ospsecurity.c

mgcp协议源代码。支持多种编码：g711

/*
*########################################################################
*########################################################################
*########################################################################
*                                                               
*   COPYRIGHT (c) 1998, 1999 by TransNexus, LLC                          
*                                                                    
*   This software contains proprietary and confidential information  
*   of TransNexus, LLC. Except as may be set forth in the license    
*   agreement under which this software is supplied, use, disclosure, 
*   or reproduction is prohibited without the prior, express, written
*   consent of TransNexus, LLC.                                      
*                                     
*
*
*
*
*
*
*#########################################################################
*#########################################################################
*#########################################################################
*/

/*
 * ospsecurity.cpp - Functions for security object.
 */
#include "osp.h"
#include "ospdatatypes.h"
#include "ospasn1.h"
#include "osppkcs1.h"
#include "osppkcs7.h"
#include "osppkcs8.h"
#include "ospx509.h"
#include "ospsecurity.h"
#include "osptnlog.h"

/* PROTOTYPES FOR LOCAL FUNCTIONS */
int
OSPPSecTestContext(
    OSPTSEC *ospvSecurity);

int
OSPPSecLock(
    OSPTSEC *ospvSecurity,
    OSPELOCKMODE ospvLockMode);

int
OSPPSecUnlock(
    OSPTSEC *ospvSecurity);

int
OSPPSecDeleteAuthorityCertificates(
    OSPTSEC         *ospvSecurity);

int
OSPPSecSetDigestAlgorithm(
    OSPTSEC         *ospvSecurity,
    OSPTASN1OBJECT   *ospvDigestAlgorithmId);

int 
OSPPSecGetLocalCertInfo(
    OSPTSEC *ospvSecurity,
    OSPTASN1OBJECT **ospvLocalCertInfo);

/**************************************/
/* IMPLEMENTATION OF MEMBER FUNCTIONS */
/**************************************/

/* Create and initialize new security object 
    Create the object and zero it out.
    Elements will be added separately by the caller.
    Set default digest algorithm and local validation.
*/
int
OSPPSecNew(
    OSPTSEC **ospvSecurity)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *digestAlgorithm;

    if ((ospvSecurity == OSPC_OSNULL) || (*ospvSecurity != OSPC_OSNULL)) 
    {
        errorcode = OSPC_ERR_SEC_INVALID_ARG;
        OSPM_DBGERRORLOG(errorcode, "Invalid pointer to new security object");
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /*
         * create a new security object
         */

        OSPM_MALLOC(*ospvSecurity, OSPTSEC, sizeof(OSPTSEC));
        if (*ospvSecurity == OSPC_OSNULL) 
        {
            errorcode = OSPC_ERR_SEC_NO_MEMORY;
            OSPM_DBGERRORLOG(errorcode, "ospvSec malloc failed");
        }
        if (errorcode == OSPC_ERR_NO_ERROR) 
        {
            /* Initialize the security object */
            OSPM_MEMSET(*ospvSecurity, 0, sizeof(OSPTSEC));
        }

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            OSPM_MUTEX_INIT((*ospvSecurity)->SecurityMutex, NULL, errorcode);
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the Default Digest Algorithm */
        errorcode=OSPPASN1AlgorithmIdEncode(&digestAlgorithm, OSPEID_MD5,
            OSPEDRID_NOTDEFINED);

        /* Set the Digest Algorithm Id */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode=OSPPSecSetDigestAlgorithm(*ospvSecurity,
                digestAlgorithm);
        }

        if(errorcode!=OSPC_ERR_NO_ERROR)
        {
            OSPM_DBGERRORLOG(errorcode, "OSPPSecSetDigestAlgorithm Failed");
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode=OSPPSecSetLocalValidation(*ospvSecurity,1);
        if (errorcode != OSPC_ERR_NO_ERROR)
        {       
            OSPM_DBGERRORLOG(errorcode, "OSPPSecSetLocalValidation Failed");
        } 
    }

#ifdef OSP_SDK
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode=OSPPSecSSLSessionIdInitDB(*ospvSecurity);
        if(errorcode!=OSPC_ERR_NO_ERROR)
        {
            OSPM_DBGERRORLOG(errorcode, "OSPPSecSSLSessionIdInitDB Failed");
        }
    }
#endif

    if(errorcode != OSPC_ERR_NO_ERROR)
    {
        (void)OSPPSecDelete(ospvSecurity);
    }

    return errorcode;
}

int 
OSPPSecSetPrivateKey(
    OSPTSEC *ospvSecurity,
    OSPTPRIVATEKEY *ospvPrivateKey)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *privateKeyInfo = OSPC_OSNULL;

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_WRITE);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get rid of existing private key */
        if (ospvSecurity->PrivateKeyInfo != OSPC_OSNULL)
        {
            OSPPPKCS8KeyInfoDelete(&(ospvSecurity->PrivateKeyInfo));
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Add new private key if one is provided */
        if (ospvPrivateKey != OSPC_OSNULL)
        {
            errorcode = OSPPPKCS8KeyInfoCreate(&privateKeyInfo, ospvPrivateKey);
        }
    }

    /* Update privatekey field in security with value of privateKeyInfo */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        ospvSecurity->PrivateKeyInfo = privateKeyInfo;
    }
    else
    {
        OSPPPKCS8KeyInfoDelete(&privateKeyInfo);
    }

    OSPPSecUnlock(ospvSecurity);

    return errorcode;
}


int
OSPPSecCopyPrivateKey(
    OSPTSEC *ospvSecurity,                  /*In - security structure */
    OSPTPRIVATEKEY *ospvPrivateKey)         /*In - allocated private key store*/
{
    int errorcode = OSPC_ERR_NO_ERROR;
    unsigned char *privateKeyData = OSPC_OSNULL;
    unsigned int   privateKeyDataLength = 0;

    /* Check context and lock the security module for reading */
    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get pointers to private key data */
        errorcode = OSPPSecGetPrivateKeyData(ospvSecurity,
            &privateKeyData,
            &privateKeyDataLength);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Test data size */
        if ((ospvPrivateKey == OSPC_OSNULL) || 
            (ospvPrivateKey->PrivateKeyData == OSPC_OSNULL) ||
            (privateKeyDataLength > ospvPrivateKey->PrivateKeyLength))
        {
            errorcode = OSPC_ERR_SEC_NOT_ENOUGH_SPACE_FOR_COPY;
            OSPM_DBGERRORLOG(errorcode, "Not enough space provided for key\n"
                "Must allocate OSPTPRIVATEKEY, data element,\n"
                "and set data length to max size");
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Copy the private key */
        OSPM_MEMCPY(ospvPrivateKey->PrivateKeyData, 
            privateKeyData, privateKeyDataLength);
        ospvPrivateKey->PrivateKeyLength = privateKeyDataLength;
    }

    /* Unlock the security module */
    OSPPSecUnlock(ospvSecurity);

    return errorcode;
}




int
OSPPSecGetLocalValidation(
    OSPTSEC *ospvSecurity,
    unsigned *ospvLocalValidation)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        *ospvLocalValidation = ospvSecurity->LocalValidation;
    }

    OSPPSecUnlock(ospvSecurity);

    return errorcode;

}


int
OSPPSecSetLocalCertificate(
    OSPTSEC         *ospvSecurity,
    unsigned char   *ospvLocalCertificate,
    unsigned long   *ospvCustomerId,
    unsigned long   *ospvDeviceId)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT* newCertInfo = OSPC_OSNULL;
    OSPTASN1OBJECT* oldCertInfo = OSPC_OSNULL;

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_WRITE);

    /* Get the existing local certificate */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPSecGetLocalCertInfo(ospvSecurity, &oldCertInfo );
    }

    /* If new certificate is NOT NULL, then create the local cert info */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        if (ospvLocalCertificate != OSPC_OSNULL) 
        {
            /* Create/initialize a new certInfo for new local certificate */
            errorcode = OSPPX509CertCreate(ospvLocalCertificate, &newCertInfo);
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPX509CertGetCustDeviceId(newCertInfo, 
            ospvCustomerId, ospvDeviceId);
    }

    /* Store new cert info or OSPC_NULL in LocalCertInfo field */
    if (errorcode == OSPC_ERR_NO_ERROR) 
    {
        ospvSecurity->LocalCertInfo = newCertInfo;    

        /* Clean up old certificate */
        if (oldCertInfo != OSPC_OSNULL)
        {
            errorcode = OSPPX509CertDelete(&oldCertInfo);
        }
    }
    else
    {
        /* Clean up the newly build certificate (if any) and leave things
        the way they were */
        OSPPX509CertDelete(&newCertInfo);
    }

    return errorcode;
}



int
OSPPSecSetLocalValidation(
    OSPTSEC     *ospvSecurity, 
    unsigned    ospvLocalValidation)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_WRITE);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        ospvSecurity->LocalValidation = ospvLocalValidation;
    }

    OSPPSecUnlock(ospvSecurity);

    return errorcode;
}


/* Return the list of authority certificates stored in the security object.  
    Storage for ospvCertificateCount certificates, each less than or equal to
    ospvMaxCertificateSize bytes must be provided by the caller.
*/
int
OSPPSecCopyAuthorityCertificates(
        OSPTSEC *ospvSecurity,             /* In - security context */
        unsigned ospvMaxCertificateSize,/* In - Max cert size */
        unsigned char *ospvAuthorityCertificates[],
        unsigned *ospvCertificateCount)    /* In/Out - Max allowed/# returned */
{
    unsigned i;
    unsigned         certCount = 0;    
    unsigned        certSize = 0;
    unsigned char     *certificate = OSPC_OSNULL;
    OSPTASN1OBJECT    *certInfo;
    OSPTASN1OBJECT    **certInfoList;

    int errorcode = OSPC_ERR_NO_ERROR;


    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        certCount = ospvSecurity->NumberOfAuthorityCertificates;

        if (certCount > *ospvCertificateCount) 
        {
            errorcode = OSPC_ERR_SEC_TOO_MANY_CERTIFICATES;
            OSPM_DBGERRORLOG(errorcode, "To many certificates to return");
        }

        certInfoList = ospvSecurity->AuthorityCertInfo;

        for(i=0 ; (errorcode == OSPC_ERR_NO_ERROR) && (i < certCount); i++)
        {
            certInfo = certInfoList[i];

            errorcode = OSPPX509CertGetCertificate(certInfo,
                &certificate, &certSize);
            if(certSize > ospvMaxCertificateSize)
            {
                errorcode = OSPC_ERR_SEC_CERTIFICATE_TOO_BIG;
                OSPM_DBGERRORLOG(errorcode, "Not enough space for certificate");
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                OSPM_MEMCPY(ospvAuthorityCertificates[i],certificate,certSize);
            }
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR) 
    {
        *ospvCertificateCount = certCount;
    }
    else
    {
        *ospvCertificateCount = 0;
    }

    return errorcode;
}



int
OSPPSecDelete(
    OSPTSEC     **ospvSecurity)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(*ospvSecurity);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Delete the authority certificates
        */
        errorcode = OSPPSecDeleteAuthorityCertificates(*ospvSecurity);

        /* Delete the local certificate
        */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            if ((*ospvSecurity)->LocalCertInfo != OSPC_OSNULL)
            {
                errorcode = OSPPX509CertDelete(
                    &((*ospvSecurity)->LocalCertInfo));
            }
        }

        /* Delete the PrivateKey
        */