r3087 - in trunk: libmikey/include/libmikey libmikey/keyagreement
libmikey/mikey libminisip/source/mediahandler
mikma at minisip.org
mikma at minisip.org
Thu Jan 4 18:08:46 CET 2007
Author: mikma
Date: 2007-01-04 18:08:45 +0100 (Thu, 04 Jan 2007)
New Revision: 3087
Modified:
trunk/libmikey/include/libmikey/keyagreement.h
trunk/libmikey/include/libmikey/keyagreement_dh.h
trunk/libmikey/keyagreement/keyagreement.cxx
trunk/libmikey/keyagreement/keyagreement_dh.cxx
trunk/libmikey/mikey/MikeyMessageDH.cxx
trunk/libminisip/source/mediahandler/KeyAgreement.cxx
trunk/libminisip/source/mediahandler/Session.cxx
Log:
* Refactor DH parts of KeyAgreementDH into an abstract class
(KeyAgreementDHBase).
* Use addCertificatePayloads in MikeyMessageDH, removes code duplication.
* Remove group parameter from KeyAgreementDH, since setGroup is now a
virtual method and such can't be called in the constructor.
Modified: trunk/libmikey/include/libmikey/keyagreement.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement.h 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libmikey/include/libmikey/keyagreement.h 2007-01-04 17:08:45 UTC (rev 3087)
@@ -67,8 +67,20 @@
class LIBMIKEY_API MikeyMessage;
-class LIBMIKEY_API KeyAgreement : public MObject{
+class LIBMIKEY_API ITgk{
public:
+ virtual ~ITgk();
+ /**
+ * If tgk == NULL, generate random TGK of specified size
+ */
+ virtual void setTgk( byte_t * tgk, unsigned int tgkLength )=0;
+ virtual unsigned int tgkLength()=0;
+ virtual byte_t * tgk()=0;
+};
+
+class LIBMIKEY_API KeyAgreement : public MObject,
+ public virtual ITgk{
+ public:
KeyAgreement();
~KeyAgreement();
@@ -200,6 +212,4 @@
std::string authErrorValue;
};
-
-
#endif
Modified: trunk/libmikey/include/libmikey/keyagreement_dh.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-04 17:08:45 UTC (rev 3087)
@@ -58,21 +58,11 @@
MRef<ca_db *> certDbPtr;
};
-class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
- public PeerCertificates{
+class LIBMIKEY_API KeyAgreementDHBase: virtual public ITgk{
public:
- KeyAgreementDH( MRef<certificate_chain *> cert,
- MRef<ca_db *> ca_db );
- KeyAgreementDH( MRef<certificate_chain *> cert,
- MRef<ca_db *> ca_db, int group );
+ KeyAgreementDHBase();
+ ~KeyAgreementDHBase();
-
- KeyAgreementDH( MRef<SipSim *> sim );
- KeyAgreementDH( MRef<SipSim *> sim, int group );
- ~KeyAgreementDH();
-
- int32_t type();
-
int computeTgk();
int setGroup( int group );
int group();
@@ -83,16 +73,30 @@
int publicKeyLength();
byte_t * publicKey();
-
+
+ private:
+ OakleyDH * dh;
+ byte_t * peerKeyPtr;
+ int peerKeyLengthValue;
+};
+
+class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
+ public KeyAgreementDHBase,
+ public PeerCertificates{
+ public:
+ KeyAgreementDH( MRef<certificate_chain *> cert,
+ MRef<ca_db *> ca_db );
+ KeyAgreementDH( MRef<SipSim *> sim );
+ ~KeyAgreementDH();
+
+ int32_t type();
+
MikeyMessage* createMessage();
MRef<SipSim*> getSim();
bool useSim;
private:
- OakleyDH * dh;
- byte_t * peerKeyPtr;
- int peerKeyLengthValue;
MRef<SipSim *> sim;
};
Modified: trunk/libmikey/keyagreement/keyagreement.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement.cxx 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libmikey/keyagreement/keyagreement.cxx 2007-01-04 17:08:45 UTC (rev 3087)
@@ -32,6 +32,9 @@
using namespace std;
+ITgk::~ITgk(){
+}
+
KeyAgreement::KeyAgreement():
tgkPtr(NULL), tgkLengthValue(0),
randPtr(NULL), randLengthValue(0),
Modified: trunk/libmikey/keyagreement/keyagreement_dh.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-04 17:08:45 UTC (rev 3087)
@@ -27,6 +27,7 @@
#include<config.h>
#include<libmikey/keyagreement_dh.h>
#include<libmikey/MikeyException.h>
+#include<libmikey/MikeyMessage.h>
#include<libmcrypto/OakleyDH.h>
#include<libmcrypto/SipSim.h>
@@ -54,33 +55,21 @@
}
//
-// KeyAgreementDH
-//
-KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
- MRef<ca_db *> certDbPtr ):
- KeyAgreement(),
- PeerCertificates( certChainPtr, certDbPtr ),
- useSim(false),
+// KeyAgreementDHBase
+//
+KeyAgreementDHBase::KeyAgreementDHBase():
peerKeyPtr( NULL ),
peerKeyLengthValue( 0 )
{
- //policy = list<Policy_type *>::list();
dh = new OakleyDH();
+ if( dh == NULL )
+ {
+ throw MikeyException( "Could not create "
+ "DH parameters." );
+ }
}
-KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
- KeyAgreement(),
- PeerCertificates( s->getCertificateChain(), s->getCAs() ),
- useSim(true),
- peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 ),
- sim(s)
-{
- //policy = list<Policy_type *>::list();
- dh = new OakleyDH();
-}
-
-KeyAgreementDH::~KeyAgreementDH(){
+KeyAgreementDHBase::~KeyAgreementDHBase(){
delete dh;
if( peerKeyPtr != NULL ){
delete [] peerKeyPtr;
@@ -88,54 +77,33 @@
}
}
+//
+// KeyAgreementDH
+//
KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
- MRef<ca_db *> certDbPtr, int groupValue ):
- PeerCertificates( certChainPtr, certDbPtr ),
- useSim(false),
- peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 )
+ MRef<ca_db *> certDbPtr ):
+ KeyAgreement(),
+ PeerCertificates( certChainPtr, certDbPtr ),
+ useSim(false)
{
- //policy = list<Policy_type *>::list();
- dh = new OakleyDH();
- if( dh == NULL )
- {
- throw MikeyException( "Could not create "
- "DH parameters." );
- }
-
- if( setGroup( groupValue ) ){
- throw MikeyException( "Could not set the "
- "DH group." );
- }
}
-
-KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s, int groupValue ):
- PeerCertificates( s->getCertificateChain(), s->getCAs() ),
+KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
+ KeyAgreementDHBase(),
+ PeerCertificates( s->getCertificateChain(), s->getCAs() ),
useSim(true),
- peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 ),
sim(s)
{
- //policy = list<Policy_type *>::list();
- dh = new OakleyDH();
- if( dh == NULL )
- {
- throw MikeyException( "Could not create "
- "DH parameters." );
- }
+}
- if( setGroup( groupValue ) ){
- throw MikeyException( "Could not set the "
- "DH group." );
- }
+KeyAgreementDH::~KeyAgreementDH(){
}
int32_t KeyAgreementDH::type(){
return KEY_AGREEMENT_TYPE_DH;
}
-int KeyAgreementDH::setGroup( int groupValue ){
+int KeyAgreementDHBase::setGroup( int groupValue ){
if( !dh->setGroup( groupValue ) )
return 1;
@@ -148,7 +116,7 @@
return 0;
}
-void KeyAgreementDH::setPeerKey( unsigned char * peerKeyPtr,
+void KeyAgreementDHBase::setPeerKey( unsigned char * peerKeyPtr,
int peerKeyLengthValue ){
if( this->peerKeyPtr )
delete[] this->peerKeyPtr;
@@ -159,11 +127,11 @@
}
-int KeyAgreementDH::publicKeyLength(){
+int KeyAgreementDHBase::publicKeyLength(){
return dh->publicKeyLength();
}
-unsigned char * KeyAgreementDH::publicKey(){
+unsigned char * KeyAgreementDHBase::publicKey(){
unsigned char * publicKey;
uint32_t length = publicKeyLength();
publicKey = new unsigned char[ length ];
@@ -172,23 +140,23 @@
}
-int KeyAgreementDH::computeTgk(){
+int KeyAgreementDHBase::computeTgk(){
assert( peerKeyPtr );
int res = dh->computeSecret( peerKeyPtr, peerKeyLengthValue, tgk(), tgkLength() );
return res;
}
-int KeyAgreementDH::group(){
+int KeyAgreementDHBase::group(){
return dh->group();
}
-int KeyAgreementDH::peerKeyLength(){
+int KeyAgreementDHBase::peerKeyLength(){
return peerKeyLengthValue;
}
-unsigned char * KeyAgreementDH::peerKey(){
+unsigned char * KeyAgreementDHBase::peerKey(){
return peerKeyPtr;
}
Modified: trunk/libmikey/mikey/MikeyMessageDH.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessageDH.cxx 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libmikey/mikey/MikeyMessageDH.cxx 2007-01-04 17:08:45 UTC (rev 3087)
@@ -45,8 +45,6 @@
MikeyMessageDH::MikeyMessageDH( KeyAgreementDH * ka ){
- MRef<certificate_chain *> certChain;
- MRef<certificate *> cert;
/* generate random a CryptoSessionBundle ID */
unsigned int csbId = rand();
ka->setCsbId( csbId );
@@ -69,19 +67,7 @@
payload->randLength() );
/* Include the list of certificates if available */
- certChain = ka->certificateChain();
- if( !certChain.isNull() ){
- ka->certificateChain()->lock();
- certChain->init_index();
- cert = certChain->get_next();
- while( ! cert.isNull() ){
- addPayload( new MikeyPayloadCERT(
- MIKEYPAYLOAD_CERT_TYPE_X509V3SIGN,
- cert) );
- cert = certChain->get_next();
- }
- ka->certificateChain()->unlock();
- }
+ addCertificatePayloads( ka->certificateChain() );
addPayload( new MikeyPayloadDH( ka->group(),
ka->publicKey(),
@@ -107,11 +93,7 @@
MikeyPayload * i = extractPayload( MIKEYPAYLOAD_HDR_PAYLOAD_TYPE );
bool error = false;
- MRef<certificate *> peerCert;
- peerCert = NULL;
MikeyMessage * errorMessage = new MikeyMessage();
- MRef<certificate *> cert;
- MRef<certificate_chain *> certChain;
if( i == NULL ){
throw MikeyExceptionMessageContent(
@@ -153,6 +135,7 @@
new MikeyPayloadERR( MIKEY_ERR_TYPE_UNSPEC ) );
}
+ // FIXME i can be NULL
if( ((MikeyPayloadT*)i)->checkOffset( MAX_TIME_OFFSET ) ){
error = true;
errorMessage->addPayload(
@@ -171,6 +154,7 @@
new MikeyPayloadERR( MIKEY_ERR_TYPE_UNSPEC ) );
}
+ // FIXME i can be NULL
ka->setRand( ((MikeyPayloadRAND *)i)->randData(),
((MikeyPayloadRAND *)i)->randLength() );
@@ -210,6 +194,7 @@
}
+ // FIXME i can be NULL
if( ka->group() != ((MikeyPayloadDH *)i)->group() ){
ka->setGroup( ((MikeyPayloadDH *)i)->group() );
}
@@ -235,8 +220,6 @@
}
// Build the response message
- MRef<certificate *> cert;
- MRef<certificate_chain *> certChain;
MikeyMessage * result = new MikeyMessage();
result->addPayload(
new MikeyPayloadHDR( HDR_DATA_TYPE_DH_RESP, 0,
@@ -249,19 +232,7 @@
addPolicyToPayload( ka ); //Is in MikeyMessage.cxx
/* Include the list of certificates if available */
- certChain = ka->certificateChain();
- if( !certChain.isNull() ){
- ka->certificateChain()->lock();
- certChain->init_index();
- cert = certChain->get_next();
- while( !cert.isNull() ){
- result->addPayload( new MikeyPayloadCERT(
- MIKEYPAYLOAD_CERT_TYPE_X509V3SIGN,
- cert) );
- cert = certChain->get_next();
- }
- ka->certificateChain()->unlock();
- }
+ result->addCertificatePayloads( ka->certificateChain() );
result->addPayload( new MikeyPayloadDH(
ka->group(),
@@ -293,7 +264,6 @@
MikeyPayload * i = extractPayload( MIKEYPAYLOAD_HDR_PAYLOAD_TYPE );
bool error = false;
bool gotDhi = false;
- certificate * peerCert;
MikeyMessage * errorMessage = new MikeyMessage();
MRef<MikeyCsIdMap *> csIdMap;
uint8_t nCs;
@@ -336,6 +306,7 @@
new MikeyPayloadERR( MIKEY_ERR_TYPE_UNSPEC ) );
}
+ // FIXME i can be NULL
if( ((MikeyPayloadT*)i)->checkOffset( MAX_TIME_OFFSET ) ){
error = true;
errorMessage->addPayload(
@@ -372,6 +343,7 @@
new MikeyPayloadERR( MIKEY_ERR_TYPE_UNSPEC ) );
}
+ // FIXME i can be NULL
#define dh ((MikeyPayloadDH *)i)
if( string( (const char *)dh->dhKey(),
dh->dhKeyLength() ) ==
Modified: trunk/libminisip/source/mediahandler/KeyAgreement.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2007-01-04 17:08:45 UTC (rev 3087)
@@ -35,6 +35,7 @@
#include<libmikey/keyagreement_dh.h>
#include<libmikey/keyagreement_psk.h>
#include<libmikey/MikeyException.h>
+#include<libmikey/MikeyMessage.h>
#ifdef _WIN32_WCE
# include"../include/minisip_wce_extra_includes.h"
@@ -85,7 +86,8 @@
if( !ka ){
ka = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain(),
- /*securityConfig.cert_db*/ identity->getSim()->getCAs(), DH_GROUP_OAKLEY5 );
+ /*securityConfig.cert_db*/ identity->getSim()->getCAs() );
+ ((KeyAgreementDH*)*ka)->setGroup( DH_GROUP_OAKLEY5 );
}
ka->setInitiatorData( init_mes );
@@ -313,8 +315,8 @@
}
if( !ka ){
ka = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain() ,
- /*securityConfig.cert_db*/ identity->getSim()->getCAs(),
- DH_GROUP_OAKLEY5 );
+ /*securityConfig.cert_db*/ identity->getSim()->getCAs() );
+ ((KeyAgreementDH*)*ka)->setGroup( DH_GROUP_OAKLEY5 );
}
addStreamsToKa();
#ifdef ENABLE_TS
Modified: trunk/libminisip/source/mediahandler/Session.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/Session.cxx 2007-01-04 15:29:50 UTC (rev 3086)
+++ trunk/libminisip/source/mediahandler/Session.cxx 2007-01-04 17:08:45 UTC (rev 3087)
@@ -90,8 +90,11 @@
if( Session::precomputedKa.isNull()
&& identity && identity->getSim() ){
- Session::precomputedKa = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain(),
- /*securityConfig.cert_db*/ identity->getSim()->getCAs(), DH_GROUP_OAKLEY5 );
+ KeyAgreementDH* ka = NULL;
+ ka = new KeyAgreementDH( identity->getSim()->getCertificateChain(),
+ identity->getSim()->getCAs() );
+ ka->setGroup( DH_GROUP_OAKLEY5 );
+ Session::precomputedKa = ka;
}
}
More information about the Minisip-devel
mailing list