Sat Aug 6 00:40:03 2011

Asterisk developer's documentation


res_crypto.c File Reference

Provide Cryptographic Signature capability. More...

#include "asterisk.h"
#include <sys/types.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <stdio.h>
#include <dirent.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "asterisk/file.h"
#include "asterisk/channel.h"
#include "asterisk/logger.h"
#include "asterisk/say.h"
#include "asterisk/module.h"
#include "asterisk/options.h"
#include "asterisk/crypto.h"
#include "asterisk/md5.h"
#include "asterisk/cli.h"
#include "asterisk/io.h"
#include "asterisk/lock.h"
#include "asterisk/utils.h"

Go to the source code of this file.

Data Structures

struct  ast_key

Defines

#define KEY_NEEDS_PASSCODE   (1 << 16)

Functions

static int __ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
static int __ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
static int __ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
static int __ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
static struct ast_key__ast_key_get (const char *kname, int ktype)
static int __ast_sign (struct ast_key *key, char *msg, char *sig)
static int __ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
static void __reg_module (void)
static void __unreg_module (void)
static int crypto_init (void)
static void crypto_load (int ifd, int ofd)
static int init_keys (int fd, int argc, char *argv[])
static int load_module (void)
static void md52sum (char *sum, unsigned char *md5)
static int pw_cb (char *buf, int size, int rwflag, void *userdata)
static int reload (void)
static int show_keys (int fd, int argc, char *argv[])
static void ssl_lock (int mode, int n, const char *file, int line)
static unsigned long ssl_threadid (void)
static struct ast_keytry_load_key (char *dir, char *fname, int ifd, int ofd, int *not2)
static int unload_module (void)

Variables

static struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_DEFAULT | AST_MODFLAG_BUILDSUM, .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "361d7bb937402d51e4658efb5b4d76e4" , .load = load_module, .unload = unload_module, .reload = reload }
static const struct ast_module_infoast_module_info = &__mod_info
static struct ast_cli_entry cli_crypto []
static struct ast_cli_entry cli_init_keys_deprecated
static struct ast_cli_entry cli_show_keys_deprecated
static char init_keys_usage []
static ast_mutex_t keylock = ((ast_mutex_t) PTHREAD_MUTEX_INITIALIZER )
static struct ast_keykeys = NULL
static char show_key_usage []
static ast_mutex_tssl_locks
static int ssl_num_locks


Detailed Description

Provide Cryptographic Signature capability.

Author:
Mark Spencer <markster@digium.com>

Definition in file res_crypto.c.


Define Documentation

#define KEY_NEEDS_PASSCODE   (1 << 16)

Definition at line 81 of file res_crypto.c.

Referenced by init_keys(), show_keys(), and try_load_key().


Function Documentation

static int __ast_check_signature ( struct ast_key key,
const char *  msg,
const char *  sig 
) [static]

Definition at line 470 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin, ast_log(), and LOG_WARNING.

Referenced by crypto_init().

00471 {
00472    unsigned char dsig[128];
00473    int res;
00474 
00475    /* Decode signature */
00476    res = ast_base64decode(dsig, sig, sizeof(dsig));
00477    if (res != sizeof(dsig)) {
00478       ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
00479       return -1;
00480    }
00481    res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
00482    return res;
00483 }

static int __ast_check_signature_bin ( struct ast_key key,
const char *  msg,
int  msglen,
const unsigned char *  dsig 
) [static]

Definition at line 444 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log(), ast_key::digest, ast_key::ktype, LOG_DEBUG, LOG_WARNING, ast_key::name, and ast_key::rsa.

Referenced by crypto_init().

00445 {
00446    unsigned char digest[20];
00447    int res;
00448 
00449    if (key->ktype != AST_KEY_PUBLIC) {
00450       /* Okay, so of course you really *can* but for our purposes
00451          we're going to say you can't */
00452       ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
00453       return -1;
00454    }
00455 
00456    /* Calculate digest of message */
00457    SHA1((unsigned char *)msg, msglen, digest);
00458 
00459    /* Verify signature */
00460    res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa);
00461    
00462    if (!res) {
00463       ast_log(LOG_DEBUG, "Key failed verification: %s\n", key->name);
00464       return -1;
00465    }
00466    /* Pass */
00467    return 0;
00468 }

static int __ast_decrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
) [static]

Definition at line 377 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.

Referenced by crypto_init().

00378 {
00379    int res;
00380    int pos = 0;
00381    if (key->ktype != AST_KEY_PRIVATE) {
00382       ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
00383       return -1;
00384    }
00385 
00386    if (srclen % 128) {
00387       ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
00388       return -1;
00389    }
00390    while(srclen) {
00391       /* Process chunks 128 bytes at a time */
00392       res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING);
00393       if (res < 0)
00394          return -1;
00395       pos += res;
00396       src += 128;
00397       srclen -= 128;
00398       dst += res;
00399    }
00400    return pos;
00401 }

static int __ast_encrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
) [static]

Definition at line 403 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.

Referenced by crypto_init().

00404 {
00405    int res;
00406    int bytes;
00407    int pos = 0;
00408    if (key->ktype != AST_KEY_PUBLIC) {
00409       ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
00410       return -1;
00411    }
00412    
00413    while(srclen) {
00414       bytes = srclen;
00415       if (bytes > 128 - 41)
00416          bytes = 128 - 41;
00417       /* Process chunks 128-41 bytes at a time */
00418       res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING);
00419       if (res != 128) {
00420          ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
00421          return -1;
00422       }
00423       src += bytes;
00424       srclen -= bytes;
00425       pos += res;
00426       dst += res;
00427    }
00428    return pos;
00429 }

static struct ast_key* __ast_key_get ( const char *  kname,
int  ktype 
) [static]

Definition at line 165 of file res_crypto.c.

References ast_mutex_lock(), ast_mutex_unlock(), keylock, keys, ast_key::ktype, ast_key::name, and ast_key::next.

Referenced by crypto_init().

00166 {
00167    struct ast_key *key;
00168    ast_mutex_lock(&keylock);
00169    key = keys;
00170    while(key) {
00171       if (!strcmp(kname, key->name) &&
00172           (ktype == key->ktype))
00173          break;
00174       key = key->next;
00175    }
00176    ast_mutex_unlock(&keylock);
00177    return key;
00178 }

static int __ast_sign ( struct ast_key key,
char *  msg,
char *  sig 
) [static]

Definition at line 431 of file res_crypto.c.

References ast_base64encode(), and ast_sign_bin.

Referenced by crypto_init().

00432 {
00433    unsigned char dsig[128];
00434    int siglen = sizeof(dsig);
00435    int res;
00436    res = ast_sign_bin(key, msg, strlen(msg), dsig);
00437    if (!res)
00438       /* Success -- encode (256 bytes max as documented) */
00439       ast_base64encode(sig, dsig, siglen, 256);
00440    return res;
00441    
00442 }

static int __ast_sign_bin ( struct ast_key key,
const char *  msg,
int  msglen,
unsigned char *  dsig 
) [static]

Definition at line 346 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), ast_key::digest, ast_key::ktype, LOG_WARNING, ast_key::name, and ast_key::rsa.

Referenced by crypto_init().

00347 {
00348    unsigned char digest[20];
00349    unsigned int siglen = 128;
00350    int res;
00351 
00352    if (key->ktype != AST_KEY_PRIVATE) {
00353       ast_log(LOG_WARNING, "Cannot sign with a public key\n");
00354       return -1;
00355    }
00356 
00357    /* Calculate digest of message */
00358    SHA1((unsigned char *)msg, msglen, digest);
00359 
00360    /* Verify signature */
00361    res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa);
00362    
00363    if (!res) {
00364       ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
00365       return -1;
00366    }
00367 
00368    if (siglen != 128) {
00369       ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
00370       return -1;
00371    }
00372 
00373    return 0;
00374    
00375 }

static void __reg_module ( void   )  [static]

Definition at line 675 of file res_crypto.c.

static void __unreg_module ( void   )  [static]

Definition at line 675 of file res_crypto.c.

static int crypto_init ( void   )  [static]

Definition at line 611 of file res_crypto.c.

References __ast_check_signature(), __ast_check_signature_bin(), __ast_decrypt_bin(), __ast_encrypt_bin(), __ast_key_get(), __ast_sign(), __ast_sign_bin(), ast_calloc, ast_check_signature, ast_check_signature_bin, ast_cli_register_multiple(), ast_decrypt_bin, ast_encrypt_bin, ast_key_get, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_mutex_init(), ast_sign, ast_sign_bin, cli_crypto, ssl_lock(), and ssl_threadid().

Referenced by load_module().

00612 {
00613    unsigned int i;
00614 
00615    SSL_library_init();
00616    SSL_load_error_strings();
00617    ERR_load_crypto_strings();
00618    ERR_load_BIO_strings();
00619    OpenSSL_add_all_algorithms();
00620 
00621    /* Make OpenSSL thread-safe. */
00622 
00623    CRYPTO_set_id_callback(ssl_threadid);
00624 
00625    ssl_num_locks = CRYPTO_num_locks();
00626    if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
00627       return AST_MODULE_LOAD_DECLINE;
00628    }
00629    for (i = 0; i < ssl_num_locks; i++) {
00630       ast_mutex_init(&ssl_locks[i]);
00631    }
00632    CRYPTO_set_locking_callback(ssl_lock);
00633 
00634    ast_cli_register_multiple(cli_crypto, sizeof(cli_crypto) / sizeof(struct ast_cli_entry));
00635 
00636    /* Install ourselves into stubs */
00637    ast_key_get = __ast_key_get;
00638    ast_check_signature = __ast_check_signature;
00639    ast_check_signature_bin = __ast_check_signature_bin;
00640    ast_sign = __ast_sign;
00641    ast_sign_bin = __ast_sign_bin;
00642    ast_encrypt_bin = __ast_encrypt_bin;
00643    ast_decrypt_bin = __ast_decrypt_bin;
00644 
00645    return AST_MODULE_LOAD_SUCCESS;
00646 }

static void crypto_load ( int  ifd,
int  ofd 
) [static]

Definition at line 485 of file res_crypto.c.

References ast_config_AST_KEY_DIR, ast_log(), ast_mutex_lock(), ast_mutex_unlock(), ast_key::delme, free, keylock, keys, ast_key::ktype, last, LOG_DEBUG, LOG_NOTICE, LOG_WARNING, ast_key::name, sla_ringing_trunk::next, ast_key::next, ast_key::rsa, and try_load_key().

Referenced by load_module(), and reload().

00486 {
00487    struct ast_key *key, *nkey, *last;
00488    DIR *dir = NULL;
00489    struct dirent *ent;
00490    int note = 0;
00491    /* Mark all keys for deletion */
00492    ast_mutex_lock(&keylock);
00493    key = keys;
00494    while(key) {
00495       key->delme = 1;
00496       key = key->next;
00497    }
00498    ast_mutex_unlock(&keylock);
00499    /* Load new keys */
00500    dir = opendir((char *)ast_config_AST_KEY_DIR);
00501    if (dir) {
00502       while((ent = readdir(dir))) {
00503          try_load_key((char *)ast_config_AST_KEY_DIR, ent->d_name, ifd, ofd, &note);
00504       }
00505       closedir(dir);
00506    } else
00507       ast_log(LOG_WARNING, "Unable to open key directory '%s'\n", (char *)ast_config_AST_KEY_DIR);
00508    if (note) {
00509       ast_log(LOG_NOTICE, "Please run the command 'init keys' to enter the passcodes for the keys\n");
00510    }
00511    ast_mutex_lock(&keylock);
00512    key = keys;
00513    last = NULL;
00514    while(key) {
00515       nkey = key->next;
00516       if (key->delme) {
00517          ast_log(LOG_DEBUG, "Deleting key %s type %d\n", key->name, key->ktype);
00518          /* Do the delete */
00519          if (last)
00520             last->next = nkey;
00521          else
00522             keys = nkey;
00523          if (key->rsa)
00524             RSA_free(key->rsa);
00525          free(key);
00526       } else 
00527          last = key;
00528       key = nkey;
00529    }
00530    ast_mutex_unlock(&keylock);
00531 }

static int init_keys ( int  fd,
int  argc,
char *  argv[] 
) [static]

Definition at line 563 of file res_crypto.c.

References ast_config_AST_KEY_DIR, ast_copy_string(), ast_key::fn, KEY_NEEDS_PASSCODE, keys, ast_key::ktype, ast_key::next, RESULT_SUCCESS, and try_load_key().

00564 {
00565    struct ast_key *key;
00566    int ign;
00567    char *kn;
00568    char tmp[256] = "";
00569 
00570    key = keys;
00571    while(key) {
00572       /* Reload keys that need pass codes now */
00573       if (key->ktype & KEY_NEEDS_PASSCODE) {
00574          kn = key->fn + strlen(ast_config_AST_KEY_DIR) + 1;
00575          ast_copy_string(tmp, kn, sizeof(tmp));
00576          try_load_key((char *)ast_config_AST_KEY_DIR, tmp, fd, fd, &ign);
00577       }
00578       key = key->next;
00579    }
00580    return RESULT_SUCCESS;
00581 }

static int load_module ( void   )  [static]

Definition at line 654 of file res_crypto.c.

References ast_opt_init_keys, crypto_init(), and crypto_load().

00655 {
00656    crypto_init();
00657    if (ast_opt_init_keys)
00658       crypto_load(STDIN_FILENO, STDOUT_FILENO);
00659    else
00660       crypto_load(-1, -1);
00661    return 0;
00662 }

static void md52sum ( char *  sum,
unsigned char *  md5 
) [static]

Definition at line 533 of file res_crypto.c.

Referenced by show_keys().

00534 {
00535    int x;
00536    for (x=0;x<16;x++) 
00537       sum += sprintf(sum, "%02x", *(md5++));
00538 }

static int pw_cb ( char *  buf,
int  size,
int  rwflag,
void *  userdata 
) [static]

Definition at line 136 of file res_crypto.c.

References ast_hide_password(), AST_KEY_PRIVATE, ast_restore_tty(), ast_key::infd, ast_key::ktype, ast_key::name, and ast_key::outfd.

Referenced by try_load_key().

00137 {
00138    struct ast_key *key = (struct ast_key *)userdata;
00139    char prompt[256];
00140    int res;
00141    int tmp;
00142    if (key->infd > -1) {
00143       snprintf(prompt, sizeof(prompt), ">>>> passcode for %s key '%s': ",
00144           key->ktype == AST_KEY_PRIVATE ? "PRIVATE" : "PUBLIC", key->name);
00145       if (write(key->outfd, prompt, strlen(prompt)) < 0) {
00146          /* Note that we were at least called */
00147          key->infd = -2;
00148          return -1;
00149       }
00150       memset(buf, 0, sizeof(buf));
00151       tmp = ast_hide_password(key->infd);
00152       memset(buf, 0, size);
00153       res = read(key->infd, buf, size);
00154       ast_restore_tty(key->infd, tmp);
00155       if (buf[strlen(buf) -1] == '\n')
00156          buf[strlen(buf) - 1] = '\0';
00157       return strlen(buf);
00158    } else {
00159       /* Note that we were at least called */
00160       key->infd = -2;
00161    }
00162    return -1;
00163 }

static int reload ( void   )  [static]

Definition at line 648 of file res_crypto.c.

References crypto_load().

00649 {
00650    crypto_load(-1, -1);
00651    return 0;
00652 }

static int show_keys ( int  fd,
int  argc,
char *  argv[] 
) [static]

Definition at line 540 of file res_crypto.c.

References ast_cli(), AST_KEY_PUBLIC, ast_mutex_lock(), ast_mutex_unlock(), ast_key::digest, KEY_NEEDS_PASSCODE, keylock, keys, ast_key::ktype, md52sum(), ast_key::name, ast_key::next, and RESULT_SUCCESS.

00541 {
00542    struct ast_key *key;
00543    char sum[16 * 2 + 1];
00544    int count_keys = 0;
00545 
00546    ast_mutex_lock(&keylock);
00547    key = keys;
00548    ast_cli(fd, "%-18s %-8s %-16s %-33s\n", "Key Name", "Type", "Status", "Sum");
00549    while(key) {
00550       md52sum(sum, key->digest);
00551       ast_cli(fd, "%-18s %-8s %-16s %-33s\n", key->name, 
00552          (key->ktype & 0xf) == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE",
00553          key->ktype & KEY_NEEDS_PASSCODE ? "[Needs Passcode]" : "[Loaded]", sum);
00554             
00555       key = key->next;
00556       count_keys++;
00557    }
00558    ast_mutex_unlock(&keylock);
00559    ast_cli(fd, "%d known RSA keys.\n", count_keys);
00560    return RESULT_SUCCESS;
00561 }

static void ssl_lock ( int  mode,
int  n,
const char *  file,
int  line 
) [static]

Definition at line 114 of file res_crypto.c.

References ast_log(), ast_mutex_lock(), ast_mutex_unlock(), and LOG_ERROR.

Referenced by crypto_init().

00115 {
00116    if (n < 0 || n >= ssl_num_locks) {
00117       ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
00118             "ssl_num_locks '%d' - n '%d'\n",
00119             ssl_num_locks, n);
00120       return;
00121    }
00122 
00123    if (mode & CRYPTO_LOCK) {
00124       ast_mutex_lock(&ssl_locks[n]);
00125    } else {
00126       ast_mutex_unlock(&ssl_locks[n]);
00127    }
00128 }

static unsigned long ssl_threadid ( void   )  [static]

Definition at line 109 of file res_crypto.c.

Referenced by crypto_init().

00110 {
00111    return (unsigned long)pthread_self();
00112 }

static struct ast_key* try_load_key ( char *  dir,
char *  fname,
int  ifd,
int  ofd,
int *  not2 
) [static]

Definition at line 180 of file res_crypto.c.

References ast_calloc, ast_copy_string(), AST_KEY_PRIVATE, AST_KEY_PUBLIC, ast_log(), ast_mutex_lock(), ast_mutex_unlock(), ast_opt_init_keys, ast_verbose(), ast_key::delme, ast_key::digest, errno, f, ast_key::fn, ast_key::infd, KEY_NEEDS_PASSCODE, keylock, keys, ast_key::ktype, LOG_DEBUG, LOG_NOTICE, LOG_WARNING, md5(), MD5Final(), MD5Init(), MD5Update(), ast_key::name, ast_key::next, option_debug, option_verbose, ast_key::outfd, pw_cb(), ast_key::rsa, and VERBOSE_PREFIX_3.

Referenced by crypto_load(), and init_keys().

00181 {
00182    int ktype = 0;
00183    char *c = NULL;
00184    char ffname[256];
00185    unsigned char digest[16];
00186    FILE *f;
00187    struct MD5Context md5;
00188    struct ast_key *key;
00189    static int notice = 0;
00190    int found = 0;
00191 
00192    /* Make sure its name is a public or private key */
00193 
00194    if ((c = strstr(fname, ".pub")) && !strcmp(c, ".pub")) {
00195       ktype = AST_KEY_PUBLIC;
00196    } else if ((c = strstr(fname, ".key")) && !strcmp(c, ".key")) {
00197       ktype = AST_KEY_PRIVATE;
00198    } else
00199       return NULL;
00200 
00201    /* Get actual filename */
00202    snprintf(ffname, sizeof(ffname), "%s/%s", dir, fname);
00203 
00204    ast_mutex_lock(&keylock);
00205    key = keys;
00206    while(key) {
00207       /* Look for an existing version already */
00208       if (!strcasecmp(key->fn, ffname)) 
00209          break;
00210       key = key->next;
00211    }
00212    ast_mutex_unlock(&keylock);
00213 
00214    /* Open file */
00215    f = fopen(ffname, "r");
00216    if (!f) {
00217       ast_log(LOG_WARNING, "Unable to open key file %s: %s\n", ffname, strerror(errno));
00218       return NULL;
00219    }
00220    MD5Init(&md5);
00221    while(!feof(f)) {
00222       /* Calculate a "whatever" quality md5sum of the key */
00223       char buf[256];
00224       memset(buf, 0, 256);
00225       if (fgets(buf, sizeof(buf), f)) {
00226          MD5Update(&md5, (unsigned char *) buf, strlen(buf));
00227       }
00228    }
00229    MD5Final(digest, &md5);
00230    if (key) {
00231       /* If the MD5 sum is the same, and it isn't awaiting a passcode 
00232          then this is far enough */
00233       if (!memcmp(digest, key->digest, 16) &&
00234           !(key->ktype & KEY_NEEDS_PASSCODE)) {
00235          fclose(f);
00236          key->delme = 0;
00237          return NULL;
00238       } else {
00239          /* Preserve keytype */
00240          ktype = key->ktype;
00241          /* Recycle the same structure */
00242          found++;
00243       }
00244    }
00245 
00246    /* Make fname just be the normal name now */
00247    *c = '\0';
00248    if (!key) {
00249       if (!(key = ast_calloc(1, sizeof(*key)))) {
00250          fclose(f);
00251          return NULL;
00252       }
00253    }
00254    /* At this point we have a key structure (old or new).  Time to
00255       fill it with what we know */
00256    /* Gotta lock if this one already exists */
00257    if (found)
00258       ast_mutex_lock(&keylock);
00259    /* First the filename */
00260    ast_copy_string(key->fn, ffname, sizeof(key->fn));
00261    /* Then the name */
00262    ast_copy_string(key->name, fname, sizeof(key->name));
00263    key->ktype = ktype;
00264    /* Yes, assume we're going to be deleted */
00265    key->delme = 1;
00266    /* Keep the key type */
00267    memcpy(key->digest, digest, 16);
00268    /* Can I/O takes the FD we're given */
00269    key->infd = ifd;
00270    key->outfd = ofd;
00271    /* Reset the file back to the beginning */
00272    rewind(f);
00273    /* Now load the key with the right method */
00274    if (ktype == AST_KEY_PUBLIC)
00275       key->rsa = PEM_read_RSA_PUBKEY(f, NULL, pw_cb, key);
00276    else
00277       key->rsa = PEM_read_RSAPrivateKey(f, NULL, pw_cb, key);
00278    fclose(f);
00279    if (key->rsa) {
00280       if (RSA_size(key->rsa) == 128) {
00281          /* Key loaded okay */
00282          key->ktype &= ~KEY_NEEDS_PASSCODE;
00283          if (option_verbose > 2)
00284             ast_verbose(VERBOSE_PREFIX_3 "Loaded %s key '%s'\n", key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name);
00285          if (option_debug)
00286             ast_log(LOG_DEBUG, "Key '%s' loaded OK\n", key->name);
00287          key->delme = 0;
00288       } else
00289          ast_log(LOG_NOTICE, "Key '%s' is not expected size.\n", key->name);
00290    } else if (key->infd != -2) {
00291       ast_log(LOG_WARNING, "Key load %s '%s' failed\n",key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name);
00292       if (ofd > -1) {
00293          ERR_print_errors_fp(stderr);
00294       } else
00295          ERR_print_errors_fp(stderr);
00296    } else {
00297       ast_log(LOG_NOTICE, "Key '%s' needs passcode.\n", key->name);
00298       key->ktype |= KEY_NEEDS_PASSCODE;
00299       if (!notice) {
00300          if (!ast_opt_init_keys) 
00301             ast_log(LOG_NOTICE, "Add the '-i' flag to the asterisk command line if you want to automatically initialize passcodes at launch.\n");
00302          notice++;
00303       }
00304       /* Keep it anyway */
00305       key->delme = 0;
00306       /* Print final notice about "init keys" when done */
00307       *not2 = 1;
00308    }
00309    if (found)
00310       ast_mutex_unlock(&keylock);
00311    if (!found) {
00312       ast_mutex_lock(&keylock);
00313       key->next = keys;
00314       keys = key;
00315       ast_mutex_unlock(&keylock);
00316    }
00317    return key;
00318 }

static int unload_module ( void   )  [static]

Definition at line 664 of file res_crypto.c.

00665 {
00666    /* Can't unload this once we're loaded */
00667    return -1;
00668 }


Variable Documentation

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_DEFAULT | AST_MODFLAG_BUILDSUM, .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "361d7bb937402d51e4658efb5b4d76e4" , .load = load_module, .unload = unload_module, .reload = reload } [static]

Definition at line 675 of file res_crypto.c.

const struct ast_module_info* ast_module_info = &__mod_info [static]

Definition at line 675 of file res_crypto.c.

struct ast_cli_entry cli_crypto[] [static]

Definition at line 601 of file res_crypto.c.

Referenced by crypto_init().

struct ast_cli_entry cli_init_keys_deprecated [static]

Initial value:

 {
   { "init", "keys", NULL },
   init_keys, NULL,
   NULL }

Definition at line 596 of file res_crypto.c.

struct ast_cli_entry cli_show_keys_deprecated [static]

Initial value:

 {
   { "show", "keys", NULL },
   show_keys, NULL,
   NULL }

Definition at line 591 of file res_crypto.c.

char init_keys_usage[] [static]

Initial value:

"Usage: keys init\n"
"       Initializes private keys (by reading in pass code from the user)\n"

Definition at line 587 of file res_crypto.c.

ast_mutex_t keylock = ((ast_mutex_t) PTHREAD_MUTEX_INITIALIZER ) [static]

Definition at line 79 of file res_crypto.c.

Referenced by __ast_key_get(), crypto_load(), show_keys(), and try_load_key().

struct ast_key* keys = NULL [static]

Definition at line 103 of file res_crypto.c.

Referenced by __ast_key_get(), adsi_delete(), adsi_folders(), adsi_login(), adsi_message(), adsi_password(), adsi_status(), adsi_status2(), ast_db_deltree(), ast_db_gettree(), check_auth(), crypto_load(), database_show(), database_showkey(), init_keys(), misdn_set_opt_exec(), reply_digest(), show_keys(), transmit_fake_auth_response(), and try_load_key().

char show_key_usage[] [static]

Initial value:

"Usage: keys show\n"
"       Displays information about RSA keys known by Asterisk\n"

Definition at line 583 of file res_crypto.c.

ast_mutex_t* ssl_locks [static]

Definition at line 105 of file res_crypto.c.

int ssl_num_locks [static]

Definition at line 107 of file res_crypto.c.


Generated on Sat Aug 6 00:40:03 2011 for Asterisk - the Open Source PBX by  doxygen 1.4.7