#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#include "openssl/aes.h"
Go to the source code of this file.
Defines | |
#define | AST_KEY_PRIVATE (1 << 1) |
#define | AST_KEY_PUBLIC (1 << 0) |
Typedefs | |
typedef AES_KEY | ast_aes_decrypt_key |
typedef AES_KEY | ast_aes_encrypt_key |
Functions | |
void | ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx) |
AES decrypt data. | |
void | ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx) |
AES encrypt data. | |
int | ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx) |
Set a decryption key. | |
int | ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx) |
Set an encryption key. | |
int | ast_check_signature (struct ast_key *key, const char *msg, const char *sig) |
Check the authenticity of a message signature using a given public key. | |
int | ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) |
Check the authenticity of a message signature using a given public key. | |
int | ast_crypto_loaded (void) |
int | ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
Decrypt a message using a given private key. | |
int | ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
Encrypt a message using a given private key. | |
ast_key * | ast_key_get (const char *key, int type) |
Retrieve a key. | |
int | ast_sign (struct ast_key *key, char *msg, char *sig) |
Sign a message signature using a given private key. | |
int | ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig) |
Sign a message signature using a given private key. |
Definition in file crypto.h.
#define AST_KEY_PRIVATE (1 << 1) |
Definition at line 43 of file crypto.h.
Referenced by ast_decrypt_bin(), ast_sign_bin(), authenticate(), check_key(), pw_cb(), try_load_key(), and update_key().
#define AST_KEY_PUBLIC (1 << 0) |
Definition at line 42 of file crypto.h.
Referenced by ast_check_signature_bin(), ast_encrypt_bin(), authenticate_verify(), check_key(), handle_cli_keys_show(), register_verify(), try_load_key(), and update_key().
typedef AES_KEY ast_aes_decrypt_key |
typedef AES_KEY ast_aes_encrypt_key |
void ast_aes_decrypt | ( | const unsigned char * | in, | |
unsigned char * | out, | |||
const ast_aes_decrypt_key * | ctx | |||
) |
AES decrypt data.
in | encrypted data | |
out | pointer to a buffer to hold the decrypted output | |
ctx | address of an aes encryption context filled in with ast_aes_set_decrypt_key |
Definition at line 477 of file res_crypto.c.
Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().
00478 { 00479 return AES_decrypt(in, out, ctx); 00480 }
void ast_aes_encrypt | ( | const unsigned char * | in, | |
unsigned char * | out, | |||
const ast_aes_encrypt_key * | ctx | |||
) |
AES encrypt data.
in | data to be encrypted | |
out | pointer to a buffer to hold the encrypted output | |
ctx | address of an aes encryption context filled in with ast_aes_set_encrypt_key |
Definition at line 472 of file res_crypto.c.
Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().
00473 { 00474 return AES_encrypt(in, out, ctx); 00475 }
int ast_aes_set_decrypt_key | ( | const unsigned char * | key, | |
ast_aes_decrypt_key * | ctx | |||
) |
Set a decryption key.
key | a 16 char key | |
ctx | address of an aes encryption context |
0 | success | |
nonzero | failure |
Definition at line 467 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().
00468 { 00469 return AES_set_decrypt_key(key, 128, ctx); 00470 }
int ast_aes_set_encrypt_key | ( | const unsigned char * | key, | |
ast_aes_encrypt_key * | ctx | |||
) |
Set an encryption key.
key | a 16 char key | |
ctx | address of an aes encryption context |
0 | success | |
nonzero | failure |
Definition at line 462 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().
00463 { 00464 return AES_set_encrypt_key(key, 128, ctx); 00465 }
int ast_check_signature | ( | struct ast_key * | key, | |
const char * | msg, | |||
const char * | sig | |||
) |
Check the authenticity of a message signature using a given public key.
Definition at line 441 of file res_crypto.c.
References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.
Referenced by authenticate_verify(), and register_verify().
00442 { 00443 unsigned char dsig[128]; 00444 int res; 00445 00446 /* Decode signature */ 00447 if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) { 00448 ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res); 00449 return -1; 00450 } 00451 00452 res = ast_check_signature_bin(key, msg, strlen(msg), dsig); 00453 00454 return res; 00455 }
int ast_check_signature_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
const unsigned char * | dsig | |||
) |
Check the authenticity of a message signature using a given public key.
Definition at line 412 of file res_crypto.c.
References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_check_signature(), and check_key().
00413 { 00414 unsigned char digest[20]; 00415 int res; 00416 00417 if (key->ktype != AST_KEY_PUBLIC) { 00418 /* Okay, so of course you really *can* but for our purposes 00419 we're going to say you can't */ 00420 ast_log(LOG_WARNING, "Cannot check message signature with a private key\n"); 00421 return -1; 00422 } 00423 00424 /* Calculate digest of message */ 00425 SHA1((unsigned char *)msg, msglen, digest); 00426 00427 /* Verify signature */ 00428 if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) { 00429 ast_debug(1, "Key failed verification: %s\n", key->name); 00430 return -1; 00431 } 00432 00433 /* Pass */ 00434 return 0; 00435 }
int ast_crypto_loaded | ( | void | ) |
int ast_decrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) |
Decrypt a message using a given private key.
Definition at line 332 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by check_key().
00333 { 00334 int res, pos = 0; 00335 00336 if (key->ktype != AST_KEY_PRIVATE) { 00337 ast_log(LOG_WARNING, "Cannot decrypt with a public key\n"); 00338 return -1; 00339 } 00340 00341 if (srclen % 128) { 00342 ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n"); 00343 return -1; 00344 } 00345 00346 while (srclen) { 00347 /* Process chunks 128 bytes at a time */ 00348 if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) { 00349 return -1; 00350 } 00351 pos += res; 00352 src += 128; 00353 srclen -= 128; 00354 dst += res; 00355 } 00356 00357 return pos; 00358 }
int ast_encrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) |
Encrypt a message using a given private key.
Definition at line 364 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by update_key().
00365 { 00366 int res, bytes, pos = 0; 00367 00368 if (key->ktype != AST_KEY_PUBLIC) { 00369 ast_log(LOG_WARNING, "Cannot encrypt with a private key\n"); 00370 return -1; 00371 } 00372 00373 while (srclen) { 00374 bytes = srclen; 00375 if (bytes > 128 - 41) { 00376 bytes = 128 - 41; 00377 } 00378 /* Process chunks 128-41 bytes at a time */ 00379 if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) { 00380 ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res); 00381 return -1; 00382 } 00383 src += bytes; 00384 srclen -= bytes; 00385 pos += res; 00386 dst += res; 00387 } 00388 return pos; 00389 }
struct ast_key* ast_key_get | ( | const char * | kname, | |
int | ktype | |||
) |
Retrieve a key.
Definition at line 137 of file res_crypto.c.
References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::list.
Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().
00138 { 00139 struct ast_key *key; 00140 00141 AST_RWLIST_RDLOCK(&keys); 00142 AST_RWLIST_TRAVERSE(&keys, key, list) { 00143 if (!strcmp(kname, key->name) && 00144 (ktype == key->ktype)) { 00145 break; 00146 } 00147 } 00148 AST_RWLIST_UNLOCK(&keys); 00149 00150 return key; 00151 }
int ast_sign | ( | struct ast_key * | key, | |
char * | msg, | |||
char * | sig | |||
) |
Sign a message signature using a given private key.
Definition at line 395 of file res_crypto.c.
References ast_base64encode(), and ast_sign_bin().
Referenced by authenticate().
00396 { 00397 unsigned char dsig[128]; 00398 int siglen = sizeof(dsig), res; 00399 00400 if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) { 00401 /* Success -- encode (256 bytes max as documented) */ 00402 ast_base64encode(sig, dsig, siglen, 256); 00403 } 00404 00405 return res; 00406 }
int ast_sign_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
unsigned char * | dsig | |||
) |
Sign a message signature using a given private key.
Definition at line 300 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_sign(), and update_key().
00301 { 00302 unsigned char digest[20]; 00303 unsigned int siglen = 128; 00304 int res; 00305 00306 if (key->ktype != AST_KEY_PRIVATE) { 00307 ast_log(LOG_WARNING, "Cannot sign with a public key\n"); 00308 return -1; 00309 } 00310 00311 /* Calculate digest of message */ 00312 SHA1((unsigned char *)msg, msglen, digest); 00313 00314 /* Verify signature */ 00315 if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) { 00316 ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name); 00317 return -1; 00318 } 00319 00320 if (siglen != 128) { 00321 ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128); 00322 return -1; 00323 } 00324 00325 return 0; 00326 }