D:/Storage/CVS_Head/h323plus/include/h235auth.h

00001 /*
00002  * h235auth.h
00003  *
00004  * H.235 authorisation PDU's
00005  *
00006  * Open H323 Library
00007  *
00008  * Copyright (c) 1998-2001 Equivalence Pty. Ltd.
00009  *
00010  * The contents of this file are subject to the Mozilla Public License
00011  * Version 1.0 (the "License"); you may not use this file except in
00012  * compliance with the License. You may obtain a copy of the License at
00013  * http://www.mozilla.org/MPL/
00014  *
00015  * Software distributed under the License is distributed on an "AS IS"
00016  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
00017  * the License for the specific language governing rights and limitations
00018  * under the License.
00019  *
00020  * The Original Code is Open H323 Library.
00021  *
00022  * The Initial Developer of the Original Code is Equivalence Pty. Ltd.
00023  *
00024  * Contributor(s): Fürbass Franz <franz.fuerbass@infonova.at>
00025  *
00026  * $Log: h235auth.h,v $
00027  * Revision 1.1  2007/08/06 20:50:49  shorne
00028  * First commit of h323plus
00029  *
00030  * Revision 1.22.2.3  2007/07/19 19:57:36  shorne
00031  * added missiing secure signal PDU check
00032  *
00033  * Revision 1.22.2.2  2007/04/19 15:07:13  shorne
00034  * Added missing IsSecurePDU to H235.1 authenticator
00035  *
00036  * Revision 1.22.2.1  2006/12/23 19:08:02  shorne
00037  * Plugin video codecs & sundry
00038  *
00039  * Revision 1.22  2006/06/23 03:15:58  shorne
00040  * Updated H.235 class name
00041  *
00042  * Revision 1.21  2006/01/26 03:25:55  shorne
00043  * Caller Authentication added
00044  *
00045  * Revision 1.20  2005/11/30 13:05:01  csoutheren
00046  * Changed tags for Doxygen
00047  *
00048  * Revision 1.19  2005/02/13 23:54:48  csoutheren
00049  * Allow access to H.235 timestamp grace period
00050  * Thanks to Jan Willamowius
00051  *
00052  * Revision 1.18  2004/11/20 22:00:48  csoutheren
00053  * Added hacks for linker problem
00054  *
00055  * Revision 1.17  2004/11/12 06:04:42  csoutheren
00056  * Changed H235Authentiators to use PFactory
00057  *
00058  * Revision 1.16  2004/05/13 02:26:13  dereksmithies
00059  * Fixes so make docs does not generate warning messages about brackets.
00060  *
00061  * Revision 1.15  2003/04/30 00:28:50  robertj
00062  * Redesigned the alternate credentials in ARQ system as old implementation
00063  *   was fraught with concurrency issues, most importantly it can cause false
00064  *   detection of replay attacks taking out an endpoint completely.
00065  *
00066  * Revision 1.14  2003/04/01 04:47:48  robertj
00067  * Abstracted H.225 RAS transaction processing (RIP and secondary thread) in
00068  *   server environment for use by H.501 peer elements.
00069  *
00070  * Revision 1.13  2003/02/25 06:48:14  robertj
00071  * More work on PDU transaction abstraction.
00072  *
00073  * Revision 1.12  2003/02/11 04:43:22  robertj
00074  * Fixed use of asymmetrical authentication schemes such as MD5.
00075  *
00076  * Revision 1.11  2003/02/01 13:31:14  robertj
00077  * Changes to support CAT authentication in RAS.
00078  *
00079  * Revision 1.10  2003/01/08 04:40:31  robertj
00080  * Added more debug tracing for H.235 authenticators.
00081  *
00082  * Revision 1.9  2002/09/16 01:14:15  robertj
00083  * Added #define so can select if #pragma interface/implementation is used on
00084  *   platform basis (eg MacOS) rather than compiler, thanks Robert Monaghan.
00085  *
00086  * Revision 1.8  2002/09/03 06:19:36  robertj
00087  * Normalised the multi-include header prevention ifdef/define symbol.
00088  *
00089  * Revision 1.7  2002/08/05 10:03:47  robertj
00090  * Cosmetic changes to normalise the usage of pragma interface/implementation.
00091  *
00092  * Revision 1.6  2002/08/05 05:17:37  robertj
00093  * Fairly major modifications to support different authentication credentials
00094  *   in ARQ to the logged in ones on RRQ. For both client and server.
00095  * Various other H.235 authentication bugs and anomalies fixed on the way.
00096  *
00097  * Revision 1.5  2002/05/17 03:39:28  robertj
00098  * Fixed problems with H.235 authentication on RAS for server and client.
00099  *
00100  * Revision 1.4  2001/12/06 06:44:42  robertj
00101  * Removed "Win32 SSL xxx" build configurations in favour of system
00102  *   environment variables to select optional libraries.
00103  *
00104  * Revision 1.3  2001/09/14 00:13:37  robertj
00105  * Fixed problem with some athenticators needing extra conditions to be
00106  *   "active", so make IsActive() virtual and add localId to H235AuthSimpleMD5
00107  *
00108  * Revision 1.2  2001/09/13 01:15:18  robertj
00109  * Added flag to H235Authenticator to determine if gkid and epid is to be
00110  *   automatically set as the crypto token remote id and local id.
00111  *
00112  * Revision 1.1  2001/08/10 11:03:49  robertj
00113  * Major changes to H.235 support in RAS to support server.
00114  *
00115  */
00116 
00117 #ifndef __OPAL_H235AUTH_H
00118 #define __OPAL_H235AUTH_H
00119 
00120 #ifdef P_USE_PRAGMA
00121 #pragma interface
00122 #endif
00123 
00124 class H323TransactionPDU;
00125 class H225_CryptoH323Token;
00126 class H225_ArrayOf_AuthenticationMechanism;
00127 class H225_ArrayOf_PASN_ObjectId;
00128 class H235_ClearToken;
00129 class H235_AuthenticationMechanism;
00130 class PASN_ObjectId;
00131 class PASN_Sequence;
00132 class PASN_Array;
00133 
00134 class H323SignalPDU;
00135 class H323Connection;
00136 class PSSLCertificate;
00137 
00138 namespace PWLibStupidLinkerHacks {
00139 extern int h235AuthLoader;
00140 };
00141 
00145 class H235Authenticator : public PObject
00146 {
00147     PCLASSINFO(H235Authenticator, PObject);
00148   public:
00149     H235Authenticator();
00150 
00151     virtual void PrintOn(
00152       ostream & strm
00153     ) const;
00154 
00155     virtual const char * GetName() const = 0;
00156 
00157     virtual BOOL PrepareTokens(
00158       PASN_Array & clearTokens,
00159       PASN_Array & cryptoTokens
00160     );
00161 
00162     virtual H235_ClearToken * CreateClearToken();
00163     virtual H225_CryptoH323Token * CreateCryptoToken();
00164 
00165     virtual BOOL Finalise(
00166       PBYTEArray & rawPDU
00167     );
00168 
00169     enum ValidationResult {
00170       e_OK = 0,     
00171       e_Absent,     
00172       e_Error,      
00173       e_InvalidTime,
00174       e_BadPassword,
00175       e_ReplyAttack,
00176       e_Disabled    
00177     };
00178 
00179     virtual ValidationResult ValidateTokens(
00180       const PASN_Array & clearTokens,
00181       const PASN_Array & cryptoTokens,
00182       const PBYTEArray & rawPDU
00183     );
00184 
00185     virtual ValidationResult ValidateClearToken(
00186       const H235_ClearToken & clearToken
00187     );
00188 
00189     virtual ValidationResult ValidateCryptoToken(
00190       const H225_CryptoH323Token & cryptoToken,
00191       const PBYTEArray & rawPDU
00192     );
00193 
00194     virtual BOOL IsCapability(
00195       const H235_AuthenticationMechanism & mechansim,
00196       const PASN_ObjectId & algorithmOID
00197     ) = 0;
00198 
00199     virtual BOOL SetCapability(
00200       H225_ArrayOf_AuthenticationMechanism & mechansims,
00201       H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00202     ) = 0;
00203 
00204     virtual BOOL UseGkAndEpIdentifiers() const;
00205 
00206     virtual BOOL IsSecuredPDU(
00207       unsigned rasPDU,
00208       BOOL received
00209     ) const;
00210 
00211     virtual BOOL IsSecuredSignalPDU(
00212       unsigned signalPDU,
00213       BOOL received
00214     ) const;
00215 
00216     virtual BOOL IsActive() const;
00217 
00218     virtual void Enable(
00219       BOOL enab = TRUE
00220     ) { enabled = enab; }
00221     virtual void Disable() { enabled = FALSE; }
00222 
00223     virtual const PString & GetRemoteId() const { return remoteId; }
00224     virtual void SetRemoteId(const PString & id) { remoteId = id; }
00225 
00226     virtual const PString & GetLocalId() const { return localId; }
00227     virtual void SetLocalId(const PString & id) { localId = id; }
00228 
00229     virtual const PString & GetPassword() const { return password; }
00230     virtual void SetPassword(const PString & pw) { password = pw; }
00231 
00232     virtual int GetTimestampGracePeriod() const { return timestampGracePeriod; }
00233     virtual void SetTimestampGracePeriod(int grace) { timestampGracePeriod = grace; }
00234 
00235     enum Application {
00236         GKAdmission,            
00237         EPAuthentication,       
00238         LRQOnly,            
00239         AnyApplication,         
00240     };
00241 
00242     Application GetApplication() { return usage; }  // Get Authentication Application
00243 
00244     virtual void SetConnection(H323Connection * con);   // Set the connection for EPAuthentication
00245 
00246   protected:
00247     BOOL AddCapability(
00248       unsigned mechanism,
00249       const PString & oid,
00250       H225_ArrayOf_AuthenticationMechanism & mechansims,
00251       H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00252     );
00253 
00254     BOOL     enabled;
00255 
00256     PString  remoteId;      // ID of remote entity
00257     PString  localId;       // ID of local entity
00258     PString  password;      // shared secret
00259 
00260     unsigned sentRandomSequenceNumber;
00261     unsigned lastRandomSequenceNumber;
00262     unsigned lastTimestamp;
00263     int      timestampGracePeriod;
00264 
00265     Application usage;         
00266     H323Connection * connection;   
00267     PMutex mutex;
00268 };
00269 
00270 
00271 PDECLARE_LIST(H235Authenticators, H235Authenticator)
00272 #ifdef DOC_PLUS_PLUS
00273 {
00274 #endif
00275   public:
00276 // GKAdmission
00277     void PreparePDU(
00278       H323TransactionPDU & pdu,
00279       PASN_Array & clearTokens,
00280       unsigned clearOptionalField,
00281       PASN_Array & cryptoTokens,
00282       unsigned cryptoOptionalField
00283     ) const;
00284 
00285     H235Authenticator::ValidationResult ValidatePDU(
00286       const H323TransactionPDU & pdu,
00287       const PASN_Array & clearTokens,
00288       unsigned clearOptionalField,
00289       const PASN_Array & cryptoTokens,
00290       unsigned cryptoOptionalField,
00291       const PBYTEArray & rawPDU
00292     ) const;
00293 
00294 // EPAuthentication
00295     void PrepareSignalPDU(
00296       unsigned code,
00297       PASN_Array & clearTokens,
00298       PASN_Array & cryptoTokens
00299     ) const;
00300 
00301     H235Authenticator::ValidationResult ValidateSignalPDU(
00302       unsigned code,
00303       const PASN_Array & clearTokens,
00304       const PASN_Array & cryptoTokens,
00305       const PBYTEArray & rawPDU
00306     ) const;
00307 
00308 };
00309 
00310 class H235AuthenticatorInfo : public PObject
00311 {
00312     PCLASSINFO(H235AuthenticatorInfo, PObject);
00313 public:
00314         H235AuthenticatorInfo(PString username,PString password,BOOL ishashed);
00315         H235AuthenticatorInfo(PSSLCertificate * cert);
00316         PString UserName;
00317         PString Password;
00318         BOOL isHashed;
00319         PSSLCertificate * Certificate;
00320 };
00321 
00322 PDECLARE_LIST(H235AuthenticatorList, H235AuthenticatorInfo)
00323 #ifdef DOC_PLUS_PLUS
00324 {
00325 #endif
00326         BOOL HasUserName(PString UserName) const;
00327         void LoadPassword(PString UserName, PString & pass) const;
00328         void Add(PString username, PString password, BOOL isHashed = FALSE);
00329         PString PasswordEncrypt(const PString &clear) const;
00330         PString PasswordDecrypt(const PString &encrypt) const;
00331 };
00332 
00334 PDICTIONARY(H235AuthenticatorDict,PString,H235AuthenticatorInfo); 
00335 
00340 class H235AuthSimpleMD5 : public H235Authenticator
00341 {
00342     PCLASSINFO(H235AuthSimpleMD5, H235Authenticator);
00343   public:
00344     H235AuthSimpleMD5();
00345 
00346     PObject * Clone() const;
00347 
00348     virtual const char * GetName() const;
00349 
00350     virtual H225_CryptoH323Token * CreateCryptoToken();
00351 
00352     virtual ValidationResult ValidateCryptoToken(
00353       const H225_CryptoH323Token & cryptoToken,
00354       const PBYTEArray & rawPDU
00355     );
00356 
00357     virtual BOOL IsCapability(
00358       const H235_AuthenticationMechanism & mechansim,
00359       const PASN_ObjectId & algorithmOID
00360     );
00361 
00362     virtual BOOL SetCapability(
00363       H225_ArrayOf_AuthenticationMechanism & mechansim,
00364       H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00365     );
00366 
00367     virtual BOOL IsSecuredPDU(
00368       unsigned rasPDU,
00369       BOOL received
00370     ) const;
00371 
00372     virtual BOOL IsSecuredSignalPDU(
00373       unsigned rasPDU,
00374       BOOL received
00375     ) const;
00376 };
00377 
00378 
00385 class H235AuthCAT : public H235Authenticator
00386 {
00387     PCLASSINFO(H235AuthCAT, H235Authenticator);
00388   public:
00389     H235AuthCAT();
00390 
00391     PObject * Clone() const;
00392 
00393     virtual const char * GetName() const;
00394 
00395     virtual H235_ClearToken * CreateClearToken();
00396 
00397     virtual ValidationResult ValidateClearToken(
00398       const H235_ClearToken & clearToken
00399     );
00400 
00401     virtual BOOL IsCapability(
00402       const H235_AuthenticationMechanism & mechansim,
00403       const PASN_ObjectId & algorithmOID
00404     );
00405 
00406     virtual BOOL SetCapability(
00407       H225_ArrayOf_AuthenticationMechanism & mechansim,
00408       H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00409     );
00410 
00411     virtual BOOL IsSecuredPDU(
00412       unsigned rasPDU,
00413       BOOL received
00414     ) const;
00415 };
00416 
00417 
00418 #if P_SSL
00419 
00420 namespace PWLibStupidLinkerHacks {
00421 extern int h235AuthProcedure1Loader;
00422 };
00423 
00427 class H2351_Authenticator : public H235Authenticator
00428 {
00429     PCLASSINFO(H2351_Authenticator, H235Authenticator);
00430   public:
00431     H2351_Authenticator();
00432 
00433     PObject * Clone() const;
00434 
00435     virtual const char * GetName() const;
00436 
00437     virtual H225_CryptoH323Token * CreateCryptoToken();
00438 
00439     virtual BOOL Finalise(
00440       PBYTEArray & rawPDU
00441     );
00442 
00443     virtual ValidationResult ValidateCryptoToken(
00444       const H225_CryptoH323Token & cryptoToken,
00445       const PBYTEArray & rawPDU
00446     );
00447 
00448     virtual BOOL IsCapability(
00449       const H235_AuthenticationMechanism & mechansim,
00450       const PASN_ObjectId & algorithmOID
00451     );
00452 
00453     virtual BOOL SetCapability(
00454       H225_ArrayOf_AuthenticationMechanism & mechansim,
00455       H225_ArrayOf_PASN_ObjectId & algorithmOIDs
00456     );
00457 
00458     virtual BOOL IsSecuredPDU(
00459       unsigned rasPDU,
00460       BOOL received
00461     ) const;
00462 
00463     virtual BOOL IsSecuredSignalPDU(
00464       unsigned rasPDU,
00465       BOOL received
00466     ) const;
00467 
00468     virtual BOOL UseGkAndEpIdentifiers() const;
00469 };
00470 
00471 typedef H2351_Authenticator H235AuthProcedure1;  // Backwards interoperability
00472 
00473 #endif
00474 
00475 
00476 #endif //__OPAL_H235AUTH_H
00477 
00478
Generated on Thu Oct 25 13:42:10 2007 for h323plus by  doxygen 1.5.2