sip_security.c

Sofia SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.

 *   msg_error_t       *ai_next;       // Dummy link to next header
 *   msg_param_t       *ai_items;      // List of ainfo
 * } sip_proxy_authentication_info_t;
 * @endcode
 *
 */

#define sip_proxy_authentication_info_dup_xtra msg_list_dup_xtra
#define sip_proxy_authentication_info_dup_one msg_list_dup_one
#define sip_proxy_authentication_info_update NULL

msg_hclass_t sip_proxy_authentication_info_class[] =
  SIP_HEADER_CLASS(proxy_authentication_info, "Proxy-Authentication-Info", "",
		   ai_params, append, proxy_authentication_info);

issize_t sip_proxy_authentication_info_d(su_home_t *home, sip_header_t *h,
					 char *s, isize_t slen)
{
  return msg_list_d(home, (msg_header_t *)h, s, slen);
}

issize_t sip_proxy_authentication_info_e(char b[], isize_t bsiz, 
					 sip_header_t const *h, int f)
{
  assert(sip_is_proxy_authentication_info(h)); /* This is soo popular */
  return msg_list_e(b, bsiz, h, f);
}

/* ====================================================================== */

/* Functions parsing @RFC3329 SIP Security Agreement headers */

typedef struct sip_security_agree_s sip_security_agree_t;
#define sh_security_agree sh_security_client

static 
issize_t sip_security_agree_d(su_home_t *home, sip_header_t *h, char *s, isize_t slen)
{
  sip_security_agree_t *sa = (sip_security_agree_t *)h;

  isize_t n;

  while (*s == ',')   /* Ignore empty entries (comma-whitespace) */
    *s = '\0', s += span_lws(s + 1) + 1;

  if ((n = span_token(s)) == 0) 
    return -1;
  sa->sa_mec = s; s += n; while (IS_LWS(*s)) *s++ = '\0'; 
  if (*s == ';' && msg_params_d(home, &s, &sa->sa_params) < 0)
    return -1;

  return msg_parse_next_field(home, h, s, slen);
}

static 
issize_t sip_security_agree_e(char b[], isize_t bsiz, sip_header_t const *h, int f)
{
  char *end = b + bsiz, *b0 = b;
  sip_security_agree_t const *sa = (sip_security_agree_t const *)h;

  MSG_STRING_E(b, end, sa->sa_mec);
  MSG_PARAMS_E(b, end, sa->sa_params, flags);

  return b - b0;
}

static 
isize_t sip_security_agree_dup_xtra(sip_header_t const *h, isize_t offset)
{
  sip_security_agree_t const *sa = h->sh_security_agree;

  MSG_PARAMS_SIZE(offset, sa->sa_params);
  offset += MSG_STRING_SIZE(sa->sa_mec);

  return offset;
}

/** Duplicate one sip_security_agree_t object */ 
static 
char *sip_security_agree_dup_one(sip_header_t *dst, sip_header_t const *src,
				 char *b, isize_t xtra)
{
  sip_security_agree_t *sa_dst = dst->sh_security_agree;
  sip_security_agree_t const *sa_src = src->sh_security_agree;

  char *end = b + xtra;
  b = msg_params_dup(&sa_dst->sa_params, sa_src->sa_params, b, xtra);
  MSG_STRING_DUP(b, sa_dst->sa_mec, sa_src->sa_mec);
  assert(b <= end); (void)end;

  return b;
}

static int sip_security_agree_update(msg_common_t *h, 
				     char const *name, isize_t namelen,
				     char const *value)
{
  sip_security_agree_t *sa = (sip_security_agree_t *)h;

  if (name == NULL) {
    sa->sa_q = NULL;
    sa->sa_d_alg = NULL;
    sa->sa_d_qop = NULL;
    sa->sa_d_ver = NULL;
  }
#define MATCH(s) (namelen == strlen(#s) && !strncasecmp(name, #s, strlen(#s)))

  else if (MATCH(q)) {
    sa->sa_q = value;
  }
  else if (MATCH(d-alg)) {
    sa->sa_d_alg = value;
  }
  else if (MATCH(d-qop)) {
    sa->sa_d_qop = value;
  }
  else if (MATCH(d-ver)) {
    sa->sa_d_ver = value;
  }

#undef MATCH

  return 0;
}


/**@SIP_HEADER sip_security_client Security-Client Header
 *
 * The Security-Client header is defined by @RFC3329, "Security Mechanism
 * Agreement for the Session Initiation Protocol (SIP)".
 *
 * @code
 *    security-client  = "Security-Client" HCOLON
 *                       sec-mechanism *(COMMA sec-mechanism)
 *    security-server  = "Security-Server" HCOLON
 *                       sec-mechanism *(COMMA sec-mechanism)
 *    security-verify  = "Security-Verify" HCOLON
 *                       sec-mechanism *(COMMA sec-mechanism)
 *    sec-mechanism    = mechanism-name *(SEMI mech-parameters)
 *    mechanism-name   = ( "digest" / "tls" / "ipsec-ike" /
 *                        "ipsec-man" / token )
 *    mech-parameters  = ( preference / digest-algorithm /
 *                         digest-qop / digest-verify / extension )
 *    preference       = "q" EQUAL qvalue
 *    qvalue           = ( "0" [ "." 0*3DIGIT ] )
 *                        / ( "1" [ "." 0*3("0") ] )
 *    digest-algorithm = "d-alg" EQUAL token
 *    digest-qop       = "d-qop" EQUAL token
 *    digest-verify    = "d-ver" EQUAL LDQUOT 32LHEX RDQUOT
 *    extension        = generic-param
 * @endcode
 *
 * @sa @SecurityServer, @SecurityVerify, sip_security_verify_compare(),
 * sip_security_client_select(), @RFC3329
 *
 * The parsed Security-Client header
 * is stored in #sip_security_client_t structure.
 */

/**@ingroup sip_security_client
 * @typedef typedef struct sip_security_client_s sip_security_client_t;
 *
 * The structure #sip_security_client_t contains representation of SIP
 * @SecurityClient header.
 *
 * The #sip_security_client_t is defined as follows:
 * @code
 * typedef struct sip_security_agree_s
 * {
 *   sip_common_t        sa_common[1]; // Common fragment info 
 *   sip_security_client_t *sa_next;   // Link to next mechanism 
 *   char const         *sa_mec;       // Security mechanism
 *   msg_param_t const  *sa_params;    // List of mechanism parameters
 *   char const         *sa_q;         // Value of q (preference) parameter
 *   char const         *sa_d_alg;     // Value of d-alg parameter
 *   char const         *sa_d_qop;     // Value of d-qop parameter
 *   char const         *sa_d_ver;     // Value of d-ver parameter
 * } sip_security_client_t;
 * @endcode
 */

msg_hclass_t sip_security_client_class[] = 
SIP_HEADER_CLASS(security_client, "Security-Client", "", 
		 sa_params, append, security_agree);

issize_t sip_security_client_d(su_home_t *home, sip_header_t *h, char *s, isize_t slen)
{
  return sip_security_agree_d(home, h, s, slen);
}

issize_t sip_security_client_e(char b[], isize_t bsiz, sip_header_t const *h, int f)
{
  return sip_security_agree_e(b, bsiz, h, f);
}


/**@SIP_HEADER sip_security_server Security-Server Header
 *
 * The Security-Server header is defined by @RFC3329, "Security Mechanism
 * Agreement for the Session Initiation Protocol (SIP)".
 *
 * @sa @SecurityClient, @SecurityVerify, sip_security_verify_compare(),
 * sip_security_client_select(), @RFC3329.
 *
 * The parsed Security-Server header
 * is stored in #sip_security_server_t structure.
 */

/**@ingroup sip_security_server
 * @typedef typedef struct sip_security_server_s sip_security_server_t;
 *
 * The structure #sip_security_server_t contains representation of SIP
 * @SecurityServer header.
 *
 * The #sip_security_server_t is defined as follows:
 * @code
 * typedef struct sip_security_agree_s
 * {
 *   sip_common_t        sa_common[1]; // Common fragment info 
 *   sip_security_server_t *sa_next;   // Link to next mechanism 
 *   char const         *sa_mec;       // Security mechanism
 *   msg_param_t const  *sa_params;    // List of mechanism parameters
 *   char const         *sa_q;         // Value of q (preference) parameter
 *   char const         *sa_d_alg;     // Value of d-alg parameter
 *   char const         *sa_d_qop;     // Value of d-qop parameter
 *   char const         *sa_d_ver;     // Value of d-ver parameter
 * } sip_security_server_t;
 * @endcode
 */

msg_hclass_t sip_security_server_class[] = 
SIP_HEADER_CLASS(security_server, "Security-Server", "", 
		 sa_params, append, security_agree);

issize_t sip_security_server_d(su_home_t *home, sip_header_t *h, char *s, isize_t slen)
{
  return sip_security_agree_d(home, h, s, slen);
}

issize_t sip_security_server_e(char b[], isize_t bsiz, sip_header_t const *h, int f)
{
  return sip_security_agree_e(b, bsiz, h, f);
}


/**@SIP_HEADER sip_security_verify Security-Verify Header
 *
 * The Security-Verify header is defined by @RFC3329, "Security Mechanism
 * Agreement for the Session Initiation Protocol (SIP)".
 *
 * @sa @SecurityClient, @SecurityServer, sip_security_verify_compare(),
 * sip_security_client_select(), @RFC3329.
 *
 * The parsed Security-Verify header
 * is stored in #sip_security_verify_t structure.
 */

/**@ingroup sip_security_verify
 * @typedef typedef struct sip_security_verify_s sip_security_verify_t;
 *
 * The structure #sip_security_verify_t contains representation of SIP
 * @SecurityVerify header.
 *
 * The #sip_security_verify_t is defined as follows:
 * @code
 * typedef struct sip_security_agree_s
 * {
 *   sip_common_t        sa_common[1]; // Common fragment info 
 *   sip_security_verify_t *sa_next;   // Link to next mechanism 
 *   char const         *sa_mec;       // Security mechanism
 *   msg_param_t const  *sa_params;    // List of mechanism parameters
 *   char const         *sa_q;         // Value of q (preference) parameter
 *   char const         *sa_d_alg;     // Value of d-alg parameter
 *   char const         *sa_d_qop;     // Value of d-qop parameter
 *   char const         *sa_d_ver;     // Value of d-ver parameter
 * } sip_security_verify_t;
 * @endcode
 */


msg_hclass_t sip_security_verify_class[] = 
SIP_HEADER_CLASS(security_verify, "Security-Verify", "", 
		 sa_params, append, security_agree);

issize_t sip_security_verify_d(su_home_t *home, sip_header_t *h, char *s, isize_t slen)
{
  return sip_security_agree_d(home, h, s, slen);
}

issize_t sip_security_verify_e(char b[], isize_t bsiz, sip_header_t const *h, int f)
{
  return sip_security_agree_e(b, bsiz, h, f);
}

/* ====================================================================== */
/* RFC 3323 */

/**@SIP_HEADER sip_privacy Privacy Header
 * 
 * The Privacy header is used by User-Agent to request privacy services from
 * the network. Its syntax is defined in @RFC3323 as follows:
 * 
 * @code
 *    Privacy-hdr  =  "Privacy" HCOLON priv-value *(";" priv-value)
 *    priv-value   =   "header" / "session" / "user" / "none" / "critical"
 *                     / token
 * @endcode
 *
 * The parsed Privacy header is stored in #sip_privacy_t structure.
 */

/**@ingroup sip_privacy
 * @typedef typedef struct sip_privacy_s sip_privacy_t;
 *
 * The structure #sip_privacy_t contains representation of a SIP @Privacy
 * header.
 *
 * The #sip_privacy_t is defined as follows:
 * @code
 * typedef struct sip_privacy_s {
 *   sip_common_t       priv_common[1];	// Common fragment info 
 *   sip_error_t       *priv_next;     	// Dummy link 
 *   msg_param_t const *priv_values;   	// List of privacy values 
 * } sip_privacy_t;
 * @endcode
 */

msg_xtra_f sip_privacy_dup_xtra;
msg_dup_f sip_privacy_dup_one;

#define sip_privacy_update NULL

msg_hclass_t sip_privacy_class[] = 
SIP_HEADER_CLASS(privacy, "Privacy", "", priv_values, single, privacy);

static 
issize_t sip_privacy_token_scan(char *start)
{
  char *s = start;
  skip_token(&s);

  if (s == start)
    return -1;

  if (IS_LWS(*s))
    *s++ = '\0';
  skip_lws(&s);

  return s - start;
}

issize_t sip_privacy_d(su_home_t *home, sip_header_t *h, char *s, isize_t slen)
{
  sip_privacy_t *priv = (sip_privacy_t *)h;

  while (*s == ';' || *s == ',') {
    s++;
    skip_lws(&s);
  }

  for (;;) {
    if (msg_any_list_d(home, &s, (msg_param_t **)&priv->priv_values,
		       sip_privacy_token_scan, ';') < 0)
      return -1;

    if (*s == '\0')
      return 0;			/* Success! */

    if (*s == ',')
      *s++ = '\0';		/* We accept comma-separated list, too */
    else if (IS_TOKEN(*s))
      ;				/* LWS separated list...  */
    else
      return -1;
  }
}

issize_t sip_privacy_e(char b[], isize_t bsiz, sip_header_t const *h, int f)
{
  sip_privacy_t const *priv = h->sh_privacy;
  char *b0 = b, *end = b + bsiz;
  size_t i;

  if (priv->priv_values) {
    for (i = 0; priv->priv_values[i]; i++) {
      if (i > 0) MSG_CHAR_E(b, end, ';');
      MSG_STRING_E(b, end, priv->priv_values[i]);
    }
  }

  MSG_TERM_E(b, end);
    
  return b - b0;
}

isize_t sip_privacy_dup_xtra(sip_header_t const *h, isize_t offset)
{
  sip_privacy_t const *priv = h->sh_privacy;

  MSG_PARAMS_SIZE(offset, priv->priv_values);

  return offset;
}

char *sip_privacy_dup_one(sip_header_t *dst,
			  sip_header_t const *src,
			  char *b,
			  isize_t xtra)
{
  sip_privacy_t *priv = dst->sh_privacy;
  sip_privacy_t const *o = src->sh_privacy;
  char *end = b + xtra;

  b = msg_params_dup(&priv->priv_values, o->priv_values, b, xtra);

  assert(b <= end); (void)end;

  return b;
}