Provide cryptographic signature routines. More...
Go to the source code of this file.
Defines | |
| #define | AST_KEY_PRIVATE (1 << 1) |
| #define | AST_KEY_PUBLIC (1 << 0) |
Typedefs | |
| typedef AES_KEY | ast_aes_decrypt_key |
| typedef AES_KEY | ast_aes_encrypt_key |
Functions | |
| void | ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx) |
| AES decrypt data. | |
| void | ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx) |
| AES encrypt data. | |
| int | ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx) |
| Set a decryption key. | |
| int | ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx) |
| Set an encryption key. | |
| int | ast_check_signature (struct ast_key *key, const char *msg, const char *sig) |
| Check the authenticity of a message signature using a given public key. | |
| int | ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) |
| Check the authenticity of a message signature using a given public key. | |
| int | ast_crypto_loaded (void) |
| int | ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
| Decrypt a message using a given private key. | |
| int | ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) |
| Encrypt a message using a given private key. | |
| struct ast_key * | ast_key_get (const char *key, int type) |
| Retrieve a key. | |
| int | ast_sign (struct ast_key *key, char *msg, char *sig) |
| Sign a message signature using a given private key. | |
| int | ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *sig) |
| Sign a message signature using a given private key. | |
Detailed Description
Provide cryptographic signature routines.
Definition in file crypto.h.
Define Documentation
| #define AST_KEY_PRIVATE (1 << 1) |
Definition at line 43 of file crypto.h.
Referenced by ast_decrypt_bin(), ast_sign_bin(), authenticate(), check_key(), pw_cb(), try_load_key(), and update_key().
| #define AST_KEY_PUBLIC (1 << 0) |
Definition at line 42 of file crypto.h.
Referenced by ast_check_signature_bin(), ast_encrypt_bin(), authenticate_verify(), check_key(), handle_cli_keys_show(), register_verify(), try_load_key(), and update_key().
Typedef Documentation
| typedef AES_KEY ast_aes_decrypt_key |
| typedef AES_KEY ast_aes_encrypt_key |
Function Documentation
| void ast_aes_decrypt | ( | const unsigned char * | in, |
| unsigned char * | out, | ||
| const ast_aes_decrypt_key * | ctx | ||
| ) |
AES decrypt data.
- Parameters:
-
in encrypted data out pointer to a buffer to hold the decrypted output ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key
Definition at line 477 of file res_crypto.c.
Referenced by aes_helper(), decrypt_memcpy(), and memcpy_decrypt().
{
return AES_decrypt(in, out, ctx);
}
| void ast_aes_encrypt | ( | const unsigned char * | in, |
| unsigned char * | out, | ||
| const ast_aes_encrypt_key * | ctx | ||
| ) |
AES encrypt data.
- Parameters:
-
in data to be encrypted out pointer to a buffer to hold the encrypted output ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key
Definition at line 472 of file res_crypto.c.
Referenced by aes_helper(), encrypt_memcpy(), and memcpy_encrypt().
{
return AES_encrypt(in, out, ctx);
}
| int ast_aes_set_decrypt_key | ( | const unsigned char * | key, |
| ast_aes_decrypt_key * | ctx | ||
| ) |
Set a decryption key.
- Parameters:
-
key a 16 char key ctx address of an aes encryption context
- Return values:
-
0 success nonzero failure
Definition at line 467 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process(), and update_key().
{
return AES_set_decrypt_key(key, 128, ctx);
}
| int ast_aes_set_encrypt_key | ( | const unsigned char * | key, |
| ast_aes_encrypt_key * | ctx | ||
| ) |
Set an encryption key.
- Parameters:
-
key a 16 char key ctx address of an aes encryption context
- Return values:
-
0 success nonzero failure
Definition at line 462 of file res_crypto.c.
Referenced by aes_helper(), build_ecx_key(), check_key(), and update_key().
{
return AES_set_encrypt_key(key, 128, ctx);
}
| int ast_check_signature | ( | struct ast_key * | key, |
| const char * | msg, | ||
| const char * | sig | ||
| ) |
Check the authenticity of a message signature using a given public key.
- Parameters:
-
key a public key to use to verify msg the message that has been signed sig the proposed valid signature in mime64-like encoding
- Return values:
-
0 if the signature is valid. -1 otherwise.
Check the authenticity of a message signature using a given public key.
- See also:
- ast_check_signature
Definition at line 441 of file res_crypto.c.
References ast_base64decode(), ast_check_signature_bin(), ast_log(), and LOG_WARNING.
Referenced by authenticate_verify(), and register_verify().
{
unsigned char dsig[128];
int res;
/* Decode signature */
if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
return -1;
}
res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
return res;
}
| int ast_check_signature_bin | ( | struct ast_key * | key, |
| const char * | msg, | ||
| int | msglen, | ||
| const unsigned char * | dsig | ||
| ) |
Check the authenticity of a message signature using a given public key.
- Parameters:
-
key a public key to use to verify msg the message that has been signed sig the proposed valid signature in raw binary representation
- Return values:
-
0 if the signature is valid. -1 otherwise.
Check the authenticity of a message signature using a given public key.
- See also:
- ast_check_signature_bin
Definition at line 412 of file res_crypto.c.
References ast_debug, AST_KEY_PUBLIC, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_check_signature(), and check_key().
{
unsigned char digest[20];
int res;
if (key->ktype != AST_KEY_PUBLIC) {
/* Okay, so of course you really *can* but for our purposes
we're going to say you can't */
ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
return -1;
}
/* Calculate digest of message */
SHA1((unsigned char *)msg, msglen, digest);
/* Verify signature */
if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
ast_debug(1, "Key failed verification: %s\n", key->name);
return -1;
}
/* Pass */
return 0;
}
| int ast_crypto_loaded | ( | void | ) |
Definition at line 457 of file res_crypto.c.
{
return 1;
}
| int ast_decrypt_bin | ( | unsigned char * | dst, |
| const unsigned char * | src, | ||
| int | srclen, | ||
| struct ast_key * | key | ||
| ) |
Decrypt a message using a given private key.
- Parameters:
-
key a private key to use to decrypt src the message to decrypt srclen the length of the message to decrypt dst a pointer to a buffer of at least srclen bytes in which the decrypted answer will be stored
- Return values:
-
length of dencrypted data on success. -1 on failure.
Decrypt a message using a given private key.
- See also:
- ast_decrypt_bin
Definition at line 332 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by check_key().
{
int res, pos = 0;
if (key->ktype != AST_KEY_PRIVATE) {
ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
return -1;
}
if (srclen % 128) {
ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
return -1;
}
while (srclen) {
/* Process chunks 128 bytes at a time */
if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
return -1;
}
pos += res;
src += 128;
srclen -= 128;
dst += res;
}
return pos;
}
| int ast_encrypt_bin | ( | unsigned char * | dst, |
| const unsigned char * | src, | ||
| int | srclen, | ||
| struct ast_key * | key | ||
| ) |
Encrypt a message using a given private key.
- Parameters:
-
key a private key to use to encrypt src the message to encrypt srclen the length of the message to encrypt dst a pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted answer will be stored
- Return values:
-
length of encrypted data on success. -1 on failure.
Encrypt a message using a given private key.
- See also:
- ast_encrypt_bin
Definition at line 364 of file res_crypto.c.
References AST_KEY_PUBLIC, ast_log(), LOG_NOTICE, and LOG_WARNING.
Referenced by update_key().
{
int res, bytes, pos = 0;
if (key->ktype != AST_KEY_PUBLIC) {
ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
return -1;
}
while (srclen) {
bytes = srclen;
if (bytes > 128 - 41) {
bytes = 128 - 41;
}
/* Process chunks 128-41 bytes at a time */
if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
return -1;
}
src += bytes;
srclen -= bytes;
pos += res;
dst += res;
}
return pos;
}
| struct ast_key* ast_key_get | ( | const char * | kname, |
| int | ktype | ||
| ) | [read] |
Retrieve a key.
- Parameters:
-
name of the key we are retrieving int type of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)
- Return values:
-
the key on success. NULL on failure.
Retrieve a key.
- See also:
- ast_key_get
Definition at line 137 of file res_crypto.c.
References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::name.
Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().
{
struct ast_key *key;
AST_RWLIST_RDLOCK(&keys);
AST_RWLIST_TRAVERSE(&keys, key, list) {
if (!strcmp(kname, key->name) &&
(ktype == key->ktype)) {
break;
}
}
AST_RWLIST_UNLOCK(&keys);
return key;
}
| int ast_sign | ( | struct ast_key * | key, |
| char * | msg, | ||
| char * | sig | ||
| ) |
Sign a message signature using a given private key.
- Parameters:
-
key a private key to use to create the signature msg the message to sign sig a pointer to a buffer of at least 256 bytes in which the mime64-like encoded signature will be stored
- Return values:
-
0 on success. -1 on failure.
Sign a message signature using a given private key.
- See also:
- ast_sign
Definition at line 395 of file res_crypto.c.
References ast_base64encode(), and ast_sign_bin().
Referenced by authenticate().
{
unsigned char dsig[128];
int siglen = sizeof(dsig), res;
if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
/* Success -- encode (256 bytes max as documented) */
ast_base64encode(sig, dsig, siglen, 256);
}
return res;
}
| int ast_sign_bin | ( | struct ast_key * | key, |
| const char * | msg, | ||
| int | msglen, | ||
| unsigned char * | dsig | ||
| ) |
Sign a message signature using a given private key.
- Parameters:
-
key a private key to use to create the signature msg the message to sign sig a pointer to a buffer of at least 128 bytes in which the raw encoded signature will be stored
- Return values:
-
0 on success. -1 on failure.
Sign a message signature using a given private key.
- See also:
- ast_sign_bin
Definition at line 300 of file res_crypto.c.
References AST_KEY_PRIVATE, ast_log(), ast_key::digest, LOG_WARNING, and SHA1.
Referenced by ast_sign(), and update_key().
{
unsigned char digest[20];
unsigned int siglen = 128;
int res;
if (key->ktype != AST_KEY_PRIVATE) {
ast_log(LOG_WARNING, "Cannot sign with a public key\n");
return -1;
}
/* Calculate digest of message */
SHA1((unsigned char *)msg, msglen, digest);
/* Verify signature */
if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
return -1;
}
if (siglen != 128) {
ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
return -1;
}
return 0;
}
