res_crypto.c File Reference

Provide Cryptographic Signature capability. More...

#include "asterisk.h"
#include <dirent.h>
#include <openssl/aes.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include "asterisk/cli.h"
#include "asterisk/compat.h"
#include "asterisk/io.h"
#include "asterisk/linkedlists.h"
#include "asterisk/logger.h"
#include "asterisk/md5.h"
#include "asterisk/module.h"
#include "asterisk/options.h"
#include "asterisk/paths.h"
#include "asterisk/utils.h"
#include "asterisk/crypto.h"

Include dependency graph for res_crypto.c:

Go to the source code of this file.

Data Structures
struct	ast_key
struct	keys

Macros
#define	AST_API_MODULE
#define	FORMAT   "%-18s %-8s %-16s %-33s\n"
#define	KEY_NEEDS_PASSCODE   (1 << 16)

Functions
static void	__reg_module (void)
static void	__unreg_module (void)
void AST_OPTIONAL_API_NAME()	ast_aes_decrypt (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
void AST_OPTIONAL_API_NAME()	ast_aes_encrypt (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
int AST_OPTIONAL_API_NAME()	ast_aes_set_decrypt_key (const unsigned char *key, ast_aes_decrypt_key *ctx)
int AST_OPTIONAL_API_NAME()	ast_aes_set_encrypt_key (const unsigned char *key, ast_aes_encrypt_key *ctx)
int AST_OPTIONAL_API_NAME()	ast_check_signature (struct ast_key *key, const char *msg, const char *sig)
	base64 decode then sent to __ast_check_signature_bin More...
int AST_OPTIONAL_API_NAME()	ast_check_signature_bin (struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
	check signature of a message More...
int AST_OPTIONAL_API_NAME()	ast_crypto_loaded (void)
int AST_OPTIONAL_API_NAME()	ast_decrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
	decrypt a message More...
int AST_OPTIONAL_API_NAME()	ast_encrypt_bin (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
	encrypt a message More...
struct ast_key *AST_OPTIONAL_API_NAME()	ast_key_get (const char *kname, int ktype)
	return the ast_key structure for name More...
struct ast_module *	AST_MODULE_SELF_SYM (void)
int AST_OPTIONAL_API_NAME()	ast_sign (struct ast_key *key, char *msg, char *sig)
	wrapper for __ast_sign_bin then base64 encode it More...
int AST_OPTIONAL_API_NAME()	ast_sign_bin (struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
	signs outgoing message with public key More...
static int	crypto_init (void)
	initialise the res_crypto module More...
static void	crypto_load (int ifd, int ofd)
	refresh RSA keys from file More...
static char *	handle_cli_keys_init (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
	initialize all RSA keys More...
static char *	handle_cli_keys_show (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
	show the list of RSA keys More...
static int	load_module (void)
static void	md52sum (char *sum, unsigned char *md5)
static int	pw_cb (char *buf, int size, int rwflag, void *userdata)
	setting of priv key More...
static int	reload (void)
static struct ast_key *	try_load_key (const char *dir, const char *fname, int ifd, int ofd, int *not2)
	load RSA key from file More...
static int	unload_module (void)

Variables
static struct ast_module_info	__mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "30ef0c93b36035ec78c9cfd712d36d9b" , }
static struct ast_cli_entry	cli_crypto []
static struct keys	keys = { .first = NULL, .last = NULL, .lock = { PTHREAD_RWLOCK_INITIALIZER , NULL, {1, 0} } , }

Detailed Description

Provide Cryptographic Signature capability.

Author

Mark Spencer marks.nosp@m.ter@.nosp@m.digiu.nosp@m.m.co.nosp@m.m

Uses the OpenSSL library, available at http://www.openssl.org/

Definition in file res_crypto.c.

Macro Definition Documentation

AST_API_MODULE

#define AST_API_MODULE

Definition at line 56 of file res_crypto.c.

FORMAT

#define FORMAT   "%-18s %-8s %-16s %-33s\n"

Referenced by handle_cli_keys_show().

KEY_NEEDS_PASSCODE

#define KEY_NEEDS_PASSCODE   (1 << 16)

Definition at line 72 of file res_crypto.c.

Referenced by handle_cli_keys_init(), handle_cli_keys_show(), and try_load_key().

Function Documentation

__reg_module()

static void __reg_module ( void  )

static

Definition at line 677 of file res_crypto.c.

__unreg_module()

static void __unreg_module ( void  )

static

Definition at line 677 of file res_crypto.c.

ast_aes_decrypt()

void AST_OPTIONAL_API_NAME() ast_aes_decrypt	(	const unsigned char *	in,
		unsigned char *	out,
		const ast_aes_decrypt_key *	ctx
	)

Definition at line 481 of file res_crypto.c.

References in, and out.

Referenced by __stub__ast_aes_encrypt(), aes_helper(), decrypt_memcpy(), and memcpy_decrypt().

{
   return AES_decrypt(in, out, ctx);
}

ast_aes_encrypt()

void AST_OPTIONAL_API_NAME() ast_aes_encrypt	(	const unsigned char *	in,
		unsigned char *	out,
		const ast_aes_encrypt_key *	ctx
	)

Definition at line 476 of file res_crypto.c.

References in, and out.

Referenced by __stub__ast_aes_set_decrypt_key(), aes_helper(), encrypt_memcpy(), and memcpy_encrypt().

{
   return AES_encrypt(in, out, ctx);
}

ast_aes_set_decrypt_key()

int AST_OPTIONAL_API_NAME() ast_aes_set_decrypt_key	(	const unsigned char *	key,
		ast_aes_decrypt_key *	ctx
	)

Definition at line 471 of file res_crypto.c.

Referenced by __stub__ast_aes_set_encrypt_key(), aes_helper(), build_ecx_key(), build_encryption_keys(), check_key(), socket_process_helper(), and update_key().

{
   return AES_set_decrypt_key(key, 128, ctx);
}

ast_aes_set_encrypt_key()

int AST_OPTIONAL_API_NAME() ast_aes_set_encrypt_key	(	const unsigned char *	key,
		ast_aes_encrypt_key *	ctx
	)

Definition at line 466 of file res_crypto.c.

Referenced by __stub__ast_decrypt_bin(), aes_helper(), build_ecx_key(), check_key(), and update_key().

{
   return AES_set_encrypt_key(key, 128, ctx);
}

ast_check_signature()

int AST_OPTIONAL_API_NAME() ast_check_signature	(	struct ast_key *	key,
		const char *	msg,
		const char *	sig
	)

base64 decode then sent to __ast_check_signature_bin

See also

ast_check_signature

Definition at line 445 of file res_crypto.c.

References ast_base64decode(), ast_check_signature_bin(), ast_log, and LOG_WARNING.

Referenced by authenticate_verify(), and register_verify().

{
   unsigned char dsig[128];
   int res;

   /* Decode signature */
   if ((res = ast_base64decode(dsig, sig, sizeof(dsig))) != sizeof(dsig)) {
      ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res);
      return -1;
   }

   res = ast_check_signature_bin(key, msg, strlen(msg), dsig);

   return res;
}

ast_check_signature_bin()

int AST_OPTIONAL_API_NAME() ast_check_signature_bin	(	struct ast_key *	key,
		const char *	msg,
		int	msglen,
		const unsigned char *	dsig
	)

check signature of a message

See also

ast_check_signature_bin

Definition at line 416 of file res_crypto.c.

References ast_debug, AST_KEY_PUBLIC, ast_log, ast_key::digest, ast_key::ktype, LOG_WARNING, ast_key::name, ast_key::rsa, and SHA1.

Referenced by ast_check_signature(), and check_key().

{
   unsigned char digest[20];
   int res;

   if (key->ktype != AST_KEY_PUBLIC) {
      /* Okay, so of course you really *can* but for our purposes
         we're going to say you can't */
      ast_log(LOG_WARNING, "Cannot check message signature with a private key\n");
      return -1;
   }

   /* Calculate digest of message */
   SHA1((unsigned char *)msg, msglen, digest);

   /* Verify signature */
   if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
      ast_debug(1, "Key failed verification: %s\n", key->name);
      return -1;
   }

   /* Pass */
   return 0;
}

ast_crypto_loaded()

int AST_OPTIONAL_API_NAME() ast_crypto_loaded

(

void

)

Definition at line 461 of file res_crypto.c.

Referenced by AST_TEST_DEFINE().

{
   return 1;
}

ast_decrypt_bin()

int AST_OPTIONAL_API_NAME() ast_decrypt_bin	(	unsigned char *	dst,
		const unsigned char *	src,
		int	srclen,
		struct ast_key *	key
	)

decrypt a message

See also

ast_decrypt_bin

Definition at line 336 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log, ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.

Referenced by check_key().

{
   int res, pos = 0;

   if (key->ktype != AST_KEY_PRIVATE) {
      ast_log(LOG_WARNING, "Cannot decrypt with a public key\n");
      return -1;
   }

   if (srclen % 128) {
      ast_log(LOG_NOTICE, "Tried to decrypt something not a multiple of 128 bytes\n");
      return -1;
   }

   while (srclen) {
      /* Process chunks 128 bytes at a time */
      if ((res = RSA_private_decrypt(128, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) {
         return -1;
      }
      pos += res;
      src += 128;
      srclen -= 128;
      dst += res;
   }

   return pos;
}

ast_encrypt_bin()

int AST_OPTIONAL_API_NAME() ast_encrypt_bin	(	unsigned char *	dst,
		const unsigned char *	src,
		int	srclen,
		struct ast_key *	key
	)

encrypt a message

See also

ast_encrypt_bin

Definition at line 368 of file res_crypto.c.

References AST_KEY_PUBLIC, ast_log, ast_key::ktype, LOG_NOTICE, LOG_WARNING, and ast_key::rsa.

Referenced by update_key().

{
   int res, bytes, pos = 0;

   if (key->ktype != AST_KEY_PUBLIC) {
      ast_log(LOG_WARNING, "Cannot encrypt with a private key\n");
      return -1;
   }

   while (srclen) {
      bytes = srclen;
      if (bytes > 128 - 41) {
         bytes = 128 - 41;
      }
      /* Process chunks 128-41 bytes at a time */
      if ((res = RSA_public_encrypt(bytes, src, dst, key->rsa, RSA_PKCS1_OAEP_PADDING)) != 128) {
         ast_log(LOG_NOTICE, "How odd, encrypted size is %d\n", res);
         return -1;
      }
      src += bytes;
      srclen -= bytes;
      pos += res;
      dst += res;
   }
   return pos;
}

ast_key_get()

struct ast_key* AST_OPTIONAL_API_NAME() ast_key_get	(	const char *	kname,
		int	ktype
	)

return the ast_key structure for name

See also

ast_key_get

Definition at line 141 of file res_crypto.c.

References AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, ast_key::ktype, and ast_key::name.

Referenced by authenticate(), authenticate_verify(), check_key(), register_verify(), and update_key().

{
   struct ast_key *key;

   AST_RWLIST_RDLOCK(&keys);
   AST_RWLIST_TRAVERSE(&keys, key, list) {
      if (!strcmp(kname, key->name) &&
          (ktype == key->ktype)) {
         break;
      }
   }
   AST_RWLIST_UNLOCK(&keys);

   return key;
}

AST_MODULE_SELF_SYM()

struct ast_module* AST_MODULE_SELF_SYM

(

void

)

Definition at line 677 of file res_crypto.c.

ast_sign()

int AST_OPTIONAL_API_NAME() ast_sign	(	struct ast_key *	key,
		char *	msg,
		char *	sig
	)

wrapper for __ast_sign_bin then base64 encode it

See also

ast_sign

Definition at line 399 of file res_crypto.c.

References ast_base64encode(), and ast_sign_bin().

Referenced by authenticate().

{
   unsigned char dsig[128];
   int siglen = sizeof(dsig), res;

   if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
      /* Success -- encode (256 bytes max as documented) */
      ast_base64encode(sig, dsig, siglen, 256);
   }

   return res;
}

ast_sign_bin()

int AST_OPTIONAL_API_NAME() ast_sign_bin	(	struct ast_key *	key,
		const char *	msg,
		int	msglen,
		unsigned char *	dsig
	)

signs outgoing message with public key

See also

ast_sign_bin

Definition at line 304 of file res_crypto.c.

References AST_KEY_PRIVATE, ast_log, ast_key::digest, ast_key::ktype, LOG_WARNING, ast_key::name, ast_key::rsa, and SHA1.

Referenced by ast_sign(), and update_key().

{
   unsigned char digest[20];
   unsigned int siglen = 128;
   int res;

   if (key->ktype != AST_KEY_PRIVATE) {
      ast_log(LOG_WARNING, "Cannot sign with a public key\n");
      return -1;
   }

   /* Calculate digest of message */
   SHA1((unsigned char *)msg, msglen, digest);

   /* Verify signature */
   if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
      ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
      return -1;
   }

   if (siglen != 128) {
      ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
      return -1;
   }

   return 0;
}

crypto_init()

static int crypto_init ( void  )

static

initialise the res_crypto module

Definition at line 640 of file res_crypto.c.

References ARRAY_LEN, and ast_cli_register_multiple.

Referenced by load_module().

{
   ast_cli_register_multiple(cli_crypto, ARRAY_LEN(cli_crypto));
   return 0;
}

crypto_load()

static void crypto_load ( int  ifd, int  ofd  )

static

refresh RSA keys from file

Parameters

ifd	file descriptor
ofd	file descriptor

Returns

void

Definition at line 492 of file res_crypto.c.

References ast_config_AST_KEY_DIR, ast_debug, ast_free, ast_log, AST_RWLIST_REMOVE_CURRENT, AST_RWLIST_TRAVERSE, AST_RWLIST_TRAVERSE_SAFE_BEGIN, AST_RWLIST_TRAVERSE_SAFE_END, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, ast_key::delme, ast_key::ktype, LOG_NOTICE, LOG_WARNING, ast_key::name, NULL, ast_key::rsa, and try_load_key().

Referenced by load_module(), and reload().

{
   struct ast_key *key;
   DIR *dir = NULL;
   struct dirent *ent;
   int note = 0;

   AST_RWLIST_WRLOCK(&keys);

   /* Mark all keys for deletion */
   AST_RWLIST_TRAVERSE(&keys, key, list) {
      key->delme = 1;
   }

   /* Load new keys */
   if ((dir = opendir(ast_config_AST_KEY_DIR))) {
      while ((ent = readdir(dir))) {
         try_load_key(ast_config_AST_KEY_DIR, ent->d_name, ifd, ofd, &note);
      }
      closedir(dir);
   } else {
      ast_log(LOG_WARNING, "Unable to open key directory '%s'\n", ast_config_AST_KEY_DIR);
   }

   if (note) {
      ast_log(LOG_NOTICE, "Please run the command 'keys init' to enter the passcodes for the keys\n");
   }

   /* Delete any keys that are no longer present */
   AST_RWLIST_TRAVERSE_SAFE_BEGIN(&keys, key, list) {
      if (key->delme) {
         ast_debug(1, "Deleting key %s type %d\n", key->name, key->ktype);
         AST_RWLIST_REMOVE_CURRENT(list);
         if (key->rsa) {
            RSA_free(key->rsa);
         }
         ast_free(key);
      }
   }
   AST_RWLIST_TRAVERSE_SAFE_END;

   AST_RWLIST_UNLOCK(&keys);
}

handle_cli_keys_init()

static char* handle_cli_keys_init ( struct ast_cli_entry *  e, int  cmd, struct ast_cli_args *  a  )

static

initialize all RSA keys

Parameters

e	CLI command
cmd
a	list of CLI arguments

Returns

CLI_SUCCESS

Definition at line 597 of file res_crypto.c.

References ast_cli_args::argc, ast_config_AST_KEY_DIR, ast_copy_string(), AST_RWLIST_TRAVERSE_SAFE_BEGIN, AST_RWLIST_TRAVERSE_SAFE_END, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, ast_cli_args::fd, ast_key::fn, KEY_NEEDS_PASSCODE, ast_key::ktype, NULL, tmp(), try_load_key(), and ast_cli_entry::usage.

{
   struct ast_key *key;
   int ign;
   char *kn, tmp[256] = "";

   switch (cmd) {
   case CLI_INIT:
      e->command = "keys init";
      e->usage =
         "Usage: keys init\n"
         "       Initializes private keys (by reading in pass code from\n"
         "       the user)\n";
      return NULL;
   case CLI_GENERATE:
      return NULL;
   }

   if (a->argc != 2) {
      return CLI_SHOWUSAGE;
   }

   AST_RWLIST_WRLOCK(&keys);
   AST_RWLIST_TRAVERSE_SAFE_BEGIN(&keys, key, list) {
      /* Reload keys that need pass codes now */
      if (key->ktype & KEY_NEEDS_PASSCODE) {
         kn = key->fn + strlen(ast_config_AST_KEY_DIR) + 1;
         ast_copy_string(tmp, kn, sizeof(tmp));
         try_load_key(ast_config_AST_KEY_DIR, tmp, a->fd, a->fd, &ign);
      }
   }
   AST_RWLIST_TRAVERSE_SAFE_END
   AST_RWLIST_UNLOCK(&keys);

   return CLI_SUCCESS;
}

handle_cli_keys_show()

static char* handle_cli_keys_show ( struct ast_cli_entry *  e, int  cmd, struct ast_cli_args *  a  )

static

show the list of RSA keys

Parameters

e	CLI command
cmd
a	list of CLI arguments

Returns

CLI_SUCCESS

Definition at line 551 of file res_crypto.c.

References ast_cli(), AST_KEY_PUBLIC, AST_RWLIST_RDLOCK, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, CLI_GENERATE, CLI_INIT, CLI_SUCCESS, ast_cli_entry::command, ast_key::digest, ast_cli_args::fd, FORMAT, KEY_NEEDS_PASSCODE, ast_key::ktype, md52sum(), ast_key::name, NULL, and ast_cli_entry::usage.

{
#define FORMAT "%-18s %-8s %-16s %-33s\n"

   struct ast_key *key;
   char sum[16 * 2 + 1];
   int count_keys = 0;

   switch (cmd) {
   case CLI_INIT:
      e->command = "keys show";
      e->usage =
         "Usage: keys show\n"
         "       Displays information about RSA keys known by Asterisk\n";
      return NULL;
   case CLI_GENERATE:
      return NULL;
   }

   ast_cli(a->fd, FORMAT, "Key Name", "Type", "Status", "Sum");
   ast_cli(a->fd, FORMAT, "------------------", "--------", "----------------", "--------------------------------");

   AST_RWLIST_RDLOCK(&keys);
   AST_RWLIST_TRAVERSE(&keys, key, list) {
      md52sum(sum, key->digest);
      ast_cli(a->fd, FORMAT, key->name,
         (key->ktype & 0xf) == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE",
         key->ktype & KEY_NEEDS_PASSCODE ? "[Needs Passcode]" : "[Loaded]", sum);
      count_keys++;
   }
   AST_RWLIST_UNLOCK(&keys);

   ast_cli(a->fd, "\n%d known RSA keys.\n", count_keys);

   return CLI_SUCCESS;

#undef FORMAT
}

load_module()

static int load_module ( void  )

static

Definition at line 652 of file res_crypto.c.

References AST_MODULE_LOAD_SUCCESS, ast_opt_init_keys, crypto_init(), and crypto_load().

Referenced by unload_module().

{
   crypto_init();
   if (ast_opt_init_keys) {
      crypto_load(STDIN_FILENO, STDOUT_FILENO);
   } else {
      crypto_load(-1, -1);
   }

   return AST_MODULE_LOAD_SUCCESS;
}

md52sum()

static void md52sum ( char *  sum, unsigned char *  md5  )

static

Definition at line 536 of file res_crypto.c.

Referenced by handle_cli_keys_show().

{
   int x;
   for (x = 0; x < 16; x++) {
      sum += sprintf(sum, "%02hhx", *(md5++));
   }
}

pw_cb()

static int pw_cb ( char *  buf, int  size, int  rwflag, void *  userdata  )

static

setting of priv key

Parameters

buf
size
rwflag
userdata

Returns

length of string,-1 on failure

Definition at line 104 of file res_crypto.c.

References ast_hide_password(), AST_KEY_PRIVATE, ast_log, ast_restore_tty(), errno, ast_key::infd, ast_key::ktype, LOG_WARNING, ast_key::name, ast_key::outfd, prompt, and tmp().

Referenced by try_load_key().

{
   struct ast_key *key = (struct ast_key *)userdata;
   char prompt[256];
   int tmp;
   int res;

   if (key->infd < 0) {
      /* Note that we were at least called */
      key->infd = -2;
      return -1;
   }

   snprintf(prompt, sizeof(prompt), ">>>> passcode for %s key '%s': ",
       key->ktype == AST_KEY_PRIVATE ? "PRIVATE" : "PUBLIC", key->name);
   if (write(key->outfd, prompt, strlen(prompt)) < 0) {
      ast_log(LOG_WARNING, "write() failed: %s\n", strerror(errno));
      key->infd = -2;
      return -1;
   }
   tmp = ast_hide_password(key->infd);
   memset(buf, 0, size);
   res = read(key->infd, buf, size);
   if (res == -1) {
      ast_log(LOG_WARNING, "read() failed: %s\n", strerror(errno));
   }
   ast_restore_tty(key->infd, tmp);
   if (buf[strlen(buf) -1] == '\n') {
      buf[strlen(buf) - 1] = '\0';
   }
   return strlen(buf);
}

reload()

static int reload ( void  )

static

Definition at line 646 of file res_crypto.c.

References crypto_load().

Referenced by unload_module().

{
   crypto_load(-1, -1);
   return 0;
}

try_load_key()

static struct ast_key* try_load_key ( const char *  dir, const char *  fname, int  ifd, int  ofd, int *  not2  )

static

load RSA key from file

Parameters

dir	directory string
fname	name of file
ifd	incoming file descriptor
ofd	outgoing file descriptor
not2

Return values

key	on success.
NULL	on failure.

Definition at line 167 of file res_crypto.c.

References ast_calloc, ast_copy_string(), ast_debug, AST_KEY_PRIVATE, AST_KEY_PUBLIC, ast_log, ast_opt_init_keys, AST_RWLIST_INSERT_TAIL, AST_RWLIST_TRAVERSE, ast_verb, buf, c, ast_key::delme, ast_key::digest, errno, ast_key::fn, ast_key::infd, KEY_NEEDS_PASSCODE, ast_key::ktype, LOG_NOTICE, LOG_WARNING, MD5Final(), MD5Init(), MD5Update(), ast_key::name, NULL, ast_key::outfd, pw_cb(), and ast_key::rsa.

Referenced by crypto_load(), and handle_cli_keys_init().

{
   int ktype = 0, found = 0;
   char *c = NULL, ffname[256];
   unsigned char digest[16];
   FILE *f;
   struct MD5Context md5;
   struct ast_key *key;
   static int notice = 0;

   /* Make sure its name is a public or private key */
   if ((c = strstr(fname, ".pub")) && !strcmp(c, ".pub")) {
      ktype = AST_KEY_PUBLIC;
   } else if ((c = strstr(fname, ".key")) && !strcmp(c, ".key")) {
      ktype = AST_KEY_PRIVATE;
   } else {
      return NULL;
   }

   /* Get actual filename */
   snprintf(ffname, sizeof(ffname), "%s/%s", dir, fname);

   /* Open file */
   if (!(f = fopen(ffname, "r"))) {
      ast_log(LOG_WARNING, "Unable to open key file %s: %s\n", ffname, strerror(errno));
      return NULL;
   }

   MD5Init(&md5);
   while (!feof(f)) {
      /* Calculate a "whatever" quality md5sum of the key */
      char buf[256] = "";
      if (!fgets(buf, sizeof(buf), f)) {
         continue;
      }
      if (!feof(f)) {
         MD5Update(&md5, (unsigned char *) buf, strlen(buf));
      }
   }
   MD5Final(digest, &md5);

   /* Look for an existing key */
   AST_RWLIST_TRAVERSE(&keys, key, list) {
      if (!strcasecmp(key->fn, ffname)) {
         break;
      }
   }

   if (key) {
      /* If the MD5 sum is the same, and it isn't awaiting a passcode
         then this is far enough */
      if (!memcmp(digest, key->digest, 16) &&
          !(key->ktype & KEY_NEEDS_PASSCODE)) {
         fclose(f);
         key->delme = 0;
         return NULL;
      } else {
         /* Preserve keytype */
         ktype = key->ktype;
         /* Recycle the same structure */
         found++;
      }
   }

   /* Make fname just be the normal name now */
   *c = '\0';
   if (!key) {
      if (!(key = ast_calloc(1, sizeof(*key)))) {
         fclose(f);
         return NULL;
      }
   }
   /* First the filename */
   ast_copy_string(key->fn, ffname, sizeof(key->fn));
   /* Then the name */
   ast_copy_string(key->name, fname, sizeof(key->name));
   key->ktype = ktype;
   /* Yes, assume we're going to be deleted */
   key->delme = 1;
   /* Keep the key type */
   memcpy(key->digest, digest, 16);
   /* Can I/O takes the FD we're given */
   key->infd = ifd;
   key->outfd = ofd;
   /* Reset the file back to the beginning */
   rewind(f);
   /* Now load the key with the right method */
   if (ktype == AST_KEY_PUBLIC) {
      key->rsa = PEM_read_RSA_PUBKEY(f, NULL, pw_cb, key);
   } else {
      key->rsa = PEM_read_RSAPrivateKey(f, NULL, pw_cb, key);
   }
   fclose(f);
   if (key->rsa) {
      if (RSA_size(key->rsa) == 128) {
         /* Key loaded okay */
         key->ktype &= ~KEY_NEEDS_PASSCODE;
         ast_verb(3, "Loaded %s key '%s'\n", key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name);
         ast_debug(1, "Key '%s' loaded OK\n", key->name);
         key->delme = 0;
      } else {
         ast_log(LOG_NOTICE, "Key '%s' is not expected size.\n", key->name);
      }
   } else if (key->infd != -2) {
      ast_log(LOG_WARNING, "Key load %s '%s' failed\n",key->ktype == AST_KEY_PUBLIC ? "PUBLIC" : "PRIVATE", key->name);
      if (ofd > -1) {
         ERR_print_errors_fp(stderr);
      } else {
         ERR_print_errors_fp(stderr);
      }
   } else {
      ast_log(LOG_NOTICE, "Key '%s' needs passcode.\n", key->name);
      key->ktype |= KEY_NEEDS_PASSCODE;
      if (!notice) {
         if (!ast_opt_init_keys) {
            ast_log(LOG_NOTICE, "Add the '-i' flag to the asterisk command line if you want to automatically initialize passcodes at launch.\n");
         }
         notice++;
      }
      /* Keep it anyway */
      key->delme = 0;
      /* Print final notice about "keys init" when done */
      *not2 = 1;
   }

   /* If this is a new key add it to the list */
   if (!found) {
      AST_RWLIST_INSERT_TAIL(&keys, key, list);
   }

   return key;
}

unload_module()

static int unload_module ( void  )

static

Definition at line 664 of file res_crypto.c.

References ARRAY_LEN, ast_cli_unregister_multiple(), AST_MODFLAG_GLOBAL_SYMBOLS, AST_MODFLAG_LOAD_ORDER, AST_MODPRI_CHANNEL_DEPEND, AST_MODULE_INFO(), AST_MODULE_SUPPORT_CORE, ASTERISK_GPL_KEY, load_module(), and reload().

{
   ast_cli_unregister_multiple(cli_crypto, ARRAY_LEN(cli_crypto));

   return 0;
}

Variable Documentation

__mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Cryptographic Digital Signatures" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "30ef0c93b36035ec78c9cfd712d36d9b" , }

static

Definition at line 677 of file res_crypto.c.

cli_crypto

struct ast_cli_entry cli_crypto[]

static

Initial value:

= {
   { .handler =  handle_cli_keys_show , .summary =  "Displays RSA key information" ,},
   { .handler =  handle_cli_keys_init , .summary =  "Initialize RSA key passcodes" ,}
}

Definition at line 634 of file res_crypto.c.

keys

struct keys keys = { .first = NULL, .last = NULL, .lock = { PTHREAD_RWLOCK_INITIALIZER , NULL, {1, 0} } , }

static

Referenced by misdn_set_opt_exec(), and store_odbc().