Wed Jan 8 2020 09:50:10

Asterisk developer's documentation


crypto.h File Reference

Provide cryptographic signature routines. More...

#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#include "openssl/aes.h"

Go to the source code of this file.

Macros

#define AST_KEY_PRIVATE   (1 << 1)
 
#define AST_KEY_PUBLIC   (1 << 0)
 

Typedefs

typedef AES_KEY ast_aes_decrypt_key
 
typedef AES_KEY ast_aes_encrypt_key
 

Functions

void ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
 AES decrypt data. More...
 
void ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
 AES encrypt data. More...
 
int ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
 Set a decryption key. More...
 
int ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
 Set an encryption key. More...
 
int ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
 Check the authenticity of a message signature using a given public key. More...
 
int ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
 Check the authenticity of a message signature using a given public key. More...
 
int ast_crypto_loaded (void)
 
int ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Decrypt a message using a given private key. More...
 
int ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Encrypt a message using a given private key. More...
 
struct ast_keyast_key_get (const char *key, int type)
 Retrieve a key. More...
 
int ast_sign (struct ast_key *key, char *msg, char *sig)
 Sign a message signature using a given private key. More...
 
int ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
 Sign a message signature using a given private key. More...
 

Detailed Description

Provide cryptographic signature routines.

Definition in file crypto.h.

Macro Definition Documentation

#define AST_KEY_PRIVATE   (1 << 1)
#define AST_KEY_PUBLIC   (1 << 0)

Typedef Documentation

typedef AES_KEY ast_aes_decrypt_key

Definition at line 36 of file crypto.h.

typedef AES_KEY ast_aes_encrypt_key

Definition at line 35 of file crypto.h.

Function Documentation

void ast_aes_decrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_decrypt_key ctx 
)

AES decrypt data.

Parameters
inencrypted data
outpointer to a buffer to hold the decrypted output
ctxaddress of an aes encryption context filled in with ast_aes_set_decrypt_key

Definition at line 476 of file res_crypto.c.

Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().

477 {
478  return AES_decrypt(in, out, ctx);
479 }
char ctx[AST_MAX_CONTEXT]
Definition: chan_oss.c:286
void ast_aes_encrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_encrypt_key ctx 
)

AES encrypt data.

Parameters
indata to be encrypted
outpointer to a buffer to hold the encrypted output
ctxaddress of an aes encryption context filled in with ast_aes_set_encrypt_key

Definition at line 471 of file res_crypto.c.

Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().

472 {
473  return AES_encrypt(in, out, ctx);
474 }
char ctx[AST_MAX_CONTEXT]
Definition: chan_oss.c:286
int ast_aes_set_decrypt_key ( const unsigned char *  key,
ast_aes_decrypt_key ctx 
)

Set a decryption key.

Parameters
keya 16 char key
ctxaddress of an aes encryption context
Return values
0success
nonzerofailure

Definition at line 466 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().

467 {
468  return AES_set_decrypt_key(key, 128, ctx);
469 }
char ctx[AST_MAX_CONTEXT]
Definition: chan_oss.c:286
int ast_aes_set_encrypt_key ( const unsigned char *  key,
ast_aes_encrypt_key ctx 
)

Set an encryption key.

Parameters
keya 16 char key
ctxaddress of an aes encryption context
Return values
0success
nonzerofailure

Definition at line 461 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().

462 {
463  return AES_set_encrypt_key(key, 128, ctx);
464 }
char ctx[AST_MAX_CONTEXT]
Definition: chan_oss.c:286
int ast_check_signature ( struct ast_key key,
const char *  msg,
const char *  sig 
)

Check the authenticity of a message signature using a given public key.

Parameters
keya public key to use to verify
msgthe message that has been signed
sigthe proposed valid signature in mime64-like encoding
Return values
0if the signature is valid.
-1otherwise.

Check the authenticity of a message signature using a given public key.

See Also
ast_check_signature

Definition at line 440 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.

Referenced by authenticate_verify(), and register_verify().

441 {
442  unsigned char dsig[128];
443  int res;
444 
445  /* Decode signature */
446  if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
447  ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
448  return -1;
449  }
450 
451  res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
452 
453  return res;
454 }
int ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
Check the authenticity of a message signature using a given public key.
Definition: res_crypto.c:411
#define LOG_WARNING
Definition: logger.h:144
int ast_base64decode(unsigned char *dst, const char *src, int max)
Decode data from base64.
Definition: utils.c:279
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207
int ast_check_signature_bin ( struct ast_key key,
const char *  msg,
int  msglen,
const unsigned char *  dsig 
)

Check the authenticity of a message signature using a given public key.

Parameters
keya public key to use to verify
msgthe message that has been signed
sigthe proposed valid signature in raw binary representation
Return values
0if the signature is valid.
-1otherwise.

Check the authenticity of a message signature using a given public key.

See Also
ast_check_signature_bin

Definition at line 411 of file res_crypto.c.

References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_check_signature(), and check_key().

412 {
413  unsigned char digest[20];
414  int res;
415 
416  if (key->ktype != AST_KEY_PUBLIC) {
417  /* Okay, so of course you really *can* but for our purposes
418  we're going to say you can't */
419  ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
420  return -1;
421  }
422 
423  /* Calculate digest of message */
424  SHA1((unsigned char *)msg, msglen, digest);
425 
426  /* Verify signature */
427  if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
428  ast_debug(1, "Key failed verification: %s\n", key->name);
429  return -1;
430  }
431 
432  /* Pass */
433  return 0;
434 }
RSA * rsa
Definition: res_crypto.c:77
int ktype
Definition: res_crypto.c:75
#define LOG_WARNING
Definition: logger.h:144
#define ast_debug(level,...)
Log a DEBUG message.
Definition: logger.h:236
char name[80]
Definition: res_crypto.c:71
Definition: sha1.h:122
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207
#define AST_KEY_PUBLIC
Definition: crypto.h:42
int ast_crypto_loaded ( void  )

Definition at line 456 of file res_crypto.c.

457 {
458  return 1;
459 }
int ast_decrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Decrypt a message using a given private key.

Parameters
keya private key to use to decrypt
srcthe message to decrypt
srclenthe length of the message to decrypt
dsta pointer to a buffer of at least srclen bytes in which the decrypted answer will be stored
Return values
lengthof dencrypted data on success.
-1on failure.

Decrypt a message using a given private key.

See Also
ast_decrypt_bin

Definition at line 331 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by check_key().

332 {
333  int res, pos = 0;
334 
335  if (key->ktype != AST_KEY_PRIVATE) {
336  ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
337  return -1;
338  }
339 
340  if (srclen % 128) {
341  ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
342  return -1;
343  }
344 
345  while (srclen) {
346  /* Process chunks 128 bytes at a time */
347  if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
348  return -1;
349  }
350  pos += res;
351  src += 128;
352  srclen -= 128;
353  dst += res;
354  }
355 
356  return pos;
357 }
RSA * rsa
Definition: res_crypto.c:77
int ktype
Definition: res_crypto.c:75
#define LOG_WARNING
Definition: logger.h:144
#define AST_KEY_PRIVATE
Definition: crypto.h:43
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207
#define LOG_NOTICE
Definition: logger.h:133
int ast_encrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Encrypt a message using a given private key.

Parameters
keya private key to use to encrypt
srcthe message to encrypt
srclenthe length of the message to encrypt
dsta pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted answer will be stored
Return values
lengthof encrypted data on success.
-1on failure.

Encrypt a message using a given private key.

See Also
ast_encrypt_bin

Definition at line 363 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.

Referenced by update_key().

364 {
365  int res, bytes, pos = 0;
366 
367  if (key->ktype != AST_KEY_PUBLIC) {
368  ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
369  return -1;
370  }
371 
372  while (srclen) {
373  bytes = srclen;
374  if (bytes > 128 - 41) {
375  bytes = 128 - 41;
376  }
377  /* Process chunks 128-41 bytes at a time */
378  if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
379  ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
380  return -1;
381  }
382  src += bytes;
383  srclen -= bytes;
384  pos += res;
385  dst += res;
386  }
387  return pos;
388 }
RSA * rsa
Definition: res_crypto.c:77
int ktype
Definition: res_crypto.c:75
#define LOG_WARNING
Definition: logger.h:144
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207
#define LOG_NOTICE
Definition: logger.h:133
#define AST_KEY_PUBLIC
Definition: crypto.h:42
struct ast_key* ast_key_get ( const char *  kname,
int  ktype 
)

Retrieve a key.

Parameters
nameof the key we are retrieving
inttype of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)
Return values
thekey on success.
NULLon failure.

Retrieve a key.

See Also
ast_key_get

Definition at line 136 of file res_crypto.c.

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::name.

Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

137 {
138  struct ast_key *key;
139 
141  AST_RWLIST_TRAVERSE(&keys, key, list) {
142  if (!strcmp(kname, key->name) &&
143  (ktype == key->ktype)) {
144  break;
145  }
146  }
148 
149  return key;
150 }
int ktype
Definition: res_crypto.c:75
#define AST_RWLIST_UNLOCK(head)
Attempts to unlock a read/write based list.
Definition: linkedlists.h:150
#define AST_RWLIST_RDLOCK(head)
Read locks a list.
Definition: linkedlists.h:77
#define AST_RWLIST_TRAVERSE
Definition: linkedlists.h:493
char name[80]
Definition: res_crypto.c:71
int ast_sign ( struct ast_key key,
char *  msg,
char *  sig 
)

Sign a message signature using a given private key.

Parameters
keya private key to use to create the signature
msgthe message to sign
siga pointer to a buffer of at least 256 bytes in which the mime64-like encoded signature will be stored
Return values
0on success.
-1on failure.

Sign a message signature using a given private key.

See Also
ast_sign

Definition at line 394 of file res_crypto.c.

References ast_base64encode(), and ast_sign_bin().

Referenced by authenticate().

395 {
396  unsigned char dsig[128];
397  int siglen = sizeof(dsig), res;
398 
399  if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
400  /* Success -- encode (256 bytes max as documented) */
401  ast_base64encode(sig, dsig, siglen, 256);
402  }
403 
404  return res;
405 }
int ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
Sign a message signature using a given private key.
Definition: res_crypto.c:299
int ast_base64encode(char *dst, const unsigned char *src, int srclen, int max)
Encode data in base64.
Definition: utils.c:357
int ast_sign_bin ( struct ast_key key,
const char *  msg,
int  msglen,
unsigned char *  dsig 
)

Sign a message signature using a given private key.

Parameters
keya private key to use to create the signature
msgthe message to sign
siga pointer to a buffer of at least 128 bytes in which the raw encoded signature will be stored
Return values
0on success.
-1on failure.

Sign a message signature using a given private key.

See Also
ast_sign_bin

Definition at line 299 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_sign(), and update_key().

300 {
301  unsigned char digest[20];
302  unsigned int siglen = 128;
303  int res;
304 
305  if (key->ktype != AST_KEY_PRIVATE) {
306  ast_log(LOG_WARNING, "Cannot sign with a public key\n");
307  return -1;
308  }
309 
310  /* Calculate digest of message */
311  SHA1((unsigned char *)msg, msglen, digest);
312 
313  /* Verify signature */
314  if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
315  ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
316  return -1;
317  }
318 
319  if (siglen != 128) {
320  ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
321  return -1;
322  }
323 
324  return 0;
325 }
RSA * rsa
Definition: res_crypto.c:77
int ktype
Definition: res_crypto.c:75
#define LOG_WARNING
Definition: logger.h:144
#define AST_KEY_PRIVATE
Definition: crypto.h:43
char name[80]
Definition: res_crypto.c:71
Definition: sha1.h:122
unsigned char digest[16]
Definition: res_crypto.c:85
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207