Index: include/eXosip2/eX_auth.h =================================================================== --- include/eXosip2/eX_auth.h (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 0) +++ include/eXosip2/eX_auth.h (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -0,0 +1,40 @@ +/* + eXosip - This is the eXtended osip library. + Copyright (C) 2002,2003,2004,2005,2006,2007 Aymeric MOIZARD - jack@atosc.org + + This file eX_auth.h is Copyright (C) 2008 Carlos Rivera + - carlos@superkaos.org + + eXosip is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + eXosip is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#ifndef __EX_AUTH_H__ +#define __EX_AUTH_H__ + +#ifdef __cplusplus +extern "C" +{ +#endif + int eXosip_authenticate_digest (const char* username, + const char* realm, + const char* password, + const char* uri, + const char* nonce, + const char* method, + const char* digest_to_compare); + + void eXosip_generate_nonce (char** nonce, const char* etag, const char* key); + int eXosip_validate_nonce (const char* nonce); +#endif Index: include/eXosip2/eXosip.h =================================================================== --- include/eXosip2/eXosip.h (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 3519) +++ include/eXosip2/eXosip.h (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -33,6 +33,7 @@ #include #include #include +#include #include #include Index: src/eXauth.c =================================================================== --- src/eXauth.c (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 0) +++ src/eXauth.c (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -0,0 +1,154 @@ +/* + eXosip - This is the eXtended osip library. + Copyright (C) 2002,2003,2004,2005,2006,2007 Aymeric MOIZARD - jack@atosc.org + + This file eX_auth.h is Copyright (C) 2008 Carlos Rivera + - carlos@superkaos.org + + eXosip is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + eXosip is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +//#define DEBUG +#include +#include "eXosip2.h" +#include + +#define HASHHEXLEN 32 +#define NONCELEN 64 +#define NONCE_TTL 300 + +/** + * Generate a nonce following the suggestion of rfc2617: + * + * time-stamp H(time-stamp ":" ETag ":" private-key) + * + */ +void eXosip_generate_nonce (char** nonce, + const char* etag, + const char* key) +{ + char tss[16]; + int tss_size; + time_t ts = time (NULL); + char hash[HASHHEXLEN+1]; + char unencoded_nonce[NONCELEN+1]; + int unencoded_len; + int new_len; + + osip_MD5_CTX md5_ctx; + + tss_size = snprintf (tss, sizeof(tss), "%ld", (long) ts); + + osip_MD5Init (&md5_ctx); + osip_MD5Update (&md5_ctx, (unsigned char *) tss, tss_size); + osip_MD5Update (&md5_ctx, (unsigned char *) ":", 1); + osip_MD5Update (&md5_ctx, (unsigned char *) etag, strlen (etag)); + osip_MD5Update (&md5_ctx, (unsigned char *) ":", 1); + osip_MD5Update (&md5_ctx, (unsigned char *) key, strlen (key)); + osip_MD5Final ((unsigned char *) hash, &md5_ctx); + + unencoded_len = snprintf (unencoded_nonce, NONCELEN+1, "%s %s", tss, hash); + + *nonce = base64_encode_string (unencoded_nonce, unencoded_len, &new_len); +} + + +/** + * Validate that the timestamp encoded in nonce is valid. + */ +int eXosip_validate_nonce (const char* nonce) +{ + int len; + char* quoteless_nonce = osip_strdup_without_quote (nonce); + char* unencoded_nonce; + time_t tss; + time_t now = time (NULL); + + unencoded_nonce = base64_decode_string (quoteless_nonce, + strlen (quoteless_nonce), + &len); + + sscanf (unencoded_nonce, "%ld ", &tss); + + free (unencoded_nonce); + free (quoteless_nonce); + + if ((now - tss) > NONCE_TTL) + { + return 1; /* nonce expired, TTL exceeded */ + } + + return 0; /* nonce accepted */ +} + + + +/** + * Calculate a digest given the input parameters and compare it + * to digest_to_compare. It returns the return value of the call to strncmp + * with the two said strings as args. + */ +int eXosip_authenticate_digest (const char* username, + const char* realm, + const char* password, + const char* uri, + const char* nonce, + const char* method, + const char* digest_to_compare) +{ + osip_www_authenticate_t* www_auth; + osip_authorization_t* auth; + int ret_val; + + char* quoteless_username = osip_strdup_without_quote (username); + char* quoteless_uri = osip_strdup_without_quote (uri); + + + osip_www_authenticate_init (&www_auth); + osip_www_authenticate_set_auth_type (www_auth, "Digest"); + osip_www_authenticate_set_realm (www_auth, realm); + osip_www_authenticate_set_nonce (www_auth, nonce); + osip_www_authenticate_set_algorithm (www_auth, "\"MD5\""); + + __eXosip_create_authorization_header (www_auth, + quoteless_uri, + quoteless_username, + password, + NULL, + &auth, + method, + NULL, + 0); + +#ifdef DEBUG + printf ("eXauth.c: auth->uri = %s\n", auth->uri); + printf ("eXauth.c: auth->username = %s\n", auth->username); + printf ("eXauth.c: auth->realm = %s\n", auth->realm); + printf ("eXauth.c: auth->nonce = %s\n", auth->nonce); + printf ("eXauth.c: auth->algorithm = %s\n", auth->algorithm); + printf ("eXauth.c: method = %s\n", method); + printf ("eXauth.c: auth->response = %s\n", auth->response); + printf ("eXauth.c: digest_to_compare = %s\n", digest_to_compare); +#endif + + ret_val = strncmp (auth->response, digest_to_compare, HASHHEXLEN); + + osip_free (www_auth); + osip_free (auth); + osip_free (quoteless_username); + osip_free (quoteless_uri); + + return ret_val; +} Index: src/Makefile.in =================================================================== --- src/Makefile.in (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 3519) +++ src/Makefile.in (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -75,7 +75,7 @@ rijndael.c milenage.h rijndael.h eXsubscription_api.c \ eXoptions_api.c eXinsubscription_api.c eXpublish_api.c \ jnotify.c jsubscribe.c inet_ntop.c inet_ntop.h jpipe.c jpipe.h \ - eXrefer_api.c jpublish.c sdp_offans.c + eXrefer_api.c jpublish.c sdp_offans.c eXauth.c @BUILD_MAXSIZE_TRUE@am__objects_1 = eXsubscription_api.lo \ @BUILD_MAXSIZE_TRUE@ eXoptions_api.lo eXinsubscription_api.lo \ @BUILD_MAXSIZE_TRUE@ eXpublish_api.lo jnotify.lo jsubscribe.lo \ @@ -85,7 +85,7 @@ eXcall_api.lo eXmessage_api.lo eXtransport.lo jrequest.lo \ jresponse.lo jcallback.lo jdialog.lo udp.lo jcall.lo jreg.lo \ eXutils.lo jevents.lo misc.lo jauth.lo eXtl.lo eXtl_udp.lo \ - eXtl_tcp.lo eXtl_dtls.lo eXtl_tls.lo milenage.lo rijndael.lo \ + eXtl_tcp.lo eXtl_dtls.lo eXtl_tls.lo milenage.lo rijndael.lo eXauth.lo \ $(am__objects_1) libeXosip2_la_OBJECTS = $(am_libeXosip2_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) Index: src/jauth.c =================================================================== --- src/jauth.c (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 3519) +++ src/jauth.c (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -314,7 +314,7 @@ } -static char *base64_decode_string(const char *buf, unsigned int len, int *newlen) +char *base64_decode_string(const char *buf, unsigned int len, int *newlen) { int i,j,x1,x2,x3,x4; char *out; @@ -359,7 +359,7 @@ } char base64[64]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static char *base64_encode_string(const char *buf, unsigned int len, int *newlen) +char *base64_encode_string(const char *buf, unsigned int len, int *newlen) { int i,k; int triplets,rest; Index: src/eXosip2.h =================================================================== --- src/eXosip2.h (.../vendor/libeXosip2/libeXosip2-3.1.0) (revision 3519) +++ src/eXosip2.h (.../trunk/RemoteStations/Koala_baobab/ThirdPartyLibs/libeXosip2) (revision 3519) @@ -674,6 +674,9 @@ int _eXosip_handle_incoming_message (char *buf, size_t len, int socket, char *host, int port); + char *base64_encode_string(const char *buf, unsigned int len, int *newlen); + char *base64_decode_string(const char *buf, unsigned int len, int *newlen); + #ifdef __cplusplus } #endif