r3111 - in trunk: libmcrypto/include/libmcrypto
libmcrypto/include/libmcrypto/gnutls
libmcrypto/include/libmcrypto/openssl libmcrypto/source
libmcrypto/source/gnutls libmcrypto/source/openssl libmikey
libmikey/include libmikey/include/libmikey
libmikey/keyagreement libmikey/mikey
libminisip/include/libminisip/mediahandler libminisip/source
libminisip/source/mediahandler libmsip/source
erik at minisip.org
erik at minisip.org
Thu Jan 11 00:58:36 CET 2007
Author: erik
Date: 2007-01-11 00:58:35 +0100 (Thu, 11 Jan 2007)
New Revision: 3111
Added:
trunk/libmcrypto/include/libmcrypto/TlsException.h
trunk/libmcrypto/include/libmcrypto/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/TlsSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsException.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h
trunk/libmcrypto/source/TlsException.cxx
trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx
trunk/libmcrypto/source/gnutls/TlsSocket.cxx
trunk/libmcrypto/source/openssl/TlsException.cxx
trunk/libmcrypto/source/openssl/TlsServerSocket.cxx
trunk/libmcrypto/source/openssl/TlsSocket.cxx
trunk/libmikey/include/libmikey/KeyAgreement.h
trunk/libmikey/include/libmikey/KeyAgreementDH.h
trunk/libmikey/include/libmikey/KeyAgreementPSK.h
trunk/libmikey/include/libmikey/KeyValidity.h
trunk/libmikey/keyagreement/KeyAgreement.cxx
trunk/libmikey/keyagreement/KeyAgreementDH.cxx
trunk/libmikey/keyagreement/KeyAgreementPSK.cxx
trunk/libmikey/keyagreement/KeyValidity.cxx
Removed:
trunk/libmcrypto/include/libmcrypto/TLSException.h
trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
trunk/libmcrypto/source/TLSException.cxx
trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx
trunk/libmcrypto/source/gnutls/TLSSocket.cxx
trunk/libmcrypto/source/openssl/TLSException.cxx
trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
trunk/libmcrypto/source/openssl/TLSSocket.cxx
trunk/libmikey/include/libmikey/keyagreement.h
trunk/libmikey/include/libmikey/keyagreement_dh.h
trunk/libmikey/include/libmikey/keyagreement_psk.h
trunk/libmikey/include/libmikey/keyvalidity.h
trunk/libmikey/keyagreement/keyagreement.cxx
trunk/libmikey/keyagreement/keyagreement_dh.cxx
trunk/libmikey/keyagreement/keyagreement_psk.cxx
trunk/libmikey/keyagreement/keyvalidity.cxx
Modified:
trunk/libmcrypto/include/libmcrypto/Makefile.am
trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am
trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
trunk/libmcrypto/source/Makefile.am
trunk/libmcrypto/source/gnutls/Makefile.am
trunk/libmcrypto/source/openssl/Makefile.am
trunk/libmikey/Makefile.am
trunk/libmikey/include/Makefile.am
trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h
trunk/libmikey/include/libmikey/KeyAgreementPKE.h
trunk/libmikey/include/libmikey/MikeyMessage.h
trunk/libmikey/include/libmikey/MikeyPayloadDH.h
trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h
trunk/libmikey/mikey/MikeyMessageDH.h
trunk/libmikey/mikey/MikeyMessagePSK.cxx
trunk/libmikey/mikey/MikeyMessagePSK.h
trunk/libminisip/include/libminisip/mediahandler/Session.h
trunk/libminisip/source/Minisip.cxx
trunk/libminisip/source/mediahandler/KeyAgreement.cxx
trunk/libminisip/source/mediahandler/MediaHandler.cxx
trunk/libminisip/source/mediahandler/MediaStream.cxx
trunk/libminisip/source/mediahandler/Session.cxx
trunk/libmsip/source/SipLayerTransport.cxx
trunk/libmsip/source/SipStackInternal.cxx
Log:
* Renaming files according naming contention:
Example: keyagreement_dh.h -> KeyAgreementDH.h
Modified: trunk/libmcrypto/include/libmcrypto/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -33,9 +33,9 @@
sha1.h \
uuid.h \
config.h \
- TLSException.h \
- TLSServerSocket.h \
- TLSSocket.h \
+ TlsException.h \
+ TlsServerSocket.h \
+ TlsSocket.h \
ZrtpDH.h \
$(OTHER_FILES)
Deleted: trunk/libmcrypto/include/libmcrypto/TLSException.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSException.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSException.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,48 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef MLIBMCRYPTO_TLS_EXCEPTION_H
-#define MLIBMCRYPTO_TLS_EXCEPTION_H
-
-#include<libmcrypto/config.h>
-#include<libmnetutil/NetworkException.h>
-
-class LIBMCRYPTO_API TLSInitFailed : public NetworkException{
- public:
- TLSInitFailed();
- virtual ~TLSInitFailed() throw(){}
- virtual const char *what();
- private:
- std::string msg;
-};
-
-class LIBMCRYPTO_API TLSContextInitFailed : public NetworkException{
- public:
- TLSContextInitFailed();
- virtual ~TLSContextInitFailed() throw(){}
- virtual const char*what();
- private:
- std::string msg;
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,47 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef TLSSERVERSOCKET_H
-#define TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmutil/mtypes.h>
-#include<libmnetutil/ServerSocket.h>
-#include<libmcrypto/cert.h>
-
-class LIBMNETUTIL_API TLSServerSocket : public ServerSocket {
-
- public:
- virtual ~TLSServerSocket();
-
- static ServerSocket *create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL );
- static ServerSocket *create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL );
-
- protected:
- TLSServerSocket( int32_t domain, int32_t listen_port );
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,51 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef TLSSOCKET_H
-#define TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmutil/mtypes.h>
-#include<libmutil/MemObject.h>
-#include<libmnetutil/IPAddress.h>
-#include<libmnetutil/StreamSocket.h>
-#include<libmcrypto/cert.h>
-
-class LIBMNETUTIL_API TLSSocket : public StreamSocket {
- public:
- virtual ~TLSSocket();
-
- static TLSSocket* connect( IPAddress &addr,
- int32_t port,
- MRef<certificate *> cert=NULL,
- MRef<ca_db *> cert_db=NULL,
- std::string serverName="" );
-
- protected:
- TLSSocket();
-};
-
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/TlsException.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSException.h)
Copied: trunk/libmcrypto/include/libmcrypto/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h)
Copied: trunk/libmcrypto/include/libmcrypto/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/TLSSocket.h)
Modified: trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -3,7 +3,7 @@
noinst_HEADERS = \
cert.h \
init.h \
- TLSServerSocket.h \
- TLSSocket.h
+ TlsServerSocket.h \
+ TlsSocket.h
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
Deleted: trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,59 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef GNUTLS_TLSSERVERSOCKET_H
-#define GNUTLS_TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmcrypto/TLSServerSocket.h>
-#include<libmcrypto/gnutls/cert.h>
-
-class LIBMNETUTIL_API GnutlsServerSocket : public TLSServerSocket {
-
- public:
- GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db=NULL);
- ~GnutlsServerSocket();
- virtual std::string getMemObjectType() const {return "GnutlsServerSocket";}
-
- virtual MRef<StreamSocket *> accept();
-
- protected:
- virtual void init( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db);
- gnutls_session_t initialize_tls_session();
-
- private:
- MRef<gtls_ca_db *> m_cert_db;
- MRef<gtls_certificate*> m_cert;
-
- gnutls_certificate_credentials_t m_xcred;
- gnutls_x509_crt_t* m_ca_list;
- size_t m_ca_list_len;
-};
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,80 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
- */
-
-#ifndef GNUTLS_TLSSOCKET_H
-#define GNUTLS_TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmnetutil/StreamSocket.h>
-
-#include<libmcrypto/gnutls/cert.h>
-#include<libmutil/mtypes.h>
-
-#include<libmnetutil/IPAddress.h>
-
-#include<libmutil/MemObject.h>
-#include<libmcrypto/TLSSocket.h>
-
-#include<gnutls/gnutls.h>
-
-class LIBMNETUTIL_API GnutlsSocket : public TLSSocket {
- public:
- GnutlsSocket( IPAddress &addr, int32_t port,
- MRef<gtls_ca_db *> cert_db=NULL,
- MRef<gtls_certificate *> cert=NULL);
-
- GnutlsSocket( MRef<StreamSocket *> sock,
- gnutls_session_t session );
-
- virtual ~GnutlsSocket();
-
- virtual std::string getMemObjectType() const {return "GnutlsSocket";};
-
- virtual int32_t write(std::string);
-
- virtual int32_t write(const void *buf, int32_t count);
-
- virtual int32_t read(void *buf, int32_t count);
-
- private:
- void GnutlsSocket_init( MRef<StreamSocket*> ssock,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert);
-
- gnutls_certificate_credentials_t m_xcred;
- gnutls_session_t m_session;
-
- MRef<StreamSocket *> sock;
-
- MRef<certificate *> peer_cert;
-
- /** CA db */
- MRef<ca_db *> cert_db;
-
- gnutls_x509_crt_t* m_ca_list;
- size_t m_ca_list_len;
-};
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSServerSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TlsServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,59 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+ */
+
+#ifndef GNUTLS_TLSSERVERSOCKET_H
+#define GNUTLS_TLSSERVERSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmcrypto/TlsServerSocket.h>
+#include<libmcrypto/gnutls/cert.h>
+
+class LIBMNETUTIL_API GnutlsServerSocket : public TLSServerSocket {
+
+ public:
+ GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db=NULL);
+ ~GnutlsServerSocket();
+ virtual std::string getMemObjectType() const {return "GnutlsServerSocket";}
+
+ virtual MRef<StreamSocket *> accept();
+
+ protected:
+ virtual void init( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db);
+ gnutls_session_t initialize_tls_session();
+
+ private:
+ MRef<gtls_ca_db *> m_cert_db;
+ MRef<gtls_certificate*> m_cert;
+
+ gnutls_certificate_credentials_t m_xcred;
+ gnutls_x509_crt_t* m_ca_list;
+ size_t m_ca_list_len;
+};
+#endif
Copied: trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/TLSSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/TlsSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,80 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+ */
+
+#ifndef GNUTLS_TLSSOCKET_H
+#define GNUTLS_TLSSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmnetutil/StreamSocket.h>
+
+#include<libmcrypto/gnutls/cert.h>
+#include<libmutil/mtypes.h>
+
+#include<libmnetutil/IPAddress.h>
+
+#include<libmutil/MemObject.h>
+#include<libmcrypto/TlsSocket.h>
+
+#include<gnutls/gnutls.h>
+
+class LIBMNETUTIL_API GnutlsSocket : public TLSSocket {
+ public:
+ GnutlsSocket( IPAddress &addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db=NULL,
+ MRef<gtls_certificate *> cert=NULL);
+
+ GnutlsSocket( MRef<StreamSocket *> sock,
+ gnutls_session_t session );
+
+ virtual ~GnutlsSocket();
+
+ virtual std::string getMemObjectType() const {return "GnutlsSocket";};
+
+ virtual int32_t write(std::string);
+
+ virtual int32_t write(const void *buf, int32_t count);
+
+ virtual int32_t read(void *buf, int32_t count);
+
+ private:
+ void GnutlsSocket_init( MRef<StreamSocket*> ssock,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert);
+
+ gnutls_certificate_credentials_t m_xcred;
+ gnutls_session_t m_session;
+
+ MRef<StreamSocket *> sock;
+
+ MRef<certificate *> peer_cert;
+
+ /** CA db */
+ MRef<ca_db *> cert_db;
+
+ gnutls_x509_crt_t* m_ca_list;
+ size_t m_ca_list_len;
+};
+#endif
Modified: trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -6,8 +6,8 @@
noinst_HEADERS = \
cert.h \
init.h \
- TLSException.h \
- TLSServerSocket.h \
- TLSSocket.h
+ TlsException.h \
+ TlsServerSocket.h \
+ TlsSocket.h
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,43 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef TLS_EXCEPTION_H
-#define TLS_EXCEPTION_H
-
-#include<libmcrypto/config.h>
-#include<libmnetutil/NetworkException.h>
-
-#include<openssl/ssl.h>
-
-class LIBMCRYPTO_API TLSConnectFailed : public ConnectFailed{
- public:
- TLSConnectFailed( int errorNumber, SSL * ssl );
- virtual ~TLSConnectFailed() throw(){}
- virtual const char* what();
-
- private:
- SSL * ssl;
- std::string msg;
-};
-
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,59 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef OPENSSL_TLSSERVERSOCKET_H
-#define OPENSSL_TLSSERVERSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<libmcrypto/TLSServerSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#include<openssl/ssl.h>
-
-class LIBMNETUTIL_API OsslServerSocket : public TLSServerSocket {
-
- public:
- OsslServerSocket( bool use_ipv6, int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
- OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
- virtual std::string getMemObjectType() const {return "OsslServerSocket";}
-
- virtual MRef<StreamSocket *> accept();
-
- protected:
- virtual void init( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db);
-
- private:
- int32_t listen_port;
-
- SSL_CTX * ssl_ctx;
- SSL * ssl;
-
- /**
- CA db
- */
- MRef<ossl_ca_db *> cert_db;
-};
-#endif
Deleted: trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,128 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef OPENSSL_TLSSOCKET_H
-#define OPENSSL_TLSSOCKET_H
-
-#include<libmcrypto/config.h>
-
-#include<openssl/ssl.h>
-
-#include<libmnetutil/StreamSocket.h>
-
-#include<libmcrypto/openssl/cert.h>
-#include<libmutil/mtypes.h>
-
-#include<libmnetutil/IPAddress.h>
-
-#include<libmutil/MemObject.h>
-#include<libmcrypto/TLSSocket.h>
-
-
-/**
- Various lists of ciphers. It includes the default list used,
- as well as a strong cipher list (AES+HIGH+MEDIUM:!aNULL);
- a testing list (with the null encryption ciphers).
- set this with TLSSocket::setSSLCiphers( int idx ), where
- idx = 1 is AES.HIGH.MEDIUM
- idx = 2 is TESTING
- all others DEFAULT
- */
-#define SSL_CIPHERS_DEFAULT "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"
-#define SSL_CIPHERS_AES_HIGH_MEDIUM "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA"
-#define SSL_CIPHERS_TESTING "NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
-
-/**
- List of ciphers ... openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'
- This is, all ciphers (included the null encryption ones) except the
- low security and export ones.
- eNULL ciphers are listed for testing purposes. DON't use in production environment!
-ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:\
-ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:\
-DHE-DSS-RC4-SHA:\
-EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:\
-RC4-SHA:RC4-MD5:\
-ADH-DES-CBC3-SHA:\
-ADH-RC4-MD5:\
-DES-CBC3-MD5:\
-RC2-CBC-MD5:RC4-MD5:\
-NULL-SHA:NULL-MD5
-*/
-
-//Okay - another MSVC thing. Looks like I must explicitely instantiate
-//the MRef template like this to avoid linking errors --Erik.
-//� In Microsoft Embedded VC 4.0 this causes a warning ... remove
-#ifdef _MSC_VER
-#ifndef _WIN32_WCE
-template class __declspec(dllexport) MRef<certificate*>;
-template class __declspec(dllexport) MRef<ca_db*>;
-#endif
-#endif
-
-class LIBMNETUTIL_API OsslSocket : public TLSSocket {
- public:
- OsslSocket(std::string addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert = NULL,
- MRef<ossl_ca_db *> cert_db=NULL );
-
- OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert=NULL,
- MRef<ossl_ca_db *> cert_db=NULL );
-
- OsslSocket( MRef<StreamSocket *> sock, SSL_CTX * ssl_ctx );
-
- virtual ~OsslSocket();
-
- virtual std::string getMemObjectType() const {return "OsslSocket";};
-
- virtual int32_t write(std::string);
-
- virtual int32_t write(const void *buf, int32_t count);
-
- virtual int32_t read(void *buf, int32_t count);
- static int32_t setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx );
-
- /* Must be initialized ... now at Minisip.cxx::tls_server_thread*/
- static int8_t sslCipherListIndex;
-
- friend std::ostream& operator<<(std::ostream&, TLSSocket&);
-
- private:
- void OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db );
-
- MRef<StreamSocket *> sock;
-
- SSL_CTX* ssl_ctx;
-
- void* priv;
-
- MRef<ossl_certificate *> peer_cert;
-
- /** CA db */
- MRef<ossl_ca_db *> cert_db;
-};
-
-TLSSocket& operator<<(TLSSocket& sock, std::string str);
-#endif
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsException.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h)
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TlsServerSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,59 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ */
+
+#ifndef OPENSSL_TLSSERVERSOCKET_H
+#define OPENSSL_TLSSERVERSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<libmcrypto/TlsServerSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#include<openssl/ssl.h>
+
+class LIBMNETUTIL_API OsslServerSocket : public TLSServerSocket {
+
+ public:
+ OsslServerSocket( bool use_ipv6, int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
+ OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db=NULL);
+ virtual std::string getMemObjectType() const {return "OsslServerSocket";}
+
+ virtual MRef<StreamSocket *> accept();
+
+ protected:
+ virtual void init( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db);
+
+ private:
+ int32_t listen_port;
+
+ SSL_CTX * ssl_ctx;
+ SSL * ssl;
+
+ /**
+ CA db
+ */
+ MRef<ossl_ca_db *> cert_db;
+};
+#endif
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h (from rev 3100, trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TlsSocket.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,128 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ */
+
+#ifndef OPENSSL_TLSSOCKET_H
+#define OPENSSL_TLSSOCKET_H
+
+#include<libmcrypto/config.h>
+
+#include<openssl/ssl.h>
+
+#include<libmnetutil/StreamSocket.h>
+
+#include<libmcrypto/openssl/cert.h>
+#include<libmutil/mtypes.h>
+
+#include<libmnetutil/IPAddress.h>
+
+#include<libmutil/MemObject.h>
+#include<libmcrypto/TlsSocket.h>
+
+
+/**
+ Various lists of ciphers. It includes the default list used,
+ as well as a strong cipher list (AES+HIGH+MEDIUM:!aNULL);
+ a testing list (with the null encryption ciphers).
+ set this with TLSSocket::setSSLCiphers( int idx ), where
+ idx = 1 is AES.HIGH.MEDIUM
+ idx = 2 is TESTING
+ all others DEFAULT
+ */
+#define SSL_CIPHERS_DEFAULT "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"
+#define SSL_CIPHERS_AES_HIGH_MEDIUM "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA"
+#define SSL_CIPHERS_TESTING "NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
+
+/**
+ List of ciphers ... openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'
+ This is, all ciphers (included the null encryption ones) except the
+ low security and export ones.
+ eNULL ciphers are listed for testing purposes. DON't use in production environment!
+ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:\
+ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:\
+DHE-DSS-RC4-SHA:\
+EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:\
+RC4-SHA:RC4-MD5:\
+ADH-DES-CBC3-SHA:\
+ADH-RC4-MD5:\
+DES-CBC3-MD5:\
+RC2-CBC-MD5:RC4-MD5:\
+NULL-SHA:NULL-MD5
+*/
+
+//Okay - another MSVC thing. Looks like I must explicitely instantiate
+//the MRef template like this to avoid linking errors --Erik.
+//� In Microsoft Embedded VC 4.0 this causes a warning ... remove
+#ifdef _MSC_VER
+#ifndef _WIN32_WCE
+template class __declspec(dllexport) MRef<certificate*>;
+template class __declspec(dllexport) MRef<ca_db*>;
+#endif
+#endif
+
+class LIBMNETUTIL_API OsslSocket : public TLSSocket {
+ public:
+ OsslSocket(std::string addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert = NULL,
+ MRef<ossl_ca_db *> cert_db=NULL );
+
+ OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert=NULL,
+ MRef<ossl_ca_db *> cert_db=NULL );
+
+ OsslSocket( MRef<StreamSocket *> sock, SSL_CTX * ssl_ctx );
+
+ virtual ~OsslSocket();
+
+ virtual std::string getMemObjectType() const {return "OsslSocket";};
+
+ virtual int32_t write(std::string);
+
+ virtual int32_t write(const void *buf, int32_t count);
+
+ virtual int32_t read(void *buf, int32_t count);
+ static int32_t setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx );
+
+ /* Must be initialized ... now at Minisip.cxx::tls_server_thread*/
+ static int8_t sslCipherListIndex;
+
+ friend std::ostream& operator<<(std::ostream&, TLSSocket&);
+
+ private:
+ void OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db );
+
+ MRef<StreamSocket *> sock;
+
+ SSL_CTX* ssl_ctx;
+
+ void* priv;
+
+ MRef<ossl_certificate *> peer_cert;
+
+ /** CA db */
+ MRef<ossl_ca_db *> cert_db;
+};
+
+TLSSocket& operator<<(TLSSocket& sock, std::string str);
+#endif
Modified: trunk/libmcrypto/source/Makefile.am
===================================================================
--- trunk/libmcrypto/source/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -36,7 +36,7 @@
init.cxx \
$(scsim_src) \
base64.cxx \
- TLSException.cxx \
+ TlsException.cxx \
uuid.cxx \
rijndael-alg-fst.cxx
Deleted: trunk/libmcrypto/source/TLSException.cxx
===================================================================
--- trunk/libmcrypto/source/TLSException.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/TLSException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,47 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/TLSException.h>
-
-using namespace std;
-
-TLSInitFailed::TLSInitFailed():NetworkException(){
-}
-
-TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
-}
-
-const char *TLSInitFailed::what() {
- msg = "TLS initialization failed.";
- return msg.c_str();
-};
-
-const char* TLSContextInitFailed::what() {
- msg = "TLS context initialization failed.";
- return msg.c_str();
-};
Copied: trunk/libmcrypto/source/TlsException.cxx (from rev 3100, trunk/libmcrypto/source/TLSException.cxx)
===================================================================
--- trunk/libmcrypto/source/TLSException.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/TlsException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,47 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/TlsException.h>
+
+using namespace std;
+
+TLSInitFailed::TLSInitFailed():NetworkException(){
+}
+
+TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
+}
+
+const char *TLSInitFailed::what() {
+ msg = "TLS initialization failed.";
+ return msg.c_str();
+};
+
+const char* TLSContextInitFailed::what() {
+ msg = "TLS context initialization failed.";
+ return msg.c_str();
+};
Modified: trunk/libmcrypto/source/gnutls/Makefile.am
===================================================================
--- trunk/libmcrypto/source/gnutls/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -12,8 +12,8 @@
rand.cxx \
sha1.cxx \
sha256.cxx \
- TLSServerSocket.cxx \
- TLSSocket.cxx \
+ TlsServerSocket.cxx \
+ TlsSocket.cxx \
ZrtpDH.cxx
Deleted: trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,148 +0,0 @@
-/*
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/gnutls/TLSServerSocket.h>
-#include<libmcrypto/gnutls/TLSSocket.h>
-#include<libmcrypto/TLSException.h>
-
-#include<sys/socket.h>
-
-using namespace std;
-
-TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
- :ServerSocket( domain, listen_port )
-{
-}
-
-TLSServerSocket::~TLSServerSocket()
-{
-}
-
-ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- MRef<gtls_certificate*> gtls_cert;
- MRef<gtls_ca_db*> gtls_db;
-
- if( cert )
- gtls_cert = (gtls_certificate*)*cert;
-
- if( cert_db )
- gtls_db = (gtls_ca_db*)*cert_db;
-
- return new GnutlsServerSocket( use_ipv6, listen_port,
- gtls_cert, gtls_db );
-}
-
-ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- return create( false, listen_port, cert, cert_db );
-}
-
-
-GnutlsServerSocket::GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
-{
- init(use_ipv6, listen_port, cert, cert_db);
-}
-
-GnutlsServerSocket::~GnutlsServerSocket(){
- if( m_xcred ){
- gnutls_certificate_free_credentials( m_xcred );
- m_xcred = NULL;
- }
-
- if( m_ca_list ){
- delete[] m_ca_list;
- m_ca_list = NULL;
- }
-}
-
-gnutls_session_t GnutlsServerSocket::initialize_tls_session(){
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_set_default_priority (session);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, m_xcred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
-// gnutls_dh_set_prime_bits (session, DH_BITS);
-
- return session;
-}
-
-void GnutlsServerSocket::init( bool use_ipv6, int32_t listen_port,
- MRef<gtls_certificate *> cert,
- MRef<gtls_ca_db *> cert_db)
-{
- cerr << "GnutlsServerSocket::init" << endl;
- m_cert = cert;
- m_cert_db = cert_db;
-
- int32_t backlog = 25;
-
- gnutls_certificate_allocate_credentials (&m_xcred);
-
- if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
- cerr << "ca db failed" << endl;
- throw TLSContextInitFailed();
- }
-
- gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
-
- // FIXME support chained certs.
- gnutls_x509_crt_t gcert = cert->get_certificate();
- gnutls_x509_privkey_t gkey = NULL;
-
- MRef<gtls_priv_key*> gtls_pk =
- dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
-
- if( gtls_pk ){
- gkey = gtls_pk->get_private_key();
- }
-
- gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
-
- if( use_ipv6 )
- listen("::", listen_port, backlog);
- else
- listen("0.0.0.0", listen_port, backlog);
-
- cerr << "GnutlsServerSocket::init ends" << endl;
-}
-
-MRef<StreamSocket *> GnutlsServerSocket::accept(){
- MRef<StreamSocket *> ssocket = ServerSocket::accept();
-
- gnutls_session_t session = initialize_tls_session();
-
- return new GnutlsSocket( ssocket, session );
-}
Deleted: trunk/libmcrypto/source/gnutls/TLSSocket.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,235 +0,0 @@
-/*
- * Copyright (C) 2004-2006 the Minisip Team
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- * */
-
-/* Copyright (C) 2006
- *
- * Authors: Erik Ehrlund <eehrlund at kth.se>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include <gnutls/gnutls.h>
-
-#include <libmnetutil/TCPSocket.h>
-
-#include <libmcrypto/gnutls/init.h>
-#include <libmcrypto/gnutls/TLSSocket.h>
-#include <libmcrypto/TLSException.h>
-
-using namespace std;
-
-/************************************************************************/
-void checkErr(int a)
-{
- if(a<0)
- {
- perror("An error has occured");
- throw TLSInitFailed();
- return;
- }
-}
-
-
-TLSSocket::TLSSocket()
-{
-}
-
-TLSSocket::~TLSSocket()
-{
-}
-
-TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db,
- string serverName )
-{
- MRef<gtls_ca_db*> gtls_db;
- MRef<gtls_certificate*> gtls_cert;
-
- if( cert_db )
- gtls_db = (gtls_ca_db*)*cert_db;
-
- if( cert )
- gtls_cert = (gtls_certificate*)*cert;
-
- return new GnutlsSocket( addr, port, gtls_db, gtls_cert );
-}
-
-
-/*********************************************************************************/
-/* constructor*/
-// When created by a TLS Server
-GnutlsSocket::GnutlsSocket( MRef<StreamSocket *> tcp_socket,
- gnutls_session_t session )
- : sock(tcp_socket)
-{
- type = SOCKET_TYPE_TLS;
- peerPort = tcp_socket->getPeerPort();
- peerAddress = tcp_socket->getPeerAddress()->clone();
- fd = tcp_socket->getFd();
- m_session = session;
-
- gnutls_transport_set_ptr (m_session, (gnutls_transport_ptr_t) fd);
-
- int ret = gnutls_handshake (m_session);
- if (ret < 0){
- gnutls_deinit (m_session);
- m_session = NULL;
- fprintf(stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- throw TLSInitFailed();
- }
- printf("- Handshake was completed\n");
-}
-
-#if 0
-GnutlsSocket::GnutlsSocket(string addr, int32_t port,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert)
-{
- GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
- cert_db, cert);
-}
-#endif
-
-GnutlsSocket::GnutlsSocket(IPAddress &addr, int32_t port,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert)
-{
- GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
- cert_db, cert);
-}
-
-/*********************************************************************************/
-GnutlsSocket::~GnutlsSocket()
-{
- gnutls_bye (m_session, GNUTLS_SHUT_WR);
- gnutls_deinit (m_session);
- if( m_xcred ){
- gnutls_certificate_free_credentials( m_xcred );
- m_xcred = NULL;
- }
-
- if( m_ca_list ){
- delete[] m_ca_list;
- m_ca_list = NULL;
- }
-
-// gnutls_global_deinit ();
-}
-
-const int g_cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-
-/*********************************************************************************/
-void GnutlsSocket::GnutlsSocket_init( MRef<StreamSocket*> ssock,
- MRef<gtls_ca_db *> cert_db,
- MRef<gtls_certificate *> cert )
-{
- int err=0;
-
- /* init gnutls */
- libmcryptoGnutlsInit();
-
- /* X509 stuff */
- err = gnutls_certificate_allocate_credentials (&m_xcred);
- checkErr(err);
-
- if( cert_db ){
- if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
- cerr << "ca db failed" << endl;
- throw TLSContextInitFailed();
- }
-
- err = gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
- checkErr(err);
- }
-
- if( cert ){
- // FIXME support chained certs.
- gnutls_x509_crt_t gcert = cert->get_certificate();
- gnutls_x509_privkey_t gkey = NULL;
-
- MRef<gtls_priv_key*> gtls_pk =
- dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
-
- if( gtls_pk ){
- gkey = gtls_pk->get_private_key();
- }
-
- err = gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
- checkErr(err);
- }
-
- // Initialize session in priv
- err = gnutls_init (&m_session, GNUTLS_CLIENT);
- checkErr(err);
-
- /* Use default priorities */
- err = gnutls_set_default_priority (m_session);
- checkErr(err);
-
- err = gnutls_certificate_type_set_priority (m_session, g_cert_type_priority);
- checkErr(err);
-
-
- /* put the x509 credentials to the current session
- */
- err = gnutls_credentials_set (m_session, GNUTLS_CRD_CERTIFICATE, m_xcred);
- checkErr(err);
-
- gnutls_transport_set_ptr (m_session,
- (gnutls_transport_ptr_t) ssock->getFd());
-
- err = gnutls_handshake (m_session);
- if (err<0)
- {
- perror("****** HANDSHAKE FAILED ********");
- gnutls_perror(err);
- throw Exception("handshake failed");
- }
-
- sock = ssock;
- fd = ssock->getFd();
- peerPort = ssock->getPeerPort();
- peerAddress = ssock->getPeerAddress();
- type = SOCKET_TYPE_TLS;
-
- return;
-}
-
-/********************************************************************************/
-
-int32_t GnutlsSocket::write(const void *msg, int length)
-{
- int a ;
- a = gnutls_record_send (m_session, msg , length);
- return a;
-}
-/*********************************************************************************/
-int32_t GnutlsSocket::write(string msg)
-{
- return GnutlsSocket::write(msg.c_str(), msg.size());
-}
-
-/*********************************************************************************/
-int32_t GnutlsSocket::read (void *buf, int maxlength)
-{
- int recv;
- recv = gnutls_record_recv (m_session, buf, maxlength);
- return recv;
-}
Copied: trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx (from rev 3100, trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSServerSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/gnutls/TlsServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,148 @@
+/*
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/gnutls/TlsServerSocket.h>
+#include<libmcrypto/gnutls/TlsSocket.h>
+#include<libmcrypto/TlsException.h>
+
+#include<sys/socket.h>
+
+using namespace std;
+
+TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
+ :ServerSocket( domain, listen_port )
+{
+}
+
+TLSServerSocket::~TLSServerSocket()
+{
+}
+
+ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ MRef<gtls_certificate*> gtls_cert;
+ MRef<gtls_ca_db*> gtls_db;
+
+ if( cert )
+ gtls_cert = (gtls_certificate*)*cert;
+
+ if( cert_db )
+ gtls_db = (gtls_ca_db*)*cert_db;
+
+ return new GnutlsServerSocket( use_ipv6, listen_port,
+ gtls_cert, gtls_db );
+}
+
+ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ return create( false, listen_port, cert, cert_db );
+}
+
+
+GnutlsServerSocket::GnutlsServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
+{
+ init(use_ipv6, listen_port, cert, cert_db);
+}
+
+GnutlsServerSocket::~GnutlsServerSocket(){
+ if( m_xcred ){
+ gnutls_certificate_free_credentials( m_xcred );
+ m_xcred = NULL;
+ }
+
+ if( m_ca_list ){
+ delete[] m_ca_list;
+ m_ca_list = NULL;
+ }
+}
+
+gnutls_session_t GnutlsServerSocket::initialize_tls_session(){
+ gnutls_session_t session;
+
+ gnutls_init (&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_set_default_priority (session);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, m_xcred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+
+// gnutls_dh_set_prime_bits (session, DH_BITS);
+
+ return session;
+}
+
+void GnutlsServerSocket::init( bool use_ipv6, int32_t listen_port,
+ MRef<gtls_certificate *> cert,
+ MRef<gtls_ca_db *> cert_db)
+{
+ cerr << "GnutlsServerSocket::init" << endl;
+ m_cert = cert;
+ m_cert_db = cert_db;
+
+ int32_t backlog = 25;
+
+ gnutls_certificate_allocate_credentials (&m_xcred);
+
+ if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
+ cerr << "ca db failed" << endl;
+ throw TLSContextInitFailed();
+ }
+
+ gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
+
+ // FIXME support chained certs.
+ gnutls_x509_crt_t gcert = cert->get_certificate();
+ gnutls_x509_privkey_t gkey = NULL;
+
+ MRef<gtls_priv_key*> gtls_pk =
+ dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
+
+ if( gtls_pk ){
+ gkey = gtls_pk->get_private_key();
+ }
+
+ gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
+
+ if( use_ipv6 )
+ listen("::", listen_port, backlog);
+ else
+ listen("0.0.0.0", listen_port, backlog);
+
+ cerr << "GnutlsServerSocket::init ends" << endl;
+}
+
+MRef<StreamSocket *> GnutlsServerSocket::accept(){
+ MRef<StreamSocket *> ssocket = ServerSocket::accept();
+
+ gnutls_session_t session = initialize_tls_session();
+
+ return new GnutlsSocket( ssocket, session );
+}
Copied: trunk/libmcrypto/source/gnutls/TlsSocket.cxx (from rev 3100, trunk/libmcrypto/source/gnutls/TLSSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/gnutls/TLSSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/gnutls/TlsSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,235 @@
+/*
+ * Copyright (C) 2004-2006 the Minisip Team
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * */
+
+/* Copyright (C) 2006
+ *
+ * Authors: Erik Ehrlund <eehrlund at kth.se>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include <gnutls/gnutls.h>
+
+#include <libmnetutil/TCPSocket.h>
+
+#include <libmcrypto/gnutls/init.h>
+#include <libmcrypto/gnutls/TlsSocket.h>
+#include <libmcrypto/TlsException.h>
+
+using namespace std;
+
+/************************************************************************/
+void checkErr(int a)
+{
+ if(a<0)
+ {
+ perror("An error has occured");
+ throw TLSInitFailed();
+ return;
+ }
+}
+
+
+TLSSocket::TLSSocket()
+{
+}
+
+TLSSocket::~TLSSocket()
+{
+}
+
+TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
+ MRef<certificate *> cert,
+ MRef<ca_db *> cert_db,
+ string serverName )
+{
+ MRef<gtls_ca_db*> gtls_db;
+ MRef<gtls_certificate*> gtls_cert;
+
+ if( cert_db )
+ gtls_db = (gtls_ca_db*)*cert_db;
+
+ if( cert )
+ gtls_cert = (gtls_certificate*)*cert;
+
+ return new GnutlsSocket( addr, port, gtls_db, gtls_cert );
+}
+
+
+/*********************************************************************************/
+/* constructor*/
+// When created by a TLS Server
+GnutlsSocket::GnutlsSocket( MRef<StreamSocket *> tcp_socket,
+ gnutls_session_t session )
+ : sock(tcp_socket)
+{
+ type = SOCKET_TYPE_TLS;
+ peerPort = tcp_socket->getPeerPort();
+ peerAddress = tcp_socket->getPeerAddress()->clone();
+ fd = tcp_socket->getFd();
+ m_session = session;
+
+ gnutls_transport_set_ptr (m_session, (gnutls_transport_ptr_t) fd);
+
+ int ret = gnutls_handshake (m_session);
+ if (ret < 0){
+ gnutls_deinit (m_session);
+ m_session = NULL;
+ fprintf(stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ throw TLSInitFailed();
+ }
+ printf("- Handshake was completed\n");
+}
+
+#if 0
+GnutlsSocket::GnutlsSocket(string addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert)
+{
+ GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
+ cert_db, cert);
+}
+#endif
+
+GnutlsSocket::GnutlsSocket(IPAddress &addr, int32_t port,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert)
+{
+ GnutlsSocket::GnutlsSocket_init(new TCPSocket(addr, port),
+ cert_db, cert);
+}
+
+/*********************************************************************************/
+GnutlsSocket::~GnutlsSocket()
+{
+ gnutls_bye (m_session, GNUTLS_SHUT_WR);
+ gnutls_deinit (m_session);
+ if( m_xcred ){
+ gnutls_certificate_free_credentials( m_xcred );
+ m_xcred = NULL;
+ }
+
+ if( m_ca_list ){
+ delete[] m_ca_list;
+ m_ca_list = NULL;
+ }
+
+// gnutls_global_deinit ();
+}
+
+const int g_cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+
+/*********************************************************************************/
+void GnutlsSocket::GnutlsSocket_init( MRef<StreamSocket*> ssock,
+ MRef<gtls_ca_db *> cert_db,
+ MRef<gtls_certificate *> cert )
+{
+ int err=0;
+
+ /* init gnutls */
+ libmcryptoGnutlsInit();
+
+ /* X509 stuff */
+ err = gnutls_certificate_allocate_credentials (&m_xcred);
+ checkErr(err);
+
+ if( cert_db ){
+ if( !cert_db->getDb(&m_ca_list, &m_ca_list_len) ){
+ cerr << "ca db failed" << endl;
+ throw TLSContextInitFailed();
+ }
+
+ err = gnutls_certificate_set_x509_trust(m_xcred, m_ca_list, m_ca_list_len);
+ checkErr(err);
+ }
+
+ if( cert ){
+ // FIXME support chained certs.
+ gnutls_x509_crt_t gcert = cert->get_certificate();
+ gnutls_x509_privkey_t gkey = NULL;
+
+ MRef<gtls_priv_key*> gtls_pk =
+ dynamic_cast<gtls_priv_key*>( *cert->get_pk() );
+
+ if( gtls_pk ){
+ gkey = gtls_pk->get_private_key();
+ }
+
+ err = gnutls_certificate_set_x509_key(m_xcred, &gcert, 1, gkey);
+ checkErr(err);
+ }
+
+ // Initialize session in priv
+ err = gnutls_init (&m_session, GNUTLS_CLIENT);
+ checkErr(err);
+
+ /* Use default priorities */
+ err = gnutls_set_default_priority (m_session);
+ checkErr(err);
+
+ err = gnutls_certificate_type_set_priority (m_session, g_cert_type_priority);
+ checkErr(err);
+
+
+ /* put the x509 credentials to the current session
+ */
+ err = gnutls_credentials_set (m_session, GNUTLS_CRD_CERTIFICATE, m_xcred);
+ checkErr(err);
+
+ gnutls_transport_set_ptr (m_session,
+ (gnutls_transport_ptr_t) ssock->getFd());
+
+ err = gnutls_handshake (m_session);
+ if (err<0)
+ {
+ perror("****** HANDSHAKE FAILED ********");
+ gnutls_perror(err);
+ throw Exception("handshake failed");
+ }
+
+ sock = ssock;
+ fd = ssock->getFd();
+ peerPort = ssock->getPeerPort();
+ peerAddress = ssock->getPeerAddress();
+ type = SOCKET_TYPE_TLS;
+
+ return;
+}
+
+/********************************************************************************/
+
+int32_t GnutlsSocket::write(const void *msg, int length)
+{
+ int a ;
+ a = gnutls_record_send (m_session, msg , length);
+ return a;
+}
+/*********************************************************************************/
+int32_t GnutlsSocket::write(string msg)
+{
+ return GnutlsSocket::write(msg.c_str(), msg.size());
+}
+
+/*********************************************************************************/
+int32_t GnutlsSocket::read (void *buf, int maxlength)
+{
+ int recv;
+ recv = gnutls_record_recv (m_session, buf, maxlength);
+ return recv;
+}
Modified: trunk/libmcrypto/source/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/source/openssl/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -17,9 +17,9 @@
hmac.cxx \
rand.cxx \
sha1.cxx \
- TLSException.cxx \
- TLSServerSocket.cxx \
- TLSSocket.cxx \
+ TlsException.cxx \
+ TlsServerSocket.cxx \
+ TlsSocket.cxx \
$(OTHER_FILES)
libmcopenssl_la_LIBADD = $(OPENSSL_LIBS)
Deleted: trunk/libmcrypto/source/openssl/TLSException.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,61 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
- Copyright (C) 2006 Mikael Magnusson
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Mikael Magnusson <mikma at users.sourceforge.net>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSException.h>
-
-using namespace std;
-
-
-TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
-
-const char *TLSConnectFailed::what(){
-
- switch( SSL_get_error( ssl, errorNumber ) ){
- case SSL_ERROR_NONE:
- msg = "SSL Error: No error"; break;
- case SSL_ERROR_ZERO_RETURN:
- msg = "SSL Error: Connection was closed"; break;
- case SSL_ERROR_WANT_READ:
- msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
- case SSL_ERROR_WANT_WRITE:
- msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
- case SSL_ERROR_WANT_CONNECT:
- msg = "SSL Error: The underlying TCP connection is not connected" ; break;
-#ifdef SSL_ERROR_WANT_ACCEPT
- case SSL_ERROR_WANT_ACCEPT:
- msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
-#endif
- case SSL_ERROR_WANT_X509_LOOKUP:
- msg = "SSL Error: Error in the X509 lookup" ; break;
- case SSL_ERROR_SYSCALL:
- msg = "SSL Error: I/O error" ; break;
- case SSL_ERROR_SSL:
- msg = "SSL Error: Error in the SSL protocol" ; break;
- }
- return msg.c_str();
-}
Deleted: trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,178 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSServerSocket.h>
-#include<libmcrypto/openssl/TLSSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#ifdef WIN32
-# include<winsock2.h>
-#else
-#include<sys/socket.h>
-#endif
-
-#ifndef _WIN32_WCE
-# include<openssl/err.h>
-#endif
-
-
-#include<libmutil/merror.h>
-#include<libmutil/massert.h>
-
-#ifdef DEBUG_OUTPUT
-#include<iostream>
-#endif
-
-using namespace std;
-
-#ifdef WIN32
-typedef int socklen_t;
-#endif
-
-
-TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
- :ServerSocket( domain, listen_port )
-{
-}
-
-TLSServerSocket::~TLSServerSocket()
-{
-}
-
-ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- return new OsslServerSocket( listen_port, ssl_cert, ssl_db );
-}
-
-ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
-
- return create( false, listen_port, cert, cert_db );
-}
-
-
-
-OsslServerSocket::OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db):TLSServerSocket(AF_INET, listen_port)
-{
- init(false, listen_port, cert, cert_db);
-}
-
-OsslServerSocket::OsslServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
-{
- init(use_ipv6, listen_port, cert, cert_db);
-}
-
-void OsslServerSocket::init( bool use_ipv6, int32_t listen_port,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db)
-{
- int32_t backlog = 25;
- SSL_METHOD * meth;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
-
- if( use_ipv6 )
- listen("::", listen_port, backlog);
- else
- listen("0.0.0.0", listen_port, backlog);
-
- SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
- meth = SSLv23_server_method();
- this->ssl_ctx = SSL_CTX_new( meth );
- this->cert_db = cert_db;
-
- if( ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not initialize SSL context" << endl;
-#endif
-
- exit( 1 );
- }
-
- if( OsslSocket::sslCipherListIndex != 0 )
- OsslSocket::setSSLCTXCiphers ( this->ssl_ctx, OsslSocket::sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
-
- SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- //SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_NONE, 0);
- SSL_CTX_set_verify_depth( ssl_ctx, 5);
-
- //SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx, this->cert_db->get_db());
- }
-
- MRef<priv_key *> priv_key = cert->get_pk();
- MRef<ossl_priv_key *> ossl_pk =
- dynamic_cast<ossl_priv_key*>(*priv_key);
- if( SSL_CTX_use_PrivateKey( ssl_ctx, ossl_pk->get_openssl_private_key() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given private key" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
-
- if( SSL_CTX_use_certificate( ssl_ctx, cert->get_openssl_certificate() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given certificate" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
- if( !SSL_CTX_check_private_key( ssl_ctx ) ){
-#ifdef DEBUG_OUTPUT
- cerr << "Given private key does not match the certificate"<<endl;
-#endif
-
- exit( 1 );
- }
-}
-
-MRef<StreamSocket *> OsslServerSocket::accept(){
- MRef<StreamSocket *> ssocket = ServerSocket::accept();
-
- return new OsslSocket( ssocket, ssl_ctx );
-}
-
Deleted: trunk/libmcrypto/source/openssl/TLSSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,306 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-#include<config.h>
-
-#include<libmcrypto/openssl/TLSSocket.h>
-#include<libmcrypto/openssl/cert.h>
-
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#ifdef WIN32
-#include<winsock2.h>
-#elif defined HAVE_SYS_SOCKET_H
-#include<sys/types.h>
-#include<sys/socket.h>
-#endif
-
-#include<libmnetutil/IPAddress.h>
-#include<libmnetutil/TCPSocket.h>
-
-#include<iostream>
-
-#include<libmcrypto/TLSException.h>
-#include<libmcrypto/openssl/TLSException.h>
-#include<libmutil/MemObject.h>
-
-using namespace std;
-
-TLSSocket::TLSSocket()
-{
-}
-
-TLSSocket::~TLSSocket()
-{
-}
-
-TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db,
- string serverName )
-{
- void *ssl_ctx = NULL;
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- return new OsslSocket( addr, port, ssl_ctx, ssl_cert, ssl_db );
-}
-
-
-int8_t OsslSocket::sslCipherListIndex = 0; /* Set default value ... DEFAULT ciphers */
-
-
-#define ssl ((SSL*)priv)
-
-
-
-// When created by a TLS Server
-OsslSocket::OsslSocket( MRef<StreamSocket *> tcp_socket, SSL_CTX * ssl_ctx ):
- sock(tcp_socket){
- type = SOCKET_TYPE_TLS;
- peerPort = tcp_socket->getPeerPort();
- peerAddress = tcp_socket->getPeerAddress()->clone();
-
- int error;
- // Copy the SSL parameters, since the server still needs them
- // Initialize ssl in priv
- priv = SSL_new( ssl_ctx );
- this->ssl_ctx = SSL_get_SSL_CTX( ssl );
-
- SSL_set_fd( ssl, tcp_socket->getFd() );
- fd = tcp_socket->getFd();
-
- error = SSL_accept( ssl );
- if( error <= 0 ){
- cerr << "Could not establish an incoming TLS connection" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( error, ssl );
- }
-}
-
-
-OsslSocket::OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-OsslSocket::OsslSocket( string addr, int32_t port, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-/* Helper function ... simplify the maintenance of constructors ... */
-void OsslSocket::OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<ossl_certificate *> cert,
- MRef<ossl_ca_db *> cert_db ){
- type = SOCKET_TYPE_TLS;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
- SSLeay_add_ssl_algorithms();
- SSL_METHOD *meth = SSLv23_client_method();
- this->ssl_ctx = (SSL_CTX *)ssl_ctx;
- this->cert_db = cert_db;
- peerPort = ssock->getPeerPort();
- MRef<ossl_certificate*> ssl_cert;
- MRef<ossl_ca_db*> ssl_db;
-
- if( cert )
- ssl_cert = (ossl_certificate*)*cert;
-
- if( cert_db )
- ssl_db = (ossl_ca_db*)*cert_db;
-
- if( this->ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Creating new SSL_CTX" << endl;
-#endif
- this->ssl_ctx = SSL_CTX_new( meth );
-
- if( this->ssl_ctx == NULL ){
- cerr << "Could not create SSL session" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSInitFailed();
- }
-
- if( sslCipherListIndex != 0 )
- setSSLCTXCiphers ( this->ssl_ctx, sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- long options = SSL_OP_NO_SSLv2 | SSL_OP_ALL;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00908000
- // Disable SSL_OP_TLS_BLOCK_PADDING_BUG in 0.9.8, buggy
- options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
-#endif
- SSL_CTX_set_options(this->ssl_ctx, options);
-
- SSL_CTX_set_verify( this->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- SSL_CTX_set_verify_depth( this->ssl_ctx, 5);
-
- if( !cert.isNull() ){
- /* Add a client certificate */
- MRef<priv_key*> pk = ssl_cert->get_pk();
- MRef<ossl_priv_key*> ssl_pk =
- dynamic_cast<ossl_priv_key*>(*pk);
-
- if( !ssl_pk || SSL_CTX_use_PrivateKey( this->ssl_ctx,
- ssl_pk->get_openssl_private_key() ) <= 0 ){
- cerr << "SSL: Could not use private key" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- if( SSL_CTX_use_certificate( this->ssl_ctx,
- ssl_cert->get_openssl_certificate() ) <= 0 ){
- cerr << "SSL: Could not use certificate" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- }
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx,
- ssl_db->get_db());
- }
-
- //SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( this->ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- ssl_ctx = this->ssl_ctx;
- }
-
- sock = ssock;
- peerAddress = sock->getPeerAddress()->clone();
-
- // Initialize ssl in priv
- priv = SSL_new( this->ssl_ctx );
-
- //FIXME ... this client side cache works?? only if only one host to connect to
- if( this->ssl_ctx->session_cache_head != NULL )
- SSL_set_session( ssl, this->ssl_ctx->session_cache_head );
-
- //SSL_set_verify( this->ssl, SSL_VERIFY_PEER, NULL );
-
- SSL_set_fd( ssl, sock->getFd() );
- // FIXME
- fd = sock->getFd();
-
- int32_t err = SSL_connect( ssl );
-
- if( err <= 0 ){
- cerr << "SSL: connect failed" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( err, ssl );
- }
-
- try{
- peer_cert = new ossl_certificate( SSL_get_peer_certificate (ssl) );
- }
- catch( certificate_exception &){
- //FIXME
- cerr << "Could not get server certificate" << endl;
- peer_cert = NULL;
- }
-
-}
-
-
-OsslSocket::~OsslSocket(){
-#ifdef DEBUG_OUTPUT
- cerr << "TLS: Shutting down TLS Socket" << endl;
-#endif
- SSL_shutdown( ssl );
- SSL_free( ssl );
- //SSL_CTX_free( ssl_ctx );
- //delete tcp_socket;
- //delete peerAddress;
-}
-
-int32_t OsslSocket::write( string data ){
- return SSL_write( ssl, data.c_str(), (int)data.length() );
-}
-
-int32_t OsslSocket::write( const void *buf, int32_t count ){
- return SSL_write( ssl, buf, count );
-}
-
-OsslSocket& operator<<(OsslSocket& sock, string str){
- sock.write(str);
- return sock;
-}
-
-int32_t OsslSocket::read( void *buf, int32_t count ){
- //if( SSL_pending( ssl ) == 0 )
- // return -1;
- int ret;
- ret = SSL_read( ssl, buf, count );
- if( ret == 0 )
-// if( SSL_get_error( ssl, ret ) == SSL_ERROR_ZERO_RETURN )
- // Connection closed
- return 0;
-
-// else
-// return -1;
- else
- return ret;
-}
-
-int32_t OsslSocket::setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx ) {
- char *ciphers;
-
-#ifdef DEBUG_OUTPUT
- cerr << "Modifying SSL_CTX ciphers list" << endl;
-#endif
-
- switch( listIdx ) {
- case 1:
- ciphers = SSL_CIPHERS_AES_HIGH_MEDIUM;
- break;
- case 2:
- ciphers = SSL_CIPHERS_TESTING;
- break;
- default:
- ciphers = SSL_CIPHERS_DEFAULT;
- break;
- }
- if( SSL_CTX_set_cipher_list(_ctx, ciphers) == 0 ) {
-#ifdef DEBUG_OUTPUT
- cerr << "ERROR: OsslSocket::setSSLCiphers: failed to set cipher list" << endl;
-#endif
- return 0;
- } else return 1;
-}
-
Copied: trunk/libmcrypto/source/openssl/TlsException.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSException.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSException.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsException.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,61 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsException.h>
+
+using namespace std;
+
+
+TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
+
+const char *TLSConnectFailed::what(){
+
+ switch( SSL_get_error( ssl, errorNumber ) ){
+ case SSL_ERROR_NONE:
+ msg = "SSL Error: No error"; break;
+ case SSL_ERROR_ZERO_RETURN:
+ msg = "SSL Error: Connection was closed"; break;
+ case SSL_ERROR_WANT_READ:
+ msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
+ case SSL_ERROR_WANT_WRITE:
+ msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
+ case SSL_ERROR_WANT_CONNECT:
+ msg = "SSL Error: The underlying TCP connection is not connected" ; break;
+#ifdef SSL_ERROR_WANT_ACCEPT
+ case SSL_ERROR_WANT_ACCEPT:
+ msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
+#endif
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ msg = "SSL Error: Error in the X509 lookup" ; break;
+ case SSL_ERROR_SYSCALL:
+ msg = "SSL Error: I/O error" ; break;
+ case SSL_ERROR_SSL:
+ msg = "SSL Error: Error in the SSL protocol" ; break;
+ }
+ return msg.c_str();
+}
Copied: trunk/libmcrypto/source/openssl/TlsServerSocket.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSServerSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsServerSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,178 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsServerSocket.h>
+#include<libmcrypto/openssl/TlsSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#ifdef WIN32
+# include<winsock2.h>
+#else
+#include<sys/socket.h>
+#endif
+
+#ifndef _WIN32_WCE
+# include<openssl/err.h>
+#endif
+
+
+#include<libmutil/merror.h>
+#include<libmutil/massert.h>
+
+#ifdef DEBUG_OUTPUT
+#include<iostream>
+#endif
+
+using namespace std;
+
+#ifdef WIN32
+typedef int socklen_t;
+#endif
+
+
+TLSServerSocket::TLSServerSocket( int32_t domain, int32_t listen_port )
+ :ServerSocket( domain, listen_port )
+{
+}
+
+TLSServerSocket::~TLSServerSocket()
+{
+}
+
+ServerSocket *TLSServerSocket::create( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ return new OsslServerSocket( listen_port, ssl_cert, ssl_db );
+}
+
+ServerSocket *TLSServerSocket::create(int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db ){
+
+ return create( false, listen_port, cert, cert_db );
+}
+
+
+
+OsslServerSocket::OsslServerSocket( int32_t listen_port, MRef<ossl_certificate *> cert, MRef<ossl_ca_db *> cert_db):TLSServerSocket(AF_INET, listen_port)
+{
+ init(false, listen_port, cert, cert_db);
+}
+
+OsslServerSocket::OsslServerSocket( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db):TLSServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
+{
+ init(use_ipv6, listen_port, cert, cert_db);
+}
+
+void OsslServerSocket::init( bool use_ipv6, int32_t listen_port,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db)
+{
+ int32_t backlog = 25;
+ SSL_METHOD * meth;
+ const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
+
+ if( use_ipv6 )
+ listen("::", listen_port, backlog);
+ else
+ listen("0.0.0.0", listen_port, backlog);
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+ meth = SSLv23_server_method();
+ this->ssl_ctx = SSL_CTX_new( meth );
+ this->cert_db = cert_db;
+
+ if( ssl_ctx == NULL ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not initialize SSL context" << endl;
+#endif
+
+ exit( 1 );
+ }
+
+ if( OsslSocket::sslCipherListIndex != 0 )
+ OsslSocket::setSSLCTXCiphers ( this->ssl_ctx, OsslSocket::sslCipherListIndex );
+ /* Set options: do not accept SSLv2*/
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
+
+ SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
+ //SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_NONE, 0);
+ SSL_CTX_set_verify_depth( ssl_ctx, 5);
+
+ //SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_BOTH );
+ SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_SERVER );
+ SSL_CTX_set_session_id_context( ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
+
+ if( !cert_db.isNull() ){
+ /* Use this database for the certificates check */
+ SSL_CTX_set_cert_store( this->ssl_ctx, this->cert_db->get_db());
+ }
+
+ MRef<priv_key *> priv_key = cert->get_pk();
+ MRef<ossl_priv_key *> ossl_pk =
+ dynamic_cast<ossl_priv_key*>(*priv_key);
+ if( SSL_CTX_use_PrivateKey( ssl_ctx, ossl_pk->get_openssl_private_key() ) <= 0 ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not use the given private key" << endl;
+#endif
+
+ ERR_print_errors_fp(stderr);
+ exit( 1 );
+ }
+
+
+ if( SSL_CTX_use_certificate( ssl_ctx, cert->get_openssl_certificate() ) <= 0 ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Could not use the given certificate" << endl;
+#endif
+
+ ERR_print_errors_fp(stderr);
+ exit( 1 );
+ }
+
+ if( !SSL_CTX_check_private_key( ssl_ctx ) ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Given private key does not match the certificate"<<endl;
+#endif
+
+ exit( 1 );
+ }
+}
+
+MRef<StreamSocket *> OsslServerSocket::accept(){
+ MRef<StreamSocket *> ssocket = ServerSocket::accept();
+
+ return new OsslSocket( ssocket, ssl_ctx );
+}
+
Copied: trunk/libmcrypto/source/openssl/TlsSocket.cxx (from rev 3100, trunk/libmcrypto/source/openssl/TLSSocket.cxx)
===================================================================
--- trunk/libmcrypto/source/openssl/TLSSocket.cxx 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmcrypto/source/openssl/TlsSocket.cxx 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,306 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TlsSocket.h>
+#include<libmcrypto/openssl/cert.h>
+
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#ifdef WIN32
+#include<winsock2.h>
+#elif defined HAVE_SYS_SOCKET_H
+#include<sys/types.h>
+#include<sys/socket.h>
+#endif
+
+#include<libmnetutil/IPAddress.h>
+#include<libmnetutil/TCPSocket.h>
+
+#include<iostream>
+
+#include<libmcrypto/TlsException.h>
+#include<libmcrypto/openssl/TlsException.h>
+#include<libmutil/MemObject.h>
+
+using namespace std;
+
+TLSSocket::TLSSocket()
+{
+}
+
+TLSSocket::~TLSSocket()
+{
+}
+
+TLSSocket* TLSSocket::connect( IPAddress &addr, int32_t port,
+ MRef<certificate *> cert,
+ MRef<ca_db *> cert_db,
+ string serverName )
+{
+ void *ssl_ctx = NULL;
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ return new OsslSocket( addr, port, ssl_ctx, ssl_cert, ssl_db );
+}
+
+
+int8_t OsslSocket::sslCipherListIndex = 0; /* Set default value ... DEFAULT ciphers */
+
+
+#define ssl ((SSL*)priv)
+
+
+
+// When created by a TLS Server
+OsslSocket::OsslSocket( MRef<StreamSocket *> tcp_socket, SSL_CTX * ssl_ctx ):
+ sock(tcp_socket){
+ type = SOCKET_TYPE_TLS;
+ peerPort = tcp_socket->getPeerPort();
+ peerAddress = tcp_socket->getPeerAddress()->clone();
+
+ int error;
+ // Copy the SSL parameters, since the server still needs them
+ // Initialize ssl in priv
+ priv = SSL_new( ssl_ctx );
+ this->ssl_ctx = SSL_get_SSL_CTX( ssl );
+
+ SSL_set_fd( ssl, tcp_socket->getFd() );
+ fd = tcp_socket->getFd();
+
+ error = SSL_accept( ssl );
+ if( error <= 0 ){
+ cerr << "Could not establish an incoming TLS connection" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSConnectFailed( error, ssl );
+ }
+}
+
+
+OsslSocket::OsslSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
+ OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
+}
+
+OsslSocket::OsslSocket( string addr, int32_t port, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
+ OsslSocket::OsslSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
+}
+
+/* Helper function ... simplify the maintenance of constructors ... */
+void OsslSocket::OsslSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
+ MRef<ossl_certificate *> cert,
+ MRef<ossl_ca_db *> cert_db ){
+ type = SOCKET_TYPE_TLS;
+ const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
+ SSLeay_add_ssl_algorithms();
+ SSL_METHOD *meth = SSLv23_client_method();
+ this->ssl_ctx = (SSL_CTX *)ssl_ctx;
+ this->cert_db = cert_db;
+ peerPort = ssock->getPeerPort();
+ MRef<ossl_certificate*> ssl_cert;
+ MRef<ossl_ca_db*> ssl_db;
+
+ if( cert )
+ ssl_cert = (ossl_certificate*)*cert;
+
+ if( cert_db )
+ ssl_db = (ossl_ca_db*)*cert_db;
+
+ if( this->ssl_ctx == NULL ){
+#ifdef DEBUG_OUTPUT
+ cerr << "Creating new SSL_CTX" << endl;
+#endif
+ this->ssl_ctx = SSL_CTX_new( meth );
+
+ if( this->ssl_ctx == NULL ){
+ cerr << "Could not create SSL session" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSInitFailed();
+ }
+
+ if( sslCipherListIndex != 0 )
+ setSSLCTXCiphers ( this->ssl_ctx, sslCipherListIndex );
+ /* Set options: do not accept SSLv2*/
+ long options = SSL_OP_NO_SSLv2 | SSL_OP_ALL;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00908000
+ // Disable SSL_OP_TLS_BLOCK_PADDING_BUG in 0.9.8, buggy
+ options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
+#endif
+ SSL_CTX_set_options(this->ssl_ctx, options);
+
+ SSL_CTX_set_verify( this->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
+ SSL_CTX_set_verify_depth( this->ssl_ctx, 5);
+
+ if( !cert.isNull() ){
+ /* Add a client certificate */
+ MRef<priv_key*> pk = ssl_cert->get_pk();
+ MRef<ossl_priv_key*> ssl_pk =
+ dynamic_cast<ossl_priv_key*>(*pk);
+
+ if( !ssl_pk || SSL_CTX_use_PrivateKey( this->ssl_ctx,
+ ssl_pk->get_openssl_private_key() ) <= 0 ){
+ cerr << "SSL: Could not use private key" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSContextInitFailed();
+ }
+ if( SSL_CTX_use_certificate( this->ssl_ctx,
+ ssl_cert->get_openssl_certificate() ) <= 0 ){
+ cerr << "SSL: Could not use certificate" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSContextInitFailed();
+ }
+ }
+
+ if( !cert_db.isNull() ){
+ /* Use this database for the certificates check */
+ SSL_CTX_set_cert_store( this->ssl_ctx,
+ ssl_db->get_db());
+ }
+
+ //SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_BOTH );
+ SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_SERVER );
+ SSL_CTX_set_session_id_context( this->ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
+
+ ssl_ctx = this->ssl_ctx;
+ }
+
+ sock = ssock;
+ peerAddress = sock->getPeerAddress()->clone();
+
+ // Initialize ssl in priv
+ priv = SSL_new( this->ssl_ctx );
+
+ //FIXME ... this client side cache works?? only if only one host to connect to
+ if( this->ssl_ctx->session_cache_head != NULL )
+ SSL_set_session( ssl, this->ssl_ctx->session_cache_head );
+
+ //SSL_set_verify( this->ssl, SSL_VERIFY_PEER, NULL );
+
+ SSL_set_fd( ssl, sock->getFd() );
+ // FIXME
+ fd = sock->getFd();
+
+ int32_t err = SSL_connect( ssl );
+
+ if( err <= 0 ){
+ cerr << "SSL: connect failed" << endl;
+ ERR_print_errors_fp(stderr);
+ throw TLSConnectFailed( err, ssl );
+ }
+
+ try{
+ peer_cert = new ossl_certificate( SSL_get_peer_certificate (ssl) );
+ }
+ catch( certificate_exception &){
+ //FIXME
+ cerr << "Could not get server certificate" << endl;
+ peer_cert = NULL;
+ }
+
+}
+
+
+OsslSocket::~OsslSocket(){
+#ifdef DEBUG_OUTPUT
+ cerr << "TLS: Shutting down TLS Socket" << endl;
+#endif
+ SSL_shutdown( ssl );
+ SSL_free( ssl );
+ //SSL_CTX_free( ssl_ctx );
+ //delete tcp_socket;
+ //delete peerAddress;
+}
+
+int32_t OsslSocket::write( string data ){
+ return SSL_write( ssl, data.c_str(), (int)data.length() );
+}
+
+int32_t OsslSocket::write( const void *buf, int32_t count ){
+ return SSL_write( ssl, buf, count );
+}
+
+OsslSocket& operator<<(OsslSocket& sock, string str){
+ sock.write(str);
+ return sock;
+}
+
+int32_t OsslSocket::read( void *buf, int32_t count ){
+ //if( SSL_pending( ssl ) == 0 )
+ // return -1;
+ int ret;
+ ret = SSL_read( ssl, buf, count );
+ if( ret == 0 )
+// if( SSL_get_error( ssl, ret ) == SSL_ERROR_ZERO_RETURN )
+ // Connection closed
+ return 0;
+
+// else
+// return -1;
+ else
+ return ret;
+}
+
+int32_t OsslSocket::setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx ) {
+ char *ciphers;
+
+#ifdef DEBUG_OUTPUT
+ cerr << "Modifying SSL_CTX ciphers list" << endl;
+#endif
+
+ switch( listIdx ) {
+ case 1:
+ ciphers = SSL_CIPHERS_AES_HIGH_MEDIUM;
+ break;
+ case 2:
+ ciphers = SSL_CIPHERS_TESTING;
+ break;
+ default:
+ ciphers = SSL_CIPHERS_DEFAULT;
+ break;
+ }
+ if( SSL_CTX_set_cipher_list(_ctx, ciphers) == 0 ) {
+#ifdef DEBUG_OUTPUT
+ cerr << "ERROR: OsslSocket::setSSLCiphers: failed to set cipher list" << endl;
+#endif
+ return 0;
+ } else return 1;
+}
+
Modified: trunk/libmikey/Makefile.am
===================================================================
--- trunk/libmikey/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -50,13 +50,13 @@
mikey/MikeyPayloadT.cxx \
mikey/MikeyPayloadV.cxx
-ka_src = keyagreement/keyagreement.cxx \
- keyagreement/keyagreement_dh.cxx \
- keyagreement/keyagreement_psk.cxx \
+ka_src = keyagreement/KeyAgreement.cxx \
+ keyagreement/KeyAgreementDH.cxx \
+ keyagreement/KeyAgreementPSK.cxx \
keyagreement/KeyAgreementPKE.cxx \
keyagreement/KeyAgreementDHHMAC.cxx \
keyagreement/KeyAgreementRSAR.cxx \
- keyagreement/keyvalidity.cxx
+ keyagreement/KeyValidity.cxx
# maintainer rules
ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
Modified: trunk/libmikey/include/Makefile.am
===================================================================
--- trunk/libmikey/include/Makefile.am 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/Makefile.am 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,10 +1,10 @@
pkginclude_HEADERS = libmikey/exception.h \
- libmikey/keyagreement.h \
+ libmikey/KeyAgreement.h \
libmikey/KeyAgreementPKE.h \
libmikey/KeyAgreementDHHMAC.h \
- libmikey/keyagreement_dh.h \
- libmikey/keyagreement_psk.h \
- libmikey/keyvalidity.h \
+ libmikey/KeyAgreementDH.h \
+ libmikey/KeyAgreementPSK.h \
+ libmikey/KeyValidity.h \
libmikey/MikeyDefs.h \
libmikey/MikeyException.h \
libmikey/MikeyMessage.h \
Copied: trunk/libmikey/include/libmikey/KeyAgreement.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreement.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,215 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Joachim Orrblad <joachim at orrblad.com>
+*/
+
+
+#ifndef KEYAGREEMENT_H
+#define KEYAGREEMENT_H
+
+#include<libmikey/libmikey_config.h>
+#include<libmikey/MikeyDefs.h>
+
+#include<assert.h>
+
+#include<libmutil/MemObject.h>
+#include<libmikey/KeyValidity.h>
+#include<libmikey/MikeyCsIdMap.h>
+
+#include<iostream>
+// different type of key derivation defined in MIKEY
+#define KEY_DERIV_TEK 0
+#define KEY_DERIV_SALT 1
+#define KEY_DERIV_TRANS_ENCR 2
+#define KEY_DERIV_TRANS_SALT 3
+#define KEY_DERIV_TRANS_AUTH 4
+#define KEY_DERIV_ENCR 5
+#define KEY_DERIV_AUTH 6
+
+#define KEY_AGREEMENT_TYPE_DH 0
+#define KEY_AGREEMENT_TYPE_PSK 1
+#define KEY_AGREEMENT_TYPE_PK 2
+#define KEY_AGREEMENT_TYPE_DHHMAC 3
+#define KEY_AGREEMENT_TYPE_RSA_R 4
+
+
+// Class to hold Security Policy (SP) info
+class LIBMIKEY_API Policy_type {
+ public:
+ Policy_type(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ ~Policy_type();
+ uint8_t policy_No;
+ uint8_t prot_type;
+ uint8_t policy_type;
+ uint8_t length;
+ byte_t * value;
+ private:
+};
+
+class LIBMIKEY_API MikeyMessage;
+
+class LIBMIKEY_API ITgk{
+ public:
+ virtual ~ITgk();
+ /**
+ * If tgk == NULL, generate random TGK of specified size
+ */
+ virtual void setTgk( byte_t * tgk, unsigned int tgkLength )=0;
+ virtual unsigned int tgkLength()=0;
+ virtual byte_t * tgk()=0;
+};
+
+class LIBMIKEY_API KeyAgreement : public MObject,
+ public virtual ITgk{
+ public:
+ KeyAgreement();
+ ~KeyAgreement();
+
+ /* Type of key agreement (DH, PSK, PKE) */
+ virtual int32_t type()=0;
+
+ /* RAND value exchanged during the key agreement */
+ unsigned int randLength();
+ byte_t * rand();
+ void setRand( byte_t * randData, int randLength );
+
+ /* TEK and SALT values, derived from the TGK */
+ void genTek( byte_t cs_id,
+ byte_t * tek, unsigned int tek_length );
+ void genSalt( byte_t cs_id,
+ byte_t * salt, unsigned int salt_length );
+
+ void genEncr( byte_t cs_id,
+ byte_t * e_key, unsigned int e_keylength );
+ void genAuth( byte_t cs_id,
+ byte_t * a_key, unsigned int a_keylength );
+ /* CSB ID: should be random in most cases and generated
+ * by the initiator */
+ unsigned int csbId();
+ virtual void setCsbId( unsigned int );
+
+ /* CS ID map: matches crypto protocol id and CS-id */
+ void setCsIdMapType(uint8_t type);
+ uint8_t getCsIdMapType();
+ MRef<MikeyCsIdMap *> csIdMap();
+ void setCsIdMap( MRef<MikeyCsIdMap *> idMap );
+
+ /* Number of cryptosessions (updated when adding streams) (...or IPsec SA) */
+ byte_t nCs();
+ void setnCs(uint8_t value);
+
+ /* TGK */
+ /**
+ * If tgk == NULL, generate random TGK of specified size
+ */
+ void setTgk( byte_t * tgk, unsigned int tgkLength );
+ unsigned int tgkLength();
+ byte_t * tgk();
+
+ /* KeyValidity information, exchanged during the key
+ * agreement. NULL by default */
+ MRef<KeyValidity *> keyValidity();
+ void setKeyValidity( MRef<KeyValidity *> kv );
+
+
+ /* Access the initiator and responder key agreement data
+ * (MIKEY messages when using MIKEY) */
+ MRef<MikeyMessage *> initiatorData();
+ void setInitiatorData( MRef<MikeyMessage *> );
+ MRef<MikeyMessage *> responderData();
+ void setResponderData( MRef<MikeyMessage *> );
+
+
+ //Set the first Parameter Type in a new security policy. Returns the new Policy number.
+ uint8_t setPolicyParamType(uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ //Add or modify a parameter in an existing policy
+ void setPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type, uint8_t length, byte_t * value);
+ //Create a default policy
+ uint8_t setdefaultPolicy(uint8_t prot_type);
+ //Get a policy entry
+ Policy_type * getPolicyParamType(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
+ //For those common cases were the policy type value just is an uint8_t
+ //Only use this function if you know the policy type exist or it is not 0
+ uint8_t getPolicyParamTypeValue(uint8_t policy_No, uint8_t prot_type, uint8_t policy_type);
+ std::list <Policy_type *> * getPolicy() { return &policy; }
+
+
+ std::string authError();
+ void setAuthError( std::string error );
+
+ virtual std::string getMemObjectType() const {return "KeyAgreement";}
+
+ /* IPSEC Specific */
+ void addIpsecSA( uint32_t spi, uint32_t spiSrcaddr, uint32_t spiDstaddr,
+ byte_t policyNo, byte_t csId = 0);
+
+ /* SRTP Specific */
+
+ /* Get the CSID given the RTP SSRC */
+ byte_t getSrtpCsId( uint32_t ssrc );
+ uint32_t getSrtpRoc( uint32_t ssrc );
+ uint8_t findpolicyNo( uint32_t ssrc );
+
+ /* Set the parametter in an existing CS (used
+ * by the receiver */
+ void setSrtpStreamSsrc( uint32_t ssrc, uint8_t csId );
+ void setSrtpStreamRoc( uint32_t roc, uint8_t csId );
+
+ /* Add an SRTP stream to protect to the CSID map
+ * If csId == 0, add (initiator), else modify existing
+ * (responder) */
+ void addSrtpStream( uint32_t ssrc, uint32_t roc=0,
+ byte_t policyNo=0, byte_t csId=0 );
+
+ virtual MikeyMessage* createMessage()=0;
+
+ protected:
+ void keyDeriv( byte_t cs_id, unsigned int csb_id,
+ byte_t * inkey, unsigned int inkey_length,
+ byte_t * key, unsigned int key_length,
+ int type );
+
+ private:
+ /* Security Policy
+ */
+ std::list <Policy_type *> policy; //Contains the security policy
+
+ byte_t * tgkPtr;
+ unsigned int tgkLengthValue;
+ byte_t * randPtr;
+ unsigned int randLengthValue;
+
+ unsigned int csbIdValue;
+
+ MRef<KeyValidity *> kvPtr;
+ MRef<MikeyCsIdMap *> csIdMapPtr;
+ uint8_t nCsValue;
+ uint8_t CsIdMapType;
+
+
+ MRef<MikeyMessage *> initiatorDataPtr;
+ MRef<MikeyMessage *> responderDataPtr;
+
+ std::string authErrorValue;
+};
+
+#endif
Copied: trunk/libmikey/include/libmikey/KeyAgreementDH.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement_dh.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreementDH.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,105 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#ifndef KEYAGREEMENT_DH_H
+#define KEYAGREEMENT_DH_H
+
+#include<libmikey/libmikey_config.h>
+
+#include<libmikey/KeyAgreement.h>
+
+#define DH_GROUP_OAKLEY5 0
+#define DH_GROUP_OAKLEY1 1
+#define DH_GROUP_OAKLEY2 2
+
+
+class OakleyDH;
+class certificate_chain;
+class certificate;
+class ca_db;
+class SipSim;
+
+class LIBMIKEY_API PeerCertificates {
+ public:
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<ca_db *> aCaDb );
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<certificate_chain*> aPeerCert );
+ virtual ~PeerCertificates();
+ virtual MRef<certificate_chain *> certificateChain();
+ virtual MRef<certificate_chain *> peerCertificateChain();
+ virtual void setPeerCertificateChain( MRef<certificate_chain *> chain );
+ virtual int controlPeerCertificate();
+
+ private:
+ MRef<certificate_chain *> certChainPtr;
+ MRef<certificate_chain *> peerCertChainPtr;
+ MRef<ca_db *> certDbPtr;
+};
+
+class LIBMIKEY_API KeyAgreementDHBase: virtual public ITgk{
+ public:
+ KeyAgreementDHBase();
+ ~KeyAgreementDHBase();
+
+ int computeTgk();
+ int setGroup( int group );
+ int group();
+
+ void setPeerKey( byte_t * peerKey, int peerKeyLength );
+ int peerKeyLength();
+ byte_t * peerKey();
+
+ int publicKeyLength();
+ byte_t * publicKey();
+
+ private:
+ OakleyDH * dh;
+ byte_t * peerKeyPtr;
+ int peerKeyLengthValue;
+ byte_t * publicKeyPtr;
+ int publicKeyLengthValue;
+};
+
+class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
+ public KeyAgreementDHBase,
+ public PeerCertificates{
+ public:
+ KeyAgreementDH( MRef<certificate_chain *> cert,
+ MRef<ca_db *> ca_db );
+ KeyAgreementDH( MRef<SipSim *> sim );
+ ~KeyAgreementDH();
+
+ int32_t type();
+
+ MikeyMessage* createMessage();
+
+ MRef<SipSim*> getSim();
+
+ bool useSim;
+ private:
+ MRef<SipSim *> sim;
+};
+
+#endif
Modified: trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/KeyAgreementDHHMAC.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -29,8 +29,8 @@
#include<libmikey/libmikey_config.h>
-#include<libmikey/keyagreement_psk.h>
-#include<libmikey/keyagreement_dh.h>
+#include<libmikey/KeyAgreementPSK.h>
+#include<libmikey/KeyAgreementDH.h>
#include<libmutil/mtypes.h>
/**
Modified: trunk/libmikey/include/libmikey/KeyAgreementPKE.h
===================================================================
--- trunk/libmikey/include/libmikey/KeyAgreementPKE.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/KeyAgreementPKE.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,9 +1,9 @@
#ifndef KEYAGREEMENTPKE_H
#define KEYAGREEMENTPKE_H
-#include <libmikey/keyagreement.h>
-#include <libmikey/keyagreement_psk.h>
-#include <libmikey/keyagreement_dh.h>
+#include <libmikey/KeyAgreement.h>
+#include <libmikey/KeyAgreementPSK.h>
+#include <libmikey/KeyAgreementDH.h>
#include <libmcrypto/cert.h>
/**
Copied: trunk/libmikey/include/libmikey/KeyAgreementPSK.h (from rev 3100, trunk/libmikey/include/libmikey/keyagreement_psk.h)
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_psk.h 2007-01-09 10:36:37 UTC (rev 3100)
+++ trunk/libmikey/include/libmikey/KeyAgreementPSK.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -0,0 +1,129 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+*/
+
+
+#ifndef KEYAGREEMENT_PSK_H
+#define KEYAGREEMENT_PSK_H
+
+#include<libmikey/libmikey_config.h>
+
+#include<libmikey/KeyAgreement.h>
+
+
+
+class LIBMIKEY_API KeyAgreementPSK : public KeyAgreement{
+ public:
+ KeyAgreementPSK( const byte_t * psk, int pskLength );
+ virtual ~KeyAgreementPSK();
+
+ int32_t type();
+
+ /**
+ * Generates a TGK of de given length with the random function from the
+ * OpenSSL library and stores it in this instance
+ */
+ void generateTgk( uint32_t tgkLength = 192 );
+
+ /**
+ * Generates and stores the transport encryption key of the given length.
+ * It is derived by the envelope key
+ */
+ void genTranspEncrKey( byte_t * encrKey, int encrKeyLength );
+
+ /**
+ * Generates and stores the salting key of the given length.
+ * It is also derived by the envelope key
+ */
+ void genTranspSaltKey( byte_t * saltKey, int saltKeyLength );
+
+ /**
+ * Creates and stores the authentication key to authenticate the MAC/signature
+ * of the MIKEY message.
+ */
+ void genTranspAuthKey( byte_t * authKey, int authKeyLength );
+
+ /**
+ * Returns the timestamp on which the message was sent
+ */
+ uint64_t tSent();
+
+ /**
+ * Sets the timestamp
+ */
+ void setTSent( uint64_t tSent );
+
+ /**
+ * Timestamp on which the message was received
+ */
+ uint64_t t_received;
+
+ /**
+ * Authentication key
+ */
+ byte_t * authKey;
+
+ /**
+ * Length of the authentication key
+ */
+ unsigned int authKeyLength;
+
+ /**
+ * If the V bit is set by the initiator, the responder has to send a
+ * verification message.
+ */
+ void setV(int value) {v=value;}
+
+ /**
+ * Used to test if the V bit is set.
+ */
+ int getV() {return v;}
+
+ /**
+ * MAC algorithmus (HMAC-SHA1)
+ */
+ int macAlg;
+
+ virtual MikeyMessage* createMessage();
+
+ protected:
+ KeyAgreementPSK();
+ void setPSK( const byte_t* psk, int pskLength );
+ byte_t* getPSK();
+ int getPSKLength();
+
+ private:
+ byte_t * pskPtr;
+ int pskLengthValue;
+
+ /**
+ * The V bit
+ */
+ int v;
+
+ /**
+ * Timestamp from when the message was sent
+ */
+ uint64_t tSentValue;
+};
+
+#endif
Copied: trunk/libmikey/include/libmikey/KeyValidity.h (from rev 3100, trunk/libmikey/include/libmikey/keyvalidity.h)
Modified: trunk/libmikey/include/libmikey/MikeyMessage.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -36,9 +36,9 @@
#include<libmikey/MikeyPayload.h>
#include<libmikey/MikeyPayloadSIGN.h>
-#include<libmikey/keyagreement.h>
-#include<libmikey/keyagreement_dh.h>
-#include<libmikey/keyagreement_psk.h>
+#include<libmikey/KeyAgreement.h>
+#include<libmikey/KeyAgreementDH.h>
+#include<libmikey/KeyAgreementPSK.h>
#include<libmcrypto/cert.h>
#include<list>
Modified: trunk/libmikey/include/libmikey/MikeyPayloadDH.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyPayloadDH.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyPayloadDH.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyPayload.h>
-#include<libmikey/keyvalidity.h>
+#include<libmikey/KeyValidity.h>
#include<libmikey/MikeyMessage.h>
#define MIKEYPAYLOAD_DH_PAYLOAD_TYPE 3
Modified: trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/MikeyPayloadKeyData.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -28,7 +28,7 @@
#include<libmikey/libmikey_config.h>
#include<libmikey/MikeyPayload.h>
-#include<libmikey/keyvalidity.h>
+#include<libmikey/KeyValidity.h>
#define MIKEYPAYLOAD_KEYDATA_PAYLOAD_TYPE 20
Deleted: trunk/libmikey/include/libmikey/keyagreement.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement.h 2007-01-10 22:51:32 UTC (rev 3110)
+++ trunk/libmikey/include/libmikey/keyagreement.h 2007-01-10 23:58:35 UTC (rev 3111)
@@ -1,215 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien, Joachim Orrblad
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- * Joachim Orrblad <joachim at orrblad.com>
-*/
-
-
-#ifndef KEYAGREEMENT_H
-#define KEYAGREEM