[asterisk-commits] twilson: trunk r278538 - in /trunk: channels/ funcs/ include/asterisk/ main/ ...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jul 21 14:11:36 CDT 2010 

Author: twilson
Date: Wed Jul 21 14:11:32 2010
New Revision: 278538

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=278538
Log:
Remove built-in AES code and use optional_api instead

Review: https://reviewboard.asterisk.org/r/793/

Removed:
    trunk/include/asterisk/aes.h
    trunk/include/asterisk/aes_internal.h
    trunk/main/aescrypt.c
    trunk/main/aeskey.c
    trunk/main/aesopt.h
    trunk/main/aestab.c
Modified:
    trunk/channels/chan_iax2.c
    trunk/channels/iax2-parser.h
    trunk/funcs/func_aes.c
    trunk/include/asterisk/crypto.h
    trunk/pbx/dundi-parser.h
    trunk/pbx/pbx_dundi.c
    trunk/res/res_crypto.c
    trunk/res/res_crypto.exports.in

Modified: trunk/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/chan_iax2.c?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/channels/chan_iax2.c (original)
+++ trunk/channels/chan_iax2.c Wed Jul 21 14:11:32 2010
@@ -80,7 +80,6 @@
 #include "asterisk/utils.h"
 #include "asterisk/causes.h"
 #include "asterisk/localtime.h"
-#include "asterisk/aes.h"
 #include "asterisk/dnsmgr.h"
 #include "asterisk/devicestate.h"
 #include "asterisk/netsock.h"
@@ -6035,7 +6034,7 @@
 static void build_encryption_keys(const unsigned char *digest, struct chan_iax2_pvt *pvt)
 {
 	build_ecx_key(digest, pvt);
-	ast_aes_decrypt_key(digest, &pvt->dcx);
+	ast_aes_set_decrypt_key(digest, &pvt->dcx);
 }
 
 static void build_ecx_key(const unsigned char *digest, struct chan_iax2_pvt *pvt)
@@ -6044,8 +6043,8 @@
 	 * in the pvt struct because queued frames occasionally need to be decrypted and
 	 * re-encrypted when updated for a retransmission */
 	build_rand_pad(pvt->semirand, sizeof(pvt->semirand));
-	ast_aes_encrypt_key(digest, &pvt->ecx);
-	ast_aes_decrypt_key(digest, &pvt->mydcx);
+	ast_aes_set_encrypt_key(digest, &pvt->ecx);
+	ast_aes_set_decrypt_key(digest, &pvt->mydcx);
 }
 
 static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
@@ -11214,7 +11213,7 @@
 
 				IAX_DEBUGDIGEST("Receiving", ies.challenge);
 
-				ast_aes_decrypt_key((unsigned char *) ies.challenge, &iaxs[fr->callno]->dcx);
+				ast_aes_set_decrypt_key((unsigned char *) ies.challenge, &iaxs[fr->callno]->dcx);
 				break;
 			case IAX_COMMAND_DPREP:
 				complete_dpreply(iaxs[fr->callno], &ies);

Modified: trunk/channels/iax2-parser.h
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/iax2-parser.h?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/channels/iax2-parser.h (original)
+++ trunk/channels/iax2-parser.h Wed Jul 21 14:11:32 2010
@@ -19,7 +19,7 @@
 #define _IAX2_PARSER_H
 
 #include "asterisk/linkedlists.h"
-#include "asterisk/aes.h"
+#include "asterisk/crypto.h"
 #include "asterisk/frame_defs.h"
 
 struct iax_ies {

Modified: trunk/funcs/func_aes.c
URL: http://svnview.digium.com/svn/asterisk/trunk/funcs/func_aes.c?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/funcs/func_aes.c (original)
+++ trunk/funcs/func_aes.c Wed Jul 21 14:11:32 2010
@@ -22,6 +22,9 @@
  * \ingroup functions
  */
 
+/*** MODULEINFO
+	<use>crypto</use>
+ ***/
 
 #include "asterisk.h"
 
@@ -30,7 +33,7 @@
 #include "asterisk/module.h"
 #include "asterisk/pbx.h"
 #include "asterisk/app.h"
-#include "asterisk/aes.h"
+#include "asterisk/crypto.h"
 
 #define AES_BLOCK_SIZE 16
 
@@ -97,8 +100,8 @@
 		return -1;
 	}
 
-	ast_aes_encrypt_key((unsigned char *) args.key, &ecx);   /* encryption:  plaintext -> encryptedtext -> base64 */
-	ast_aes_decrypt_key((unsigned char *) args.key, &dcx);   /* decryption:  base64 -> encryptedtext -> plaintext */
+	ast_aes_set_encrypt_key((unsigned char *) args.key, &ecx);   /* encryption:  plaintext -> encryptedtext -> base64 */
+	ast_aes_set_decrypt_key((unsigned char *) args.key, &dcx);   /* decryption:  base64 -> encryptedtext -> plaintext */
 	tmp = ast_calloc(1, len);                     /* requires a tmp buffer for the base64 decode */
 	tmpP = tmp;
 	encrypt = strcmp("AES_DECRYPT", cmd);           /* -1 if encrypting, 0 if decrypting */

Modified: trunk/include/asterisk/crypto.h
URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/crypto.h?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/include/asterisk/crypto.h (original)
+++ trunk/include/asterisk/crypto.h Wed Jul 21 14:11:32 2010
@@ -28,6 +28,16 @@
 #endif
 
 #include "asterisk/optional_api.h"
+#include "asterisk/logger.h"
+
+#ifdef HAVE_CRYPTO
+#include "openssl/aes.h"
+typedef AES_KEY ast_aes_encrypt_key;
+typedef AES_KEY ast_aes_decrypt_key;
+#else /* !HAVE_CRYPTO */
+typedef char ast_aes_encrypt_key;
+typedef char ast_aes_decrypt_key;
+#endif /* HAVE_CRYPTO */
 
 #define AST_KEY_PUBLIC	(1 << 0)
 #define AST_KEY_PRIVATE	(1 << 1)
@@ -122,6 +132,50 @@
  */
 AST_OPTIONAL_API(int, ast_decrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
 
+/*!
+ * \brief Set an encryption key
+ * \param key a 16 char key
+ * \param ctx address of an aes encryption context
+ *
+ * \retval 0 success
+ * \retval nonzero failure
+ */
+AST_OPTIONAL_API(int, ast_aes_set_encrypt_key,
+	(const unsigned char *key, ast_aes_encrypt_key *ctx),
+	{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
+
+/*!
+ * \brief Set a decryption key
+ * \param key a 16 char key
+ * \param ctx address of an aes encryption context
+ *
+ * \retval 0 success
+ * \retval nonzero failure
+ */
+AST_OPTIONAL_API(int, ast_aes_set_decrypt_key,
+	(const unsigned char *key, ast_aes_decrypt_key *ctx),
+	{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
+
+/*!
+ * \brief AES encrypt data
+ * \param in data to be encrypted
+ * \param out pointer to a buffer to hold the encrypted output
+ * \param ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key
+ */
+AST_OPTIONAL_API(void, ast_aes_encrypt,
+	(const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx),
+	{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; });
+
+/*!
+ * \brief AES decrypt data
+ * \param in encrypted data
+ * \param out pointer to a buffer to hold the decrypted output
+ * \param ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key
+ */
+AST_OPTIONAL_API(void, ast_aes_decrypt,
+	(const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx),
+	{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; });
+
 AST_OPTIONAL_API(int, ast_crypto_loaded, (void), { return 0; });
 
 #if defined(__cplusplus) || defined(c_plusplus)

Modified: trunk/pbx/dundi-parser.h
URL: http://svnview.digium.com/svn/asterisk/trunk/pbx/dundi-parser.h?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/pbx/dundi-parser.h (original)
+++ trunk/pbx/dundi-parser.h Wed Jul 21 14:11:32 2010
@@ -13,7 +13,7 @@
 #define _DUNDI_PARSER_H
 
 #include "asterisk/dundi.h"
-#include "asterisk/aes.h"
+#include "asterisk/crypto.h"
 
 #define DUNDI_MAX_STACK 512
 #define DUNDI_MAX_ANSWERS	100

Modified: trunk/pbx/pbx_dundi.c
URL: http://svnview.digium.com/svn/asterisk/trunk/pbx/pbx_dundi.c?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/pbx/pbx_dundi.c (original)
+++ trunk/pbx/pbx_dundi.c Wed Jul 21 14:11:32 2010
@@ -61,7 +61,6 @@
 #include "asterisk/crypto.h"
 #include "asterisk/astdb.h"
 #include "asterisk/acl.h"
-#include "asterisk/aes.h"
 #include "asterisk/app.h"
 
 #include "dundi-parser.h"
@@ -1313,8 +1312,8 @@
 	int res;
 	if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
 		build_iv(key);
-		ast_aes_encrypt_key(key, &peer->us_ecx);
-		ast_aes_decrypt_key(key, &peer->us_dcx);
+		ast_aes_set_encrypt_key(key, &peer->us_ecx);
+		ast_aes_set_decrypt_key(key, &peer->us_dcx);
 		ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
 		if (!ekey) {
 			ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
@@ -1516,8 +1515,8 @@
 	memcpy(peer->rxenckey, newkey, 128);
 	memcpy(peer->rxenckey + 128, newsig, 128);
 	peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
-	ast_aes_decrypt_key(dst, &peer->them_dcx);
-	ast_aes_encrypt_key(dst, &peer->them_ecx);
+	ast_aes_set_decrypt_key(dst, &peer->them_dcx);
+	ast_aes_set_encrypt_key(dst, &peer->them_ecx);
 	return 1;
 }
 

Modified: trunk/res/res_crypto.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_crypto.c?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/res/res_crypto.c (original)
+++ trunk/res/res_crypto.c Wed Jul 21 14:11:32 2010
@@ -37,6 +37,7 @@
 #include "asterisk/paths.h"	/* use ast_config_AST_KEY_DIR */
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/aes.h>
 #include <dirent.h>
 
 #include "asterisk/module.h"
@@ -453,6 +454,26 @@
 	return 1;
 }
 
+int AST_OPTIONAL_API_NAME(ast_aes_set_encrypt_key)(const unsigned char *key, ast_aes_encrypt_key *ctx)
+{
+	return AES_set_encrypt_key(key, 128, ctx);
+}
+
+int AST_OPTIONAL_API_NAME(ast_aes_set_decrypt_key)(const unsigned char *key, ast_aes_decrypt_key *ctx)
+{
+	return AES_set_decrypt_key(key, 128, ctx);
+}
+
+void AST_OPTIONAL_API_NAME(ast_aes_encrypt)(const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
+{
+	return AES_encrypt(in, out, ctx);
+}
+
+void AST_OPTIONAL_API_NAME(ast_aes_decrypt)(const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
+{
+	return AES_decrypt(in, out, ctx);
+}
+
 /*!
  * \brief refresh RSA keys from file
  * \param ifd file descriptor

Modified: trunk/res/res_crypto.exports.in
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_crypto.exports.in?view=diff&rev=278538&r1=278537&r2=278538
==============================================================================
--- trunk/res/res_crypto.exports.in (original)
+++ trunk/res/res_crypto.exports.in Wed Jul 21 14:11:32 2010
@@ -8,6 +8,10 @@
 		LINKER_SYMBOL_PREFIX*ast_key_get;
 		LINKER_SYMBOL_PREFIX*ast_sign;
 		LINKER_SYMBOL_PREFIX*ast_sign_bin;
+		LINKER_SYMBOL_PREFIX*ast_aes_encrypt;
+		LINKER_SYMBOL_PREFIX*ast_aes_decrypt;
+		LINKER_SYMBOL_PREFIX*ast_aes_set_encrypt_key;
+		LINKER_SYMBOL_PREFIX*ast_aes_set_decrypt_key;
 	local:
 		*;
 };

More information about the asterisk-commits mailing list