Provide Cryptographic Signature capability. More...
#include "asterisk.h"
#include "asterisk/paths.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/aes.h>
#include <dirent.h>
#include "asterisk/module.h"
#include "asterisk/md5.h"
#include "asterisk/cli.h"
#include "asterisk/io.h"
#include "asterisk/lock.h"
#include "asterisk/utils.h"
#include "asterisk/crypto.h"
Go to the source code of this file.
Data Structures | |
struct | ast_key |
struct | keys |
Macros | |
#define | AST_API_MODULE |
#define | FORMAT "%-18s %-8s %-16s %-33s\n" |
#define | KEY_NEEDS_PASSCODE (1 << 16) |
Functions | |
void AST_OPTIONAL_API_NAME() | ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx) |
AES decrypt data. More... | |
void AST_OPTIONAL_API_NAME() | ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx) |
AES encrypt data. More... | |
int AST_OPTIONAL_API_NAME() | ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx) |
Set a decryption key. More... | |
int AST_OPTIONAL_API_NAME() | ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx) |
Set an encryption key. More... | |
int AST_OPTIONAL_API_NAME() | ast_check_signature (struct ast_key *key, const char *msg, const char *sig) |
base64 decode then sent to __ast_check_signature_bin More... | |
int AST_OPTIONAL_API_NAME() | ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig) |
check signature of a message More... | |
int AST_OPTIONAL_API_NAME() | ast_crypto_loaded (void) |
int AST_OPTIONAL_API_NAME() | ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
decrypt a message More... | |
int AST_OPTIONAL_API_NAME() | ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
encrypt a message More... | |
struct ast_key *AST_OPTIONAL_API_NAME() | ast_key_get (const char *kname, int ktype) |
return the ast_key structure for name More... | |
int AST_OPTIONAL_API_NAME() | ast_sign (struct ast_key *key, char *msg, char *sig) |
wrapper for __ast_sign_bin then base64 encode it More... | |
int AST_OPTIONAL_API_NAME() | ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig) |
signs outgoing message with public key More... | |
static int | crypto_init (void) |
initialise the res_crypto module More... | |
static void | crypto_load (int ifd, int ofd) |
refresh RSA keys from file More... | |
static char * | handle_cli_keys_init (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a) |
initialize all RSA keys More... | |
static char * | handle_cli_keys_show (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a) |
show the list of RSA keys More... | |
static int | load_module (void) |
static void | md52sum (char *sum, unsigned char *md5) |
static int | pw_cb (char *buf, int size, int rwflag, void *userdata) |
setting of priv key More... | |
static int | reload (void) |
static struct ast_key * | try_load_key (const char *dir, const char *fname, int ifd, int ofd, int *not2) |
load RSA key from file More... | |
static int | unload_module (void) |
Variables | |
static struct ast_cli_entry | cli_crypto [] |
static struct keys | keys = { .first = NULL, .last = NULL, .lock = { PTHREAD_RWLOCK_INITIALIZER , NULL, 1 } , } |
Provide Cryptographic Signature capability.
Definition in file res_crypto.c.
#define AST_API_MODULE |
Definition at line 51 of file res_crypto.c.
#define FORMAT "%-18s %-8s %-16s %-33s\n" |
Referenced by handle_cli_keys_show().
#define KEY_NEEDS_PASSCODE (1 << 16) |
Definition at line 67 of file res_crypto.c.
Referenced by handle_cli_keys_init(), handle_cli_keys_show(), and try_load_key().
void AST_OPTIONAL_API_NAME() ast_aes_decrypt | ( | const unsigned char * | in, |
unsigned char * | out, | ||
const ast_aes_decrypt_key * | ctx | ||
) |
AES decrypt data.
in | encrypted data |
out | pointer to a buffer to hold the decrypted output |
ctx | address of an aes encryption context filled in with ast_aes_set_decrypt_key |
Definition at line 476 of file res_crypto.c.
Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().
void AST_OPTIONAL_API_NAME() ast_aes_encrypt | ( | const unsigned char * | in, |
unsigned char * | out, | ||
const ast_aes_encrypt_key * | ctx | ||
) |
AES encrypt data.
in | data to be encrypted |
out | pointer to a buffer to hold the encrypted output |
ctx | address of an aes encryption context filled in with ast_aes_set_encrypt_key |
Definition at line 471 of file res_crypto.c.
Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().
int AST_OPTIONAL_API_NAME() ast_aes_set_decrypt_key | ( | const unsigned char * | key, |
ast_aes_decrypt_key * | ctx | ||
) |
Set a decryption key.
key | a 16 char key |
ctx | address of an aes encryption context |
0 | success |
nonzero | failure |
Definition at line 466 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().
int AST_OPTIONAL_API_NAME() ast_aes_set_encrypt_key | ( | const unsigned char * | key, |
ast_aes_encrypt_key * | ctx | ||
) |
Set an encryption key.
key | a 16 char key |
ctx | address of an aes encryption context |
0 | success |
nonzero | failure |
Definition at line 461 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().
int AST_OPTIONAL_API_NAME() ast_check_signature | ( | struct ast_key * | key, |
const char * | msg, | ||
const char * | sig | ||
) |
base64 decode then sent to __ast_check_signature_bin
Check the authenticity of a message signature using a given public key.
Definition at line 440 of file res_crypto.c.
References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.
Referenced by authenticate_verify(), and register_verify().
int AST_OPTIONAL_API_NAME() ast_check_signature_bin | ( | struct ast_key * | key, |
const char * | msg, | ||
int | msglen, | ||
const unsigned char * | dsig | ||
) |
check signature of a message
Check the authenticity of a message signature using a given public key.
Definition at line 411 of file res_crypto.c.
References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_check_signature(), and check_key().
int AST_OPTIONAL_API_NAME() ast_crypto_loaded | ( | void | ) |
Definition at line 456 of file res_crypto.c.
int AST_OPTIONAL_API_NAME() ast_decrypt_bin | ( | unsigned char * | dst, |
const unsigned char * | src, | ||
int | srclen, | ||
struct ast_key * | key | ||
) |
decrypt a message
Decrypt a message using a given private key.
Definition at line 331 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by check_key().
int AST_OPTIONAL_API_NAME() ast_encrypt_bin | ( | unsigned char * | dst, |
const unsigned char * | src, | ||
int | srclen, | ||
struct ast_key * | key | ||
) |
encrypt a message
Encrypt a message using a given private key.
Definition at line 363 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by update_key().
struct ast_key* AST_OPTIONAL_API_NAME() ast_key_get | ( | const char * | kname, |
int | ktype | ||
) |
return the ast_key structure for name
Retrieve a key.
Definition at line 136 of file res_crypto.c.
References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::name.
Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().
int AST_OPTIONAL_API_NAME() ast_sign | ( | struct ast_key * | key, |
char * | msg, | ||
char * | sig | ||
) |
wrapper for __ast_sign_bin then base64 encode it
Sign a message signature using a given private key.
Definition at line 394 of file res_crypto.c.
References ast_base64encode(), and ast_sign_bin().
Referenced by authenticate().
int AST_OPTIONAL_API_NAME() ast_sign_bin | ( | struct ast_key * | key, |
const char * | msg, | ||
int | msglen, | ||
unsigned char * | dsig | ||
) |
signs outgoing message with public key
Sign a message signature using a given private key.
Definition at line 299 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_sign(), and update_key().
|
static |
initialise the res_crypto module
Definition at line 635 of file res_crypto.c.
References ARRAY_LEN, ast_cli_register_multiple(), and cli_crypto.
Referenced by load_module().
|
static |
refresh RSA keys from file
ifd | file descriptor |
ofd | file descriptor |
Definition at line 487 of file res_crypto.c.
References ast_config_AST_KEY_DIR, ast_debug, ast_free, ast_log(), AST_RWLIST_REMOVE_CURRENT, AST_RWLIST_TRAVERSE, AST_RWLIST_TRAVERSE_SAFE_BEGIN, AST_RWLIST_TRAVERSE_SAFE_END, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, ast_key::delme, ast_key::ktype, LOG_NOTICE, LOG_WARNING, ast_key::name, ast_key::rsa, and try_load_key().
Referenced by load_module(), and reload().
|
static |
initialize all RSA keys
e | CLI command |
cmd | |
a | list of CLI arguments |
Definition at line 592 of file res_crypto.c.
References ast_cli_args::argc, ast_config_AST_KEY_DIR, ast_copy_string(), AST_RWLIST_TRAVERSE_SAFE_BEGIN, AST_RWLIST_TRAVERSE_SAFE_END, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, ast_cli_args::fd, ast_key::fn, KEY_NEEDS_PASSCODE, ast_key::ktype, try_load_key(), and ast_cli_entry::usage.
|
static |
show the list of RSA keys
e | CLI command |
cmd | |
a | list of CLI arguments |
Definition at line 546 of file res_crypto.c.
References ast_cli(), AST_KEY_PUBLIC, AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, CLI_GENERATE, CLI_INIT, CLI_SUCCESS, ast_cli_entry::command, ast_key::digest, ast_cli_args::fd, FORMAT, KEY_NEEDS_PASSCODE, ast_key::ktype, md52sum(), ast_key::name, and ast_cli_entry::usage.
|
static |
Definition at line 647 of file res_crypto.c.
References AST_MODULE_LOAD_SUCCESS, ast_opt_init_keys, crypto_init(), and crypto_load().
|
static |
Definition at line 531 of file res_crypto.c.
Referenced by handle_cli_keys_show().
|
static |
setting of priv key
buf | |
size | |
rwflag | |
userdata |
Definition at line 99 of file res_crypto.c.
References ast_hide_password(), AST_KEY_PRIVATE, ast_log(), ast_restore_tty(), errno, ast_key::infd, ast_key::ktype, LOG_WARNING, ast_key::name, ast_key::outfd, and prompt.
Referenced by try_load_key().
|
static |
Definition at line 641 of file res_crypto.c.
References crypto_load().
|
static |
load RSA key from file
dir | directory string |
fname | name of file |
ifd | incoming file descriptor |
ofd | outgoing file descriptor |
not2 |
key | on success. |
NULL | on failure. |
Definition at line 162 of file res_crypto.c.
References ast_calloc, ast_copy_string(), ast_debug, AST_KEY_PRIVATE, AST_KEY_PUBLIC, ast_log(), ast_opt_init_keys, AST_RWLIST_INSERT_TAIL, AST_RWLIST_TRAVERSE, ast_verb, ast_key::delme, ast_key::digest, errno, f, ast_key::fn, ast_key::infd, KEY_NEEDS_PASSCODE, ast_key::ktype, LOG_NOTICE, LOG_WARNING, MD5Final(), MD5Init(), MD5Update(), ast_key::name, ast_key::outfd, pw_cb(), and ast_key::rsa.
Referenced by crypto_load(), and handle_cli_keys_init().
|
static |
Definition at line 658 of file res_crypto.c.
|
static |
Definition at line 629 of file res_crypto.c.
Referenced by crypto_init().