📄 keyagreement.cxx
字号:
/* Copyright (C) 2004-2006 the Minisip Team This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *//* Copyright (C) 2004 * * Authors: Erik Eliasson <eliasson@it.kth.se> * Johan Bilien <jobi@via.ecp.fr> * Joachim Orrblad <joachim@orrblad.com>*/#include <config.h>#include<libminisip/mediahandler/Session.h>#include<libminisip/mediahandler/MediaStream.h>#include<libmutil/Timestamp.h>#include<libmutil/dbg.h>#include<libminisip/sip/SipDialogSecurityConfig.h>#include<libmikey/keyagreement.h>#include<libmikey/keyagreement_dh.h>#include<libmikey/keyagreement_psk.h>#include<libmikey/MikeyException.h>#ifdef _WIN32_WCE# include"../include/minisip_wce_extra_includes.h"#endif#define MIKEY_PROTO_SRTP 0using namespace std;bool Session::responderAuthenticate( string message ){ bool authenticated; if(message.substr(0,6) == "mikey "){ string b64Message = message.substr(6, message.length()-6); if( message == "" ) throw MikeyException( "No MIKEY message received" ); else { try{ MikeyMessage * init_mes = new MikeyMessage(b64Message); // MikeyMessage * resp_mes = NULL; switch( init_mes->type() ){ case MIKEY_TYPE_DH_INIT: if( securityConfig.cert.isNull() ){ merr << "No certificate available" << end; // throw MikeyExceptionUnacceptable( // "Cannot handle DH key agreement, no certificate" ); securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } if( !securityConfig.dh_enabled ){ merr << "Cannot handle DH key agreement" << end; //throw MikeyExceptionUnacceptable( // "Cannot handle DH key agreement" ); securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } if( !ka ){ ka = new KeyAgreementDH( securityConfig.cert, securityConfig.cert_db, DH_GROUP_OAKLEY5 ); } ka->setInitiatorData( init_mes );#ifdef ENABLE_TS ts.save( AUTH_START );#endif if( init_mes->authenticate( ((KeyAgreementDH *)*ka) ) ){ merr << "Authentication of the DH init message failed" << end;// throw MikeyExceptionAuthentication(// "Authentication of the DH init message failed" ); merr << ka->authError() << end; securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } merr << "Authentication successful, controling the certificate" << end;#ifdef ENABLE_TS ts.save( TMP );#endif if( securityConfig.check_cert ){ if( ((KeyAgreementDH *)*ka)->controlPeerCertificate() == 0){#ifdef DEBUG_OUTPUT merr << "Certificate check failed in the incoming MIKEY message" << end;#endif securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } }#ifdef ENABLE_TS ts.save( AUTH_END );#endif securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_DH; break; //added by pmaurer case MIKEY_TYPE_DK_INIT: if (!securityConfig.dk_enabled) { merr << "Cannot handle DK key agreement" << end; securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } if (!ka || ka->type() != KEY_AGREEMENT_TYPE_DK) { ka = new KeyAgreementDK(DH_GROUP_OAKLEY5); } ka->setInitiatorData(init_mes); if (init_mes->authenticate((KeyAgreementDK*) *ka)) { merr << "Authentication of the DK init message failed" << end; merr << ka->authError() << end; securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } merr << "Peer successfully authenticated by DK" << end; securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_DK; break; // end added by pmaurer case MIKEY_TYPE_PSK_INIT: if( !securityConfig.psk_enabled ){ //throw MikeyExceptionUnacceptable( // "Cannot handle PSK key agreement" ); securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } ka = new KeyAgreementPSK( securityConfig.psk, securityConfig.psk_length ); ka->setInitiatorData( init_mes ); #ifdef ENABLE_TS ts.save( AUTH_START );#endif if( init_mes->authenticate( ((KeyAgreementPSK *)*ka) ) ){// throw MikeyExceptionAuthentication(// "Authentication of the PSK init message failed" ); securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } #ifdef ENABLE_TS ts.save( AUTH_END );#endif securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_PSK; break; case MIKEY_TYPE_PK_INIT: //throw MikeyExceptionUnimplemented( // "Public Key key agreement not implemented" ); securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; default: merr << "Unexpected type of message in INVITE" << end; securityConfig.secured = false; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; return false; } securityConfig.secured = true; authenticated = true; } catch( certificate_exception & ){ // TODO: Tell the GUI merr << "Could not open certificate" <<end; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = false; } catch( MikeyExceptionUnacceptable &exc ){ merr << "MikeyException caught: "<<exc.what()<<end; //FIXME! send SIP Unacceptable with Mikey Error message securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = false; } // Authentication failed catch( MikeyExceptionAuthentication &exc ){ merr << "MikeyExceptionAuthentication caught: "<<exc.what()<<end; //FIXME! send SIP Authorization failed with Mikey Error message securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = false; } // Message was invalid catch( MikeyExceptionMessageContent &exc ){ MikeyMessage * error_mes; merr << "MikeyExceptionMesageContent caught: " << exc.what() << end; if( ( error_mes = exc.errorMessage() ) != NULL ){ //FIXME: send the error message! } securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = false; } catch( MikeyException & exc ){ merr << "MikeyException caught: " << exc.what() << end; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = false; } } } else { merr << "Unknown type of key agreement" << end; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; authenticated = true; } return authenticated;}string Session::responderParse(){ if( ! ( securityConfig.ka_type & KEY_MGMT_METHOD_MIKEY ) ){ merr << "Unknown type of key agreement" << end; securityConfig.secured = false; return ""; } MikeyMessage * responseMessage = NULL; MikeyMessage * initMessage = (MikeyMessage *)ka->initiatorData(); if( initMessage == NULL ){ merr << "Uninitialized message, this is a bug" << end; securityConfig.secured = false; return ""; } try{ switch( securityConfig.ka_type ){ case KEY_MGMT_METHOD_MIKEY_DH:#ifdef ENABLE_TS ts.save( MIKEY_PARSE_START );#endif addStreamsToKa( false ); responseMessage = initMessage->buildResponse((KeyAgreementDH *)*ka);#ifdef ENABLE_TS ts.save( MIKEY_PARSE_END );#endif break; // added by pmauer case KEY_MGMT_METHOD_MIKEY_DK: addStreamsToKa(false); responseMessage = initMessage->buildResponse( (KeyAgreementDK*) *ka, securityConfig.dk_pkey_loaded, commonConfig.sipIdentity->getSipUri() ); break; // end added by pmaurer case KEY_MGMT_METHOD_MIKEY_PSK:#ifdef ENABLE_TS ts.save( MIKEY_PARSE_START );#endif addStreamsToKa( false ); responseMessage = initMessage->buildResponse((KeyAgreementPSK *)*ka);#ifdef ENABLE_TS ts.save( MIKEY_PARSE_END );#endif break; case KEY_MGMT_METHOD_MIKEY_PK: /* Should not happen at that point */ throw MikeyExceptionUnimplemented( "Public Key key agreement not implemented" ); break; default: throw MikeyExceptionMessageContent( "Unexpected type of message in INVITE" ); } } catch( certificate_exception & ){ // TODO: Tell the GUI merr << "Could not open certificate" <<end; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; } catch( MikeyExceptionUnacceptable & exc ){ merr << "MikeyException caught: "<<exc.what()<<end; //FIXME! send SIP Unacceptable with Mikey Error message securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; } // Message was invalid catch( MikeyExceptionMessageContent & exc ){ MikeyMessage * error_mes; merr << "MikeyExceptionMesageContent caught: " << exc.what() << end; if( ( error_mes = exc.errorMessage() ) != NULL ){ responseMessage = error_mes; } securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; } catch( MikeyException & exc ){ merr << "MikeyException caught: " << exc.what() << end; securityConfig.ka_type = KEY_MGMT_METHOD_NULL; securityConfig.secured = false; } if( responseMessage != NULL ){ //merr << "Created response message" << responseMessage->get_string() << end; return responseMessage->b64Message(); } else{ //merr << "No response message" << end; return string(""); }}string Session::initiatorCreate(){ MikeyMessage * message;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -