Asterisk - The Open Source Telephony Project GIT-master-7e7a603
crypto.h
Go to the documentation of this file.
1/*
2 * Asterisk -- An open source telephony toolkit.
3 *
4 * Copyright (C) 1999 - 2010, Digium, Inc.
5 *
6 * Mark Spencer <markster@digium.com>
7 *
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
13 *
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
17 */
18
19/*! \file
20 * \brief Provide cryptographic signature routines
21 */
22
23#ifndef _ASTERISK_CRYPTO_H
24#define _ASTERISK_CRYPTO_H
25
26#if defined(__cplusplus) || defined(c_plusplus)
27extern "C" {
28#endif
29
30#include "asterisk/optional_api.h"
31#include "asterisk/logger.h"
32
33/* We previously used the key length explicitly; replace with constant.
34 * For now, Asterisk is limited to 1024 bit (128 byte) RSA keys.
35 */
36#define AST_CRYPTO_RSA_KEY_BITS 1024
37#define AST_CRYPTO_AES_BLOCKSIZE 128
38
39struct aes_key {
40 unsigned char raw[AST_CRYPTO_AES_BLOCKSIZE / 8];
41};
42
43typedef struct aes_key ast_aes_encrypt_key;
44typedef struct aes_key ast_aes_decrypt_key;
45
46#define AST_KEY_PUBLIC (1 << 0)
47#define AST_KEY_PRIVATE (1 << 1)
48
49/*!
50 * \brief Retrieve a key
51 * \param kname Name of the key we are retrieving
52 * \param ktype Intger type of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)
53 *
54 * \retval the key on success.
55 * \retval NULL on failure.
56 */
57AST_OPTIONAL_API(struct ast_key *, ast_key_get, (const char *kname, int ktype), { return NULL; });
58
59/*!
60 * \brief Check the authenticity of a message signature using a given public key
61 * \param key a public key to use to verify
62 * \param msg the message that has been signed
63 * \param sig the proposed valid signature in mime64-like encoding
64 *
65 * \retval 0 if the signature is valid.
66 * \retval -1 otherwise.
67 *
68 */
69AST_OPTIONAL_API(int, ast_check_signature, (struct ast_key *key, const char *msg, const char *sig), { return -1; });
70
71/*!
72 * \brief Check the authenticity of a message signature using a given public key
73 * \param key a public key to use to verify
74 * \param msg the message that has been signed
75 * \param msglen
76 * \param dsig the proposed valid signature in raw binary representation
77 *
78 * \retval 0 if the signature is valid.
79 * \retval -1 otherwise.
80 *
81 */
82AST_OPTIONAL_API(int, ast_check_signature_bin, (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig), { return -1; });
83
84/*!
85 * \brief Sign a message signature using a given private key
86 * \param key a private key to use to create the signature
87 * \param msg the message to sign
88 * \param sig a pointer to a buffer of at least 256 bytes in which the
89 * mime64-like encoded signature will be stored
90 *
91 * \retval 0 on success.
92 * \retval -1 on failure.
93 *
94 */
95AST_OPTIONAL_API(int, ast_sign, (struct ast_key *key, char *msg, char *sig), { return -1; });
96
97/*!
98 * \brief Sign a message signature using a given private key
99 * \param key a private key to use to create the signature
100 * \param msg the message to sign
101 * \param msglen
102 * \param dsig a pointer to a buffer of at least 128 bytes in which the
103 * raw encoded signature will be stored
104 *
105 * \retval 0 on success.
106 * \retval -1 on failure.
107 *
108 */
109AST_OPTIONAL_API(int, ast_sign_bin, (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig), { return -1; });
110
111/*!
112 * \brief Encrypt a message using a given private key
113 * \param dst a pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted
114 * \param src the message to encrypt
115 * \param srclen the length of the message to encrypt
116 * \param key a private key to use to encrypt
117 * answer will be stored
118 *
119 * \retval length of encrypted data on success.
120 * \retval -1 on failure.
121 *
122 */
123AST_OPTIONAL_API(int, ast_encrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
124
125/*!
126 * \brief Decrypt a message using a given private key
127 * \param dst a pointer to a buffer of at least srclen bytes in which the decrypted
128 * \param src the message to decrypt
129 * \param srclen the length of the message to decrypt
130 * \param key a private key to use to decrypt
131 * answer will be stored
132 *
133 * \retval length of decrypted data on success.
134 * \retval -1 on failure.
135 *
136 */
137AST_OPTIONAL_API(int, ast_decrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
138
139/*!
140 * \brief Set an encryption key
141 * \param key a 16 char key
142 * \param ctx address of an aes encryption context
143 *
144 * \retval 0 success
145 * \retval nonzero failure
146 */
147AST_OPTIONAL_API(int, ast_aes_set_encrypt_key,
148 (const unsigned char *key, ast_aes_encrypt_key *ctx),
149 { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
150
151/*!
152 * \brief Set a decryption key
153 * \param key a 16 char key
154 * \param ctx address of an aes encryption context
155 *
156 * \retval 0 success
157 * \retval nonzero failure
158 */
159AST_OPTIONAL_API(int, ast_aes_set_decrypt_key,
160 (const unsigned char *key, ast_aes_decrypt_key *ctx),
161 { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
162
163/*!
164 * \brief AES encrypt data
165 * \param in data to be encrypted
166 * \param out pointer to a buffer to hold the encrypted output
167 * \param key pointer to the ast_aes_encrypt_key to use for encryption
168 * \retval <= 0 failure
169 * \retval otherwise number of bytes in output buffer
170 */
171AST_OPTIONAL_API(int, ast_aes_encrypt,
172 (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *key),
173 { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return -1; });
174
175/*!
176 * \brief AES decrypt data
177 * \param in encrypted data
178 * \param out pointer to a buffer to hold the decrypted output
179 * \param key pointer to the ast_aes_decrypt_key to use for decryption
180 * \retval <= 0 failure
181 * \retval otherwise number of bytes in output buffer
182 */
183AST_OPTIONAL_API(int, ast_aes_decrypt,
184 (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *key),
185 { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return -1; });
186
187AST_OPTIONAL_API(int, ast_crypto_loaded, (void), { return 0; });
188
189AST_OPTIONAL_API(int, ast_crypto_reload, (void), { return 0; });
190
191#if defined(__cplusplus) || defined(c_plusplus)
192}
193#endif
194
195#endif /* _ASTERISK_CRYPTO_H */
ast_log
#define ast_log
Definition: astobj2.c:42
ast_crypto_loaded
int ast_crypto_loaded(void)
Definition: res_crypto.c:689
ast_aes_set_encrypt_key
int ast_aes_set_encrypt_key(const unsigned char *key, ast_aes_encrypt_key *ctx)
Set an encryption key.
Definition: res_crypto.c:700
ast_key_get
struct ast_key * ast_key_get(const char *kname, int ktype)
Retrieve a key.
Definition: res_crypto.c:149
ast_check_signature_bin
int ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
Check the authenticity of a message signature using a given public key.
Definition: res_crypto.c:634
ast_aes_set_decrypt_key
int ast_aes_set_decrypt_key(const unsigned char *key, ast_aes_decrypt_key *ctx)
Set a decryption key.
Definition: res_crypto.c:709
ast_sign_bin
int ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
Sign a message signature using a given private key.
Definition: res_crypto.c:390
ast_aes_encrypt
int ast_aes_encrypt(const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *key)
AES encrypt data.
Definition: res_crypto.c:749
ast_aes_decrypt
int ast_aes_decrypt(const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *key)
AES decrypt data.
Definition: res_crypto.c:790
AST_CRYPTO_AES_BLOCKSIZE
#define AST_CRYPTO_AES_BLOCKSIZE
Definition: crypto.h:37
ast_sign
int ast_sign(struct ast_key *key, char *msg, char *sig)
Sign a message signature using a given private key.
Definition: res_crypto.c:584
ast_check_signature
int ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
Check the authenticity of a message signature using a given public key.
Definition: res_crypto.c:673
ast_encrypt_bin
int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
Encrypt a message using a given private key.
Definition: res_crypto.c:549
ast_decrypt_bin
int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
Decrypt a message using a given private key.
Definition: res_crypto.c:472
ast_crypto_reload
int ast_crypto_reload(void)
Definition: res_crypto.c:694
logger.h
Support for logging to various files, console and syslog Configuration in file logger....
LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:275
optional_api.h
Optional API function macros.
AST_OPTIONAL_API
#define AST_OPTIONAL_API(result, name, proto, stub)
Declare an optional API function.
Definition: optional_api.h:230
NULL
#define NULL
Definition: resample.c:96
aes_key
Definition: crypto.h:39
aes_key::raw
unsigned char raw[AST_CRYPTO_AES_BLOCKSIZE/8]
Definition: crypto.h:40
ast_key
Definition: res_crypto.c:80
out
FILE * out
Definition: utils/frame.c:33
in
FILE * in
Definition: utils/frame.c:33
Generated on Wed Apr 24 2024 20:04:27 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4