Asterisk - The Open Source Telephony Project  21.4.1
crypto.h
Go to the documentation of this file.
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2010, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18 
19 /*! \file
20  * \brief Provide cryptographic signature routines
21  */
22 
23 #ifndef _ASTERISK_CRYPTO_H
24 #define _ASTERISK_CRYPTO_H
25 
26 #if defined(__cplusplus) || defined(c_plusplus)
27 extern "C" {
28 #endif
29 
30 #include "asterisk/optional_api.h"
31 #include "asterisk/logger.h"
32 
33 /* We previously used the key length explicitly; replace with constant.
34  * For now, Asterisk is limited to 1024 bit (128 byte) RSA keys.
35  */
36 #define AST_CRYPTO_RSA_KEY_BITS 1024
37 #define AST_CRYPTO_AES_BLOCKSIZE 128
38 
39 struct aes_key {
40  unsigned char raw[AST_CRYPTO_AES_BLOCKSIZE / 8];
41 };
42 
43 typedef struct aes_key ast_aes_encrypt_key;
44 typedef struct aes_key ast_aes_decrypt_key;
45 
46 #define AST_KEY_PUBLIC (1 << 0)
47 #define AST_KEY_PRIVATE (1 << 1)
48 
49 /*!
50  * \brief Retrieve a key
51  * \param kname Name of the key we are retrieving
52  * \param ktype Intger type of key (AST_KEY_PUBLIC or AST_KEY_PRIVATE)
53  *
54  * \retval the key on success.
55  * \retval NULL on failure.
56  */
57 AST_OPTIONAL_API(struct ast_key *, ast_key_get, (const char *kname, int ktype), { return NULL; });
58 
59 /*!
60  * \brief Check the authenticity of a message signature using a given public key
61  * \param key a public key to use to verify
62  * \param msg the message that has been signed
63  * \param sig the proposed valid signature in mime64-like encoding
64  *
65  * \retval 0 if the signature is valid.
66  * \retval -1 otherwise.
67  *
68  */
69 AST_OPTIONAL_API(int, ast_check_signature, (struct ast_key *key, const char *msg, const char *sig), { return -1; });
70 
71 /*!
72  * \brief Check the authenticity of a message signature using a given public key
73  * \param key a public key to use to verify
74  * \param msg the message that has been signed
75  * \param msglen
76  * \param dsig the proposed valid signature in raw binary representation
77  *
78  * \retval 0 if the signature is valid.
79  * \retval -1 otherwise.
80  *
81  */
82 AST_OPTIONAL_API(int, ast_check_signature_bin, (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig), { return -1; });
83 
84 /*!
85  * \brief Sign a message signature using a given private key
86  * \param key a private key to use to create the signature
87  * \param msg the message to sign
88  * \param sig a pointer to a buffer of at least 256 bytes in which the
89  * mime64-like encoded signature will be stored
90  *
91  * \retval 0 on success.
92  * \retval -1 on failure.
93  *
94  */
95 AST_OPTIONAL_API(int, ast_sign, (struct ast_key *key, char *msg, char *sig), { return -1; });
96 
97 /*!
98  * \brief Sign a message signature using a given private key
99  * \param key a private key to use to create the signature
100  * \param msg the message to sign
101  * \param msglen
102  * \param dsig a pointer to a buffer of at least 128 bytes in which the
103  * raw encoded signature will be stored
104  *
105  * \retval 0 on success.
106  * \retval -1 on failure.
107  *
108  */
109 AST_OPTIONAL_API(int, ast_sign_bin, (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig), { return -1; });
110 
111 /*!
112  * \brief Encrypt a message using a given private key
113  * \param dst a pointer to a buffer of at least srclen * 1.5 bytes in which the encrypted
114  * \param src the message to encrypt
115  * \param srclen the length of the message to encrypt
116  * \param key a private key to use to encrypt
117  * answer will be stored
118  *
119  * \retval length of encrypted data on success.
120  * \retval -1 on failure.
121  *
122  */
123 AST_OPTIONAL_API(int, ast_encrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
124 
125 /*!
126  * \brief Decrypt a message using a given private key
127  * \param dst a pointer to a buffer of at least srclen bytes in which the decrypted
128  * \param src the message to decrypt
129  * \param srclen the length of the message to decrypt
130  * \param key a private key to use to decrypt
131  * answer will be stored
132  *
133  * \retval length of decrypted data on success.
134  * \retval -1 on failure.
135  *
136  */
137 AST_OPTIONAL_API(int, ast_decrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
138 
139 /*!
140  * \brief Set an encryption key
141  * \param key a 16 char key
142  * \param ctx address of an aes encryption context
143  *
144  * \retval 0 success
145  * \retval nonzero failure
146  */
147 AST_OPTIONAL_API(int, ast_aes_set_encrypt_key,
148  (const unsigned char *key, ast_aes_encrypt_key *ctx),
149  { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
150 
151 /*!
152  * \brief Set a decryption key
153  * \param key a 16 char key
154  * \param ctx address of an aes encryption context
155  *
156  * \retval 0 success
157  * \retval nonzero failure
158  */
159 AST_OPTIONAL_API(int, ast_aes_set_decrypt_key,
160  (const unsigned char *key, ast_aes_decrypt_key *ctx),
161  { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
162 
163 /*!
164  * \brief AES encrypt data
165  * \param in data to be encrypted
166  * \param out pointer to a buffer to hold the encrypted output
167  * \param key pointer to the ast_aes_encrypt_key to use for encryption
168  * \retval <= 0 failure
169  * \retval otherwise number of bytes in output buffer
170  */
171 AST_OPTIONAL_API(int, ast_aes_encrypt,
172  (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *key),
173  { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return -1; });
174 
175 /*!
176  * \brief AES decrypt data
177  * \param in encrypted data
178  * \param out pointer to a buffer to hold the decrypted output
179  * \param key pointer to the ast_aes_decrypt_key to use for decryption
180  * \retval <= 0 failure
181  * \retval otherwise number of bytes in output buffer
182  */
183 AST_OPTIONAL_API(int, ast_aes_decrypt,
184  (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *key),
185  { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return -1; });
186 
187 AST_OPTIONAL_API(int, ast_crypto_loaded, (void), { return 0; });
188 
189 AST_OPTIONAL_API(int, ast_crypto_reload, (void), { return 0; });
190 
191 #if defined(__cplusplus) || defined(c_plusplus)
192 }
193 #endif
194 
195 #endif /* _ASTERISK_CRYPTO_H */
Optional API function macros.
#define AST_OPTIONAL_API(result, name, proto, stub)
Declare an optional API function.
Definition: optional_api.h:230
int AST_OPTIONAL_API_NAME() ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
base64 decode then sent to __ast_check_signature_bin
Definition: res_crypto.c:673
int AST_OPTIONAL_API_NAME() ast_sign(struct ast_key *key, char *msg, char *sig)
wrapper for __ast_sign_bin then base64 encode it
Definition: res_crypto.c:584
int AST_OPTIONAL_API_NAME() ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
encrypt a message
Definition: res_crypto.c:549
int AST_OPTIONAL_API_NAME() ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
signs outgoing message with public key
Definition: res_crypto.c:390
int AST_OPTIONAL_API_NAME() ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
check signature of a message
Definition: res_crypto.c:634
Support for logging to various files, console and syslog Configuration in file logger.conf.
Definition: crypto.h:39
struct ast_key *AST_OPTIONAL_API_NAME() ast_key_get(const char *kname, int ktype)
return the ast_key structure for name
Definition: res_crypto.c:149
int AST_OPTIONAL_API_NAME() ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
decrypt a message
Definition: res_crypto.c:472