Commit 9b728847 authored by Danmei Chen's avatar Danmei Chen

add choice of algorithm in suite refrensher

parent e2be5d96
......@@ -56,6 +56,12 @@ BELLESIP_EXPORT belle_http_header_authorization_t* belle_http_auth_helper_create
*/
BELLESIP_EXPORT belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_authorization(const belle_sip_header_proxy_authenticate_t* proxy_authentication);
/**
* return size which depends on algorithm
* @return 0 if failed
*/
BELLESIP_EXPORT int belle_sip_auth_define_size(const char* algo);
/**
* compute and set response value according to parameters
* HA1=MD5(username:realm:passwd)
......@@ -95,6 +101,12 @@ BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha1_for_algorithm(const char*
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha2(const char* method,const char* uri, char ha2[33]);
/*
* compute HA2 (NULL terminated)
* HA2=MD5(method:uri) or SHA-256(method:uri)
* return 0 in case of success
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha2_for_algorithm(const char* method,const char* uri, char *ha2, size_t size, const char* algo);
/*
* compute response(NULL terminated)
* res=MD5(ha1:nonce:ha2)
......@@ -102,6 +114,12 @@ BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha2(const char* method,const c
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_response(const char* ha1,const char* nonce, const char* ha2, char response[33]);
/*
* compute response(NULL terminated)
* res=MD5(ha1:nonce:ha2) or SHA-256(ha1:nonce:ha2)
* return 0 in case of success
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_response_for_algorithm(const char* ha1,const char* nonce, const char* ha2, char *response, size_t size, const char* algo);
/*
* compute response(NULL terminated)
* res=MD5(HA1:nonce:nonce_count:cnonce:qop:HA2)
......@@ -115,7 +133,19 @@ BELLESIP_EXPORT int belle_sip_auth_helper_compute_response_qop_auth( const char*
, const char* ha2
, char response[33]);
/*
* compute response(NULL terminated)
* res=MD5(HA1:nonce:nonce_count:cnonce:qop:HA2) or SHA-256(HA1:nonce:nonce_count:cnonce:qop:HA2)
* return 0 in case of success
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_response_qop_auth_for_algorithm(const char* ha1
, const char* nonce
, unsigned int nonce_count
, const char* cnonce
, const char* qop
, const char* ha2
, char *response
, size_t size, const char* algo);
/*TLS client certificate auth*/
/**
......
......@@ -56,6 +56,19 @@ BELLESIP_EXPORT void belle_sip_provider_send_response(belle_sip_provider_t *p, b
BELLESIP_EXPORT void belle_sip_provider_clean_channels(belle_sip_provider_t *p);
/**
* Add auth info to the request if found
* @param p object
* @param request to be updated
* @param resp response to take authentication values from, might be NULL
* @param from_uri optional - an uri to use instead of the from of the request, which can be anonymous.
* @param auth_infos optional - A newly allocated belle_sip_auth_info_t object is added to this list. These object contains useful information like realm and username.
* @param realm optional - If an outbound proxy realm is used, nounce can be reused from previous request to avoid re-authentication.
* @returns 0 in case of success,
*
**/
BELLESIP_EXPORT int belle_sip_provider_add_authorization_for_algorithm(belle_sip_provider_t *p, belle_sip_request_t* request,belle_sip_response_t *resp, belle_sip_uri_t *from_uri, belle_sip_list_t** auth_infos, const char* realm, const char* algorithm);
/**
* Add auth info to the request if found
* @param p object
......
......@@ -79,11 +79,21 @@ BELLESIP_EXPORT void belle_sip_refresher_set_retry_after(belle_sip_refresher_t*
*/
BELLESIP_EXPORT const char* belle_sip_refresher_get_realm(const belle_sip_refresher_t* refresher);
/**
* returns algorithm of the outbound proxy used for authentication, if any
*/
BELLESIP_EXPORT const char* belle_sip_refresher_get_algorithm(const belle_sip_refresher_t* refresher);
/**
* Realm of the outbound proxy used for authentication, if any
*/
BELLESIP_EXPORT void belle_sip_refresher_set_realm(belle_sip_refresher_t* refresher, const char* realm);
/**
* algorithm of the outbound proxy used for authentication, if any
*/
BELLESIP_EXPORT void belle_sip_refresher_set_algorithm(belle_sip_refresher_t* refresher, const char* algorithm);
/**
* get current client transaction
* @param refresher object
......
......@@ -83,6 +83,17 @@ BELLESIP_EXPORT belle_sip_refresher_t* belle_sip_client_transaction_create_refre
* */
BELLESIP_EXPORT belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request(belle_sip_client_transaction_t *t,belle_sip_list_t** auth_infos,const char* realm);
/**
* Create an authenticated request based on an existing terminated transaction.
* <br>This function, update cseq, put route set and try to fill authorization headers. Initial request is not cloned.
* @param transaction . must be in state completed
* @param auth_infos if auth infos cannot be added for an authenticate header,
* @param realm optional - If an outbound proxy realm is used, digestion authentication can be optimized.
* @param algo for different algorithm MD5 or SHA-256
* a newly allocated belle_sip_auth_info_t object is added to this list. These object contains useful information like realm and username. May be NULL
* */
BELLESIP_EXPORT belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request_for_algorithm(belle_sip_client_transaction_t *t,belle_sip_list_t** auth_infos,const char* realm,const char* algo);
/**
* For transactions over unreliable transports, stop retransmissions. This avoids for example to keep sending INVITE retransmissions of a call that has just been terminated, while
* keeping the transaction alive in order to eventually let a response being handled, so that the transaction can be cancelled properly.
......
......@@ -74,7 +74,7 @@ belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_autho
}
static void belle_sip_auth_choose_method(const char* algo,char *ask,uint8_t *out, size_t size){
if (!strcmp(algo,"MD5")){
if((algo==NULL)||(!strcmp(algo,"MD5"))){
bctbx_md5((const unsigned char*)ask, strlen(ask), out);
}
else if(!strcmp(algo,"SHA-256")){
......@@ -82,8 +82,22 @@ static void belle_sip_auth_choose_method(const char* algo,char *ask,uint8_t *out
}
}
int belle_sip_auth_define_size(const char* algo) {
if((algo==NULL)||(!strcmp(algo,"MD5"))){
return 33;
}
else if(!strcmp(algo,"SHA-256")){
return 65;
}
else{
return 0;
}
}
int belle_sip_auth_helper_compute_ha1_for_algorithm(const char* userid,const char* realm,const char* password, char *ha1, size_t size, const char* algo) {
if (!(((size == 33) && (!strcmp(algo,"MD5")))|| ((size == 65) && (!strcmp(algo,"SHA-256"))))) {
size_t compared_size;
compared_size = belle_sip_auth_define_size(algo);
if (compared_size!= size) {
belle_sip_error("belle_sip_fill_authorization_header, size of ha1 must be 33 when MD5 or 65 when SHA-256 ");
return -1;
}
......@@ -119,7 +133,9 @@ int belle_sip_auth_helper_compute_ha1(const char* userid,const char* realm,const
}
int belle_sip_auth_helper_compute_ha2_for_algorithm(const char* method,const char* uri, char *ha2, size_t size, const char* algo) {
if (!(((size == 33) && (!strcmp(algo,"MD5")))|| ((size == 65) && (!strcmp(algo,"SHA-256"))))) {
size_t compared_size;
compared_size = belle_sip_auth_define_size(algo);
if (compared_size!= size) {
belle_sip_error("belle_sip_fill_authorization_header, size of ha1 must be 33 when MD5 or 65 when SHA-256 ");
return -1;
}
......@@ -144,7 +160,9 @@ int belle_sip_auth_helper_compute_ha2(const char* method,const char* uri, char h
}
int belle_sip_auth_helper_compute_response_for_algorithm(const char* ha1,const char* nonce, const char* ha2, char *response, size_t size, const char* algo) {
if (!(((size == 33) && (!strcmp(algo,"MD5")))|| ((size == 65) && (!strcmp(algo,"SHA-256"))))) {
size_t compared_size;
compared_size = belle_sip_auth_define_size(algo);
if (compared_size!= size) {
belle_sip_error("belle_sip_fill_authorization_header, size of ha1 must be 33 when MD5 or 65 when SHA-256 ");
return -1;
}
......@@ -177,7 +195,9 @@ int belle_sip_auth_helper_compute_response_qop_auth_for_algorithm(const char* ha
, const char* ha2
, char *response
, size_t size, const char* algo) {
if (!(((size == 33) && (!strcmp(algo,"MD5")))|| ((size == 65) && (!strcmp(algo,"SHA-256"))))) {
size_t compared_size;
compared_size = belle_sip_auth_define_size(algo);
if (compared_size!= size) {
belle_sip_error("belle_sip_fill_authorization_header, size of ha1 must be 33 when MD5 or 65 when SHA-256 ");
return -1;
}
......@@ -216,14 +236,9 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
,const char* ha1) {
size_t size;
const char *algo = belle_sip_header_authorization_get_algorithm(authorization);
if (!strcmp(algo,"MD5")){
size = 33;
}
else if(!strcmp(algo,"SHA-256")){
size = 65;
}
else{
belle_sip_error("belle_sip_fill_authorization_header, algorithm is neither MD5 nor SHA-256 ");
size = belle_sip_auth_define_size(algo);
if(!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo);
return -1;
}
......
......@@ -1135,8 +1135,8 @@ static void belle_sip_provider_update_or_create_auth_context(belle_sip_provider
}
int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_request_t* request, belle_sip_response_t *resp,
belle_sip_uri_t *from_uri, belle_sip_list_t** auth_infos, const char* realm) {
int belle_sip_provider_add_authorization_for_algorithm(belle_sip_provider_t *p, belle_sip_request_t* request, belle_sip_response_t *resp,
belle_sip_uri_t *from_uri, belle_sip_list_t** auth_infos, const char* realm, const char* algorithm) {
belle_sip_header_call_id_t* call_id;
belle_sip_list_t* auth_context_iterator;
belle_sip_list_t* authenticate_lst;
......@@ -1147,9 +1147,11 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
belle_sip_auth_event_t* auth_event;
authorization_context_t* auth_context;
const char* ha1;
char computed_ha1[33];
char computed_ha1[65];
int result=0;
const char* request_method;
size_t size;
const char* algo;
/*check params*/
if (!p || !request) {
belle_sip_error("belle_sip_provider_add_authorization bad parameters");
......@@ -1256,17 +1258,28 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
belle_sip_header_authorization_set_nonce(authorization,auth_context->nonce);
belle_sip_header_authorization_set_qop(authorization,auth_context->qop);
belle_sip_header_authorization_set_opaque(authorization,auth_context->opaque);
if(algorithm==NULL){
belle_sip_header_authorization_set_algorithm(authorization,auth_context->algorithm);
}
else {
belle_sip_header_authorization_set_algorithm(authorization,algorithm);
}
belle_sip_header_authorization_set_uri(authorization,(belle_sip_uri_t*)belle_sip_request_get_uri(request));
if (auth_context->qop){
++auth_context->nonce_count;
belle_sip_header_authorization_set_nonce_count(authorization,auth_context->nonce_count);
}
algo = belle_sip_header_authorization_get_algorithm(authorization);
size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo);
return -1;
}
if (auth_event->ha1) {
ha1=auth_event->ha1;
} else {
belle_sip_auth_helper_compute_ha1(auth_event->userid,auth_context->realm,auth_event->passwd, computed_ha1);
belle_sip_auth_helper_compute_ha1_for_algorithm(auth_event->userid,auth_context->realm,auth_event->passwd, computed_ha1, size, algo);
ha1=computed_ha1;
}
if (belle_sip_auth_helper_fill_authorization(authorization
......@@ -1291,6 +1304,11 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
return result;
}
int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_request_t* request, belle_sip_response_t *resp,
belle_sip_uri_t *from_uri, belle_sip_list_t** auth_infos, const char* realm) {
belle_sip_provider_add_authorization_for_algorithm(p,request,resp,from_uri,auth_infos,realm,NULL);
return 0;
}
void belle_sip_provider_set_recv_error(belle_sip_provider_t *prov, int recv_error) {
belle_sip_list_t *lps;
belle_sip_list_t *channels;
......
......@@ -56,6 +56,7 @@ struct belle_sip_refresher {
timer_purpose_t timer_purpose;
unsigned char manual;
unsigned int publish_pending;
char* algo;
};
static void set_or_update_dialog(belle_sip_refresher_t* refresher, belle_sip_dialog_t* dialog);
static int set_expires_from_trans(belle_sip_refresher_t* refresher);
......@@ -481,7 +482,7 @@ static int belle_sip_refresher_refresh_internal(belle_sip_refresher_t* refresher
belle_sip_header_cseq_set_seq_number(cseq,belle_sip_header_cseq_get_seq_number(cseq)+1);
}
} else {
request=belle_sip_client_transaction_create_authenticated_request(refresher->transaction,auth_infos,refresher->realm);
request=belle_sip_client_transaction_create_authenticated_request_for_algorithm(refresher->transaction,auth_infos,refresher->realm,refresher->algo);
}
if (requri){
/*case where we are redirected*/
......@@ -523,7 +524,7 @@ static int belle_sip_refresher_refresh_internal(belle_sip_refresher_t* refresher
}
}
belle_sip_provider_add_authorization(prov,request,old_response,NULL,auth_infos,refresher->realm);
belle_sip_provider_add_authorization_for_algorithm(prov,request,old_response,NULL,auth_infos,refresher->realm,refresher->algo);
break;
}
case BELLE_SIP_DIALOG_TERMINATED: {
......@@ -816,6 +817,10 @@ const char* belle_sip_refresher_get_realm(const belle_sip_refresher_t* refresher
return refresher->realm;
}
const char* belle_sip_refresher_get_algorithm(const belle_sip_refresher_t* refresher){
return refresher->algo;
}
void belle_sip_refresher_set_realm(belle_sip_refresher_t* refresher, const char* realm) {
if (refresher->realm){
belle_sip_free(refresher->realm);
......@@ -826,6 +831,16 @@ void belle_sip_refresher_set_realm(belle_sip_refresher_t* refresher, const char*
}
}
void belle_sip_refresher_set_algorithm(belle_sip_refresher_t* refresher, const char* algorithm) {
if (refresher->algo){
belle_sip_free(refresher->algo);
refresher->algo = NULL;
}
if (algorithm!=NULL){
refresher->algo=belle_sip_strdup(algorithm);
}
}
const belle_sip_client_transaction_t* belle_sip_refresher_get_transaction(const belle_sip_refresher_t* refresher) {
return refresher->transaction;
}
......
......@@ -663,7 +663,7 @@ belle_sip_refresher_t* belle_sip_client_transaction_create_refresher(belle_sip_c
return belle_sip_refresher_new(t);
}
belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request(belle_sip_client_transaction_t *t,belle_sip_list_t** auth_infos,const char* realm) {
belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request_for_algorithm(belle_sip_client_transaction_t *t,belle_sip_list_t** auth_infos,const char* realm, const char* algo) {
belle_sip_request_t* initial_request=belle_sip_transaction_get_request(BELLE_SIP_TRANSACTION(t));
belle_sip_request_t* req=belle_sip_request_clone_with_body(initial_request);
belle_sip_header_cseq_t* cseq=belle_sip_message_get_header_by_type(req,belle_sip_header_cseq_t);
......@@ -681,10 +681,13 @@ belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request(b
belle_sip_message_remove_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_PROXY_AUTHORIZATION);
/*put auth header*/
belle_sip_provider_add_authorization(t->base.provider,req,t->base.last_response,NULL,auth_infos,realm);
belle_sip_provider_add_authorization_for_algorithm(t->base.provider,req,t->base.last_response,NULL,auth_infos,realm,algo);
return req;
}
belle_sip_request_t* belle_sip_client_transaction_create_authenticated_request(belle_sip_client_transaction_t *t,belle_sip_list_t** auth_infos,const char* realm){
return belle_sip_client_transaction_create_authenticated_request_for_algorithm(t,auth_infos,realm,NULL);
}
/*
rfc 3265
3.3.4. Dialog creation and termination
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment