static TEE_Result ree_fs_ta_read(struct user_ta_store_handle *h, void *data,
size_t len)
{
struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h;
uint8_t *src = (uint8_t *)handle->nw_ta + handle->offs;
uint8_t *dst = src;
TEE_Result res;
if (handle->offs + len > handle->nw_ta_size)
return TEE_ERROR_BAD_PARAMETERS;
if (data) {
dst = data; /* Hash secure buffer (shm might be modified) */
memcpy(dst, src, len);
}
res = crypto_hash_update(handle->hash_ctx, handle->hash_algo, dst, len);
if (res != TEE_SUCCESS)
return TEE_ERROR_SECURITY;
handle->offs += len;
if (handle->offs == handle->nw_ta_size) {
/*
* Last read: time to check if our digest matches the expected
* one (from the signed header)
*/
res = check_digest(handle);
}
return res;
}
/**
* perform SIP message sanity check
* @param _msg - SIP message structure
* @param msg_checks - bitmask of sanity tests to perform over message
* @param uri_checks - bitmask of sanity tests to perform over uri
* @return -1 on error, 0 on tests failure, 1 on success
*/
int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks)
{
int ret;
ret = SANITY_CHECK_PASSED;
if (SANITY_RURI_SIP_VERSION & msg_checks &&
(ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_RURI_SCHEME & msg_checks &&
(ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_REQUIRED_HEADERS & msg_checks &&
(ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_VIA_SIP_VERSION & msg_checks &&
(ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_VIA_PROTOCOL & msg_checks &&
(ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CSEQ_METHOD & msg_checks &&
(ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CSEQ_VALUE & msg_checks &&
(ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CL & msg_checks &&
(ret = check_cl(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_EXPIRES_VALUE & msg_checks &&
(ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_PROXY_REQUIRE & msg_checks &&
(ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_PARSE_URIS & msg_checks &&
(ret = check_parse_uris(_msg, uri_checks)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CHECK_DIGEST & msg_checks &&
(ret = check_digest(_msg, uri_checks)) != SANITY_CHECK_PASSED) {
goto done;
}
done:
return ret;
}
static int auth_check(struct connstruct *cn)
{
char line[MAXREQUESTLENGTH];
FILE *fp;
char *cp;
if ((fp = exist_check(cn, ".htpasswd")) == NULL)
return 0; /* no .htpasswd file, so let though */
if (cn->authorization[0] == 0)
goto error;
/* cn->authorization is in form "username:password" */
if ((cp = strchr(cn->authorization, ':')) == NULL)
goto error;
else
*cp++ = 0; /* cp becomes the password */
while (fgets(line, sizeof(line), fp) != NULL) {
char *b64_file_passwd;
int l = strlen(line);
/* nuke newline */
if (line[l - 1] == '\n')
line[l - 1] = 0;
/* line is form "username:salt(b64)$password(b64)" */
if ((b64_file_passwd = strchr(line, ':')) == NULL)
continue;
*b64_file_passwd++ = 0;
if (strcmp(line, cn->authorization)) /* our user? */
continue;
if (check_digest(b64_file_passwd, cp) == 0) {
fclose(fp);
return 0;
}
}
error:
fclose(fp);
send_authenticate(cn, cn->server_name);
return -1;
}
static int sanity_check(struct sip_msg* _msg, char* _number, char* _arg) {
int ret, check, arg;
if (_number == NULL) {
check = default_checks;
}
else {
check = (int)(long)_number;
}
if (_arg == NULL) {
arg = uri_checks;
}
else {
arg = (int)(long)_arg;
}
if (SANITY_RURI_SIP_VERSION & check &&
(ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_RURI_SCHEME & check &&
(ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_REQUIRED_HEADERS & check &&
(ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_VIA_SIP_VERSION & check &&
(ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_VIA_PROTOCOL & check &&
(ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_CSEQ_METHOD & check &&
(ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_CSEQ_VALUE & check &&
(ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_CL & check &&
(ret = check_cl(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_EXPIRES_VALUE & check &&
(ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_PROXY_REQUIRE & check &&
(ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_PARSE_URIS & check &&
(ret = check_parse_uris(_msg, arg)) != SANITY_CHECK_PASSED) {
return ret;
}
if (SANITY_CHECK_DIGEST & check &&
(ret = check_digest(_msg, arg)) != SANITY_CHECK_PASSED) {
return ret;
}
DBG("all sanity checks passed\n");
/* nobody complained so everything is fine */
return 1;
}
/**
* perform SIP message sanity check
* @param _msg - SIP message structure
* @param msg_checks - bitmask of sanity tests to perform over message
* @param uri_checks - bitmask of sanity tests to perform over uri
* @return -1 on error, 0 on tests failure, 1 on success
*/
int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks)
{
int ret;
if(ksr_sanity_noreply!=0) {
ksr_sanity_info_init();
}
ret = SANITY_CHECK_PASSED;
if (SANITY_RURI_SIP_VERSION & msg_checks &&
(ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_RURI_SCHEME & msg_checks &&
(ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_REQUIRED_HEADERS & msg_checks &&
(ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_VIA1_HEADER & msg_checks &&
(ret = check_via1_header(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_VIA_SIP_VERSION & msg_checks &&
(ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_VIA_PROTOCOL & msg_checks &&
(ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CSEQ_METHOD & msg_checks &&
(ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CSEQ_VALUE & msg_checks &&
(ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CL & msg_checks &&
(ret = check_cl(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_EXPIRES_VALUE & msg_checks &&
(ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_PROXY_REQUIRE & msg_checks &&
(ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_PARSE_URIS & msg_checks &&
(ret = check_parse_uris(_msg, uri_checks)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CHECK_DIGEST & msg_checks &&
(ret = check_digest(_msg, uri_checks)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CHECK_AUTHORIZATION & msg_checks &&
(ret = check_authorization(_msg, uri_checks)) != SANITY_CHECK_PASSED) {
goto done;
}
if (SANITY_CHECK_DUPTAGS & msg_checks &&
(ret = check_duptags(_msg)) != SANITY_CHECK_PASSED) {
goto done;
}
done:
return ret;
}
