Mon Jun 27 16:51:12 2011

Asterisk developer's documentation


crypto.h File Reference

Provide cryptographic signature routines. More...

#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#include "openssl/aes.h"

Go to the source code of this file.

Defines

#define AST_KEY_PRIVATE   (1 << 1)
#define AST_KEY_PUBLIC   (1 << 0)

Typedefs

typedef AES_KEY ast_aes_decrypt_key
typedef AES_KEY ast_aes_encrypt_key

Functions

void ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
 AES decrypt data.
void ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
 AES encrypt data.
int ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
 Set a decryption key.
int ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
 Set an encryption key.
int ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_crypto_loaded (void)
int ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Decrypt a message using a given private key.
int ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Encrypt a message using a given private key.
ast_keyast_key_get (const char *key, int type)
 Retrieve a key.
int ast_sign (struct ast_key *key, char *msg, char *sig)
 Sign a message signature using a given private key.
int ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
 Sign a message signature using a given private key.


Detailed Description

Provide cryptographic signature routines.

Definition in file crypto.h.


Define Documentation

#define AST_KEY_PRIVATE   (1 << 1)

Definition at line 43 of file crypto.h.

Referenced by ast_decrypt_bin(), ast_sign_bin(), authenticate(), check_key(), pw_cb(), try_load_key(), and update_key().

#define AST_KEY_PUBLIC   (1 << 0)

Definition at line 42 of file crypto.h.

Referenced by ast_check_signature_bin(), ast_encrypt_bin(), authenticate_verify(), check_key(), handle_cli_keys_show(), register_verify(), try_load_key(), and update_key().


Typedef Documentation

typedef AES_KEY ast_aes_decrypt_key

Definition at line 36 of file crypto.h.

typedef AES_KEY ast_aes_encrypt_key

Definition at line 35 of file crypto.h.


Function Documentation

void ast_aes_decrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_decrypt_key ctx 
)

AES decrypt data.

Parameters:
in encrypted data
out pointer to a buffer to hold the decrypted output
ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key

Definition at line 472 of file res_crypto.c.

Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().

00473 {
00474    return AES_decrypt(in, out, ctx);
00475 }

void ast_aes_encrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_encrypt_key ctx 
)

AES encrypt data.

Parameters:
in data to be encrypted
out pointer to a buffer to hold the encrypted output
ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key

Definition at line 467 of file res_crypto.c.

Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().

00468 {
00469    return AES_encrypt(in, out, ctx);
00470 }

int ast_aes_set_decrypt_key ( const unsigned char *  key,
ast_aes_decrypt_key ctx 
)

Set a decryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 462 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().

00463 {
00464    return AES_set_decrypt_key(key, 128, ctx);
00465 }

int ast_aes_set_encrypt_key ( const unsigned char *  key,
ast_aes_encrypt_key ctx 
)

Set an encryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 457 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().

00458 {
00459    return AES_set_encrypt_key(key, 128, ctx);
00460 }

int ast_check_signature ( struct ast_key key,
const char *  msg,
const char *  sig 
)

Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature

Definition at line 436 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.

Referenced by authenticate_verify(), and register_verify().

00437 {
00438    unsigned char dsig[128];
00439    int res;
00440 
00441    /* Decode signature */
00442    if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
00443       ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
00444       return -1;
00445    }
00446 
00447    res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
00448 
00449    return res;
00450 }

int ast_check_signature_bin ( struct ast_key key,
const char *  msg,
int  msglen,
const unsigned char *  dsig 
)

Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature_bin

Definition at line 407 of file res_crypto.c.

References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, and LOG_WARNING.

Referenced by ast_check_signature(), and check_key().

00408 {
00409    unsigned char digest[20];
00410    int res;
00411 
00412    if (key->ktype != AST_KEY_PUBLIC) {
00413       /* Okay, so of course you really *can* but for our purposes
00414          we're going to say you can't */
00415       ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
00416       return -1;
00417    }
00418 
00419    /* Calculate digest of message */
00420    SHA1((unsigned char *)msg, msglen, digest);
00421 
00422    /* Verify signature */
00423    if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
00424       ast_debug(1, "Key failed verification: %s\n", key->name);
00425       return -1;
00426    }
00427 
00428    /* Pass */
00429    return 0;
00430 }

int ast_crypto_loaded ( void   ) 

Definition at line 452 of file res_crypto.c.

00453 {
00454    return 1;
00455 }

int ast_decrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Decrypt a message using a given private key.

See also:
ast_decrypt_bin

Definition at line 327 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by check_key().

00328 {
00329    int res, pos = 0;
00330 
00331    if (key->ktype != AST_KEY_PRIVATE) {
00332       ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
00333       return -1;
00334    }
00335 
00336    if (srclen % 128) {
00337       ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
00338       return -1;
00339    }
00340 
00341    while (srclen) {
00342       /* Process chunks 128 bytes at a time */
00343       if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
00344          return -1;
00345       }
00346       pos += res;
00347       src += 128;
00348       srclen -= 128;
00349       dst += res;
00350    }
00351 
00352    return pos;
00353 }

int ast_encrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Encrypt a message using a given private key.

See also:
ast_encrypt_bin

Definition at line 359 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by update_key().

00360 {
00361    int res, bytes, pos = 0;
00362 
00363    if (key->ktype != AST_KEY_PUBLIC) {
00364       ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
00365       return -1;
00366    }
00367 
00368    while (srclen) {
00369       bytes = srclen;
00370       if (bytes > 128 - 41) {
00371          bytes = 128 - 41;
00372       }
00373       /* Process chunks 128-41 bytes at a time */
00374       if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
00375          ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
00376          return -1;
00377       }
00378       src += bytes;
00379       srclen -= bytes;
00380       pos += res;
00381       dst += res;
00382    }
00383    return pos;
00384 }

struct ast_key* ast_key_get ( const char *  kname,
int  ktype 
)

Retrieve a key.

See also:
ast_key_get

Definition at line 132 of file res_crypto.c.

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::list.

Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

00133 {
00134    struct ast_key *key;
00135 
00136    AST_RWLIST_RDLOCK(&keys);
00137    AST_RWLIST_TRAVERSE(&keys, key, list) {
00138       if (!strcmp(kname, key->name) &&
00139           (ktype == key->ktype)) {
00140          break;
00141       }
00142    }
00143    AST_RWLIST_UNLOCK(&keys);
00144 
00145    return key;
00146 }

int ast_sign ( struct ast_key key,
char *  msg,
char *  sig 
)

Sign a message signature using a given private key.

See also:
ast_sign

Definition at line 390 of file res_crypto.c.

References ast_base64encode(), and ast_sign_bin().

Referenced by authenticate().

00391 {
00392    unsigned char dsig[128];
00393    int siglen = sizeof(dsig), res;
00394 
00395    if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
00396       /* Success -- encode (256 bytes max as documented) */
00397       ast_base64encode(sig, dsig, siglen, 256);
00398    }
00399 
00400    return res;
00401 }

int ast_sign_bin ( struct ast_key key,
const char *  msg,
int  msglen,
unsigned char *  dsig 
)

Sign a message signature using a given private key.

See also:
ast_sign_bin

Definition at line 295 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), ast_key::digest, and LOG_WARNING.

Referenced by ast_sign(), and update_key().

00296 {
00297    unsigned char digest[20];
00298    unsigned int siglen = 128;
00299    int res;
00300 
00301    if (key->ktype != AST_KEY_PRIVATE) {
00302       ast_log(LOG_WARNING, "Cannot sign with a public key\n");
00303       return -1;
00304    }
00305 
00306    /* Calculate digest of message */
00307    SHA1((unsigned char *)msg, msglen, digest);
00308 
00309    /* Verify signature */
00310    if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
00311       ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
00312       return -1;
00313    }
00314 
00315    if (siglen != 128) {
00316       ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
00317       return -1;
00318    }
00319 
00320    return 0;
00321 }


Generated on Mon Jun 27 16:51:13 2011 for Asterisk - The Open Source Telephony Project by  doxygen 1.4.7