1 /*****************************************************************************\
5 **---------------------------------------------------------------------------**
6 ** Copyright: Andreas Eversberg **
10 \*****************************************************************************/
12 /* how authentication is performed:
15 -----------------------------------------------------------------
18 | -----> sending random number -----> (gets lost)
21 comparing | <----- sending random number <----- |
23 | -----> sending "slave" code -----> | slave state
27 done | -----> sending public key -----> |
31 | <----- sending session key <----- | done
32 decrypting | | enable crypt
40 When Bob and Alice activate their authentication process, they will make
43 Lets assume Alice starts encryption first. She activates the authentication
44 process. Bob hat not activates the process yet. Alice sends a random number
45 to Bob, but he will ignore it, because he is not listening.
47 Bob also activates the authentication process, and sends his random number.
48 Now Alice will receive that number and compares the values. If the values
49 are equal, the process will fail and Alice will send the message "LOOPED".
50 If Alice's random number is greater, she will identify herself as "master".
51 Bob will get a "SLAVE" message. Bob might also send a "MASTER" message,
52 if he got Alice's random number, due to parallel activation of the
55 After transmission or reception of a master message, more messages are
56 ignored. After reception of a "RANDOM" message, more messages are
57 ignored. A reception of a "RANDOM" message always causes to identify who
60 Now Alice starts calculating his public/private key pair, because she is
61 "master". When Bob receives the "SLAVE" message, he will change the timeout
62 value. If no random number or "SLAVE", "MASTER" or "LOOPED" is received within
63 a timeout value, the "ABORT" message is sent. If the "ABORT" message is
64 received at any state of the process, the process is aborted.
66 After the key of Alices is calculated, she will send it to Bob. Bob will use
67 the key to start encryption of a random session key. Both will change their
70 After Bob has finished is crypted session key, he will send it to Alice and
71 enable encryption. Bob has finished his process now.
73 As soon as Alice received the encrypted key, she will encrypt it and also
74 enable encryption with the same key as Bob. Alis has finished her process now.
76 Both will get displayed some of the first digits of the public key. Both can
77 talk about the digits now. A man in the middle cannot change the keys without
78 changing the public key. The voice of Alice and/or Bob is used to "sign" and
79 "check" that the public key is not modified.
81 If Alice or Bob wants to stop encryption, one will send the "ABORT" message.
82 After transmission or reception.
85 The states of the process:
93 Waiting for the remote random number or "MASTER", "SLAVE", "LOOPED" message.
97 The master generates the key and waits for the key engine to finish.
101 The slave waits for the master to send the key.
105 The slave generates the session key and waits for the encryption engine to
110 The master waits for the slave to send the crypted session key.
114 The master waits for the decryption engine to finish decryption of the session
119 The encryption is established.
124 CM_TO_IDENT = waiting for the remote party to enable encryption
125 CM_TO_KEY = waiting for key generation
126 CM_TO_CSKEY = waiting for session key encryption
127 CM_TO_DSKEY = waiting for session key decryption
130 Structure of message:
131 ---------------------
133 one octet message element
134 two octets element length (first octet = high-byte)
135 data as given in length
138 the message type is encoded as element
146 #include <sys/types.h>
148 #include <openssl/rsa.h>
153 /* convert key string to binary key vector
154 * returns 0 if an error ocurred
156 unsigned char *crypt_key(unsigned char *key, int *binary_len)
158 static unsigned char binary_key[2048];
161 binary_key[0] = '\0';
166 /* check for 0xXXXX... type of key */
167 if (!strncmp((char *)key, "0x", 2))
172 if (i == (int)sizeof(binary_key))
175 if (*key>='0' && *key<='9')
176 binary_key[i] = (*key-'0') << 8;
177 else if (*key>='a' && *key<='f')
178 binary_key[i] = (*key-'a'+10) << 8;
179 else if (*key>='A' && *key<='F')
180 binary_key[i] = (*key-'A'+10) << 8;
185 if (*key>='0' && *key<='9')
186 binary_key[i] += (*key - '0');
187 else if (*key>='a' && *key<='f')
188 binary_key[i] += (*key - 'a' + 10);
189 else if (*key>='A' && *key<='F')
190 binary_key[i] += (*key - 'A' + 10);
201 /* ascii key too long */
202 if (strlen((char *)key) >= sizeof((char *)binary_key))
205 memcpy(binary_key, key, strlen((char *)key));
206 *binary_len = strlen((char *)key);
211 * support routine to get cpu speed
213 static unsigned long get_bogomips(void)
218 fp = fopen("/proc/cpuinfo", "r");
221 PERROR("Cannot access /proc/cpuinfo. Will not use cpuinfo for identification of pear\n");
225 buffer[sizeof(buffer-1)] = '\0';
226 while(fgets(buffer, sizeof(buffer)-1, fp))
228 if (!!strncmp(buffer, "bogomips", 8))
230 if (!strchr(buffer, ':'))
232 p = strchr(buffer, ':')+1;
236 *strchr(p, '.') = '\0';
243 PERROR("Cannot find 'bogomips' in /proc/cpuinfo. Will not use cpuinfo for identification of pear\n");
251 static unsigned long crc_reflect(unsigned long ref, char ch)
253 unsigned long value = 0;
260 value |= 1 << (ch - i);
267 static unsigned long crc32_table[256];
268 static int crc_initialized = 0;
272 unsigned long ulPolynomial = 0x04c11db7;
278 crc32_table[i] = crc_reflect(i, 8) << 24;
282 crc32_table[i] = (crc32_table[i] << 1) ^ (crc32_table[i] & (1 << 31) ? ulPolynomial : 0);
285 crc32_table[i] = crc_reflect(crc32_table[i], 32);
291 unsigned long crc32(unsigned char *data, int len)
293 unsigned long crc = 0xffffffff;
295 if (!crc_initialized)
296 FATAL("crc not initialized, exitting...");
299 crc = (crc >> 8) ^ crc32_table[(crc & 0xFF) ^ *data++];
300 return(crc^0xffffffff);
306 /* give name of state */
307 static char *statename(int state)
309 if (state>=0 && state<cm_st_num)
310 return(cm_st_name[state]);
311 return("<<STATE UNKNOWN>>");
315 * authentication key generation, encryption, decryption
318 class EndpointAppPBX *apppbx;
322 static void *keyengine_child(void *arg)
324 struct auth_args *args = (struct auth_args *)arg;
325 class EndpointAppPBX *apppbx = args->apppbx;
333 struct sched_param schedp;
336 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "EPOINT(%d) child process started for using libcrypto\n", apppbx->ea_endpoint->ep_serial);
338 /* lower priority to keep pbx running fluently */
339 if (options.schedule > 0)
341 memset(&schedp, 0, sizeof(schedp));
342 schedp.sched_priority = 0;
343 ret = sched_setscheduler(0, SCHED_OTHER, &schedp);
346 PERROR("Scheduling to normal priority failed (errno = %d).\nExitting child process...\n", errno);
353 /* generate rsa key pair */
356 PERROR("Not compliled wiht crypto.\n");
357 apppbx->e_crypt_keyengine_return = -1;
359 srandom(*((unsigned int *)mISDN_rand) ^ random());
360 // exponent = (((random()<<1)|1) & 0x7f) + 0x80; /* odd */
362 // if (exponent < 3) exponent = 3; /* >= 3 */
363 rsa = RSA_generate_key(RSA_BITS, exponent, NULL, NULL);
366 PERROR("Failed to generate rsa key pair.\n");
367 apppbx->e_crypt_keyengine_return = -1;
371 apppbx->e_crypt_rsa_n_len = BN_num_bytes(rsa->n);
372 if (apppbx->e_crypt_rsa_n_len > (int)sizeof(apppbx->e_crypt_rsa_n))
375 PERROR("e_crypt_rsa_* too small for bignum.\n");
376 apppbx->e_crypt_keyengine_return = -1;
381 BN_bn2bin(rsa->n, apppbx->e_crypt_rsa_n);
382 apppbx->e_crypt_rsa_n_len = BN_num_bytes(rsa->n);
383 if (apppbx->e_crypt_rsa_e_len > (int)sizeof(apppbx->e_crypt_rsa_e))
385 BN_bn2bin(rsa->e, apppbx->e_crypt_rsa_e);
386 apppbx->e_crypt_rsa_e_len = BN_num_bytes(rsa->e);
387 if (apppbx->e_crypt_rsa_d_len > (int)sizeof(apppbx->e_crypt_rsa_d))
389 BN_bn2bin(rsa->d, apppbx->e_crypt_rsa_d);
390 apppbx->e_crypt_rsa_p_len = BN_num_bytes(rsa->p);
391 if (apppbx->e_crypt_rsa_p_len > (int)sizeof(apppbx->e_crypt_rsa_p))
393 BN_bn2bin(rsa->p, apppbx->e_crypt_rsa_p);
394 apppbx->e_crypt_rsa_q_len = BN_num_bytes(rsa->q);
395 if (apppbx->e_crypt_rsa_q_len > (int)sizeof(apppbx->e_crypt_rsa_q))
397 BN_bn2bin(rsa->q, apppbx->e_crypt_rsa_q);
398 apppbx->e_crypt_rsa_dmp1_len = BN_num_bytes(rsa->dmp1);
399 if (apppbx->e_crypt_rsa_dmp1_len > (int)sizeof(apppbx->e_crypt_rsa_dmp1))
401 BN_bn2bin(rsa->dmp1, apppbx->e_crypt_rsa_dmp1);
402 apppbx->e_crypt_rsa_dmq1_len = BN_num_bytes(rsa->dmq1);
403 if (apppbx->e_crypt_rsa_dmq1_len > (int)sizeof(apppbx->e_crypt_rsa_dmq1))
405 BN_bn2bin(rsa->dmq1, apppbx->e_crypt_rsa_dmq1);
406 apppbx->e_crypt_rsa_iqmp_len = BN_num_bytes(rsa->iqmp);
407 if (apppbx->e_crypt_rsa_iqmp_len > (int)sizeof(apppbx->e_crypt_rsa_iqmp))
409 BN_bn2bin(rsa->iqmp, apppbx->e_crypt_rsa_iqmp);
410 PDEBUG(DEBUG_CRYPT, "gen: rsa n=%02x...\n", *apppbx->e_crypt_rsa_n);
411 PDEBUG(DEBUG_CRYPT, "gen: rsa e=%02x...\n", *apppbx->e_crypt_rsa_e);
412 PDEBUG(DEBUG_CRYPT, "gen: rsa d=%02x...\n", *apppbx->e_crypt_rsa_d);
413 PDEBUG(DEBUG_CRYPT, "gen: rsa p=%02x...\n", *apppbx->e_crypt_rsa_p);
414 PDEBUG(DEBUG_CRYPT, "gen: rsa q=%02x...\n", *apppbx->e_crypt_rsa_q);
415 PDEBUG(DEBUG_CRYPT, "gen: rsa dmp1=%02x...\n", *apppbx->e_crypt_rsa_dmp1);
416 PDEBUG(DEBUG_CRYPT, "gen: rsa dmq1=%02x...\n", *apppbx->e_crypt_rsa_dmq1);
417 PDEBUG(DEBUG_CRYPT, "gen: rsa iqmp=%02x...\n", *apppbx->e_crypt_rsa_iqmp);
418 apppbx->e_crypt_keyengine_return = 1;
424 /* encrypt session key */
427 PERROR("No crypto lib.\n");
428 apppbx->e_crypt_keyengine_return = -1;
430 /* generating session key */
431 srandom(*((unsigned int *)mISDN_rand) ^ random());
435 apppbx->e_crypt_key[i] = random();
436 apppbx->e_crypt_key[i] ^= mISDN_rand[random() & 0xff];
439 apppbx->e_crypt_key_len = i;
440 /* encrypt via rsa */
444 PERROR("Failed to allocate rsa structure.\n");
445 apppbx->e_crypt_keyengine_return = 1;
451 if (!rsa->n || !rsa->e)
453 PERROR("Failed to generate rsa structure.\n");
454 apppbx->e_crypt_keyengine_return = -1;
459 if (!BN_bin2bn(apppbx->e_crypt_rsa_n, apppbx->e_crypt_rsa_n_len, rsa->n))
462 PERROR("Failed to convert binary to bignum.\n");
463 apppbx->e_crypt_keyengine_return = -1;
468 if ((apppbx->e_crypt_rsa_n_len*8) != BN_num_bits(rsa->n))
470 PERROR("SOFTWARE API ERROR: length not equal stored data. (%d != %d)\n", apppbx->e_crypt_rsa_n_len*8, BN_num_bits(rsa->n));
471 apppbx->e_crypt_keyengine_return = -1;
476 if (!BN_bin2bn(apppbx->e_crypt_rsa_e, apppbx->e_crypt_rsa_e_len, rsa->e))
478 PDEBUG(DEBUG_CRYPT, "crypt: rsa n=%02x...\n", *apppbx->e_crypt_rsa_n);
479 PDEBUG(DEBUG_CRYPT, "crypt: rsa e=%02x...\n", *apppbx->e_crypt_rsa_e);
480 PDEBUG(DEBUG_CRYPT, "crypt: key =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_key[0], apppbx->e_crypt_key[1], apppbx->e_crypt_key[2], apppbx->e_crypt_key[3], apppbx->e_crypt_key_len);
481 apppbx->e_crypt_ckey_len = RSA_public_encrypt(
482 apppbx->e_crypt_key_len,
484 apppbx->e_crypt_ckey,
487 PDEBUG(DEBUG_CRYPT, "crypt: ckey =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_ckey[0], apppbx->e_crypt_ckey[1], apppbx->e_crypt_ckey[2], apppbx->e_crypt_ckey[3], apppbx->e_crypt_ckey_len);
490 if (apppbx->e_crypt_ckey_len > 0)
491 apppbx->e_crypt_keyengine_return = 1;
493 apppbx->e_crypt_keyengine_return = -1;
497 /* decrypt session key */
500 PERROR("No crypto lib.\n");
501 apppbx->e_crypt_keyengine_return = -1;
506 PERROR("Failed to allocate rsa structure.\n");
507 apppbx->e_crypt_keyengine_return = 1;
516 rsa->dmp1 = BN_new();
517 rsa->dmq1 = BN_new();
518 rsa->iqmp = BN_new();
519 if (!rsa->n || !rsa->e
520 || !rsa->d || !rsa->p
521 || !rsa->q || !rsa->dmp1
522 || !rsa->dmq1 || !rsa->iqmp)
524 PERROR("Failed to generate rsa structure.\n");
525 apppbx->e_crypt_keyengine_return = 1;
530 if (!BN_bin2bn(apppbx->e_crypt_rsa_n, apppbx->e_crypt_rsa_n_len, rsa->n))
533 PERROR("Failed to convert binary to bignum.\n");
534 apppbx->e_crypt_keyengine_return = -1;
539 if (!BN_bin2bn(apppbx->e_crypt_rsa_e, apppbx->e_crypt_rsa_e_len, rsa->e))
541 if (!BN_bin2bn(apppbx->e_crypt_rsa_d, apppbx->e_crypt_rsa_d_len, rsa->d))
543 if (!BN_bin2bn(apppbx->e_crypt_rsa_p, apppbx->e_crypt_rsa_p_len, rsa->p))
545 if (!BN_bin2bn(apppbx->e_crypt_rsa_q, apppbx->e_crypt_rsa_q_len, rsa->q))
547 if (!BN_bin2bn(apppbx->e_crypt_rsa_dmp1, apppbx->e_crypt_rsa_dmp1_len, rsa->dmp1))
549 if (!BN_bin2bn(apppbx->e_crypt_rsa_dmq1, apppbx->e_crypt_rsa_dmq1_len, rsa->dmq1))
551 if (!BN_bin2bn(apppbx->e_crypt_rsa_iqmp, apppbx->e_crypt_rsa_iqmp_len, rsa->iqmp))
553 PDEBUG(DEBUG_CRYPT, "decrypt: ckey =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_ckey[0], apppbx->e_crypt_ckey[1], apppbx->e_crypt_ckey[2], apppbx->e_crypt_ckey[3], apppbx->e_crypt_ckey_len);
554 apppbx->e_crypt_key_len = RSA_private_decrypt(
555 apppbx->e_crypt_ckey_len,
556 apppbx->e_crypt_ckey,
560 PDEBUG(DEBUG_CRYPT, "decrypt: key =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_key[0], apppbx->e_crypt_key[1], apppbx->e_crypt_key[2], apppbx->e_crypt_key[3], apppbx->e_crypt_key_len);
563 apppbx->e_crypt_keyengine_return = 1;
568 PERROR("Unknown job %d\n", job);
569 apppbx->e_crypt_keyengine_return = -1;
573 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "child process done after using libcrypto with return value %d\n", apppbx->e_crypt_keyengine_return);
576 apppbx->ea_endpoint->ep_use--;
577 FREE(args, sizeof(struct auth_args));
582 void EndpointAppPBX::cryptman_keyengine(int job)
584 struct auth_args *arg;
587 if (e_crypt_keyengine_busy)
589 e_crypt_keyengine_return = -1;
590 PERROR("engine currently busy.\n");
594 arg = (struct auth_args *)MALLOC(sizeof(struct auth_args));
597 e_crypt_keyengine_return = 0;
598 e_crypt_keyengine_busy = job;
600 ea_endpoint->ep_use++;
601 if ((pthread_create(&tid, NULL, keyengine_child, arg)<0))
603 ea_endpoint->ep_use--;
604 PERROR("failed to create keyengine-thread.\n");
605 e_crypt_keyengine_return = -1;
610 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "send_mail(%d): child process created for doing crypto stuff\n", ea_endpoint->ep_serial);
615 /* handler for authentication (called by apppbx's handler)
617 void EndpointAppPBX::cryptman_handler(void)
619 if (e_crypt_keyengine_busy)
621 if (e_crypt_keyengine_return < 0)
623 e_crypt_keyengine_busy = 0;
624 cryptman_message(CK_ERROR_IND, NULL, 0);
626 if (e_crypt_keyengine_return > 0)
628 switch(e_crypt_keyengine_busy)
631 e_crypt_keyengine_busy = 0;
632 cryptman_message(CK_GENRSA_CONF, NULL, 0);
635 e_crypt_keyengine_busy = 0;
636 cryptman_message(CK_CPTRSA_CONF, NULL, 0);
639 e_crypt_keyengine_busy = 0;
640 cryptman_message(CK_DECRSA_CONF, NULL, 0);
646 /* check for event, make next event */
647 if (e_crypt_timeout_sec) if (e_crypt_timeout_sec<now_tv.tv_sec || (e_crypt_timeout_sec==now_tv.tv_sec && e_crypt_timeout_usec<now_tv.tv_usec))
649 e_crypt_timeout_sec = 0;
650 e_crypt_timeout_usec = 0;
651 cryptman_message(CT_TIMEOUT, NULL, 0);
657 * process message to the crypt manager
659 /* remote peer sends ident request */
660 void EndpointAppPBX::cr_ident(int message, unsigned char *param, int len)
662 unsigned char buf[4], *p;
663 unsigned long bogomips = 0, ran;
666 l = CM_SIZEOFINF(CM_INFO_RANDOM);
669 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) missing (or corrupt) random number, ignoring (len = %d)\n", ea_endpoint->ep_serial, l);
672 p = CM_GETINF(CM_INFO_RANDOM, buf);
673 ran = (p[0]<<24) + (p[1]<<16) + (p[2]<<8) + p[3];
674 l = CM_SIZEOFINF(CM_INFO_BOGOMIPS);
677 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) missing (or corrupt) random bogomips, just comparing random (len = %d)\n", ea_endpoint->ep_serial, l);
680 p = CM_GETINF(CM_INFO_BOGOMIPS, buf);
681 bogomips = (p[0]<<24) + (p[1]<<16) + (p[2]<<8) + p[3];
682 if (e_crypt_bogomips > bogomips)
684 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is faster, so we are master (%d > %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
685 cr_master(message, NULL, 0);
688 if (e_crypt_bogomips < bogomips)
690 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is slower, so we are slave (%d < %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
691 cr_slave(message, NULL, 0);
694 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is equal speed, so we check for random value (%d == %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
696 /* bogomips are equal, so we compare */
697 if (e_crypt_random > ran)
699 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our random value is greater, so we are master (%d > %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
700 cr_master(message, NULL, 0);
703 if (e_crypt_random < ran)
705 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our random value is smaller, so we are slave (%d < %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
706 cr_slave(message, NULL, 0);
709 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) random values are equal, so we are looped (%d == %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
710 cr_looped(message, NULL, 0);
713 /* key-exchange activation by the user */
714 void EndpointAppPBX::cr_activate(int message, unsigned char *param, int len)
716 unsigned char buf[128] = "";
718 unsigned char bogomips[4], ran[4];
720 /* activate listener */
721 cryptman_msg2crengine(CR_LISTEN_REQ, NULL, 0);
722 /* send ident message */
724 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
725 /* random number element */
726 srandom(now_tv.tv_sec ^ now_tv.tv_usec ^ random());
727 e_crypt_random = random();
728 ran[0] = e_crypt_random >> 24;
729 ran[1] = e_crypt_random >> 16;
730 ran[2] = e_crypt_random >> 8;
731 ran[3] = e_crypt_random;
732 CM_ADDINF(CM_INFO_RANDOM, 4, ran);
733 /* cpu speed element */
734 e_crypt_bogomips = get_bogomips();
735 if (e_crypt_bogomips > 0)
737 bogomips[0] = e_crypt_bogomips >> 24;
738 bogomips[1] = e_crypt_bogomips >> 16;
739 bogomips[2] = e_crypt_bogomips >> 8;
740 bogomips[3] = e_crypt_bogomips;
741 CM_ADDINF(CM_INFO_BOGOMIPS, 4, bogomips);
743 /* send ident message */
744 cryptman_msg2peer(buf);
746 cryptman_state(CM_ST_IDENT);
748 cryptman_timeout(CM_TO_IDENT);
751 /* deactivation by the user */
752 void EndpointAppPBX::cr_deactivate(int message, unsigned char *param, int len)
754 unsigned char buf[128] = "";
757 /* deactivate listener (if not already) */
758 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
761 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
762 cryptman_msg2peer(buf);
763 /* deactivate encryption */
764 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
766 cryptman_state(CM_ST_NULL);
767 /* send message to user */
768 cryptman_msg2user(CU_DACT_CONF, "Deactivated");
771 /* remote peer tells us to be master */
772 void EndpointAppPBX::cr_master(int message, unsigned char *param, int len)
774 unsigned char buf[128] = "";
777 /* change to master state */
778 cryptman_state(CM_ST_KEYGEN);
779 if (message == CP_IDENT)
781 /* send you-are-slave-message */
783 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
784 cryptman_msg2peer(buf);
786 /* start generation of key */
787 cryptman_keyengine(CK_GENRSA_REQ);
788 /* disable timeout */
790 /* send message to user */
791 cryptman_msg2user(CU_INFO_IND, "Master");
794 /* remote peer tells us to be slave */
795 void EndpointAppPBX::cr_slave(int message, unsigned char *param, int len)
797 unsigned char buf[128] = "";
800 /* change to slave state */
801 cryptman_state(CM_ST_KEYWAIT);
802 if (message == CP_IDENT)
804 /* send you-are-slave-message */
807 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
808 cryptman_msg2peer(buf);
811 cryptman_timeout(CM_TO_PUBKEY);
812 /* send message to user */
813 cryptman_msg2user(CU_INFO_IND, "Slave");
816 /* remote peer tells us about loop */
817 void EndpointAppPBX::cr_looped(int message, unsigned char *param, int len)
819 unsigned char buf[128] = "";
822 /* change to idle state */
823 cryptman_state(CM_ST_NULL);
824 /* deactivate listener */
825 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
826 if (message == CP_IDENT)
831 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
832 cryptman_msg2peer(buf);
834 /* disable timeout */
836 /* send message to user */
837 cryptman_msg2user(CU_ERROR_IND, "Loop Detected");
841 void EndpointAppPBX::cr_abort(int message, unsigned char *param, int len)
843 /* if already encrypting */
844 if (e_crypt_state==CM_ST_WAIT_CRYPT
845 || e_crypt_state==CM_ST_SWAIT
846 || e_crypt_state==CM_ST_ACTIVE)
848 /* deactivate blowfish */
849 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
851 /* change to idle state */
852 cryptman_state(CM_ST_NULL);
853 /* deactivate listener */
854 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
855 /* disable timeout */
857 /* send message to user */
858 if (message == CT_TIMEOUT)
859 cryptman_msg2user(CU_ERROR_IND, "Timeout");
860 else if (message == CP_ABORT)
861 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
863 cryptman_msg2user(CU_DACT_IND, NULL);
866 /* abort but wait for engine to release*/
867 void EndpointAppPBX::cr_abort_engine(int message, unsigned char *param, int len)
869 /* change to release state */
870 cryptman_state(CM_ST_RELEASE);
871 /* deactivate listener */
872 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
873 /* disable timeout */
875 /* send message to user */
876 if (message == CT_TIMEOUT)
877 cryptman_msg2user(CU_ERROR_IND, "Timeout");
878 else if (message == CP_ABORT)
879 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
881 cryptman_msg2user(CU_DACT_IND, NULL);
884 /* abort and disable crypt engine */
885 void EndpointAppPBX::cr_abort_wait(int message, unsigned char *param, int len)
887 /* change to idle state */
888 cryptman_state(CM_ST_NULL);
889 /* deactivate listener (if not already) */
890 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
891 /* deactivate blowfish */
892 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
893 /* disable timeout */
895 /* send message to user */
896 if (message == CT_TIMEOUT)
897 cryptman_msg2user(CU_ERROR_IND, "Timeout");
898 else if (message == CP_ABORT)
899 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
901 cryptman_msg2user(CU_DACT_IND, NULL);
904 /* key engine tells us that the rsa is ready */
905 void EndpointAppPBX::cr_genrsa(int message, unsigned char *param, int len)
907 unsigned char buf[1024] = "";
910 /* change to wait for crypted session key state */
911 cryptman_state(CM_ST_CSWAIT);
914 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
915 CM_ADDINF(CM_INFO_PUBKEY, e_crypt_rsa_n_len, &e_crypt_rsa_n);
916 CM_ADDINF(CM_INFO_PUBEXPONENT, e_crypt_rsa_e_len, &e_crypt_rsa_e);
917 cryptman_msg2peer(buf);
919 cryptman_timeout(CM_TO_CSKEY);
922 /* our engine has a key error */
923 void EndpointAppPBX::cr_keyerror(int message, unsigned char *param, int len)
925 unsigned char buf[128] = "";
928 /* change to idle state */
929 cryptman_state(CM_ST_NULL);
930 /* deactivate listener */
931 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
934 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
935 cryptman_msg2peer(buf);
936 /* send message to user */
937 cryptman_msg2user(CU_ERROR_IND, "Local Key Error");
940 /* remote sends us the rsa public key */
941 void EndpointAppPBX::cr_pubkey(int message, unsigned char *param, int len)
943 unsigned char buf[128] = "";
944 unsigned char msg = CMSG_ABORT;
947 l = CM_SIZEOFINF(CM_INFO_PUBKEY);
948 if (l<1 || l>(int)sizeof(e_crypt_rsa_n))
951 /* change to idle state */
952 cryptman_state(CM_ST_NULL);
953 /* deactivate listener */
954 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
956 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
957 cryptman_msg2peer(buf);
958 /* send message to user */
959 cryptman_msg2user(CU_ERROR_IND, "Remote Key Error");
962 CM_GETINF(CM_INFO_PUBKEY, e_crypt_rsa_n);
963 e_crypt_rsa_n_len = l;
964 l = CM_SIZEOFINF(CM_INFO_PUBEXPONENT);
965 if (l<1 || l>(int)sizeof(e_crypt_rsa_e))
967 CM_GETINF(CM_INFO_PUBEXPONENT, e_crypt_rsa_e);
968 e_crypt_rsa_e_len = l;
969 /* change to generating encrypted sessnion key state */
970 cryptman_state(CM_ST_CSKEY);
971 /* start generation of crypted session key */
972 cryptman_keyengine(CK_CPTRSA_REQ);
973 /* disable timeout */
977 /* key engine tells us that the crypted session key is ready */
978 void EndpointAppPBX::cr_cptrsa(int message, unsigned char *param, int len)
980 unsigned char buf[1024] = "";
981 unsigned char msg = CMSG_CSKEY;
983 /* change to wait for crypt engine state */
984 cryptman_state(CM_ST_WAIT_DELAY);
986 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
987 CM_ADDINF(CM_INFO_CSKEY, e_crypt_ckey_len, &e_crypt_ckey);
988 cryptman_msg2peer(buf);
989 /* deactivate listener */
990 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
995 /* now we waited for the remote to receive and decrypt the session key */
996 void EndpointAppPBX::cr_waitdelay(int message, unsigned char *param, int len)
998 /* change to wait for crypt engine state */
999 cryptman_state(CM_ST_WAIT_CRYPT);
1000 /* disable timeout */
1001 cryptman_timeout(0);
1002 /* send message to crypt engine */
1003 cryptman_msg2crengine(CC_ACTBF_REQ, e_crypt_key, e_crypt_key_len);
1006 /* remote sends us the crypted session key */
1007 void EndpointAppPBX::cr_cskey(int message, unsigned char *param, int len)
1009 unsigned char buf[128] = "";
1010 unsigned char msg = CMSG_ABORT;
1013 /* disable timeout */
1014 cryptman_timeout(0);
1015 l = CM_SIZEOFINF(CM_INFO_CSKEY);
1016 if (l<1 || l>(int)sizeof(e_crypt_ckey))
1018 /* change to idle state */
1019 cryptman_state(CM_ST_NULL);
1020 /* deactivate listener */
1021 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1023 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
1024 cryptman_msg2peer(buf);
1025 /* send message to user */
1026 cryptman_msg2user(CU_ERROR_IND, "Remote Key Error");
1029 CM_GETINF(CM_INFO_CSKEY, e_crypt_ckey);
1030 e_crypt_ckey_len = l;
1031 /* change to generating decrypted session key state */
1032 cryptman_state(CM_ST_SESSION);
1033 /* start generation of decrypted session key */
1034 cryptman_keyengine(CK_DECRSA_REQ);
1037 /* key engine tells us that the decrypted session key is ready */
1038 void EndpointAppPBX::cr_decrsa(int message, unsigned char *param, int len)
1040 /* change to wait for crypt engine state */
1041 cryptman_state(CM_ST_WAIT_CRYPT);
1042 /* deactivate listener */
1043 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1044 /* send message to crypt engine */
1045 cryptman_msg2crengine(CC_ACTBF_REQ, e_crypt_key, e_crypt_key_len);
1048 /* blowfish now active */
1049 void EndpointAppPBX::cr_bfactive(int message, unsigned char *param, int len)
1053 /* change to active state */
1054 cryptman_state(CM_ST_ACTIVE);
1055 /* send message to user */
1056 SPRINT(text, "PUB %02x%02x %02x%02x %02x%02x %02x%02x", e_crypt_key[0], e_crypt_key[1], e_crypt_key[2], e_crypt_key[3], e_crypt_key[4], e_crypt_key[5], e_crypt_key[6], e_crypt_key[7]);
1057 cryptman_msg2user(CU_ACTK_CONF, text);
1060 /* our crypt engine sends an error */
1061 void EndpointAppPBX::cr_crypterror(int message, unsigned char *param, int len)
1063 unsigned char buf[128] = "";
1064 unsigned char msg = CMSG_ABORT;
1066 /* change to idle state */
1067 cryptman_state(CM_ST_NULL);
1068 /* deactivate listener */
1069 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1071 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
1072 cryptman_msg2peer(buf);
1073 /* send message to user */
1074 cryptman_msg2user(CU_ERROR_IND, "Blowfish Error");
1077 /* engine is done, now we are done with release */
1078 void EndpointAppPBX::cr_release(int message, unsigned char *param, int len)
1080 /* change to idle state */
1081 cryptman_state(CM_ST_NULL);
1084 /* activate using shared key */
1085 void EndpointAppPBX::cr_sactivate(int message, unsigned char *param, int len)
1087 /* change to 'wait for crypt engine' state */
1088 cryptman_state(CM_ST_SWAIT);
1089 /* disable timeout */
1090 cryptman_timeout(0);
1091 /* send key to crypt engine */
1092 cryptman_msg2crengine(CC_ACTBF_REQ, param, len);
1095 /* share key deactivation by the user */
1096 void EndpointAppPBX::cr_sdeactivate(int message, unsigned char *param, int len)
1098 /* deactivate encryption */
1099 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
1101 cryptman_state(CM_ST_NULL);
1102 /* send message to user */
1103 cryptman_msg2user(CU_DACT_CONF, NULL);
1106 /* shared key abort */
1107 void EndpointAppPBX::cr_sabort(int message, unsigned char *param, int len)
1109 /* change to idle state */
1110 cryptman_state(CM_ST_NULL);
1111 /* send message to user */
1112 cryptman_msg2user(CU_DACT_IND, "Deactivated");
1115 /* shared key: our crypt engine sends an error */
1116 void EndpointAppPBX::cr_scrypterror(int message, unsigned char *param, int len)
1118 /* change to idle state */
1119 cryptman_state(CM_ST_NULL);
1120 /* send message to user */
1121 cryptman_msg2user(CU_ERROR_IND, "Blowfish Error");
1124 /* blowfish now active */
1125 void EndpointAppPBX::cr_sbfactive(int message, unsigned char *param, int len)
1129 /* change to active state */
1130 cryptman_state(CM_ST_SACTIVE);
1131 /* send message to user */
1132 SPRINT(text, "Call Secure");
1133 cryptman_msg2user(CU_ACTS_CONF, text);
1136 /* user requests info */
1137 void EndpointAppPBX::cr_info(int message, unsigned char *param, int len)
1139 /* send message to user */
1140 cryptman_msg2user(CU_INFO_CONF, e_crypt_info);
1146 void EndpointAppPBX::cryptman_message(int message, unsigned char *param, int len)
1148 char *msgtext = "<<UNKNOWN MESSAGE>>";
1150 if (message>=0 && message<cm_msg_num)
1151 msgtext = cm_msg_name[message];
1153 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) CRYPT MANAGER in state '%s' received message: %s len: %d\n", ea_endpoint->ep_serial, statename(e_crypt_state), msgtext, len);
1156 if (message == CU_INFO_REQ)
1157 { cr_info(message, param, len); return; }
1159 switch(e_crypt_state)
1163 if (message == CU_ACTK_REQ) /* request key-exchange encryption */
1164 { cr_activate(message, param, len); return; }
1165 if (message == CU_ACTS_REQ) /* request shared encryption */
1166 { cr_sactivate(message, param, len); return; }
1169 /* identifying state */
1171 if (message == CP_IDENT) /* request encryption */
1172 { cr_ident(message, param, len); return; }
1173 if (message == CP_SLAVE) /* we are slave */
1174 { cr_slave(message, param, len); return; }
1175 if (message == CP_MASTER) /* we are master */
1176 { cr_master(message, param, len); return; }
1177 if (message == CP_LOOPED) /* we are looped */
1178 { cr_looped(message, param, len); return; }
1179 if (message == CI_DISCONNECT_IND /* request aborting */
1180 || message == CT_TIMEOUT /* timeout */
1181 || message == CP_ABORT) /* request aborting */
1182 { cr_abort(message, param, len); return; }
1185 /* generating public key state */
1187 if (message == CK_GENRSA_CONF) /* public key is done */
1188 { cr_genrsa(message, param, len); return; }
1189 if (message == CK_ERROR_IND) /* key failed */
1190 { cr_keyerror(message, param, len); return; }
1191 if (message == CI_DISCONNECT_IND /* request aborting */
1192 || message == CP_ABORT) /* request aborting */
1193 { cr_abort_engine(message, param, len); return; }
1196 /* waiting for public key state */
1198 if (message == CP_PUBKEY) /* getting public key from remote */
1199 { cr_pubkey(message, param, len); return; }
1200 if (message == CI_DISCONNECT_IND /* request aborting */
1201 || message == CT_TIMEOUT /* timeout */
1202 || message == CP_ABORT) /* request aborting */
1203 { cr_abort(message, param, len); return; }
1206 /* generating crypted session key state */
1208 if (message == CK_CPTRSA_CONF) /* crypted session key is done */
1209 { cr_cptrsa(message, param, len); return; }
1210 if (message == CK_ERROR_IND) /* key failed */
1211 { cr_keyerror(message, param, len); return; }
1212 if (message == CI_DISCONNECT_IND /* request aborting */
1213 || message == CP_ABORT) /* request aborting */
1214 { cr_abort_engine(message, param, len); return; }
1217 /* waiting for crypted session key state */
1219 if (message == CP_CSKEY) /* getting crypted session key from remote */
1220 { cr_cskey(message, param, len); return; }
1221 if (message == CI_DISCONNECT_IND /* request aborting */
1222 || message == CT_TIMEOUT /* timeout */
1223 || message == CP_ABORT) /* request aborting */
1224 { cr_abort(message, param, len); return; }
1227 /* generating decrypted session key state */
1229 if (message == CK_DECRSA_CONF) /* decrypted is done */
1230 { cr_decrsa(message, param, len); return; }
1231 if (message == CK_ERROR_IND) /* key failed */
1232 { cr_keyerror(message, param, len); return; }
1233 if (message == CI_DISCONNECT_IND /* request aborting */
1234 || message == CP_ABORT) /* request aborting */
1235 { cr_abort_engine(message, param, len); return; }
1238 /* wait encryption on state */
1239 case CM_ST_WAIT_DELAY:
1240 if (message == CT_TIMEOUT) /* timeout of delay */
1241 { cr_waitdelay(message, param, len); return; }
1242 if (message == CC_ERROR_IND) /* encrpytion error */
1243 { cr_crypterror(message, param, len); return; }
1244 if (message == CI_DISCONNECT_IND /* request aborting */
1245 || message == CP_ABORT) /* request aborting */
1246 { cr_abort_wait(message, param, len); return; }
1249 /* wait encryption on state */
1250 case CM_ST_WAIT_CRYPT:
1251 if (message == CC_ACTBF_CONF) /* encrpytion active */
1252 { cr_bfactive(message, param, len); return; }
1253 if (message == CC_ERROR_IND) /* encrpytion error */
1254 { cr_crypterror(message, param, len); return; }
1255 if (message == CI_DISCONNECT_IND /* request aborting */
1256 || message == CP_ABORT) /* request aborting */
1257 { cr_abort_wait(message, param, len); return; }
1262 if (message == CU_DACT_REQ) /* deactivating encryption */
1263 { cr_deactivate(message, param, len); return; }
1264 if (message == CI_DISCONNECT_IND /* request aborting */
1265 || message == CP_ABORT) /* request aborting */
1266 { cr_abort(message, param, len); return; }
1270 /* engine done after abort state */
1272 if (message == CK_GENRSA_CONF /* engine done */
1273 || message == CK_CPTRSA_CONF /* engine done */
1274 || message == CK_DECRSA_CONF /* engine done */
1275 || message == CK_ERROR_IND) /* engine error */
1276 { cr_release(message, param, len); return; }
1279 /* shared active state */
1281 if (message == CU_DACT_REQ) /* deactivating encryption */
1282 { cr_sdeactivate(message, param, len); return; }
1283 if (message == CI_DISCONNECT_IND) /* request aborting */
1284 { cr_sabort(message, param, len); return; }
1287 /* wait shared encryption on state */
1289 if (message == CC_ACTBF_CONF) /* encrpytion active */
1290 { cr_sbfactive(message, param, len); return; }
1291 if (message == CC_ERROR_IND) /* encrpytion error */
1292 { cr_scrypterror(message, param, len); return; }
1293 if (message == CI_DISCONNECT_IND) /* request aborting */
1294 { cr_sabort(message, param, len); return; }
1299 PDEBUG(DEBUG_CRYPT, "message not handled in state %d\n", e_crypt_state);
1304 * analyze the message element within the received message from peer and call 'cryptman_message'
1306 void EndpointAppPBX::cryptman_msg2man(unsigned char *param, int len)
1312 /* check if frame is correct */
1313 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) message from peer to crypt_manager.\n", ea_endpoint->ep_serial);
1316 PDEBUG(DEBUG_CRYPT, "ignoring message with 0-length.\n");
1325 PDEBUG(DEBUG_CRYPT, "end of message without 0-termination.\n");
1330 PDEBUG(DEBUG_CRYPT, "message with element size, outside the frame length.\n");
1333 l = (p[1]<<8) + p[2];
1334 // PDEBUG(DEBUG_CRYPT, " inf %d (len = %d)\n", *p, l);
1337 PDEBUG(DEBUG_CRYPT, "message with element data, outside the frame length.\n");
1345 PDEBUG(DEBUG_CRYPT, "warning: received null-element before end of frame.\n");
1348 l = CM_SIZEOFINF(CM_INFO_MESSAGE);
1351 PDEBUG(DEBUG_CRYPT, "received message without (valid) message element (len = %d)\n", len);
1354 CM_GETINF(CM_INFO_MESSAGE, &msg);
1358 cryptman_message(CP_IDENT, param, len);
1361 cryptman_message(CP_SLAVE, param, len);
1364 cryptman_message(CP_MASTER, param, len);
1367 cryptman_message(CP_PUBKEY, param, len);
1370 cryptman_message(CP_CSKEY, param, len);
1373 cryptman_message(CP_ABORT, param, len);
1376 PDEBUG(DEBUG_CRYPT, "received unknown message element %d\n", msg);
1380 /* add information element to buffer
1382 void EndpointAppPBX::cryptman_addinf(unsigned char *buf, int buf_size, int element, int len, void *data)
1386 /* skip what we already have in the buffer */
1389 l = (buf[1]<<8) + buf[2];
1390 if (l >= buf_size-3)
1392 PERROR("EPOINT(%d) buffer overflow while adding information to peer message.\n", ea_endpoint->ep_serial);
1398 /* check if we have not enough space to add element including id, len, data, and the null-termination */
1399 if (len+4 > buf_size)
1401 PERROR("EPOINT(%d) cannot add element to message, because buffer would overflow.\n", ea_endpoint->ep_serial);
1407 memcpy(buf+3, data, len);
1411 /* get size of element in buffer
1413 int EndpointAppPBX::cryptman_sizeofinf(unsigned char *buf, int element)
1417 /* skip what we already have in the buffer */
1420 l = (buf[1]<<8) + buf[2];
1421 if (buf[0] == element)
1429 /* get information element from buffer
1431 unsigned char *EndpointAppPBX::cryptman_getinf(unsigned char *buf, int element, unsigned char *to)
1435 /* skip what we already have in the buffer */
1438 l = (buf[1]<<8) + buf[2];
1439 if (buf[0] == element)
1441 memcpy(to, buf+3, l);
1450 /* send message to peer
1452 void EndpointAppPBX::cryptman_msg2peer(unsigned char *buf)
1454 struct message *message;
1455 unsigned char *p = buf;
1462 l = (p[1]<<8) + p[2];
1466 if (len+1 > (int)sizeof(message->param.crypt.data))
1468 PERROR("EPOINT(%d) message larger than allowed in param->crypt.data.\n", ea_endpoint->ep_serial);
1472 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_CRYPT);
1473 message->param.crypt.type = CR_MESSAGE_REQ;
1474 message->param.crypt.len = len+1;
1475 memcpy(message->param.crypt.data, buf, len+1);
1476 message_put(message);
1478 if (options.deb & DEBUG_CRYPT)
1480 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message\n", ea_endpoint->ep_serial);
1484 l = (p[1]<<8) + p[2];
1485 PDEBUG(DEBUG_CRYPT, " inf %d (len = %d)\n", p[0], l);
1492 /* send message to crypt engine
1494 void EndpointAppPBX::cryptman_msg2crengine(int msg, unsigned char *buf, int len)
1496 struct message *message;
1498 if (len > (int)sizeof(message->param.crypt.data))
1500 PERROR("EPOINT(%d) message larger than allowed in param->crypt.data.\n", ea_endpoint->ep_serial);
1504 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_CRYPT);
1505 message->param.crypt.type = msg;
1506 message->param.crypt.len = len;
1508 memcpy(message->param.crypt.data, buf, len);
1509 message_put(message);
1511 if (options.deb & DEBUG_CRYPT)
1513 char *msgtext = "<<UNKNOWN MESSAGE>>";
1515 if (msg>=0 && msg<cm_msg_num)
1516 msgtext = cm_msg_name[msg];
1517 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message '%s' (len = %d)\n", ea_endpoint->ep_serial, msgtext, len);
1521 /* send message to user
1523 void EndpointAppPBX::cryptman_msg2user(int msg, char *text)
1525 struct message *message;
1527 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1528 message->param.crypt.type = msg;
1531 SCPY(e_crypt_info, text);
1534 UNCPY((char *)message->param.crypt.data, e_crypt_info, sizeof(message->param.crypt.data)-1);
1535 message->param.crypt.len = strlen((char *)message->param.crypt.data)+1;
1537 message_put(message);
1539 if (options.deb & DEBUG_CRYPT)
1541 char *msgtext = "<<UNKNOWN MESSAGE>>";
1543 if (msg>=0 && msg<cm_msg_num)
1544 msgtext = cm_msg_name[msg];
1545 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message '%s' (text = %s)\n", ea_endpoint->ep_serial, msgtext, text?text:"");
1551 void EndpointAppPBX::cryptman_state(int state)
1553 PDEBUG(DEBUG_CRYPT, "Changing state from %s to %s\n", statename(e_crypt_state), statename(state));
1554 e_crypt_state = state;
1560 void EndpointAppPBX::cryptman_timeout(int secs)
1564 e_crypt_timeout_sec = now_tv.tv_sec+secs;
1565 e_crypt_timeout_usec = now_tv.tv_usec;
1566 PDEBUG(DEBUG_CRYPT, "Changing timeout to %d seconds\n", secs);
1569 e_crypt_timeout_sec = 0;
1570 e_crypt_timeout_usec = 0;
1571 PDEBUG(DEBUG_CRYPT, "turning timeout off\n", secs);
1575 /* encode a message to be sent via b-channel
1577 int cryptman_encode_bch(unsigned char *data, int len, unsigned char *buf, int buf_len)
1582 len--; /* without null-termination */
1583 if (buf_len < len+overhead)
1585 PERROR("frame too long for buffer");
1588 PDEBUG(DEBUG_CRYPT, "encoding a block of %d bytes.\n", len);
1590 /* write identification sequence to the header */
1591 UNCPY((char *)buf, "CRYPTMAN" ,8);
1593 /* length + checksumme */
1595 buf[1] = len & 0xff;
1596 crc = crc32(buf, 2);
1603 /* data + checksumme */
1604 memcpy(buf, data, len);
1605 crc = crc32(buf, len);
1612 return(len + overhead);
1615 /* decode a message from b-channel
1617 void PmISDN::cryptman_listen_bch(unsigned char *p, int l)
1620 struct message *message;
1626 /* check for the keyword */
1627 if (p_m_crypt_listen_state == 0)
1629 while((*p++)!='C' && l)
1634 p_m_crypt_listen_state++;
1638 if (p_m_crypt_listen_state < 8)
1640 i = p_m_crypt_listen_state;
1644 if (*p++ != "CRYPTMAN"[i])
1646 p_m_crypt_listen_state = 0;
1649 p_m_crypt_listen_state++;
1657 /* high byte of length */
1658 if (p_m_crypt_listen_state == 8)
1660 p_m_crypt_listen_len = (*p++) << 8;
1661 p_m_crypt_listen_state++;
1665 /* low byte of length */
1666 if (p_m_crypt_listen_state == 9)
1668 p_m_crypt_listen_len += *p++;
1669 p_m_crypt_listen_state++;
1674 if (p_m_crypt_listen_state == 10)
1676 p_m_crypt_listen_crc = (*p++) << 24;
1677 p_m_crypt_listen_state++;
1681 if (p_m_crypt_listen_state == 11)
1683 p_m_crypt_listen_crc += (*p++) << 16;
1684 p_m_crypt_listen_state++;
1688 if (p_m_crypt_listen_state == 12)
1690 p_m_crypt_listen_crc += (*p++) << 8;
1691 p_m_crypt_listen_state++;
1695 if (p_m_crypt_listen_state == 13)
1697 unsigned char lencheck[2];
1698 p_m_crypt_listen_crc += *p++;
1700 lencheck[0] = p_m_crypt_listen_len >> 8;
1701 lencheck[1] = p_m_crypt_listen_len & 0xff;
1702 if (crc32(lencheck, 2) != p_m_crypt_listen_crc)
1704 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but checksumme of length is incorrect (must %08x is %08x\n", p_name, p_m_crypt_listen_len, crc32(lencheck, 2), p_m_crypt_listen_crc);
1705 p_m_crypt_listen_state = 0;
1708 if (p_m_crypt_listen_len > (int)sizeof(p_m_crypt_listen_msg))
1710 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but too big for buffer (%d bytes)\n", p_name, p_m_crypt_listen_len, sizeof(p_m_crypt_listen_msg));
1711 p_m_crypt_listen_state = 0;
1714 if (!p_m_crypt_listen_len)
1716 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of 0 bytes\n", p_name);
1717 p_m_crypt_listen_state = 0;
1720 p_m_crypt_listen_state++;
1725 while (p_m_crypt_listen_state>=14 && p_m_crypt_listen_state<(p_m_crypt_listen_len+14))
1727 p_m_crypt_listen_msg[p_m_crypt_listen_state-14] = *p++;
1728 p_m_crypt_listen_state++;
1733 if (p_m_crypt_listen_state == 14+p_m_crypt_listen_len)
1735 p_m_crypt_listen_crc = (*p++) << 24;
1736 p_m_crypt_listen_state++;
1740 if (p_m_crypt_listen_state == 15+p_m_crypt_listen_len)
1742 p_m_crypt_listen_crc += (*p++) << 16;
1743 p_m_crypt_listen_state++;
1747 if (p_m_crypt_listen_state == 16+p_m_crypt_listen_len)
1749 p_m_crypt_listen_crc += (*p++) << 8;
1750 p_m_crypt_listen_state++;
1754 if (p_m_crypt_listen_state == 17+p_m_crypt_listen_len)
1757 p_m_crypt_listen_crc += *p++;
1759 if (crc32(p_m_crypt_listen_msg, p_m_crypt_listen_len) != p_m_crypt_listen_crc)
1761 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but checksumme of data block is incorrect\n", p_name, p_m_crypt_listen_len);
1762 p_m_crypt_listen_state = 0;
1767 /* now send message */
1768 p_m_crypt_listen_state = 0;
1769 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes sending to crypt manager\n", p_name, p_m_crypt_listen_len);
1770 if ((int)sizeof(message->param.crypt.data) < p_m_crypt_listen_len+1) /* null-terminated */
1772 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes that is too large for message buffer\n", p_name, p_m_crypt_listen_len);
1777 message = message_create(p_serial, ACTIVE_EPOINT(p_epointlist), PORT_TO_EPOINT, MESSAGE_CRYPT);
1778 message->param.crypt.type = CR_MESSAGE_IND;
1779 message->param.crypt.len = p_m_crypt_listen_len+1; /* null termination */
1780 memcpy(message->param.crypt.data, p_m_crypt_listen_msg, p_m_crypt_listen_len);
1781 message_put(message);
1782 p_m_crypt_listen_state = 0;
1790 /* encrypt call using share secret (keypad function)
1792 void EndpointAppPBX::encrypt_shared(void)
1794 struct message *message;
1799 char *auth_pointer, *crypt_pointer, *key_pointer;
1802 /* redisplay current crypt display */
1803 if (e_crypt != CRYPT_OFF)
1805 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption in progress, so we request the current message.\n", ea_endpoint->ep_serial);
1806 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1807 message->param.crypt.type = CU_INFO_REQ;
1808 message_put(message);
1812 if (check_external(&errstr, &port))
1815 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1816 SCPY(message->param.notifyinfo.display, errstr);
1817 message_put(message);
1818 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1823 /* check the key for the call */
1824 if (port->p_type==PORT_TYPE_DSS1_TE_OUT || port->p_type==PORT_TYPE_DSS1_NT_OUT)
1825 ret = parse_secrets((char *)e_ext.number, (char *)port->p_dialinginfo.id, &auth_pointer, &crypt_pointer, &key_pointer);
1828 if (!port->p_callerinfo.id[0])
1830 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) incoming remote call has no caller ID.\n", ea_endpoint->ep_serial);
1831 errstr = "No Remote ID";
1834 ret = parse_secrets((char *)e_ext.number, (char *)numberrize_callerinfo(port->p_callerinfo.id, port->p_callerinfo.ntype), &auth_pointer, &crypt_pointer, &key_pointer);
1838 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key was not found.\n", ea_endpoint->ep_serial);
1842 key = crypt_key((unsigned char *)key_pointer, &key_len);
1845 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key invalid.\n", ea_endpoint->ep_serial);
1846 errstr = "Invalid Key";
1851 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too long.\n", ea_endpoint->ep_serial);
1852 errstr = "Key Too Long";
1855 if (!!strcasecmp(auth_pointer, "manual"))
1857 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Wrong authentication method.\n", ea_endpoint->ep_serial);
1858 errstr = "Wrong Auth Type";
1861 if (!strcasecmp(crypt_pointer, "blowfish"))
1863 type = CC_ACTBF_REQ;
1866 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too short.\n", ea_endpoint->ep_serial);
1867 errstr = "Key Too Short";
1872 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too long.\n", ea_endpoint->ep_serial);
1873 errstr = "Key Too Long";
1878 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Wrong crypt method.\n", ea_endpoint->ep_serial);
1879 errstr = "Wrong Crypt Type";
1883 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key is ok, sending activation+key to cryptman.\n", ea_endpoint->ep_serial);
1884 /* setting display message and state */
1885 // SPRINT(e_crypt_display, "Shared Key");
1886 e_crypt = CRYPT_SWAIT;
1887 /* sending activation */
1888 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1889 message->param.crypt.type = CU_ACTS_REQ;
1890 message->param.crypt.len = key_len;
1891 memcpy(message->param.crypt.data, key, key_len);
1892 message_put(message);
1896 /* encrypt call using rsa authentication (keypad function)
1898 void EndpointAppPBX::encrypt_keyex(void)
1900 struct message *message;
1904 /* redisplay current crypt display */
1905 if (e_crypt != CRYPT_OFF)
1907 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption in progress, so we request the current message.\n", ea_endpoint->ep_serial);
1908 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1909 message->param.crypt.type = CU_INFO_REQ;
1910 message_put(message);
1915 if (check_external(&errstr, &port))
1917 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1918 SCPY(message->param.notifyinfo.display, errstr);
1919 message_put(message);
1920 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1926 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1927 SCPY(message->param.notifyinfo.display, "Not Compiled");
1928 message_put(message);
1929 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1932 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Sending key-exchange activation to cryptman.\n", ea_endpoint->ep_serial);
1933 /* setting display message and state */
1934 // SPRINT(e_crypt_display, "Key-Exchange");
1935 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1936 SCPY(message->param.notifyinfo.display, "Key-Exchange");
1937 message_put(message);
1938 e_crypt = CRYPT_KWAIT;
1939 /* sending activation */
1940 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1941 message->param.crypt.type = CU_ACTK_REQ;
1942 message_put(message);
1947 /* turn encryption off (keypad function)
1949 void EndpointAppPBX::encrypt_off(void)
1951 struct message *message;
1953 if (e_crypt!=CRYPT_ON && e_crypt!=CRYPT_OFF)
1955 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1956 SCPY(message->param.notifyinfo.display, "Please Wait");
1957 message_put(message);
1960 if (e_crypt == CRYPT_OFF)
1962 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1963 SCPY(message->param.notifyinfo.display, "No Encryption");
1964 message_put(message);
1965 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1970 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Sending deactivation to cryptman.\n", ea_endpoint->ep_serial);
1971 /* setting display message and state */
1972 // SPRINT(e_crypt_display, "Deactivating");
1973 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1974 SCPY(message->param.notifyinfo.display, "Deactivating");
1975 message_put(message);
1976 e_crypt = CRYPT_RELEASE;
1977 /* sending activation */
1978 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1979 message->param.crypt.type = CU_DACT_REQ;
1980 message_put(message);
1984 /* messages from manager to endpoint
1986 void EndpointAppPBX::encrypt_result(int msg, char *text)
1988 struct message *message;
1994 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption now active.\n", ea_endpoint->ep_serial);
1995 set_tone(ea_endpoint->ep_portlist, "crypt_on");
1999 if (text) if (text[0])
2001 SCPY(e_crypt_info, text);
2002 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
2003 SCPY(message->param.notifyinfo.display, e_crypt_info);
2004 message_put(message);
2009 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption error. (%s)\n", ea_endpoint->ep_serial, text);
2010 set_tone(ea_endpoint->ep_portlist, "crypt_off");
2012 e_crypt = CRYPT_OFF;
2018 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption now off. (%s)\n", ea_endpoint->ep_serial, text);
2019 set_tone(ea_endpoint->ep_portlist, "crypt_off");
2021 e_crypt = CRYPT_OFF;
2027 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) information. (%s)\n", ea_endpoint->ep_serial, text);
2032 PERROR("EPOINT(%d) crypt manager sends us an invalid message. (type = %d)\n", ea_endpoint->ep_serial, msg);