Mon Mar 19 11:30:46 2012

Asterisk developer's documentation


crypto.h File Reference

Provide cryptographic signature routines. More...

#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#include "openssl/aes.h"

Go to the source code of this file.

Defines

#define AST_KEY_PRIVATE   (1 << 1)
#define AST_KEY_PUBLIC   (1 << 0)

Typedefs

typedef AES_KEY ast_aes_decrypt_key
typedef AES_KEY ast_aes_encrypt_key

Functions

void ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
 AES decrypt data.
void ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
 AES encrypt data.
int ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
 Set a decryption key.
int ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
 Set an encryption key.
int ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_crypto_loaded (void)
int ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Decrypt a message using a given private key.
int ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Encrypt a message using a given private key.
ast_keyast_key_get (const char *key, int type)
 Retrieve a key.
int ast_sign (struct ast_key *key, char *msg, char *sig)
 Sign a message signature using a given private key.
int ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
 Sign a message signature using a given private key.


Detailed Description

Provide cryptographic signature routines.

Definition in file crypto.h.


Define Documentation

#define AST_KEY_PRIVATE   (1 << 1)

Definition at line 43 of file crypto.h.

Referenced by ast_decrypt_bin(), ast_sign_bin(), authenticate(), check_key(), pw_cb(), try_load_key(), and update_key().

#define AST_KEY_PUBLIC   (1 << 0)

Definition at line 42 of file crypto.h.

Referenced by ast_check_signature_bin(), ast_encrypt_bin(), authenticate_verify(), check_key(), handle_cli_keys_show(), register_verify(), try_load_key(), and update_key().


Typedef Documentation

typedef AES_KEY ast_aes_decrypt_key

Definition at line 36 of file crypto.h.

typedef AES_KEY ast_aes_encrypt_key

Definition at line 35 of file crypto.h.


Function Documentation

void ast_aes_decrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_decrypt_key ctx 
)

AES decrypt data.

Parameters:
in encrypted data
out pointer to a buffer to hold the decrypted output
ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key

Definition at line 477 of file res_crypto.c.

Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().

00478 {
00479    return AES_decrypt(in, out, ctx);
00480 }

void ast_aes_encrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_encrypt_key ctx 
)

AES encrypt data.

Parameters:
in data to be encrypted
out pointer to a buffer to hold the encrypted output
ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key

Definition at line 472 of file res_crypto.c.

Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().

00473 {
00474    return AES_encrypt(in, out, ctx);
00475 }

int ast_aes_set_decrypt_key ( const unsigned char *  key,
ast_aes_decrypt_key ctx 
)

Set a decryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 467 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().

00468 {
00469    return AES_set_decrypt_key(key, 128, ctx);
00470 }

int ast_aes_set_encrypt_key ( const unsigned char *  key,
ast_aes_encrypt_key ctx 
)

Set an encryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 462 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().

00463 {
00464    return AES_set_encrypt_key(key, 128, ctx);
00465 }

int ast_check_signature ( struct ast_key key,
const char *  msg,
const char *  sig 
)

Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature

Definition at line 441 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.

Referenced by authenticate_verify(), and register_verify().

00442 {
00443    unsigned char dsig[128];
00444    int res;
00445 
00446    /* Decode signature */
00447    if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
00448       ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
00449       return -1;
00450    }
00451 
00452    res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
00453 
00454    return res;
00455 }

int ast_check_signature_bin ( struct ast_key key,
const char *  msg,
int  msglen,
const unsigned char *  dsig 
)

Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature_bin

Definition at line 412 of file res_crypto.c.

References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_check_signature(), and check_key().

00413 {
00414    unsigned char digest[20];
00415    int res;
00416 
00417    if (key->ktype != AST_KEY_PUBLIC) {
00418       /* Okay, so of course you really *can* but for our purposes
00419          we're going to say you can't */
00420       ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
00421       return -1;
00422    }
00423 
00424    /* Calculate digest of message */
00425    SHA1((unsigned char *)msg, msglen, digest);
00426 
00427    /* Verify signature */
00428    if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
00429       ast_debug(1, "Key failed verification: %s\n", key->name);
00430       return -1;
00431    }
00432 
00433    /* Pass */
00434    return 0;
00435 }

int ast_crypto_loaded ( void   ) 

Definition at line 457 of file res_crypto.c.

00458 {
00459    return 1;
00460 }

int ast_decrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Decrypt a message using a given private key.

See also:
ast_decrypt_bin

Definition at line 332 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by check_key().

00333 {
00334    int res, pos = 0;
00335 
00336    if (key->ktype != AST_KEY_PRIVATE) {
00337       ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
00338       return -1;
00339    }
00340 
00341    if (srclen % 128) {
00342       ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
00343       return -1;
00344    }
00345 
00346    while (srclen) {
00347       /* Process chunks 128 bytes at a time */
00348       if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
00349          return -1;
00350       }
00351       pos += res;
00352       src += 128;
00353       srclen -= 128;
00354       dst += res;
00355    }
00356 
00357    return pos;
00358 }

int ast_encrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Encrypt a message using a given private key.

See also:
ast_encrypt_bin

Definition at line 364 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by update_key().

00365 {
00366    int res, bytes, pos = 0;
00367 
00368    if (key->ktype != AST_KEY_PUBLIC) {
00369       ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
00370       return -1;
00371    }
00372 
00373    while (srclen) {
00374       bytes = srclen;
00375       if (bytes > 128 - 41) {
00376          bytes = 128 - 41;
00377       }
00378       /* Process chunks 128-41 bytes at a time */
00379       if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
00380          ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
00381          return -1;
00382       }
00383       src += bytes;
00384       srclen -= bytes;
00385       pos += res;
00386       dst += res;
00387    }
00388    return pos;
00389 }

struct ast_key* ast_key_get ( const char *  kname,
int  ktype 
)

Retrieve a key.

See also:
ast_key_get

Definition at line 137 of file res_crypto.c.

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::list.

Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

00138 {
00139    struct ast_key *key;
00140 
00141    AST_RWLIST_RDLOCK(&keys);
00142    AST_RWLIST_TRAVERSE(&keys, key, list) {
00143       if (!strcmp(kname, key->name) &&
00144           (ktype == key->ktype)) {
00145          break;
00146       }
00147    }
00148    AST_RWLIST_UNLOCK(&keys);
00149 
00150    return key;
00151 }

int ast_sign ( struct ast_key key,
char *  msg,
char *  sig 
)

Sign a message signature using a given private key.

See also:
ast_sign

Definition at line 395 of file res_crypto.c.

References ast_base64encode(), and ast_sign_bin().

Referenced by authenticate().

00396 {
00397    unsigned char dsig[128];
00398    int siglen = sizeof(dsig), res;
00399 
00400    if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
00401       /* Success -- encode (256 bytes max as documented) */
00402       ast_base64encode(sig, dsig, siglen, 256);
00403    }
00404 
00405    return res;
00406 }

int ast_sign_bin ( struct ast_key key,
const char *  msg,
int  msglen,
unsigned char *  dsig 
)

Sign a message signature using a given private key.

See also:
ast_sign_bin

Definition at line 300 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_sign(), and update_key().

00301 {
00302    unsigned char digest[20];
00303    unsigned int siglen = 128;
00304    int res;
00305 
00306    if (key->ktype != AST_KEY_PRIVATE) {
00307       ast_log(LOG_WARNING, "Cannot sign with a public key\n");
00308       return -1;
00309    }
00310 
00311    /* Calculate digest of message */
00312    SHA1((unsigned char *)msg, msglen, digest);
00313 
00314    /* Verify signature */
00315    if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
00316       ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
00317       return -1;
00318    }
00319 
00320    if (siglen != 128) {
00321       ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
00322       return -1;
00323    }
00324 
00325    return 0;
00326 }


Generated on Mon Mar 19 11:30:46 2012 for Asterisk - The Open Source Telephony Project by  doxygen 1.4.7