sipxtacklib  Version 3.3
SmimeBody.h
Go to the documentation of this file.
1 //
2 // Copyright (C) 2004-2006 SIPfoundry Inc.
3 // Licensed by SIPfoundry under the LGPL license.
4 //
5 // Copyright (C) 2004-2006 Pingtel Corp. All rights reserved.
6 // Licensed to SIPfoundry under a Contributor Agreement.
7 //
8 // $$
10 // Author: Dan Petrie (dpetrie AT SIPez DOT com)
11 
12 
13 #ifndef _SmimeBody_h_
14 #define _SmimeBody_h_
15 
16 // SYSTEM INCLUDES
17 //#include <...>
18 #ifdef HAVE_NSS
19 #include <nspr.h>
20 #include <nss.h>
21 #include <secutil.h>
22 #include <secport.h>
23 #include <certdb.h>
24 #include <ssl.h>
25 #include <cms.h>
26 #include <cert.h>
27 #include <pk11func.h>
28 #include <pkcs12.h>
29 #include <p12plcy.h>
30 #include <p12.h>
31 #include <ciferfam.h>
32 #include <base64.h>
33 #include "net/pk12wrapper.h"
34 #endif
35 
36 // APPLICATION INCLUDES
37 #include <net/HttpBody.h>
38 #include <tapi/sipXtapiEvents.h>
39 
40 // DEFINES
41 // MACROS
42 // EXTERNAL FUNCTIONS
43 // EXTERNAL VARIABLES
44 // CONSTANTS
45 // STRUCTS
46 // TYPEDEFS
47 // FORWARD DECLARATIONS
48 // ENUMS
49 
54 #define SIPXTACK_MAX_SRTP_KEY_LENGTH 31
55 #define SIPXTACK_MAX_SMIME_KEY_LENGTH 2048
56 #define SIPXTACK_MAX_PKCS12_KEY_LENGTH 4096
57 #define SIPXTACK_MAX_CERT_LENGTH 4096
58 #define SIPXTACK_MAX_PASSWORD_LENGTH 32
59 
60 /*
61 typedef enum SMIME_ERRORS
62 {
63  SMIME_SUCCESS,
64  SMIME_ENCRYPT_FAILURE_LIB_INIT,
65  SMIME_ENCRYPT_FAILURE_BAD_PUBLIC_KEY,
66  SMIME_ENCRYPT_FAILURE_INVALID_PARAMETER,
67  SMIME_DECRYPT_FAILURE_DB_INIT,
68  SMIME_DECRYPT_FAILURE_BAD_DB_PASSWORD,
69  SMIME_DECRYPT_FAILURE_INVALID_PARAMETER,
70  SMIME_DECRYPT_BAD_SIGNATURE,
71  SMIME_DECRYPT_MISSING_SIGNATURE,
72  SMIME_UNKNOWN
73 } SMIME_ERRORS;
74 */
75 
76 enum SIPXTACK_SRTP_LEVEL
77 {
78  SIPXTACK_SRTP_LEVEL_NONE,
79  SIPXTACK_SRTP_LEVEL_ENCRYPTION,
80  SIPXTACK_SRTP_LEVEL_AUTHENTICATION,
81  SIPXTACK_SRTP_LEVEL_ENCRYPTION_AND_AUTHENTICATION
82 };
83 
87 class SIPXTACK_SECURITY_ATTRIBUTES
88 {
89  public:
90  friend class SipMessage;
91  SIPXTACK_SECURITY_ATTRIBUTES()
92  {
93  nSrtpKeyLength = 0 ;
94  nSmimeKeyLength = 0 ;
95  nSrtpLevel = SIPXTACK_SRTP_LEVEL_NONE ;
96  memset(szSrtpKey, 0, sizeof(szSrtpKey));
97  memset(szSmimeKeyDer, 0, sizeof(szSmimeKeyDer));
98  memset(dbLocation, 0, sizeof(dbLocation));
99  memset(szMyCertNickname, 0, sizeof(szMyCertNickname));
100  memset(szCertDbPassword, 0, sizeof(szCertDbPassword));
101  nSmimeKeyLength = 0 ;
102  nSrtpLevel = SIPXTACK_SRTP_LEVEL_NONE ;
103  }
104  SIPXTACK_SECURITY_ATTRIBUTES(const SIPXTACK_SECURITY_ATTRIBUTES& ref)
105  {
106  copyData(ref);
107  }
108  virtual ~SIPXTACK_SECURITY_ATTRIBUTES() { }
109  SIPXTACK_SECURITY_ATTRIBUTES& operator=(const SIPXTACK_SECURITY_ATTRIBUTES& ref)
110  {
111  if (this == &ref) return *this;
112  copyData(ref);
113  return *this;
114  }
119  void setSrtpKey(const char* szKey, const int length)
120  {
121  strncpy(szSrtpKey, szKey, length);
122  nSrtpKeyLength = length;
123  }
128  void setSmimeKey(const char* szKey, const int length)
129  {
130  memcpy((void*)szSmimeKeyDer, (void*)szKey, length);
131  nSmimeKeyLength = length;
132  }
136  void setSecurityLevel(SIPXTACK_SRTP_LEVEL security) { nSrtpLevel = security; }
140  const char* getSrtpKey() const { return szSrtpKey; }
145  const char* getSmimeKey() const { return szSmimeKeyDer; }
149  const int getSrtpKeyLength() const { return nSrtpKeyLength; }
154  const int getSmimeKeyLength() const { return nSmimeKeyLength; }
158  const int getSecurityLevel() const {return nSrtpLevel;}
164  const char* getCertDbLocation() const { return dbLocation; }
165 
166  private:
167  SIPXTACK_SRTP_LEVEL nSrtpLevel;
168  char szSrtpKey[SIPXTACK_MAX_SRTP_KEY_LENGTH];
169  int nSrtpKeyLength;
170  char szSmimeKeyDer[SIPXTACK_MAX_SMIME_KEY_LENGTH];
171  int nSmimeKeyLength;
172  // internally set private member, use sipxConfigSetSecurityParameters
173  char dbLocation[256];
174  // internally set private member, use sipxConfigSetSecurityParameters
175  char szMyCertNickname[32];
176  // internally set private member, use sipxConfigSetSecurityParameters
177  char szCertDbPassword[SIPXTACK_MAX_PASSWORD_LENGTH];
178  void copyData(const SIPXTACK_SECURITY_ATTRIBUTES& ref)
179  {
180  nSrtpLevel = ref.nSrtpLevel;
181  nSrtpKeyLength = ref.nSrtpKeyLength;
182  nSmimeKeyLength = ref.nSmimeKeyLength;
183  strcpy(szSrtpKey, ref.szSrtpKey);
184  memcpy((void*)szSmimeKeyDer, (void*)ref.szSmimeKeyDer, ref.nSmimeKeyLength);
185  strncpy(dbLocation, ref.dbLocation, sizeof(dbLocation) - 1);
186  strncpy(szMyCertNickname, ref.szMyCertNickname, sizeof(szMyCertNickname) - 1);
187  strncpy(szCertDbPassword, ref.szCertDbPassword, sizeof(szCertDbPassword) - 1);
188  return;
189  }
190 };
191 
192 
193 //: Interface defintion for receiving events: SMIME errors or SMIME signature notifications.
194 class ISmimeNotifySink
195 {
196 public:
197  virtual void OnError(SIPX_SECURITY_EVENT event, SIPX_SECURITY_CAUSE cause) = 0;
198  virtual bool OnSignature(void* pCert, char* szSubjAltName) = 0 ;
199 
200  virtual ~ISmimeNotifySink() { } ;
201 };
203 
206 class SmimeBody : public HttpBody
207 {
208 /* //////////////////////////// PUBLIC //////////////////////////////////// */
209 public:
210 
211  enum ContentEncoding
212  {
213  SMIME_ENODING_UNKNOWN = 0,
214  SMIME_ENODING_BINARY,
215  SMIME_ENODING_BASE64
216  };
217 
218 /* ============================ CREATORS ================================== */
219 
221  SmimeBody();
222 
224  SmimeBody(const char* bytes,
225  int length,
226  const char* contentEncodingValueString);
227 
229  SmimeBody(const SmimeBody& rSmimeBody);
230 
232  virtual
233  ~SmimeBody();
234 
235 /* ============================ MANIPULATORS ============================== */
236 
238  SmimeBody& operator=(const SmimeBody& rhs);
239 
241 
251  UtlBoolean decrypt(const char* derPkcs12,
252  int derPkcs12Length,
253  const char* pkcs12password,
254  const char* certDbPassword,
255  const char* signerCertDER,
256  int signerCertDERLength,
257  ISmimeNotifySink* pSink = NULL);
258 
260 
273  UtlBoolean encrypt(HttpBody* bodyToEncrypt,
274  int numRecipients,
275  const char* derPublicKeyCerts[],
276  int derPubliceKeyCertLengths[],
277  const char* szMyCertNickname,
278  const char* szCertDbPassword,
279  ISmimeNotifySink* pSink = NULL);
280 
281 
282 #ifdef HAVE_NSS
283  static void getSubjAltName(char* szSubjAltName,
284  const CERTCertificate* pCert,
285  const size_t length);
286 #endif
287  // Lower level utility to do S/MIME encryption using the NSS library.
302  static UtlBoolean nssSmimeEncrypt(int numRecipientCerts,
303  const char* derPublicKeyCerts[],
304  int derPublicKeyCertLengths[],
305  const char* szMyCertNickname,
306  const char* szCertDbPassword,
307  const char* dataToEncrypt,
308  int dataToEncryptLength,
309  UtlBoolean encryptedDataInBase64Format,
310  UtlString& encryptedData,
311  ISmimeNotifySink* pSmimeSink);
312 
313  // Lower level utility to do S/MIME decryption using the NSS library
332  static UtlBoolean nssSmimeDecrypt(const char* derPkcs12,
333  int derPkcs12Length,
334  const char* pkcs12Password,
335  const char* certDbPassword,
336  const char* signerCertDER,
337  int signerCertDERLength,
338  UtlBoolean dataIsInBase64Format,
339  const char* dataToDecrypt,
340  int dataToDecryptLength,
341  UtlString& decryptedData,
342  ISmimeNotifySink* pSmimeSink);
343 
344  // Lower level utility to do S/MIME encryption using the NSS library.
359  static UtlBoolean opensslSmimeEncrypt(int numRecipientCerts,
360  const char* derPublicKeyCerts[],
361  int derPublicKeyCertLengths[],
362  const char* dataToEncrypt,
363  int dataToEncryptLength,
364  UtlBoolean encryptedDataInBase64Format,
365  UtlString& encryptedData);
366 
367  // Lower level utility to do S/MIME decryption using the OpenSSL library
386  static UtlBoolean opensslSmimeDecrypt(const char* derPkcs12,
387  int derPkcs12Length,
388  const char* pkcs12Password,
389  UtlBoolean dataIsInBase64Format,
390  const char* dataToDecrypt,
391  int dataToDecryptLength,
392  UtlString& decryptedData);
393 
395  static UtlBoolean convertPemToDer(UtlString& pemData,
396  UtlString& derData);
397 
398  static bool importPKCS12Object(const char* derPkcs12,
399  int derPkcs12Length,
400  const char* pkcs12Password,
401  const char* certDbLocation,
402  const char* certDbPassword);
403 
404 
405 /* ============================ ACCESSORS ================================= */
406 
408  const HttpBody* getDecryptedBody() const;
409 
410 /* ============================ INQUIRY =================================== */
411 
413  UtlBoolean isDecrypted() const;
414 
415 /* //////////////////////////// PROTECTED ///////////////////////////////// */
416 protected:
417 
418  HttpBody* mpDecryptedBody;
419  enum ContentEncoding mContentEncoding;
420 
421 /* //////////////////////////// PRIVATE /////////////////////////////////// */
422 private:
423 #ifdef HAVE_NSS
424  static UtlString createSignedData(CERTCertificate *cert,
425  const char* dataToSign,
426  const int dataToSignLength,
427  NSSCMSSignedData*& sigd,
428  char* szCertDbPassword);
429 
430 
431 #endif
432  ISmimeNotifySink* mpSmimeSink;
433 
434 };
435 
436 /* ============================ INLINE METHODS ============================ */
437 
438 #endif // _SmimeBody_h_
SmimeBody::mpDecryptedBody
HttpBody * mpDecryptedBody
Definition: SmimeBody.h:418
SIPXTACK_MAX_SMIME_KEY_LENGTH
#define SIPXTACK_MAX_SMIME_KEY_LENGTH
Definition: SmimeBody.h:55
SIPXTACK_SECURITY_ATTRIBUTES
Container class for security attributes.
Definition: SmimeBody.h:87
SIPXTACK_SECURITY_ATTRIBUTES::setSrtpKey
void setSrtpKey(const char *szKey, const int length)
Sets the symmetric srtp key.
Definition: SmimeBody.h:119
SIPXTACK_SECURITY_ATTRIBUTES::~SIPXTACK_SECURITY_ATTRIBUTES
virtual ~SIPXTACK_SECURITY_ATTRIBUTES()
Definition: SmimeBody.h:108
SIPXTACK_SECURITY_ATTRIBUTES::getCertDbLocation
const char * getCertDbLocation() const
Gets the Certificate Database location (set internally to the location specified in the call to sipxC...
Definition: SmimeBody.h:164
SIPXTACK_SRTP_LEVEL_ENCRYPTION
Definition: SmimeBody.h:79
SIPXTACK_SECURITY_ATTRIBUTES::getSrtpKeyLength
const int getSrtpKeyLength() const
Gets the symmetric srtp key length.
Definition: SmimeBody.h:149
sipXtapiEvents.h
sipXtapi event declarations
SipMessage
Specialization of HttpMessage to contain and manipulate SIP messages.
Definition: SipMessage.h:343
SIPXTACK_SRTP_LEVEL_NONE
Definition: SmimeBody.h:78
SIPXTACK_SECURITY_ATTRIBUTES::setSmimeKey
void setSmimeKey(const char *szKey, const int length)
Sets the public key of the remote party, which is used to encrypt the S/MIME container for the SDP...
Definition: SmimeBody.h:128
SIPXTACK_SECURITY_ATTRIBUTES::getSmimeKey
const char * getSmimeKey() const
Gets the public key of the remote party, which is used to encrypt the S/MIME container for the SDP...
Definition: SmimeBody.h:145
SIPXTACK_MAX_SRTP_KEY_LENGTH
#define SIPXTACK_MAX_SRTP_KEY_LENGTH
Container class for security attributes.
Definition: SmimeBody.h:54
SIPXTACK_SECURITY_ATTRIBUTES::getSmimeKeyLength
const int getSmimeKeyLength() const
Gets the public key of the remote party, which is used to encrypt the S/MIME container for the SDP...
Definition: SmimeBody.h:154
SIPXTACK_SECURITY_ATTRIBUTES::SIPXTACK_SECURITY_ATTRIBUTES
SIPXTACK_SECURITY_ATTRIBUTES()
Definition: SmimeBody.h:91
SIPXTACK_MAX_PASSWORD_LENGTH
#define SIPXTACK_MAX_PASSWORD_LENGTH
Definition: SmimeBody.h:58
ISmimeNotifySink
Definition: SmimeBody.h:194
SIPX_SECURITY_CAUSE
SIPX_SECURITY_CAUSE
Enumeration of possible security causes.
Definition: sipXtapiEvents.h:448
SIPXTACK_SECURITY_ATTRIBUTES::getSrtpKey
const char * getSrtpKey() const
Gets the symmetric srtp key.
Definition: SmimeBody.h:140
SIPXTACK_SECURITY_ATTRIBUTES::setSecurityLevel
void setSecurityLevel(SIPXTACK_SRTP_LEVEL security)
Sets the S/MIME & SRTP security level.
Definition: SmimeBody.h:136
SIPXTACK_SECURITY_ATTRIBUTES::SIPXTACK_SECURITY_ATTRIBUTES
SIPXTACK_SECURITY_ATTRIBUTES(const SIPXTACK_SECURITY_ATTRIBUTES &ref)
Definition: SmimeBody.h:104
SIPXTACK_SECURITY_ATTRIBUTES::operator=
SIPXTACK_SECURITY_ATTRIBUTES & operator=(const SIPXTACK_SECURITY_ATTRIBUTES &ref)
Definition: SmimeBody.h:109
SIPXTACK_SRTP_LEVEL_ENCRYPTION_AND_AUTHENTICATION
Definition: SmimeBody.h:81
SmimeBody::SMIME_ENODING_BINARY
Definition: SmimeBody.h:214
ISmimeNotifySink::~ISmimeNotifySink
virtual ~ISmimeNotifySink()
Definition: SmimeBody.h:200
SmimeBody::ContentEncoding
ContentEncoding
Definition: SmimeBody.h:211
SmimeBody
class to contain an PKCS7 (S/MIME) body
Definition: SmimeBody.h:206
SIPXTACK_SRTP_LEVEL_AUTHENTICATION
Definition: SmimeBody.h:80
SIPXTACK_SRTP_LEVEL
SIPXTACK_SRTP_LEVEL
Definition: SmimeBody.h:76
SIPX_SECURITY_EVENT
SIPX_SECURITY_EVENT
Enumeration of possible security events.
Definition: sipXtapiEvents.h:431
HttpBody
class to contain an HTTP body
Definition: HttpBody.h:55
HttpBody.h
SIPXTACK_SECURITY_ATTRIBUTES::getSecurityLevel
const int getSecurityLevel() const
Sets the S/MIME & SRTP security level.
Definition: SmimeBody.h:158

sipXtackLib home page