ospsecurity.c

mgcp协议源代码。支持多种编码：g711

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            /* Get rid of existing private key */
            if ((*ospvSecurity)->PrivateKeyInfo != OSPC_OSNULL)
            {
                OSPPPKCS8KeyInfoDelete( &((*ospvSecurity)->PrivateKeyInfo));
            }
        }

        /* Delete the digest algorithm
        */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            if ((*ospvSecurity)->DigestAlgorithm != OSPC_OSNULL)
            {
                OSPPASN1ObjectDelete(&((*ospvSecurity)->DigestAlgorithm));
            }
        }    

#ifdef OSP_SDK
        /* Delete the SSL session database
        */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            OSPPSecSSLSessionIdDeleteDB(*ospvSecurity);
        }
#endif

        /* Get rid of the security and session mutexen */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            OSPM_MUTEX_DESTROY((*ospvSecurity)->SecurityMutex, errorcode);
        }

        if ((errorcode == OSPC_ERR_NO_ERROR) &&
            ((*ospvSecurity)->SSLSessionHasMutex == OSPC_TRUE))
        {
            OSPM_MUTEX_DESTROY((*ospvSecurity)->SSLSessionMutex, errorcode);
        }

        /* Delete the OSPTSEC storage
        */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            OSPM_FREE(*ospvSecurity);
            *ospvSecurity = NULL;
        }

    }

    return errorcode;
}

int
OSPPSecVerifyRootAuthorityCertificate(
    OSPTSEC *ospvSecurity,
    void    *ospvRootCACert,
    int      ospvRootCACertLen)

{
    int errorcode = OSPC_ERR_NO_ERROR;
    unsigned  certNum=0;                /* Number of certificates */
    OSPTASN1OBJECT  **cert=OSPC_OSNULL; /* Certificate info pointers */
    unsigned  count=0;                /* Loop var. */
    unsigned  char    *certData=NULL; /* Certificate itself */
    unsigned  certSize=0;             /* Certificate size */
    int       certMatch=OSPC_FALSE;   /* Do they match ? */

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    OSPTNLOGDUMP(ospvRootCACert, ospvRootCACertLen, "ROOT CA Cert");

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        if(ospvSecurity==OSPC_OSNULL)
        {
            errorcode=OSPC_ERR_SEC_INVALID_CONTEXT;
        }
        else if(ospvRootCACert==OSPC_OSNULL)
        {
            errorcode=OSPC_ERR_SEC_NULL_CERTIFICATE;
        }
        else if(ospvRootCACertLen<1)
        {
            errorcode=OSPC_ERR_SEC_ZERO_LENGTH_CERTIFICATE;
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get authority certificates and count */
        certNum = ospvSecurity->NumberOfAuthorityCertificates;

        if (certNum == 0)
        {
            errorcode = OSPC_ERR_SEC_NO_AUTHORITY_CERTIFICATES;
            OSPM_DBGERRORLOG(errorcode, "No authority certificates to test");
        }

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            /* Get pointer to array of authority certificates */
            cert = ospvSecurity->AuthorityCertInfo;

            if(cert == OSPC_OSNULL)
            { 
                errorcode=OSPC_ERR_SEC_NULL_CERTIFICATE;
                OSPM_DBGERRORLOG(errorcode, 
                    "Count > 0, but no authority certificates");
            }
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Verify certificate against trusted certificates */
        for(count=0;(count<certNum)&&(errorcode==OSPC_ERR_NO_ERROR);count++)
        {
            if(cert[count]==OSPC_OSNULL)
            {
                errorcode=OSPC_ERR_SEC_NULL_CERTIFICATE;
                OSPM_DBGERRORLOG(errorcode, "Missing pointer to cert");
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                /* Get an authority certificate to test against */
                certData=NULL;
                errorcode=OSPPX509CertGetCertificate( cert[count],
                    &certData, &certSize);
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                if(certData==OSPC_OSNULL)
                {
                    errorcode=OSPC_ERR_SEC_NULL_CERTIFICATE;
                    OSPM_DBGERRORLOG(errorcode, "Missing certificate data");
                }

                /* authority cert must be same size as test cert for a match */
                if(ospvRootCACertLen==(int)certSize)
                {
                    /* Certs are same size, compare them */
                    if (OSPM_MEMCMP(ospvRootCACert,certData,
                        ospvRootCACertLen) == 0)
                    {
                        certMatch=OSPC_TRUE;
                        break;
                    }
                }
            }
        }
    }

    if(errorcode==OSPC_ERR_NO_ERROR)
    {
        if (certMatch!=OSPC_TRUE)
        {
            errorcode=OSPC_ERR_SEC_CA_CERTIFICATES_DONT_MATCH;
        }
    }

    return(errorcode);

} /* OSPPSecVerifyRootAuthorityCertificate */


int
OSPPSecSetAuthorityCertificates(
    OSPTSEC         *ospvSecurity,
    unsigned        ospvNumberOfAuthorityCertificates,
    unsigned char    *ospvAuthorityCertificates[])
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *newCertInfo = OSPC_OSNULL;
    unsigned i = 0;
    unsigned certCount;


    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_WRITE);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        if (ospvNumberOfAuthorityCertificates>OSPC_SEC_MAX_AUTH_CERTS) 
        {
            errorcode = OSPC_ERR_SEC_TOO_MANY_CERTIFICATES;
            OSPM_DBGERRORLOG(errorcode, "Too many authority certificates");
        }
    }

    /* Delete the existing certificate list */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        certCount = ospvSecurity->NumberOfAuthorityCertificates;

        if (certCount > 0)
        {
            OSPPSecDeleteAuthorityCertificates(ospvSecurity);
            certCount = 0;
        }
    }

    /* Add certificates to certificate list */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Create new certificate list */
        for (i = 0 ; i < ospvNumberOfAuthorityCertificates ; i++)
        {
            if (ospvAuthorityCertificates[i] == OSPC_OSNULL)
            {
                errorcode = OSPC_ERR_SEC_NULL_CERTIFICATE;
                OSPM_DBGERRORLOG(errorcode, "No certificate provided");
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                /* Create/initialize a new certInfo for new local certificate */
                errorcode = OSPPX509CertCreate( ospvAuthorityCertificates[i],
                    &newCertInfo);
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                ospvSecurity->AuthorityCertInfo[i] = newCertInfo;
                ospvSecurity->NumberOfAuthorityCertificates++;
            }

            if (errorcode != OSPC_ERR_NO_ERROR)
            {
                break;
            }
        }
    }

    OSPPSecUnlock(ospvSecurity);
    return errorcode;
}

int  
OSPPSecSignatureVerify(
    OSPTSEC *ospvSecurity, 
    unsigned char **ospvContent, 
    unsigned *ospvContentLength, 
    unsigned char *ospvSignature,
    unsigned ospvSignatureLength,
      int ospvSignatureOnly)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *signatureObject = OSPC_OSNULL;
    OSPTASN1OBJECT **authorityCertInfos = OSPC_OSNULL;
    OSPTASN1ELEMENTINFO *el=OSPC_OSNULL;
    unsigned int   authorityCertInfoCount = 0;
    unsigned char *content = OSPC_OSNULL;
    unsigned      contentLength = 0; 

    /* THE SIGNATURE
        The signature is assumed to be an ASN1 encoded  PKCS7 CONTENT INFO
        whose content type is SIGNED DATA.  The SIGNED DATA content
        contains a CONTENT INFO whose content type is DATA.  The DATA
        content may or may not contain the data that was digested to create
        the SIGNED DATA Signature element.  

        If ospvContent is a null pointer, then expect the content that was
        digested to be included in the signature.  Verify the signature
        using the data and then extract the data into dynamically allocated
        storage.  

        If ospvContent is non-null, then assume the signature does not
        contain the data that was digested to create the signature.  Digest
        the data specified by ospvContent/ospvContentLength and use the
        digest to verify the signature.  Do not attempt to extract content
        from the signature.
    */

    /* Decode the signature, extract content if necessary, verify signature
    against signer certificate contained in signature.  Return decoded signer
    signer certificate so it can be validated agains certificate
    authorities. */
    errorcode = OSPPPKCS7SignatureParse(&signatureObject,
        ospvSignature, ospvSignatureLength);


    if (ospvSignatureOnly)
    {
        content = *ospvContent;
        contentLength = *ospvContentLength;
    } 
    else
    {
        errorcode = OSPPPKCS7SignatureGetContent(signatureObject,
            &content, &contentLength,&el);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the ca cetificates */
        authorityCertInfos = ospvSecurity->AuthorityCertInfo;

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            /* Get the number of CA's */
            authorityCertInfoCount = 
                ospvSecurity->NumberOfAuthorityCertificates;
        }
    }


    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPPKCS7SignatureVerify(signatureObject, 
            content,
            contentLength,
            authorityCertInfos,
            authorityCertInfoCount);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /*** OSPM_DBGERRORLOG(0, "SIGNATURE VERIFIED"); ***/

        if (!ospvSignatureOnly)
        {
            OSPM_MALLOC(*ospvContent, unsigned char, contentLength);
            if((*ospvContent)==OSPC_OSNULL)
            {
                errorcode = OSPC_ERR_SEC_UNABLE_TO_ALLOCATE_SPACE;
                OSPM_DBGERRORLOG(errorcode, 
                    "Couldn't allocate space for content");
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                OSPM_MEMCPY(*ospvContent, content, contentLength);  
                *ospvContentLength = contentLength;
            }
        }
    }
    else if (errorcode == OSPC_ERR_PKCS7_INVALID_SIGNATURE)
    {
        OSPM_DBGERRORLOG(errorcode, "SIGNATURE NOT VERIFIED");
    }
    else 
    {
        OSPM_DBGERRORLOG(errorcode, "SIGNATURE - ERROR");
    }
    if(OSPC_OSNULL!=el)
    {
        OSPPASN1ElementDelete(&el,0);
    }
    OSPPASN1ObjectDelete(&signatureObject);

    return errorcode;
}



/* Copy the DER encoded local certificate from the security object 
    to the storage supplied by the caller */
int 
OSPPSecCopyLocalCertificate(
    OSPTSEC *ospvSecurity,                /* In - security context */
    unsigned *ospvLocalCertificateSize,        /* In/Out - max size/actual size */
    unsigned char *ospvLocalCertificate) /* Out - Storage space for cert */
{
    OSPTASN1OBJECT *certInfo = OSPC_OSNULL;
    unsigned certSize = 0;
    unsigned char *certData = OSPC_OSNULL;
    int errorcode = OSPC_ERR_NO_ERROR;

    /* Lock the security module for reading */
    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    /* Check to see if there is a local certificate, and that enough space has
       been provided to save the certificate. */
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        if (ospvLocalCertificate == OSPC_OSNULL)
        {
            errorcode = OSPC_ERR_SEC_NO_SPACE_FOR_CERTIFICATE;
            OSPM_DBGERRORLOG(errorcode, "No space provided for certificate");
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the certinfo structure */
        errorcode = OSPPSecGetLocalCertInfo(ospvSecurity, &certInfo ) ;
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the certificate size and test for enough space */
        errorcode = OSPPX509CertGetCertificate(certInfo, &certData, &certSize);

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            if (certSize > *ospvLocalCertificateSize)
            {
                errorcode = OSPC_ERR_SEC_CERTIFICATE_TOO_BIG;
                OSPM_DBGERRORLOG(errorcode, "Local certificate is too big");
            }
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Retrieve the certificate into the supplied storage area */
        if (certSize > 0)
        {
            OSPM_MEMCPY(ospvLocalCertificate, certData, certSize); 
        }
        *ospvLocalCertificateSize = certSize;
    }

    /* Unlock the security module */
    OSPPSecUnlock(ospvSecurity);

    return errorcode;
}

/* Return the number of authority certificates stored in the security object */
int
OSPPSecGetNumberOfAuthorityCertificates(
    OSPTSEC     *ospvSecurity,                     /* In - Security context */
    unsigned    *ospvNumberOfAuthorityCertificates)    
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        *ospvNumberOfAuthorityCertificates = 
            ospvSecurity->NumberOfAuthorityCertificates;
    }

    return errorcode;
}


/*************************************/
/* IMPLEMENTATION OF LOCAL FUNCTIONS */
/*************************************/
int
OSPPSecTestContext(
    OSPTSEC *ospvSecurity)
{