#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#include "openssl/aes.h"
Go to the source code of this file.
Defines | |
#define | AST_KEY_PRIVATE (1 << 1) |
#define | AST_KEY_PUBLIC (1 << 0) |
Typedefs | |
typedef AES_KEY | ast_aes_decrypt_key |
typedef AES_KEY | ast_aes_encrypt_key |
Functions | |
void | ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx) |
AES decrypt data. | |
void | ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx) |
AES encrypt data. | |
int | ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx) |
Set a decryption key. | |
int | ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx) |
Set an encryption key. | |
int | ast_check_signature (struct ast_key *key, const char *msg, const char *sig) |
Check the authenticity of a message signature using a given public key. | |
int | ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) |
Check the authenticity of a message signature using a given public key. | |
int | ast_crypto_loaded (void) |
int | ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
Decrypt a message using a given private key. | |
int | ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
Encrypt a message using a given private key. | |
ast_key * | ast_key_get (const char *key, int type) |
Retrieve a key. | |
int | ast_sign (struct ast_key *key, char *msg, char *sig) |
Sign a message signature using a given private key. | |
int | ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig) |
Sign a message signature using a given private key. |
Definition in file crypto.h.
#define AST_KEY_PRIVATE (1 << 1) |
Definition at line 43 of file crypto.h.
Referenced by ast_decrypt_bin(), ast_sign_bin(), authenticate(), check_key(), pw_cb(), try_load_key(), and update_key().
#define AST_KEY_PUBLIC (1 << 0) |
Definition at line 42 of file crypto.h.
Referenced by ast_check_signature_bin(), ast_encrypt_bin(), authenticate_verify(), check_key(), handle_cli_keys_show(), register_verify(), try_load_key(), and update_key().
typedef AES_KEY ast_aes_decrypt_key |
typedef AES_KEY ast_aes_encrypt_key |
void ast_aes_decrypt | ( | const unsigned char * | in, | |
unsigned char * | out, | |||
const ast_aes_decrypt_key * | ctx | |||
) |
AES decrypt data.
in | encrypted data | |
out | pointer to a buffer to hold the decrypted output | |
ctx | address of an aes encryption context filled in with ast_aes_set_decrypt_key |
Definition at line 472 of file res_crypto.c.
Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().
00473 { 00474 return AES_decrypt(in, out, ctx); 00475 }
void ast_aes_encrypt | ( | const unsigned char * | in, | |
unsigned char * | out, | |||
const ast_aes_encrypt_key * | ctx | |||
) |
AES encrypt data.
in | data to be encrypted | |
out | pointer to a buffer to hold the encrypted output | |
ctx | address of an aes encryption context filled in with ast_aes_set_encrypt_key |
Definition at line 467 of file res_crypto.c.
Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().
00468 { 00469 return AES_encrypt(in, out, ctx); 00470 }
int ast_aes_set_decrypt_key | ( | const unsigned char * | key, | |
ast_aes_decrypt_key * | ctx | |||
) |
Set a decryption key.
key | a 16 char key | |
ctx | address of an aes encryption context |
0 | success | |
nonzero | failure |
Definition at line 462 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().
00463 { 00464 return AES_set_decrypt_key(key, 128, ctx); 00465 }
int ast_aes_set_encrypt_key | ( | const unsigned char * | key, | |
ast_aes_encrypt_key * | ctx | |||
) |
Set an encryption key.
key | a 16 char key | |
ctx | address of an aes encryption context |
0 | success | |
nonzero | failure |
Definition at line 457 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().
00458 { 00459 return AES_set_encrypt_key(key, 128, ctx); 00460 }
int ast_check_signature | ( | struct ast_key * | key, | |
const char * | msg, | |||
const char * | sig | |||
) |
Check the authenticity of a message signature using a given public key.
Definition at line 436 of file res_crypto.c.
References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.
Referenced by authenticate_verify(), and register_verify().
00437 { 00438 unsigned char dsig[128]; 00439 int res; 00440 00441 /* Decode signature */ 00442 if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) { 00443 ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res); 00444 return -1; 00445 } 00446 00447 res = ast_check_signature_bin(key, msg, strlen(msg), dsig); 00448 00449 return res; 00450 }
int ast_check_signature_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
const unsigned char * | dsig | |||
) |
Check the authenticity of a message signature using a given public key.
Definition at line 407 of file res_crypto.c.
References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, and LOG_WARNING.
Referenced by ast_check_signature(), and check_key().
00408 { 00409 unsigned char digest[20]; 00410 int res; 00411 00412 if (key->ktype != AST_KEY_PUBLIC) { 00413 /* Okay, so of course you really *can* but for our purposes 00414 we're going to say you can't */ 00415 ast_log(LOG_WARNING, "Cannot check message signature with a private key\n"); 00416 return -1; 00417 } 00418 00419 /* Calculate digest of message */ 00420 SHA1((unsigned char *)msg, msglen, digest); 00421 00422 /* Verify signature */ 00423 if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) { 00424 ast_debug(1, "Key failed verification: %s\n", key->name); 00425 return -1; 00426 } 00427 00428 /* Pass */ 00429 return 0; 00430 }
int ast_crypto_loaded | ( | void | ) |
int ast_decrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) |
Decrypt a message using a given private key.
Definition at line 327 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by check_key().
00328 { 00329 int res, pos = 0; 00330 00331 if (key->ktype != AST_KEY_PRIVATE) { 00332 ast_log(LOG_WARNING, "Cannot decrypt with a public key\n"); 00333 return -1; 00334 } 00335 00336 if (srclen % 128) { 00337 ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n"); 00338 return -1; 00339 } 00340 00341 while (srclen) { 00342 /* Process chunks 128 bytes at a time */ 00343 if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) { 00344 return -1; 00345 } 00346 pos += res; 00347 src += 128; 00348 srclen -= 128; 00349 dst += res; 00350 } 00351 00352 return pos; 00353 }
int ast_encrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) |
Encrypt a message using a given private key.
Definition at line 359 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by update_key().
00360 { 00361 int res, bytes, pos = 0; 00362 00363 if (key->ktype != AST_KEY_PUBLIC) { 00364 ast_log(LOG_WARNING, "Cannot encrypt with a private key\n"); 00365 return -1; 00366 } 00367 00368 while (srclen) { 00369 bytes = srclen; 00370 if (bytes > 128 - 41) { 00371 bytes = 128 - 41; 00372 } 00373 /* Process chunks 128-41 bytes at a time */ 00374 if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) { 00375 ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res); 00376 return -1; 00377 } 00378 src += bytes; 00379 srclen -= bytes; 00380 pos += res; 00381 dst += res; 00382 } 00383 return pos; 00384 }
struct ast_key* ast_key_get | ( | const char * | kname, | |
int | ktype | |||
) |
Retrieve a key.
Definition at line 132 of file res_crypto.c.
References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::list.
Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().
00133 { 00134 struct ast_key *key; 00135 00136 AST_RWLIST_RDLOCK(&keys); 00137 AST_RWLIST_TRAVERSE(&keys, key, list) { 00138 if (!strcmp(kname, key->name) && 00139 (ktype == key->ktype)) { 00140 break; 00141 } 00142 } 00143 AST_RWLIST_UNLOCK(&keys); 00144 00145 return key; 00146 }
int ast_sign | ( | struct ast_key * | key, | |
char * | msg, | |||
char * | sig | |||
) |
Sign a message signature using a given private key.
Definition at line 390 of file res_crypto.c.
References ast_base64encode(), and ast_sign_bin().
Referenced by authenticate().
00391 { 00392 unsigned char dsig[128]; 00393 int siglen = sizeof(dsig), res; 00394 00395 if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) { 00396 /* Success -- encode (256 bytes max as documented) */ 00397 ast_base64encode(sig, dsig, siglen, 256); 00398 } 00399 00400 return res; 00401 }
int ast_sign_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
unsigned char * | dsig | |||
) |
Sign a message signature using a given private key.
Definition at line 295 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::digest, and LOG_WARNING.
Referenced by ast_sign(), and update_key().
00296 { 00297 unsigned char digest[20]; 00298 unsigned int siglen = 128; 00299 int res; 00300 00301 if (key->ktype != AST_KEY_PRIVATE) { 00302 ast_log(LOG_WARNING, "Cannot sign with a public key\n"); 00303 return -1; 00304 } 00305 00306 /* Calculate digest of message */ 00307 SHA1((unsigned char *)msg, msglen, digest); 00308 00309 /* Verify signature */ 00310 if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) { 00311 ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name); 00312 return -1; 00313 } 00314 00315 if (siglen != 128) { 00316 ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128); 00317 return -1; 00318 } 00319 00320 return 0; 00321 }