r3111 - in trunk: libmcrypto/include/libmcrypto
libmcrypto/include/libmcrypto/gnutls
libmcrypto/include/libmcrypto/openssl libmcrypto/source
libmcrypto/source/gnutls libmcrypto/source/openssl libmikey
libmikey/include libmikey/include/libmikey
libmikey/keyagreement libmikey/mikey
libminisip/include/libminisip/mediahandler libminisip/source
libminisip/source/mediahandler libmsip/source
erik at minisip.org
erik at minisip.org
Thu Jan 11 00:58:36 CET 2007
Author: erik
Date: 2007-01-11 00:58:35 +0100 (Thu, 11 Jan 2007)
New Revision: 3111
Added:
trunk/libmcrypto/include/libmcrypto/TlsException.h
trunk/libmcrypto/include/libmcrypto/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/TlsSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsException.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h
trunk/libmcrypto/source/TlsException.cxx
trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx
trunk/libmcrypto/source/gnutls/TlsSocket.cxx
trunk/libmcrypto/source/openssl/TlsException.cxx
trunk/libmcrypto/source/openssl/TlsServerSocket.cxx
trunk/libmcrypto/source/openssl/TlsSocket.cxx
trunk/libmikey/include/libmikey/KeyAgreement.h
trunk/libmikey/include/libmikey/KeyAgreementDH.h
trunk/libmikey/include/libmikey/KeyAgreementPSK.h
trunk/libmikey/include/libmikey/KeyValidity.h
trunk/libmikey/keyagreement/KeyAgreement.cxx
trunk/libmikey/keyagreement/KeyAgreementDH.cxx
trunk/libmikey/keyagreement/KeyAgreementPSK.cxx
trunk/libmikey/keyagreement/KeyValidity.cxx
Removed:
trunk/libmcrypto/include/libmcrypto/TLSException.h
trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
trunk/libmcrypto/source/TLSException.cxx
trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx
trunk/libmcrypto/source/gnutls/TLSSocket.cxx
trunk/libmcrypto/source/openssl/TLSException.cxx
trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
trunk/libmcrypto/source/openssl/TLSSocket.cxx
trunk/libmikey/include/libmikey/keyagreement.h
trunk/libmikey/include/libmikey/keyagreement_dh.h
trunk/libmikey/include/libmikey/keyagreement_psk.h
trunk/libmikey/include/libmikey/keyvalidity.h
trunk/libmikey/keyagreement/keyagreement.cxx
trunk/libmikey/keyagreement/keyagreement_dh.cxx
trunk/libmikey/keyagreement/keyagreement_psk.cxx
trunk/libmikey/keyagreement/keyvalidity.cxx
Modified:
trunk/libmcrypto/include/libmcrypto/Makefile.am
trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am
trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
trunk/libmcrypto/source/Makefile.am
trunk/libmcrypto/source/gnutls/Makefile.am
trunk/libmcrypto/source/openssl/Makefile.am
trunk/libmikey/Makefile.am
trunk/libmikey/include/Makefile.am
trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h
trunk/libmikey/include/libmikey/KeyAgreementPKE.h
trunk/libmikey/include/libmikey/MikeyMessage.h
trunk/libmikey/include/libmikey/MikeyPayloadDH.h
trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h
trunk/libmikey/mikey/MikeyMessageDH.h
trunk/libmikey/mikey/MikeyMessagePSK.cxx
trunk/libmikey/mikey/MikeyMessagePSK.h
trunk/libminisip/include/libminisip/mediahandler/Session.h
trunk/libminisip/source/Minisip.cxx
trunk/libminisip/source/mediahandler/KeyAgreement.cxx
trunk/libminisip/source/mediahandler/MediaHandler.cxx
trunk/libminisip/source/mediahandler/MediaStream.cxx
trunk/libminisip/source/mediahandler/Session.cxx
trunk/libmsip/source/SipLayerTransport.cxx
trunk/libmsip/source/SipStackInternal.cxx
Log:
* Renaming files according naming contention:
Example: keyagreement_dh.h -> KeyAgreementDH.h
Modified: trunk/libmcrypto/include/libmcrypto/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -33,9 +33,9 @@
sha1.h \
uuid.h \
config.h \
- TLSException.h \
- TLSServerSocket.h \
- TLSSocket.h \
+ TlsException.h \
+ TlsServerSocket.h \
+ TlsSocket.h \
ZrtpDH.h \
$(OTHER_FILES)
Deleted: trunk/libmcrypto/include/libmcrypto/TLSException.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSException.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSException.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,48 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef MLIBMCRYPTO_TLS_EXCEPTION_H
-#define MLIBMCRYPTO_TLS_EXCEPTION_H
-
-#include<libmcrypto/config.h>
-#include<libmnetutil/NetworkException.h>
-
-class LIBMCRYPTO_API TLSInitFailed : public NetworkException{
- public:
- TLSInitFailed();
- virtual ~TLSInitFailed() throw(){}
- virtual const char *what();
- private:
- std::string msg;
-};
-
-class LIBMCRYPTO_API TLSContextInitFailed : public NetworkException{
- public:
- TLSContextInitFailed();
- virtual ~TLSContextInitFailed() throw(){}
- virtual const char*what();
- private:
- std::string msg;
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,47 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef TLSSERVERSOCKET_H
-#define TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmutil/mtypes.h>
-#include<libmnetutil/ServerSocket.h>
-#include<libmcrypto/cert.h>
-
-class LIBMNETUTIL_API TLSServerSocket : public ServerSocket {
-
- public:
- virtual ~TLSServerSocket();
-
- static ServerSocket *create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL );
- static ServerSocket *create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL );
-
- protected:
- TLSServerSocket( int32_t domain, int32_t listen_port );
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,51 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef TLSSOCKET_H
-#define TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmutil/mtypes.h>
-#include<libmutil/MemObject.h>
-#include<libmnetutil/IPAddress.h>
-#include<libmnetutil/StreamSocket.h>
-#include<libmcrypto/cert.h>
-
-class LIBMNETUTIL_API TLSSocket : public StreamSocket {
- public:
- virtual ~TLSSocket();
-
- static TLSSocket* connect( IPAddress &addr,
- int32_t port,
- MRef<certificate *> cert=NULL,
- MRef<ca_db *> cert_db=NULL,
- std::string serverName="" );
-
- protected:
- TLSSocket();
-};
-
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/TlsException.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSException.h)
Copied: trunk/libmcrypto/include/libmcrypto/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h)
Copied: trunk/libmcrypto/include/libmcrypto/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSSocket.h)
Modified: trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -3,7 +3,7 @@
noinst_HEADERS = \
cert.h \
init.h \
- TLSServerSocket.h \
- TLSSocket.h
+ TlsServerSocket.h \
+ TlsSocket.h
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
Deleted: trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,59 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef GNUTLS_TLSSERVERSOCKET_H
-#define GNUTLS_TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmcrypto/TLSServerSocket.h>
-#include<libmcrypto/gnutls/cert.h>
-
-class LIBMNETUTIL_API GnutlsServerSocket : public TLSServerSocket {
-
- public:
- GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db=NULL);
- ~GnutlsServerSocket();
- virtual std::string getMemObjectType() const {return "GnutlsServerSocket";}
-
- virtual MRef<StreamSocket *> accept();
-
- protected:
- virtual void init( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db);
- gnutls_session_t initialize_tls_session();
-
- private:
- MRef<gtls_ca_db *> m_cert_db;
- MRef<gtls_certificate*> m_cert;
-
- gnutls_certificate_credentials_t m_xcred;
- gnutls_x509_crt_t* m_ca_list;
- size_t m_ca_list_len;
-};
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,80 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef GNUTLS_TLSSOCKET_H
-#define GNUTLS_TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmnetutil/StreamSocket.h>
-
-#include<libmcrypto/gnutls/cert.h>
-#include<libmutil/mtypes.h>
-
-#include<libmnetutil/IPAddress.h>
-
-#include<libmutil/MemObject.h>
-#include<libmcrypto/TLSSocket.h>
-
-#include<gnutls/gnutls.h>
-
-class LIBMNETUTIL_API GnutlsSocket : public TLSSocket {
- public:
- GnutlsSocket( IPAddress &addr, int32_t port,
- MRef<gtls_ca_db *> cert_db=NULL,
- MRef<gtls_certificate *> cert=NULL);
-
- GnutlsSocket( MRef<StreamSocket *> sock,
- gnutls_session_t session );
-
- virtual ~GnutlsSocket();
-
- virtual std::string getMemObjectType() const {return "GnutlsSocket";};
-
- virtual int32_t write(std::string);
-
- virtual int32_t write(const void *buf, int32_t count);
-
- virtual int32_t read(void *buf, int32_t count);
-
- private:
- void GnutlsSocket_init( MRef<StreamSocket*> ssock,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert);
-
- gnutls_certificate_credentials_t m_xcred;
- gnutls_session_t m_session;
-
- MRef<StreamSocket *> sock;
-
- MRef<certificate *> peer_cert;
-
- /** CA db */
- MRef<ca_db *> cert_db;
-
- gnutls_x509_crt_t* m_ca_list;
- size_t m_ca_list_len;
-};
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,59 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+ */
+
+#ifndef GNUTLS_TLSSERVERSOCKET_H
+#define GNUTLS_TLSSERVERSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmcrypto/TlsServerSocket.h>
+#include<libmcrypto/gnutls/cert.h>
+
+class LIBMNETUTIL_API GnutlsServerSocket : public TLSServerSocket {
+
+ public:
+ GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db=NULL);
+ ~GnutlsServerSocket();
+ virtual std::string getMemObjectType() const {return "GnutlsServerSocket";}
+
+ virtual MRef<StreamSocket *> accept();
+
+ protected:
+ virtual void init( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db);
+ gnutls_session_t initialize_tls_session();
+
+ private:
+ MRef<gtls_ca_db *> m_cert_db;
+ MRef<gtls_certificate*> m_cert;
+
+ gnutls_certificate_credentials_t m_xcred;
+ gnutls_x509_crt_t* m_ca_list;
+ size_t m_ca_list_len;
+};
+#endif
Copied: trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,80 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+ */
+
+#ifndef GNUTLS_TLSSOCKET_H
+#define GNUTLS_TLSSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmnetutil/StreamSocket.h>
+
+#include<libmcrypto/gnutls/cert.h>
+#include<libmutil/mtypes.h>
+
+#include<libmnetutil/IPAddress.h>
+
+#include<libmutil/MemObject.h>
+#include<libmcrypto/TlsSocket.h>
+
+#include<gnutls/gnutls.h>
+
+class LIBMNETUTIL_API GnutlsSocket : public TLSSocket {
+ public:
+ GnutlsSocket( IPAddress &addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db=NULL,
+ MRef<gtls_certificate *> cert=NULL);
+
+ GnutlsSocket( MRef<StreamSocket *> sock,
+ gnutls_session_t session );
+
+ virtual ~GnutlsSocket();
+
+ virtual std::string getMemObjectType() const {return "GnutlsSocket";};
+
+ virtual int32_t write(std::string);
+
+ virtual int32_t write(const void *buf, int32_t count);
+
+ virtual int32_t read(void *buf, int32_t count);
+
+ private:
+ void GnutlsSocket_init( MRef<StreamSocket*> ssock,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert);
+
+ gnutls_certificate_credentials_t m_xcred;
+ gnutls_session_t m_session;
+
+ MRef<StreamSocket *> sock;
+
+ MRef<certificate *> peer_cert;
+
+ /** CA db */
+ MRef<ca_db *> cert_db;
+
+ gnutls_x509_crt_t* m_ca_list;
+ size_t m_ca_list_len;
+};
+#endif
Modified: trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -6,8 +6,8 @@
noinst_HEADERS = \
cert.h \
init.h \
- TLSException.h \
- TLSServerSocket.h \
- TLSSocket.h
+ TlsException.h \
+ TlsServerSocket.h \
+ TlsSocket.h
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,43 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef TLS_EXCEPTION_H
-#define TLS_EXCEPTION_H
-
-#include<libmcrypto/config.h>
-#include<libmnetutil/NetworkException.h>
-
-#include<openssl/ssl.h>
-
-class LIBMCRYPTO_API TLSConnectFailed : public ConnectFailed{
- public:
- TLSConnectFailed( int errorNumber, SSL * ssl );
- virtual ~TLSConnectFailed() throw(){}
- virtual const char* what();
-
- private:
- SSL * ssl;
- std::string msg;
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,59 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef OPENSSL_TLSSERVERSOCKET_H
-#define OPENSSL_TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmcrypto/TLSServerSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#include<openssl/ssl.h>
-
-class LIBMNETUTIL_API OsslServerSocket : public TLSServerSocket {
-
- public:
- OsslServerSocket( bool use_ipv6, int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
- OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
- virtual std::string getMemObjectType() const {return "OsslServerSocket";}
-
- virtual MRef<StreamSocket *> accept();
-
- protected:
- virtual void init( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db);
-
- private:
- int32_t listen_port;
-
- SSL_CTX * ssl_ctx;
- SSL * ssl;
-
- /**
- CA db
- */
- MRef<ossl_ca_db *> cert_db;
-};
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,128 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef OPENSSL_TLSSOCKET_H
-#define OPENSSL_TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<openssl/ssl.h>
-
-#include<libmnetutil/StreamSocket.h>
-
-#include<libmcrypto/openssl/cert.h>
-#include<libmutil/mtypes.h>
-
-#include<libmnetutil/IPAddress.h>
-
-#include<libmutil/MemObject.h>
-#include<libmcrypto/TLSSocket.h>
-
-
-/**
- Various lists of ciphers. It includes the default list used,
- as well as a strong cipher list (AES+HIGH+MEDIUM:!aNULL);
- a testing list (with the null encryption ciphers).
- set this with TLSSocket::setSSLCiphers( int idx ), where
- idx = 1 is AES.HIGH.MEDIUM
- idx = 2 is TESTING
- all others DEFAULT
- */
-#define SSL_CIPHERS_DEFAULT "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"
-#define SSL_CIPHERS_AES_HIGH_MEDIUM "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA"
-#define SSL_CIPHERS_TESTING "NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
-
-/**
- List of ciphers ... openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'
- This is, all ciphers (included the null encryption ones) except the
- low security and export ones.
- eNULL ciphers are listed for testing purposes. DON't use in production environment!
-ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:\
-ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:\
-DHE-DSS-RC4-SHA:\
-EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:\
-RC4-SHA:RC4-MD5:\
-ADH-DES-CBC3-SHA:\
-ADH-RC4-MD5:\
-DES-CBC3-MD5:\
-RC2-CBC-MD5:RC4-MD5:\
-NULL-SHA:NULL-MD5
-*/
-
-//Okay - another MSVC thing. Looks like I must explicitely instantiate
-//the MRef template like this to avoid linking errors --Erik.
-//� In Microsoft Embedded VC 4.0 this causes a warning ... remove
-#ifdef _MSC_VER
-#ifndef _WIN32_WCE
-template class __declspec(dllexport) MRef<certificate*>;
-template class __declspec(dllexport) MRef<ca_db*>;
-#endif
-#endif
-
-class LIBMNETUTIL_API OsslSocket : public TLSSocket {
- public:
- OsslSocket(std::string addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert = NULL,
- MRef<ossl_ca_db *> cert_db=NULL );
-
- OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert=NULL,
- MRef<ossl_ca_db *> cert_db=NULL );
-
- OsslSocket( MRef<StreamSocket *> sock, SSL_CTX * ssl_ctx );
-
- virtual ~OsslSocket();
-
- virtual std::string getMemObjectType() const {return "OsslSocket";};
-
- virtual int32_t write(std::string);
-
- virtual int32_t write(const void *buf, int32_t count);
-
- virtual int32_t read(void *buf, int32_t count);
- static int32_t setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx );
-
- /* Must be initialized ... now at Minisip.cxx::tls_server_thread*/
- static int8_t sslCipherListIndex;
-
- friend std::ostream& operator<<(std::ostream&, TLSSocket&);
-
- private:
- void OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db );
-
- MRef<StreamSocket *> sock;
-
- SSL_CTX* ssl_ctx;
-
- void* priv;
-
- MRef<ossl_certificate *> peer_cert;
-
- /** CA db */
- MRef<ossl_ca_db *> cert_db;
-};
-
-TLSSocket& operator<<(TLSSocket& sock, std::string str);
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsException.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h)
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,59 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ */
+
+#ifndef OPENSSL_TLSSERVERSOCKET_H
+#define OPENSSL_TLSSERVERSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmcrypto/TlsServerSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#include<openssl/ssl.h>
+
+class LIBMNETUTIL_API OsslServerSocket : public TLSServerSocket {
+
+ public:
+ OsslServerSocket( bool use_ipv6, int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
+ OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
+ virtual std::string getMemObjectType() const {return "OsslServerSocket";}
+
+ virtual MRef<StreamSocket *> accept();
+
+ protected:
+ virtual void init( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db);
+
+ private:
+ int32_t listen_port;
+
+ SSL_CTX * ssl_ctx;
+ SSL * ssl;
+
+ /**
+ CA db
+ */
+ MRef<ossl_ca_db *> cert_db;
+};
+#endif
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,128 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ */
+
+#ifndef OPENSSL_TLSSOCKET_H
+#define OPENSSL_TLSSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<openssl/ssl.h>
+
+#include<libmnetutil/StreamSocket.h>
+
+#include<libmcrypto/openssl/cert.h>
+#include<libmutil/mtypes.h>
+
+#include<libmnetutil/IPAddress.h>
+
+#include<libmutil/MemObject.h>
+#include<libmcrypto/TlsSocket.h>
+
+
+/**
+ Various lists of ciphers. It includes the default list used,
+ as well as a strong cipher list (AES+HIGH+MEDIUM:!aNULL);
+ a testing list (with the null encryption ciphers).
+ set this with TLSSocket::setSSLCiphers( int idx ), where
+ idx = 1 is AES.HIGH.MEDIUM
+ idx = 2 is TESTING
+ all others DEFAULT
+ */
+#define SSL_CIPHERS_DEFAULT "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"
+#define SSL_CIPHERS_AES_HIGH_MEDIUM "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA"
+#define SSL_CIPHERS_TESTING "NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
+
+/**
+ List of ciphers ... openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'
+ This is, all ciphers (included the null encryption ones) except the
+ low security and export ones.
+ eNULL ciphers are listed for testing purposes. DON't use in production environment!
+ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:\
+ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:\
+DHE-DSS-RC4-SHA:\
+EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:\
+RC4-SHA:RC4-MD5:\
+ADH-DES-CBC3-SHA:\
+ADH-RC4-MD5:\
+DES-CBC3-MD5:\
+RC2-CBC-MD5:RC4-MD5:\
+NULL-SHA:NULL-MD5
+*/
+
+//Okay - another MSVC thing. Looks like I must explicitely instantiate
+//the MRef template like this to avoid linking errors --Erik.
+//� In Microsoft Embedded VC 4.0 this causes a warning ... remove
+#ifdef _MSC_VER
+#ifndef _WIN32_WCE
+template class __declspec(dllexport) MRef<certificate*>;
+template class __declspec(dllexport) MRef<ca_db*>;
+#endif
+#endif
+
+class LIBMNETUTIL_API OsslSocket : public TLSSocket {
+ public:
+ OsslSocket(std::string addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert = NULL,
+ MRef<ossl_ca_db *> cert_db=NULL );
+
+ OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert=NULL,
+ MRef<ossl_ca_db *> cert_db=NULL );
+
+ OsslSocket( MRef<StreamSocket *> sock, SSL_CTX * ssl_ctx );
+
+ virtual ~OsslSocket();
+
+ virtual std::string getMemObjectType() const {return "OsslSocket";};
+
+ virtual int32_t write(std::string);
+
+ virtual int32_t write(const void *buf, int32_t count);
+
+ virtual int32_t read(void *buf, int32_t count);
+ static int32_t setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx );
+
+ /* Must be initialized ... now at Minisip.cxx::tls_server_thread*/
+ static int8_t sslCipherListIndex;
+
+ friend std::ostream& operator<<(std::ostream&, TLSSocket&);
+
+ private:
+ void OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db );
+
+ MRef<StreamSocket *> sock;
+
+ SSL_CTX* ssl_ctx;
+
+ void* priv;
+
+ MRef<ossl_certificate *> peer_cert;
+
+ /** CA db */
+ MRef<ossl_ca_db *> cert_db;
+};
+
+TLSSocket& operator<<(TLSSocket& sock, std::string str);
+#endif
Modified: trunk/libmcrypto/source/Makefile.am
===================================================================
--- trunk/libmcrypto/source/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -36,7 +36,7 @@
init.cxx \
$(scsim_src) \
base64.cxx \
- TLSException.cxx \
+ TlsException.cxx \
uuid.cxx \
rijndael-alg-fst.cxx
Deleted: trunk/libmcrypto/source/TLSException.cxx
===================================================================
--- trunk/libmcrypto/source/TLSException.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/TLSException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,47 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/TLSException.h>
-
-using namespace std;
-
-TLSInitFailed::TLSInitFailed():NetworkException(){
-}
-
-TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
-}
-
-const char *TLSInitFailed::what() {
- msg = "TLS initialization failed.";
- return msg.c_str();
-};
-
-const char* TLSContextInitFailed::what() {
- msg = "TLS context initialization failed.";
- return msg.c_str();
-};
Copied: trunk/libmcrypto/source/TlsException.cxx (from rev 3100, trunk/libmcrypto/source/TLSException.cxx)
===================================================================
--- trunk/libmcrypto/source/TLSException.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/TlsException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,47 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/TlsException.h>
+
+using namespace std;
+
+TLSInitFailed::TLSInitFailed():NetworkException(){
+}
+
+TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
+}
+
+const char *TLSInitFailed::what() {
+ msg = "TLS initialization failed.";
+ return msg.c_str();
+};
+
+const char* TLSContextInitFailed::what() {
+ msg = "TLS context initialization failed.";
+ return msg.c_str();
+};
Modified: trunk/libmcrypto/source/gnutls/Makefile.am
===================================================================
--- trunk/libmcrypto/source/gnutls/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -12,8 +12,8 @@
rand.cxx \
sha1.cxx \
sha256.cxx \
- TLSServerSocket.cxx \
- TLSSocket.cxx \
+ TlsServerSocket.cxx \
+ TlsSocket.cxx \
ZrtpDH.cxx
Deleted: trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,148 +0,0 @@
-/*
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/gnutls/TLSServerSocket.h>
-#include<libmcrypto/gnutls/TLSSocket.h>
-#include<libmcrypto/TLSException.h>
-
-#include<sys/socket.h>
-
-using namespace std;
-
-TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
- :ServerSocket( domain, listen_port )
-{
-}
-
-TLSServerSocket::~TLSServerSocket()
-{
-}
-
-ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- MRef<gtls_certificate*> gtls_cert;
- MRef<gtls_ca_db*> gtls_db;
-
- if( cert )
- gtls_cert = (gtls_certificate*)*cert;
-
- if( cert_db )
- gtls_db = (gtls_ca_db*)*cert_db;
-
- return new GnutlsServerSocket( use_ipv6, listen_port,
- gtls_cert, gtls_db );
-}
-
-ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- return create( false, listen_port, cert, cert_db );
-}
-
-
-GnutlsServerSocket::GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
-{
- init(use_ipv6, listen_port, cert, cert_db);
-}
-
-GnutlsServerSocket::~GnutlsServerSocket(){
- if( m_xcred ){
- gnutls_certificate_free_credentials( m_xcred );
- m_xcred = NULL;
- }
-
- if( m_ca_list ){
- delete[] m_ca_list;
- m_ca_list = NULL;
- }
-}
-
-gnutls_session_t GnutlsServerSocket::initialize_tls_session(){
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_set_default_priority (session);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, m_xcred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
-// gnutls_dh_set_prime_bits (session, DH_BITS);
-
- return session;
-}
-
-void GnutlsServerSocket::init( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db)
-{
- cerr << "GnutlsServerSocket::init" << endl;
- m_cert = cert;
- m_cert_db = cert_db;
-
- int32_t backlog = 25;
-
- gnutls_certificate_allocate_credentials (&m_xcred);
-
- if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
- cerr << "ca db failed" << endl;
- throw TLSContextInitFailed();
- }
-
- gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
-
- // FIXME support chained certs.
- gnutls_x509_crt_t gcert = cert->get_certificate();
- gnutls_x509_privkey_t gkey = NULL;
-
- MRef<gtls_priv_key*> gtls_pk =
- dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
-
- if( gtls_pk ){
- gkey = gtls_pk->get_private_key();
- }
-
- gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
-
- if( use_ipv6 )
- listen("::", listen_port, backlog);
- else
- listen("0.0.0.0", listen_port, backlog);
-
- cerr << "GnutlsServerSocket::init ends" << endl;
-}
-
-MRef<StreamSocket *> GnutlsServerSocket::accept(){
- MRef<StreamSocket *> ssocket = ServerSocket::accept();
-
- gnutls_session_t session = initialize_tls_session();
-
- return new GnutlsSocket( ssocket, session );
-}
Deleted: trunk/libmcrypto/source/gnutls/TLSSocket.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,235 +0,0 @@
-/*
- * Copyright (C) 2004-2006 the Minisip Team
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- * */
-
-/* Copyright (C) 2006
- *
- * Authors: Erik Ehrlund <eehrlund at kth.se>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include <gnutls/gnutls.h>
-
-#include <libmnetutil/TCPSocket.h>
-
-#include <libmcrypto/gnutls/init.h>
-#include <libmcrypto/gnutls/TLSSocket.h>
-#include <libmcrypto/TLSException.h>
-
-using namespace std;
-
-/************************************************************************/
-void checkErr(int a)
-{
- if(a<0)
- {
- perror("An error has occured");
- throw TLSInitFailed();
- return;
- }
-}
-
-
-TLSSocket::TLSSocket()
-{
-}
-
-TLSSocket::~TLSSocket()
-{
-}
-
-TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db,
- string serverName )
-{
- MRef<gtls_ca_db*> gtls_db;
- MRef<gtls_certificate*> gtls_cert;
-
- if( cert_db )
- gtls_db = (gtls_ca_db*)*cert_db;
-
- if( cert )
- gtls_cert = (gtls_certificate*)*cert;
-
- return new GnutlsSocket( addr, port, gtls_db, gtls_cert );
-}
-
-
-/*********************************************************************************/
-/* constructor*/
-// When created by a TLS Server
-GnutlsSocket::GnutlsSocket( MRef<StreamSocket *> tcp_socket,
- gnutls_session_t session )
- : sock(tcp_socket)
-{
- type = SOCKET_TYPE_TLS;
- peerPort = tcp_socket->getPeerPort();
- peerAddress = tcp_socket->getPeerAddress()->clone();
- fd = tcp_socket->getFd();
- m_session = session;
-
- gnutls_transport_set_ptr (m_session, (gnutls_transport_ptr_t) fd);
-
- int ret = gnutls_handshake (m_session);
- if (ret < 0){
- gnutls_deinit (m_session);
- m_session = NULL;
- fprintf(stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- throw TLSInitFailed();
- }
- printf("- Handshake was completed\n");
-}
-
-#if 0
-GnutlsSocket::GnutlsSocket(string addr, int32_t port,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert)
-{
- GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
- cert_db, cert);
-}
-#endif
-
-GnutlsSocket::GnutlsSocket(IPAddress &addr, int32_t port,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert)
-{
- GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
- cert_db, cert);
-}
-
-/*********************************************************************************/
-GnutlsSocket::~GnutlsSocket()
-{
- gnutls_bye (m_session, GNUTLS_SHUT_WR);
- gnutls_deinit (m_session);
- if( m_xcred ){
- gnutls_certificate_free_credentials( m_xcred );
- m_xcred = NULL;
- }
-
- if( m_ca_list ){
- delete[] m_ca_list;
- m_ca_list = NULL;
- }
-
-// gnutls_global_deinit ();
-}
-
-const int g_cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-
-/*********************************************************************************/
-void GnutlsSocket::GnutlsSocket_init( MRef<StreamSocket*> ssock,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert )
-{
- int err=0;
-
- /* init gnutls */
- libmcryptoGnutlsInit();
-
- /* X509 stuff */
- err = gnutls_certificate_allocate_credentials (&m_xcred);
- checkErr(err);
-
- if( cert_db ){
- if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
- cerr << "ca db failed" << endl;
- throw TLSContextInitFailed();
- }
-
- err = gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
- checkErr(err);
- }
-
- if( cert ){
- // FIXME support chained certs.
- gnutls_x509_crt_t gcert = cert->get_certificate();
- gnutls_x509_privkey_t gkey = NULL;
-
- MRef<gtls_priv_key*> gtls_pk =
- dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
-
- if( gtls_pk ){
- gkey = gtls_pk->get_private_key();
- }
-
- err = gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
- checkErr(err);
- }
-
- // Initialize session in priv
- err = gnutls_init (&m_session, GNUTLS_CLIENT);
- checkErr(err);
-
- /* Use default priorities */
- err = gnutls_set_default_priority (m_session);
- checkErr(err);
-
- err = gnutls_certificate_type_set_priority (m_session, g_cert_type_priority);
- checkErr(err);
-
-
- /* put the x509 credentials to the current session
- */
- err = gnutls_credentials_set (m_session, GNUTLS_CRD_CERTIFICATE, m_xcred);
- checkErr(err);
-
- gnutls_transport_set_ptr (m_session,
- (gnutls_transport_ptr_t) ssock->getFd());
-
- err = gnutls_handshake (m_session);
- if (err<0)
- {
- perror("****** HANDSHAKE FAILED ********");
- gnutls_perror(err);
- throw Exception("handshake failed");
- }
-
- sock = ssock;
- fd = ssock->getFd();
- peerPort = ssock->getPeerPort();
- peerAddress = ssock->getPeerAddress();
- type = SOCKET_TYPE_TLS;
-
- return;
-}
-
-/********************************************************************************/
-
-int32_t GnutlsSocket::write(const void *msg, int length)
-{
- int a ;
- a = gnutls_record_send (m_session, msg , length);
- return a;
-}
-/*********************************************************************************/
-int32_t GnutlsSocket::write(string msg)
-{
- return GnutlsSocket::write(msg.c_str(), msg.size());
-}
-
-/*********************************************************************************/
-int32_t GnutlsSocket::read (void *buf, int maxlength)
-{
- int recv;
- recv = gnutls_record_recv (m_session, buf, maxlength);
- return recv;
-}
Copied: trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx (from rev 3100, trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,148 @@
+/*
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/gnutls/TlsServerSocket.h>
+#include<libmcrypto/gnutls/TlsSocket.h>
+#include<libmcrypto/TlsException.h>
+
+#include<sys/socket.h>
+
+using namespace std;
+
+TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
+ :ServerSocket( domain, listen_port )
+{
+}
+
+TLSServerSocket::~TLSServerSocket()
+{
+}
+
+ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ MRef<gtls_certificate*> gtls_cert;
+ MRef<gtls_ca_db*> gtls_db;
+
+ if( cert )
+ gtls_cert = (gtls_certificate*)*cert;
+
+ if( cert_db )
+ gtls_db = (gtls_ca_db*)*cert_db;
+
+ return new GnutlsServerSocket( use_ipv6, listen_port,
+ gtls_cert, gtls_db );
+}
+
+ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ return create( false, listen_port, cert, cert_db );
+}
+
+
+GnutlsServerSocket::GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
+{
+ init(use_ipv6, listen_port, cert, cert_db);
+}
+
+GnutlsServerSocket::~GnutlsServerSocket(){
+ if( m_xcred ){
+ gnutls_certificate_free_credentials( m_xcred );
+ m_xcred = NULL;
+ }
+
+ if( m_ca_list ){
+ delete[] m_ca_list;
+ m_ca_list = NULL;
+ }
+}
+
+gnutls_session_t GnutlsServerSocket::initialize_tls_session(){
+ gnutls_session_t session;
+
+ gnutls_init (&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_set_default_priority (session);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, m_xcred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+
+// gnutls_dh_set_prime_bits (session, DH_BITS);
+
+ return session;
+}
+
+void GnutlsServerSocket::init( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db)
+{
+ cerr << "GnutlsServerSocket::init" << endl;
+ m_cert = cert;
+ m_cert_db = cert_db;
+
+ int32_t backlog = 25;
+
+ gnutls_certificate_allocate_credentials (&m_xcred);
+
+ if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
+ cerr << "ca db failed" << endl;
+ throw TLSContextInitFailed();
+ }
+
+ gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
+
+ // FIXME support chained certs.
+ gnutls_x509_crt_t gcert = cert->get_certificate();
+ gnutls_x509_privkey_t gkey = NULL;
+
+ MRef<gtls_priv_key*> gtls_pk =
+ dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
+
+ if( gtls_pk ){
+ gkey = gtls_pk->get_private_key();
+ }
+
+ gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
+
+ if( use_ipv6 )
+ listen("::", listen_port, backlog);
+ else
+ listen("0.0.0.0", listen_port, backlog);
+
+ cerr << "GnutlsServerSocket::init ends" << endl;
+}
+
+MRef<StreamSocket *> GnutlsServerSocket::accept(){
+ MRef<StreamSocket *> ssocket = ServerSocket::accept();
+
+ gnutls_session_t session = initialize_tls_session();
+
+ return new GnutlsSocket( ssocket, session );
+}
Copied: trunk/libmcrypto/source/gnutls/TlsSocket.cxx (from rev 3100, trunk/libmcrypto/source/gnutls/TLSSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/gnutls/TlsSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,235 @@
+/*
+ * Copyright (C) 2004-2006 the Minisip Team
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * */
+
+/* Copyright (C) 2006
+ *
+ * Authors: Erik Ehrlund <eehrlund at kth.se>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include <gnutls/gnutls.h>
+
+#include <libmnetutil/TCPSocket.h>
+
+#include <libmcrypto/gnutls/init.h>
+#include <libmcrypto/gnutls/TlsSocket.h>
+#include <libmcrypto/TlsException.h>
+
+using namespace std;
+
+/************************************************************************/
+void checkErr(int a)
+{
+ if(a<0)
+ {
+ perror("An error has occured");
+ throw TLSInitFailed();
+ return;
+ }
+}
+
+
+TLSSocket::TLSSocket()
+{
+}
+
+TLSSocket::~TLSSocket()
+{
+}
+
+TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
+ MRef<certificate *> cert,
+ MRef<ca_db *> cert_db,
+ string serverName )
+{
+ MRef<gtls_ca_db*> gtls_db;
+ MRef<gtls_certificate*> gtls_cert;
+
+ if( cert_db )
+ gtls_db = (gtls_ca_db*)*cert_db;
+
+ if( cert )
+ gtls_cert = (gtls_certificate*)*cert;
+
+ return new GnutlsSocket( addr, port, gtls_db, gtls_cert );
+}
+
+
+/*********************************************************************************/
+/* constructor*/
+// When created by a TLS Server
+GnutlsSocket::GnutlsSocket( MRef<StreamSocket *> tcp_socket,
+ gnutls_session_t session )
+ : sock(tcp_socket)
+{
+ type = SOCKET_TYPE_TLS;
+ peerPort = tcp_socket->getPeerPort();
+ peerAddress = tcp_socket->getPeerAddress()->clone();
+ fd = tcp_socket->getFd();
+ m_session = session;
+
+ gnutls_transport_set_ptr (m_session, (gnutls_transport_ptr_t) fd);
+
+ int ret = gnutls_handshake (m_session);
+ if (ret < 0){
+ gnutls_deinit (m_session);
+ m_session = NULL;
+ fprintf(stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ throw TLSInitFailed();
+ }
+ printf("- Handshake was completed\n");
+}
+
+#if 0
+GnutlsSocket::GnutlsSocket(string addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert)
+{
+ GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
+ cert_db, cert);
+}
+#endif
+
+GnutlsSocket::GnutlsSocket(IPAddress &addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert)
+{
+ GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
+ cert_db, cert);
+}
+
+/*********************************************************************************/
+GnutlsSocket::~GnutlsSocket()
+{
+ gnutls_bye (m_session, GNUTLS_SHUT_WR);
+ gnutls_deinit (m_session);
+ if( m_xcred ){
+ gnutls_certificate_free_credentials( m_xcred );
+ m_xcred = NULL;
+ }
+
+ if( m_ca_list ){
+ delete[] m_ca_list;
+ m_ca_list = NULL;
+ }
+
+// gnutls_global_deinit ();
+}
+
+const int g_cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+
+/*********************************************************************************/
+void GnutlsSocket::GnutlsSocket_init( MRef<StreamSocket*> ssock,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert )
+{
+ int err=0;
+
+ /* init gnutls */
+ libmcryptoGnutlsInit();
+
+ /* X509 stuff */
+ err = gnutls_certificate_allocate_credentials (&m_xcred);
+ checkErr(err);
+
+ if( cert_db ){
+ if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
+ cerr << "ca db failed" << endl;
+ throw TLSContextInitFailed();
+ }
+
+ err = gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
+ checkErr(err);
+ }
+
+ if( cert ){
+ // FIXME support chained certs.
+ gnutls_x509_crt_t gcert = cert->get_certificate();
+ gnutls_x509_privkey_t gkey = NULL;
+
+ MRef<gtls_priv_key*> gtls_pk =
+ dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
+
+ if( gtls_pk ){
+ gkey = gtls_pk->get_private_key();
+ }
+
+ err = gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
+ checkErr(err);
+ }
+
+ // Initialize session in priv
+ err = gnutls_init (&m_session, GNUTLS_CLIENT);
+ checkErr(err);
+
+ /* Use default priorities */
+ err = gnutls_set_default_priority (m_session);
+ checkErr(err);
+
+ err = gnutls_certificate_type_set_priority (m_session, g_cert_type_priority);
+ checkErr(err);
+
+
+ /* put the x509 credentials to the current session
+ */
+ err = gnutls_credentials_set (m_session, GNUTLS_CRD_CERTIFICATE, m_xcred);
+ checkErr(err);
+
+ gnutls_transport_set_ptr (m_session,
+ (gnutls_transport_ptr_t) ssock->getFd());
+
+ err = gnutls_handshake (m_session);
+ if (err<0)
+ {
+ perror("****** HANDSHAKE FAILED ********");
+ gnutls_perror(err);
+ throw Exception("handshake failed");
+ }
+
+ sock = ssock;
+ fd = ssock->getFd();
+ peerPort = ssock->getPeerPort();
+ peerAddress = ssock->getPeerAddress();
+ type = SOCKET_TYPE_TLS;
+
+ return;
+}
+
+/********************************************************************************/
+
+int32_t GnutlsSocket::write(const void *msg, int length)
+{
+ int a ;
+ a = gnutls_record_send (m_session, msg , length);
+ return a;
+}
+/*********************************************************************************/
+int32_t GnutlsSocket::write(string msg)
+{
+ return GnutlsSocket::write(msg.c_str(), msg.size());
+}
+
+/*********************************************************************************/
+int32_t GnutlsSocket::read (void *buf, int maxlength)
+{
+ int recv;
+ recv = gnutls_record_recv (m_session, buf, maxlength);
+ return recv;
+}
Modified: trunk/libmcrypto/source/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/source/openssl/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -17,9 +17,9 @@
hmac.cxx \
rand.cxx \
sha1.cxx \
- TLSException.cxx \
- TLSServerSocket.cxx \
- TLSSocket.cxx \
+ TlsException.cxx \
+ TlsServerSocket.cxx \
+ TlsSocket.cxx \
$(OTHER_FILES)
libmcopenssl_la_LIBADD = $(OPENSSL_LIBS)
Deleted: trunk/libmcrypto/source/openssl/TLSException.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,61 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSException.h>
-
-using namespace std;
-
-
-TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
-
-const char *TLSConnectFailed::what(){
-
- switch( SSL_get_error( ssl, errorNumber ) ){
- case SSL_ERROR_NONE:
- msg = "SSL Error: No error"; break;
- case SSL_ERROR_ZERO_RETURN:
- msg = "SSL Error: Connection was closed"; break;
- case SSL_ERROR_WANT_READ:
- msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
- case SSL_ERROR_WANT_WRITE:
- msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
- case SSL_ERROR_WANT_CONNECT:
- msg = "SSL Error: The underlying TCP connection is not connected" ; break;
-#ifdef SSL_ERROR_WANT_ACCEPT
- case SSL_ERROR_WANT_ACCEPT:
- msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
-#endif
- case SSL_ERROR_WANT_X509_LOOKUP:
- msg = "SSL Error: Error in the X509 lookup" ; break;
- case SSL_ERROR_SYSCALL:
- msg = "SSL Error: I/O error" ; break;
- case SSL_ERROR_SSL:
- msg = "SSL Error: Error in the SSL protocol" ; break;
- }
- return msg.c_str();
-}
Deleted: trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,178 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSServerSocket.h>
-#include<libmcrypto/openssl/TLSSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#ifdef WIN32
-# include<winsock2.h>
-#else
-#include<sys/socket.h>
-#endif
-
-#ifndef _WIN32_WCE
-# include<openssl/err.h>
-#endif
-
-
-#include<libmutil/merror.h>
-#include<libmutil/massert.h>
-
-#ifdef DEBUG_OUTPUT
-#include<iostream>
-#endif
-
-using namespace std;
-
-#ifdef WIN32
-typedef int socklen_t;
-#endif
-
-
-TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
- :ServerSocket( domain, listen_port )
-{
-}
-
-TLSServerSocket::~TLSServerSocket()
-{
-}
-
-ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- return new OsslServerSocket( listen_port, ssl_cert, ssl_db );
-}
-
-ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
-
- return create( false, listen_port, cert, cert_db );
-}
-
-
-
-OsslServerSocket::OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db):TLSServerSocket(AF_INET, listen_port)
-{
- init(false, listen_port, cert, cert_db);
-}
-
-OsslServerSocket::OsslServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
-{
- init(use_ipv6, listen_port, cert, cert_db);
-}
-
-void OsslServerSocket::init( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db)
-{
- int32_t backlog = 25;
- SSL_METHOD * meth;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
-
- if( use_ipv6 )
- listen("::", listen_port, backlog);
- else
- listen("0.0.0.0", listen_port, backlog);
-
- SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
- meth = SSLv23_server_method();
- this->ssl_ctx = SSL_CTX_new( meth );
- this->cert_db = cert_db;
-
- if( ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not initialize SSL context" << endl;
-#endif
-
- exit( 1 );
- }
-
- if( OsslSocket::sslCipherListIndex != 0 )
- OsslSocket::setSSLCTXCiphers ( this->ssl_ctx, OsslSocket::sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
-
- SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- //SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_NONE, 0);
- SSL_CTX_set_verify_depth( ssl_ctx, 5);
-
- //SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx, this->cert_db->get_db());
- }
-
- MRef<priv_key *> priv_key = cert->get_pk();
- MRef<ossl_priv_key *> ossl_pk =
- dynamic_cast<ossl_priv_key*>(*priv_key);
- if( SSL_CTX_use_PrivateKey( ssl_ctx, ossl_pk->get_openssl_private_key() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given private key" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
-
- if( SSL_CTX_use_certificate( ssl_ctx, cert->get_openssl_certificate() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given certificate" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
- if( !SSL_CTX_check_private_key( ssl_ctx ) ){
-#ifdef DEBUG_OUTPUT
- cerr << "Given private key does not match the certificate"<<endl;
-#endif
-
- exit( 1 );
- }
-}
-
-MRef<StreamSocket *> OsslServerSocket::accept(){
- MRef<StreamSocket *> ssocket = ServerSocket::accept();
-
- return new OsslSocket( ssocket, ssl_ctx );
-}
-
Deleted: trunk/libmcrypto/source/openssl/TLSSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,306 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#ifdef WIN32
-#include<winsock2.h>
-#elif defined HAVE_SYS_SOCKET_H
-#include<sys/types.h>
-#include<sys/socket.h>
-#endif
-
-#include<libmnetutil/IPAddress.h>
-#include<libmnetutil/TCPSocket.h>
-
-#include<iostream>
-
-#include<libmcrypto/TLSException.h>
-#include<libmcrypto/openssl/TLSException.h>
-#include<libmutil/MemObject.h>
-
-using namespace std;
-
-TLSSocket::TLSSocket()
-{
-}
-
-TLSSocket::~TLSSocket()
-{
-}
-
-TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db,
- string serverName )
-{
- void *ssl_ctx = NULL;
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- return new OsslSocket( addr, port, ssl_ctx, ssl_cert, ssl_db );
-}
-
-
-int8_t OsslSocket::sslCipherListIndex = 0; /* Set default value ... DEFAULT ciphers */
-
-
-#define ssl ((SSL*)priv)
-
-
-
-// When created by a TLS Server
-OsslSocket::OsslSocket( MRef<StreamSocket *> tcp_socket, SSL_CTX * ssl_ctx ):
- sock(tcp_socket){
- type = SOCKET_TYPE_TLS;
- peerPort = tcp_socket->getPeerPort();
- peerAddress = tcp_socket->getPeerAddress()->clone();
-
- int error;
- // Copy the SSL parameters, since the server still needs them
- // Initialize ssl in priv
- priv = SSL_new( ssl_ctx );
- this->ssl_ctx = SSL_get_SSL_CTX( ssl );
-
- SSL_set_fd( ssl, tcp_socket->getFd() );
- fd = tcp_socket->getFd();
-
- error = SSL_accept( ssl );
- if( error <= 0 ){
- cerr << "Could not establish an incoming TLS connection" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( error, ssl );
- }
-}
-
-
-OsslSocket::OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-OsslSocket::OsslSocket( string addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-/* Helper function ... simplify the maintenance of constructors ... */
-void OsslSocket::OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- type = SOCKET_TYPE_TLS;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
- SSLeay_add_ssl_algorithms();
- SSL_METHOD *meth = SSLv23_client_method();
- this->ssl_ctx = (SSL_CTX *)ssl_ctx;
- this->cert_db = cert_db;
- peerPort = ssock->getPeerPort();
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- if( this->ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Creating new SSL_CTX" << endl;
-#endif
- this->ssl_ctx = SSL_CTX_new( meth );
-
- if( this->ssl_ctx == NULL ){
- cerr << "Could not create SSL session" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSInitFailed();
- }
-
- if( sslCipherListIndex != 0 )
- setSSLCTXCiphers ( this->ssl_ctx, sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- long options = SSL_OP_NO_SSLv2 | SSL_OP_ALL;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00908000
- // Disable SSL_OP_TLS_BLOCK_PADDING_BUG in 0.9.8, buggy
- options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
-#endif
- SSL_CTX_set_options(this->ssl_ctx, options);
-
- SSL_CTX_set_verify( this->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- SSL_CTX_set_verify_depth( this->ssl_ctx, 5);
-
- if( !cert.isNull() ){
- /* Add a client certificate */
- MRef<priv_key*> pk = ssl_cert->get_pk();
- MRef<ossl_priv_key*> ssl_pk =
- dynamic_cast<ossl_priv_key*>(*pk);
-
- if( !ssl_pk || SSL_CTX_use_PrivateKey( this->ssl_ctx,
- ssl_pk->get_openssl_private_key() ) <= 0 ){
- cerr << "SSL: Could not use private key" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- if( SSL_CTX_use_certificate( this->ssl_ctx,
- ssl_cert->get_openssl_certificate() ) <= 0 ){
- cerr << "SSL: Could not use certificate" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- }
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx,
- ssl_db->get_db());
- }
-
- //SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( this->ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- ssl_ctx = this->ssl_ctx;
- }
-
- sock = ssock;
- peerAddress = sock->getPeerAddress()->clone();
-
- // Initialize ssl in priv
- priv = SSL_new( this->ssl_ctx );
-
- //FIXME ... this client side cache works?? only if only one host to connect to
- if( this->ssl_ctx->session_cache_head != NULL )
- SSL_set_session( ssl, this->ssl_ctx->session_cache_head );
-
- //SSL_set_verify( this->ssl, SSL_VERIFY_PEER, NULL );
-
- SSL_set_fd( ssl, sock->getFd() );
- // FIXME
- fd = sock->getFd();
-
- int32_t err = SSL_connect( ssl );
-
- if( err <= 0 ){
- cerr << "SSL: connect failed" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( err, ssl );
- }
-
- try{
- peer_cert = new ossl_certificate( SSL_get_peer_certificate (ssl) );
- }
- catch( certificate_exception &){
- //FIXME
- cerr << "Could not get server certificate" << endl;
- peer_cert = NULL;
- }
-
-}
-
-
-OsslSocket::~OsslSocket(){
-#ifdef DEBUG_OUTPUT
- cerr << "TLS: Shutting down TLS Socket" << endl;
-#endif
- SSL_shutdown( ssl );
- SSL_free( ssl );
- //SSL_CTX_free( ssl_ctx );
- //delete tcp_socket;
- //delete peerAddress;
-}
-
-int32_t OsslSocket::write( string data ){
- return SSL_write( ssl, data.c_str(), (int)data.length() );
-}
-
-int32_t OsslSocket::write( const void *buf, int32_t count ){
- return SSL_write( ssl, buf, count );
-}
-
-OsslSocket& operator<<(OsslSocket& sock, string str){
- sock.write(str);
- return sock;
-}
-
-int32_t OsslSocket::read( void *buf, int32_t count ){
- //if( SSL_pending( ssl ) == 0 )
- // return -1;
- int ret;
- ret = SSL_read( ssl, buf, count );
- if( ret == 0 )
-// if( SSL_get_error( ssl, ret ) == SSL_ERROR_ZERO_RETURN )
- // Connection closed
- return 0;
-
-// else
-// return -1;
- else
- return ret;
-}
-
-int32_t OsslSocket::setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx ) {
- char *ciphers;
-
-#ifdef DEBUG_OUTPUT
- cerr << "Modifying SSL_CTX ciphers list" << endl;
-#endif
-
- switch( listIdx ) {
- case 1:
- ciphers = SSL_CIPHERS_AES_HIGH_MEDIUM;
- break;
- case 2:
- ciphers = SSL_CIPHERS_TESTING;
- break;
- default:
- ciphers = SSL_CIPHERS_DEFAULT;
- break;
- }
- if( SSL_CTX_set_cipher_list(_ctx, ciphers) == 0 ) {
-#ifdef DEBUG_OUTPUT
- cerr << "ERROR: OsslSocket::setSSLCiphers: failed to set cipher list" << endl;
-#endif
- return 0;
- } else return 1;
-}
-
Copied: trunk/libmcrypto/source/openssl/TlsException.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSException.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,61 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsException.h>
+
+using namespace std;
+
+
+TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
+
+const char *TLSConnectFailed::what(){
+
+ switch( SSL_get_error( ssl, errorNumber ) ){
+ case SSL_ERROR_NONE:
+ msg = "SSL Error: No error"; break;
+ case SSL_ERROR_ZERO_RETURN:
+ msg = "SSL Error: Connection was closed"; break;
+ case SSL_ERROR_WANT_READ:
+ msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
+ case SSL_ERROR_WANT_WRITE:
+ msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
+ case SSL_ERROR_WANT_CONNECT:
+ msg = "SSL Error: The underlying TCP connection is not connected" ; break;
+#ifdef SSL_ERROR_WANT_ACCEPT
+ case SSL_ERROR_WANT_ACCEPT:
+ msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
+#endif
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ msg = "SSL Error: Error in the X509 lookup" ; break;
+ case SSL_ERROR_SYSCALL:
+ msg = "SSL Error: I/O error" ; break;
+ case SSL_ERROR_SSL:
+ msg = "SSL Error: Error in the SSL protocol" ; break;
+ }
+ return msg.c_str();
+}
Copied: trunk/libmcrypto/source/openssl/TlsServerSocket.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSServerSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,178 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsServerSocket.h>
+#include<libmcrypto/openssl/TlsSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#ifdef WIN32
+# include<winsock2.h>
+#else
+#include<sys/socket.h>
+#endif
+
+#ifndef _WIN32_WCE
+# include<openssl/err.h>
+#endif
+
+
+#include<libmutil/merror.h>
+#include<libmutil/massert.h>
+
+#ifdef DEBUG_OUTPUT
+#include<iostream>
+#endif
+
+using namespace std;
+
+#ifdef WIN32
+typedef int socklen_t;
+#endif
+
+
+TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
+ :ServerSocket( domain, listen_port )
+{
+}
+
+TLSServerSocket::~TLSServerSocket()
+{
+}
+
+ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ return new OsslServerSocket( listen_port, ssl_cert, ssl_db );
+}
+
+ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+
+ return create( false, listen_port, cert, cert_db );
+}
+
+
+
+OsslServerSocket::OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db):TLSServerSocket(AF_INET, listen_port)
+{
+ init(false, listen_port, cert, cert_db);
+}
+
+OsslServerSocket::OsslServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
+{
+ init(use_ipv6, listen_port, cert, cert_db);
+}
+
+void OsslServerSocket::init( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db)
+{
+ int32_t backlog = 25;
+ SSL_METHOD * meth;
+ const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
+
+ if( use_ipv6 )
+ listen("::", listen_port, backlog);
+ else
+ listen("0.0.0.0", listen_port, backlog);
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+ meth = SSLv23_server_method();
+ this->ssl_ctx = SSL_CTX_new( meth );
+ this->cert_db = cert_db;
+
+ if( ssl_ctx == NULL ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not initialize SSL context" << endl;
+#endif
+
+ exit( 1 );
+ }
+
+ if( OsslSocket::sslCipherListIndex != 0 )
+ OsslSocket::setSSLCTXCiphers ( this->ssl_ctx, OsslSocket::sslCipherListIndex );
+ /* Set options: do not accept SSLv2*/
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
+
+ SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
+ //SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_NONE, 0);
+ SSL_CTX_set_verify_depth( ssl_ctx, 5);
+
+ //SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_BOTH );
+ SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_SERVER );
+ SSL_CTX_set_session_id_context( ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
+
+ if( !cert_db.isNull() ){
+ /* Use this database for the certificates check */
+ SSL_CTX_set_cert_store( this->ssl_ctx, this->cert_db->get_db());
+ }
+
+ MRef<priv_key *> priv_key = cert->get_pk();
+ MRef<ossl_priv_key *> ossl_pk =
+ dynamic_cast<ossl_priv_key*>(*priv_key);
+ if( SSL_CTX_use_PrivateKey( ssl_ctx, ossl_pk->get_openssl_private_key() ) <= 0 ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not use the given private key" << endl;
+#endif
+
+ ERR_print_errors_fp(stderr);
+ exit( 1 );
+ }
+
+
+ if( SSL_CTX_use_certificate( ssl_ctx, cert->get_openssl_certificate() ) <= 0 ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not use the given certificate" << endl;
+#endif
+
+ ERR_print_errors_fp(stderr);
+ exit( 1 );
+ }
+
+ if( !SSL_CTX_check_private_key( ssl_ctx ) ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Given private key does not match the certificate"<<endl;
+#endif
+
+ exit( 1 );
+ }
+}
+
+MRef<StreamSocket *> OsslServerSocket::accept(){
+ MRef<StreamSocket *> ssocket = ServerSocket::accept();
+
+ return new OsslSocket( ssocket, ssl_ctx );
+}
+
Copied: trunk/libmcrypto/source/openssl/TlsSocket.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,306 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#ifdef WIN32
+#include<winsock2.h>
+#elif defined HAVE_SYS_SOCKET_H
+#include<sys/types.h>
+#include<sys/socket.h>
+#endif
+
+#include<libmnetutil/IPAddress.h>
+#include<libmnetutil/TCPSocket.h>
+
+#include<iostream>
+
+#include<libmcrypto/TlsException.h>
+#include<libmcrypto/openssl/TlsException.h>
+#include<libmutil/MemObject.h>
+
+using namespace std;
+
+TLSSocket::TLSSocket()
+{
+}
+
+TLSSocket::~TLSSocket()
+{
+}
+
+TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
+ MRef<certificate *> cert,
+ MRef<ca_db *> cert_db,
+ string serverName )
+{
+ void *ssl_ctx = NULL;
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ return new OsslSocket( addr, port, ssl_ctx, ssl_cert, ssl_db );
+}
+
+
+int8_t OsslSocket::sslCipherListIndex = 0; /* Set default value ... DEFAULT ciphers */
+
+
+#define ssl ((SSL*)priv)
+
+
+
+// When created by a TLS Server
+OsslSocket::OsslSocket( MRef<StreamSocket *> tcp_socket, SSL_CTX * ssl_ctx ):
+ sock(tcp_socket){
+ type = SOCKET_TYPE_TLS;
+ peerPort = tcp_socket->getPeerPort();
+ peerAddress = tcp_socket->getPeerAddress()->clone();
+
+ int error;
+ // Copy the SSL parameters, since the server still needs them
+ // Initialize ssl in priv
+ priv = SSL_new( ssl_ctx );
+ this->ssl_ctx = SSL_get_SSL_CTX( ssl );
+
+ SSL_set_fd( ssl, tcp_socket->getFd() );
+ fd = tcp_socket->getFd();
+
+ error = SSL_accept( ssl );
+ if( error <= 0 ){
+ cerr << "Could not establish an incoming TLS connection" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSConnectFailed( error, ssl );
+ }
+}
+
+
+OsslSocket::OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
+ OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
+}
+
+OsslSocket::OsslSocket( string addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
+ OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
+}
+
+/* Helper function ... simplify the maintenance of constructors ... */
+void OsslSocket::OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ type = SOCKET_TYPE_TLS;
+ const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
+ SSLeay_add_ssl_algorithms();
+ SSL_METHOD *meth = SSLv23_client_method();
+ this->ssl_ctx = (SSL_CTX *)ssl_ctx;
+ this->cert_db = cert_db;
+ peerPort = ssock->getPeerPort();
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ if( this->ssl_ctx == NULL ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Creating new SSL_CTX" << endl;
+#endif
+ this->ssl_ctx = SSL_CTX_new( meth );
+
+ if( this->ssl_ctx == NULL ){
+ cerr << "Could not create SSL session" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSInitFailed();
+ }
+
+ if( sslCipherListIndex != 0 )
+ setSSLCTXCiphers ( this->ssl_ctx, sslCipherListIndex );
+ /* Set options: do not accept SSLv2*/
+ long options = SSL_OP_NO_SSLv2 | SSL_OP_ALL;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00908000
+ // Disable SSL_OP_TLS_BLOCK_PADDING_BUG in 0.9.8, buggy
+ options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
+#endif
+ SSL_CTX_set_options(this->ssl_ctx, options);
+
+ SSL_CTX_set_verify( this->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
+ SSL_CTX_set_verify_depth( this->ssl_ctx, 5);
+
+ if( !cert.isNull() ){
+ /* Add a client certificate */
+ MRef<priv_key*> pk = ssl_cert->get_pk();
+ MRef<ossl_priv_key*> ssl_pk =
+ dynamic_cast<ossl_priv_key*>(*pk);
+
+ if( !ssl_pk || SSL_CTX_use_PrivateKey( this->ssl_ctx,
+ ssl_pk->get_openssl_private_key() ) <= 0 ){
+ cerr << "SSL: Could not use private key" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSContextInitFailed();
+ }
+ if( SSL_CTX_use_certificate( this->ssl_ctx,
+ ssl_cert->get_openssl_certificate() ) <= 0 ){
+ cerr << "SSL: Could not use certificate" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSContextInitFailed();
+ }
+ }
+
+ if( !cert_db.isNull() ){
+ /* Use this database for the certificates check */
+ SSL_CTX_set_cert_store( this->ssl_ctx,
+ ssl_db->get_db());
+ }
+
+ //SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_BOTH );
+ SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_SERVER );
+ SSL_CTX_set_session_id_context( this->ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
+
+ ssl_ctx = this->ssl_ctx;
+ }
+
+ sock = ssock;
+ peerAddress = sock->getPeerAddress()->clone();
+
+ // Initialize ssl in priv
+ priv = SSL_new( this->ssl_ctx );
+
+ //FIXME ... this client side cache works?? only if only one host to connect to
+ if( this->ssl_ctx->session_cache_head != NULL )
+ SSL_set_session( ssl, this->ssl_ctx->session_cache_head );
+
+ //SSL_set_verify( this->ssl, SSL_VERIFY_PEER, NULL );
+
+ SSL_set_fd( ssl, sock->getFd() );
+ // FIXME
+ fd = sock->getFd();
+
+ int32_t err = SSL_connect( ssl );
+
+ if( err <= 0 ){
+ cerr << "SSL: connect failed" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSConnectFailed( err, ssl );
+ }
+
+ try{
+ peer_cert = new ossl_certificate( SSL_get_peer_certificate (ssl) );
+ }
+ catch( certificate_exception &){
+ //FIXME
+ cerr << "Could not get server certificate" << endl;
+ peer_cert = NULL;
+ }
+
+}
+
+
+OsslSocket::~OsslSocket(){
+#ifdef DEBUG_OUTPUT
+ cerr << "TLS: Shutting down TLS Socket" << endl;
+#endif
+ SSL_shutdown( ssl );
+ SSL_free( ssl );
+ //SSL_CTX_free( ssl_ctx );
+ //delete tcp_socket;
+ //delete peerAddress;
+}
+
+int32_t OsslSocket::write( string data ){
+ return SSL_write( ssl, data.c_str(), (int)data.length() );
+}
+
+int32_t OsslSocket::write( const void *buf, int32_t count ){
+ return SSL_write( ssl, buf, count );
+}
+
+OsslSocket& operator<<(OsslSocket& sock, string str){
+ sock.write(str);
+ return sock;
+}
+
+int32_t OsslSocket::read( void *buf, int32_t count ){
+ //if( SSL_pending( ssl ) == 0 )
+ // return -1;
+ int ret;
+ ret = SSL_read( ssl, buf, count );
+ if( ret == 0 )
+// if( SSL_get_error( ssl, ret ) == SSL_ERROR_ZERO_RETURN )
+ // Connection closed
+ return 0;
+
+// else
+// return -1;
+ else
+ return ret;
+}
+
+int32_t OsslSocket::setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx ) {
+ char *ciphers;
+
+#ifdef DEBUG_OUTPUT
+ cerr << "Modifying SSL_CTX ciphers list" << endl;
+#endif
+
+ switch( listIdx ) {
+ case 1:
+ ciphers = SSL_CIPHERS_AES_HIGH_MEDIUM;
+ break;
+ case 2:
+ ciphers = SSL_CIPHERS_TESTING;
+ break;
+ default:
+ ciphers = SSL_CIPHERS_DEFAULT;
+ break;
+ }
+ if( SSL_CTX_set_cipher_list(_ctx, ciphers) == 0 ) {
+#ifdef DEBUG_OUTPUT
+ cerr << "ERROR: OsslSocket::setSSLCiphers: failed to set cipher list" << endl;
+#endif
+ return 0;
+ } else return 1;
+}
+
Modified: trunk/libmikey/Makefile.am
===================================================================
--- trunk/libmikey/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -50,13 +50,13 @@
mikey/MikeyPayloadT.cxx \
mikey/MikeyPayloadV.cxx
-ka_src = keyagreement/keyagreement.cxx \
- keyagreement/keyagreement_dh.cxx \
- keyagreement/keyagreement_psk.cxx \
+ka_src = keyagreement/KeyAgreement.cxx \
+ keyagreement/KeyAgreementDH.cxx \
+ keyagreement/KeyAgreementPSK.cxx \
keyagreement/KeyAgreementPKE.cxx \
keyagreement/KeyAgreementDHHMAC.cxx \
keyagreement/KeyAgreementRSAR.cxx \
- keyagreement/keyvalidity.cxx
+ keyagreement/KeyValidity.cxx
# maintainer rules
ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
Modified: trunk/libmikey/include/Makefile.am
===================================================================
--- trunk/libmikey/include/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,10 +1,10 @@
pkginclude_HEADERS = libmikey/exception.h \
- libmikey/keyagreement.h \
+ libmikey/KeyAgreement.h \
libmikey/KeyAgreementPKE.h \
libmikey/KeyAgreementDHHMAC.h \
- libmikey/keyagreement_dh.h \
- libmikey/keyagreement_psk.h \
- libmikey/keyvalidity.h \
+ libmikey/KeyAgreementDH.h \
+ libmikey/KeyAgreementPSK.h \
+ libmikey/KeyValidity.h \
libmikey/MikeyDefs.h \
libmikey/MikeyException.h \
libmikey/MikeyMessage.h \
Copied: trunk/libmikey/include/libmikey/KeyAgreement.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreement.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,215 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Joachim Orrblad <joachim at orrblad.com>
+*/
+
+
+#ifndef KEYAGREEMENT_H
+#define KEYAGREEMENT_H
+
+#include<libmikey/libmikey_config.h>
+#include<libmikey/MikeyDefs.h>
+
+#include<assert.h>
+
+#include<libmutil/MemObject.h>
+#include<libmikey/KeyValidity.h>
+#include<libmikey/MikeyCsIdMap.h>
+
+#include<iostream>
+// different type of key derivation defined in MIKEY
+#define KEY_DERIV_TEK 0
+#define KEY_DERIV_SALT 1
+#define KEY_DERIV_TRANS_ENCR 2
+#define KEY_DERIV_TRANS_SALT 3
+#define KEY_DERIV_TRANS_AUTH 4
+#define KEY_DERIV_ENCR 5
+#define KEY_DERIV_AUTH 6
+
+#define KEY_AGREEMENT_TYPE_DH 0
+#define KEY_AGREEMENT_TYPE_PSK 1
+#define KEY_AGREEMENT_TYPE_PK 2
+#define KEY_AGREEMENT_TYPE_DHHMAC 3
+#define KEY_AGREEMENT_TYPE_RSA_R 4
+
+
+// Class to hold Security Policy (SP) info
+class LIBMIKEY_API Policy_type {
+ public:
+ Policy_type(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ ~Policy_type();
+ uint8_t policy_No;
+ uint8_t prot_type;
+ uint8_t policy_type;
+ uint8_t length;
+ byte_t * value;
+ private:
+};
+
+class LIBMIKEY_API MikeyMessage;
+
+class LIBMIKEY_API ITgk{
+ public:
+ virtual ~ITgk();
+ /**
+ * If tgk == NULL, generate random TGK of specified size
+ */
+ virtual void setTgk( byte_t * tgk, unsigned int tgkLength )=0;
+ virtual unsigned int tgkLength()=0;
+ virtual byte_t * tgk()=0;
+};
+
+class LIBMIKEY_API KeyAgreement : public MObject,
+ public virtual ITgk{
+ public:
+ KeyAgreement();
+ ~KeyAgreement();
+
+ /* Type of key agreement (DH, PSK, PKE) */
+ virtual int32_t type()=0;
+
+ /* RAND value exchanged during the key agreement */
+ unsigned int randLength();
+ byte_t * rand();
+ void setRand( byte_t * randData, int randLength );
+
+ /* TEK and SALT values, derived from the TGK */
+ void genTek( byte_t cs_id,
+ byte_t * tek, unsigned int tek_length );
+ void genSalt( byte_t cs_id,
+ byte_t * salt, unsigned int salt_length );
+
+ void genEncr( byte_t cs_id,
+ byte_t * e_key, unsigned int e_keylength );
+ void genAuth( byte_t cs_id,
+ byte_t * a_key, unsigned int a_keylength );
+ /* CSB ID: should be random in most cases and generated
+ * by the initiator */
+ unsigned int csbId();
+ virtual void setCsbId( unsigned int );
+
+ /* CS ID map: matches crypto protocol id and CS-id */
+ void setCsIdMapType(uint8_t type);
+ uint8_t getCsIdMapType();
+ MRef<MikeyCsIdMap *> csIdMap();
+ void setCsIdMap( MRef<MikeyCsIdMap *> idMap );
+
+ /* Number of cryptosessions (updated when adding streams) (...or IPsec SA) */
+ byte_t nCs();
+ void setnCs(uint8_t value);
+
+ /* TGK */
+ /**
+ * If tgk == NULL, generate random TGK of specified size
+ */
+ void setTgk( byte_t * tgk, unsigned int tgkLength );
+ unsigned int tgkLength();
+ byte_t * tgk();
+
+ /* KeyValidity information, exchanged during the key
+ * agreement. NULL by default */
+ MRef<KeyValidity *> keyValidity();
+ void setKeyValidity( MRef<KeyValidity *> kv );
+
+
+ /* Access the initiator and responder key agreement data
+ * (MIKEY messages when using MIKEY) */
+ MRef<MikeyMessage *> initiatorData();
+ void setInitiatorData( MRef<MikeyMessage *> );
+ MRef<MikeyMessage *> responderData();
+ void setResponderData( MRef<MikeyMessage *> );
+
+
+ //Set the first Parameter Type in a new security policy. Returns the new Policy number.
+ uint8_t setPolicyParamType(uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ //Add or modify a parameter in an existing policy
+ void setPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ //Create a default policy
+ uint8_t setdefaultPolicy(uint8_t prot_type);
+ //Get a policy entry
+ Policy_type * getPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
+ //For those common cases were the policy type value just is an uint8_t
+ //Only use this function if you know the policy type exist or it is not 0
+ uint8_t getPolicyParamTypeValue(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
+ std::list <Policy_type *> * getPolicy() { return &policy; }
+
+
+ std::string authError();
+ void setAuthError( std::string error );
+
+ virtual std::string getMemObjectType() const {return "KeyAgreement";}
+
+ /* IPSEC Specific */
+ void addIpsecSA( uint32_t spi, uint32_t spiSrcaddr, uint32_t spiDstaddr,
+ byte_t policyNo, byte_t csId = 0);
+
+ /* SRTP Specific */
+
+ /* Get the CSID given the RTP SSRC */
+ byte_t getSrtpCsId( uint32_t ssrc );
+ uint32_t getSrtpRoc( uint32_t ssrc );
+ uint8_t findpolicyNo( uint32_t ssrc );
+
+ /* Set the parametter in an existing CS (used
+ * by the receiver */
+ void setSrtpStreamSsrc( uint32_t ssrc, uint8_t csId );
+ void setSrtpStreamRoc( uint32_t roc, uint8_t csId );
+
+ /* Add an SRTP stream to protect to the CSID map
+ * If csId == 0, add (initiator), else modify existing
+ * (responder) */
+ void addSrtpStream( uint32_t ssrc, uint32_t roc=0,
+ byte_t policyNo=0, byte_t csId=0 );
+
+ virtual MikeyMessage* createMessage()=0;
+
+ protected:
+ void keyDeriv( byte_t cs_id, unsigned int csb_id,
+ byte_t * inkey, unsigned int inkey_length,
+ byte_t * key, unsigned int key_length,
+ int type );
+
+ private:
+ /* Security Policy
+ */
+ std::list <Policy_type *> policy; //Contains the security policy
+
+ byte_t * tgkPtr;
+ unsigned int tgkLengthValue;
+ byte_t * randPtr;
+ unsigned int randLengthValue;
+
+ unsigned int csbIdValue;
+
+ MRef<KeyValidity *> kvPtr;
+ MRef<MikeyCsIdMap *> csIdMapPtr;
+ uint8_t nCsValue;
+ uint8_t CsIdMapType;
+
+
+ MRef<MikeyMessage *> initiatorDataPtr;
+ MRef<MikeyMessage *> responderDataPtr;
+
+ std::string authErrorValue;
+};
+
+#endif
Copied: trunk/libmikey/include/libmikey/KeyAgreementDH.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement_dh.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreementDH.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,105 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#ifndef KEYAGREEMENT_DH_H
+#define KEYAGREEMENT_DH_H
+
+#include<libmikey/libmikey_config.h>
+
+#include<libmikey/KeyAgreement.h>
+
+#define DH_GROUP_OAKLEY5 0
+#define DH_GROUP_OAKLEY1 1
+#define DH_GROUP_OAKLEY2 2
+
+
+class OakleyDH;
+class certificate_chain;
+class certificate;
+class ca_db;
+class SipSim;
+
+class LIBMIKEY_API PeerCertificates {
+ public:
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<ca_db *> aCaDb );
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<certificate_chain*> aPeerCert );
+ virtual ~PeerCertificates();
+ virtual MRef<certificate_chain *> certificateChain();
+ virtual MRef<certificate_chain *> peerCertificateChain();
+ virtual void setPeerCertificateChain( MRef<certificate_chain *> chain );
+ virtual int controlPeerCertificate();
+
+ private:
+ MRef<certificate_chain *> certChainPtr;
+ MRef<certificate_chain *> peerCertChainPtr;
+ MRef<ca_db *> certDbPtr;
+};
+
+class LIBMIKEY_API KeyAgreementDHBase: virtual public ITgk{
+ public:
+ KeyAgreementDHBase();
+ ~KeyAgreementDHBase();
+
+ int computeTgk();
+ int setGroup( int group );
+ int group();
+
+ void setPeerKey( byte_t * peerKey, int peerKeyLength );
+ int peerKeyLength();
+ byte_t * peerKey();
+
+ int publicKeyLength();
+ byte_t * publicKey();
+
+ private:
+ OakleyDH * dh;
+ byte_t * peerKeyPtr;
+ int peerKeyLengthValue;
+ byte_t * publicKeyPtr;
+ int publicKeyLengthValue;
+};
+
+class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
+ public KeyAgreementDHBase,
+ public PeerCertificates{
+ public:
+ KeyAgreementDH( MRef<certificate_chain *> cert,
+ MRef<ca_db *> ca_db );
+ KeyAgreementDH( MRef<SipSim *> sim );
+ ~KeyAgreementDH();
+
+ int32_t type();
+
+ MikeyMessage* createMessage();
+
+ MRef<SipSim*> getSim();
+
+ bool useSim;
+ private:
+ MRef<SipSim *> sim;
+};
+
+#endif
Modified: trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -29,8 +29,8 @@
#include<libmikey/libmikey_config.h>
-#include<libmikey/keyagreement_psk.h>
-#include<libmikey/keyagreement_dh.h>
+#include<libmikey/KeyAgreementPSK.h>
+#include<libmikey/KeyAgreementDH.h>
#include<libmutil/mtypes.h>
/**
Modified: trunk/libmikey/include/libmikey/KeyAgreementPKE.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreementPKE.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/KeyAgreementPKE.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,9 +1,9 @@
#ifndef KEYAGREEMENTPKE_H
#define KEYAGREEMENTPKE_H
-#include <libmikey/keyagreement.h>
-#include <libmikey/keyagreement_psk.h>
-#include <libmikey/keyagreement_dh.h>
+#include <libmikey/KeyAgreement.h>
+#include <libmikey/KeyAgreementPSK.h>
+#include <libmikey/KeyAgreementDH.h>
#include <libmcrypto/cert.h>
/**
Copied: trunk/libmikey/include/libmikey/KeyAgreementPSK.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement_psk.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_psk.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreementPSK.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,129 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#ifndef KEYAGREEMENT_PSK_H
+#define KEYAGREEMENT_PSK_H
+
+#include<libmikey/libmikey_config.h>
+
+#include<libmikey/KeyAgreement.h>
+
+
+
+class LIBMIKEY_API KeyAgreementPSK : public KeyAgreement{
+ public:
+ KeyAgreementPSK( const byte_t * psk, int pskLength );
+ virtual ~KeyAgreementPSK();
+
+ int32_t type();
+
+ /**
+ * Generates a TGK of de given length with the random function from the
+ * OpenSSL library and stores it in this instance
+ */
+ void generateTgk( uint32_t tgkLength = 192 );
+
+ /**
+ * Generates and stores the transport encryption key of the given length.
+ * It is derived by the envelope key
+ */
+ void genTranspEncrKey( byte_t * encrKey, int encrKeyLength );
+
+ /**
+ * Generates and stores the salting key of the given length.
+ * It is also derived by the envelope key
+ */
+ void genTranspSaltKey( byte_t * saltKey, int saltKeyLength );
+
+ /**
+ * Creates and stores the authentication key to authenticate the MAC/signature
+ * of the MIKEY message.
+ */
+ void genTranspAuthKey( byte_t * authKey, int authKeyLength );
+
+ /**
+ * Returns the timestamp on which the message was sent
+ */
+ uint64_t tSent();
+
+ /**
+ * Sets the timestamp
+ */
+ void setTSent( uint64_t tSent );
+
+ /**
+ * Timestamp on which the message was received
+ */
+ uint64_t t_received;
+
+ /**
+ * Authentication key
+ */
+ byte_t * authKey;
+
+ /**
+ * Length of the authentication key
+ */
+ unsigned int authKeyLength;
+
+ /**
+ * If the V bit is set by the initiator, the responder has to send a
+ * verification message.
+ */
+ void setV(int value) {v=value;}
+
+ /**
+ * Used to test if the V bit is set.
+ */
+ int getV() {return v;}
+
+ /**
+ * MAC algorithmus (HMAC-SHA1)
+ */
+ int macAlg;
+
+ virtual MikeyMessage* createMessage();
+
+ protected:
+ KeyAgreementPSK();
+ void setPSK( const byte_t* psk, int pskLength );
+ byte_t* getPSK();
+ int getPSKLength();
+
+ private:
+ byte_t * pskPtr;
+ int pskLengthValue;
+
+ /**
+ * The V bit
+ */
+ int v;
+
+ /**
+ * Timestamp from when the message was sent
+ */
+ uint64_t tSentValue;
+};
+
+#endif
Copied: trunk/libmikey/include/libmikey/KeyValidity.h (from rev 3100, trunk/libmikey/include/libmikey/keyvalidity.h)
Modified: trunk/libmikey/include/libmikey/MikeyMessage.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -36,9 +36,9 @@
#include<libmikey/MikeyPayload.h>
#include<libmikey/MikeyPayloadSIGN.h>
-#include<libmikey/keyagreement.h>
-#include<libmikey/keyagreement_dh.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreement.h>
+#include<libmikey/KeyAgreementDH.h>
+#include<libmikey/KeyAgreementPSK.h>
#include<libmcrypto/cert.h>
#include<list>
Modified: trunk/libmikey/include/libmikey/MikeyPayloadDH.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyPayloadDH.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyPayloadDH.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyPayload.h>
-#include<libmikey/keyvalidity.h>
+#include<libmikey/KeyValidity.h>
#include<libmikey/MikeyMessage.h>
#define MIKEYPAYLOAD_DH_PAYLOAD_TYPE 3
Modified: trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyPayload.h>
-#include<libmikey/keyvalidity.h>
+#include<libmikey/KeyValidity.h>
#define MIKEYPAYLOAD_KEYDATA_PAYLOAD_TYPE 20
Deleted: trunk/libmikey/include/libmikey/keyagreement.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/keyagreement.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,215 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Joachim Orrblad <joachim at orrblad.com>
-*/
-
-
-#ifndef KEYAGREEMENT_H
-#define KEYAGREEMENT_H
-
-#include<libmikey/libmikey_config.h>
-#include<libmikey/MikeyDefs.h>
-
-#include<assert.h>
-
-#include<libmutil/MemObject.h>
-#include<libmikey/keyvalidity.h>
-#include<libmikey/MikeyCsIdMap.h>
-
-#include<iostream>
-// different type of key derivation defined in MIKEY
-#define KEY_DERIV_TEK 0
-#define KEY_DERIV_SALT 1
-#define KEY_DERIV_TRANS_ENCR 2
-#define KEY_DERIV_TRANS_SALT 3
-#define KEY_DERIV_TRANS_AUTH 4
-#define KEY_DERIV_ENCR 5
-#define KEY_DERIV_AUTH 6
-
-#define KEY_AGREEMENT_TYPE_DH 0
-#define KEY_AGREEMENT_TYPE_PSK 1
-#define KEY_AGREEMENT_TYPE_PK 2
-#define KEY_AGREEMENT_TYPE_DHHMAC 3
-#define KEY_AGREEMENT_TYPE_RSA_R 4
-
-
-// Class to hold Security Policy (SP) info
-class LIBMIKEY_API Policy_type {
- public:
- Policy_type(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
- ~Policy_type();
- uint8_t policy_No;
- uint8_t prot_type;
- uint8_t policy_type;
- uint8_t length;
- byte_t * value;
- private:
-};
-
-class LIBMIKEY_API MikeyMessage;
-
-class LIBMIKEY_API ITgk{
- public:
- virtual ~ITgk();
- /**
- * If tgk == NULL, generate random TGK of specified size
- */
- virtual void setTgk( byte_t * tgk, unsigned int tgkLength )=0;
- virtual unsigned int tgkLength()=0;
- virtual byte_t * tgk()=0;
-};
-
-class LIBMIKEY_API KeyAgreement : public MObject,
- public virtual ITgk{
- public:
- KeyAgreement();
- ~KeyAgreement();
-
- /* Type of key agreement (DH, PSK, PKE) */
- virtual int32_t type()=0;
-
- /* RAND value exchanged during the key agreement */
- unsigned int randLength();
- byte_t * rand();
- void setRand( byte_t * randData, int randLength );
-
- /* TEK and SALT values, derived from the TGK */
- void genTek( byte_t cs_id,
- byte_t * tek, unsigned int tek_length );
- void genSalt( byte_t cs_id,
- byte_t * salt, unsigned int salt_length );
-
- void genEncr( byte_t cs_id,
- byte_t * e_key, unsigned int e_keylength );
- void genAuth( byte_t cs_id,
- byte_t * a_key, unsigned int a_keylength );
- /* CSB ID: should be random in most cases and generated
- * by the initiator */
- unsigned int csbId();
- virtual void setCsbId( unsigned int );
-
- /* CS ID map: matches crypto protocol id and CS-id */
- void setCsIdMapType(uint8_t type);
- uint8_t getCsIdMapType();
- MRef<MikeyCsIdMap *> csIdMap();
- void setCsIdMap( MRef<MikeyCsIdMap *> idMap );
-
- /* Number of cryptosessions (updated when adding streams) (...or IPsec SA) */
- byte_t nCs();
- void setnCs(uint8_t value);
-
- /* TGK */
- /**
- * If tgk == NULL, generate random TGK of specified size
- */
- void setTgk( byte_t * tgk, unsigned int tgkLength );
- unsigned int tgkLength();
- byte_t * tgk();
-
- /* KeyValidity information, exchanged during the key
- * agreement. NULL by default */
- MRef<KeyValidity *> keyValidity();
- void setKeyValidity( MRef<KeyValidity *> kv );
-
-
- /* Access the initiator and responder key agreement data
- * (MIKEY messages when using MIKEY) */
- MRef<MikeyMessage *> initiatorData();
- void setInitiatorData( MRef<MikeyMessage *> );
- MRef<MikeyMessage *> responderData();
- void setResponderData( MRef<MikeyMessage *> );
-
-
- //Set the first Parameter Type in a new security policy. Returns the new Policy number.
- uint8_t setPolicyParamType(uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
- //Add or modify a parameter in an existing policy
- void setPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
- //Create a default policy
- uint8_t setdefaultPolicy(uint8_t prot_type);
- //Get a policy entry
- Policy_type * getPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
- //For those common cases were the policy type value just is an uint8_t
- //Only use this function if you know the policy type exist or it is not 0
- uint8_t getPolicyParamTypeValue(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
- std::list <Policy_type *> * getPolicy() { return &policy; }
-
-
- std::string authError();
- void setAuthError( std::string error );
-
- virtual std::string getMemObjectType() const {return "KeyAgreement";}
-
- /* IPSEC Specific */
- void addIpsecSA( uint32_t spi, uint32_t spiSrcaddr, uint32_t spiDstaddr,
- byte_t policyNo, byte_t csId = 0);
-
- /* SRTP Specific */
-
- /* Get the CSID given the RTP SSRC */
- byte_t getSrtpCsId( uint32_t ssrc );
- uint32_t getSrtpRoc( uint32_t ssrc );
- uint8_t findpolicyNo( uint32_t ssrc );
-
- /* Set the parametter in an existing CS (used
- * by the receiver */
- void setSrtpStreamSsrc( uint32_t ssrc, uint8_t csId );
- void setSrtpStreamRoc( uint32_t roc, uint8_t csId );
-
- /* Add an SRTP stream to protect to the CSID map
- * If csId == 0, add (initiator), else modify existing
- * (responder) */
- void addSrtpStream( uint32_t ssrc, uint32_t roc=0,
- byte_t policyNo=0, byte_t csId=0 );
-
- virtual MikeyMessage* createMessage()=0;
-
- protected:
- void keyDeriv( byte_t cs_id, unsigned int csb_id,
- byte_t * inkey, unsigned int inkey_length,
- byte_t * key, unsigned int key_length,
- int type );
-
- private:
- /* Security Policy
- */
- std::list <Policy_type *> policy; //Contains the security policy
-
- byte_t * tgkPtr;
- unsigned int tgkLengthValue;
- byte_t * randPtr;
- unsigned int randLengthValue;
-
- unsigned int csbIdValue;
-
- MRef<KeyValidity *> kvPtr;
- MRef<MikeyCsIdMap *> csIdMapPtr;
- uint8_t nCsValue;
- uint8_t CsIdMapType;
-
-
- MRef<MikeyMessage *> initiatorDataPtr;
- MRef<MikeyMessage *> responderDataPtr;
-
- std::string authErrorValue;
-};
-
-#endif
Deleted: trunk/libmikey/include/libmikey/keyagreement_dh.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,105 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#ifndef KEYAGREEMENT_DH_H
-#define KEYAGREEMENT_DH_H
-
-#include<libmikey/libmikey_config.h>
-
-#include<libmikey/keyagreement.h>
-
-#define DH_GROUP_OAKLEY5 0
-#define DH_GROUP_OAKLEY1 1
-#define DH_GROUP_OAKLEY2 2
-
-
-class OakleyDH;
-class certificate_chain;
-class certificate;
-class ca_db;
-class SipSim;
-
-class LIBMIKEY_API PeerCertificates {
- public:
- PeerCertificates( MRef<certificate_chain*> aCert,
- MRef<ca_db *> aCaDb );
- PeerCertificates( MRef<certificate_chain*> aCert,
- MRef<certificate_chain*> aPeerCert );
- virtual ~PeerCertificates();
- virtual MRef<certificate_chain *> certificateChain();
- virtual MRef<certificate_chain *> peerCertificateChain();
- virtual void setPeerCertificateChain( MRef<certificate_chain *> chain );
- virtual int controlPeerCertificate();
-
- private:
- MRef<certificate_chain *> certChainPtr;
- MRef<certificate_chain *> peerCertChainPtr;
- MRef<ca_db *> certDbPtr;
-};
-
-class LIBMIKEY_API KeyAgreementDHBase: virtual public ITgk{
- public:
- KeyAgreementDHBase();
- ~KeyAgreementDHBase();
-
- int computeTgk();
- int setGroup( int group );
- int group();
-
- void setPeerKey( byte_t * peerKey, int peerKeyLength );
- int peerKeyLength();
- byte_t * peerKey();
-
- int publicKeyLength();
- byte_t * publicKey();
-
- private:
- OakleyDH * dh;
- byte_t * peerKeyPtr;
- int peerKeyLengthValue;
- byte_t * publicKeyPtr;
- int publicKeyLengthValue;
-};
-
-class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
- public KeyAgreementDHBase,
- public PeerCertificates{
- public:
- KeyAgreementDH( MRef<certificate_chain *> cert,
- MRef<ca_db *> ca_db );
- KeyAgreementDH( MRef<SipSim *> sim );
- ~KeyAgreementDH();
-
- int32_t type();
-
- MikeyMessage* createMessage();
-
- MRef<SipSim*> getSim();
-
- bool useSim;
- private:
- MRef<SipSim *> sim;
-};
-
-#endif
Deleted: trunk/libmikey/include/libmikey/keyagreement_psk.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_psk.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/keyagreement_psk.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,129 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#ifndef KEYAGREEMENT_PSK_H
-#define KEYAGREEMENT_PSK_H
-
-#include<libmikey/libmikey_config.h>
-
-#include<libmikey/keyagreement.h>
-
-
-
-class LIBMIKEY_API KeyAgreementPSK : public KeyAgreement{
- public:
- KeyAgreementPSK( const byte_t * psk, int pskLength );
- virtual ~KeyAgreementPSK();
-
- int32_t type();
-
- /**
- * Generates a TGK of de given length with the random function from the
- * OpenSSL library and stores it in this instance
- */
- void generateTgk( uint32_t tgkLength = 192 );
-
- /**
- * Generates and stores the transport encryption key of the given length.
- * It is derived by the envelope key
- */
- void genTranspEncrKey( byte_t * encrKey, int encrKeyLength );
-
- /**
- * Generates and stores the salting key of the given length.
- * It is also derived by the envelope key
- */
- void genTranspSaltKey( byte_t * saltKey, int saltKeyLength );
-
- /**
- * Creates and stores the authentication key to authenticate the MAC/signature
- * of the MIKEY message.
- */
- void genTranspAuthKey( byte_t * authKey, int authKeyLength );
-
- /**
- * Returns the timestamp on which the message was sent
- */
- uint64_t tSent();
-
- /**
- * Sets the timestamp
- */
- void setTSent( uint64_t tSent );
-
- /**
- * Timestamp on which the message was received
- */
- uint64_t t_received;
-
- /**
- * Authentication key
- */
- byte_t * authKey;
-
- /**
- * Length of the authentication key
- */
- unsigned int authKeyLength;
-
- /**
- * If the V bit is set by the initiator, the responder has to send a
- * verification message.
- */
- void setV(int value) {v=value;}
-
- /**
- * Used to test if the V bit is set.
- */
- int getV() {return v;}
-
- /**
- * MAC algorithmus (HMAC-SHA1)
- */
- int macAlg;
-
- virtual MikeyMessage* createMessage();
-
- protected:
- KeyAgreementPSK();
- void setPSK( const byte_t* psk, int pskLength );
- byte_t* getPSK();
- int getPSKLength();
-
- private:
- byte_t * pskPtr;
- int pskLengthValue;
-
- /**
- * The V bit
- */
- int v;
-
- /**
- * Timestamp from when the message was sent
- */
- uint64_t tSentValue;
-};
-
-#endif
Deleted: trunk/libmikey/include/libmikey/keyvalidity.h
===================================================================
--- trunk/libmikey/include/libmikey/keyvalidity.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/keyvalidity.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,93 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#ifndef KEYVALIDITY_H
-#define KEYVALIDITY_H
-
-#include<libmikey/libmikey_config.h>
-
-#define KEYVALIDITY_NULL 0
-#define KEYVALIDITY_SPI 1
-#define KEYVALIDITY_INTERVAL 2
-
-#include<libmikey/MikeyDefs.h>
-#include<libmutil/MemObject.h>
-
-#define KeyValidityNull KeyValidity
-
-class LIBMIKEY_API KeyValidity : public MObject{
- public:
- KeyValidity();
- KeyValidity( const KeyValidity& );
- ~KeyValidity();
-
- void operator =( const KeyValidity& );
- virtual int length();
- int type();
- virtual void writeData( byte_t * start, int expectedLength );
- virtual std::string debugDump();
- virtual std::string getMemObjectType() const { return "KeyValidity"; };
- protected:
- int typeValue;
-
-};
-
-class LIBMIKEY_API KeyValiditySPI : public KeyValidity{
- public:
- KeyValiditySPI();
- KeyValiditySPI( const KeyValiditySPI& );
- KeyValiditySPI( byte_t * rawData, int lengthLimit );
- KeyValiditySPI( int length, byte_t * spi );
- virtual ~KeyValiditySPI();
-
- void operator =( const KeyValiditySPI& );
- virtual int length();
- virtual void writeData( byte_t * start, int expectedLength );
- virtual std::string debugDump();
- private:
- int spiLength;
- byte_t *spiPtr;
-};
-
-class LIBMIKEY_API KeyValidityInterval : public KeyValidity{
- public:
- KeyValidityInterval();
- KeyValidityInterval( const KeyValidityInterval& );
- KeyValidityInterval( byte_t * rawData, int lengthLimit );
- KeyValidityInterval( int vfLength, byte_t * vf,
- int vtLength, byte_t * vt );
- virtual ~KeyValidityInterval();
-
- void operator =( const KeyValidityInterval& );
- virtual int length();
- virtual void writeData(byte_t * start, int expectedLength);
- virtual std::string debugDump();
- private:
- int vfLength;
- byte_t * vf;
- int vtLength;
- byte_t * vt;
-};
-
-#endif
Copied: trunk/libmikey/keyagreement/KeyAgreement.cxx (from rev 3100, trunk/libmikey/keyagreement/keyagreement.cxx)
===================================================================
--- trunk/libmikey/keyagreement/keyagreement.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/keyagreement/KeyAgreement.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,529 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Joachim Orrblad <joachim at orrblad.com>
+*/
+
+
+#include<config.h>
+#include<libmikey/KeyAgreement.h>
+#include<libmikey/MikeyPayloadSP.h>
+#include<libmikey/MikeyMessage.h>
+#include<string.h>
+#include<libmcrypto/hmac.h>
+#include<libmcrypto/rand.h>
+
+using namespace std;
+
+ITgk::~ITgk(){
+}
+
+KeyAgreement::KeyAgreement():
+ tgkPtr(NULL), tgkLengthValue(0),
+ randPtr(NULL), randLengthValue(0),
+ csbIdValue(0),
+ csIdMapPtr(NULL), nCsValue(0){
+ //policy = list<Policy_type *>::list();
+ kvPtr = new KeyValidityNull();
+
+}
+
+KeyAgreement::~KeyAgreement(){
+ if( tgkPtr )
+ delete [] tgkPtr;
+ if( randPtr )
+ delete [] randPtr;
+ list<Policy_type *>::iterator i;
+ for( i = policy.begin(); i != policy.end() ; i++ )
+ delete *i;
+ policy.clear();
+}
+
+unsigned int KeyAgreement::tgkLength(){
+ return tgkLengthValue;
+}
+
+unsigned char * KeyAgreement::tgk(){
+ return tgkPtr;
+}
+
+unsigned int KeyAgreement::randLength(){
+ return randLengthValue;
+}
+
+unsigned char * KeyAgreement::rand(){
+ return randPtr;
+}
+
+MRef<KeyValidity *> KeyAgreement::keyValidity(){
+ return kvPtr;
+}
+
+void KeyAgreement::setKeyValidity( MRef<KeyValidity *> kv ){
+ this->kvPtr = NULL;
+
+ switch( kv->type() ){
+ case KEYVALIDITY_NULL:
+ this->kvPtr = new KeyValidityNull();
+ break;
+ case KEYVALIDITY_SPI:
+ this->kvPtr =
+ new KeyValiditySPI( *(KeyValiditySPI *)(*kv) );
+ break;
+ case KEYVALIDITY_INTERVAL:
+ this->kvPtr = new KeyValidityInterval(
+ *(KeyValidityInterval *)(*kv) );
+ break;
+ default:
+ return;
+ }
+}
+
+void KeyAgreement::setRand( unsigned char * rand, int randLengthValue ){
+ this->randLengthValue = randLengthValue;
+
+ if( this->randPtr )
+ delete [] this->randPtr;
+
+ this->randPtr = new unsigned char[ randLengthValue ];
+ memcpy( this->randPtr, rand, randLengthValue );
+}
+
+/* Described in draft-ietf-msec-mikey-07.txt Section 4.1.2 */
+void p( unsigned char * s, unsigned int sLength,
+ unsigned char * label, unsigned int labelLength,
+ unsigned int m,
+ unsigned char * output )
+{
+ unsigned int i;
+ unsigned int hmac_output_length;
+ byte_t * hmac_input = new byte_t[ labelLength + 20 ];
+
+ /* initial step */
+ hmac_sha1( s, sLength,
+ label, labelLength,
+ hmac_input, &hmac_output_length );
+ assert( hmac_output_length == 20 );
+ memcpy( &hmac_input[20], label, labelLength );
+
+ hmac_sha1( s, sLength,
+ hmac_input, labelLength + 20,
+ output, &hmac_output_length );
+ assert( hmac_output_length == 20 );
+
+ for( i = 2; i <= m ; i++ )
+ {
+ /* Update the first part of the hmac_input (A_i)
+ * with the MAC of the previous one (A_(i-1)) */
+ hmac_sha1( s, sLength,
+ hmac_input, 20,
+ hmac_input, &hmac_output_length );
+ assert( hmac_output_length == 20 );
+
+ hmac_sha1( s, sLength,
+ hmac_input, labelLength + 20,
+ &output[ 20 * (i-1) ], &hmac_output_length );
+ assert( hmac_output_length == 20 );
+ }
+
+ delete [] hmac_input;
+}
+
+/* Described in draft-ietf-msec-mikey-07.txt Section 4.1.3 */
+void prf( unsigned char * inkey, unsigned int inkeyLength,
+ unsigned char * label, unsigned int labelLength,
+ unsigned char * outkey, unsigned int outkeyLength )
+{
+ unsigned int n;
+ unsigned int m;
+ unsigned int i;
+ unsigned int j;
+ unsigned char * p_output;
+ n = ( inkeyLength + 63 )/ 64;
+ m = ( outkeyLength + 19 )/ 20;
+
+ p_output = new unsigned char[ m * 20 ];
+
+ memset( outkey, 0, outkeyLength );
+ for( i = 1; i <= n-1; i++ )
+ {
+ p( &inkey[ (i-1)*64 ], 64, label, labelLength, m, p_output );
+ for( j = 0; j < outkeyLength; j++ )
+ {
+ outkey[j] ^= p_output[j];
+ }
+ }
+
+ /* Last step */
+ p( &inkey[ (n-1)*64 ], inkeyLength % 64,
+ label, labelLength, m, p_output );
+
+ for( j = 0; j < outkeyLength; j++ )
+ {
+ outkey[j] ^= p_output[j];
+ }
+ delete [] p_output;
+}
+
+void KeyAgreement::keyDeriv( unsigned char csId, unsigned int csbIdValue,
+ unsigned char * inkey, unsigned int inkeyLength,
+ unsigned char * key, unsigned int keyLength ,
+ int type ){
+
+ byte_t * label = new byte_t[4+4+1+randLengthValue];
+
+ switch( type ){
+ case KEY_DERIV_SALT:
+ label[0] = 0x39;
+ label[1] = 0xA2;
+ label[2] = 0xC1;
+ label[3] = 0x4B;
+ break;
+ case KEY_DERIV_TEK:
+ label[0] = 0x2A;
+ label[1] = 0xD0;
+ label[2] = 0x1C;
+ label[3] = 0x64;
+ break;
+ case KEY_DERIV_TRANS_ENCR:
+ label[0] = 0x15;
+ label[1] = 0x05;
+ label[2] = 0x33;
+ label[3] = 0xE1;
+ break;
+ case KEY_DERIV_TRANS_SALT:
+ label[0] = 0x29;
+ label[1] = 0xB8;
+ label[2] = 0x89;
+ label[3] = 0x16;
+ break;
+ case KEY_DERIV_TRANS_AUTH:
+ label[0] = 0x2D;
+ label[1] = 0x22;
+ label[2] = 0xAC;
+ label[3] = 0x75;
+ break;
+ case KEY_DERIV_ENCR:
+ label[0] = 0x15;
+ label[1] = 0x79;
+ label[2] = 0x8C;
+ label[3] = 0xEF;
+ break;
+ case KEY_DERIV_AUTH:
+ label[0] = 0x1B;
+ label[1] = 0x5C;
+ label[2] = 0x79;
+ label[3] = 0x73;
+ break;
+ }
+
+ label[4] = csId;
+
+ label[5] = (unsigned char)((csbIdValue>>24) & 0xFF);
+ label[6] = (unsigned char)((csbIdValue>>16) & 0xFF);
+ label[7] = (unsigned char)((csbIdValue>>8) & 0xFF);
+ label[8] = (unsigned char)(csbIdValue & 0xFF);
+ memcpy( &label[9], randPtr, randLengthValue );
+ prf( inkey, inkeyLength, label, 9 + randLengthValue, key, keyLength );
+
+ delete [] label;
+}
+
+void KeyAgreement::genTek( unsigned char csId,
+ unsigned char * tek, unsigned int tekLength ){
+ keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
+ tek, tekLength, KEY_DERIV_TEK );
+}
+
+void KeyAgreement::genSalt( unsigned char csId,
+ unsigned char * salt, unsigned int saltLength ){
+ keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
+ salt, saltLength, KEY_DERIV_SALT );
+}
+
+void KeyAgreement::genEncr( unsigned char csId,
+ unsigned char * e_key, unsigned int e_keylen ){
+ keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
+ e_key, e_keylen, KEY_DERIV_ENCR );
+}
+
+void KeyAgreement::genAuth( unsigned char csId,
+ unsigned char * a_key, unsigned int a_keylen ){
+ keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
+ a_key, a_keylen, KEY_DERIV_AUTH );
+}
+
+unsigned int KeyAgreement::csbId(){
+ return csbIdValue;
+}
+
+void KeyAgreement::setCsbId( unsigned int csbIdValue ){
+ this->csbIdValue = csbIdValue;
+}
+
+void KeyAgreement::setTgk( unsigned char * tgk, unsigned int tgkLengthValue ){
+ if( this->tgkPtr )
+ delete [] this->tgkPtr;
+ this->tgkLengthValue = tgkLengthValue;
+ this->tgkPtr = new unsigned char[ tgkLengthValue ];
+ if( tgk ){
+ memcpy( this->tgkPtr, tgk, tgkLengthValue );
+ }
+ else{
+ Rand::randomize( this->tgkPtr, tgkLengthValue );
+ }
+}
+
+MRef<MikeyMessage *> KeyAgreement::initiatorData(){
+ return initiatorDataPtr;
+}
+
+void KeyAgreement::setInitiatorData( MRef<MikeyMessage *> data ){
+ initiatorDataPtr = data;
+}
+
+MRef<MikeyMessage *> KeyAgreement::responderData(){
+ return responderDataPtr;
+}
+
+void KeyAgreement::setResponderData( MRef<MikeyMessage *> data ){
+ responderDataPtr = data;
+}
+
+string KeyAgreement::authError(){
+ return authErrorValue;
+}
+
+void KeyAgreement::setAuthError( string error ){
+ authErrorValue = error;
+}
+
+void KeyAgreement::setCsIdMap( MRef<MikeyCsIdMap *> idMap ){
+ csIdMapPtr = idMap;
+}
+
+MRef<MikeyCsIdMap *> KeyAgreement::csIdMap(){
+ return csIdMapPtr;
+}
+
+byte_t KeyAgreement::nCs(){
+ return nCsValue;
+}
+
+void KeyAgreement::setnCs(uint8_t value){
+ nCsValue = value;
+}
+
+byte_t KeyAgreement::getSrtpCsId( uint32_t ssrc ){
+ MikeyCsIdMapSrtp * csIdMap =
+ dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+
+ if( csIdMap == NULL ){
+ return 0;
+ }
+
+ return csIdMap->findCsId( ssrc );
+}
+
+uint32_t KeyAgreement::getSrtpRoc( uint32_t ssrc ){
+ MikeyCsIdMapSrtp * csIdMap =
+ dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+
+ if( csIdMap == NULL ){
+ return 0;
+ }
+ return csIdMap->findRoc( ssrc );
+}
+
+uint8_t KeyAgreement::findpolicyNo( uint32_t ssrc ){
+ MikeyCsIdMapSrtp * csIdMap =
+ dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+ if( csIdMap == NULL ){
+ return 0;
+ }
+ return csIdMap->findpolicyNo( ssrc );
+}
+
+void KeyAgreement::setSrtpStreamSsrc( uint32_t ssrc, uint8_t csId ){
+ MikeyCsIdMapSrtp * csIdMap =
+ dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+ if( csIdMap == NULL ){
+ return;
+ }
+ csIdMap->setSsrc( ssrc, csId );
+}
+
+void KeyAgreement::setSrtpStreamRoc( uint32_t roc, uint8_t csId ){
+ MikeyCsIdMapSrtp * csIdMap =
+ dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+ if( csIdMap == NULL ){
+ return;
+ }
+ csIdMap->setRoc( roc, csId );
+}
+
+
+void KeyAgreement::addSrtpStream( uint32_t ssrc, uint32_t roc, byte_t policyNo, byte_t csId ){
+ MikeyCsIdMapSrtp * csIdMap;
+
+ if( !csIdMapPtr ){
+ csIdMapPtr = new MikeyCsIdMapSrtp();
+ csIdMap = (MikeyCsIdMapSrtp *)(*csIdMapPtr);
+ }
+ else{
+ csIdMap = dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
+ }
+
+ csIdMap->addStream( ssrc, roc, policyNo, csId );
+
+ if( csId == 0 )
+ nCsValue ++;
+}
+
+void KeyAgreement::addIpsecSA( uint32_t spi, uint32_t spiSrcaddr, uint32_t spiDstaddr, byte_t policyNo, byte_t csId){
+ MikeyCsIdMapIPSEC4 * csIdMap = dynamic_cast<MikeyCsIdMapIPSEC4 *>( *csIdMapPtr );
+ if( csIdMap == NULL ){
+ csIdMapPtr = new MikeyCsIdMapIPSEC4();
+ csIdMap = (MikeyCsIdMapIPSEC4 *)(*csIdMapPtr);
+ }
+ csIdMap->addSA(spi, spiSrcaddr, spiDstaddr, policyNo, csId);
+ if( csId == 0 )
+ nCsValue ++;
+}
+
+void KeyAgreement::setCsIdMapType(uint8_t type){
+ CsIdMapType = type;
+}
+uint8_t KeyAgreement::getCsIdMapType(){
+ return CsIdMapType;
+}
+
+/* Security Policy */
+
+void KeyAgreement::setPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
+ Policy_type * pol;
+ if ( (pol = getPolicyParamType(policy_No, prot_type, policy_type) ) == NULL)
+ policy.push_back (new Policy_type(policy_No, prot_type, policy_type, length, value));
+ else {
+ policy.remove(pol);
+ delete pol;
+ policy.push_back (new Policy_type(policy_No, prot_type, policy_type, length, value));
+ }
+}
+
+uint8_t KeyAgreement::setPolicyParamType(uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
+ list<Policy_type *>::iterator i;
+ uint8_t policyNo = 0;
+ i = policy.begin();
+ while( i != policy.end() ){
+ if( (*i)->policy_No == policyNo ){
+ i = policy.begin();
+ policyNo++;
+ }
+ else
+ i++;
+ }
+ policy.push_back (new Policy_type(policyNo, prot_type, policy_type, length, value));
+ return policyNo;
+}
+
+static byte_t ipsec4values[] = {MIKEY_IPSEC_SATYPE_ESP,MIKEY_IPSEC_MODE_TRANSPORT,MIKEY_IPSEC_SAFLAG_PSEQ,MIKEY_IPSEC_EALG_3DESCBC,24,MIKEY_IPSEC_AALG_SHA1HMAC,16};
+static byte_t srtpvalues[] ={MIKEY_SRTP_EALG_AESCM,16,MIKEY_SRTP_AALG_SHA1HMAC,20,14,MIKEY_SRTP_PRF_AESCM,0,1,1,MIKEY_FEC_ORDER_FEC_SRTP,1,10,0};
+
+uint8_t KeyAgreement::setdefaultPolicy(uint8_t prot_type){
+ list<Policy_type *>::iterator iter;
+ uint8_t policyNo = 0;
+ iter = policy.begin();
+ while( iter != policy.end() ){
+ if( (*iter)->policy_No == policyNo ){
+ iter = policy.begin();
+ policyNo++;
+ }
+ else
+ iter++;
+ }
+ int i, arraysize;
+ switch (prot_type) {
+ case MIKEY_PROTO_SRTP:
+ arraysize = 13;
+ for(i=0; i< arraysize; i++)
+ policy.push_back (new Policy_type(policyNo, prot_type, i, 1, &srtpvalues[i]));
+ break;
+ case MIKEY_PROTO_IPSEC4:
+ arraysize = 7;
+ for(i=0; i< arraysize; i++)
+ policy.push_back (new Policy_type(policyNo, prot_type, i, 1, &ipsec4values[i]));
+ break;
+ }
+ return policyNo;
+}
+
+Policy_type * KeyAgreement::getPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type){
+ list<Policy_type *>::iterator i;
+ for( i = policy.begin(); i != policy.end() ; i++ )
+ if( (*i)->policy_No == policy_No && (*i)->prot_type == prot_type && (*i)->policy_type == policy_type )
+ return *i;
+ return NULL;
+}
+
+uint8_t KeyAgreement::getPolicyParamTypeValue(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type){
+ list<Policy_type *>::iterator i;
+ for( i = policy.begin(); i != policy.end() ; i++ )
+ if( (*i)->policy_No == policy_No && (*i)->prot_type == prot_type && (*i)->policy_type == policy_type && (*i)->length == 1)
+ return (uint8_t)(*i)->value[0];
+
+ switch(prot_type) {
+ case MIKEY_PROTO_SRTP:
+ if (policy_type < sizeof(srtpvalues)/sizeof(srtpvalues[0]))
+ return srtpvalues[policy_type];
+ printf("MIKEY_PROTO_SRTP type out of range %d", policy_type);
+ break;
+ case MIKEY_PROTO_IPSEC4:
+ if (policy_type < sizeof(ipsec4values)/sizeof(ipsec4values[0]))
+ return ipsec4values[policy_type];
+ printf("MIKEY_PROTO_IPSEC4 type out of range %d", policy_type);
+ break;
+ default:
+ break;
+ }
+ return 0;
+}
+
+Policy_type::Policy_type(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
+ this->policy_No = policy_No;
+ this->prot_type = prot_type;
+ this->policy_type = policy_type;
+ this->length = length;
+ this->value = (byte_t*) calloc (length,sizeof(byte_t));
+ for(int i=0; i< length; i++)
+ this->value[i] = value[i];
+}
+
+Policy_type::~Policy_type(){
+ free(value);
+}
+
+
+
+
+
+
+
Copied: trunk/libmikey/keyagreement/KeyAgreementDH.cxx (from rev 3100, trunk/libmikey/keyagreement/keyagreement_dh.cxx)
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/keyagreement/KeyAgreementDH.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,200 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+#include<libmikey/KeyAgreementDH.h>
+#include<libmikey/MikeyException.h>
+#include<libmikey/MikeyMessage.h>
+#include<libmcrypto/OakleyDH.h>
+#include<libmcrypto/SipSim.h>
+
+using namespace std;
+
+//
+// PeerCertificates
+//
+PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
+ MRef<ca_db *> aCaDb ):
+ certChainPtr( aCert ),
+ certDbPtr( aCaDb )
+{
+ peerCertChainPtr = certificate_chain::create();
+}
+
+PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
+ MRef<certificate_chain *> aPeerCert ):
+ certChainPtr( aCert ),
+ peerCertChainPtr( aPeerCert )
+{
+}
+
+PeerCertificates::~PeerCertificates(){
+}
+
+//
+// KeyAgreementDHBase
+//
+KeyAgreementDHBase::KeyAgreementDHBase():
+ peerKeyPtr( NULL ),
+ peerKeyLengthValue( 0 ),
+ publicKeyPtr( NULL ),
+ publicKeyLengthValue( 0 )
+{
+ dh = new OakleyDH();
+ if( dh == NULL )
+ {
+ throw MikeyException( "Could not create "
+ "DH parameters." );
+ }
+}
+
+KeyAgreementDHBase::~KeyAgreementDHBase(){
+ delete dh;
+ if( peerKeyPtr != NULL ){
+ delete [] peerKeyPtr;
+ peerKeyPtr = NULL;
+ }
+ if( publicKeyPtr != NULL ){
+ delete [] publicKeyPtr;
+ publicKeyPtr = NULL;
+ }
+}
+
+//
+// KeyAgreementDH
+//
+KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
+ MRef<ca_db *> certDbPtr ):
+ KeyAgreement(),
+ PeerCertificates( certChainPtr, certDbPtr ),
+ useSim(false)
+{
+}
+
+KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
+ PeerCertificates( s->getCertificateChain(), s->getCAs() ),
+ useSim(true),
+ sim(s)
+{
+
+}
+
+KeyAgreementDH::~KeyAgreementDH(){
+}
+
+int32_t KeyAgreementDH::type(){
+ return KEY_AGREEMENT_TYPE_DH;
+}
+
+int KeyAgreementDHBase::setGroup( int groupValue ){
+ if( !dh->setGroup( groupValue ) )
+ return 1;
+
+ uint32_t len = dh->secretLength();
+
+ if( len != tgkLength() || !tgk() ){
+ setTgk( NULL, len );
+ }
+
+ int32_t length = dh->publicKeyLength();
+ if( length != publicKeyLengthValue ){
+ if( publicKeyPtr ){
+ delete[] publicKeyPtr;
+ }
+ publicKeyLengthValue = length;
+ publicKeyPtr = new unsigned char[ length ];
+ }
+ dh->getPublicKey( publicKeyPtr, length );
+
+ return 0;
+}
+
+void KeyAgreementDHBase::setPeerKey( unsigned char * peerKeyPtr,
+ int peerKeyLengthValue ){
+ if( this->peerKeyPtr )
+ delete[] this->peerKeyPtr;
+
+ this->peerKeyPtr = new unsigned char[ peerKeyLengthValue ];
+ this->peerKeyLengthValue = peerKeyLengthValue;
+ memcpy( this->peerKeyPtr, peerKeyPtr, peerKeyLengthValue );
+
+}
+
+int KeyAgreementDHBase::publicKeyLength(){
+ return publicKeyLengthValue;
+}
+
+unsigned char * KeyAgreementDHBase::publicKey(){
+ return publicKeyPtr;
+}
+
+int KeyAgreementDHBase::computeTgk(){
+ assert( peerKeyPtr );
+
+ int res = dh->computeSecret( peerKeyPtr, peerKeyLengthValue, tgk(), tgkLength() );
+ return res;
+}
+
+int KeyAgreementDHBase::group(){
+ if( !publicKeyPtr )
+ return -1;
+
+ return dh->group();
+}
+
+int KeyAgreementDHBase::peerKeyLength(){
+ return peerKeyLengthValue;
+}
+
+unsigned char * KeyAgreementDHBase::peerKey(){
+ return peerKeyPtr;
+}
+
+MRef<certificate_chain *> PeerCertificates::certificateChain(){
+ return certChainPtr;
+}
+
+MRef<certificate_chain *> PeerCertificates::peerCertificateChain(){
+ return peerCertChainPtr;
+}
+
+void PeerCertificates::setPeerCertificateChain( MRef<certificate_chain *> peerChain ){
+ peerCertChainPtr = peerChain;
+}
+
+int PeerCertificates::controlPeerCertificate(){
+ if( peerCertChainPtr.isNull() || certDbPtr.isNull() )
+ return 0;
+ return peerCertChainPtr->control( certDbPtr );
+}
+
+MikeyMessage* KeyAgreementDH::createMessage(){
+ return MikeyMessage::create( this );
+}
+
+MRef<SipSim*> KeyAgreementDH::getSim(){
+ return sim;
+}
Copied: trunk/libmikey/keyagreement/KeyAgreementPSK.cxx (from rev 3100, trunk/libmikey/keyagreement/keyagreement_psk.cxx)
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_psk.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/keyagreement/KeyAgreementPSK.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,111 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#include<config.h>
+#include<libmikey/MikeyMessage.h>
+#include<libmikey/KeyAgreementPSK.h>
+
+KeyAgreementPSK::KeyAgreementPSK():
+ KeyAgreement(),t_received(0),authKey(NULL),authKeyLength(0),
+ macAlg(0),pskPtr(NULL),pskLengthValue(0),v(0),tSentValue(0){
+}
+
+KeyAgreementPSK::KeyAgreementPSK( const unsigned char * pskPtr, int pskLengthValue ):
+ KeyAgreement(),t_received(0),authKey(NULL),authKeyLength(0),
+ macAlg(0),pskPtr(NULL),pskLengthValue(0),v(0),tSentValue(0){
+ //policy = list<Policy_type *>::list();
+ this->pskLengthValue = pskLengthValue;
+ this->pskPtr = new unsigned char[ pskLengthValue ];
+ memcpy( this->pskPtr, pskPtr, pskLengthValue );
+
+}
+
+KeyAgreementPSK::~KeyAgreementPSK(){
+ if( pskPtr ){
+ delete [] pskPtr;
+ }
+
+ if( authKey ){
+ delete[] authKey;
+ authKey = NULL;
+ }
+}
+
+int32_t KeyAgreementPSK::type(){
+ return KEY_AGREEMENT_TYPE_PSK;
+}
+
+void KeyAgreementPSK::generateTgk( uint32_t tgkLength ){
+ // Generate random TGK
+ setTgk( NULL, tgkLength );
+}
+
+void KeyAgreementPSK::genTranspEncrKey(
+ unsigned char * encrKey, int encrKeyLength ){
+ keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
+ encrKey, encrKeyLength, KEY_DERIV_TRANS_ENCR );
+}
+
+void KeyAgreementPSK::genTranspSaltKey(
+ unsigned char * encrKey, int encrKeyLength ){
+ keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
+ encrKey, encrKeyLength, KEY_DERIV_TRANS_SALT );
+}
+
+void KeyAgreementPSK::genTranspAuthKey(
+ unsigned char * encrKey, int encrKeyLength ){
+ keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
+ encrKey, encrKeyLength, KEY_DERIV_TRANS_AUTH );
+}
+
+uint64_t KeyAgreementPSK::tSent(){
+ return tSentValue;
+}
+
+void KeyAgreementPSK::setTSent( uint64_t tSent ){
+ this->tSentValue = tSent;
+}
+
+MikeyMessage* KeyAgreementPSK::createMessage(){
+ return MikeyMessage::create( this );
+}
+
+void KeyAgreementPSK::setPSK( const byte_t* psk, int pskLength ){
+ if( pskPtr ){
+ delete[] pskPtr;
+ pskPtr = NULL;
+ }
+
+ pskLengthValue = pskLength;
+ pskPtr = new byte_t[ pskLength ];
+ memcpy( pskPtr, psk, pskLength );
+}
+
+int KeyAgreementPSK::getPSKLength(){
+ return pskLengthValue;
+}
+
+byte_t* KeyAgreementPSK::getPSK(){
+ return pskPtr;
+}
Copied: trunk/libmikey/keyagreement/KeyValidity.cxx (from rev 3100, trunk/libmikey/keyagreement/keyvalidity.cxx)
===================================================================
--- trunk/libmikey/keyagreement/keyvalidity.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/keyagreement/KeyValidity.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,219 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#include<config.h>
+#include<libmikey/KeyValidity.h>
+#include<libmikey/MikeyException.h>
+#include<libmikey/MikeyDefs.h>
+#include<assert.h>
+#include<libmutil/stringutils.h>
+
+using namespace std;
+
+KeyValidity::KeyValidity(){
+ typeValue = KEYVALIDITY_NULL;
+
+}
+
+KeyValidity::KeyValidity( const KeyValidity& ){
+ typeValue = KEYVALIDITY_NULL;
+
+}
+
+KeyValidity::~KeyValidity(){};
+
+int KeyValidity::type(){
+ return typeValue;
+}
+
+int KeyValidity::length(){
+ return 0;
+}
+
+void KeyValidity::writeData( byte_t * start, int expectedLength){
+
+}
+
+string KeyValidity::debugDump(){
+ return "KeyValidityNull";
+}
+
+void KeyValidity::operator =( const KeyValidity& ){
+ typeValue = KEYVALIDITY_NULL;
+}
+
+KeyValiditySPI::KeyValiditySPI():spiLength(0),spiPtr(NULL){
+ typeValue = KEYVALIDITY_SPI;
+
+}
+
+KeyValiditySPI::KeyValiditySPI( const KeyValiditySPI& source ){
+ typeValue = KEYVALIDITY_SPI;
+ spiLength = source.spiLength;
+ spiPtr = new byte_t[ spiLength ];
+ memcpy( this->spiPtr, source.spiPtr, spiLength );
+}
+
+KeyValiditySPI::KeyValiditySPI( byte_t * rawData, int lengthLimit ){
+
+ if( lengthLimit < 1 ){
+ throw MikeyExceptionMessageLengthException(
+ "Given data is too short to form a KeyValiditySPI" );
+ }
+
+ spiLength = rawData[0];
+
+ if( lengthLimit < 1 + spiLength ){
+ throw MikeyExceptionMessageLengthException(
+ "Given data is too short to form a KeyValiditySPI" );
+ }
+
+ spiPtr = new byte_t[ spiLength ];
+ memcpy( spiPtr, &rawData[1], spiLength );
+}
+
+
+KeyValiditySPI::KeyValiditySPI( int length, byte_t * spi ){
+ this->spiPtr = new byte_t[ length ];
+ memcpy( this->spiPtr, spi, length );
+ this->spiLength = length;
+}
+
+int KeyValiditySPI::length(){
+ return spiLength + 1; //data + length;
+}
+
+void KeyValiditySPI::writeData( byte_t * start, int expectedLength ){
+ assert( expectedLength == length() );
+ start[0] = spiLength;
+ memcpy( &start[1], spiPtr, spiLength );
+}
+
+string KeyValiditySPI::debugDump(){
+ return (const char *)("KeyValiditySPI: spi=<") +
+ binToHex( spiPtr, spiLength );
+}
+
+KeyValiditySPI::~KeyValiditySPI(){
+ if( spiPtr )
+ delete [] spiPtr;
+ return;
+}
+
+void KeyValiditySPI::operator =( const KeyValiditySPI& source ){
+ if( spiPtr ){
+ delete [] spiPtr;
+ }
+
+ spiLength = source.spiLength;
+ spiPtr = new byte_t[ spiLength ];
+ memcpy( spiPtr, source.spiPtr, spiLength );
+}
+
+KeyValidityInterval::KeyValidityInterval():vfLength(0),vf(NULL),vtLength(0),
+ vt(NULL){
+ typeValue = KEYVALIDITY_INTERVAL;
+}
+
+KeyValidityInterval::KeyValidityInterval( const KeyValidityInterval& source ){
+ typeValue = KEYVALIDITY_INTERVAL;
+ vfLength = source.vfLength;
+ vf = new byte_t[ vfLength ];
+ memcpy( vf, source.vf, vfLength );
+ vtLength = source.vtLength;
+ vt = new byte_t[ vtLength ];
+ memcpy( vt, source.vt, vtLength );
+}
+
+
+KeyValidityInterval::KeyValidityInterval(byte_t * raw_data, int length_limit){
+ if( length_limit < 2 )
+ throw MikeyExceptionMessageLengthException(
+ "Given data is too short to form a KeyValidityInterval" );
+ vfLength = raw_data[0];
+ if( length_limit < 2 + vfLength )
+ throw MikeyExceptionMessageLengthException(
+ "Given data is too short to form a KeyValidityInterval" );
+ vf = new byte_t[ vfLength ];
+ memcpy( vf, &raw_data[1], vfLength );
+ vtLength = raw_data[vfLength + 1];
+ if( length_limit < 2 + vfLength + vtLength )
+ throw MikeyExceptionMessageLengthException(
+ "Given data is too short to form a KeyValidityInterval" );
+ vt = new byte_t[ vtLength ];
+ memcpy( vt, &raw_data[vfLength + 2], vfLength );
+}
+
+KeyValidityInterval::KeyValidityInterval(int vfLength, byte_t * vf,
+ int vtLength, byte_t * vt)
+{
+ this->vf = new byte_t[ vfLength ];
+ memcpy( this->vf, vf, vfLength );
+ this->vfLength = vfLength;
+ this->vt = new byte_t[ vtLength ];
+ memcpy( this->vt, vt, vtLength );
+ this->vtLength = vtLength;
+}
+
+int KeyValidityInterval::length(){
+ return vtLength + vfLength + 3;
+
+}
+
+void KeyValidityInterval::writeData(byte_t * start, int expectedLength){
+ assert( expectedLength == length() );
+ start[0] = vfLength;
+ memcpy( &start[1], vf, vfLength );
+ start[ 1+vfLength ] = vtLength;
+ memcpy( &start[2+vfLength], vt, vtLength );
+}
+
+void KeyValidityInterval::operator =( const KeyValidityInterval& source ){
+ typeValue = KEYVALIDITY_INTERVAL;
+ if( vf ){
+ delete [] vf;
+ }
+ if( vt ){
+ delete [] vt;
+ }
+
+ vfLength = source.vfLength;
+ vf = new byte_t[ vfLength ];
+ memcpy( vf, source.vf, vfLength );
+ vtLength = source.vtLength;
+ vt = new byte_t[ vtLength ];
+ memcpy( vt, source.vt, vtLength );
+}
+
+KeyValidityInterval::~KeyValidityInterval(){
+ if( vf )
+ delete [] vf;
+ if( vt )
+ delete [] vt;
+}
+
+string KeyValidityInterval::debugDump(){
+ return "KeyValidityInterval: vf=<"+binToHex( vf, vfLength )+
+ "> vt=<"+binToHex( vt, vtLength );
+}
Deleted: trunk/libmikey/keyagreement/keyagreement.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/keyagreement/keyagreement.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,529 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Joachim Orrblad <joachim at orrblad.com>
-*/
-
-
-#include<config.h>
-#include<libmikey/keyagreement.h>
-#include<libmikey/MikeyPayloadSP.h>
-#include<libmikey/MikeyMessage.h>
-#include<string.h>
-#include<libmcrypto/hmac.h>
-#include<libmcrypto/rand.h>
-
-using namespace std;
-
-ITgk::~ITgk(){
-}
-
-KeyAgreement::KeyAgreement():
- tgkPtr(NULL), tgkLengthValue(0),
- randPtr(NULL), randLengthValue(0),
- csbIdValue(0),
- csIdMapPtr(NULL), nCsValue(0){
- //policy = list<Policy_type *>::list();
- kvPtr = new KeyValidityNull();
-
-}
-
-KeyAgreement::~KeyAgreement(){
- if( tgkPtr )
- delete [] tgkPtr;
- if( randPtr )
- delete [] randPtr;
- list<Policy_type *>::iterator i;
- for( i = policy.begin(); i != policy.end() ; i++ )
- delete *i;
- policy.clear();
-}
-
-unsigned int KeyAgreement::tgkLength(){
- return tgkLengthValue;
-}
-
-unsigned char * KeyAgreement::tgk(){
- return tgkPtr;
-}
-
-unsigned int KeyAgreement::randLength(){
- return randLengthValue;
-}
-
-unsigned char * KeyAgreement::rand(){
- return randPtr;
-}
-
-MRef<KeyValidity *> KeyAgreement::keyValidity(){
- return kvPtr;
-}
-
-void KeyAgreement::setKeyValidity( MRef<KeyValidity *> kv ){
- this->kvPtr = NULL;
-
- switch( kv->type() ){
- case KEYVALIDITY_NULL:
- this->kvPtr = new KeyValidityNull();
- break;
- case KEYVALIDITY_SPI:
- this->kvPtr =
- new KeyValiditySPI( *(KeyValiditySPI *)(*kv) );
- break;
- case KEYVALIDITY_INTERVAL:
- this->kvPtr = new KeyValidityInterval(
- *(KeyValidityInterval *)(*kv) );
- break;
- default:
- return;
- }
-}
-
-void KeyAgreement::setRand( unsigned char * rand, int randLengthValue ){
- this->randLengthValue = randLengthValue;
-
- if( this->randPtr )
- delete [] this->randPtr;
-
- this->randPtr = new unsigned char[ randLengthValue ];
- memcpy( this->randPtr, rand, randLengthValue );
-}
-
-/* Described in draft-ietf-msec-mikey-07.txt Section 4.1.2 */
-void p( unsigned char * s, unsigned int sLength,
- unsigned char * label, unsigned int labelLength,
- unsigned int m,
- unsigned char * output )
-{
- unsigned int i;
- unsigned int hmac_output_length;
- byte_t * hmac_input = new byte_t[ labelLength + 20 ];
-
- /* initial step */
- hmac_sha1( s, sLength,
- label, labelLength,
- hmac_input, &hmac_output_length );
- assert( hmac_output_length == 20 );
- memcpy( &hmac_input[20], label, labelLength );
-
- hmac_sha1( s, sLength,
- hmac_input, labelLength + 20,
- output, &hmac_output_length );
- assert( hmac_output_length == 20 );
-
- for( i = 2; i <= m ; i++ )
- {
- /* Update the first part of the hmac_input (A_i)
- * with the MAC of the previous one (A_(i-1)) */
- hmac_sha1( s, sLength,
- hmac_input, 20,
- hmac_input, &hmac_output_length );
- assert( hmac_output_length == 20 );
-
- hmac_sha1( s, sLength,
- hmac_input, labelLength + 20,
- &output[ 20 * (i-1) ], &hmac_output_length );
- assert( hmac_output_length == 20 );
- }
-
- delete [] hmac_input;
-}
-
-/* Described in draft-ietf-msec-mikey-07.txt Section 4.1.3 */
-void prf( unsigned char * inkey, unsigned int inkeyLength,
- unsigned char * label, unsigned int labelLength,
- unsigned char * outkey, unsigned int outkeyLength )
-{
- unsigned int n;
- unsigned int m;
- unsigned int i;
- unsigned int j;
- unsigned char * p_output;
- n = ( inkeyLength + 63 )/ 64;
- m = ( outkeyLength + 19 )/ 20;
-
- p_output = new unsigned char[ m * 20 ];
-
- memset( outkey, 0, outkeyLength );
- for( i = 1; i <= n-1; i++ )
- {
- p( &inkey[ (i-1)*64 ], 64, label, labelLength, m, p_output );
- for( j = 0; j < outkeyLength; j++ )
- {
- outkey[j] ^= p_output[j];
- }
- }
-
- /* Last step */
- p( &inkey[ (n-1)*64 ], inkeyLength % 64,
- label, labelLength, m, p_output );
-
- for( j = 0; j < outkeyLength; j++ )
- {
- outkey[j] ^= p_output[j];
- }
- delete [] p_output;
-}
-
-void KeyAgreement::keyDeriv( unsigned char csId, unsigned int csbIdValue,
- unsigned char * inkey, unsigned int inkeyLength,
- unsigned char * key, unsigned int keyLength ,
- int type ){
-
- byte_t * label = new byte_t[4+4+1+randLengthValue];
-
- switch( type ){
- case KEY_DERIV_SALT:
- label[0] = 0x39;
- label[1] = 0xA2;
- label[2] = 0xC1;
- label[3] = 0x4B;
- break;
- case KEY_DERIV_TEK:
- label[0] = 0x2A;
- label[1] = 0xD0;
- label[2] = 0x1C;
- label[3] = 0x64;
- break;
- case KEY_DERIV_TRANS_ENCR:
- label[0] = 0x15;
- label[1] = 0x05;
- label[2] = 0x33;
- label[3] = 0xE1;
- break;
- case KEY_DERIV_TRANS_SALT:
- label[0] = 0x29;
- label[1] = 0xB8;
- label[2] = 0x89;
- label[3] = 0x16;
- break;
- case KEY_DERIV_TRANS_AUTH:
- label[0] = 0x2D;
- label[1] = 0x22;
- label[2] = 0xAC;
- label[3] = 0x75;
- break;
- case KEY_DERIV_ENCR:
- label[0] = 0x15;
- label[1] = 0x79;
- label[2] = 0x8C;
- label[3] = 0xEF;
- break;
- case KEY_DERIV_AUTH:
- label[0] = 0x1B;
- label[1] = 0x5C;
- label[2] = 0x79;
- label[3] = 0x73;
- break;
- }
-
- label[4] = csId;
-
- label[5] = (unsigned char)((csbIdValue>>24) & 0xFF);
- label[6] = (unsigned char)((csbIdValue>>16) & 0xFF);
- label[7] = (unsigned char)((csbIdValue>>8) & 0xFF);
- label[8] = (unsigned char)(csbIdValue & 0xFF);
- memcpy( &label[9], randPtr, randLengthValue );
- prf( inkey, inkeyLength, label, 9 + randLengthValue, key, keyLength );
-
- delete [] label;
-}
-
-void KeyAgreement::genTek( unsigned char csId,
- unsigned char * tek, unsigned int tekLength ){
- keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
- tek, tekLength, KEY_DERIV_TEK );
-}
-
-void KeyAgreement::genSalt( unsigned char csId,
- unsigned char * salt, unsigned int saltLength ){
- keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
- salt, saltLength, KEY_DERIV_SALT );
-}
-
-void KeyAgreement::genEncr( unsigned char csId,
- unsigned char * e_key, unsigned int e_keylen ){
- keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
- e_key, e_keylen, KEY_DERIV_ENCR );
-}
-
-void KeyAgreement::genAuth( unsigned char csId,
- unsigned char * a_key, unsigned int a_keylen ){
- keyDeriv( csId, csbIdValue, tgkPtr, tgkLengthValue,
- a_key, a_keylen, KEY_DERIV_AUTH );
-}
-
-unsigned int KeyAgreement::csbId(){
- return csbIdValue;
-}
-
-void KeyAgreement::setCsbId( unsigned int csbIdValue ){
- this->csbIdValue = csbIdValue;
-}
-
-void KeyAgreement::setTgk( unsigned char * tgk, unsigned int tgkLengthValue ){
- if( this->tgkPtr )
- delete [] this->tgkPtr;
- this->tgkLengthValue = tgkLengthValue;
- this->tgkPtr = new unsigned char[ tgkLengthValue ];
- if( tgk ){
- memcpy( this->tgkPtr, tgk, tgkLengthValue );
- }
- else{
- Rand::randomize( this->tgkPtr, tgkLengthValue );
- }
-}
-
-MRef<MikeyMessage *> KeyAgreement::initiatorData(){
- return initiatorDataPtr;
-}
-
-void KeyAgreement::setInitiatorData( MRef<MikeyMessage *> data ){
- initiatorDataPtr = data;
-}
-
-MRef<MikeyMessage *> KeyAgreement::responderData(){
- return responderDataPtr;
-}
-
-void KeyAgreement::setResponderData( MRef<MikeyMessage *> data ){
- responderDataPtr = data;
-}
-
-string KeyAgreement::authError(){
- return authErrorValue;
-}
-
-void KeyAgreement::setAuthError( string error ){
- authErrorValue = error;
-}
-
-void KeyAgreement::setCsIdMap( MRef<MikeyCsIdMap *> idMap ){
- csIdMapPtr = idMap;
-}
-
-MRef<MikeyCsIdMap *> KeyAgreement::csIdMap(){
- return csIdMapPtr;
-}
-
-byte_t KeyAgreement::nCs(){
- return nCsValue;
-}
-
-void KeyAgreement::setnCs(uint8_t value){
- nCsValue = value;
-}
-
-byte_t KeyAgreement::getSrtpCsId( uint32_t ssrc ){
- MikeyCsIdMapSrtp * csIdMap =
- dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
-
- if( csIdMap == NULL ){
- return 0;
- }
-
- return csIdMap->findCsId( ssrc );
-}
-
-uint32_t KeyAgreement::getSrtpRoc( uint32_t ssrc ){
- MikeyCsIdMapSrtp * csIdMap =
- dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
-
- if( csIdMap == NULL ){
- return 0;
- }
- return csIdMap->findRoc( ssrc );
-}
-
-uint8_t KeyAgreement::findpolicyNo( uint32_t ssrc ){
- MikeyCsIdMapSrtp * csIdMap =
- dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
- if( csIdMap == NULL ){
- return 0;
- }
- return csIdMap->findpolicyNo( ssrc );
-}
-
-void KeyAgreement::setSrtpStreamSsrc( uint32_t ssrc, uint8_t csId ){
- MikeyCsIdMapSrtp * csIdMap =
- dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
- if( csIdMap == NULL ){
- return;
- }
- csIdMap->setSsrc( ssrc, csId );
-}
-
-void KeyAgreement::setSrtpStreamRoc( uint32_t roc, uint8_t csId ){
- MikeyCsIdMapSrtp * csIdMap =
- dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
- if( csIdMap == NULL ){
- return;
- }
- csIdMap->setRoc( roc, csId );
-}
-
-
-void KeyAgreement::addSrtpStream( uint32_t ssrc, uint32_t roc, byte_t policyNo, byte_t csId ){
- MikeyCsIdMapSrtp * csIdMap;
-
- if( !csIdMapPtr ){
- csIdMapPtr = new MikeyCsIdMapSrtp();
- csIdMap = (MikeyCsIdMapSrtp *)(*csIdMapPtr);
- }
- else{
- csIdMap = dynamic_cast<MikeyCsIdMapSrtp *>( *csIdMapPtr );
- }
-
- csIdMap->addStream( ssrc, roc, policyNo, csId );
-
- if( csId == 0 )
- nCsValue ++;
-}
-
-void KeyAgreement::addIpsecSA( uint32_t spi, uint32_t spiSrcaddr, uint32_t spiDstaddr, byte_t policyNo, byte_t csId){
- MikeyCsIdMapIPSEC4 * csIdMap = dynamic_cast<MikeyCsIdMapIPSEC4 *>( *csIdMapPtr );
- if( csIdMap == NULL ){
- csIdMapPtr = new MikeyCsIdMapIPSEC4();
- csIdMap = (MikeyCsIdMapIPSEC4 *)(*csIdMapPtr);
- }
- csIdMap->addSA(spi, spiSrcaddr, spiDstaddr, policyNo, csId);
- if( csId == 0 )
- nCsValue ++;
-}
-
-void KeyAgreement::setCsIdMapType(uint8_t type){
- CsIdMapType = type;
-}
-uint8_t KeyAgreement::getCsIdMapType(){
- return CsIdMapType;
-}
-
-/* Security Policy */
-
-void KeyAgreement::setPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
- Policy_type * pol;
- if ( (pol = getPolicyParamType(policy_No, prot_type, policy_type) ) == NULL)
- policy.push_back (new Policy_type(policy_No, prot_type, policy_type, length, value));
- else {
- policy.remove(pol);
- delete pol;
- policy.push_back (new Policy_type(policy_No, prot_type, policy_type, length, value));
- }
-}
-
-uint8_t KeyAgreement::setPolicyParamType(uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
- list<Policy_type *>::iterator i;
- uint8_t policyNo = 0;
- i = policy.begin();
- while( i != policy.end() ){
- if( (*i)->policy_No == policyNo ){
- i = policy.begin();
- policyNo++;
- }
- else
- i++;
- }
- policy.push_back (new Policy_type(policyNo, prot_type, policy_type, length, value));
- return policyNo;
-}
-
-static byte_t ipsec4values[] = {MIKEY_IPSEC_SATYPE_ESP,MIKEY_IPSEC_MODE_TRANSPORT,MIKEY_IPSEC_SAFLAG_PSEQ,MIKEY_IPSEC_EALG_3DESCBC,24,MIKEY_IPSEC_AALG_SHA1HMAC,16};
-static byte_t srtpvalues[] ={MIKEY_SRTP_EALG_AESCM,16,MIKEY_SRTP_AALG_SHA1HMAC,20,14,MIKEY_SRTP_PRF_AESCM,0,1,1,MIKEY_FEC_ORDER_FEC_SRTP,1,10,0};
-
-uint8_t KeyAgreement::setdefaultPolicy(uint8_t prot_type){
- list<Policy_type *>::iterator iter;
- uint8_t policyNo = 0;
- iter = policy.begin();
- while( iter != policy.end() ){
- if( (*iter)->policy_No == policyNo ){
- iter = policy.begin();
- policyNo++;
- }
- else
- iter++;
- }
- int i, arraysize;
- switch (prot_type) {
- case MIKEY_PROTO_SRTP:
- arraysize = 13;
- for(i=0; i< arraysize; i++)
- policy.push_back (new Policy_type(policyNo, prot_type, i, 1, &srtpvalues[i]));
- break;
- case MIKEY_PROTO_IPSEC4:
- arraysize = 7;
- for(i=0; i< arraysize; i++)
- policy.push_back (new Policy_type(policyNo, prot_type, i, 1, &ipsec4values[i]));
- break;
- }
- return policyNo;
-}
-
-Policy_type * KeyAgreement::getPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type){
- list<Policy_type *>::iterator i;
- for( i = policy.begin(); i != policy.end() ; i++ )
- if( (*i)->policy_No == policy_No && (*i)->prot_type == prot_type && (*i)->policy_type == policy_type )
- return *i;
- return NULL;
-}
-
-uint8_t KeyAgreement::getPolicyParamTypeValue(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type){
- list<Policy_type *>::iterator i;
- for( i = policy.begin(); i != policy.end() ; i++ )
- if( (*i)->policy_No == policy_No && (*i)->prot_type == prot_type && (*i)->policy_type == policy_type && (*i)->length == 1)
- return (uint8_t)(*i)->value[0];
-
- switch(prot_type) {
- case MIKEY_PROTO_SRTP:
- if (policy_type < sizeof(srtpvalues)/sizeof(srtpvalues[0]))
- return srtpvalues[policy_type];
- printf("MIKEY_PROTO_SRTP type out of range %d", policy_type);
- break;
- case MIKEY_PROTO_IPSEC4:
- if (policy_type < sizeof(ipsec4values)/sizeof(ipsec4values[0]))
- return ipsec4values[policy_type];
- printf("MIKEY_PROTO_IPSEC4 type out of range %d", policy_type);
- break;
- default:
- break;
- }
- return 0;
-}
-
-Policy_type::Policy_type(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value){
- this->policy_No = policy_No;
- this->prot_type = prot_type;
- this->policy_type = policy_type;
- this->length = length;
- this->value = (byte_t*) calloc (length,sizeof(byte_t));
- for(int i=0; i< length; i++)
- this->value[i] = value[i];
-}
-
-Policy_type::~Policy_type(){
- free(value);
-}
-
-
-
-
-
-
-
Deleted: trunk/libmikey/keyagreement/keyagreement_dh.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,200 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-#include<libmikey/keyagreement_dh.h>
-#include<libmikey/MikeyException.h>
-#include<libmikey/MikeyMessage.h>
-#include<libmcrypto/OakleyDH.h>
-#include<libmcrypto/SipSim.h>
-
-using namespace std;
-
-//
-// PeerCertificates
-//
-PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
- MRef<ca_db *> aCaDb ):
- certChainPtr( aCert ),
- certDbPtr( aCaDb )
-{
- peerCertChainPtr = certificate_chain::create();
-}
-
-PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
- MRef<certificate_chain *> aPeerCert ):
- certChainPtr( aCert ),
- peerCertChainPtr( aPeerCert )
-{
-}
-
-PeerCertificates::~PeerCertificates(){
-}
-
-//
-// KeyAgreementDHBase
-//
-KeyAgreementDHBase::KeyAgreementDHBase():
- peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 ),
- publicKeyPtr( NULL ),
- publicKeyLengthValue( 0 )
-{
- dh = new OakleyDH();
- if( dh == NULL )
- {
- throw MikeyException( "Could not create "
- "DH parameters." );
- }
-}
-
-KeyAgreementDHBase::~KeyAgreementDHBase(){
- delete dh;
- if( peerKeyPtr != NULL ){
- delete [] peerKeyPtr;
- peerKeyPtr = NULL;
- }
- if( publicKeyPtr != NULL ){
- delete [] publicKeyPtr;
- publicKeyPtr = NULL;
- }
-}
-
-//
-// KeyAgreementDH
-//
-KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
- MRef<ca_db *> certDbPtr ):
- KeyAgreement(),
- PeerCertificates( certChainPtr, certDbPtr ),
- useSim(false)
-{
-}
-
-KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
- PeerCertificates( s->getCertificateChain(), s->getCAs() ),
- useSim(true),
- sim(s)
-{
-
-}
-
-KeyAgreementDH::~KeyAgreementDH(){
-}
-
-int32_t KeyAgreementDH::type(){
- return KEY_AGREEMENT_TYPE_DH;
-}
-
-int KeyAgreementDHBase::setGroup( int groupValue ){
- if( !dh->setGroup( groupValue ) )
- return 1;
-
- uint32_t len = dh->secretLength();
-
- if( len != tgkLength() || !tgk() ){
- setTgk( NULL, len );
- }
-
- int32_t length = dh->publicKeyLength();
- if( length != publicKeyLengthValue ){
- if( publicKeyPtr ){
- delete[] publicKeyPtr;
- }
- publicKeyLengthValue = length;
- publicKeyPtr = new unsigned char[ length ];
- }
- dh->getPublicKey( publicKeyPtr, length );
-
- return 0;
-}
-
-void KeyAgreementDHBase::setPeerKey( unsigned char * peerKeyPtr,
- int peerKeyLengthValue ){
- if( this->peerKeyPtr )
- delete[] this->peerKeyPtr;
-
- this->peerKeyPtr = new unsigned char[ peerKeyLengthValue ];
- this->peerKeyLengthValue = peerKeyLengthValue;
- memcpy( this->peerKeyPtr, peerKeyPtr, peerKeyLengthValue );
-
-}
-
-int KeyAgreementDHBase::publicKeyLength(){
- return publicKeyLengthValue;
-}
-
-unsigned char * KeyAgreementDHBase::publicKey(){
- return publicKeyPtr;
-}
-
-int KeyAgreementDHBase::computeTgk(){
- assert( peerKeyPtr );
-
- int res = dh->computeSecret( peerKeyPtr, peerKeyLengthValue, tgk(), tgkLength() );
- return res;
-}
-
-int KeyAgreementDHBase::group(){
- if( !publicKeyPtr )
- return -1;
-
- return dh->group();
-}
-
-int KeyAgreementDHBase::peerKeyLength(){
- return peerKeyLengthValue;
-}
-
-unsigned char * KeyAgreementDHBase::peerKey(){
- return peerKeyPtr;
-}
-
-MRef<certificate_chain *> PeerCertificates::certificateChain(){
- return certChainPtr;
-}
-
-MRef<certificate_chain *> PeerCertificates::peerCertificateChain(){
- return peerCertChainPtr;
-}
-
-void PeerCertificates::setPeerCertificateChain( MRef<certificate_chain *> peerChain ){
- peerCertChainPtr = peerChain;
-}
-
-int PeerCertificates::controlPeerCertificate(){
- if( peerCertChainPtr.isNull() || certDbPtr.isNull() )
- return 0;
- return peerCertChainPtr->control( certDbPtr );
-}
-
-MikeyMessage* KeyAgreementDH::createMessage(){
- return MikeyMessage::create( this );
-}
-
-MRef<SipSim*> KeyAgreementDH::getSim(){
- return sim;
-}
Deleted: trunk/libmikey/keyagreement/keyagreement_psk.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_psk.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/keyagreement/keyagreement_psk.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,111 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#include<config.h>
-#include<libmikey/MikeyMessage.h>
-#include<libmikey/keyagreement_psk.h>
-
-KeyAgreementPSK::KeyAgreementPSK():
- KeyAgreement(),t_received(0),authKey(NULL),authKeyLength(0),
- macAlg(0),pskPtr(NULL),pskLengthValue(0),v(0),tSentValue(0){
-}
-
-KeyAgreementPSK::KeyAgreementPSK( const unsigned char * pskPtr, int pskLengthValue ):
- KeyAgreement(),t_received(0),authKey(NULL),authKeyLength(0),
- macAlg(0),pskPtr(NULL),pskLengthValue(0),v(0),tSentValue(0){
- //policy = list<Policy_type *>::list();
- this->pskLengthValue = pskLengthValue;
- this->pskPtr = new unsigned char[ pskLengthValue ];
- memcpy( this->pskPtr, pskPtr, pskLengthValue );
-
-}
-
-KeyAgreementPSK::~KeyAgreementPSK(){
- if( pskPtr ){
- delete [] pskPtr;
- }
-
- if( authKey ){
- delete[] authKey;
- authKey = NULL;
- }
-}
-
-int32_t KeyAgreementPSK::type(){
- return KEY_AGREEMENT_TYPE_PSK;
-}
-
-void KeyAgreementPSK::generateTgk( uint32_t tgkLength ){
- // Generate random TGK
- setTgk( NULL, tgkLength );
-}
-
-void KeyAgreementPSK::genTranspEncrKey(
- unsigned char * encrKey, int encrKeyLength ){
- keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
- encrKey, encrKeyLength, KEY_DERIV_TRANS_ENCR );
-}
-
-void KeyAgreementPSK::genTranspSaltKey(
- unsigned char * encrKey, int encrKeyLength ){
- keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
- encrKey, encrKeyLength, KEY_DERIV_TRANS_SALT );
-}
-
-void KeyAgreementPSK::genTranspAuthKey(
- unsigned char * encrKey, int encrKeyLength ){
- keyDeriv( 0xFF, csbId(), pskPtr, pskLengthValue,
- encrKey, encrKeyLength, KEY_DERIV_TRANS_AUTH );
-}
-
-uint64_t KeyAgreementPSK::tSent(){
- return tSentValue;
-}
-
-void KeyAgreementPSK::setTSent( uint64_t tSent ){
- this->tSentValue = tSent;
-}
-
-MikeyMessage* KeyAgreementPSK::createMessage(){
- return MikeyMessage::create( this );
-}
-
-void KeyAgreementPSK::setPSK( const byte_t* psk, int pskLength ){
- if( pskPtr ){
- delete[] pskPtr;
- pskPtr = NULL;
- }
-
- pskLengthValue = pskLength;
- pskPtr = new byte_t[ pskLength ];
- memcpy( pskPtr, psk, pskLength );
-}
-
-int KeyAgreementPSK::getPSKLength(){
- return pskLengthValue;
-}
-
-byte_t* KeyAgreementPSK::getPSK(){
- return pskPtr;
-}
Deleted: trunk/libmikey/keyagreement/keyvalidity.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyvalidity.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/keyagreement/keyvalidity.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,219 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#include<config.h>
-#include<libmikey/keyvalidity.h>
-#include<libmikey/MikeyException.h>
-#include<libmikey/MikeyDefs.h>
-#include<assert.h>
-#include<libmutil/stringutils.h>
-
-using namespace std;
-
-KeyValidity::KeyValidity(){
- typeValue = KEYVALIDITY_NULL;
-
-}
-
-KeyValidity::KeyValidity( const KeyValidity& ){
- typeValue = KEYVALIDITY_NULL;
-
-}
-
-KeyValidity::~KeyValidity(){};
-
-int KeyValidity::type(){
- return typeValue;
-}
-
-int KeyValidity::length(){
- return 0;
-}
-
-void KeyValidity::writeData( byte_t * start, int expectedLength){
-
-}
-
-string KeyValidity::debugDump(){
- return "KeyValidityNull";
-}
-
-void KeyValidity::operator =( const KeyValidity& ){
- typeValue = KEYVALIDITY_NULL;
-}
-
-KeyValiditySPI::KeyValiditySPI():spiLength(0),spiPtr(NULL){
- typeValue = KEYVALIDITY_SPI;
-
-}
-
-KeyValiditySPI::KeyValiditySPI( const KeyValiditySPI& source ){
- typeValue = KEYVALIDITY_SPI;
- spiLength = source.spiLength;
- spiPtr = new byte_t[ spiLength ];
- memcpy( this->spiPtr, source.spiPtr, spiLength );
-}
-
-KeyValiditySPI::KeyValiditySPI( byte_t * rawData, int lengthLimit ){
-
- if( lengthLimit < 1 ){
- throw MikeyExceptionMessageLengthException(
- "Given data is too short to form a KeyValiditySPI" );
- }
-
- spiLength = rawData[0];
-
- if( lengthLimit < 1 + spiLength ){
- throw MikeyExceptionMessageLengthException(
- "Given data is too short to form a KeyValiditySPI" );
- }
-
- spiPtr = new byte_t[ spiLength ];
- memcpy( spiPtr, &rawData[1], spiLength );
-}
-
-
-KeyValiditySPI::KeyValiditySPI( int length, byte_t * spi ){
- this->spiPtr = new byte_t[ length ];
- memcpy( this->spiPtr, spi, length );
- this->spiLength = length;
-}
-
-int KeyValiditySPI::length(){
- return spiLength + 1; //data + length;
-}
-
-void KeyValiditySPI::writeData( byte_t * start, int expectedLength ){
- assert( expectedLength == length() );
- start[0] = spiLength;
- memcpy( &start[1], spiPtr, spiLength );
-}
-
-string KeyValiditySPI::debugDump(){
- return (const char *)("KeyValiditySPI: spi=<") +
- binToHex( spiPtr, spiLength );
-}
-
-KeyValiditySPI::~KeyValiditySPI(){
- if( spiPtr )
- delete [] spiPtr;
- return;
-}
-
-void KeyValiditySPI::operator =( const KeyValiditySPI& source ){
- if( spiPtr ){
- delete [] spiPtr;
- }
-
- spiLength = source.spiLength;
- spiPtr = new byte_t[ spiLength ];
- memcpy( spiPtr, source.spiPtr, spiLength );
-}
-
-KeyValidityInterval::KeyValidityInterval():vfLength(0),vf(NULL),vtLength(0),
- vt(NULL){
- typeValue = KEYVALIDITY_INTERVAL;
-}
-
-KeyValidityInterval::KeyValidityInterval( const KeyValidityInterval& source ){
- typeValue = KEYVALIDITY_INTERVAL;
- vfLength = source.vfLength;
- vf = new byte_t[ vfLength ];
- memcpy( vf, source.vf, vfLength );
- vtLength = source.vtLength;
- vt = new byte_t[ vtLength ];
- memcpy( vt, source.vt, vtLength );
-}
-
-
-KeyValidityInterval::KeyValidityInterval(byte_t * raw_data, int length_limit){
- if( length_limit < 2 )
- throw MikeyExceptionMessageLengthException(
- "Given data is too short to form a KeyValidityInterval" );
- vfLength = raw_data[0];
- if( length_limit < 2 + vfLength )
- throw MikeyExceptionMessageLengthException(
- "Given data is too short to form a KeyValidityInterval" );
- vf = new byte_t[ vfLength ];
- memcpy( vf, &raw_data[1], vfLength );
- vtLength = raw_data[vfLength + 1];
- if( length_limit < 2 + vfLength + vtLength )
- throw MikeyExceptionMessageLengthException(
- "Given data is too short to form a KeyValidityInterval" );
- vt = new byte_t[ vtLength ];
- memcpy( vt, &raw_data[vfLength + 2], vfLength );
-}
-
-KeyValidityInterval::KeyValidityInterval(int vfLength, byte_t * vf,
- int vtLength, byte_t * vt)
-{
- this->vf = new byte_t[ vfLength ];
- memcpy( this->vf, vf, vfLength );
- this->vfLength = vfLength;
- this->vt = new byte_t[ vtLength ];
- memcpy( this->vt, vt, vtLength );
- this->vtLength = vtLength;
-}
-
-int KeyValidityInterval::length(){
- return vtLength + vfLength + 3;
-
-}
-
-void KeyValidityInterval::writeData(byte_t * start, int expectedLength){
- assert( expectedLength == length() );
- start[0] = vfLength;
- memcpy( &start[1], vf, vfLength );
- start[ 1+vfLength ] = vtLength;
- memcpy( &start[2+vfLength], vt, vtLength );
-}
-
-void KeyValidityInterval::operator =( const KeyValidityInterval& source ){
- typeValue = KEYVALIDITY_INTERVAL;
- if( vf ){
- delete [] vf;
- }
- if( vt ){
- delete [] vt;
- }
-
- vfLength = source.vfLength;
- vf = new byte_t[ vfLength ];
- memcpy( vf, source.vf, vfLength );
- vtLength = source.vtLength;
- vt = new byte_t[ vtLength ];
- memcpy( vt, source.vt, vtLength );
-}
-
-KeyValidityInterval::~KeyValidityInterval(){
- if( vf )
- delete [] vf;
- if( vt )
- delete [] vt;
-}
-
-string KeyValidityInterval::debugDump(){
- return "KeyValidityInterval: vf=<"+binToHex( vf, vfLength )+
- "> vt=<"+binToHex( vt, vtLength );
-}
Modified: trunk/libmikey/mikey/MikeyMessageDH.h
===================================================================
--- trunk/libmikey/mikey/MikeyMessageDH.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/mikey/MikeyMessageDH.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -29,7 +29,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyMessage.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreementPSK.h>
class LIBMIKEY_API MikeyMessageDH: public MikeyMessage{
public:
Modified: trunk/libmikey/mikey/MikeyMessagePSK.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessagePSK.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/mikey/MikeyMessagePSK.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -37,7 +37,7 @@
#include<libmikey/MikeyPayloadV.h>
#include<libmikey/MikeyPayloadERR.h>
#include<libmikey/MikeyPayloadID.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreementPSK.h>
#include<libmikey/MikeyPayloadSP.h>
#include<libmcrypto/rand.h>
Modified: trunk/libmikey/mikey/MikeyMessagePSK.h
===================================================================
--- trunk/libmikey/mikey/MikeyMessagePSK.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/mikey/MikeyMessagePSK.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -29,7 +29,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyMessage.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreementPSK.h>
class LIBMIKEY_API MikeyMessagePSK: public MikeyMessage{
public:
Modified: trunk/libminisip/include/libminisip/mediahandler/Session.h
===================================================================
--- trunk/libminisip/include/libminisip/mediahandler/Session.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/include/libminisip/mediahandler/Session.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -30,7 +30,7 @@
#include<libmutil/MemObject.h>
#include<libmutil/TimeoutProvider.h>
-#include<libmikey/keyagreement.h>
+#include<libmikey/KeyAgreement.h>
//#include<libminisip/sip/SipDialogSecurityConfig.h>
#include<libmsip/SipDialogConfig.h>
Modified: trunk/libminisip/source/Minisip.cxx
===================================================================
--- trunk/libminisip/source/Minisip.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/source/Minisip.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -57,7 +57,7 @@
#include<libmcrypto/init.h>
-#include<libmikey/keyagreement_dh.h>
+#include<libmikey/KeyAgreementDH.h>
#include<libmsip/SipUtils.h>
#include<libmsip/SipCommandString.h>
Modified: trunk/libminisip/source/mediahandler/KeyAgreement.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -31,9 +31,9 @@
#include<libmutil/Timestamp.h>
#include<libmutil/dbg.h>
-#include<libmikey/keyagreement.h>
-#include<libmikey/keyagreement_dh.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreement.h>
+#include<libmikey/KeyAgreementDH.h>
+#include<libmikey/KeyAgreementPSK.h>
#include<libmikey/MikeyException.h>
#include<libmikey/MikeyMessage.h>
Modified: trunk/libminisip/source/mediahandler/MediaHandler.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/MediaHandler.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/source/mediahandler/MediaHandler.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<string.h>
#include<libminisip/sdp/SdpPacket.h>
-#include<libmikey/keyagreement.h>
+#include<libmikey/KeyAgreement.h>
#include<libminisip/sip/SipSoftPhoneConfiguration.h>
#include<libminisip/ipprovider/IpProvider.h>
#include<libminisip/codecs/Codec.h>
Modified: trunk/libminisip/source/mediahandler/MediaStream.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/MediaStream.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/source/mediahandler/MediaStream.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<libminisip/mediahandler/MediaStream.h>
#include<libmikey/MikeyPayloadSP.h>
-#include<libmikey/keyagreement.h>
+#include<libmikey/KeyAgreement.h>
#include<libminisip/sdp/SdpHeaderM.h>
#include<libminisip/sdp/SdpHeaderA.h>
#include<libminisip/sdp/SdpPacket.h>
Modified: trunk/libminisip/source/mediahandler/Session.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/Session.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libminisip/source/mediahandler/Session.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -43,8 +43,8 @@
#include<libminisip/sdp/SdpHeaderM.h>
#include<libminisip/sdp/SdpHeaderS.h>
#include<libminisip/sdp/SdpHeaderO.h>
-#include<libmikey/keyagreement.h>
-#include<libmikey/keyagreement_dh.h>
+#include<libmikey/KeyAgreement.h>
+#include<libmikey/KeyAgreementDH.h>
#include<libmutil/dbg.h>
#include<libmutil/stringutils.h>
#include<libmutil/Timestamp.h>
Modified: trunk/libmsip/source/SipLayerTransport.cxx
===================================================================
--- trunk/libmsip/source/SipLayerTransport.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmsip/source/SipLayerTransport.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -44,7 +44,7 @@
#include<libmsip/SipHeaderContact.h>
#include<libmsip/SipHeaderTo.h>
-#include<libmcrypto/TLSSocket.h>
+#include<libmcrypto/TlsSocket.h>
#include<libmnetutil/ServerSocket.h>
#include<libmnetutil/NetworkException.h>
#include<libmnetutil/NetworkFunctions.h>
Modified: trunk/libmsip/source/SipStackInternal.cxx
===================================================================
--- trunk/libmsip/source/SipStackInternal.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmsip/source/SipStackInternal.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -64,12 +64,13 @@
#include<libmsip/SipHeaderWWWAuthenticate.h>
#include<libmsip/SipCommandString.h>
#include<libmnetutil/UDPSocket.h>
-#include<libmcrypto/TLSServerSocket.h>
#include<libmutil/massert.h>
#include<libmutil/dbg.h>
#include<libmcrypto/cert.h>
+#include<libmcrypto/TlsSocket.h>
+#include<libmcrypto/TlsServerSocket.h>
using namespace std;
More information about the Minisip-devel
mailing list