ospsecurity.c

mgcp协议源代码。支持多种编码：g711

    int errorcode = OSPC_ERR_NO_ERROR;

    if (ospvSecurity == OSPC_OSNULL)
    {
        errorcode = OSPC_ERR_SEC_INVALID_CONTEXT;
        OSPM_DBGERRORLOG(errorcode, "Security context is null pointer");
    }

    return errorcode;
}


int
OSPPSecLock(
    OSPTSEC *ospvSecurity,
    OSPELOCKMODE ospvLockMode)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(ospvSecurity);

#ifdef ENABLESECLOCK
#ifndef ENABLETESTVERIFY
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        OSPM_MUTEX_LOCK(ospvSecurity->SecurityMutex, errorcode);
        OSPM_ARGUSED(ospvLockMode);
    }
#endif

#endif
    OSPM_ARGUSED(ospvLockMode);

    return errorcode;
}


int
OSPPSecUnlock(
    OSPTSEC *ospvSecurity)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(ospvSecurity);

#ifdef ENABLESECLOCK
#ifndef ENABLETESTVERIFY
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        OSPM_MUTEX_UNLOCK(ospvSecurity->SecurityMutex, errorcode);
    }
#endif
#endif

    return errorcode;
}

int
OSPPSecDeleteAuthorityCertificates(
    OSPTSEC         *ospvSecurity)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *certInfo = OSPC_OSNULL;
    unsigned i = 0;

    /* Context must exist */
    errorcode = OSPPSecTestContext(ospvSecurity);


    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Delete certificates from the list */
        for (   i = 0 ; 
            ospvSecurity->NumberOfAuthorityCertificates;
            i++, ospvSecurity->NumberOfAuthorityCertificates--)
        {
            /* Get the next certificate from list */
            certInfo = ospvSecurity->AuthorityCertInfo[i];

            /* Make sure there is something to delete */
            if (certInfo == OSPC_OSNULL)
            {
                errorcode = OSPC_ERR_SEC_NULL_CERTIFICATE;
                OSPM_DBGERRORLOG(errorcode, 
                    "Found unexpected NULL certificate");
            }

            /* Delete the certificate storage */    
            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                /* Free the Cert Info Structure */
                errorcode = OSPPX509CertDelete(&certInfo);
            }

            /* Quit if error occurs */
            if (errorcode != OSPC_ERR_NO_ERROR)
            {
                break;
            }
        }
    }
    return errorcode;
}


int
OSPPSecSetDigestAlgorithm(
    OSPTSEC         *ospvSecurity,
    OSPTASN1OBJECT   *ospvDigestAlgorithmId)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(ospvSecurity);
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        ospvSecurity->DigestAlgorithm = ospvDigestAlgorithmId;    
    }

    return errorcode;
}

int 
OSPPSecSignatureCreate(
    OSPTSEC *ospvSecurity, 
    unsigned char *ospvContent,
    unsigned ospvContentLength, 
    unsigned char **ospvSignature, 
    unsigned *ospvSignatureLength,
    int ospvSignatureOnly)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    /* Lock Sec for reading */
    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Create Signature */
        errorcode = OSPPPKCS7SignatureCreate( ospvContent, ospvContentLength,
            ospvSecurity->DigestAlgorithm, 
            ospvSecurity->LocalCertInfo, 
            ospvSecurity->PrivateKeyInfo,
            ospvSignatureOnly, 
            ospvSignature, ospvSignatureLength); 
    }

#ifdef ENABLETESTVERIFY
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        unsigned char *content = OSPC_OSNULL;
        unsigned      contentLength = 0;
        OSPTASN1OBJECT *signatureObject = OSPC_OSNULL;

        OSPM_DBGERRORLOG(0, "TEST VERIFYING CREATED SIGNATURE....");

        if(ospvSignatureOnly)
        {
            content = ospvContent;
            contentLength = ospvContentLength;
        }

        errorcode = OSPPPKCS7SignatureParse(&signatureObject,
            *ospvSignature, *ospvSignatureLength);


        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode = OSPPSecSignatureVerify(ospvSecurity,
                &content,
                &contentLength,
                *ospvSignature,
                *ospvSignatureLength,
                ospvSignatureOnly);
        }

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            OSPM_DBGERRORLOG(0, "SIGNATURE VERIFIED");
        }
        else if (errorcode == OSPC_ERR_PKCS7_INVALID_SIGNATURE)
        {
            OSPM_DBGERRORLOG(errorcode, "SIGNATURE NOT VERIFIED");
        }
        else 
        {
            OSPM_DBGERRORLOG(errorcode, "SIGNATURE - ERROR");
        }

        OSPPASN1ObjectDelete(&signatureObject);

    }

#endif

    errorcode = OSPPSecUnlock(ospvSecurity);

    return errorcode;
}


int  
OSPPSecGetPrivateKeyData(
    OSPTSEC *ospvSecurity, 
    unsigned char **ospvPrivateKeyData,
    unsigned int  *ospvPrivateKeyDataLength)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(ospvSecurity);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPPKCS8KeyInfoGetPrivateKey(ospvSecurity->PrivateKeyInfo, 
            ospvPrivateKeyData, ospvPrivateKeyDataLength);
    }

    return errorcode;
}


int 
OSPPSecGetLocalCertInfo(
    OSPTSEC *ospvSecurity,                        /* In - security context */
    OSPTASN1OBJECT **ospvLocalCertInfo)            /* In - Ptr to ptr to cert */
{
    int errorcode=OSPC_ERR_NO_ERROR;

    errorcode = OSPPSecTestContext(ospvSecurity);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        *ospvLocalCertInfo = ospvSecurity->LocalCertInfo;
    }

    return errorcode;
}

int
OSPPSecValidCertChain(
    OSPTSEC *ospvSecurity,
    int     *ospvCAIndex,
    unsigned char *ospvCertificate,
    unsigned int  *ospvCertificateLength)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *testCert = OSPC_OSNULL;
    int parentIndex = 0;
    unsigned char *certificate = OSPC_OSNULL;
    unsigned int  certificateLength = 0;
    OSPTBOOL      localcert = OSPC_FALSE;

    /* 
    This function tests certificates against the certificates stored in the
    CA certificate list. If it finds a parent certificate, it returns the
    index of the parent to the caller.  

    The first time this fuction is called, the caller will set the CAIndex 
    to -1 to indicate that the certificate to be tested is the 
    local signing certificate.  Upon return, CAIndex will be set to the
    index of the issuing certificate.  

    For subsequent calls to this function the caller will leave the CAIndex
    value as is.  The function will use that certificate as the test
    certificate and will find that issuer's certificate and return the
    index to that certificate.

    CAIndex in = -1 means uses localcertificate as the test cert.
                 != -1 means test cert is the ca cert at that index.

    Return the parent cert data and length upon each call.  Storge is
    provided by caller.  Caller should set certificate length to size of
    certificate storage.

    For self signed, the index going back will be the index of the
    certificate that was tested.  Rich will check it to see if it changes
    on his end.
    */

    errorcode = OSPPSecLock(ospvSecurity, OSPE_LOCK_READ);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the test certificate */
        if (*ospvCAIndex == (-1))
        {
            /* Get local certificate for testing */
            testCert = ospvSecurity->LocalCertInfo;
            localcert = OSPC_TRUE;
        }
        else
        {
            if (*ospvCAIndex < (int)ospvSecurity->NumberOfAuthorityCertificates)
            {
                testCert = ospvSecurity->AuthorityCertInfo[*ospvCAIndex];
            }
            else
            {
                errorcode = OSPC_ERR_SEC_CACERT_INDEX_OVERFLOW;
                OSPM_DBGERRORLOG(errorcode, "CA Index is out of range");
            }
        }

        /* Have the test certificate, find issuer in Authority Certificates */
        errorcode = OSPPX509CertValidateCertificate(testCert,
            ospvSecurity->AuthorityCertInfo,
            ospvSecurity->NumberOfAuthorityCertificates,
            &parentIndex);

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            /* Set the index return value */
            *ospvCAIndex = parentIndex;

            /* Get the authority certificate content, place in provided
            buffer */
            if (localcert)
            {
                errorcode = OSPPX509CertGetCertificate(
                    ospvSecurity->LocalCertInfo,
                    &certificate, &certificateLength);
            }
            else
            {
                errorcode = OSPPX509CertGetCertificate(
                    ospvSecurity->AuthorityCertInfo[parentIndex], 
                    &certificate, &certificateLength);
            }

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                if (*ospvCertificateLength < certificateLength)
                {
                    errorcode = OSPC_ERR_SEC_NOT_ENOUGH_SPACE_FOR_COPY;
                    OSPM_DBGERRORLOG(errorcode, 
                        "Not enough space provided for certificate");
                }
                else
                {
                    OSPM_MEMCPY(ospvCertificate, certificate, 
                        certificateLength);
                    *ospvCertificateLength = certificateLength;
                }
            }
        }
    }

    errorcode = OSPPSecUnlock(ospvSecurity);

    return errorcode;
}


int
OSPPSecGetSignerCertSubjectName(
    OSPTSEC         *ospvSecurity,
    unsigned char   *ospvToken,
    unsigned        ospvTokenLen,
    unsigned char   **ospvSubjectName,
    unsigned        *ospvSubjectNameLen
)
{
    OSPTASN1OBJECT          *signercert     = OSPC_OSNULL;
    OSPTASN1OBJECT          *signatureobj   = OSPC_OSNULL;
    int                     errorcode       = OSPC_ERR_NO_ERROR;
    OSPTASN1ELEMENTINFO     *eInfo          = OSPC_OSNULL,
                            *eInfo2         = OSPC_OSNULL;
    unsigned char           *cert           = OSPC_OSNULL;
    unsigned                certlen         = 0;


    errorcode = OSPPSecTestContext(ospvSecurity);

    if(errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPPKCS7SignatureParse(&signatureobj, ospvToken, ospvTokenLen);
    }

    if(errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPASN1ObjectGetElementByDataRef(
            signatureobj, &eInfo,
            OSPEDRID_SIG_SGNDAT_CERTIFICATE);
    }

    if(errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Reparse the certificate */
        errorcode = OSPPASN1ElementGetElementData(eInfo,
            &cert, &certlen);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPX509CertCreate(cert, &signercert);
        cert = OSPC_OSNULL;
        certlen = 0;
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the signer certificate subject name */
        errorcode = OSPPASN1ObjectGetElementByDataRef(signercert,
            &eInfo2, 
            OSPEDRID_CERT_SUBJECT);
    }

    if(errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPASN1ElementGetElementData(eInfo2, &cert, &certlen);
    }

    if(errorcode == OSPC_ERR_NO_ERROR)
    {
        OSPM_MALLOC(*ospvSubjectName, unsigned char, certlen+1);
        if(*ospvSubjectName != OSPC_OSNULL)
        {
            OSPM_MEMSET(*ospvSubjectName, 0, certlen+1);
            OSPM_MEMCPY(*ospvSubjectName, cert, certlen);
            *ospvSubjectNameLen = certlen;
        }
    }

    if(eInfo != OSPC_OSNULL)
    {
        OSPPASN1ElementDelete(&eInfo, 0);
    }

    if(eInfo2 != OSPC_OSNULL)
    {
        OSPPASN1ElementDelete(&eInfo2, 0);
    }

    if(signercert != OSPC_OSNULL)
    {
        OSPPASN1ObjectDelete(&signercert);
    }

    if(signatureobj != OSPC_OSNULL)
    {
         OSPPASN1ObjectDelete(&signatureobj);       
    }

    return errorcode;
}