00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081
00082
00083
00084
00085
00086
00087
00088
00089
00090
00091
00092 #ifndef __OPAL_H235AUTH_H
00093 #define __OPAL_H235AUTH_H
00094
00095 #ifdef P_USE_PRAGMA
00096 #pragma interface
00097 #endif
00098
00099 class H323TransactionPDU;
00100 class H225_CryptoH323Token;
00101 class H225_ArrayOf_AuthenticationMechanism;
00102 class H225_ArrayOf_PASN_ObjectId;
00103 class H235_ClearToken;
00104 class H235_AuthenticationMechanism;
00105 class PASN_ObjectId;
00106 class PASN_Sequence;
00107 class PASN_Array;
00108
00109 namespace PWLibStupidLinkerHacks {
00110 extern int h235AuthLoader;
00111 };
00112
00116 class H235Authenticator : public PObject
00117 {
00118 PCLASSINFO(H235Authenticator, PObject);
00119 public:
00120 H235Authenticator();
00121
00122 virtual void PrintOn(
00123 ostream & strm
00124 ) const;
00125
00126 virtual const char * GetName() const = 0;
00127
00128 virtual BOOL PrepareTokens(
00129 PASN_Array & clearTokens,
00130 PASN_Array & cryptoTokens
00131 );
00132
00133 virtual H235_ClearToken * CreateClearToken();
00134 virtual H225_CryptoH323Token * CreateCryptoToken();
00135
00136 virtual BOOL Finalise(
00137 PBYTEArray & rawPDU
00138 );
00139
00140 enum ValidationResult {
00141 e_OK = 0,
00142 e_Absent,
00143 e_Error,
00144 e_InvalidTime,
00145 e_BadPassword,
00146 e_ReplyAttack,
00147 e_Disabled
00148 };
00149
00150 virtual ValidationResult ValidateTokens(
00151 const PASN_Array & clearTokens,
00152 const PASN_Array & cryptoTokens,
00153 const PBYTEArray & rawPDU
00154 );
00155
00156 virtual ValidationResult ValidateClearToken(
00157 const H235_ClearToken & clearToken
00158 );
00159
00160 virtual ValidationResult ValidateCryptoToken(
00161 const H225_CryptoH323Token & cryptoToken,
00162 const PBYTEArray & rawPDU
00163 );
00164
00165 virtual BOOL IsCapability(
00166 const H235_AuthenticationMechanism & mechansim,
00167 const PASN_ObjectId & algorithmOID
00168 ) = 0;
00169
00170 virtual BOOL SetCapability(
00171 H225_ArrayOf_AuthenticationMechanism & mechansims,
00172 H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00173 ) = 0;
00174
00175 virtual BOOL UseGkAndEpIdentifiers() const;
00176
00177 virtual BOOL IsSecuredPDU(
00178 unsigned rasPDU,
00179 BOOL received
00180 ) const;
00181
00182 virtual BOOL IsActive() const;
00183
00184 virtual void Enable(
00185 BOOL enab = TRUE
00186 ) { enabled = enab; }
00187 virtual void Disable() { enabled = FALSE; }
00188
00189 virtual const PString & GetRemoteId() const { return remoteId; }
00190 virtual void SetRemoteId(const PString & id) { remoteId = id; }
00191
00192 virtual const PString & GetLocalId() const { return localId; }
00193 virtual void SetLocalId(const PString & id) { localId = id; }
00194
00195 virtual const PString & GetPassword() const { return password; }
00196 virtual void SetPassword(const PString & pw) { password = pw; }
00197
00198
00199 protected:
00200 BOOL AddCapability(
00201 unsigned mechanism,
00202 const PString & oid,
00203 H225_ArrayOf_AuthenticationMechanism & mechansims,
00204 H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00205 );
00206
00207 BOOL enabled;
00208
00209 PString remoteId;
00210 PString localId;
00211 PString password;
00212
00213 unsigned sentRandomSequenceNumber;
00214 unsigned lastRandomSequenceNumber;
00215 unsigned lastTimestamp;
00216 int timestampGracePeriod;
00217
00218 PMutex mutex;
00219 };
00220
00221
00222 PDECLARE_LIST(H235Authenticators, H235Authenticator)
00223 #ifdef DOC_PLUS_PLUS
00224 {
00225 #endif
00226 public:
00227 void PreparePDU(
00228 H323TransactionPDU & pdu,
00229 PASN_Array & clearTokens,
00230 unsigned clearOptionalField,
00231 PASN_Array & cryptoTokens,
00232 unsigned cryptoOptionalField
00233 ) const;
00234
00235 H235Authenticator::ValidationResult ValidatePDU(
00236 const H323TransactionPDU & pdu,
00237 const PASN_Array & clearTokens,
00238 unsigned clearOptionalField,
00239 const PASN_Array & cryptoTokens,
00240 unsigned cryptoOptionalField,
00241 const PBYTEArray & rawPDU
00242 ) const;
00243 };
00244
00245
00246
00247
00252 class H235AuthSimpleMD5 : public H235Authenticator
00253 {
00254 PCLASSINFO(H235AuthSimpleMD5, H235Authenticator);
00255 public:
00256 H235AuthSimpleMD5();
00257
00258 PObject * Clone() const;
00259
00260 virtual const char * GetName() const;
00261
00262 virtual H225_CryptoH323Token * CreateCryptoToken();
00263
00264 virtual ValidationResult ValidateCryptoToken(
00265 const H225_CryptoH323Token & cryptoToken,
00266 const PBYTEArray & rawPDU
00267 );
00268
00269 virtual BOOL IsCapability(
00270 const H235_AuthenticationMechanism & mechansim,
00271 const PASN_ObjectId & algorithmOID
00272 );
00273
00274 virtual BOOL SetCapability(
00275 H225_ArrayOf_AuthenticationMechanism & mechansim,
00276 H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00277 );
00278
00279 virtual BOOL IsSecuredPDU(
00280 unsigned rasPDU,
00281 BOOL received
00282 ) const;
00283 };
00284
00285
00292 class H235AuthCAT : public H235Authenticator
00293 {
00294 PCLASSINFO(H235AuthCAT, H235Authenticator);
00295 public:
00296 H235AuthCAT();
00297
00298 PObject * Clone() const;
00299
00300 virtual const char * GetName() const;
00301
00302 virtual H235_ClearToken * CreateClearToken();
00303
00304 virtual ValidationResult ValidateClearToken(
00305 const H235_ClearToken & clearToken
00306 );
00307
00308 virtual BOOL IsCapability(
00309 const H235_AuthenticationMechanism & mechansim,
00310 const PASN_ObjectId & algorithmOID
00311 );
00312
00313 virtual BOOL SetCapability(
00314 H225_ArrayOf_AuthenticationMechanism & mechansim,
00315 H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00316 );
00317
00318 virtual BOOL IsSecuredPDU(
00319 unsigned rasPDU,
00320 BOOL received
00321 ) const;
00322 };
00323
00324
00325 #if P_SSL
00326
00327 namespace PWLibStupidLinkerHacks {
00328 extern int h235AuthProcedure1Loader;
00329 };
00330
00333 class H235AuthProcedure1 : public H235Authenticator
00334 {
00335 PCLASSINFO(H235AuthProcedure1, H235Authenticator);
00336 public:
00337 H235AuthProcedure1();
00338
00339 PObject * Clone() const;
00340
00341 virtual const char * GetName() const;
00342
00343 virtual H225_CryptoH323Token * CreateCryptoToken();
00344
00345 virtual BOOL Finalise(
00346 PBYTEArray & rawPDU
00347 );
00348
00349 virtual ValidationResult ValidateCryptoToken(
00350 const H225_CryptoH323Token & cryptoToken,
00351 const PBYTEArray & rawPDU
00352 );
00353
00354 virtual BOOL IsCapability(
00355 const H235_AuthenticationMechanism & mechansim,
00356 const PASN_ObjectId & algorithmOID
00357 );
00358
00359 virtual BOOL SetCapability(
00360 H225_ArrayOf_AuthenticationMechanism & mechansim,
00361 H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00362 );
00363
00364 virtual BOOL UseGkAndEpIdentifiers() const;
00365 };
00366
00367 #endif
00368
00369
00370 #endif //__OPAL_H235AUTH_H
00371
00372