if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
		2543	errx(1, "failed to create SSL_CTX");
		2544	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		2545	errx(1, "failed to create SSL");
		2546
		2547	/* By default, we don't need this */
		2548	if (tlsext_srtp_serverhello_needs(ssl)) {
		2549	FAIL("serverhello should not need SRTP by default\n");
		2550	goto err;
		2551	}
		2552
		2553	if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof,
		2554	strlen(tlsext_srtp_aes128cmsha80))) {
		2555	FAIL("should be able to find the given profile\n");
		2556	goto err;
		2557	}
		2558	ssl->internal->srtp_profile = prof;
		2559	if (!tlsext_srtp_serverhello_needs(ssl)) {
		2560	FAIL("serverhello should need SRTP by now\n");
		2561	goto err;
		2562	}
		2563
		2564	/* Make sure we can build the serverhello with a single profile. */
		2565
		2566	if (!tlsext_srtp_serverhello_build(ssl, &cbb)) {
		2567	FAIL("serverhello failed to build SRTP\n");
		2568	goto err;
		2569	}
		2570	if (!CBB_finish(&cbb, &data, &dlen))
		2571	errx(1, "failed to finish CBB");
		2572
		2573	if (dlen != sizeof(tlsext_srtp_single)) {
		2574	FAIL("got serverhello SRTP with length %zu, "
		2575	"want length %zu\n", dlen,
		2576	sizeof(tlsext_srtp_single));
		2577	compare_data(data, dlen, tlsext_srtp_single,
		2578	sizeof(tlsext_srtp_single));
		2579	goto err;
		2580	}
		2581	if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
		2582	FAIL("serverhello SRTP differs:\n");
		2583	compare_data(data, dlen, tlsext_srtp_single,
		2584	sizeof(tlsext_srtp_single));
		2585	goto err;
		2586	}
		2587
		2588	CBB_cleanup(&cbb);
		2589	CBB_init(&cbb, 0);
		2590	free(data);
		2591	data = NULL;
		2592
		2593	/* Make sure we can parse the single profile. */
		2594	ssl->internal->srtp_profile = NULL;
		2595
		2596	if (SSL_get_selected_srtp_profile(ssl) != NULL) {
		2597	FAIL("SRTP profile should not be set yet\n");
		2598	goto err;
		2599	}
		2600
		2601	/* Setup the environment as if a client sent a list of profiles. */
		2602	if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
		2603	FAIL("should be able to set multiple profiles in SRTP\n");
		2604	goto err;
		2605	}
		2606
		2607	CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
		2608	if (!tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
		2609	FAIL("failed to parse SRTP\n");
		2610	goto err;
		2611	}
		2612
		2613	if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
		2614	FAIL("SRTP profile should be set now\n");
		2615	goto err;
		2616	}
		2617	if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
		2618	FAIL("SRTP profile was not set properly\n");
		2619	goto err;
		2620	}
		2621
		2622	/* Make sure we cannot parse multiple profiles */
		2623	ssl->internal->srtp_profile = NULL;
		2624
		2625	CBS_init(&cbs, tlsext_srtp_multiple,
		2626	sizeof(tlsext_srtp_multiple));
		2627	if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
		2628	FAIL("should not find multiple entries from the server\n");
		2629	goto err;
		2630	}
		2631
		2632	/* Make sure we cannot parse a serverhello with unknown profile */
		2633	ssl->internal->srtp_profile = NULL;
		2634
		2635	CBS_init(&cbs, tlsext_srtp_single_invalid,
		2636	sizeof(tlsext_srtp_single_invalid));
		2637	if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
		2638	FAIL("should not be able to parse this\n");
		2639	goto err;
		2640	}
		2641
		2642	failure = 0;
		2643
		2644	err:
		2645	CBB_cleanup(&cbb);
		2646	SSL_CTX_free(ssl_ctx);
		2647	SSL_free(ssl);
		2648	free(data);
		2649
		2650	return (failure);
		2651	}
		2652	#endif /* OPENSSL_NO_SRTP */
		2653
2260	int	2654	int
2261	main(int argc, char **argv)	2655	main(int argc, char **argv)
2262	{	2656	{
@@ -2288,5 +2682,12 @@ main(int argc, char **argv)
2288	failed \|= test_tlsext_sessionticket_clienthello();	2682	failed \|= test_tlsext_sessionticket_clienthello();
2289	failed \|= test_tlsext_sessionticket_serverhello();	2683	failed \|= test_tlsext_sessionticket_serverhello();
2290		2684
		2685	#ifndef OPENSSL_NO_SRTP
		2686	failed \|= test_tlsext_srtp_clienthello();
		2687	failed \|= test_tlsext_srtp_serverhello();
		2688	#else
		2689	fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
		2690	#endif
		2691
2291	return (failed);	2692	return (failed);
2292	}	2693	}