crypto.h File Reference

Provide cryptographic signature routines. More...

#include "asterisk/optional_api.h"
#include "asterisk/logger.h"

Include dependency graph for crypto.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	aes_key

Macros
#define	AST_CRYPTO_AES_BLOCKSIZE   128
#define	AST_CRYPTO_RSA_KEY_BITS   1024
#define	AST_KEY_PRIVATE   (1 << 1)
#define	AST_KEY_PUBLIC   (1 << 0)

Typedefs
typedef struct aes_key	ast_aes_decrypt_key
typedef struct aes_key	ast_aes_encrypt_key

Functions
int AST_OPTIONAL_API_NAME()	ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *key)
	AES decrypt data.
int AST_OPTIONAL_API_NAME()	ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *key)
	AES encrypt data.
int AST_OPTIONAL_API_NAME()	ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
	Set a decryption key.
int AST_OPTIONAL_API_NAME()	ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
	Set an encryption key.
int AST_OPTIONAL_API_NAME()	ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
	Check the authenticity of a message signature using a given public key.
int AST_OPTIONAL_API_NAME()	ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
	Check the authenticity of a message signature using a given public key.
int AST_OPTIONAL_API_NAME()	ast_crypto_loaded (void)
int AST_OPTIONAL_API_NAME()	ast_crypto_reload (void)
int AST_OPTIONAL_API_NAME()	ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
	Decrypt a message using a given private key.
int AST_OPTIONAL_API_NAME()	ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
	Encrypt a message using a given private key.
struct ast_key *AST_OPTIONAL_API_NAME()	ast_key_get (const char *kname, int ktype)
	Retrieve a key.
int AST_OPTIONAL_API_NAME()	ast_sign (struct ast_key *key, char *msg, char *sig)
	Sign a message signature using a given private key.
int AST_OPTIONAL_API_NAME()	ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
	Sign a message signature using a given private key.

Detailed Description

Provide cryptographic signature routines.

Definition in file crypto.h.

Macro Definition Documentation

AST_CRYPTO_AES_BLOCKSIZE

#define AST_CRYPTO_AES_BLOCKSIZE   128

Definition at line 37 of file crypto.h.

AST_CRYPTO_RSA_KEY_BITS

#define AST_CRYPTO_RSA_KEY_BITS   1024

Definition at line 36 of file crypto.h.

AST_KEY_PRIVATE

#define AST_KEY_PRIVATE   (1 << 1)

Definition at line 47 of file crypto.h.

AST_KEY_PUBLIC

#define AST_KEY_PUBLIC   (1 << 0)

Definition at line 46 of file crypto.h.

Typedef Documentation

ast_aes_decrypt_key

typedef struct aes_key ast_aes_decrypt_key

Definition at line 44 of file crypto.h.

ast_aes_encrypt_key

typedef struct aes_key ast_aes_encrypt_key

Definition at line 43 of file crypto.h.

Function Documentation

ast_aes_decrypt()

int AST_OPTIONAL_API_NAME() ast_aes_decrypt	(	const unsigned char *	in,
		unsigned char *	out,
		const ast_aes_decrypt_key *	key
	)

AES decrypt data.

Parameters

in	encrypted data
out	pointer to a buffer to hold the decrypted output
key	pointer to the ast_aes_decrypt_key to use for decryption

Return values

<=	0 failure
otherwise	number of bytes in output buffer

Definition at line 790 of file res_crypto.c.

{
    int res;
 
    if ((res = evp_cipher_aes_decrypt(in, out, AST_CRYPTO_AES_BLOCKSIZE / 8, key)) <= 0) {
        ast_log(LOG_ERROR, "AES decryption failed\n");
    }
    return res;
}

References AST_CRYPTO_AES_BLOCKSIZE, ast_log, evp_cipher_aes_decrypt(), in, LOG_ERROR, and out.

Referenced by aes_helper(), AST_TEST_DEFINE(), decrypt_memcpy(), and memcpy_decrypt().

ast_aes_encrypt()

int AST_OPTIONAL_API_NAME() ast_aes_encrypt	(	const unsigned char *	in,
		unsigned char *	out,
		const ast_aes_encrypt_key *	key
	)

AES encrypt data.

Parameters

in	data to be encrypted
out	pointer to a buffer to hold the encrypted output
key	pointer to the ast_aes_encrypt_key to use for encryption

Return values

<=	0 failure
otherwise	number of bytes in output buffer

Definition at line 749 of file res_crypto.c.

{
    int res;
 
    if ((res = evp_cipher_aes_encrypt(in, out, AST_CRYPTO_AES_BLOCKSIZE / 8, key)) <= 0) {
        ast_log(LOG_ERROR, "AES encryption failed\n");
    }
    return res;
}

References AST_CRYPTO_AES_BLOCKSIZE, ast_log, evp_cipher_aes_encrypt(), in, LOG_ERROR, and out.

Referenced by aes_helper(), AST_TEST_DEFINE(), encrypt_memcpy(), and memcpy_encrypt().

ast_aes_set_decrypt_key()

int AST_OPTIONAL_API_NAME() ast_aes_set_decrypt_key	(	const unsigned char *	key,
		ast_aes_decrypt_key *	ctx
	)

Set a decryption key.

Parameters

key	a 16 char key
ctx	address of an aes encryption context

Return values

0	success
nonzero	failure

Definition at line 709 of file res_crypto.c.

{
    if (key == NULL || ctx == NULL) {
        return -1;
    }
    memcpy(ctx->raw, key, AST_CRYPTO_AES_BLOCKSIZE / 8);
    return 0;
}

References AST_CRYPTO_AES_BLOCKSIZE, and NULL.

Referenced by aes_helper(), AST_TEST_DEFINE(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process_helper(), and update_key().

ast_aes_set_encrypt_key()

int AST_OPTIONAL_API_NAME() ast_aes_set_encrypt_key	(	const unsigned char *	key,
		ast_aes_encrypt_key *	ctx
	)

Set an encryption key.

Parameters

key	a 16 char key
ctx	address of an aes encryption context

Return values

0	success
nonzero	failure

Definition at line 700 of file res_crypto.c.

{
    if (key == NULL || ctx == NULL) {
        return -1;
    }
    memcpy(ctx->raw, key, AST_CRYPTO_AES_BLOCKSIZE / 8);
    return 0;
}

References AST_CRYPTO_AES_BLOCKSIZE, and NULL.

Referenced by aes_helper(), AST_TEST_DEFINE(), build_ecx_key(), check_key(), and update_key().

ast_check_signature()

int AST_OPTIONAL_API_NAME() ast_check_signature	(	struct ast_key *	key,
		const char *	msg,
		const char *	sig
	)

Check the authenticity of a message signature using a given public key.

Parameters

key	a public key to use to verify
msg	the message that has been signed
sig	the proposed valid signature in mime64-like encoding

Return values

0	if the signature is valid.
-1	otherwise.

Check the authenticity of a message signature using a given public key.

See also

ast_check_signature

Definition at line 673 of file res_crypto.c.

{
    unsigned char dsig[128];
    int res;
 
    /* Decode signature */
    if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
        ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
        return -1;
    }
 
    res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
 
    return res;
}

References ast_base64decode(), ast_check_signature_bin(), ast_log, and LOG_WARNING.

Referenced by authenticate_verify(), and register_verify().

ast_check_signature_bin()

int AST_OPTIONAL_API_NAME() ast_check_signature_bin	(	struct ast_key *	key,
		const char *	msg,
		int	msglen,
		const unsigned char *	dsig
	)

Check the authenticity of a message signature using a given public key.

Parameters

key	a public key to use to verify
msg	the message that has been signed
msglen
dsig	the proposed valid signature in raw binary representation

Return values

0	if the signature is valid.
-1	otherwise.

Check the authenticity of a message signature using a given public key.

See also

ast_check_signature_bin

Definition at line 634 of file res_crypto.c.

{
    unsigned char digest[SHA_DIGEST_LENGTH];
    unsigned digestlen;
    int res;
    EVP_MD_CTX *ctx = NULL;
 
    if (key->ktype != AST_KEY_PUBLIC) {
        /* Okay, so of course you really *can* but for our purposes
           we're going to say you can't */
        ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
        return -1;
    }
 
    /* Calculate digest of message */
    ctx = EVP_MD_CTX_create();
    if (ctx == NULL) {
        ast_log(LOG_ERROR, "Out of memory\n");
        return -1;
    }
    EVP_DigestInit(ctx, EVP_sha1());
    EVP_DigestUpdate(ctx, msg, msglen);
    EVP_DigestFinal(ctx, digest, &digestlen);
    EVP_MD_CTX_destroy(ctx);
 
    /* Verify signature */
    if (!(res = evp_pkey_verify(key->pkey, (const unsigned char *)digest, sizeof(digest), (unsigned char *)dsig, 128, RSA_PKCS1_PADDING))) {
        ast_debug(1, "Key failed verification: %s\n", key->name);
        return -1;
    }
 
    /* Pass */
    return 0;
}

References ast_debug, AST_KEY_PUBLIC, ast_log, ast_key::digest, evp_pkey_verify(), ast_key::ktype, LOG_ERROR, LOG_WARNING, ast_key::name, NULL, and ast_key::pkey.

Referenced by ast_check_signature(), AST_TEST_DEFINE(), and check_key().

ast_crypto_loaded()

int AST_OPTIONAL_API_NAME() ast_crypto_loaded

(

void

)

Definition at line 689 of file res_crypto.c.

{
    return 1;
}

Referenced by AST_TEST_DEFINE().

ast_crypto_reload()

int AST_OPTIONAL_API_NAME() ast_crypto_reload

(

void

)

Definition at line 694 of file res_crypto.c.

{
    crypto_load(-1, -1);
    return 1;
}

References crypto_load().

Referenced by AST_TEST_DEFINE(), AST_TEST_DEFINE(), AST_TEST_DEFINE(), and AST_TEST_DEFINE().

ast_decrypt_bin()

int AST_OPTIONAL_API_NAME() ast_decrypt_bin	(	unsigned char *	dst,
		const unsigned char *	src,
		int	srclen,
		struct ast_key *	key
	)

Decrypt a message using a given private key.

Parameters

dst	a pointer to a buffer of at least srclen bytes in which the decrypted
src	the message to decrypt
srclen	the length of the message to decrypt
key	a private key to use to decrypt answer will be stored

Return values

length	of decrypted data on success.
-1	on failure.

Decrypt a message using a given private key.

See also

ast_decrypt_bin

Definition at line 472 of file res_crypto.c.

{
    int res;
    unsigned pos = 0, dstlen, blocksize;
 
    if (key->ktype != AST_KEY_PRIVATE) {
        ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
        return -1;
    }
 
    blocksize = EVP_PKEY_size(key->pkey);
 
    if (srclen % blocksize) {
        ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of %u bytes\n", blocksize);
        return -1;
    }
 
    while (srclen > 0) {
        /* Process chunks 128 bytes at a time */
        dstlen = blocksize;
        if ((res = evp_pkey_decrypt(key->pkey, src, blocksize, dst, &dstlen, RSA_PKCS1_OAEP_PADDING)) <= 0) {
            return -1;
        }
        pos += dstlen;
        src += blocksize;
        srclen -= blocksize;
        dst += dstlen;
    }
 
    return pos;
}

References AST_KEY_PRIVATE, ast_log, evp_pkey_decrypt(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::pkey.

Referenced by AST_TEST_DEFINE(), and check_key().

ast_encrypt_bin()

int AST_OPTIONAL_API_NAME() ast_encrypt_bin	(	unsigned char *	dst,
		const unsigned char *	src,
		int	srclen,
		struct ast_key *	key
	)

Encrypt a message using a given private key.

Parameters

dst	a pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted
src	the message to encrypt
srclen	the length of the message to encrypt
key	a private key to use to encrypt answer will be stored

Return values

length	of encrypted data on success.
-1	on failure.

Encrypt a message using a given private key.

See also

ast_encrypt_bin

Definition at line 549 of file res_crypto.c.

{
    unsigned bytes, pos = 0, dstlen, blocksize;
    int res;
 
    if (key->ktype != AST_KEY_PUBLIC) {
        ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
        return -1;
    }
 
    blocksize = EVP_PKEY_size(key->pkey);
 
    while (srclen) {
        bytes = srclen;
        if (bytes > blocksize - RSA_PKCS1_OAEP_PADDING_SIZE) {
            bytes = blocksize - RSA_PKCS1_OAEP_PADDING_SIZE;
        }
        /* Process chunks 128-41 bytes at a time */
        dstlen = blocksize;
        if ((res = evp_pkey_encrypt(key->pkey, src, bytes, dst, &dstlen, RSA_PKCS1_OAEP_PADDING)) != blocksize) {
            ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
            return -1;
        }
        src += bytes;
        srclen -= bytes;
        pos += dstlen;
        dst += dstlen;
    }
    return pos;
}

References AST_KEY_PUBLIC, ast_log, evp_pkey_encrypt(), ast_key::ktype, LOG_NOTICE, LOG_WARNING, ast_key::pkey, and RSA_PKCS1_OAEP_PADDING_SIZE.

Referenced by AST_TEST_DEFINE(), and update_key().

ast_key_get()

struct ast_key *AST_OPTIONAL_API_NAME() ast_key_get	(	const char *	kname,
		int	ktype
	)

Retrieve a key.

Parameters

kname	Name of the key we are retrieving
ktype	Intger type of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)

Return values

the	key on success.
NULL	on failure.

Retrieve a key.

See also

ast_key_get

Definition at line 149 of file res_crypto.c.

{
    struct ast_key *key;
 
    AST_RWLIST_RDLOCK(&keys);
    AST_RWLIST_TRAVERSE(&keys, key, list) {
        if (!strcmp(kname, key->name) &&
            (ktype == key->ktype)) {
            break;
        }
    }
    AST_RWLIST_UNLOCK(&keys);
 
    return key;
}

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, ast_key::list, and ast_key::name.

Referenced by AST_TEST_DEFINE(), AST_TEST_DEFINE(), AST_TEST_DEFINE(), AST_TEST_DEFINE(), authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

ast_sign()

int AST_OPTIONAL_API_NAME() ast_sign	(	struct ast_key *	key,
		char *	msg,
		char *	sig
	)

Sign a message signature using a given private key.

Parameters

key	a private key to use to create the signature
msg	the message to sign
sig	a pointer to a buffer of at least 256 bytes in which the mime64-like encoded signature will be stored

Return values

0	on success.
-1	on failure.

Sign a message signature using a given private key.

See also

ast_sign

Definition at line 584 of file res_crypto.c.

{
    /* assumes 1024 bit RSA key size */
    unsigned char dsig[128];
    int siglen = sizeof(dsig), res;
 
    if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
        /* Success -- encode (256 bytes max as documented) */
        ast_base64encode(sig, dsig, siglen, 256);
    }
 
    return res;
}

References ast_base64encode(), and ast_sign_bin().

Referenced by authenticate().

ast_sign_bin()

int AST_OPTIONAL_API_NAME() ast_sign_bin	(	struct ast_key *	key,
		const char *	msg,
		int	msglen,
		unsigned char *	dsig
	)

Sign a message signature using a given private key.

Parameters

key	a private key to use to create the signature
msg	the message to sign
msglen
dsig	a pointer to a buffer of at least 128 bytes in which the raw encoded signature will be stored

Return values

0	on success.
-1	on failure.

Sign a message signature using a given private key.

See also

ast_sign_bin

Definition at line 390 of file res_crypto.c.

{
    unsigned char digest[SHA_DIGEST_LENGTH];
    unsigned digestlen, siglen = 128;
    int res;
    EVP_MD_CTX *ctx = NULL;
 
    if (key->ktype != AST_KEY_PRIVATE) {
        ast_log(LOG_WARNING, "Cannot sign with a public key\n");
        return -1;
    }
 
    if (siglen < EVP_PKEY_size(key->pkey)) {
        ast_log(LOG_WARNING, "Signature buffer too small\n");
        return -1;
    }
 
    /* Calculate digest of message */
    ctx = EVP_MD_CTX_create();
    if (ctx == NULL) {
        ast_log(LOG_ERROR, "Out of memory\n");
        return -1;
    }
    EVP_DigestInit(ctx, EVP_sha1());
    EVP_DigestUpdate(ctx, msg, msglen);
    EVP_DigestFinal(ctx, digest, &digestlen);
    EVP_MD_CTX_destroy(ctx);
 
    /* Verify signature */
    if ((res = evp_pkey_sign(key->pkey, digest, sizeof(digest), dsig, &siglen, RSA_PKCS1_PADDING)) <= 0) {
        ast_log(LOG_WARNING, "RSA Signature (key %s) failed %d\n", key->name, res);
        return -1;
    }
 
    if (siglen != EVP_PKEY_size(key->pkey)) {
        ast_log(LOG_WARNING, "Unexpected signature length %u, expecting %d\n", siglen, EVP_PKEY_size(key->pkey));
        return -1;
    }
 
    return 0;
}

References AST_KEY_PRIVATE, ast_log, ast_key::digest, evp_pkey_sign(), ast_key::ktype, LOG_ERROR, LOG_WARNING, ast_key::name, NULL, and ast_key::pkey.

Referenced by ast_sign(), AST_TEST_DEFINE(), and update_key().