src/core/sip-sec-tls-dsk.c

   1 /**
   2  * @file sip-sec-tls-dsk.c
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2011 SIPE Project <http://sipe.sourceforge.net/>
   7  *
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22  *
  23  *
  24  * Specification references:
  25  *
  26  *   - [MS-SIPAE]:    http://msdn.microsoft.com/en-us/library/cc431510.aspx
  27  *   - [MS-OCAUTHWS]: http://msdn.microsoft.com/en-us/library/ff595592.aspx
  28  *   - MS Tech-Ed Europe 2010 "UNC310: Microsoft Lync 2010 Technology Explained"
  29  *     http://ecn.channel9.msdn.com/o9/te/Europe/2010/pptx/unc310.pptx
  30  */
  31
  32 #include <string.h>
  33
  34 #include <glib.h>
  35
  36 #include "sipe-common.h"
  37 #include "sip-sec.h"
  38 #include "sip-sec-mech.h"
  39 #include "sip-sec-tls-dsk.h"
  40 #include "sipe-backend.h"
  41 #include "sipe-digest.h"
  42 #include "sipe-tls.h"
  43
  44 /* Security context for TLS-DSK */
  45 typedef struct _context_tls_dsk {
  46         struct sip_sec_context common;
  47         struct sipe_tls_state *state;
  48         enum sipe_tls_digest_algorithm algorithm;
  49         guchar *client_key;
  50         guchar *server_key;
  51         gsize key_length;
  52 } *context_tls_dsk;
  53
  54 /* sip-sec-mech.h API implementation for TLS-DSK */
  55
  56 static sip_uint32
  57 sip_sec_acquire_cred__tls_dsk(SipSecContext context,
  58                               SIPE_UNUSED_PARAMETER const char *domain,
  59                               SIPE_UNUSED_PARAMETER const char *username,
  60                               const char *password)
  61 {
  62         context_tls_dsk ctx = (context_tls_dsk)context;
  63
  64         ctx->state = sipe_tls_start((gpointer) password);
  65         if (ctx->state) {
  66                 /* Authentication not yet completed */
  67                 ctx->common.is_ready = FALSE;
  68
  69                 return SIP_SEC_E_OK;
  70         } else {
  71                 return SIP_SEC_E_INTERNAL_ERROR;
  72         }
  73 }
  74
  75 static sip_uint32
  76 sip_sec_init_sec_context__tls_dsk(SipSecContext context,
  77                                   SipSecBuffer in_buff,
  78                                   SipSecBuffer *out_buff,
  79                                   SIPE_UNUSED_PARAMETER const char *service_name)
  80 {
  81         context_tls_dsk ctx = (context_tls_dsk) context;
  82         struct sipe_tls_state *state = ctx->state;
  83
  84         state->in_buffer = in_buff.value;
  85         state->in_length = in_buff.length;
  86
  87         if (sipe_tls_next(state)) {
  88                 if ((state->algorithm != SIPE_TLS_DIGEST_ALGORITHM_NONE) &&
  89                     state->client_key && state->server_key) {
  90                         /* Authentication is completed */
  91                         ctx->common.is_ready = TRUE;
  92
  93                         /* copy key pair */
  94                         ctx->algorithm  = state->algorithm;
  95                         ctx->key_length = state->key_length;
  96                         ctx->client_key = g_memdup(state->client_key,
  97                                                    state->key_length);
  98                         ctx->server_key = g_memdup(state->server_key,
  99                                                    state->key_length);
 100
 101                         SIPE_DEBUG_INFO("sip_sec_init_sec_context__tls_dsk: handshake completed, algorithm %d, key length %" G_GSIZE_FORMAT,
 102                                         ctx->algorithm, ctx->key_length);
 103
 104                         sipe_tls_free(state);
 105                         ctx->state = NULL;
 106                 } else {
 107                         out_buff->value  = state->out_buffer;
 108                         out_buff->length = state->out_length;
 109                         /* we take ownership of the buffer */
 110                         state->out_buffer = NULL;
 111                 }
 112         } else {
 113                 sipe_tls_free(state);
 114                 ctx->state = NULL;
 115         }
 116
 117         return((ctx->common.is_ready || ctx->state) ? SIP_SEC_E_OK : SIP_SEC_E_INTERNAL_ERROR);
 118 }
 119
 120 static sip_uint32
 121 sip_sec_make_signature__tls_dsk(SipSecContext context,
 122                                 const char *message,
 123                                 SipSecBuffer *signature)
 124 {
 125         context_tls_dsk ctx = (context_tls_dsk) context;
 126         sip_uint32 result = SIP_SEC_E_INTERNAL_ERROR;
 127
 128         switch (ctx->algorithm) {
 129         case SIPE_TLS_DIGEST_ALGORITHM_MD5:
 130                 signature->length = SIPE_DIGEST_HMAC_MD5_LENGTH;
 131                 signature->value  = g_malloc0(signature->length);
 132                 sipe_digest_hmac_md5(ctx->client_key, ctx->key_length,
 133                                      (guchar *) message, strlen(message),
 134                                      signature->value);
 135                 result = SIP_SEC_E_OK;
 136                 break;
 137
 138         case SIPE_TLS_DIGEST_ALGORITHM_SHA1:
 139                 signature->length = SIPE_DIGEST_HMAC_SHA1_LENGTH;
 140                 signature->value  = g_malloc0(signature->length);
 141                 sipe_digest_hmac_sha1(ctx->client_key, ctx->key_length,
 142                                       (guchar *) message, strlen(message),
 143                                       signature->value);
 144                 result = SIP_SEC_E_OK;
 145                 break;
 146
 147         default:
 148                 /* this should not happen */
 149                 break;
 150         }
 151
 152         return(result);
 153 }
 154
 155 static sip_uint32
 156 sip_sec_verify_signature__tls_dsk(SipSecContext context,
 157                                   const char *message,
 158                                   SipSecBuffer signature)
 159 {
 160         context_tls_dsk ctx = (context_tls_dsk) context;
 161         SipSecBuffer mac    = { 0, NULL };
 162         sip_uint32 result   = SIP_SEC_E_INTERNAL_ERROR;
 163
 164         switch (ctx->algorithm) {
 165         case SIPE_TLS_DIGEST_ALGORITHM_MD5:
 166                 mac.length = SIPE_DIGEST_HMAC_MD5_LENGTH;
 167                 mac.value  = g_malloc0(mac.length);
 168                 sipe_digest_hmac_md5(ctx->server_key, ctx->key_length,
 169                                      (guchar *) message, strlen(message),
 170                                      mac.value);
 171                 break;
 172
 173         case SIPE_TLS_DIGEST_ALGORITHM_SHA1:
 174                 mac.length = SIPE_DIGEST_HMAC_SHA1_LENGTH;
 175                 mac.value  = g_malloc0(mac.length);
 176                 sipe_digest_hmac_sha1(ctx->server_key, ctx->key_length,
 177                                       (guchar *) message, strlen(message),
 178                                       mac.value);
 179                 break;
 180
 181         default:
 182                 /* this should not happen */
 183                 break;
 184         }
 185
 186         if (mac.value) {
 187                 result = memcmp(signature.value, mac.value, mac.length) ?
 188                         SIP_SEC_E_INTERNAL_ERROR : SIP_SEC_E_OK;
 189                 g_free(mac.value);
 190         }
 191
 192         return(result);
 193 }
 194
 195 static void
 196 sip_sec_destroy_sec_context__tls_dsk(SipSecContext context)
 197 {
 198         context_tls_dsk ctx = (context_tls_dsk) context;
 199
 200         sipe_tls_free(ctx->state);
 201         g_free(ctx->client_key);
 202         g_free(ctx->server_key);
 203         g_free(ctx);
 204 }
 205
 206 SipSecContext
 207 sip_sec_create_context__tls_dsk(SIPE_UNUSED_PARAMETER guint type)
 208 {
 209         context_tls_dsk context = g_malloc0(sizeof(struct _context_tls_dsk));
 210         if (!context) return(NULL);
 211
 212         context->common.acquire_cred_func     = sip_sec_acquire_cred__tls_dsk;
 213         context->common.init_context_func     = sip_sec_init_sec_context__tls_dsk;
 214         context->common.destroy_context_func  = sip_sec_destroy_sec_context__tls_dsk;
 215         context->common.make_signature_func   = sip_sec_make_signature__tls_dsk;
 216         context->common.verify_signature_func = sip_sec_verify_signature__tls_dsk;
 217
 218         return((SipSecContext) context);
 219 }
 220
 221 /*
 222   Local Variables:
 223   mode: c
 224   c-file-style: "bsd"
 225   indent-tabs-mode: t
 226   tab-width: 8
 227   End:
 228 */