crypto.h File Reference

Provide cryptographic signature routines. More...

#include "asterisk/optional_api.h"
#include "asterisk/logger.h"

Include dependency graph for crypto.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define AST_KEY_PRIVATE   (1 << 1)
#define AST_KEY_PUBLIC   (1 << 0)

Typedefs

typedef char ast_aes_decrypt_key
typedef char ast_aes_encrypt_key

Functions

void ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
 AES decrypt data.
void ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
 AES encrypt data.
int ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
 Set a decryption key.
int ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
 Set an encryption key.
int ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
 Check the authenticity of a message signature using a given public key.
int ast_crypto_loaded (void)
int ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Decrypt a message using a given private key.
int ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 Encrypt a message using a given private key.
struct ast_keyast_key_get (const char *key, int type)
 Retrieve a key.
int ast_sign (struct ast_key *key, char *msg, char *sig)
 Sign a message signature using a given private key.
int ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
 Sign a message signature using a given private key.


Detailed Description

Provide cryptographic signature routines.

Definition in file crypto.h.


Define Documentation

#define AST_KEY_PRIVATE   (1 << 1)

#define AST_KEY_PUBLIC   (1 << 0)


Typedef Documentation

typedef char ast_aes_decrypt_key

Definition at line 39 of file crypto.h.

typedef char ast_aes_encrypt_key

Definition at line 38 of file crypto.h.


Function Documentation

void ast_aes_decrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_decrypt_key ctx 
)

AES decrypt data.

Parameters:
in encrypted data
out pointer to a buffer to hold the decrypted output
ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key

Definition at line 476 of file res_crypto.c.

References in, and out.

Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().

00477 {
00478    return AES_decrypt(in, out, ctx);
00479 }

void ast_aes_encrypt ( const unsigned char *  in,
unsigned char *  out,
const ast_aes_encrypt_key ctx 
)

AES encrypt data.

Parameters:
in data to be encrypted
out pointer to a buffer to hold the encrypted output
ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key

Definition at line 471 of file res_crypto.c.

References in, and out.

Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().

00472 {
00473    return AES_encrypt(in, out, ctx);
00474 }

int ast_aes_set_decrypt_key ( const unsigned char *  key,
ast_aes_decrypt_key ctx 
)

Set a decryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 466 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process_helper(), and update_key().

00467 {
00468    return AES_set_decrypt_key(key, 128, ctx);
00469 }

int ast_aes_set_encrypt_key ( const unsigned char *  key,
ast_aes_encrypt_key ctx 
)

Set an encryption key.

Parameters:
key a 16 char key
ctx address of an aes encryption context
Return values:
0 success
nonzero failure

Definition at line 461 of file res_crypto.c.

Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().

00462 {
00463    return AES_set_encrypt_key(key, 128, ctx);
00464 }

int ast_check_signature ( struct ast_key key,
const char *  msg,
const char *  sig 
)

Check the authenticity of a message signature using a given public key.

Parameters:
key a public key to use to verify
msg the message that has been signed
sig the proposed valid signature in mime64-like encoding
Return values:
0 if the signature is valid.
-1 otherwise.
Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature

Definition at line 440 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin(), ast_log, LOG_WARNING, and sig().

Referenced by authenticate_verify(), and register_verify().

00441 {
00442    unsigned char dsig[128];
00443    int res;
00444 
00445    /* Decode signature */
00446    if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
00447       ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
00448       return -1;
00449    }
00450 
00451    res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
00452 
00453    return res;
00454 }

int ast_check_signature_bin ( struct ast_key key,
const char *  msg,
int  msglen,
const unsigned char *  dsig 
)

Check the authenticity of a message signature using a given public key.

Parameters:
key a public key to use to verify
msg the message that has been signed
msglen 
sig the proposed valid signature in raw binary representation
Return values:
0 if the signature is valid.
-1 otherwise.
Check the authenticity of a message signature using a given public key.

See also:
ast_check_signature_bin

Definition at line 411 of file res_crypto.c.

References ast_debug, AST_KEY_PUBLIC, ast_log, ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_check_signature(), and check_key().

00412 {
00413    unsigned char digest[20];
00414    int res;
00415 
00416    if (key->ktype != AST_KEY_PUBLIC) {
00417       /* Okay, so of course you really *can* but for our purposes
00418          we're going to say you can't */
00419       ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
00420       return -1;
00421    }
00422 
00423    /* Calculate digest of message */
00424    SHA1((unsigned char *)msg, msglen, digest);
00425 
00426    /* Verify signature */
00427    if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
00428       ast_debug(1, "Key failed verification: %s\n", key->name);
00429       return -1;
00430    }
00431 
00432    /* Pass */
00433    return 0;
00434 }

int ast_crypto_loaded ( void   ) 

Definition at line 456 of file res_crypto.c.

Referenced by AST_TEST_DEFINE().

00457 {
00458    return 1;
00459 }

int ast_decrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Decrypt a message using a given private key.

Parameters:
key a private key to use to decrypt
src the message to decrypt
srclen the length of the message to decrypt
dst a pointer to a buffer of at least srclen bytes in which the decrypted answer will be stored
Return values:
length of dencrypted data on success.
-1 on failure.
Decrypt a message using a given private key.

See also:
ast_decrypt_bin

Definition at line 331 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log, LOG_NOTICE, and LOG_WARNING.

Referenced by check_key().

00332 {
00333    int res, pos = 0;
00334 
00335    if (key->ktype != AST_KEY_PRIVATE) {
00336       ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
00337       return -1;
00338    }
00339 
00340    if (srclen % 128) {
00341       ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
00342       return -1;
00343    }
00344 
00345    while (srclen) {
00346       /* Process chunks 128 bytes at a time */
00347       if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
00348          return -1;
00349       }
00350       pos += res;
00351       src += 128;
00352       srclen -= 128;
00353       dst += res;
00354    }
00355 
00356    return pos;
00357 }

int ast_encrypt_bin ( unsigned char *  dst,
const unsigned char *  src,
int  srclen,
struct ast_key key 
)

Encrypt a message using a given private key.

Parameters:
key a private key to use to encrypt
src the message to encrypt
srclen the length of the message to encrypt
dst a pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted answer will be stored
Return values:
length of encrypted data on success.
-1 on failure.
Encrypt a message using a given private key.

See also:
ast_encrypt_bin

Definition at line 363 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log, LOG_NOTICE, and LOG_WARNING.

Referenced by update_key().

00364 {
00365    int res, bytes, pos = 0;
00366 
00367    if (key->ktype != AST_KEY_PUBLIC) {
00368       ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
00369       return -1;
00370    }
00371 
00372    while (srclen) {
00373       bytes = srclen;
00374       if (bytes > 128 - 41) {
00375          bytes = 128 - 41;
00376       }
00377       /* Process chunks 128-41 bytes at a time */
00378       if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
00379          ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
00380          return -1;
00381       }
00382       src += bytes;
00383       srclen -= bytes;
00384       pos += res;
00385       dst += res;
00386    }
00387    return pos;
00388 }

struct ast_key* ast_key_get ( const char *  kname,
int  ktype 
) [read]

Retrieve a key.

Parameters:
key Name of the key we are retrieving
type Intger type of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)
Return values:
the key on success.
NULL on failure.
Retrieve a key.

See also:
ast_key_get

Definition at line 136 of file res_crypto.c.

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, ast_key::list, and ast_key::name.

Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

00137 {
00138    struct ast_key *key;
00139 
00140    AST_RWLIST_RDLOCK(&keys);
00141    AST_RWLIST_TRAVERSE(&keys, key, list) {
00142       if (!strcmp(kname, key->name) &&
00143           (ktype == key->ktype)) {
00144          break;
00145       }
00146    }
00147    AST_RWLIST_UNLOCK(&keys);
00148 
00149    return key;
00150 }

int ast_sign ( struct ast_key key,
char *  msg,
char *  sig 
)

Sign a message signature using a given private key.

Parameters:
key a private key to use to create the signature
msg the message to sign
sig a pointer to a buffer of at least 256 bytes in which the mime64-like encoded signature will be stored
Return values:
0 on success.
-1 on failure.
Sign a message signature using a given private key.

See also:
ast_sign

Definition at line 394 of file res_crypto.c.

References ast_base64encode(), ast_sign_bin(), and sig().

Referenced by authenticate().

00395 {
00396    unsigned char dsig[128];
00397    int siglen = sizeof(dsig), res;
00398 
00399    if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
00400       /* Success -- encode (256 bytes max as documented) */
00401       ast_base64encode(sig, dsig, siglen, 256);
00402    }
00403 
00404    return res;
00405 }

int ast_sign_bin ( struct ast_key key,
const char *  msg,
int  msglen,
unsigned char *  dsig 
)

Sign a message signature using a given private key.

Parameters:
key a private key to use to create the signature
msg the message to sign
msglen 
sig a pointer to a buffer of at least 128 bytes in which the raw encoded signature will be stored
Return values:
0 on success.
-1 on failure.
Sign a message signature using a given private key.

See also:
ast_sign_bin

Definition at line 299 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log, ast_key::digest, LOG_WARNING, and SHA1.

Referenced by ast_sign(), and update_key().

00300 {
00301    unsigned char digest[20];
00302    unsigned int siglen = 128;
00303    int res;
00304 
00305    if (key->ktype != AST_KEY_PRIVATE) {
00306       ast_log(LOG_WARNING, "Cannot sign with a public key\n");
00307       return -1;
00308    }
00309 
00310    /* Calculate digest of message */
00311    SHA1((unsigned char *)msg, msglen, digest);
00312 
00313    /* Verify signature */
00314    if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
00315       ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
00316       return -1;
00317    }
00318 
00319    if (siglen != 128) {
00320       ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
00321       return -1;
00322    }
00323 
00324    return 0;
00325 }


Generated on Thu Apr 16 06:30:32 2015 for Asterisk - The Open Source Telephony Project by  doxygen 1.5.6