OPAL  Version 3.14.3
h235auth.h
Go to the documentation of this file.
1 /*
2  * h235auth.h
3  *
4  * H.235 authorisation PDU's
5  *
6  * Open H323 Library
7  *
8  * Copyright (c) 1998-2001 Equivalence Pty. Ltd.
9  *
10  * The contents of this file are subject to the Mozilla Public License
11  * Version 1.0 (the "License"); you may not use this file except in
12  * compliance with the License. You may obtain a copy of the License at
13  * http://www.mozilla.org/MPL/
14  *
15  * Software distributed under the License is distributed on an "AS IS"
16  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
17  * the License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * The Original Code is Open H323 Library.
21  *
22  * The Initial Developer of the Original Code is Equivalence Pty. Ltd.
23  *
24  * Contributor(s): Fürbass Franz <franz.fuerbass@infonova.at>
25  *
26  * $Revision: 31354 $
27  * $Author: rjongbloed $
28  * $Date: 2014-02-04 12:27:13 +1100 (Tue, 04 Feb 2014) $
29  */
30 
31 #ifndef OPAL_H323_H235AUTH_H
32 #define OPAL_H323_H235AUTH_H
33 
34 #ifdef P_USE_PRAGMA
35 #pragma interface
36 #endif
37 
38 #include <opal_config.h>
39 
40 #if OPAL_H323
41 
42 #include <ptlib/pfactory.h>
43 
44 
45 class H323TransactionPDU;
46 class H225_CryptoH323Token;
47 class H225_ArrayOf_AuthenticationMechanism;
48 class H225_ArrayOf_PASN_ObjectId;
49 class H235_ClearToken;
50 class H235_AuthenticationMechanism;
51 class PASN_ObjectId;
52 class PASN_Sequence;
53 class PASN_Array;
54 
55 
59 class H235Authenticator : public PObject
60 {
61  PCLASSINFO(H235Authenticator, PObject);
62  public:
63  H235Authenticator();
64 
65  virtual void PrintOn(
66  ostream & strm
67  ) const;
68 
69  virtual const char * GetName() const = 0;
70 
71  virtual PBoolean PrepareTokens(
72  PASN_Array & clearTokens,
73  PASN_Array & cryptoTokens,
74  unsigned rasPDU
75  );
76 
77  virtual H235_ClearToken * CreateClearToken(unsigned rasPDU);
78  virtual H235_ClearToken * CreateClearToken();
79  virtual H225_CryptoH323Token * CreateCryptoToken(bool digits, unsigned rasPDU);
80  virtual H225_CryptoH323Token * CreateCryptoToken(bool digits);
81 
82  virtual PBoolean Finalise(
83  PBYTEArray & rawPDU
84  );
85 
86  enum ValidationResult {
87  e_OK = 0,
88  e_Absent,
89  e_Error,
90  e_InvalidTime,
91  e_BadPassword,
92  e_ReplyAttack,
93  e_Disabled
94  };
95 
96  virtual ValidationResult ValidateTokens(
97  const PASN_Array & clearTokens,
98  const PASN_Array & cryptoTokens,
99  const PBYTEArray & rawPDU
100  );
101 
102  virtual ValidationResult ValidateClearToken(
103  const H235_ClearToken & clearToken
104  );
105 
106  virtual ValidationResult ValidateCryptoToken(
107  const H225_CryptoH323Token & cryptoToken,
108  const PBYTEArray & rawPDU
109  );
110 
111  virtual PBoolean IsCapability(
112  const H235_AuthenticationMechanism & mechansim,
113  const PASN_ObjectId & algorithmOID
114  ) = 0;
115 
116  virtual PBoolean SetCapability(
117  H225_ArrayOf_AuthenticationMechanism & mechansims,
118  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
119  ) = 0;
120 
121  virtual PBoolean UseGkAndEpIdentifiers() const;
122 
123  virtual PBoolean IsSecuredPDU(
124  unsigned rasPDU,
125  PBoolean received
126  ) const;
127 
128  void Enable(
129  PBoolean enab = true
130  ) { m_enabled = enab; }
131  void Disable() { m_enabled = false; }
132  bool IsEnabled() const { return m_enabled; }
133 
134  const PString & GetRemoteId() const { return remoteId; }
135  void SetRemoteId(const PString & id) { remoteId = id; }
136 
137  const PString & GetLocalId() const { return localId; }
138  void SetLocalId(const PString & id) { localId = id; }
139 
140  const PString & GetPassword() const { return password; }
141  void SetPassword(const PString & pw) { password = pw; }
142 
143  enum Application {
144  GKAdmission,
145  EPAuthentication,
146  LRQOnly,
147  AnyApplication,
148  };
149 
150  Application GetApplication() { return usage; }
151 
152 
153  protected:
154  PINDEX AddCapabilityIfNeeded(
155  unsigned mechanism,
156  const PString & oid,
157  H225_ArrayOf_AuthenticationMechanism & mechansims,
158  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
159  );
160 
161  bool m_enabled;
162 
163  PString remoteId; // ID of remote entity
164  PString localId; // ID of local entity
165  PString password; // shared secret
166 
167  unsigned sentRandomSequenceNumber;
168  unsigned lastRandomSequenceNumber;
169  unsigned lastTimestamp;
170  int timestampGracePeriod;
171 
172  Application usage;
173 
174  PMutex mutex;
175 
176  private:
177  P_REMOVE_VIRTUAL(H225_CryptoH323Token *,CreateCryptoToken(),NULL);
178  P_REMOVE_VIRTUAL(PBoolean,PrepareTokens(PASN_Array &,PASN_Array &),false);
179 };
180 
181 
182 PDECLARE_LIST(H235Authenticators, H235Authenticator)
183  protected:
184  void InternalPreparePDU(
185  H323TransactionPDU & pdu,
186  PASN_Array & clearTokens,
187  unsigned clearOptionalField,
188  PASN_Array & cryptoTokens,
189  unsigned cryptoOptionalField
190  );
191  H235Authenticator::ValidationResult InternalValidatePDU(
192  const H323TransactionPDU & pdu,
193  const PASN_Array & clearTokens,
194  unsigned clearOptionalField,
195  const PASN_Array & cryptoTokens,
196  unsigned cryptoOptionalField,
197  const PBYTEArray & rawPDU
198  );
199  public:
200  template <class RAS> void PreparePDU(H323TransactionPDU & pdu, RAS & ras)
201  {
202  InternalPreparePDU(pdu, ras.m_tokens, RAS::e_tokens, ras.m_cryptoTokens, RAS::e_cryptoTokens);
203  }
204  template <class RAS> H235Authenticator::ValidationResult ValidatePDU(const H323TransactionPDU & pdu,const RAS & ras, const PBYTEArray & rawPDU)
205  {
206  return InternalValidatePDU(pdu, ras.m_tokens, RAS::e_tokens, ras.m_cryptoTokens, RAS::e_cryptoTokens, rawPDU);
207  }
208 };
209 
210 
211 
212 
217 class H235AuthSimpleMD5 : public H235Authenticator
218 {
219  PCLASSINFO(H235AuthSimpleMD5, H235Authenticator);
220  public:
221  H235AuthSimpleMD5();
222 
223  PObject * Clone() const;
224 
225  virtual const char * GetName() const;
226 
227  virtual H225_CryptoH323Token * CreateCryptoToken(bool digits);
228 
229  virtual ValidationResult ValidateCryptoToken(
230  const H225_CryptoH323Token & cryptoToken,
231  const PBYTEArray & rawPDU
232  );
233 
234  virtual PBoolean IsCapability(
235  const H235_AuthenticationMechanism & mechansim,
236  const PASN_ObjectId & algorithmOID
237  );
238 
239  virtual PBoolean SetCapability(
240  H225_ArrayOf_AuthenticationMechanism & mechansim,
241  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
242  );
243 
244  virtual PBoolean IsSecuredPDU(
245  unsigned rasPDU,
246  PBoolean received
247  ) const;
248 };
249 
250 PFACTORY_LOAD(H235AuthSimpleMD5);
251 
252 
259 class H235AuthCAT : public H235Authenticator
260 {
261  PCLASSINFO(H235AuthCAT, H235Authenticator);
262  public:
263  H235AuthCAT();
264 
265  PObject * Clone() const;
266 
267  virtual const char * GetName() const;
268 
269  virtual H235_ClearToken * CreateClearToken();
270 
271  virtual ValidationResult ValidateClearToken(
272  const H235_ClearToken & clearToken
273  );
274 
275  virtual PBoolean IsCapability(
276  const H235_AuthenticationMechanism & mechansim,
277  const PASN_ObjectId & algorithmOID
278  );
279 
280  virtual PBoolean SetCapability(
281  H225_ArrayOf_AuthenticationMechanism & mechansim,
282  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
283  );
284 
285  virtual PBoolean IsSecuredPDU(
286  unsigned rasPDU,
287  PBoolean received
288  ) const;
289 };
290 
291 PFACTORY_LOAD(H235AuthCAT);
292 
293 
294 #if OPAL_PTLIB_SSL
295 
298 class H235AuthPwd_DES_ECB : public H235Authenticator
299 {
300  PCLASSINFO(H235AuthPwd_DES_ECB, H235Authenticator);
301  public:
302  H235AuthPwd_DES_ECB();
303 
304  PObject * Clone() const;
305 
306  virtual const char * GetName() const;
307 
308  virtual H235_ClearToken * CreateClearToken(unsigned rasPDU);
309  virtual H225_CryptoH323Token * CreateCryptoToken(bool digits, unsigned rasPDU);
310 
311  virtual ValidationResult ValidateClearToken(
312  const H235_ClearToken & clearToken
313  );
314  virtual ValidationResult ValidateCryptoToken(
315  const H225_CryptoH323Token & cryptoToken,
316  const PBYTEArray & rawPDU
317  );
318 
319  virtual PBoolean SetCapability(
320  H225_ArrayOf_AuthenticationMechanism & mechansim,
321  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
322  );
323 
324  virtual PBoolean IsCapability(
325  const H235_AuthenticationMechanism & mechansim,
326  const PASN_ObjectId & algorithmOID
327  );
328 
329  virtual PBoolean IsSecuredPDU(
330  unsigned rasPDU,
331  PBoolean received
332  ) const;
333 
334  protected:
335  bool EncryptToken(PBYTEArray & encryptedToken);
336 
337  PBYTEArray m_encodedToken;
338 };
339 
340 PFACTORY_LOAD(H235AuthPwd_DES_ECB);
341 
342 
345 class H235AuthProcedure1 : public H235Authenticator
346 {
347  PCLASSINFO(H235AuthProcedure1, H235Authenticator);
348  public:
349  H235AuthProcedure1();
350 
351  PObject * Clone() const;
352 
353  virtual const char * GetName() const;
354 
355  virtual H225_CryptoH323Token * CreateCryptoToken(bool digits);
356 
357  virtual PBoolean Finalise(
358  PBYTEArray & rawPDU
359  );
360 
361  virtual ValidationResult ValidateCryptoToken(
362  const H225_CryptoH323Token & cryptoToken,
363  const PBYTEArray & rawPDU
364  );
365 
366  virtual PBoolean IsCapability(
367  const H235_AuthenticationMechanism & mechansim,
368  const PASN_ObjectId & algorithmOID
369  );
370 
371  virtual PBoolean SetCapability(
372  H225_ArrayOf_AuthenticationMechanism & mechansim,
373  H225_ArrayOf_PASN_ObjectId & algorithmOIDs
374  );
375 
376  virtual PBoolean UseGkAndEpIdentifiers() const;
377 };
378 
379 PFACTORY_LOAD(H235AuthProcedure1);
380 
381 #endif // OPAL_PTLIB_SSL
382 
383 #endif // OPAL_H323
384 
385 #endif //OPAL_H323_H235AUTH_H
386 
387