Add methods for DTLS/SRTP key handshake

author: Aron Wieck <[email protected]> 2018-08-09 15:37:23 +0200
committer: Aron Wieck <[email protected]> 2018-08-14 16:04:33 +0200
commit: 59c578cf04f96e02871c509d9c64a3d26a6467a4 (patch)
tree: d6f5d3551753772f96f685f6f7438b1be4f8b787 /openssl/src/ssl/mod.rs
parent: Merge pull request #974 from sfackler/shutdown (diff)
download: rust-openssl-59c578cf04f96e02871c509d9c64a3d26a6467a4.tar.xz
rust-openssl-59c578cf04f96e02871c509d9c64a3d26a6467a4.zip
1 files changed, 95 insertions, 0 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 7732765a..c6305dcd 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -88,6 +88,7 @@ use hash::MessageDigest;
 #[cfg(ossl110)]
 use nid::Nid;
 use pkey::{HasPrivate, PKeyRef, Params, Private};
+use srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};
 use ssl::bio::BioMethod;
 use ssl::callbacks::*;
 use ssl::error::InnerError;
@@ -1156,6 +1157,28 @@ impl SslContextBuilder {
         }
     }
 
+    /// Enables the DTLS extension "use_srtp" as defined in RFC5764.
+    ///
+    /// This corresponds to [`SSL_CTX_set_tlsext_use_srtp`].
+    ///
+    /// [`SSL_CTX_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
+    pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> {
+        unsafe {
+            let cstr = CString::new(protocols).unwrap();
+
+            let r = ffi::SSL_CTX_set_tlsext_use_srtp(
+                self.as_ptr(),
+                cstr.as_ptr(),
+            );
+            // fun fact, set_tlsext_use_srtp has a reversed return code D:
+            if r == 0 {
+                Ok(())
+            } else {
+                Err(ErrorStack::get())
+            }
+        }
+    }
+
     /// Sets the callback used by a server to select a protocol for Application Layer Protocol
     /// Negotiation (ALPN).
     ///
@@ -2455,6 +2478,78 @@ impl SslRef {
         }
     }
 
+
+    /// Enables the DTLS extension "use_srtp" as defined in RFC5764.
+    ///
+    /// This corresponds to [`SSL_set_tlsext_use_srtp`].
+    ///
+    /// [`SSL_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
+    pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> {
+        unsafe {
+            let cstr = CString::new(protocols).unwrap();
+
+            let r = ffi::SSL_set_tlsext_use_srtp(
+                self.as_ptr(),
+                cstr.as_ptr(),
+            );
+            // fun fact, set_tlsext_use_srtp has a reversed return code D:
+            if r == 0 {
+                Ok(())
+            } else {
+                Err(ErrorStack::get())
+            }
+        }
+    }
+
+    /// Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp
+    ///
+    /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
+    ///
+    /// This corresponds to [`SSL_get_srtp_profiles`].
+    ///
+    /// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
+    pub fn get_srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> {
+        unsafe {
+            let chain = ffi::SSL_get_srtp_profiles(self.as_ptr());
+
+            if chain.is_null() {
+                None
+            } else {
+                Some(StackRef::from_ptr(chain))
+            }
+        }
+    }
+    /// Gets the SRTP profile selected by handshake.
+    ///
+    /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
+    ///
+    /// This corresponds to [`SSL_get_selected_srtp_profile`].
+    ///
+    /// [`SSL_get_selected_srtp_profile`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
+    pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef> {
+        unsafe {
+            let profile = ffi::SSL_get_selected_srtp_profile(self.as_ptr());
+
+            if profile.is_null() {
+                None
+            } else {
+                Some(SrtpProtectionProfileRef::from_ptr(profile as *mut _))
+            }
+        }
+    }
+
+    /// Derives keying material for SRTP usage.
+    ///
+    /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
+    ///
+    /// This corresponds to [`SSL_export_keying_material`] with a label of "EXTRACTOR-dtls_srtp".
+    ///
+    /// [`SSL_export_keying_material`]: https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material.html
+    /// [`SSL_CTX_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
+    pub fn export_srtp_keying_material(&self, out: &mut [u8]) -> Result<(), ErrorStack> {
+        self.export_keying_material(out, "EXTRACTOR-dtls_srtp", None)
+    }
+
     /// Returns the number of bytes remaining in the currently processed TLS record.
     ///
     /// If this is greater than 0, the next call to `read` will not call down to the underlying
author	Aron Wieck <[email protected]>	2018-08-09 15:37:23 +0200
committer	Aron Wieck <[email protected]>	2018-08-14 16:04:33 +0200
commit	59c578cf04f96e02871c509d9c64a3d26a6467a4 (patch)
tree	d6f5d3551753772f96f685f6f7438b1be4f8b787 /openssl/src/ssl/mod.rs
parent	Merge pull request #974 from sfackler/shutdown (diff)
download	rust-openssl-59c578cf04f96e02871c509d9c64a3d26a6467a4.tar.xz rust-openssl-59c578cf04f96e02871c509d9c64a3d26a6467a4.zip