1 /*****************************************************************************\
5 **---------------------------------------------------------------------------**
6 ** Copyright: Andreas Eversberg **
10 \*****************************************************************************/
12 /* how authentication is performed:
15 -----------------------------------------------------------------
18 | -----> sending random number -----> (gets lost)
21 comparing | <----- sending random number <----- |
23 | -----> sending "slave" code -----> | slave state
27 done | -----> sending public key -----> |
31 | <----- sending session key <----- | done
32 decrypting | | enable crypt
40 When Bob and Alice activate their authentication process, they will make
43 Lets assume Alice starts encryption first. She activates the authentication
44 process. Bob hat not activates the process yet. Alice sends a random number
45 to Bob, but he will ignore it, because he is not listening.
47 Bob also activates the authentication process, and sends his random number.
48 Now Alice will receive that number and compares the values. If the values
49 are equal, the process will fail and Alice will send the message "LOOPED".
50 If Alice's random number is greater, she will identify herself as "master".
51 Bob will get a "SLAVE" message. Bob might also send a "MASTER" message,
52 if he got Alice's random number, due to parallel activation of the
55 After transmission or reception of a master message, more messages are
56 ignored. After reception of a "RANDOM" message, more messages are
57 ignored. A reception of a "RANDOM" message always causes to identify who
60 Now Alice starts calculating his public/private key pair, because she is
61 "master". When Bob receives the "SLAVE" message, he will change the timeout
62 value. If no random number or "SLAVE", "MASTER" or "LOOPED" is received within
63 a timeout value, the "ABORT" message is sent. If the "ABORT" message is
64 received at any state of the process, the process is aborted.
66 After the key of Alices is calculated, she will send it to Bob. Bob will use
67 the key to start encryption of a random session key. Both will change their
70 After Bob has finished is crypted session key, he will send it to Alice and
71 enable encryption. Bob has finished his process now.
73 As soon as Alice received the encrypted key, she will encrypt it and also
74 enable encryption with the same key as Bob. Alis has finished her process now.
76 Both will get displayed some of the first digits of the public key. Both can
77 talk about the digits now. A man in the middle cannot change the keys without
78 changing the public key. The voice of Alice and/or Bob is used to "sign" and
79 "check" that the public key is not modified.
81 If Alice or Bob wants to stop encryption, one will send the "ABORT" message.
82 After transmission or reception.
85 The states of the process:
93 Waiting for the remote random number or "MASTER", "SLAVE", "LOOPED" message.
97 The master generates the key and waits for the key engine to finish.
101 The slave waits for the master to send the key.
105 The slave generates the session key and waits for the encryption engine to
110 The master waits for the slave to send the crypted session key.
114 The master waits for the decryption engine to finish decryption of the session
119 The encryption is established.
124 CM_TO_IDENT = waiting for the remote party to enable encryption
125 CM_TO_KEY = waiting for key generation
126 CM_TO_CSKEY = waiting for session key encryption
127 CM_TO_DSKEY = waiting for session key decryption
130 Structure of message:
131 ---------------------
133 one octet message element
134 two octets element length (first octet = high-byte)
135 data as given in length
138 the message type is encoded as element
145 #include <openssl/rsa.h>
149 /* convert key string to binary key vector
150 * returns 0 if an error ocurred
152 unsigned char *crypt_key(unsigned char *key, int *binary_len)
154 static unsigned char binary_key[2048];
157 binary_key[0] = '\0';
162 /* check for 0xXXXX... type of key */
163 if (!strncmp((char *)key, "0x", 2))
168 if (i == (int)sizeof(binary_key))
171 if (*key>='0' && *key<='9')
172 binary_key[i] = (*key-'0') << 8;
173 else if (*key>='a' && *key<='f')
174 binary_key[i] = (*key-'a'+10) << 8;
175 else if (*key>='A' && *key<='F')
176 binary_key[i] = (*key-'A'+10) << 8;
181 if (*key>='0' && *key<='9')
182 binary_key[i] += (*key - '0');
183 else if (*key>='a' && *key<='f')
184 binary_key[i] += (*key - 'a' + 10);
185 else if (*key>='A' && *key<='F')
186 binary_key[i] += (*key - 'A' + 10);
197 /* ascii key too long */
198 if (strlen((char *)key) >= sizeof((char *)binary_key))
201 memcpy(binary_key, key, strlen((char *)key));
202 *binary_len = strlen((char *)key);
207 * support routine to get cpu speed
209 static unsigned int get_bogomips(void)
214 fp = fopen("/proc/cpuinfo", "r");
217 PERROR("Cannot access /proc/cpuinfo. Will not use cpuinfo for identification of pear\n");
221 buffer[sizeof(buffer-1)] = '\0';
222 while(fgets(buffer, sizeof(buffer)-1, fp))
224 if (!!strncmp(buffer, "bogomips", 8))
226 if (!strchr(buffer, ':'))
228 p = strchr(buffer, ':')+1;
232 *strchr(p, '.') = '\0';
239 PERROR("Cannot find 'bogomips' in /proc/cpuinfo. Will not use cpuinfo for identification of pear\n");
247 static unsigned int crc_reflect(unsigned int ref, char ch)
249 unsigned int value = 0;
256 value |= 1 << (ch - i);
263 static unsigned int crc32_table[256];
264 static int crc_initialized = 0;
268 unsigned int ulPolynomial = 0x04c11db7;
274 crc32_table[i] = crc_reflect(i, 8) << 24;
278 crc32_table[i] = (crc32_table[i] << 1) ^ (crc32_table[i] & (1 << 31) ? ulPolynomial : 0);
281 crc32_table[i] = crc_reflect(crc32_table[i], 32);
287 unsigned int crc32(unsigned char *data, int len)
289 unsigned int crc = 0xffffffff;
291 if (!crc_initialized)
292 FATAL("crc not initialized, exitting...");
295 crc = (crc >> 8) ^ crc32_table[(crc & 0xFF) ^ *data++];
296 return(crc^0xffffffff);
302 /* give name of state */
303 static char *statename(int state)
305 if (state>=0 && state<cm_st_num)
306 return(cm_st_name[state]);
307 return("<<STATE UNKNOWN>>");
311 * authentication key generation, encryption, decryption
314 class EndpointAppPBX *apppbx;
318 static void *keyengine_child(void *arg)
320 struct auth_args *args = (struct auth_args *)arg;
321 class EndpointAppPBX *apppbx = args->apppbx;
329 struct sched_param schedp;
332 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "EPOINT(%d) child process started for using libcrypto\n", apppbx->ea_endpoint->ep_serial);
334 /* lower priority to keep pbx running fluently */
335 if (options.schedule > 0)
337 memset(&schedp, 0, sizeof(schedp));
338 schedp.sched_priority = 0;
339 ret = sched_setscheduler(0, SCHED_OTHER, &schedp);
342 PERROR("Scheduling to normal priority failed (errno = %d).\nExitting child process...\n", errno);
349 /* generate rsa key pair */
352 PERROR("Not compliled wiht crypto.\n");
353 apppbx->e_crypt_keyengine_return = -1;
355 srandom(*((unsigned int *)mISDN_rand) ^ random());
356 // exponent = (((random()<<1)|1) & 0x7f) + 0x80; /* odd */
358 // if (exponent < 3) exponent = 3; /* >= 3 */
359 rsa = RSA_generate_key(RSA_BITS, exponent, NULL, NULL);
362 PERROR("Failed to generate rsa key pair.\n");
363 apppbx->e_crypt_keyengine_return = -1;
367 apppbx->e_crypt_rsa_n_len = BN_num_bytes(rsa->n);
368 if (apppbx->e_crypt_rsa_n_len > (int)sizeof(apppbx->e_crypt_rsa_n))
371 PERROR("e_crypt_rsa_* too small for bignum.\n");
372 apppbx->e_crypt_keyengine_return = -1;
377 BN_bn2bin(rsa->n, apppbx->e_crypt_rsa_n);
378 apppbx->e_crypt_rsa_n_len = BN_num_bytes(rsa->n);
379 if (apppbx->e_crypt_rsa_e_len > (int)sizeof(apppbx->e_crypt_rsa_e))
381 BN_bn2bin(rsa->e, apppbx->e_crypt_rsa_e);
382 apppbx->e_crypt_rsa_e_len = BN_num_bytes(rsa->e);
383 if (apppbx->e_crypt_rsa_d_len > (int)sizeof(apppbx->e_crypt_rsa_d))
385 BN_bn2bin(rsa->d, apppbx->e_crypt_rsa_d);
386 apppbx->e_crypt_rsa_p_len = BN_num_bytes(rsa->p);
387 if (apppbx->e_crypt_rsa_p_len > (int)sizeof(apppbx->e_crypt_rsa_p))
389 BN_bn2bin(rsa->p, apppbx->e_crypt_rsa_p);
390 apppbx->e_crypt_rsa_q_len = BN_num_bytes(rsa->q);
391 if (apppbx->e_crypt_rsa_q_len > (int)sizeof(apppbx->e_crypt_rsa_q))
393 BN_bn2bin(rsa->q, apppbx->e_crypt_rsa_q);
394 apppbx->e_crypt_rsa_dmp1_len = BN_num_bytes(rsa->dmp1);
395 if (apppbx->e_crypt_rsa_dmp1_len > (int)sizeof(apppbx->e_crypt_rsa_dmp1))
397 BN_bn2bin(rsa->dmp1, apppbx->e_crypt_rsa_dmp1);
398 apppbx->e_crypt_rsa_dmq1_len = BN_num_bytes(rsa->dmq1);
399 if (apppbx->e_crypt_rsa_dmq1_len > (int)sizeof(apppbx->e_crypt_rsa_dmq1))
401 BN_bn2bin(rsa->dmq1, apppbx->e_crypt_rsa_dmq1);
402 apppbx->e_crypt_rsa_iqmp_len = BN_num_bytes(rsa->iqmp);
403 if (apppbx->e_crypt_rsa_iqmp_len > (int)sizeof(apppbx->e_crypt_rsa_iqmp))
405 BN_bn2bin(rsa->iqmp, apppbx->e_crypt_rsa_iqmp);
406 PDEBUG(DEBUG_CRYPT, "gen: rsa n=%02x...\n", *apppbx->e_crypt_rsa_n);
407 PDEBUG(DEBUG_CRYPT, "gen: rsa e=%02x...\n", *apppbx->e_crypt_rsa_e);
408 PDEBUG(DEBUG_CRYPT, "gen: rsa d=%02x...\n", *apppbx->e_crypt_rsa_d);
409 PDEBUG(DEBUG_CRYPT, "gen: rsa p=%02x...\n", *apppbx->e_crypt_rsa_p);
410 PDEBUG(DEBUG_CRYPT, "gen: rsa q=%02x...\n", *apppbx->e_crypt_rsa_q);
411 PDEBUG(DEBUG_CRYPT, "gen: rsa dmp1=%02x...\n", *apppbx->e_crypt_rsa_dmp1);
412 PDEBUG(DEBUG_CRYPT, "gen: rsa dmq1=%02x...\n", *apppbx->e_crypt_rsa_dmq1);
413 PDEBUG(DEBUG_CRYPT, "gen: rsa iqmp=%02x...\n", *apppbx->e_crypt_rsa_iqmp);
414 apppbx->e_crypt_keyengine_return = 1;
420 /* encrypt session key */
423 PERROR("No crypto lib.\n");
424 apppbx->e_crypt_keyengine_return = -1;
426 /* generating session key */
427 srandom(*((unsigned int *)mISDN_rand) ^ random());
431 apppbx->e_crypt_key[i] = random();
432 apppbx->e_crypt_key[i] ^= mISDN_rand[random() & 0xff];
435 apppbx->e_crypt_key_len = i;
436 /* encrypt via rsa */
440 PERROR("Failed to allocate rsa structure.\n");
441 apppbx->e_crypt_keyengine_return = 1;
447 if (!rsa->n || !rsa->e)
449 PERROR("Failed to generate rsa structure.\n");
450 apppbx->e_crypt_keyengine_return = -1;
455 if (!BN_bin2bn(apppbx->e_crypt_rsa_n, apppbx->e_crypt_rsa_n_len, rsa->n))
458 PERROR("Failed to convert binary to bignum.\n");
459 apppbx->e_crypt_keyengine_return = -1;
464 if ((apppbx->e_crypt_rsa_n_len*8) != BN_num_bits(rsa->n))
466 PERROR("SOFTWARE API ERROR: length not equal stored data. (%d != %d)\n", apppbx->e_crypt_rsa_n_len*8, BN_num_bits(rsa->n));
467 apppbx->e_crypt_keyengine_return = -1;
472 if (!BN_bin2bn(apppbx->e_crypt_rsa_e, apppbx->e_crypt_rsa_e_len, rsa->e))
474 PDEBUG(DEBUG_CRYPT, "crypt: rsa n=%02x...\n", *apppbx->e_crypt_rsa_n);
475 PDEBUG(DEBUG_CRYPT, "crypt: rsa e=%02x...\n", *apppbx->e_crypt_rsa_e);
476 PDEBUG(DEBUG_CRYPT, "crypt: key =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_key[0], apppbx->e_crypt_key[1], apppbx->e_crypt_key[2], apppbx->e_crypt_key[3], apppbx->e_crypt_key_len);
477 apppbx->e_crypt_ckey_len = RSA_public_encrypt(
478 apppbx->e_crypt_key_len,
480 apppbx->e_crypt_ckey,
483 PDEBUG(DEBUG_CRYPT, "crypt: ckey =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_ckey[0], apppbx->e_crypt_ckey[1], apppbx->e_crypt_ckey[2], apppbx->e_crypt_ckey[3], apppbx->e_crypt_ckey_len);
486 if (apppbx->e_crypt_ckey_len > 0)
487 apppbx->e_crypt_keyengine_return = 1;
489 apppbx->e_crypt_keyengine_return = -1;
493 /* decrypt session key */
496 PERROR("No crypto lib.\n");
497 apppbx->e_crypt_keyengine_return = -1;
502 PERROR("Failed to allocate rsa structure.\n");
503 apppbx->e_crypt_keyengine_return = 1;
512 rsa->dmp1 = BN_new();
513 rsa->dmq1 = BN_new();
514 rsa->iqmp = BN_new();
515 if (!rsa->n || !rsa->e
516 || !rsa->d || !rsa->p
517 || !rsa->q || !rsa->dmp1
518 || !rsa->dmq1 || !rsa->iqmp)
520 PERROR("Failed to generate rsa structure.\n");
521 apppbx->e_crypt_keyengine_return = 1;
526 if (!BN_bin2bn(apppbx->e_crypt_rsa_n, apppbx->e_crypt_rsa_n_len, rsa->n))
529 PERROR("Failed to convert binary to bignum.\n");
530 apppbx->e_crypt_keyengine_return = -1;
535 if (!BN_bin2bn(apppbx->e_crypt_rsa_e, apppbx->e_crypt_rsa_e_len, rsa->e))
537 if (!BN_bin2bn(apppbx->e_crypt_rsa_d, apppbx->e_crypt_rsa_d_len, rsa->d))
539 if (!BN_bin2bn(apppbx->e_crypt_rsa_p, apppbx->e_crypt_rsa_p_len, rsa->p))
541 if (!BN_bin2bn(apppbx->e_crypt_rsa_q, apppbx->e_crypt_rsa_q_len, rsa->q))
543 if (!BN_bin2bn(apppbx->e_crypt_rsa_dmp1, apppbx->e_crypt_rsa_dmp1_len, rsa->dmp1))
545 if (!BN_bin2bn(apppbx->e_crypt_rsa_dmq1, apppbx->e_crypt_rsa_dmq1_len, rsa->dmq1))
547 if (!BN_bin2bn(apppbx->e_crypt_rsa_iqmp, apppbx->e_crypt_rsa_iqmp_len, rsa->iqmp))
549 PDEBUG(DEBUG_CRYPT, "decrypt: ckey =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_ckey[0], apppbx->e_crypt_ckey[1], apppbx->e_crypt_ckey[2], apppbx->e_crypt_ckey[3], apppbx->e_crypt_ckey_len);
550 apppbx->e_crypt_key_len = RSA_private_decrypt(
551 apppbx->e_crypt_ckey_len,
552 apppbx->e_crypt_ckey,
556 PDEBUG(DEBUG_CRYPT, "decrypt: key =%02x%02x%02x%02x... (len=%d)\n", apppbx->e_crypt_key[0], apppbx->e_crypt_key[1], apppbx->e_crypt_key[2], apppbx->e_crypt_key[3], apppbx->e_crypt_key_len);
559 apppbx->e_crypt_keyengine_return = 1;
564 PERROR("Unknown job %d\n", job);
565 apppbx->e_crypt_keyengine_return = -1;
569 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "child process done after using libcrypto with return value %d\n", apppbx->e_crypt_keyengine_return);
572 apppbx->ea_endpoint->ep_use--;
573 FREE(args, sizeof(struct auth_args));
578 void EndpointAppPBX::cryptman_keyengine(int job)
580 struct auth_args *arg;
583 if (e_crypt_keyengine_busy)
585 e_crypt_keyengine_return = -1;
586 PERROR("engine currently busy.\n");
590 arg = (struct auth_args *)MALLOC(sizeof(struct auth_args));
593 e_crypt_keyengine_return = 0;
594 e_crypt_keyengine_busy = job;
596 ea_endpoint->ep_use++;
597 if ((pthread_create(&tid, NULL, keyengine_child, arg)<0))
599 ea_endpoint->ep_use--;
600 PERROR("failed to create keyengine-thread.\n");
601 e_crypt_keyengine_return = -1;
606 PDEBUG((DEBUG_EPOINT | DEBUG_CRYPT), "send_mail(%d): child process created for doing crypto stuff\n", ea_endpoint->ep_serial);
611 /* handler for authentication (called by apppbx's handler)
613 void EndpointAppPBX::cryptman_handler(void)
615 if (e_crypt_keyengine_busy)
617 if (e_crypt_keyengine_return < 0)
619 e_crypt_keyengine_busy = 0;
620 cryptman_message(CK_ERROR_IND, NULL, 0);
622 if (e_crypt_keyengine_return > 0)
624 switch(e_crypt_keyengine_busy)
627 e_crypt_keyengine_busy = 0;
628 cryptman_message(CK_GENRSA_CONF, NULL, 0);
631 e_crypt_keyengine_busy = 0;
632 cryptman_message(CK_CPTRSA_CONF, NULL, 0);
635 e_crypt_keyengine_busy = 0;
636 cryptman_message(CK_DECRSA_CONF, NULL, 0);
642 /* check for event, make next event */
643 if (e_crypt_timeout_sec) if (e_crypt_timeout_sec<now_tv.tv_sec || (e_crypt_timeout_sec==now_tv.tv_sec && e_crypt_timeout_usec<now_tv.tv_usec))
645 e_crypt_timeout_sec = 0;
646 e_crypt_timeout_usec = 0;
647 cryptman_message(CT_TIMEOUT, NULL, 0);
653 * process message to the crypt manager
655 /* remote peer sends ident request */
656 void EndpointAppPBX::cr_ident(int message, unsigned char *param, int len)
658 unsigned char buf[4], *p;
659 unsigned int bogomips = 0, ran;
662 l = CM_SIZEOFINF(CM_INFO_RANDOM);
665 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) missing (or corrupt) random number, ignoring (len = %d)\n", ea_endpoint->ep_serial, l);
668 p = CM_GETINF(CM_INFO_RANDOM, buf);
669 ran = (p[0]<<24) + (p[1]<<16) + (p[2]<<8) + p[3];
670 l = CM_SIZEOFINF(CM_INFO_BOGOMIPS);
673 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) missing (or corrupt) random bogomips, just comparing random (len = %d)\n", ea_endpoint->ep_serial, l);
676 p = CM_GETINF(CM_INFO_BOGOMIPS, buf);
677 bogomips = (p[0]<<24) + (p[1]<<16) + (p[2]<<8) + p[3];
678 if (e_crypt_bogomips > bogomips)
680 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is faster, so we are master (%d > %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
681 cr_master(message, NULL, 0);
684 if (e_crypt_bogomips < bogomips)
686 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is slower, so we are slave (%d < %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
687 cr_slave(message, NULL, 0);
690 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our cpu is equal speed, so we check for random value (%d == %d)\n", ea_endpoint->ep_serial, e_crypt_bogomips, bogomips);
692 /* bogomips are equal, so we compare */
693 if (e_crypt_random > ran)
695 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our random value is greater, so we are master (%d > %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
696 cr_master(message, NULL, 0);
699 if (e_crypt_random < ran)
701 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) our random value is smaller, so we are slave (%d < %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
702 cr_slave(message, NULL, 0);
705 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) random values are equal, so we are looped (%d == %d)\n", ea_endpoint->ep_serial, e_crypt_random, ran);
706 cr_looped(message, NULL, 0);
709 /* key-exchange activation by the user */
710 void EndpointAppPBX::cr_activate(int message, unsigned char *param, int len)
712 unsigned char buf[128] = "";
714 unsigned char bogomips[4], ran[4];
716 /* activate listener */
717 cryptman_msg2crengine(CR_LISTEN_REQ, NULL, 0);
718 /* send ident message */
720 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
721 /* random number element */
722 srandom(now_tv.tv_sec ^ now_tv.tv_usec ^ random());
723 e_crypt_random = random();
724 ran[0] = e_crypt_random >> 24;
725 ran[1] = e_crypt_random >> 16;
726 ran[2] = e_crypt_random >> 8;
727 ran[3] = e_crypt_random;
728 CM_ADDINF(CM_INFO_RANDOM, 4, ran);
729 /* cpu speed element */
730 e_crypt_bogomips = get_bogomips();
731 if (e_crypt_bogomips > 0)
733 bogomips[0] = e_crypt_bogomips >> 24;
734 bogomips[1] = e_crypt_bogomips >> 16;
735 bogomips[2] = e_crypt_bogomips >> 8;
736 bogomips[3] = e_crypt_bogomips;
737 CM_ADDINF(CM_INFO_BOGOMIPS, 4, bogomips);
739 /* send ident message */
740 cryptman_msg2peer(buf);
742 cryptman_state(CM_ST_IDENT);
744 cryptman_timeout(CM_TO_IDENT);
747 /* deactivation by the user */
748 void EndpointAppPBX::cr_deactivate(int message, unsigned char *param, int len)
750 unsigned char buf[128] = "";
753 /* deactivate listener (if not already) */
754 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
757 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
758 cryptman_msg2peer(buf);
759 /* deactivate encryption */
760 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
762 cryptman_state(CM_ST_NULL);
763 /* send message to user */
764 cryptman_msg2user(CU_DACT_CONF, "Deactivated");
767 /* remote peer tells us to be master */
768 void EndpointAppPBX::cr_master(int message, unsigned char *param, int len)
770 unsigned char buf[128] = "";
773 /* change to master state */
774 cryptman_state(CM_ST_KEYGEN);
775 if (message == CP_IDENT)
777 /* send you-are-slave-message */
779 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
780 cryptman_msg2peer(buf);
782 /* start generation of key */
783 cryptman_keyengine(CK_GENRSA_REQ);
784 /* disable timeout */
786 /* send message to user */
787 cryptman_msg2user(CU_INFO_IND, "Master");
790 /* remote peer tells us to be slave */
791 void EndpointAppPBX::cr_slave(int message, unsigned char *param, int len)
793 unsigned char buf[128] = "";
796 /* change to slave state */
797 cryptman_state(CM_ST_KEYWAIT);
798 if (message == CP_IDENT)
800 /* send you-are-slave-message */
803 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
804 cryptman_msg2peer(buf);
807 cryptman_timeout(CM_TO_PUBKEY);
808 /* send message to user */
809 cryptman_msg2user(CU_INFO_IND, "Slave");
812 /* remote peer tells us about loop */
813 void EndpointAppPBX::cr_looped(int message, unsigned char *param, int len)
815 unsigned char buf[128] = "";
818 /* change to idle state */
819 cryptman_state(CM_ST_NULL);
820 /* deactivate listener */
821 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
822 if (message == CP_IDENT)
827 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
828 cryptman_msg2peer(buf);
830 /* disable timeout */
832 /* send message to user */
833 cryptman_msg2user(CU_ERROR_IND, "Loop Detected");
837 void EndpointAppPBX::cr_abort(int message, unsigned char *param, int len)
839 /* if already encrypting */
840 if (e_crypt_state==CM_ST_WAIT_CRYPT
841 || e_crypt_state==CM_ST_SWAIT
842 || e_crypt_state==CM_ST_ACTIVE)
844 /* deactivate blowfish */
845 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
847 /* change to idle state */
848 cryptman_state(CM_ST_NULL);
849 /* deactivate listener */
850 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
851 /* disable timeout */
853 /* send message to user */
854 if (message == CT_TIMEOUT)
855 cryptman_msg2user(CU_ERROR_IND, "Timeout");
856 else if (message == CP_ABORT)
857 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
859 cryptman_msg2user(CU_DACT_IND, NULL);
862 /* abort but wait for engine to release*/
863 void EndpointAppPBX::cr_abort_engine(int message, unsigned char *param, int len)
865 /* change to release state */
866 cryptman_state(CM_ST_RELEASE);
867 /* deactivate listener */
868 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
869 /* disable timeout */
871 /* send message to user */
872 if (message == CT_TIMEOUT)
873 cryptman_msg2user(CU_ERROR_IND, "Timeout");
874 else if (message == CP_ABORT)
875 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
877 cryptman_msg2user(CU_DACT_IND, NULL);
880 /* abort and disable crypt engine */
881 void EndpointAppPBX::cr_abort_wait(int message, unsigned char *param, int len)
883 /* change to idle state */
884 cryptman_state(CM_ST_NULL);
885 /* deactivate listener (if not already) */
886 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
887 /* deactivate blowfish */
888 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
889 /* disable timeout */
891 /* send message to user */
892 if (message == CT_TIMEOUT)
893 cryptman_msg2user(CU_ERROR_IND, "Timeout");
894 else if (message == CP_ABORT)
895 cryptman_msg2user(CU_ERROR_IND, "Remote Abort");
897 cryptman_msg2user(CU_DACT_IND, NULL);
900 /* key engine tells us that the rsa is ready */
901 void EndpointAppPBX::cr_genrsa(int message, unsigned char *param, int len)
903 unsigned char buf[1024] = "";
906 /* change to wait for crypted session key state */
907 cryptman_state(CM_ST_CSWAIT);
910 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
911 CM_ADDINF(CM_INFO_PUBKEY, e_crypt_rsa_n_len, &e_crypt_rsa_n);
912 CM_ADDINF(CM_INFO_PUBEXPONENT, e_crypt_rsa_e_len, &e_crypt_rsa_e);
913 cryptman_msg2peer(buf);
915 cryptman_timeout(CM_TO_CSKEY);
918 /* our engine has a key error */
919 void EndpointAppPBX::cr_keyerror(int message, unsigned char *param, int len)
921 unsigned char buf[128] = "";
924 /* change to idle state */
925 cryptman_state(CM_ST_NULL);
926 /* deactivate listener */
927 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
930 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
931 cryptman_msg2peer(buf);
932 /* send message to user */
933 cryptman_msg2user(CU_ERROR_IND, "Local Key Error");
936 /* remote sends us the rsa public key */
937 void EndpointAppPBX::cr_pubkey(int message, unsigned char *param, int len)
939 unsigned char buf[128] = "";
940 unsigned char msg = CMSG_ABORT;
943 l = CM_SIZEOFINF(CM_INFO_PUBKEY);
944 if (l<1 || l>(int)sizeof(e_crypt_rsa_n))
947 /* change to idle state */
948 cryptman_state(CM_ST_NULL);
949 /* deactivate listener */
950 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
952 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
953 cryptman_msg2peer(buf);
954 /* send message to user */
955 cryptman_msg2user(CU_ERROR_IND, "Remote Key Error");
958 CM_GETINF(CM_INFO_PUBKEY, e_crypt_rsa_n);
959 e_crypt_rsa_n_len = l;
960 l = CM_SIZEOFINF(CM_INFO_PUBEXPONENT);
961 if (l<1 || l>(int)sizeof(e_crypt_rsa_e))
963 CM_GETINF(CM_INFO_PUBEXPONENT, e_crypt_rsa_e);
964 e_crypt_rsa_e_len = l;
965 /* change to generating encrypted sessnion key state */
966 cryptman_state(CM_ST_CSKEY);
967 /* start generation of crypted session key */
968 cryptman_keyengine(CK_CPTRSA_REQ);
969 /* disable timeout */
973 /* key engine tells us that the crypted session key is ready */
974 void EndpointAppPBX::cr_cptrsa(int message, unsigned char *param, int len)
976 unsigned char buf[1024] = "";
977 unsigned char msg = CMSG_CSKEY;
979 /* change to wait for crypt engine state */
980 cryptman_state(CM_ST_WAIT_DELAY);
982 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
983 CM_ADDINF(CM_INFO_CSKEY, e_crypt_ckey_len, &e_crypt_ckey);
984 cryptman_msg2peer(buf);
985 /* deactivate listener */
986 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
991 /* now we waited for the remote to receive and decrypt the session key */
992 void EndpointAppPBX::cr_waitdelay(int message, unsigned char *param, int len)
994 /* change to wait for crypt engine state */
995 cryptman_state(CM_ST_WAIT_CRYPT);
996 /* disable timeout */
998 /* send message to crypt engine */
999 cryptman_msg2crengine(CC_ACTBF_REQ, e_crypt_key, e_crypt_key_len);
1002 /* remote sends us the crypted session key */
1003 void EndpointAppPBX::cr_cskey(int message, unsigned char *param, int len)
1005 unsigned char buf[128] = "";
1006 unsigned char msg = CMSG_ABORT;
1009 /* disable timeout */
1010 cryptman_timeout(0);
1011 l = CM_SIZEOFINF(CM_INFO_CSKEY);
1012 if (l<1 || l>(int)sizeof(e_crypt_ckey))
1014 /* change to idle state */
1015 cryptman_state(CM_ST_NULL);
1016 /* deactivate listener */
1017 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1019 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
1020 cryptman_msg2peer(buf);
1021 /* send message to user */
1022 cryptman_msg2user(CU_ERROR_IND, "Remote Key Error");
1025 CM_GETINF(CM_INFO_CSKEY, e_crypt_ckey);
1026 e_crypt_ckey_len = l;
1027 /* change to generating decrypted session key state */
1028 cryptman_state(CM_ST_SESSION);
1029 /* start generation of decrypted session key */
1030 cryptman_keyengine(CK_DECRSA_REQ);
1033 /* key engine tells us that the decrypted session key is ready */
1034 void EndpointAppPBX::cr_decrsa(int message, unsigned char *param, int len)
1036 /* change to wait for crypt engine state */
1037 cryptman_state(CM_ST_WAIT_CRYPT);
1038 /* deactivate listener */
1039 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1040 /* send message to crypt engine */
1041 cryptman_msg2crengine(CC_ACTBF_REQ, e_crypt_key, e_crypt_key_len);
1044 /* blowfish now active */
1045 void EndpointAppPBX::cr_bfactive(int message, unsigned char *param, int len)
1049 /* change to active state */
1050 cryptman_state(CM_ST_ACTIVE);
1051 /* send message to user */
1052 SPRINT(text, "PUB %02x%02x %02x%02x %02x%02x %02x%02x", e_crypt_key[0], e_crypt_key[1], e_crypt_key[2], e_crypt_key[3], e_crypt_key[4], e_crypt_key[5], e_crypt_key[6], e_crypt_key[7]);
1053 cryptman_msg2user(CU_ACTK_CONF, text);
1056 /* our crypt engine sends an error */
1057 void EndpointAppPBX::cr_crypterror(int message, unsigned char *param, int len)
1059 unsigned char buf[128] = "";
1060 unsigned char msg = CMSG_ABORT;
1062 /* change to idle state */
1063 cryptman_state(CM_ST_NULL);
1064 /* deactivate listener */
1065 cryptman_msg2crengine(CR_UNLISTEN_REQ, NULL, 0);
1067 CM_ADDINF(CM_INFO_MESSAGE, 1, &msg);
1068 cryptman_msg2peer(buf);
1069 /* send message to user */
1070 cryptman_msg2user(CU_ERROR_IND, "Blowfish Error");
1073 /* engine is done, now we are done with release */
1074 void EndpointAppPBX::cr_release(int message, unsigned char *param, int len)
1076 /* change to idle state */
1077 cryptman_state(CM_ST_NULL);
1080 /* activate using shared key */
1081 void EndpointAppPBX::cr_sactivate(int message, unsigned char *param, int len)
1083 /* change to 'wait for crypt engine' state */
1084 cryptman_state(CM_ST_SWAIT);
1085 /* disable timeout */
1086 cryptman_timeout(0);
1087 /* send key to crypt engine */
1088 cryptman_msg2crengine(CC_ACTBF_REQ, param, len);
1091 /* share key deactivation by the user */
1092 void EndpointAppPBX::cr_sdeactivate(int message, unsigned char *param, int len)
1094 /* deactivate encryption */
1095 cryptman_msg2crengine(CC_DACT_REQ, NULL, 0);
1097 cryptman_state(CM_ST_NULL);
1098 /* send message to user */
1099 cryptman_msg2user(CU_DACT_CONF, NULL);
1102 /* shared key abort */
1103 void EndpointAppPBX::cr_sabort(int message, unsigned char *param, int len)
1105 /* change to idle state */
1106 cryptman_state(CM_ST_NULL);
1107 /* send message to user */
1108 cryptman_msg2user(CU_DACT_IND, "Deactivated");
1111 /* shared key: our crypt engine sends an error */
1112 void EndpointAppPBX::cr_scrypterror(int message, unsigned char *param, int len)
1114 /* change to idle state */
1115 cryptman_state(CM_ST_NULL);
1116 /* send message to user */
1117 cryptman_msg2user(CU_ERROR_IND, "Blowfish Error");
1120 /* blowfish now active */
1121 void EndpointAppPBX::cr_sbfactive(int message, unsigned char *param, int len)
1125 /* change to active state */
1126 cryptman_state(CM_ST_SACTIVE);
1127 /* send message to user */
1128 SPRINT(text, "Call Secure");
1129 cryptman_msg2user(CU_ACTS_CONF, text);
1132 /* user requests info */
1133 void EndpointAppPBX::cr_info(int message, unsigned char *param, int len)
1135 /* send message to user */
1136 cryptman_msg2user(CU_INFO_CONF, e_crypt_info);
1142 void EndpointAppPBX::cryptman_message(int message, unsigned char *param, int len)
1144 char *msgtext = "<<UNKNOWN MESSAGE>>";
1146 if (message>=0 && message<cm_msg_num)
1147 msgtext = cm_msg_name[message];
1149 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) CRYPT MANAGER in state '%s' received message: %s len: %d\n", ea_endpoint->ep_serial, statename(e_crypt_state), msgtext, len);
1152 if (message == CU_INFO_REQ)
1153 { cr_info(message, param, len); return; }
1155 switch(e_crypt_state)
1159 if (message == CU_ACTK_REQ) /* request key-exchange encryption */
1160 { cr_activate(message, param, len); return; }
1161 if (message == CU_ACTS_REQ) /* request shared encryption */
1162 { cr_sactivate(message, param, len); return; }
1165 /* identifying state */
1167 if (message == CP_IDENT) /* request encryption */
1168 { cr_ident(message, param, len); return; }
1169 if (message == CP_SLAVE) /* we are slave */
1170 { cr_slave(message, param, len); return; }
1171 if (message == CP_MASTER) /* we are master */
1172 { cr_master(message, param, len); return; }
1173 if (message == CP_LOOPED) /* we are looped */
1174 { cr_looped(message, param, len); return; }
1175 if (message == CI_DISCONNECT_IND /* request aborting */
1176 || message == CT_TIMEOUT /* timeout */
1177 || message == CP_ABORT) /* request aborting */
1178 { cr_abort(message, param, len); return; }
1181 /* generating public key state */
1183 if (message == CK_GENRSA_CONF) /* public key is done */
1184 { cr_genrsa(message, param, len); return; }
1185 if (message == CK_ERROR_IND) /* key failed */
1186 { cr_keyerror(message, param, len); return; }
1187 if (message == CI_DISCONNECT_IND /* request aborting */
1188 || message == CP_ABORT) /* request aborting */
1189 { cr_abort_engine(message, param, len); return; }
1192 /* waiting for public key state */
1194 if (message == CP_PUBKEY) /* getting public key from remote */
1195 { cr_pubkey(message, param, len); return; }
1196 if (message == CI_DISCONNECT_IND /* request aborting */
1197 || message == CT_TIMEOUT /* timeout */
1198 || message == CP_ABORT) /* request aborting */
1199 { cr_abort(message, param, len); return; }
1202 /* generating crypted session key state */
1204 if (message == CK_CPTRSA_CONF) /* crypted session key is done */
1205 { cr_cptrsa(message, param, len); return; }
1206 if (message == CK_ERROR_IND) /* key failed */
1207 { cr_keyerror(message, param, len); return; }
1208 if (message == CI_DISCONNECT_IND /* request aborting */
1209 || message == CP_ABORT) /* request aborting */
1210 { cr_abort_engine(message, param, len); return; }
1213 /* waiting for crypted session key state */
1215 if (message == CP_CSKEY) /* getting crypted session key from remote */
1216 { cr_cskey(message, param, len); return; }
1217 if (message == CI_DISCONNECT_IND /* request aborting */
1218 || message == CT_TIMEOUT /* timeout */
1219 || message == CP_ABORT) /* request aborting */
1220 { cr_abort(message, param, len); return; }
1223 /* generating decrypted session key state */
1225 if (message == CK_DECRSA_CONF) /* decrypted is done */
1226 { cr_decrsa(message, param, len); return; }
1227 if (message == CK_ERROR_IND) /* key failed */
1228 { cr_keyerror(message, param, len); return; }
1229 if (message == CI_DISCONNECT_IND /* request aborting */
1230 || message == CP_ABORT) /* request aborting */
1231 { cr_abort_engine(message, param, len); return; }
1234 /* wait encryption on state */
1235 case CM_ST_WAIT_DELAY:
1236 if (message == CT_TIMEOUT) /* timeout of delay */
1237 { cr_waitdelay(message, param, len); return; }
1238 if (message == CC_ERROR_IND) /* encrpytion error */
1239 { cr_crypterror(message, param, len); return; }
1240 if (message == CI_DISCONNECT_IND /* request aborting */
1241 || message == CP_ABORT) /* request aborting */
1242 { cr_abort_wait(message, param, len); return; }
1245 /* wait encryption on state */
1246 case CM_ST_WAIT_CRYPT:
1247 if (message == CC_ACTBF_CONF) /* encrpytion active */
1248 { cr_bfactive(message, param, len); return; }
1249 if (message == CC_ERROR_IND) /* encrpytion error */
1250 { cr_crypterror(message, param, len); return; }
1251 if (message == CI_DISCONNECT_IND /* request aborting */
1252 || message == CP_ABORT) /* request aborting */
1253 { cr_abort_wait(message, param, len); return; }
1258 if (message == CU_DACT_REQ) /* deactivating encryption */
1259 { cr_deactivate(message, param, len); return; }
1260 if (message == CI_DISCONNECT_IND /* request aborting */
1261 || message == CP_ABORT) /* request aborting */
1262 { cr_abort(message, param, len); return; }
1266 /* engine done after abort state */
1268 if (message == CK_GENRSA_CONF /* engine done */
1269 || message == CK_CPTRSA_CONF /* engine done */
1270 || message == CK_DECRSA_CONF /* engine done */
1271 || message == CK_ERROR_IND) /* engine error */
1272 { cr_release(message, param, len); return; }
1275 /* shared active state */
1277 if (message == CU_DACT_REQ) /* deactivating encryption */
1278 { cr_sdeactivate(message, param, len); return; }
1279 if (message == CI_DISCONNECT_IND) /* request aborting */
1280 { cr_sabort(message, param, len); return; }
1283 /* wait shared encryption on state */
1285 if (message == CC_ACTBF_CONF) /* encrpytion active */
1286 { cr_sbfactive(message, param, len); return; }
1287 if (message == CC_ERROR_IND) /* encrpytion error */
1288 { cr_scrypterror(message, param, len); return; }
1289 if (message == CI_DISCONNECT_IND) /* request aborting */
1290 { cr_sabort(message, param, len); return; }
1295 PDEBUG(DEBUG_CRYPT, "message not handled in state %d\n", e_crypt_state);
1300 * analyze the message element within the received message from peer and call 'cryptman_message'
1302 void EndpointAppPBX::cryptman_msg2man(unsigned char *param, int len)
1308 /* check if frame is correct */
1309 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) message from peer to crypt_manager.\n", ea_endpoint->ep_serial);
1312 PDEBUG(DEBUG_CRYPT, "ignoring message with 0-length.\n");
1321 PDEBUG(DEBUG_CRYPT, "end of message without 0-termination.\n");
1326 PDEBUG(DEBUG_CRYPT, "message with element size, outside the frame length.\n");
1329 l = (p[1]<<8) + p[2];
1330 // PDEBUG(DEBUG_CRYPT, " inf %d (len = %d)\n", *p, l);
1333 PDEBUG(DEBUG_CRYPT, "message with element data, outside the frame length.\n");
1341 PDEBUG(DEBUG_CRYPT, "warning: received null-element before end of frame.\n");
1344 l = CM_SIZEOFINF(CM_INFO_MESSAGE);
1347 PDEBUG(DEBUG_CRYPT, "received message without (valid) message element (len = %d)\n", len);
1350 CM_GETINF(CM_INFO_MESSAGE, &msg);
1354 cryptman_message(CP_IDENT, param, len);
1357 cryptman_message(CP_SLAVE, param, len);
1360 cryptman_message(CP_MASTER, param, len);
1363 cryptman_message(CP_PUBKEY, param, len);
1366 cryptman_message(CP_CSKEY, param, len);
1369 cryptman_message(CP_ABORT, param, len);
1372 PDEBUG(DEBUG_CRYPT, "received unknown message element %d\n", msg);
1376 /* add information element to buffer
1378 void EndpointAppPBX::cryptman_addinf(unsigned char *buf, int buf_size, int element, int len, void *data)
1382 /* skip what we already have in the buffer */
1385 l = (buf[1]<<8) + buf[2];
1386 if (l >= buf_size-3)
1388 PERROR("EPOINT(%d) buffer overflow while adding information to peer message.\n", ea_endpoint->ep_serial);
1394 /* check if we have not enough space to add element including id, len, data, and the null-termination */
1395 if (len+4 > buf_size)
1397 PERROR("EPOINT(%d) cannot add element to message, because buffer would overflow.\n", ea_endpoint->ep_serial);
1403 memcpy(buf+3, data, len);
1407 /* get size of element in buffer
1409 int EndpointAppPBX::cryptman_sizeofinf(unsigned char *buf, int element)
1413 /* skip what we already have in the buffer */
1416 l = (buf[1]<<8) + buf[2];
1417 if (buf[0] == element)
1425 /* get information element from buffer
1427 unsigned char *EndpointAppPBX::cryptman_getinf(unsigned char *buf, int element, unsigned char *to)
1431 /* skip what we already have in the buffer */
1434 l = (buf[1]<<8) + buf[2];
1435 if (buf[0] == element)
1437 memcpy(to, buf+3, l);
1446 /* send message to peer
1448 void EndpointAppPBX::cryptman_msg2peer(unsigned char *buf)
1450 struct lcr_msg *message;
1451 unsigned char *p = buf;
1458 l = (p[1]<<8) + p[2];
1462 if (len+1 > (int)sizeof(message->param.crypt.data))
1464 PERROR("EPOINT(%d) message larger than allowed in param->crypt.data.\n", ea_endpoint->ep_serial);
1468 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_CRYPT);
1469 message->param.crypt.type = CR_MESSAGE_REQ;
1470 message->param.crypt.len = len+1;
1471 memcpy(message->param.crypt.data, buf, len+1);
1472 message_put(message);
1474 if (options.deb & DEBUG_CRYPT)
1476 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message\n", ea_endpoint->ep_serial);
1480 l = (p[1]<<8) + p[2];
1481 PDEBUG(DEBUG_CRYPT, " inf %d (len = %d)\n", p[0], l);
1488 /* send message to crypt engine
1490 void EndpointAppPBX::cryptman_msg2crengine(int msg, unsigned char *buf, int len)
1492 struct lcr_msg *message;
1494 if (len > (int)sizeof(message->param.crypt.data))
1496 PERROR("EPOINT(%d) message larger than allowed in param->crypt.data.\n", ea_endpoint->ep_serial);
1500 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_CRYPT);
1501 message->param.crypt.type = msg;
1502 message->param.crypt.len = len;
1504 memcpy(message->param.crypt.data, buf, len);
1505 message_put(message);
1507 if (options.deb & DEBUG_CRYPT)
1509 char *msgtext = "<<UNKNOWN MESSAGE>>";
1511 if (msg>=0 && msg<cm_msg_num)
1512 msgtext = cm_msg_name[msg];
1513 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message '%s' (len = %d)\n", ea_endpoint->ep_serial, msgtext, len);
1517 /* send message to user
1519 void EndpointAppPBX::cryptman_msg2user(int msg, char *text)
1521 struct lcr_msg *message;
1523 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1524 message->param.crypt.type = msg;
1527 SCPY(e_crypt_info, text);
1530 UNCPY((char *)message->param.crypt.data, e_crypt_info, sizeof(message->param.crypt.data)-1);
1531 message->param.crypt.len = strlen((char *)message->param.crypt.data)+1;
1533 message_put(message);
1535 if (options.deb & DEBUG_CRYPT)
1537 char *msgtext = "<<UNKNOWN MESSAGE>>";
1539 if (msg>=0 && msg<cm_msg_num)
1540 msgtext = cm_msg_name[msg];
1541 PDEBUG(DEBUG_CRYPT, "EPOINT(%d) sending message '%s' (text = %s)\n", ea_endpoint->ep_serial, msgtext, text?text:"");
1547 void EndpointAppPBX::cryptman_state(int state)
1549 PDEBUG(DEBUG_CRYPT, "Changing state from %s to %s\n", statename(e_crypt_state), statename(state));
1550 e_crypt_state = state;
1556 void EndpointAppPBX::cryptman_timeout(int secs)
1560 e_crypt_timeout_sec = now_tv.tv_sec+secs;
1561 e_crypt_timeout_usec = now_tv.tv_usec;
1562 PDEBUG(DEBUG_CRYPT, "Changing timeout to %d seconds\n", secs);
1565 e_crypt_timeout_sec = 0;
1566 e_crypt_timeout_usec = 0;
1567 PDEBUG(DEBUG_CRYPT, "turning timeout off\n", secs);
1571 /* encode a message to be sent via b-channel
1573 int cryptman_encode_bch(unsigned char *data, int len, unsigned char *buf, int buf_len)
1578 len--; /* without null-termination */
1579 if (buf_len < len+overhead)
1581 PERROR("frame too long for buffer");
1584 PDEBUG(DEBUG_CRYPT, "encoding a block of %d bytes.\n", len);
1586 /* write identification sequence to the header */
1587 UNCPY((char *)buf, "CRYPTMAN" ,8);
1589 /* length + checksumme */
1591 buf[1] = len & 0xff;
1592 crc = crc32(buf, 2);
1599 /* data + checksumme */
1600 memcpy(buf, data, len);
1601 crc = crc32(buf, len);
1608 return(len + overhead);
1611 /* decode a message from b-channel
1613 void PmISDN::cryptman_listen_bch(unsigned char *p, int l)
1616 struct lcr_msg *message;
1622 /* check for the keyword */
1623 if (p_m_crypt_listen_state == 0)
1625 while((*p++)!='C' && l)
1630 p_m_crypt_listen_state++;
1634 if (p_m_crypt_listen_state < 8)
1636 i = p_m_crypt_listen_state;
1640 if (*p++ != "CRYPTMAN"[i])
1642 p_m_crypt_listen_state = 0;
1645 p_m_crypt_listen_state++;
1653 /* high byte of length */
1654 if (p_m_crypt_listen_state == 8)
1656 p_m_crypt_listen_len = (*p++) << 8;
1657 p_m_crypt_listen_state++;
1661 /* low byte of length */
1662 if (p_m_crypt_listen_state == 9)
1664 p_m_crypt_listen_len += *p++;
1665 p_m_crypt_listen_state++;
1670 if (p_m_crypt_listen_state == 10)
1672 p_m_crypt_listen_crc = (*p++) << 24;
1673 p_m_crypt_listen_state++;
1677 if (p_m_crypt_listen_state == 11)
1679 p_m_crypt_listen_crc += (*p++) << 16;
1680 p_m_crypt_listen_state++;
1684 if (p_m_crypt_listen_state == 12)
1686 p_m_crypt_listen_crc += (*p++) << 8;
1687 p_m_crypt_listen_state++;
1691 if (p_m_crypt_listen_state == 13)
1693 unsigned char lencheck[2];
1694 p_m_crypt_listen_crc += *p++;
1696 lencheck[0] = p_m_crypt_listen_len >> 8;
1697 lencheck[1] = p_m_crypt_listen_len & 0xff;
1698 if (crc32(lencheck, 2) != p_m_crypt_listen_crc)
1700 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but checksumme of length is incorrect (must %08x is %08x\n", p_name, p_m_crypt_listen_len, crc32(lencheck, 2), p_m_crypt_listen_crc);
1701 p_m_crypt_listen_state = 0;
1704 if (p_m_crypt_listen_len > (int)sizeof(p_m_crypt_listen_msg))
1706 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but too big for buffer (%d bytes)\n", p_name, p_m_crypt_listen_len, sizeof(p_m_crypt_listen_msg));
1707 p_m_crypt_listen_state = 0;
1710 if (!p_m_crypt_listen_len)
1712 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of 0 bytes\n", p_name);
1713 p_m_crypt_listen_state = 0;
1716 p_m_crypt_listen_state++;
1721 while (p_m_crypt_listen_state>=14 && p_m_crypt_listen_state<(p_m_crypt_listen_len+14))
1723 p_m_crypt_listen_msg[p_m_crypt_listen_state-14] = *p++;
1724 p_m_crypt_listen_state++;
1729 if (p_m_crypt_listen_state == 14+p_m_crypt_listen_len)
1731 p_m_crypt_listen_crc = (*p++) << 24;
1732 p_m_crypt_listen_state++;
1736 if (p_m_crypt_listen_state == 15+p_m_crypt_listen_len)
1738 p_m_crypt_listen_crc += (*p++) << 16;
1739 p_m_crypt_listen_state++;
1743 if (p_m_crypt_listen_state == 16+p_m_crypt_listen_len)
1745 p_m_crypt_listen_crc += (*p++) << 8;
1746 p_m_crypt_listen_state++;
1750 if (p_m_crypt_listen_state == 17+p_m_crypt_listen_len)
1753 p_m_crypt_listen_crc += *p++;
1755 if (crc32(p_m_crypt_listen_msg, p_m_crypt_listen_len) != p_m_crypt_listen_crc)
1757 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes, but checksumme of data block is incorrect\n", p_name, p_m_crypt_listen_len);
1758 p_m_crypt_listen_state = 0;
1763 /* now send message */
1764 p_m_crypt_listen_state = 0;
1765 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes sending to crypt manager\n", p_name, p_m_crypt_listen_len);
1766 if ((int)sizeof(message->param.crypt.data) < p_m_crypt_listen_len+1) /* null-terminated */
1768 PDEBUG(DEBUG_CRYPT, "PmISDN(%s) received a block of %d bytes that is too large for message buffer\n", p_name, p_m_crypt_listen_len);
1773 message = message_create(p_serial, ACTIVE_EPOINT(p_epointlist), PORT_TO_EPOINT, MESSAGE_CRYPT);
1774 message->param.crypt.type = CR_MESSAGE_IND;
1775 message->param.crypt.len = p_m_crypt_listen_len+1; /* null termination */
1776 memcpy(message->param.crypt.data, p_m_crypt_listen_msg, p_m_crypt_listen_len);
1777 message_put(message);
1778 p_m_crypt_listen_state = 0;
1786 /* encrypt call using share secret (keypad function)
1788 void EndpointAppPBX::encrypt_shared(void)
1790 struct lcr_msg *message;
1795 char *auth_pointer, *crypt_pointer, *key_pointer;
1798 /* redisplay current crypt display */
1799 if (e_crypt != CRYPT_OFF)
1801 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption in progress, so we request the current message.\n", ea_endpoint->ep_serial);
1802 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1803 message->param.crypt.type = CU_INFO_REQ;
1804 message_put(message);
1808 if (check_external(&errstr, &port))
1811 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1812 SCPY(message->param.notifyinfo.display, errstr);
1813 message_put(message);
1814 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1819 /* check the key for the call */
1820 if (port->p_type==PORT_TYPE_DSS1_TE_OUT || port->p_type==PORT_TYPE_DSS1_NT_OUT)
1821 ret = parse_secrets((char *)e_ext.number, (char *)port->p_dialinginfo.id, &auth_pointer, &crypt_pointer, &key_pointer);
1824 if (!port->p_callerinfo.id[0])
1826 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) incoming remote call has no caller ID.\n", ea_endpoint->ep_serial);
1827 errstr = "No Remote ID";
1830 ret = parse_secrets((char *)e_ext.number, (char *)numberrize_callerinfo(port->p_callerinfo.id, port->p_callerinfo.ntype, options.national, options.international), &auth_pointer, &crypt_pointer, &key_pointer);
1834 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key was not found.\n", ea_endpoint->ep_serial);
1838 key = crypt_key((unsigned char *)key_pointer, &key_len);
1841 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key invalid.\n", ea_endpoint->ep_serial);
1842 errstr = "Invalid Key";
1847 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too long.\n", ea_endpoint->ep_serial);
1848 errstr = "Key Too Long";
1851 if (!!strcasecmp(auth_pointer, "manual"))
1853 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Wrong authentication method.\n", ea_endpoint->ep_serial);
1854 errstr = "Wrong Auth Type";
1857 if (!strcasecmp(crypt_pointer, "blowfish"))
1859 type = CC_ACTBF_REQ;
1862 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too short.\n", ea_endpoint->ep_serial);
1863 errstr = "Key Too Short";
1868 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key too long.\n", ea_endpoint->ep_serial);
1869 errstr = "Key Too Long";
1874 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Wrong crypt method.\n", ea_endpoint->ep_serial);
1875 errstr = "Wrong Crypt Type";
1879 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Key is ok, sending activation+key to cryptman.\n", ea_endpoint->ep_serial);
1880 /* setting display message and state */
1881 // SPRINT(e_crypt_display, "Shared Key");
1882 e_crypt = CRYPT_SWAIT;
1883 /* sending activation */
1884 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1885 message->param.crypt.type = CU_ACTS_REQ;
1886 message->param.crypt.len = key_len;
1887 memcpy(message->param.crypt.data, key, key_len);
1888 message_put(message);
1892 /* encrypt call using rsa authentication (keypad function)
1894 void EndpointAppPBX::encrypt_keyex(void)
1896 struct lcr_msg *message;
1900 /* redisplay current crypt display */
1901 if (e_crypt != CRYPT_OFF)
1903 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption in progress, so we request the current message.\n", ea_endpoint->ep_serial);
1904 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1905 message->param.crypt.type = CU_INFO_REQ;
1906 message_put(message);
1911 if (check_external(&errstr, &port))
1913 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1914 SCPY(message->param.notifyinfo.display, errstr);
1915 message_put(message);
1916 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1922 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1923 SCPY(message->param.notifyinfo.display, "Not Compiled");
1924 message_put(message);
1925 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1928 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Sending key-exchange activation to cryptman.\n", ea_endpoint->ep_serial);
1929 /* setting display message and state */
1930 // SPRINT(e_crypt_display, "Key-Exchange");
1931 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1932 SCPY(message->param.notifyinfo.display, "Key-Exchange");
1933 message_put(message);
1934 e_crypt = CRYPT_KWAIT;
1935 /* sending activation */
1936 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1937 message->param.crypt.type = CU_ACTK_REQ;
1938 message_put(message);
1943 /* turn encryption off (keypad function)
1945 void EndpointAppPBX::encrypt_off(void)
1947 struct lcr_msg *message;
1949 if (e_crypt!=CRYPT_ON && e_crypt!=CRYPT_OFF)
1951 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1952 SCPY(message->param.notifyinfo.display, "Please Wait");
1953 message_put(message);
1956 if (e_crypt == CRYPT_OFF)
1958 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1959 SCPY(message->param.notifyinfo.display, "No Encryption");
1960 message_put(message);
1961 set_tone(ea_endpoint->ep_portlist, "crypt_off");
1966 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) Sending deactivation to cryptman.\n", ea_endpoint->ep_serial);
1967 /* setting display message and state */
1968 // SPRINT(e_crypt_display, "Deactivating");
1969 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1970 SCPY(message->param.notifyinfo.display, "Deactivating");
1971 message_put(message);
1972 e_crypt = CRYPT_RELEASE;
1973 /* sending activation */
1974 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_join_id, EPOINT_TO_JOIN, MESSAGE_CRYPT);
1975 message->param.crypt.type = CU_DACT_REQ;
1976 message_put(message);
1980 /* messages from manager to endpoint
1982 void EndpointAppPBX::encrypt_result(int msg, char *text)
1984 struct lcr_msg *message;
1990 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption now active.\n", ea_endpoint->ep_serial);
1991 set_tone(ea_endpoint->ep_portlist, "crypt_on");
1995 if (text) if (text[0])
1997 SCPY(e_crypt_info, text);
1998 message = message_create(ea_endpoint->ep_serial, ea_endpoint->ep_portlist->port_id, EPOINT_TO_PORT, MESSAGE_NOTIFY);
1999 SCPY(message->param.notifyinfo.display, e_crypt_info);
2000 message_put(message);
2005 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption error. (%s)\n", ea_endpoint->ep_serial, text);
2006 set_tone(ea_endpoint->ep_portlist, "crypt_off");
2008 e_crypt = CRYPT_OFF;
2014 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) encryption now off. (%s)\n", ea_endpoint->ep_serial, text);
2015 set_tone(ea_endpoint->ep_portlist, "crypt_off");
2017 e_crypt = CRYPT_OFF;
2023 PDEBUG(DEBUG_EPOINT, "EPOINT(%d) information. (%s)\n", ea_endpoint->ep_serial, text);
2028 PERROR("EPOINT(%d) crypt manager sends us an invalid message. (type = %d)\n", ea_endpoint->ep_serial, msg);