diff options
author | Terry Wilson <twilson@digium.com> | 2010-07-21 19:11:32 +0000 |
---|---|---|
committer | Terry Wilson <twilson@digium.com> | 2010-07-21 19:11:32 +0000 |
commit | d6e1c724e59a0b01b7ed23ba3cbfc1accdc11035 (patch) | |
tree | 702c8203da791c3e168d1a0ef5d07dbafea3dd54 /include/asterisk | |
parent | 318798e93236e24cd5820ee23a15561ba9b54b9e (diff) |
Remove built-in AES code and use optional_api instead
Review: https://reviewboard.asterisk.org/r/793/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@278538 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'include/asterisk')
-rw-r--r-- | include/asterisk/aes.h | 68 | ||||
-rw-r--r-- | include/asterisk/aes_internal.h | 170 | ||||
-rw-r--r-- | include/asterisk/crypto.h | 54 |
3 files changed, 54 insertions, 238 deletions
diff --git a/include/asterisk/aes.h b/include/asterisk/aes.h deleted file mode 100644 index 2476aaa55..000000000 --- a/include/asterisk/aes.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Asterisk -- An open source telephony toolkit. - * - * Copyright (C) 20075, Digium, Inc. - * - * Kevin P. Fleming <kpfleming@digium.com> - * - * See http://www.asterisk.org for more information about - * the Asterisk project. Please do not directly contact - * any of the maintainers of this project for assistance; - * the project provides a web site, mailing lists and IRC - * channels for your use. - * - * This program is free software, distributed under the terms of - * the GNU General Public License Version 2. See the LICENSE file - * at the top of the source tree. - */ - -/*! \file - * Wrappers for AES encryption/decryption - * - * \author Kevin P. Fleming <kpfleming@digium.com> - * - * These wrappers provided a generic interface to either the - * AES methods provided by OpenSSL's crypto library, or the - * AES implementation included with Asterisk. - */ - -#ifndef _ASTERISK_AES_H -#define _ASTERISK_AES_H - -#ifdef HAVE_CRYPTO - -/* Use the OpenSSL crypto library */ -#include "openssl/aes.h" - -typedef AES_KEY ast_aes_encrypt_key; -typedef AES_KEY ast_aes_decrypt_key; - -#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 128, context) - -#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 128, context) - -#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context) - -#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context) - -#else /* !HAVE_CRYPTO */ - -/* Use the included AES implementation */ - -#define AES_128 -#include "aes_internal.h" - -typedef aes_encrypt_ctx ast_aes_encrypt_key; -typedef aes_decrypt_ctx ast_aes_decrypt_key; - -#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context) - -#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context) - -#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context) - -#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context) - -#endif /* !HAVE_CRYPTO */ - -#endif /* _ASTERISK_AES_H */ diff --git a/include/asterisk/aes_internal.h b/include/asterisk/aes_internal.h deleted file mode 100644 index 18c27a6d4..000000000 --- a/include/asterisk/aes_internal.h +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Asterisk -- An open source telephony toolkit. - * - * See http://www.asterisk.org for more information about - * the Asterisk project. Please do not directly contact - * any of the maintainers of this project for assistance; - * the project provides a web site, mailing lists and IRC - * channels for your use. - */ - -/* - --------------------------------------------------------------------------- - Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - ALTERNATIVELY, provided that this notice is retained in full, this product - may be distributed under the terms of the GNU General Public License (GPL), - in which case the provisions of the GPL apply INSTEAD OF those given above. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 26/08/2003 -*/ -/*!\file - - \brief This file contains the definitions required to use AES in C. See aesopt.h - for optimisation details. -*/ - -#ifndef _AES_INTERNAL_H -#define _AES_INTERNAL_H - -/* This include is used to find 8 & 32 bit unsigned integer types */ -#include "limits.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#define AES_128 /* define if AES with 128 bit keys is needed */ -#undef AES_192 /* define if AES with 192 bit keys is needed */ -#undef AES_256 /* define if AES with 256 bit keys is needed */ -#undef AES_VAR /* define if a variable key size is needed */ - -/* The following must also be set in assembler files if being used */ - -#define AES_ENCRYPT /* if support for encryption is needed */ -#define AES_DECRYPT /* if support for decryption is needed */ -#define AES_ERR_CHK /* for parameter checks & error return codes */ - -#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */ - typedef unsigned char aes_08t; -#else -#error Please define aes_08t as an 8-bit unsigned integer type in aes.h -#endif - -#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */ - typedef unsigned int aes_32t; -#elif ULONG_MAX == 0xffffffff - typedef unsigned long aes_32t; -#else -#error Please define aes_32t as a 32-bit unsigned integer type in aes.h -#endif - -#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */ -#define N_COLS 4 /* the number of columns in the state */ - -/* a maximum of 60 32-bit words are needed for the key schedule but */ -/* 64 are claimed to allow space at the top for a CBC xor buffer. */ -/* If this is not needed, this value can be reduced to 60. A value */ -/* of 64 may also help in maintaining alignment in some situations */ -#define KS_LENGTH 64 - -#ifdef AES_ERR_CHK -#define aes_ret int -#define aes_good 0 -#define aes_error -1 -#else -#define aes_ret void -#endif - -#ifndef AES_DLL /* implement normal/DLL functions */ -#define aes_rval aes_ret -#else -#define aes_rval aes_ret __declspec(dllexport) _stdcall -#endif - -/* This routine must be called before first use if non-static */ -/* tables are being used */ - -void gen_tabs(void); - -/* The key length (klen) is input in bytes when it is in the range */ -/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */ - -#ifdef AES_ENCRYPT - -typedef struct -{ aes_32t ks[KS_LENGTH]; -} aes_encrypt_ctx; - -#if defined(AES_128) || defined(AES_VAR) -aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_192) || defined(AES_VAR) -aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_256) || defined(AES_VAR) -aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_VAR) -aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]); -#endif - -aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]); -#endif - -#ifdef AES_DECRYPT - -typedef struct -{ aes_32t ks[KS_LENGTH]; -} aes_decrypt_ctx; - -#if defined(AES_128) || defined(AES_VAR) -aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_192) || defined(AES_VAR) -aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_256) || defined(AES_VAR) -aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_VAR) -aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]); -#endif - -aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]); -#endif - -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/include/asterisk/crypto.h b/include/asterisk/crypto.h index c84728618..1f87811f4 100644 --- a/include/asterisk/crypto.h +++ b/include/asterisk/crypto.h @@ -28,6 +28,16 @@ extern "C" { #endif #include "asterisk/optional_api.h" +#include "asterisk/logger.h" + +#ifdef HAVE_CRYPTO +#include "openssl/aes.h" +typedef AES_KEY ast_aes_encrypt_key; +typedef AES_KEY ast_aes_decrypt_key; +#else /* !HAVE_CRYPTO */ +typedef char ast_aes_encrypt_key; +typedef char ast_aes_decrypt_key; +#endif /* HAVE_CRYPTO */ #define AST_KEY_PUBLIC (1 << 0) #define AST_KEY_PRIVATE (1 << 1) @@ -122,6 +132,50 @@ AST_OPTIONAL_API(int, ast_encrypt_bin, (unsigned char *dst, const unsigned char */ AST_OPTIONAL_API(int, ast_decrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; }); +/*! + * \brief Set an encryption key + * \param key a 16 char key + * \param ctx address of an aes encryption context + * + * \retval 0 success + * \retval nonzero failure + */ +AST_OPTIONAL_API(int, ast_aes_set_encrypt_key, + (const unsigned char *key, ast_aes_encrypt_key *ctx), + { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; }); + +/*! + * \brief Set a decryption key + * \param key a 16 char key + * \param ctx address of an aes encryption context + * + * \retval 0 success + * \retval nonzero failure + */ +AST_OPTIONAL_API(int, ast_aes_set_decrypt_key, + (const unsigned char *key, ast_aes_decrypt_key *ctx), + { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; }); + +/*! + * \brief AES encrypt data + * \param in data to be encrypted + * \param out pointer to a buffer to hold the encrypted output + * \param ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key + */ +AST_OPTIONAL_API(void, ast_aes_encrypt, + (const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx), + { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; }); + +/*! + * \brief AES decrypt data + * \param in encrypted data + * \param out pointer to a buffer to hold the decrypted output + * \param ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key + */ +AST_OPTIONAL_API(void, ast_aes_decrypt, + (const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx), + { ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; }); + AST_OPTIONAL_API(int, ast_crypto_loaded, (void), { return 0; }); #if defined(__cplusplus) || defined(c_plusplus) |