#include "asterisk.h"
#include <sys/types.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <stdio.h>
#include <dirent.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "asterisk/file.h"
#include "asterisk/channel.h"
#include "asterisk/logger.h"
#include "asterisk/say.h"
#include "asterisk/module.h"
#include "asterisk/options.h"
#include "asterisk/crypto.h"
#include "asterisk/md5.h"
#include "asterisk/cli.h"
#include "asterisk/io.h"
#include "asterisk/lock.h"
#include "asterisk/utils.h"
Go to the source code of this file.
Data Structures | |
struct | ast_key |
Defines | |
#define | KEY_NEEDS_PASSCODE (1 << 16) |
Functions | |
static int | __ast_check_signature (struct ast_key *key, const char *msg, const char *sig) |
static int | __ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig) |
static int | __ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
static int | __ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
static struct ast_key * | __ast_key_get (const char *kname, int ktype) |
static int | __ast_sign (struct ast_key *key, char *msg, char *sig) |
static int | __ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig) |
static void | __reg_module (void) |
static void | __unreg_module (void) |
static int | crypto_init (void) |
static void | crypto_load (int ifd, int ofd) |
static int | init_keys (int fd, int argc, char *argv[]) |
static int | load_module (void) |
static void | md52sum (char *sum, unsigned char *md5) |
static int | pw_cb (char *buf, int size, int rwflag, void *userdata) |
static int | reload (void) |
static int | show_keys (int fd, int argc, char *argv[]) |
static void | ssl_lock (int mode, int n, const char *file, int line) |
static unsigned long | ssl_threadid (void) |
static struct ast_key * | try_load_key (char *dir, char *fname, int ifd, int ofd, int *not2) |
static int | unload_module (void) |
Variables | |
static struct ast_module_info | __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_DEFAULT | AST_MODFLAG_BUILDSUM, .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "361d7bb937402d51e4658efb5b4d76e4" , .load = load_module, .unload = unload_module, .reload = reload } |
static const struct ast_module_info * | ast_module_info = &__mod_info |
static struct ast_cli_entry | cli_crypto [] |
static struct ast_cli_entry | cli_init_keys_deprecated |
static struct ast_cli_entry | cli_show_keys_deprecated |
static char | init_keys_usage [] |
static ast_mutex_t | keylock = ((ast_mutex_t) PTHREAD_MUTEX_INITIALIZER ) |
static struct ast_key * | keys = NULL |
static char | show_key_usage [] |
static ast_mutex_t * | ssl_locks |
static int | ssl_num_locks |
Definition in file res_crypto.c.
#define KEY_NEEDS_PASSCODE (1 << 16) |
Definition at line 81 of file res_crypto.c.
Referenced by init_keys(), show_keys(), and try_load_key().
static int __ast_check_signature | ( | struct ast_key * | key, | |
const char * | msg, | |||
const char * | sig | |||
) | [static] |
Definition at line 470 of file res_crypto.c.
References ast_base64decode(), ast_check_signature_bin, ast_log(), and LOG_WARNING.
Referenced by crypto_init().
00471 { 00472 unsigned char dsig[128]; 00473 int res; 00474 00475 /* Decode signature */ 00476 res = ast_base64decode(dsig, sig, sizeof(dsig)); 00477 if (res != sizeof(dsig)) { 00478 ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res); 00479 return -1; 00480 } 00481 res = ast_check_signature_bin(key, msg, strlen(msg), dsig); 00482 return res; 00483 }
static int __ast_check_signature_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
const unsigned char * | dsig | |||
) | [static] |
Definition at line 444 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), ast_key::digest, ast_key::ktype, LOG_DEBUG, LOG_WARNING, ast_key::name, and ast_key::rsa.
Referenced by crypto_init().
00445 { 00446 unsigned char digest[20]; 00447 int res; 00448 00449 if (key->ktype != AST_KEY_PUBLIC) { 00450 /* Okay, so of course you really *can* but for our purposes 00451 we're going to say you can't */ 00452 ast_log(LOG_WARNING, "Cannot check message signature with a private key\n"); 00453 return -1; 00454 } 00455 00456 /* Calculate digest of message */ 00457 SHA1((unsigned char *)msg, msglen, digest); 00458 00459 /* Verify signature */ 00460 res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa); 00461 00462 if (!res) { 00463 ast_log(LOG_DEBUG, "Key failed verification: %s\n", key->name); 00464 return -1; 00465 } 00466 /* Pass */ 00467 return 0; 00468 }
static int __ast_decrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) | [static] |
Definition at line 377 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.
Referenced by crypto_init().
00378 { 00379 int res; 00380 int pos = 0; 00381 if (key->ktype != AST_KEY_PRIVATE) { 00382 ast_log(LOG_WARNING, "Cannot decrypt with a public key\n"); 00383 return -1; 00384 } 00385 00386 if (srclen % 128) { 00387 ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n"); 00388 return -1; 00389 } 00390 while(srclen) { 00391 /* Process chunks 128 bytes at a time */ 00392 res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING); 00393 if (res < 0) 00394 return -1; 00395 pos += res; 00396 src += 128; 00397 srclen -= 128; 00398 dst += res; 00399 } 00400 return pos; 00401 }
static int __ast_encrypt_bin | ( | unsigned char * | dst, | |
const unsigned char * | src, | |||
int | srclen, | |||
struct ast_key * | key | |||
) | [static] |
Definition at line 403 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.
Referenced by crypto_init().
00404 { 00405 int res; 00406 int bytes; 00407 int pos = 0; 00408 if (key->ktype != AST_KEY_PUBLIC) { 00409 ast_log(LOG_WARNING, "Cannot encrypt with a private key\n"); 00410 return -1; 00411 } 00412 00413 while(srclen) { 00414 bytes = srclen; 00415 if (bytes > 128 - 41) 00416 bytes = 128 - 41; 00417 /* Process chunks 128-41 bytes at a time */ 00418 res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING); 00419 if (res != 128) { 00420 ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res); 00421 return -1; 00422 } 00423 src += bytes; 00424 srclen -= bytes; 00425 pos += res; 00426 dst += res; 00427 } 00428 return pos; 00429 }
static struct ast_key* __ast_key_get | ( | const char * | kname, | |
int | ktype | |||
) | [static] |
Definition at line 165 of file res_crypto.c.
References ast_mutex_lock(), ast_mutex_unlock(), keylock, keys, ast_key::ktype, ast_key::name, and ast_key::next.
Referenced by crypto_init().
00166 { 00167 struct ast_key *key; 00168 ast_mutex_lock(&keylock); 00169 key = keys; 00170 while(key) { 00171 if (!strcmp(kname, key->name) && 00172 (ktype == key->ktype)) 00173 break; 00174 key = key->next; 00175 } 00176 ast_mutex_unlock(&keylock); 00177 return key; 00178 }
static int __ast_sign | ( | struct ast_key * | key, | |
char * | msg, | |||
char * | sig | |||
) | [static] |
Definition at line 431 of file res_crypto.c.
References ast_base64encode(), and ast_sign_bin.
Referenced by crypto_init().
00432 { 00433 unsigned char dsig[128]; 00434 int siglen = sizeof(dsig); 00435 int res; 00436 res = ast_sign_bin(key, msg, strlen(msg), dsig); 00437 if (!res) 00438 /* Success -- encode (256 bytes max as documented) */ 00439 ast_base64encode(sig, dsig, siglen, 256); 00440 return res; 00441 00442 }
static int __ast_sign_bin | ( | struct ast_key * | key, | |
const char * | msg, | |||
int | msglen, | |||
unsigned char * | dsig | |||
) | [static] |
Definition at line 346 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::digest, ast_key::ktype, LOG_WARNING, ast_key::name, and ast_key::rsa.
Referenced by crypto_init().
00347 { 00348 unsigned char digest[20]; 00349 unsigned int siglen = 128; 00350 int res; 00351 00352 if (key->ktype != AST_KEY_PRIVATE) { 00353 ast_log(LOG_WARNING, "Cannot sign with a public key\n"); 00354 return -1; 00355 } 00356 00357 /* Calculate digest of message */ 00358 SHA1((unsigned char *)msg, msglen, digest); 00359 00360 /* Verify signature */ 00361 res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa); 00362 00363 if (!res) { 00364 ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name); 00365 return -1; 00366 } 00367 00368 if (siglen != 128) { 00369 ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128); 00370 return -1; 00371 } 00372 00373 return 0; 00374 00375 }
static void __reg_module | ( | void | ) | [static] |
Definition at line 675 of file res_crypto.c.
static void __unreg_module | ( | void | ) | [static] |
Definition at line 675 of file res_crypto.c.
static int crypto_init | ( | void | ) | [static] |
Definition at line 611 of file res_crypto.c.
References __ast_check_signature(), __ast_check_signature_bin(), __ast_decrypt_bin(), __ast_encrypt_bin(), __ast_key_get(), __ast_sign(), __ast_sign_bin(), ast_calloc, ast_check_signature, ast_check_signature_bin, ast_cli_register_multiple(), ast_decrypt_bin, ast_encrypt_bin, ast_key_get, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_mutex_init(), ast_sign, ast_sign_bin, cli_crypto, ssl_lock(), and ssl_threadid().
Referenced by load_module().
00612 { 00613 unsigned int i; 00614 00615 SSL_library_init(); 00616 SSL_load_error_strings(); 00617 ERR_load_crypto_strings(); 00618 ERR_load_BIO_strings(); 00619 OpenSSL_add_all_algorithms(); 00620 00621 /* Make OpenSSL thread-safe. */ 00622 00623 CRYPTO_set_id_callback(ssl_threadid); 00624 00625 ssl_num_locks = CRYPTO_num_locks(); 00626 if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) { 00627 return AST_MODULE_LOAD_DECLINE; 00628 } 00629 for (i = 0; i < ssl_num_locks; i++) { 00630 ast_mutex_init(&ssl_locks[i]); 00631 } 00632 CRYPTO_set_locking_callback(ssl_lock); 00633 00634 ast_cli_register_multiple(cli_crypto, sizeof(cli_crypto) / sizeof(struct ast_cli_entry)); 00635 00636 /* Install ourselves into stubs */ 00637 ast_key_get = __ast_key_get; 00638 ast_check_signature = __ast_check_signature; 00639 ast_check_signature_bin = __ast_check_signature_bin; 00640 ast_sign = __ast_sign; 00641 ast_sign_bin = __ast_sign_bin; 00642 ast_encrypt_bin = __ast_encrypt_bin; 00643 ast_decrypt_bin = __ast_decrypt_bin; 00644 00645 return AST_MODULE_LOAD_SUCCESS; 00646 }
static void crypto_load | ( | int | ifd, | |
int | ofd | |||
) | [static] |
Definition at line 485 of file res_crypto.c.
References ast_config_AST_KEY_DIR, ast_log(), ast_mutex_lock(), ast_mutex_unlock(), ast_key::delme, free, keylock, keys, ast_key::ktype, last, LOG_DEBUG, LOG_NOTICE, LOG_WARNING, ast_key::name, sla_ringing_trunk::next, ast_key::next, ast_key::rsa, and try_load_key().
Referenced by load_module(), and reload().
00486 { 00487 struct ast_key *key, *nkey, *last; 00488 DIR *dir = NULL; 00489 struct dirent *ent; 00490 int note = 0; 00491 /* Mark all keys for deletion */ 00492 ast_mutex_lock(&keylock); 00493 key = keys; 00494 while(key) { 00495 key->delme = 1; 00496 key = key->next; 00497 } 00498 ast_mutex_unlock(&keylock); 00499 /* Load new keys */ 00500 dir = opendir((char *)ast_config_AST_KEY_DIR); 00501 if (dir) { 00502 while((ent = readdir(dir))) { 00503 try_load_key((char *)ast_config_AST_KEY_DIR, ent->d_name, ifd, ofd, ¬e); 00504 } 00505 closedir(dir); 00506 } else 00507 ast_log(LOG_WARNING, "Unable to open key directory '%s'\n", (char *)ast_config_AST_KEY_DIR); 00508 if (note) { 00509 ast_log(LOG_NOTICE, "Please run the command 'init keys' to enter the passcodes for the keys\n"); 00510 } 00511 ast_mutex_lock(&keylock); 00512 key = keys; 00513 last = NULL; 00514 while(key) { 00515 nkey = key->next; 00516 if (key->delme) { 00517 ast_log(LOG_DEBUG, "Deleting key %s type %d\n", key->name, key->ktype); 00518 /* Do the delete */ 00519 if (last) 00520 last->next = nkey; 00521 else 00522 keys = nkey; 00523 if (key->rsa) 00524 RSA_free(key->rsa); 00525 free(key); 00526 } else 00527 last = key; 00528 key = nkey; 00529 } 00530 ast_mutex_unlock(&keylock); 00531 }
static int init_keys | ( | int | fd, | |
int | argc, | |||
char * | argv[] | |||
) | [static] |
Definition at line 563 of file res_crypto.c.
References ast_config_AST_KEY_DIR, ast_copy_string(), ast_key::fn, KEY_NEEDS_PASSCODE, keys, ast_key::ktype, ast_key::next, RESULT_SUCCESS, and try_load_key().
00564 { 00565 struct ast_key *key; 00566 int ign; 00567 char *kn; 00568 char tmp[256] = ""; 00569 00570 key = keys; 00571 while(key) { 00572 /* Reload keys that need pass codes now */ 00573 if (key->ktype & KEY_NEEDS_PASSCODE) { 00574 kn = key->fn + strlen(ast_config_AST_KEY_DIR) + 1; 00575 ast_copy_string(tmp, kn, sizeof(tmp)); 00576 try_load_key((char *)ast_config_AST_KEY_DIR, tmp, fd, fd, &ign); 00577 } 00578 key = key->next; 00579 } 00580 return RESULT_SUCCESS; 00581 }
static int load_module | ( | void | ) | [static] |
Definition at line 654 of file res_crypto.c.
References ast_opt_init_keys, crypto_init(), and crypto_load().
00655 { 00656 crypto_init(); 00657 if (ast_opt_init_keys) 00658 crypto_load(STDIN_FILENO, STDOUT_FILENO); 00659 else 00660 crypto_load(-1, -1); 00661 return 0; 00662 }
static void md52sum | ( | char * | sum, | |
unsigned char * | md5 | |||
) | [static] |
Definition at line 533 of file res_crypto.c.
Referenced by show_keys().
00534 { 00535 int x; 00536 for (x=0;x<16;x++) 00537 sum += sprintf(sum, "%02x", *(md5++)); 00538 }
static int pw_cb | ( | char * | buf, | |
int | size, | |||
int | rwflag, | |||
void * | userdata | |||
) | [static] |
Definition at line 136 of file res_crypto.c.
References ast_hide_password(), AST_KEY_PRIVATE, ast_restore_tty(), ast_key::infd, ast_key::ktype, ast_key::name, and ast_key::outfd.
Referenced by try_load_key().
00137 { 00138 struct ast_key *key = (struct ast_key *)userdata; 00139 char prompt[256]; 00140 int res; 00141 int tmp; 00142 if (key->infd > -1) { 00143 snprintf(prompt, sizeof(prompt), ">>>> passcode for %s key '%s': ", 00144 key->ktype == AST_KEY_PRIVATE ? "PRIVATE" : "PUBLIC", key->name); 00145 if (write(key->outfd, prompt, strlen(prompt)) < 0) { 00146 /* Note that we were at least called */ 00147 key->infd = -2; 00148 return -1; 00149 } 00150 memset(buf, 0, sizeof(buf)); 00151 tmp = ast_hide_password(key->infd); 00152 memset(buf, 0, size); 00153 res = read(key->infd, buf, size); 00154 ast_restore_tty(key->infd, tmp); 00155 if (buf[strlen(buf) -1] == '\n') 00156 buf[strlen(buf) - 1] = '\0'; 00157 return strlen(buf); 00158 } else { 00159 /* Note that we were at least called */ 00160 key->infd = -2; 00161 } 00162 return -1; 00163 }
static int reload | ( | void | ) | [static] |
Definition at line 648 of file res_crypto.c.
References crypto_load().
00649 { 00650 crypto_load(-1, -1); 00651 return 0; 00652 }
static int show_keys | ( | int | fd, | |
int | argc, | |||
char * | argv[] | |||
) | [static] |
Definition at line 540 of file res_crypto.c.
References ast_cli(), AST_KEY_PUBLIC, ast_mutex_lock(), ast_mutex_unlock(), ast_key::digest, KEY_NEEDS_PASSCODE, keylock, keys, ast_key::ktype, md52sum(), ast_key::name, ast_key::next, and RESULT_SUCCESS.
00541 { 00542 struct ast_key *key; 00543 char sum[16 * 2 + 1]; 00544 int count_keys = 0; 00545 00546 ast_mutex_lock(&keylock); 00547 key = keys; 00548 ast_cli(fd, "%-18s %-8s %-16s %-33s\n", "Key Name", "Type", "Status", "Sum"); 00549 while(key) { 00550 md52sum(sum, key->digest); 00551 ast_cli(fd, "%-18s %-8s %-16s %-33s\n", key->name, 00552 (key->ktype & 0xf) == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", 00553 key->ktype & KEY_NEEDS_PASSCODE ? "[Needs Passcode]" : "[Loaded]", sum); 00554 00555 key = key->next; 00556 count_keys++; 00557 } 00558 ast_mutex_unlock(&keylock); 00559 ast_cli(fd, "%d known RSA keys.\n", count_keys); 00560 return RESULT_SUCCESS; 00561 }
static void ssl_lock | ( | int | mode, | |
int | n, | |||
const char * | file, | |||
int | line | |||
) | [static] |
Definition at line 114 of file res_crypto.c.
References ast_log(), ast_mutex_lock(), ast_mutex_unlock(), and LOG_ERROR.
Referenced by crypto_init().
00115 { 00116 if (n < 0 || n >= ssl_num_locks) { 00117 ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - " 00118 "ssl_num_locks '%d' - n '%d'\n", 00119 ssl_num_locks, n); 00120 return; 00121 } 00122 00123 if (mode & CRYPTO_LOCK) { 00124 ast_mutex_lock(&ssl_locks[n]); 00125 } else { 00126 ast_mutex_unlock(&ssl_locks[n]); 00127 } 00128 }
static unsigned long ssl_threadid | ( | void | ) | [static] |
static struct ast_key* try_load_key | ( | char * | dir, | |
char * | fname, | |||
int | ifd, | |||
int | ofd, | |||
int * | not2 | |||
) | [static] |
Definition at line 180 of file res_crypto.c.
References ast_calloc, ast_copy_string(), AST_KEY_PRIVATE, AST_KEY_PUBLIC, ast_log(), ast_mutex_lock(), ast_mutex_unlock(), ast_opt_init_keys, ast_verbose(), ast_key::delme, ast_key::digest, errno, f, ast_key::fn, ast_key::infd, KEY_NEEDS_PASSCODE, keylock, keys, ast_key::ktype, LOG_DEBUG, LOG_NOTICE, LOG_WARNING, md5(), MD5Final(), MD5Init(), MD5Update(), ast_key::name, ast_key::next, option_debug, option_verbose, ast_key::outfd, pw_cb(), ast_key::rsa, and VERBOSE_PREFIX_3.
Referenced by crypto_load(), and init_keys().
00181 { 00182 int ktype = 0; 00183 char *c = NULL; 00184 char ffname[256]; 00185 unsigned char digest[16]; 00186 FILE *f; 00187 struct MD5Context md5; 00188 struct ast_key *key; 00189 static int notice = 0; 00190 int found = 0; 00191 00192 /* Make sure its name is a public or private key */ 00193 00194 if ((c = strstr(fname, ".pub")) && !strcmp(c, ".pub")) { 00195 ktype = AST_KEY_PUBLIC; 00196 } else if ((c = strstr(fname, ".key")) && !strcmp(c, ".key")) { 00197 ktype = AST_KEY_PRIVATE; 00198 } else 00199 return NULL; 00200 00201 /* Get actual filename */ 00202 snprintf(ffname, sizeof(ffname), "%s/%s", dir, fname); 00203 00204 ast_mutex_lock(&keylock); 00205 key = keys; 00206 while(key) { 00207 /* Look for an existing version already */ 00208 if (!strcasecmp(key->fn, ffname)) 00209 break; 00210 key = key->next; 00211 } 00212 ast_mutex_unlock(&keylock); 00213 00214 /* Open file */ 00215 f = fopen(ffname, "r"); 00216 if (!f) { 00217 ast_log(LOG_WARNING, "Unable to open key file %s: %s\n", ffname, strerror(errno)); 00218 return NULL; 00219 } 00220 MD5Init(&md5); 00221 while(!feof(f)) { 00222 /* Calculate a "whatever" quality md5sum of the key */ 00223 char buf[256]; 00224 memset(buf, 0, 256); 00225 if (fgets(buf, sizeof(buf), f)) { 00226 MD5Update(&md5, (unsigned char *) buf, strlen(buf)); 00227 } 00228 } 00229 MD5Final(digest, &md5); 00230 if (key) { 00231 /* If the MD5 sum is the same, and it isn't awaiting a passcode 00232 then this is far enough */ 00233 if (!memcmp(digest, key->digest, 16) && 00234 !(key->ktype & KEY_NEEDS_PASSCODE)) { 00235 fclose(f); 00236 key->delme = 0; 00237 return NULL; 00238 } else { 00239 /* Preserve keytype */ 00240 ktype = key->ktype; 00241 /* Recycle the same structure */ 00242 found++; 00243 } 00244 } 00245 00246 /* Make fname just be the normal name now */ 00247 *c = '\0'; 00248 if (!key) { 00249 if (!(key = ast_calloc(1, sizeof(*key)))) { 00250 fclose(f); 00251 return NULL; 00252 } 00253 } 00254 /* At this point we have a key structure (old or new). Time to 00255 fill it with what we know */ 00256 /* Gotta lock if this one already exists */ 00257 if (found) 00258 ast_mutex_lock(&keylock); 00259 /* First the filename */ 00260 ast_copy_string(key->fn, ffname, sizeof(key->fn)); 00261 /* Then the name */ 00262 ast_copy_string(key->name, fname, sizeof(key->name)); 00263 key->ktype = ktype; 00264 /* Yes, assume we're going to be deleted */ 00265 key->delme = 1; 00266 /* Keep the key type */ 00267 memcpy(key->digest, digest, 16); 00268 /* Can I/O takes the FD we're given */ 00269 key->infd = ifd; 00270 key->outfd = ofd; 00271 /* Reset the file back to the beginning */ 00272 rewind(f); 00273 /* Now load the key with the right method */ 00274 if (ktype == AST_KEY_PUBLIC) 00275 key->rsa = PEM_read_RSA_PUBKEY(f, NULL, pw_cb, key); 00276 else 00277 key->rsa = PEM_read_RSAPrivateKey(f, NULL, pw_cb, key); 00278 fclose(f); 00279 if (key->rsa) { 00280 if (RSA_size(key->rsa) == 128) { 00281 /* Key loaded okay */ 00282 key->ktype &= ~KEY_NEEDS_PASSCODE; 00283 if (option_verbose > 2) 00284 ast_verbose(VERBOSE_PREFIX_3 "Loaded %s key '%s'\n", key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name); 00285 if (option_debug) 00286 ast_log(LOG_DEBUG, "Key '%s' loaded OK\n", key->name); 00287 key->delme = 0; 00288 } else 00289 ast_log(LOG_NOTICE, "Key '%s' is not expected size.\n", key->name); 00290 } else if (key->infd != -2) { 00291 ast_log(LOG_WARNING, "Key load %s '%s' failed\n",key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name); 00292 if (ofd > -1) { 00293 ERR_print_errors_fp(stderr); 00294 } else 00295 ERR_print_errors_fp(stderr); 00296 } else { 00297 ast_log(LOG_NOTICE, "Key '%s' needs passcode.\n", key->name); 00298 key->ktype |= KEY_NEEDS_PASSCODE; 00299 if (!notice) { 00300 if (!ast_opt_init_keys) 00301 ast_log(LOG_NOTICE, "Add the '-i' flag to the asterisk command line if you want to automatically initialize passcodes at launch.\n"); 00302 notice++; 00303 } 00304 /* Keep it anyway */ 00305 key->delme = 0; 00306 /* Print final notice about "init keys" when done */ 00307 *not2 = 1; 00308 } 00309 if (found) 00310 ast_mutex_unlock(&keylock); 00311 if (!found) { 00312 ast_mutex_lock(&keylock); 00313 key->next = keys; 00314 keys = key; 00315 ast_mutex_unlock(&keylock); 00316 } 00317 return key; 00318 }
static int unload_module | ( | void | ) | [static] |
struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_DEFAULT | AST_MODFLAG_BUILDSUM, .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "361d7bb937402d51e4658efb5b4d76e4" , .load = load_module, .unload = unload_module, .reload = reload } [static] |
Definition at line 675 of file res_crypto.c.
const struct ast_module_info* ast_module_info = &__mod_info [static] |
Definition at line 675 of file res_crypto.c.
struct ast_cli_entry cli_crypto[] [static] |
struct ast_cli_entry cli_init_keys_deprecated [static] |
Initial value:
{ { "init", "keys", NULL }, init_keys, NULL, NULL }
Definition at line 596 of file res_crypto.c.
struct ast_cli_entry cli_show_keys_deprecated [static] |
Initial value:
{ { "show", "keys", NULL }, show_keys, NULL, NULL }
Definition at line 591 of file res_crypto.c.
char init_keys_usage[] [static] |
Initial value:
"Usage: keys init\n" " Initializes private keys (by reading in pass code from the user)\n"
Definition at line 587 of file res_crypto.c.
ast_mutex_t keylock = ((ast_mutex_t) PTHREAD_MUTEX_INITIALIZER ) [static] |
Definition at line 79 of file res_crypto.c.
Referenced by __ast_key_get(), crypto_load(), show_keys(), and try_load_key().
Definition at line 103 of file res_crypto.c.
Referenced by __ast_key_get(), adsi_delete(), adsi_folders(), adsi_login(), adsi_message(), adsi_password(), adsi_status(), adsi_status2(), ast_db_deltree(), ast_db_gettree(), check_auth(), crypto_load(), database_show(), database_showkey(), init_keys(), misdn_set_opt_exec(), reply_digest(), show_keys(), transmit_fake_auth_response(), and try_load_key().
char show_key_usage[] [static] |
Initial value:
"Usage: keys show\n" " Displays information about RSA keys known by Asterisk\n"
Definition at line 583 of file res_crypto.c.
ast_mutex_t* ssl_locks [static] |
Definition at line 105 of file res_crypto.c.
int ssl_num_locks [static] |
Definition at line 107 of file res_crypto.c.