r3190 - in trunk/libmikey: include/libmikey keyagreement mikey
mikma at minisip.org
mikma at minisip.org
Fri Feb 2 21:27:26 CET 2007
Author: mikma
Date: 2007-02-02 21:27:25 +0100 (Fri, 02 Feb 2007)
New Revision: 3190
Modified:
trunk/libmikey/include/libmikey/KeyAgreement.h
trunk/libmikey/include/libmikey/KeyAgreementDH.h
trunk/libmikey/include/libmikey/Mikey.h
trunk/libmikey/include/libmikey/MikeyMessage.h
trunk/libmikey/include/libmikey/MikeyPayloadID.h
trunk/libmikey/keyagreement/KeyAgreement.cxx
trunk/libmikey/keyagreement/KeyAgreementDH.cxx
trunk/libmikey/mikey/Mikey.cxx
trunk/libmikey/mikey/MikeyMessage.cxx
trunk/libmikey/mikey/MikeyMessageRSAR.cxx
trunk/libmikey/mikey/MikeyPayloadID.cxx
Log:
Initial support for identities in MIKEY messages. Currently only in
MikeyMessageRSAR. The peer uri can be checked against the subject
alternativ names of the peer certificate.
RSA-R: Fix SIGN payload of R_MESSAGE, need to be calculated over the
identities and the timestamp.
Modified: trunk/libmikey/include/libmikey/KeyAgreement.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreement.h 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/include/libmikey/KeyAgreement.h 2007-02-02 20:27:25 UTC (rev 3190)
@@ -158,6 +158,12 @@
std::string authError();
void setAuthError( std::string error );
+ const std::string &uri() const;
+ void setUri( const std::string &uri );
+
+ const std::string &peerUri() const;
+ void setPeerUri( const std::string &peerUri );
+
virtual std::string getMemObjectType() const {return "KeyAgreement";}
/* IPSEC Specific */
@@ -217,6 +223,9 @@
MRef<MikeyMessage *> responderDataPtr;
std::string authErrorValue;
+
+ std::string uriValue;
+ std::string peerUriValue;
};
#endif
Modified: trunk/libmikey/include/libmikey/KeyAgreementDH.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreementDH.h 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/include/libmikey/KeyAgreementDH.h 2007-02-02 20:27:25 UTC (rev 3190)
@@ -50,7 +50,7 @@
virtual MRef<certificate_chain *> certificateChain();
virtual MRef<certificate_chain *> peerCertificateChain();
virtual void setPeerCertificateChain( MRef<certificate_chain *> chain );
- virtual int controlPeerCertificate();
+ virtual int controlPeerCertificate( const std::string &peerUri );
private:
MRef<certificate_chain *> certChainPtr;
Modified: trunk/libmikey/include/libmikey/Mikey.h
===================================================================
--- trunk/libmikey/include/libmikey/Mikey.h 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/include/libmikey/Mikey.h 2007-02-02 20:27:25 UTC (rev 3190)
@@ -66,12 +66,14 @@
/* Key management handling */
// Initiator methods
- std::string initiatorCreate( int kaType );
+ std::string initiatorCreate( int kaType,
+ const std::string &peerUri="" );
bool initiatorAuthenticate( std::string message );
std::string initiatorParse();
// Responder methods
- bool responderAuthenticate( std::string message );
+ bool responderAuthenticate( const std::string &message,
+ const std::string &peerUri="" );
std::string responderParse();
void setMikeyOffer();
@@ -84,6 +86,8 @@
void addSender( uint32_t ssrc );
+ const std::string &peerUri() const;
+
protected:
void setState( State newState );
Modified: trunk/libmikey/include/libmikey/MikeyMessage.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyMessage.h 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/include/libmikey/MikeyMessage.h 2007-02-02 20:27:25 UTC (rev 3190)
@@ -72,6 +72,7 @@
class KeyAgreementDHHMAC;
class KeyAgreementPKE;
class KeyAgreementRSAR;
+class MikeyPayloadID;
class LIBMIKEY_API MikeyPayloads: public MObject{
public:
@@ -81,9 +82,12 @@
void addPayload( MRef<MikeyPayload*> payload );
void operator+=( MRef<MikeyPayload*> payload );
- void addSignaturePayload( MRef<SipSim*> sim );
- void addSignaturePayload( MRef<certificate *> cert );
- bool verifySignature( MRef<certificate*> cert );
+ void addSignaturePayload( MRef<SipSim*> sim,
+ bool addIdsAndT = false );
+ void addSignaturePayload( MRef<certificate *> cert,
+ bool addIdsAndT = false );
+ bool verifySignature( MRef<certificate*> cert,
+ bool addIdsAndT = false );
void addVPayload( int macAlg, uint64_t receivedT,
byte_t * authKey, uint32_t authKeyLength);
@@ -105,6 +109,11 @@
int encrAlg, int macAlg );
bool extractPkeEnvKey( KeyAgreementPKE* ka ) const;
+ void addId( const std::string &id );
+ const MikeyPayloadID* extractId( int index ) const;
+ std::string extractIdStr( int index ) const;
+ std::vector<byte_t> extractIdVec( int index ) const;
+
std::string debugDump();
byte_t * rawMessageData();
int rawMessageLength();
@@ -128,6 +137,8 @@
void addPolicyToPayload(KeyAgreement * ka);
void addPolicyTo_ka(KeyAgreement * ka);
+ std::vector<byte_t> buildSignData( size_t sigLength,
+ bool addIdsAndT = false );
/**
* Store pointer to raw data.
Modified: trunk/libmikey/include/libmikey/MikeyPayloadID.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyPayloadID.h 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/include/libmikey/MikeyPayloadID.h 2007-02-02 20:27:25 UTC (rev 3190)
@@ -48,6 +48,10 @@
virtual int length();
virtual std::string debugDump();
+ int idType() const;
+ int idLength() const;
+ const byte_t * idData() const;
+
private:
int idTypeValue;
int idLengthValue;
Modified: trunk/libmikey/keyagreement/KeyAgreement.cxx
===================================================================
--- trunk/libmikey/keyagreement/KeyAgreement.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/keyagreement/KeyAgreement.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -367,6 +367,22 @@
authErrorValue = error;
}
+const std::string & KeyAgreement::uri() const{
+ return uriValue;
+}
+
+void KeyAgreement::setUri( const std::string &theUri ){
+ uriValue = theUri;
+}
+
+const std::string &KeyAgreement::peerUri() const{
+ return peerUriValue;
+}
+
+void KeyAgreement::setPeerUri( const std::string &thePeerUri ){
+ peerUriValue = thePeerUri;
+}
+
void KeyAgreement::setCsIdMap( MRef<MikeyCsIdMap *> idMap ){
csIdMapPtr = idMap;
}
Modified: trunk/libmikey/keyagreement/KeyAgreementDH.cxx
===================================================================
--- trunk/libmikey/keyagreement/KeyAgreementDH.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/keyagreement/KeyAgreementDH.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -235,10 +235,51 @@
peerCertChainPtr = peerChain;
}
-int PeerCertificates::controlPeerCertificate(){
+int PeerCertificates::controlPeerCertificate( const std::string &peerUri ){
if( peerCertChainPtr.isNull() || certDbPtr.isNull() )
return 0;
- return peerCertChainPtr->control( certDbPtr );
+
+ int res = peerCertChainPtr->control( certDbPtr );
+ if( !res ){
+ return res;
+ }
+
+ if( peerUri == "" ){
+ return 1;
+ }
+
+ MRef<certificate *> peerCert = peerCertChainPtr->get_first();
+ vector<string> altNames;
+
+ altNames = peerCert->get_alt_name( certificate::SAN_URI );
+ if( find( altNames.begin(), altNames.end(), peerUri ) != altNames.end() ){
+ return 1;
+ }
+
+ string id = peerUri;
+ size_t pos = peerUri.find(':');
+
+ if( pos != string::npos ){
+ id = peerUri.substr( pos + 1 );
+ }
+
+ altNames = peerCert->get_alt_name( certificate::SAN_RFC822NAME );
+ if( find( altNames.begin(), altNames.end(), id ) != altNames.end() ){
+ return 1;
+ }
+
+ pos = id.find('@');
+ if( pos != string::npos ){
+ id = id.substr( pos + 1 );
+ }
+
+ altNames = peerCert->get_alt_name( certificate::SAN_DNSNAME );
+ if( find( altNames.begin(), altNames.end(), id ) != altNames.end() ){
+ return 1;
+ }
+
+ cerr << "Peer URI " << peerUri << " not found in subject alt names." << endl;
+ return 0;
}
MikeyMessage* KeyAgreementDH::createMessage(){
Modified: trunk/libmikey/mikey/Mikey.cxx
===================================================================
--- trunk/libmikey/mikey/Mikey.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/mikey/Mikey.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -67,7 +67,8 @@
Mikey::~Mikey(){
}
-bool Mikey::responderAuthenticate( string message ){
+bool Mikey::responderAuthenticate( const string &message,
+ const string &peerUri ){
setState( STATE_RESPONDER );
@@ -86,6 +87,7 @@
"Can't handle key agreement" );
}
+ ka->setPeerUri( peerUri );
ka->setInitiatorData( init_mes );
#ifdef ENABLE_TS
@@ -107,7 +109,7 @@
PeerCertificates *peers =
dynamic_cast<PeerCertificates*>(*ka);
if( peers ){
- if( peers->controlPeerCertificate() == 0){
+ if( peers->controlPeerCertificate( ka->peerUri() ) == 0){
throw MikeyExceptionAuthentication(
"Certificate check failed in the incoming MIKEY message" );
}
@@ -228,7 +230,7 @@
}
-string Mikey::initiatorCreate( int type ){
+string Mikey::initiatorCreate( int type, const string &peerUri ){
MRef<MikeyMessage *> message;
setState( STATE_INITIATOR );
@@ -239,6 +241,7 @@
throw MikeyException( "Can't create key agreement" );
}
+ ka->setPeerUri( peerUri );
message = ka->createMessage();
string b64Message = message->b64Message();
@@ -288,7 +291,7 @@
PeerCertificates *peers =
dynamic_cast<PeerCertificates*>(*ka);
if( peers ){
- if( peers->controlPeerCertificate() == 0){
+ if( peers->controlPeerCertificate( ka->peerUri() ) == 0){
throw MikeyExceptionAuthentication(
"Certificate control failed" );
}
@@ -446,6 +449,15 @@
return ka ? ka->authError() : "";
}
+const std::string &Mikey::peerUri() const{
+ static string empty;
+
+ if( state != STATE_AUTHENTICATED )
+ return empty;
+
+ return ka->peerUri();
+}
+
void Mikey::setState( State newState ){
state = newState;
}
@@ -546,6 +558,8 @@
}
}
+ ka->setUri( config->getUri() );
+
if( isInitiator() ){
addStreamsToKa();
}
Modified: trunk/libmikey/mikey/MikeyMessage.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessage.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/mikey/MikeyMessage.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -313,12 +313,55 @@
addPayload( payload );
}
+static vector<byte_t> tsToVec( uint64_t ts ){
+ vector<byte_t> vec;
-void MikeyPayloads::addSignaturePayload( MRef<SipSim*> sim ){
+ vec.resize( 8 );
+ for( int i = 0; i < 8; i++ ){
+ vec[ 8 - i - 1 ] =
+ (byte_t)((ts >> (i*8))&0xFF);
+ }
+
+ return vec;
+}
+
+vector<byte_t> MikeyPayloads::buildSignData( size_t sigLength,
+ bool useIdsT ){
+ vector<byte_t> signData;
+
+// signData.reserve( signDataLen );
+ signData.insert( signData.end(), rawMessageData(),
+ rawMessageData() + rawMessageLength() - sigLength );
+
+ if( useIdsT ){
+ vector<byte_t> vecIDi = extractIdVec( 0 );
+ vector<byte_t> vecIDr = extractIdVec( 1 );
+ MRef<MikeyPayload*> i;
+
+ i = extractPayload( MIKEYPAYLOAD_T_PAYLOAD_TYPE );
+ if( !i ){
+ throw MikeyException( "Could not perform digital signature of the message, no T" );
+ }
+
+ MRef<MikeyPayloadT*> plT = dynamic_cast<MikeyPayloadT*>(*i);
+ vector<byte_t> vecTs = tsToVec( plT->ts() );
+
+ signData.insert( signData.end(), vecIDi.begin(), vecIDi.end() );
+ signData.insert( signData.end(), vecIDr.begin(), vecIDr.end() );
+ signData.insert( signData.end(), vecTs.begin(), vecTs.end() );
+ }
+
+ return signData;
+}
+
+
+void MikeyPayloads::addSignaturePayload( MRef<SipSim*> sim,
+ bool addIdsAndT ){
byte_t signature[4096];
int signatureLength=4096;
MikeyPayloadSIGN * sign;
MRef<MikeyPayload*> last;
+ vector<byte_t> signData;
// set the previous nextPayloadType to signature
last = *lastPayload();
@@ -330,8 +373,9 @@
addPayload( ( sign = new MikeyPayloadSIGN( GUESSED_SIGNATURE_LENGTH,
MIKEYPAYLOAD_SIGN_TYPE_RSA_PKCS ) ) );
- if (!sim->getSignature( rawMessageData(),
- rawMessageLength() - GUESSED_SIGNATURE_LENGTH,
+ signData = buildSignData( GUESSED_SIGNATURE_LENGTH, addIdsAndT );
+
+ if (!sim->getSignature( &signData.front(), signData.size(),
signature, signatureLength, true )){
throw MikeyException( "Could not perform digital signature of the message" );
}
@@ -339,9 +383,9 @@
if (signatureLength!=GUESSED_SIGNATURE_LENGTH){ // if the length field in the signature payload was
// wrong, we have to redo the signature
sign->setSigData(signature, signatureLength); // the length needs to be set to the correct value
+ signData = buildSignData( signatureLength, addIdsAndT );
- sim->getSignature( rawMessageData(),
- rawMessageLength() - signatureLength,
+ sim->getSignature( &signData.front(), signData.size(),
signature, signatureLength, true );
}
@@ -350,11 +394,13 @@
}
-void MikeyPayloads::addSignaturePayload( MRef<certificate *> cert ){
+void MikeyPayloads::addSignaturePayload( MRef<certificate *> cert,
+ bool addIdsAndT ){
byte_t signature[4096];
int signatureLength = 128;
MikeyPayloadSIGN * sign;
MRef<MikeyPayload*> last;
+ vector<byte_t> signData;
// set the previous nextPayloadType to signature
last = *lastPayload();
@@ -375,8 +421,9 @@
addPayload( ( sign = new MikeyPayloadSIGN(GUESSED_SIGNATURE_LENGTH, MIKEYPAYLOAD_SIGN_TYPE_RSA_PKCS ) ) );
- if (cert->sign_data( rawMessageData(),
- rawMessageLength() - GUESSED_SIGNATURE_LENGTH,
+ signData = buildSignData( GUESSED_SIGNATURE_LENGTH, addIdsAndT );
+
+ if (cert->sign_data( &signData.front(), signData.size(),
signature, &signatureLength )){
throw MikeyException( "Could not perform digital signature of the message" );
}
@@ -385,10 +432,10 @@
if (signatureLength!=GUESSED_SIGNATURE_LENGTH){ // if the length field in the signature payload was
// wrong, we have to redo the signature
sign->setSigData(signature, signatureLength); // the length needs to be set to the correct value
+ signData = buildSignData( signatureLength, addIdsAndT );
- cert->sign_data( rawMessageData(),
- rawMessageLength() - signatureLength,
- signature, &signatureLength );
+ cert->sign_data( &signData.front(), signData.size(),
+ signature, &signatureLength );
}
sign->setSigData( signature, signatureLength ); // the payload signature is a dummy value until we do this
@@ -867,7 +914,8 @@
return peerChain;
}
-bool MikeyPayloads::verifySignature( MRef<certificate*> cert ){
+bool MikeyPayloads::verifySignature( MRef<certificate*> cert,
+ bool addIdsAndT ){
MRef<MikeyPayload*> payload =
extractPayload(MIKEYPAYLOAD_SIGN_PAYLOAD_TYPE);
@@ -876,9 +924,11 @@
}
MikeyPayloadSIGN* sig = dynamic_cast<MikeyPayloadSIGN*>(*payload);
+ vector<byte_t> signData;
- int res = cert->verif_sign( rawMessageData(),
- rawMessageLength() - sig->sigLength(),
+ signData = buildSignData( sig->sigLength(), addIdsAndT );
+
+ int res = cert->verif_sign( &signData.front(), signData.size(),
sig->sigData(),
sig->sigLength() );
return res > 0;
@@ -1010,14 +1060,9 @@
MikeyPayloadKeyData* keydata =
new MikeyPayloadKeyData(KEYDATA_TYPE_TGK, ka->tgk(),
ka->tgkLength(), ka->keyValidity());
- // FIXME get uri from certificate.
- const char uri[] = "sip:test";
- MikeyPayloadID* initId =
- new MikeyPayloadID( MIKEYPAYLOAD_ID_TYPE_URI, strlen( uri ), (byte_t*)uri );
- subPayloads->addPayload( initId );
+ subPayloads->addId( ka->uri() );
subPayloads->addPayload( keydata );
- initId = NULL;
keydata = NULL;
unsigned int rawKeyDataLength = subPayloads->rawMessageLength();
@@ -1091,3 +1136,80 @@
envKey = NULL;
return true;
}
+
+void MikeyPayloads::addId( const string &theId ){
+ int type = MIKEYPAYLOAD_ID_TYPE_URI;
+ string id = theId;
+
+ if( id.substr( 0, 4 ) == "nai:" ){
+ type = MIKEYPAYLOAD_ID_TYPE_NAI;
+ id = id.substr( 4 );
+ }
+
+ MikeyPayloadID* initId =
+ new MikeyPayloadID( type, id.size(), (byte_t*)id.c_str() );
+ addPayload( initId );
+}
+
+const MikeyPayloadID* MikeyPayloads::extractId( int index ) const{
+ const MikeyPayloadID *id = NULL;
+ list<MRef<MikeyPayload*> >::const_iterator i;
+ list<MRef<MikeyPayload*> >::const_iterator last = lastPayload();
+ int j;
+
+ for( i = firstPayload(), j = 0; i != last; i++ ){
+ MRef<MikeyPayload*> payload = *i;
+
+ if( payload->payloadType() == MIKEYPAYLOAD_ID_PAYLOAD_TYPE ){
+ if( j == index ){
+ id = dynamic_cast<const MikeyPayloadID*>(*payload);
+ break;
+ }
+
+ j++;
+ }
+ }
+
+ return id;
+}
+
+
+string MikeyPayloads::extractIdStr( int index ) const{
+ const MikeyPayloadID *id = extractId( index );
+
+ if( !id ){
+ return "";
+ }
+
+ string idData = string( (const char*)id->idData(), id->idLength() );
+ string idStr;
+
+ switch( id->idType() ){
+ case MIKEYPAYLOAD_ID_TYPE_NAI:
+ idStr = "nai:" + idData;
+ break;
+
+ case MIKEYPAYLOAD_ID_TYPE_URI:
+ idStr = idData;
+ break;
+
+ default:
+ return "";
+ }
+
+ return idStr;
+}
+
+
+vector<byte_t> MikeyPayloads::extractIdVec( int index ) const{
+ const MikeyPayloadID *id = extractId( index );
+ vector<byte_t> result;
+
+ if( !id ){
+ return result;
+ }
+
+ result.resize( id->idLength() );
+ memcpy( &result.front(), id->idData(), id->idLength() );
+ return result;
+}
Modified: trunk/libmikey/mikey/MikeyMessageRSAR.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessageRSAR.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/mikey/MikeyMessageRSAR.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -1,7 +1,7 @@
/*
Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
- Copyright (C) 2006 Mikael Magnusson
+ Copyright (C) 2006-2007 Mikael Magnusson
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -79,9 +79,17 @@
//keep a copy of the random value
ka->setRand(randPayload->randData(), randPayload->randLength());
+ // Add initiator identity (IDi)
+ addId( ka->uri() );
+
// Add certificate chain (SIGN)
addCertificatePayloads( ka->certificateChain() );
+ // Add responder identity (IDr)
+ if( !ka->peerUri().empty() ){
+ addId( ka->peerUri() );
+ }
+
// Add signature (T)
addSignaturePayload( ka->certificateChain()->get_first() );
}
@@ -209,6 +217,9 @@
MikeyPayloadRAND* randPayload = NULL;
result->addPayload(randPayload = new MikeyPayloadRAND());
+ // Add IDr
+ result->addId( ka->uri() );
+
// Add certificate chain
result->addCertificatePayloads( ka->certificateChain() );
@@ -218,7 +229,9 @@
result->addPkeKemac( ka, encrAlg, macAlg );
- result->addSignaturePayload( ka->certificateChain()->get_first() );
+ result->addSignaturePayload( ka->certificateChain()->get_first(),
+// false );
+ true );
return *result;
}
@@ -340,9 +353,18 @@
iv = NULL;
}
+ string peerUri = subPayloads->extractIdStr( 0 );
+ if( peerUri.empty() || peerUri != ka->peerUri() ){
+ cerr << "Encrypted IDr mismatch" << endl;
+
+ error = true;
+ errorMessage->addPayload(
+ new MikeyPayloadERR( MIKEY_ERR_TYPE_INVALID_ID ) );
+ }
+
MRef<MikeyPayload *> plKeyData =
subPayloads->extractPayload( MIKEYPAYLOAD_KEYDATA_PAYLOAD_TYPE );
-
+ if( plKeyData ){
MikeyPayloadKeyData *keyData =
dynamic_cast<MikeyPayloadKeyData*>(*plKeyData);
@@ -351,6 +373,12 @@
ka->setTgk( tgk, tgkLength );
ka->setKeyValidity( keyData->kv() );
+ }
+ else{
+ error = true;
+ errorMessage->addPayload(
+ new MikeyPayloadERR( MIKEY_ERR_TYPE_UNSPEC ) );
+ }
#undef kemac
if( error ){
@@ -414,6 +442,39 @@
return true;
}
+ // Check Peer ID (IDi resp IDr)
+ string peerUri = extractIdStr( 0 );
+ if( !peerUri.empty() ){
+ if( !ka->peerUri().empty() ){
+ if( peerUri != ka->peerUri() ){
+ cerr << "Peer ID mismatch " + peerUri + " != " + ka->peerUri() << endl;
+ ka->setAuthError( "Peer ID mismatch" );
+ return true;
+ }
+#ifdef DEBUG_OUTPUT
+ cerr << "Peer ID authenticated " << peerUri << endl;
+#endif
+ }
+ else{
+ ka->setPeerUri( peerUri );
+ }
+ }
+
+ // Check My ID (IDr)
+ if( isInitiatorMessage() ){
+ string uri = extractIdStr( 1 );
+ if( !uri.empty() ){
+ if( uri != ka->uri() ){
+ cerr << "ID mismatch" << endl;
+ ka->setAuthError( "ID mismatch" );
+ return true;
+ }
+#ifdef DEBUG_OUTPUT
+ cerr << "ID match" << endl;
+#endif
+ }
+ }
+
// Fetch peer certificate chain
MRef<certificate_chain *> peerChain = ka->peerCertificateChain();
if( peerChain.isNull() || peerChain->get_first().isNull() ){
@@ -427,7 +488,8 @@
ka->setPeerCertificateChain( peerChain );
}
- if( !verifySignature( peerChain->get_first() ) ){
+ if( !verifySignature( peerChain->get_first(),
+ isResponderMessage() ) ){
cout << "Verification of the RSAR init message SIGN payload failed!" << endl;
cout << "Keypair of the initiator probably mismatch!" << endl;
return true;
Modified: trunk/libmikey/mikey/MikeyPayloadID.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyPayloadID.cxx 2007-02-02 17:47:17 UTC (rev 3189)
+++ trunk/libmikey/mikey/MikeyPayloadID.cxx 2007-02-02 20:27:25 UTC (rev 3190)
@@ -95,3 +95,15 @@
"> length=<" + itoa( idLengthValue ) +
"> data=<" + binToHex( idDataPtr, idLengthValue ) + ">";
}
+
+int MikeyPayloadID::idType() const{
+ return idTypeValue;
+}
+
+int MikeyPayloadID::idLength() const{
+ return idLengthValue;
+}
+
+const byte_t * MikeyPayloadID::idData() const{
+ return idDataPtr;
+}
More information about the Minisip-devel
mailing list