r3054 - in trunk/libmikey: include/libmikey keyagreement mikey
erik at minisip.org
erik at minisip.org
Fri Dec 22 12:50:56 CET 2006
Author: erik
Date: 2006-12-22 12:50:55 +0100 (Fri, 22 Dec 2006)
New Revision: 3054
Modified:
trunk/libmikey/include/libmikey/MikeyMessage.h
trunk/libmikey/include/libmikey/keyagreement_dh.h
trunk/libmikey/keyagreement/keyagreement_dh.cxx
trunk/libmikey/mikey/MikeyMessage.cxx
trunk/libmikey/mikey/MikeyMessageDH.cxx
Log:
* libmikey update: Make libmikey able to use "SipSim" to add signatures
If the SIM is asked for a signature, then that sim can either do
it in software or in hardware. We still have the "old" method
which you give a certificate instead of a SIM. In that case,
the private key must be available to the certificate.
Modified: trunk/libmikey/include/libmikey/MikeyMessage.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyMessage.h 2006-12-22 10:53:39 UTC (rev 3053)
+++ trunk/libmikey/include/libmikey/MikeyMessage.h 2006-12-22 11:50:55 UTC (rev 3054)
@@ -61,6 +61,7 @@
#define MAX_TIME_OFFSET (int64_t)(0xe100000<<16) //1 hour
class aes;
+class SipSim;
class certificate;
class certificate_db;
@@ -91,6 +92,7 @@
void addPayload( MikeyPayload * payload );
void operator+=( MikeyPayload * payload );
+ void addSignaturePayload( MRef<SipSim*> sim );
void addSignaturePayload( MRef<certificate *> cert );
void addVPayload( int macAlg, uint64_t receivedT,
byte_t * authKey, uint32_t authKeyLength);
Modified: trunk/libmikey/include/libmikey/keyagreement_dh.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2006-12-22 10:53:39 UTC (rev 3053)
+++ trunk/libmikey/include/libmikey/keyagreement_dh.h 2006-12-22 11:50:55 UTC (rev 3054)
@@ -38,13 +38,18 @@
class certificate_chain;
class certificate;
class ca_db;
+class SipSim;
class LIBMIKEY_API KeyAgreementDH : public KeyAgreement{
public:
KeyAgreementDH( MRef<certificate_chain *> cert,
MRef<ca_db *> ca_db );
- KeyAgreementDH( MRef<certificate_chain *> cert,
+ KeyAgreementDH( MRef<certificate_chain *> cert,
MRef<ca_db *> ca_db, int group );
+
+
+ KeyAgreementDH( MRef<SipSim *> sim );
+ KeyAgreementDH( MRef<SipSim *> sim, int group );
~KeyAgreementDH();
int computeTgk();
@@ -68,6 +73,9 @@
MikeyMessage * buildResponse( MikeyMessage * offer);
bool authenticate( MikeyMessage * msg);
+ MRef<SipSim*> getSim();
+
+ bool useSim;
private:
OakleyDH * dh;
byte_t * peerKeyPtr;
@@ -75,6 +83,7 @@
MRef<certificate_chain *> certChainPtr;
MRef<certificate_chain *> peerCertChainPtr;
MRef<ca_db *> certDbPtr;
+ MRef<SipSim *> sim;
};
#endif
Modified: trunk/libmikey/keyagreement/keyagreement_dh.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_dh.cxx 2006-12-22 10:53:39 UTC (rev 3053)
+++ trunk/libmikey/keyagreement/keyagreement_dh.cxx 2006-12-22 11:50:55 UTC (rev 3054)
@@ -28,6 +28,7 @@
#include<libmikey/keyagreement_dh.h>
#include<libmikey/MikeyException.h>
#include<libmcrypto/OakleyDH.h>
+#include<libmcrypto/SipSim.h>
using namespace std;
@@ -37,7 +38,9 @@
peerKeyPtr( NULL ),
peerKeyLengthValue( 0 ),
certChainPtr( certChainPtr ),
- certDbPtr( certDbPtr ){
+ certDbPtr( certDbPtr ),
+ useSim(false)
+{
//policy = list<Policy_type *>::list();
typeValue = KEY_AGREEMENT_TYPE_DH;
dh = new OakleyDH();
@@ -45,6 +48,22 @@
}
+KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
+ KeyAgreement(),
+ peerKeyPtr( NULL ),
+ peerKeyLengthValue( 0 ),
+ certChainPtr( NULL ),
+ certDbPtr( NULL ),
+ sim(s),
+ useSim(true)
+{
+ //policy = list<Policy_type *>::list();
+ typeValue = KEY_AGREEMENT_TYPE_DH;
+ dh = new OakleyDH();
+ peerCertChainPtr = certificate_chain::create();
+
+}
+
KeyAgreementDH::~KeyAgreementDH(){
delete dh;
if( peerKeyPtr != NULL ){
@@ -76,6 +95,32 @@
peerCertChainPtr = certificate_chain::create();
}
+
+KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s, int groupValue ):
+ peerKeyPtr( NULL ),
+ peerKeyLengthValue( 0 ),
+ certChainPtr( NULL ),
+ peerCertChainPtr( NULL ),
+ certDbPtr( NULL ),
+ sim(s),
+ useSim(true)
+{
+ //policy = list<Policy_type *>::list();
+ typeValue = KEY_AGREEMENT_TYPE_DH;
+ dh = new OakleyDH();
+ if( dh == NULL )
+ {
+ throw MikeyException( "Could not create "
+ "DH parameters." );
+ }
+
+ if( setGroup( groupValue ) ){
+ throw MikeyException( "Could not set the "
+ "DH group." );
+ }
+ peerCertChainPtr = certificate_chain::create();
+}
+
int KeyAgreementDH::setGroup( int groupValue ){
if( !dh->setGroup( groupValue ) )
return 1;
@@ -137,7 +182,11 @@
}
MRef<certificate_chain *> KeyAgreementDH::certificateChain(){
- return certChainPtr;
+ if (useSim){
+ return sim->getCertificateChain();
+ }else{
+ return certChainPtr;
+ }
}
MRef<certificate_chain *> KeyAgreementDH::peerCertificateChain(){
@@ -159,3 +208,7 @@
return 0;
return peerCertChainPtr->control( certDbPtr );
}
+
+MRef<SipSim*> KeyAgreementDH::getSim(){
+ return sim;
+}
Modified: trunk/libmikey/mikey/MikeyMessage.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessage.cxx 2006-12-22 10:53:39 UTC (rev 3053)
+++ trunk/libmikey/mikey/MikeyMessage.cxx 2006-12-22 11:50:55 UTC (rev 3054)
@@ -48,6 +48,7 @@
#include<libmcrypto/base64.h>
#include<libmcrypto/hmac.h>
#include<libmcrypto/cert.h>
+#include<libmcrypto/SipSim.h>
#include<map>
@@ -263,6 +264,33 @@
addPayload( payload );
}
+
+void MikeyMessage::addSignaturePayload( MRef<SipSim*> sim ){
+ byte_t signature[4096];
+ int signatureLength;
+ MikeyPayloadSIGN * sign;
+ MikeyPayload * last;
+
+ // set the previous nextPayloadType to signature
+ last = *lastPayload();
+ last->setNextPayloadType( MIKEYPAYLOAD_SIGN_PAYLOAD_TYPE );
+
+ if( sim->getSignature( (unsigned char*)rawMessageData(), (int)rawMessageLength(),
+ (unsigned char*)signature, signatureLength, true ) ){
+ throw MikeyException( "Could not perform digital signature of the message" );
+ }
+
+ addPayload( ( sign = new MikeyPayloadSIGN( signatureLength, signature,
+ MIKEYPAYLOAD_SIGN_TYPE_RSA_PKCS ) ) );
+
+ sim->getSignature( rawMessageData(),
+ rawMessageLength() - signatureLength,
+ signature, signatureLength, true );
+ sign->setSigData( signature );
+ compiled = false;
+}
+
+
void MikeyMessage::addSignaturePayload( MRef<certificate *> cert ){
byte_t signature[4096];
int signatureLength;
Modified: trunk/libmikey/mikey/MikeyMessageDH.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessageDH.cxx 2006-12-22 10:53:39 UTC (rev 3053)
+++ trunk/libmikey/mikey/MikeyMessageDH.cxx 2006-12-22 11:50:55 UTC (rev 3054)
@@ -34,6 +34,7 @@
#include<libmikey/MikeyPayloadCERT.h>
#include<libmikey/MikeyPayloadDH.h>
#include<libmikey/MikeyPayloadERR.h>
+#include<libmcrypto/SipSim.h>
#include<map>
@@ -86,7 +87,11 @@
ka->publicKey(),
ka->keyValidity() ) );
- addSignaturePayload( ka->certificateChain()->get_first() );
+ if (ka->useSim){
+ addSignaturePayload(ka->getSim());
+ }else{
+ addSignaturePayload( ka->certificateChain()->get_first() );
+ }
}
//-----------------------------------------------------------------------------------------------//
@@ -275,7 +280,11 @@
ka->peerKey(),
ka->keyValidity() ) );
- result->addSignaturePayload( ka->certificateChain()->get_first() );
+ if (ka->useSim){
+ addSignaturePayload(ka->getSim());
+ }else{
+ result->addSignaturePayload( ka->certificateChain()->get_first() );
+ }
return result;
}
@@ -419,8 +428,11 @@
//FIXME handle key validity information
if( error ){
- errorMessage->addSignaturePayload(
- ka->certificateChain()->get_first() );
+ if (ka->useSim){
+ addSignaturePayload(ka->getSim());
+ }else{
+ errorMessage->addSignaturePayload( ka->certificateChain()->get_first() );
+ }
throw MikeyExceptionMessageContent( errorMessage );
}
More information about the Minisip-devel
mailing list