diff options
| -rwxr-xr-x | include/asterisk/crypto.h | 21 | ||||
| -rwxr-xr-x | res/res_crypto.c | 43 |
2 files changed, 51 insertions, 13 deletions
diff --git a/include/asterisk/crypto.h b/include/asterisk/crypto.h index 4aac31b1d..d222e46b8 100755 --- a/include/asterisk/crypto.h +++ b/include/asterisk/crypto.h @@ -53,6 +53,17 @@ extern int ast_key_init(int fd); */ extern int ast_check_signature(struct ast_key *key, char *msg, char *sig); +//! Check the authenticity of a message signature using a given public key +/*! + * \param key a public key to use to verify + * \param msg the message that has been signed + * \param sig the proposed valid signature in raw binary representation + * + * Returns 0 if the signature is valid, or -1 otherwise + * + */ +extern int ast_check_signature_bin(struct ast_key *key, char *msg, unsigned char *sig); + /*! * \param key a private key to use to create the signature * \param msg the message to sign @@ -63,6 +74,16 @@ extern int ast_check_signature(struct ast_key *key, char *msg, char *sig); * */ extern int ast_sign(struct ast_key *key, char *msg, char *sig); +/*! + * \param key a private key to use to create the signature + * \param msg the message to sign + * \param sig a pointer to a buffer of at least 128 bytes in which the + * raw encoded signature will be stored + * + * Returns 0 on success or -1 on failure. + * + */ +extern int ast_sign_bin(struct ast_key *key, char *msg, unsigned char *sig); #if defined(__cplusplus) || defined(c_plusplus) } diff --git a/res/res_crypto.c b/res/res_crypto.c index 706171590..87339f292 100755 --- a/res/res_crypto.c +++ b/res/res_crypto.c @@ -296,10 +296,9 @@ static char *binary(int y, int len) #endif -int ast_sign(struct ast_key *key, char *msg, char *sig) +int ast_sign_bin(struct ast_key *key, char *msg, unsigned char *dsig) { unsigned char digest[20]; - unsigned char dsig[128]; int siglen = sizeof(dsig); int res; @@ -324,16 +323,26 @@ int ast_sign(struct ast_key *key, char *msg, char *sig) return -1; } - /* Success -- encode (256 bytes max as documented) */ - ast_base64encode(sig, dsig, siglen, 256); return 0; } -int ast_check_signature(struct ast_key *key, char *msg, char *sig) +int ast_sign(struct ast_key *key, char *msg, char *sig) { - unsigned char digest[20]; unsigned char dsig[128]; + int siglen = sizeof(dsig); + int res; + res = ast_sign_bin(key, msg, dsig); + if (!res) + /* Success -- encode (256 bytes max as documented) */ + ast_base64encode(sig, dsig, siglen, 256); + return res; + +} + +int ast_check_signature_bin(struct ast_key *key, char *msg, unsigned char *dsig) +{ + unsigned char digest[20]; int res; if (key->ktype != AST_KEY_PUBLIC) { @@ -343,13 +352,6 @@ int ast_check_signature(struct ast_key *key, char *msg, char *sig) return -1; } - /* Decode signature */ - res = ast_base64decode(dsig, sig, sizeof(dsig)); - if (res != sizeof(dsig)) { - ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res); - return -1; - } - /* Calculate digest of message */ SHA1((unsigned char *)msg, strlen(msg), digest); @@ -364,6 +366,21 @@ int ast_check_signature(struct ast_key *key, char *msg, char *sig) return 0; } +int ast_check_signature(struct ast_key *key, char *msg, char *sig) +{ + unsigned char dsig[128]; + int res; + + /* Decode signature */ + res = ast_base64decode(dsig, sig, sizeof(dsig)); + if (res != sizeof(dsig)) { + ast_log(LOG_WARNING, "Signature improper length (expect %d, got %d)\n", (int)sizeof(dsig), (int)res); + return -1; + } + res = ast_check_signature_bin(key, msg, dsig); + return res; +} + static void crypto_load(int ifd, int ofd) { struct ast_key *key, *nkey, *last; |