use the OpenSSL AES implementation if it's available (unless configured not to)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@66071 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
parent
fb966a66a6
commit
13417b262f
|
@ -26,6 +26,7 @@ SPEEX=@PBX_SPEEX@
|
|||
SQLITE=@PBX_SQLITE@
|
||||
SQLITE3=@PBX_SQLITE3@
|
||||
SSL=@PBX_OPENSSL@
|
||||
CRYPTO=@PBX_CRYPTO@
|
||||
TONEZONE=@PBX_TONEZONE@
|
||||
UNIXODBC=@PBX_UNIXODBC@
|
||||
VORBIS=@PBX_VORBIS@
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
|
||||
/*** MODULEINFO
|
||||
<use>zaptel</use>
|
||||
<use>crypto</use>
|
||||
***/
|
||||
|
||||
#include "asterisk.h"
|
||||
|
@ -594,9 +595,9 @@ struct chan_iax2_pvt {
|
|||
/*! permitted encryption methods */
|
||||
int encmethods;
|
||||
/*! Encryption AES-128 Key */
|
||||
aes_encrypt_ctx ecx;
|
||||
ast_aes_encrypt_key ecx;
|
||||
/*! Decryption AES-128 Key */
|
||||
aes_decrypt_ctx dcx;
|
||||
ast_aes_decrypt_key dcx;
|
||||
/*! 32 bytes of semi-random data */
|
||||
unsigned char semirand[32];
|
||||
/*! Associated registry */
|
||||
|
@ -615,8 +616,8 @@ struct chan_iax2_pvt {
|
|||
struct sockaddr_in transfer;
|
||||
/*! What's the new call number for the transfer */
|
||||
unsigned short transfercallno;
|
||||
/*! Transfer decrypt AES-128 Key */
|
||||
aes_encrypt_ctx tdcx;
|
||||
/*! Transfer encrypt AES-128 Key */
|
||||
ast_aes_encrypt_key tdcx;
|
||||
|
||||
/*! Status of knowledge of peer ADSI capability */
|
||||
int peeradsicpe;
|
||||
|
@ -3804,13 +3805,13 @@ static int iax2_trunk_queue(struct chan_iax2_pvt *pvt, struct iax_frame *fr)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void build_enc_keys(const unsigned char *digest, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
|
||||
static void build_enc_keys(const unsigned char *digest, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
|
||||
{
|
||||
aes_encrypt_key128(digest, ecx);
|
||||
aes_decrypt_key128(digest, dcx);
|
||||
ast_aes_encrypt_key(digest, ecx);
|
||||
ast_aes_decrypt_key(digest, dcx);
|
||||
}
|
||||
|
||||
static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, aes_decrypt_ctx *dcx)
|
||||
static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
|
||||
{
|
||||
#if 0
|
||||
/* Debug with "fake encryption" */
|
||||
|
@ -3823,7 +3824,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len
|
|||
unsigned char lastblock[16] = { 0 };
|
||||
int x;
|
||||
while(len > 0) {
|
||||
aes_decrypt(src, dst, dcx);
|
||||
ast_aes_decrypt(src, dst, dcx);
|
||||
for (x=0;x<16;x++)
|
||||
dst[x] ^= lastblock[x];
|
||||
memcpy(lastblock, src, sizeof(lastblock));
|
||||
|
@ -3834,7 +3835,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len
|
|||
#endif
|
||||
}
|
||||
|
||||
static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, aes_encrypt_ctx *ecx)
|
||||
static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_encrypt_key *ecx)
|
||||
{
|
||||
#if 0
|
||||
/* Debug with "fake encryption" */
|
||||
|
@ -3849,7 +3850,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len
|
|||
while(len > 0) {
|
||||
for (x=0;x<16;x++)
|
||||
curblock[x] ^= src[x];
|
||||
aes_encrypt(curblock, dst, ecx);
|
||||
ast_aes_encrypt(curblock, dst, ecx);
|
||||
memcpy(curblock, dst, sizeof(curblock));
|
||||
dst += 16;
|
||||
src += 16;
|
||||
|
@ -3858,7 +3859,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len
|
|||
#endif
|
||||
}
|
||||
|
||||
static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
|
||||
static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
|
||||
{
|
||||
int padding;
|
||||
unsigned char *workspace;
|
||||
|
@ -3903,7 +3904,7 @@ static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, stru
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
|
||||
static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
|
||||
{
|
||||
int padding;
|
||||
unsigned char *workspace;
|
||||
|
@ -5262,7 +5263,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
|
|||
|
||||
}
|
||||
|
||||
static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
|
||||
static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
|
||||
{
|
||||
int res = -1;
|
||||
int x;
|
||||
|
|
|
@ -737,6 +737,10 @@ CURSES_LIB
|
|||
CURSES_INCLUDE
|
||||
CURSES_DIR
|
||||
PBX_CURSES
|
||||
CRYPTO_LIB
|
||||
CRYPTO_INCLUDE
|
||||
CRYPTO_DIR
|
||||
PBX_CRYPTO
|
||||
GNUTLS_LIB
|
||||
GNUTLS_INCLUDE
|
||||
GNUTLS_DIR
|
||||
|
@ -1521,6 +1525,7 @@ Optional Packages:
|
|||
--with-cap=PATH use POSIX 1.e capabilities files in PATH
|
||||
--with-curl=PATH use cURL files in PATH
|
||||
--with-curses=PATH use curses files in PATH
|
||||
--with-crypto=PATH use OpenSSL Cryptography Support files in PATH
|
||||
--with-gnutls=PATH use GNU TLS support (used for iksemel only) files in
|
||||
PATH
|
||||
--with-gsm=PATH use GSM files in PATH , or 'internal'
|
||||
|
@ -7784,6 +7789,34 @@ PBX_CURSES=0
|
|||
|
||||
|
||||
|
||||
CRYPTO_DESCRIP="OpenSSL Cryptography Support"
|
||||
CRYPTO_OPTION="crypto"
|
||||
|
||||
# Check whether --with-crypto was given.
|
||||
if test "${with_crypto+set}" = set; then
|
||||
withval=$with_crypto;
|
||||
case ${withval} in
|
||||
n|no)
|
||||
USE_CRYPTO=no
|
||||
;;
|
||||
y|ye|yes)
|
||||
ac_mandatory_list="${ac_mandatory_list} CRYPTO"
|
||||
;;
|
||||
*)
|
||||
CRYPTO_DIR="${withval}"
|
||||
ac_mandatory_list="${ac_mandatory_list} CRYPTO"
|
||||
;;
|
||||
esac
|
||||
|
||||
fi
|
||||
|
||||
PBX_CRYPTO=0
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
GNUTLS_DESCRIP="GNU TLS support (used for iksemel only)"
|
||||
GNUTLS_OPTION="gnutls"
|
||||
|
||||
|
@ -29239,6 +29272,399 @@ fi
|
|||
|
||||
|
||||
|
||||
if test "x${PBX_CRYPTO}" != "x1" -a "${USE_CRYPTO}" != "no"; then
|
||||
pbxlibdir=""
|
||||
if test "x${CRYPTO_DIR}" != "x"; then
|
||||
if test -d ${CRYPTO_DIR}/lib; then
|
||||
pbxlibdir="-L${CRYPTO_DIR}/lib"
|
||||
else
|
||||
pbxlibdir="-L${CRYPTO_DIR}"
|
||||
fi
|
||||
fi
|
||||
pbxfuncname="AES_encrypt"
|
||||
if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers
|
||||
AST_CRYPTO_FOUND=yes
|
||||
else
|
||||
as_ac_Lib=`echo "ac_cv_lib_crypto_${pbxfuncname}" | $as_tr_sh`
|
||||
{ echo "$as_me:$LINENO: checking for ${pbxfuncname} in -lcrypto" >&5
|
||||
echo $ECHO_N "checking for ${pbxfuncname} in -lcrypto... $ECHO_C" >&6; }
|
||||
if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lcrypto ${pbxlibdir} $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
char ${pbxfuncname} ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return ${pbxfuncname} ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (ac_try="$ac_link"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_link") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest$ac_exeext &&
|
||||
$as_test_x conftest$ac_exeext; then
|
||||
eval "$as_ac_Lib=yes"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
eval "$as_ac_Lib=no"
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
ac_res=`eval echo '${'$as_ac_Lib'}'`
|
||||
{ echo "$as_me:$LINENO: result: $ac_res" >&5
|
||||
echo "${ECHO_T}$ac_res" >&6; }
|
||||
if test `eval echo '${'$as_ac_Lib'}'` = yes; then
|
||||
AST_CRYPTO_FOUND=yes
|
||||
else
|
||||
AST_CRYPTO_FOUND=no
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if test "${AST_CRYPTO_FOUND}" = "yes"; then
|
||||
CRYPTO_LIB="-lcrypto "
|
||||
CRYPTO_HEADER_FOUND="1"
|
||||
if test "x${CRYPTO_DIR}" != "x"; then
|
||||
CRYPTO_LIB="${pbxlibdir} ${CRYPTO_LIB}"
|
||||
CRYPTO_INCLUDE="-I${CRYPTO_DIR}/include"
|
||||
saved_cppflags="${CPPFLAGS}"
|
||||
CPPFLAGS="${CPPFLAGS} -I${CRYPTO_DIR}/include"
|
||||
if test "xopenssl/aes.h" != "x" ; then
|
||||
as_ac_Header=`echo "ac_cv_header_${CRYPTO_DIR}/include/openssl/aes.h" | $as_tr_sh`
|
||||
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
|
||||
{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
|
||||
echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
|
||||
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
fi
|
||||
ac_res=`eval echo '${'$as_ac_Header'}'`
|
||||
{ echo "$as_me:$LINENO: result: $ac_res" >&5
|
||||
echo "${ECHO_T}$ac_res" >&6; }
|
||||
else
|
||||
# Is the header compilable?
|
||||
{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h usability" >&5
|
||||
echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h usability... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
$ac_includes_default
|
||||
#include <${CRYPTO_DIR}/include/openssl/aes.h>
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext
|
||||
if { (ac_try="$ac_compile"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_compile") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest.$ac_objext; then
|
||||
ac_header_compiler=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_header_compiler=no
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
|
||||
echo "${ECHO_T}$ac_header_compiler" >&6; }
|
||||
|
||||
# Is the header present?
|
||||
{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h presence" >&5
|
||||
echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h presence... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
#include <${CRYPTO_DIR}/include/openssl/aes.h>
|
||||
_ACEOF
|
||||
if { (ac_try="$ac_cpp conftest.$ac_ext"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } >/dev/null && {
|
||||
test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
}; then
|
||||
ac_header_preproc=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_header_preproc=no
|
||||
fi
|
||||
|
||||
rm -f conftest.err conftest.$ac_ext
|
||||
{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
|
||||
echo "${ECHO_T}$ac_header_preproc" >&6; }
|
||||
|
||||
# So? What about this header?
|
||||
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
|
||||
yes:no: )
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&2;}
|
||||
ac_header_preproc=yes
|
||||
;;
|
||||
no:yes:* )
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&5
|
||||
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&2;}
|
||||
|
||||
;;
|
||||
esac
|
||||
{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
|
||||
echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
|
||||
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
eval "$as_ac_Header=\$ac_header_preproc"
|
||||
fi
|
||||
ac_res=`eval echo '${'$as_ac_Header'}'`
|
||||
{ echo "$as_me:$LINENO: result: $ac_res" >&5
|
||||
echo "${ECHO_T}$ac_res" >&6; }
|
||||
|
||||
fi
|
||||
if test `eval echo '${'$as_ac_Header'}'` = yes; then
|
||||
CRYPTO_HEADER_FOUND=1
|
||||
else
|
||||
CRYPTO_HEADER_FOUND=0
|
||||
fi
|
||||
|
||||
|
||||
fi
|
||||
CPPFLAGS="${saved_cppflags}"
|
||||
else
|
||||
if test "xopenssl/aes.h" != "x" ; then
|
||||
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
|
||||
{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
|
||||
echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
fi
|
||||
{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
|
||||
echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
|
||||
else
|
||||
# Is the header compilable?
|
||||
{ echo "$as_me:$LINENO: checking openssl/aes.h usability" >&5
|
||||
echo $ECHO_N "checking openssl/aes.h usability... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
$ac_includes_default
|
||||
#include <openssl/aes.h>
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext
|
||||
if { (ac_try="$ac_compile"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_compile") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest.$ac_objext; then
|
||||
ac_header_compiler=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_header_compiler=no
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
|
||||
echo "${ECHO_T}$ac_header_compiler" >&6; }
|
||||
|
||||
# Is the header present?
|
||||
{ echo "$as_me:$LINENO: checking openssl/aes.h presence" >&5
|
||||
echo $ECHO_N "checking openssl/aes.h presence... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
#include <openssl/aes.h>
|
||||
_ACEOF
|
||||
if { (ac_try="$ac_cpp conftest.$ac_ext"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } >/dev/null && {
|
||||
test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
}; then
|
||||
ac_header_preproc=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_header_preproc=no
|
||||
fi
|
||||
|
||||
rm -f conftest.err conftest.$ac_ext
|
||||
{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
|
||||
echo "${ECHO_T}$ac_header_preproc" >&6; }
|
||||
|
||||
# So? What about this header?
|
||||
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
|
||||
yes:no: )
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the compiler's result" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: proceeding with the compiler's result" >&2;}
|
||||
ac_header_preproc=yes
|
||||
;;
|
||||
no:yes:* )
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: present but cannot be compiled" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: present but cannot be compiled" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: see the Autoconf documentation" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: see the Autoconf documentation" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&2;}
|
||||
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&5
|
||||
echo "$as_me: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&2;}
|
||||
|
||||
;;
|
||||
esac
|
||||
{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
|
||||
echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_cv_header_openssl_aes_h=$ac_header_preproc
|
||||
fi
|
||||
{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
|
||||
echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
|
||||
|
||||
fi
|
||||
if test $ac_cv_header_openssl_aes_h = yes; then
|
||||
CRYPTO_HEADER_FOUND=1
|
||||
else
|
||||
CRYPTO_HEADER_FOUND=0
|
||||
fi
|
||||
|
||||
|
||||
fi
|
||||
fi
|
||||
if test "x${CRYPTO_HEADER_FOUND}" = "x0" ; then
|
||||
CRYPTO_LIB=""
|
||||
CRYPTO_INCLUDE=""
|
||||
else
|
||||
if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library
|
||||
CRYPTO_LIB=""
|
||||
fi
|
||||
PBX_CRYPTO=1
|
||||
# XXX don't know how to evaluate the description (third argument) in AC_DEFINE_UNQUOTED
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_CRYPTO 1
|
||||
_ACEOF
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_CRYPTO_VERSION
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if test "${PBX_CRYPTO}" != "0";
|
||||
then
|
||||
|
||||
if test "x${PBX_OPENSSL}" != "x1" -a "${USE_OPENSSL}" != "no"; then
|
||||
pbxlibdir=""
|
||||
if test "x${OPENSSL_DIR}" != "x"; then
|
||||
|
@ -29628,6 +30054,7 @@ _ACEOF
|
|||
fi
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
|
||||
if test "x${PBX_FREETDS}" != "x1" -a "${USE_FREETDS}" != "no"; then
|
||||
|
@ -35694,6 +36121,10 @@ CURSES_LIB!$CURSES_LIB$ac_delim
|
|||
CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim
|
||||
CURSES_DIR!$CURSES_DIR$ac_delim
|
||||
PBX_CURSES!$PBX_CURSES$ac_delim
|
||||
CRYPTO_LIB!$CRYPTO_LIB$ac_delim
|
||||
CRYPTO_INCLUDE!$CRYPTO_INCLUDE$ac_delim
|
||||
CRYPTO_DIR!$CRYPTO_DIR$ac_delim
|
||||
PBX_CRYPTO!$PBX_CRYPTO$ac_delim
|
||||
GNUTLS_LIB!$GNUTLS_LIB$ac_delim
|
||||
GNUTLS_INCLUDE!$GNUTLS_INCLUDE$ac_delim
|
||||
GNUTLS_DIR!$GNUTLS_DIR$ac_delim
|
||||
|
@ -35766,10 +36197,6 @@ PRI_LIB!$PRI_LIB$ac_delim
|
|||
PRI_INCLUDE!$PRI_INCLUDE$ac_delim
|
||||
PRI_DIR!$PRI_DIR$ac_delim
|
||||
PBX_PRI!$PBX_PRI$ac_delim
|
||||
SS7_LIB!$SS7_LIB$ac_delim
|
||||
SS7_INCLUDE!$SS7_INCLUDE$ac_delim
|
||||
SS7_DIR!$SS7_DIR$ac_delim
|
||||
PBX_SS7!$PBX_SS7$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
||||
|
@ -35811,6 +36238,10 @@ _ACEOF
|
|||
ac_delim='%!_!# '
|
||||
for ac_last_try in false false false false false :; do
|
||||
cat >conf$$subs.sed <<_ACEOF
|
||||
SS7_LIB!$SS7_LIB$ac_delim
|
||||
SS7_INCLUDE!$SS7_INCLUDE$ac_delim
|
||||
SS7_DIR!$SS7_DIR$ac_delim
|
||||
PBX_SS7!$PBX_SS7$ac_delim
|
||||
PWLIB_LIB!$PWLIB_LIB$ac_delim
|
||||
PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim
|
||||
PWLIB_DIR!$PWLIB_DIR$ac_delim
|
||||
|
@ -35904,10 +36335,6 @@ PWLIB_LIBDIR!$PWLIB_LIBDIR$ac_delim
|
|||
PWLIB_PLATFORM!$PWLIB_PLATFORM$ac_delim
|
||||
OPENH323DIR!$OPENH323DIR$ac_delim
|
||||
OPENH323_INCDIR!$OPENH323_INCDIR$ac_delim
|
||||
OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
|
||||
OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
|
||||
OPENH323_BUILD!$OPENH323_BUILD$ac_delim
|
||||
QTMOC!$QTMOC$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
||||
|
@ -35949,6 +36376,10 @@ _ACEOF
|
|||
ac_delim='%!_!# '
|
||||
for ac_last_try in false false false false false :; do
|
||||
cat >conf$$subs.sed <<_ACEOF
|
||||
OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
|
||||
OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
|
||||
OPENH323_BUILD!$OPENH323_BUILD$ac_delim
|
||||
QTMOC!$QTMOC$ac_delim
|
||||
EDITLINE_LIB!$EDITLINE_LIB$ac_delim
|
||||
PBX_H323!$PBX_H323$ac_delim
|
||||
PBX_IXJUSER!$PBX_IXJUSER$ac_delim
|
||||
|
@ -35964,7 +36395,7 @@ CURL_CONFIG!$CURL_CONFIG$ac_delim
|
|||
LTLIBOBJS!$LTLIBOBJS$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
|
||||
break
|
||||
elif $ac_last_try; then
|
||||
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
|
||||
|
|
|
@ -186,6 +186,7 @@ AST_EXT_LIB_SETUP([BKTR], [Stack Backtrace support], [execinfo])
|
|||
AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap])
|
||||
AST_EXT_LIB_SETUP([CURL], [cURL], [curl])
|
||||
AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
|
||||
AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography Support], [crypto])
|
||||
AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls])
|
||||
AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal'])
|
||||
AST_EXT_LIB_SETUP([IKSEMEL], [Iksemel Jabber Library], [iksemel])
|
||||
|
@ -846,7 +847,12 @@ AST_EXT_LIB_CHECK([SQLITE], [sqlite], [sqlite_exec], [sqlite.h])
|
|||
|
||||
AST_EXT_LIB_CHECK([SQLITE3], [sqlite3], [sqlite3_open], [sqlite3.h])
|
||||
|
||||
AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
|
||||
AST_EXT_LIB_CHECK([CRYPTO], [crypto], [AES_encrypt], [openssl/aes.h])
|
||||
|
||||
if test "${PBX_CRYPTO}" != "0";
|
||||
then
|
||||
AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
|
||||
fi
|
||||
|
||||
AST_EXT_LIB_CHECK([FREETDS], [tds], [tds_version], [tds.h])
|
||||
if test "${PBX_FREETDS}" != "0";
|
||||
|
|
|
@ -1,170 +1,65 @@
|
|||
/*
|
||||
* Asterisk -- An open source telephony toolkit.
|
||||
*
|
||||
* Copyright (C) 20075, Digium, Inc.
|
||||
*
|
||||
* Kevin P. Fleming <kpfleming@digium.com>
|
||||
*
|
||||
* See http://www.asterisk.org for more information about
|
||||
* the Asterisk project. Please do not directly contact
|
||||
* any of the maintainers of this project for assistance;
|
||||
* the project provides a web site, mailing lists and IRC
|
||||
* channels for your use.
|
||||
*
|
||||
* This program is free software, distributed under the terms of
|
||||
* the GNU General Public License Version 2. See the LICENSE file
|
||||
* at the top of the source tree.
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------------------------------------------
|
||||
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
|
||||
All rights reserved.
|
||||
/*! \file
|
||||
* \brief Wrappers for AES encryption/decryption
|
||||
*
|
||||
* These wrappers provided a generic interface to either the
|
||||
* AES methods provided by OpenSSL's crypto library, or the
|
||||
* AES implementation included with Asterisk.
|
||||
*/
|
||||
|
||||
LICENSE TERMS
|
||||
#ifndef _ASTERISK_AES_H
|
||||
#define _ASTERISK_AES_H
|
||||
|
||||
The free distribution and use of this software in both source and binary
|
||||
form is allowed (with or without changes) provided that:
|
||||
#ifdef HAVE_CRYPTO
|
||||
|
||||
1. distributions of this source code include the above copyright
|
||||
notice, this list of conditions and the following disclaimer;
|
||||
/* Use the OpenSSL crypto library */
|
||||
#include "openssl/aes.h"
|
||||
|
||||
2. distributions in binary form include the above copyright
|
||||
notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other associated materials;
|
||||
typedef AES_KEY ast_aes_encrypt_key;
|
||||
typedef AES_KEY ast_aes_decrypt_key;
|
||||
|
||||
3. the copyright holder's name is not used to endorse products
|
||||
built using this software without specific written permission.
|
||||
#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context)
|
||||
|
||||
ALTERNATIVELY, provided that this notice is retained in full, this product
|
||||
may be distributed under the terms of the GNU General Public License (GPL),
|
||||
in which case the provisions of the GPL apply INSTEAD OF those given above.
|
||||
#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context)
|
||||
|
||||
DISCLAIMER
|
||||
#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
|
||||
|
||||
This software is provided 'as is' with no explicit or implied warranties
|
||||
in respect of its properties, including, but not limited to, correctness
|
||||
and/or fitness for purpose.
|
||||
---------------------------------------------------------------------------
|
||||
Issue Date: 26/08/2003
|
||||
*/
|
||||
/*!\file
|
||||
#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
|
||||
|
||||
\brief This file contains the definitions required to use AES in C. See aesopt.h
|
||||
for optimisation details.
|
||||
*/
|
||||
#else /* !HAVE_CRYPTO */
|
||||
|
||||
#ifndef _AES_H
|
||||
#define _AES_H
|
||||
/* Use the included AES implementation */
|
||||
|
||||
/* This include is used to find 8 & 32 bit unsigned integer types */
|
||||
#include "limits.h"
|
||||
#include "aes_internal.h"
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
typedef aes_encrypt_ctx ast_aes_encrypt_key;
|
||||
typedef aes_decrypt_ctx ast_aes_decrypt_key;
|
||||
|
||||
#define AES_128 /* define if AES with 128 bit keys is needed */
|
||||
#undef AES_192 /* define if AES with 192 bit keys is needed */
|
||||
#undef AES_256 /* define if AES with 256 bit keys is needed */
|
||||
#undef AES_VAR /* define if a variable key size is needed */
|
||||
#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
|
||||
|
||||
/* The following must also be set in assembler files if being used */
|
||||
#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
|
||||
|
||||
#define AES_ENCRYPT /* if support for encryption is needed */
|
||||
#define AES_DECRYPT /* if support for decryption is needed */
|
||||
#define AES_ERR_CHK /* for parameter checks & error return codes */
|
||||
#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
|
||||
|
||||
#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */
|
||||
typedef unsigned char aes_08t;
|
||||
#else
|
||||
#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
|
||||
#endif
|
||||
#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
|
||||
|
||||
#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */
|
||||
typedef unsigned int aes_32t;
|
||||
#elif ULONG_MAX == 0xffffffff
|
||||
typedef unsigned long aes_32t;
|
||||
#else
|
||||
#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
|
||||
#endif
|
||||
#endif /* !HAVE_CRYPTO */
|
||||
|
||||
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
|
||||
#define N_COLS 4 /* the number of columns in the state */
|
||||
|
||||
/* a maximum of 60 32-bit words are needed for the key schedule but */
|
||||
/* 64 are claimed to allow space at the top for a CBC xor buffer. */
|
||||
/* If this is not needed, this value can be reduced to 60. A value */
|
||||
/* of 64 may also help in maintaining alignment in some situations */
|
||||
#define KS_LENGTH 64
|
||||
|
||||
#ifdef AES_ERR_CHK
|
||||
#define aes_ret int
|
||||
#define aes_good 0
|
||||
#define aes_error -1
|
||||
#else
|
||||
#define aes_ret void
|
||||
#endif
|
||||
|
||||
#ifndef AES_DLL /* implement normal/DLL functions */
|
||||
#define aes_rval aes_ret
|
||||
#else
|
||||
#define aes_rval aes_ret __declspec(dllexport) _stdcall
|
||||
#endif
|
||||
|
||||
/* This routine must be called before first use if non-static */
|
||||
/* tables are being used */
|
||||
|
||||
void gen_tabs(void);
|
||||
|
||||
/* The key length (klen) is input in bytes when it is in the range */
|
||||
/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
|
||||
|
||||
#ifdef AES_ENCRYPT
|
||||
|
||||
typedef struct
|
||||
{ aes_32t ks[KS_LENGTH];
|
||||
} aes_encrypt_ctx;
|
||||
|
||||
#if defined(AES_128) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_192) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_256) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#ifdef AES_DECRYPT
|
||||
|
||||
typedef struct
|
||||
{ aes_32t ks[KS_LENGTH];
|
||||
} aes_decrypt_ctx;
|
||||
|
||||
#if defined(AES_128) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_192) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_256) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif /* _ASTERISK_AES_H */
|
||||
|
|
|
@ -0,0 +1,170 @@
|
|||
/*
|
||||
* Asterisk -- An open source telephony toolkit.
|
||||
*
|
||||
* See http://www.asterisk.org for more information about
|
||||
* the Asterisk project. Please do not directly contact
|
||||
* any of the maintainers of this project for assistance;
|
||||
* the project provides a web site, mailing lists and IRC
|
||||
* channels for your use.
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------------------------------------------
|
||||
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
|
||||
All rights reserved.
|
||||
|
||||
LICENSE TERMS
|
||||
|
||||
The free distribution and use of this software in both source and binary
|
||||
form is allowed (with or without changes) provided that:
|
||||
|
||||
1. distributions of this source code include the above copyright
|
||||
notice, this list of conditions and the following disclaimer;
|
||||
|
||||
2. distributions in binary form include the above copyright
|
||||
notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other associated materials;
|
||||
|
||||
3. the copyright holder's name is not used to endorse products
|
||||
built using this software without specific written permission.
|
||||
|
||||
ALTERNATIVELY, provided that this notice is retained in full, this product
|
||||
may be distributed under the terms of the GNU General Public License (GPL),
|
||||
in which case the provisions of the GPL apply INSTEAD OF those given above.
|
||||
|
||||
DISCLAIMER
|
||||
|
||||
This software is provided 'as is' with no explicit or implied warranties
|
||||
in respect of its properties, including, but not limited to, correctness
|
||||
and/or fitness for purpose.
|
||||
---------------------------------------------------------------------------
|
||||
Issue Date: 26/08/2003
|
||||
*/
|
||||
/*!\file
|
||||
|
||||
\brief This file contains the definitions required to use AES in C. See aesopt.h
|
||||
for optimisation details.
|
||||
*/
|
||||
|
||||
#ifndef _AES_INTERNAL_H
|
||||
#define _AES_INTERNAL_H
|
||||
|
||||
/* This include is used to find 8 & 32 bit unsigned integer types */
|
||||
#include "limits.h"
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#define AES_128 /* define if AES with 128 bit keys is needed */
|
||||
#undef AES_192 /* define if AES with 192 bit keys is needed */
|
||||
#undef AES_256 /* define if AES with 256 bit keys is needed */
|
||||
#undef AES_VAR /* define if a variable key size is needed */
|
||||
|
||||
/* The following must also be set in assembler files if being used */
|
||||
|
||||
#define AES_ENCRYPT /* if support for encryption is needed */
|
||||
#define AES_DECRYPT /* if support for decryption is needed */
|
||||
#define AES_ERR_CHK /* for parameter checks & error return codes */
|
||||
|
||||
#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */
|
||||
typedef unsigned char aes_08t;
|
||||
#else
|
||||
#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
|
||||
#endif
|
||||
|
||||
#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */
|
||||
typedef unsigned int aes_32t;
|
||||
#elif ULONG_MAX == 0xffffffff
|
||||
typedef unsigned long aes_32t;
|
||||
#else
|
||||
#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
|
||||
#endif
|
||||
|
||||
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
|
||||
#define N_COLS 4 /* the number of columns in the state */
|
||||
|
||||
/* a maximum of 60 32-bit words are needed for the key schedule but */
|
||||
/* 64 are claimed to allow space at the top for a CBC xor buffer. */
|
||||
/* If this is not needed, this value can be reduced to 60. A value */
|
||||
/* of 64 may also help in maintaining alignment in some situations */
|
||||
#define KS_LENGTH 64
|
||||
|
||||
#ifdef AES_ERR_CHK
|
||||
#define aes_ret int
|
||||
#define aes_good 0
|
||||
#define aes_error -1
|
||||
#else
|
||||
#define aes_ret void
|
||||
#endif
|
||||
|
||||
#ifndef AES_DLL /* implement normal/DLL functions */
|
||||
#define aes_rval aes_ret
|
||||
#else
|
||||
#define aes_rval aes_ret __declspec(dllexport) _stdcall
|
||||
#endif
|
||||
|
||||
/* This routine must be called before first use if non-static */
|
||||
/* tables are being used */
|
||||
|
||||
void gen_tabs(void);
|
||||
|
||||
/* The key length (klen) is input in bytes when it is in the range */
|
||||
/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
|
||||
|
||||
#ifdef AES_ENCRYPT
|
||||
|
||||
typedef struct
|
||||
{ aes_32t ks[KS_LENGTH];
|
||||
} aes_encrypt_ctx;
|
||||
|
||||
#if defined(AES_128) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_192) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_256) || defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_VAR)
|
||||
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#ifdef AES_DECRYPT
|
||||
|
||||
typedef struct
|
||||
{ aes_32t ks[KS_LENGTH];
|
||||
} aes_decrypt_ctx;
|
||||
|
||||
#if defined(AES_128) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_192) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_256) || defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(AES_VAR)
|
||||
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
|
||||
#endif
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -77,6 +77,12 @@
|
|||
/* Define to 1 if your system has a working `chown' function. */
|
||||
#undef HAVE_CHOWN
|
||||
|
||||
/* Define this to indicate the ${CRYPTO_DESCRIP} library */
|
||||
#undef HAVE_CRYPTO
|
||||
|
||||
/* Define to indicate the ${CRYPTO_DESCRIP} library version */
|
||||
#undef HAVE_CRYPTO_VERSION
|
||||
|
||||
/* Define if your system has the curl libraries. */
|
||||
#undef HAVE_CURL
|
||||
|
||||
|
|
|
@ -42,13 +42,15 @@
|
|||
* \author Dr Brian Gladman <brg@gladman.me.uk>
|
||||
*/
|
||||
|
||||
#include "aesopt.h"
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_CRYPTO
|
||||
|
||||
#include "aesopt.h"
|
||||
|
||||
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
|
||||
#define so(y,x,c) word_out(y, c, s(x,c))
|
||||
|
||||
|
@ -312,6 +314,8 @@ aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx
|
|||
|
||||
#endif
|
||||
|
||||
#endif /* !HAVE_CRYPTO */
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -41,13 +41,15 @@
|
|||
* \author Dr Brian Gladman <brg@gladman.me.uk>
|
||||
*/
|
||||
|
||||
#include "aesopt.h"
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_CRYPTO
|
||||
|
||||
#include "aesopt.h"
|
||||
|
||||
/* Initialise the key schedule from the user supplied key. The key
|
||||
length can be specified in bytes, with legal values of 16, 24
|
||||
and 32, or in bits, with legal values of 128, 192 and 256. These
|
||||
|
@ -464,6 +466,8 @@ aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
|
|||
|
||||
#endif
|
||||
|
||||
#endif /* !HAVE_CRYPTO */
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -37,6 +37,8 @@ extern "C"
|
|||
{
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_CRYPTO
|
||||
|
||||
#define DO_TABLES
|
||||
|
||||
#include "aesopt.h"
|
||||
|
@ -226,6 +228,8 @@ void gen_tabs(void)
|
|||
|
||||
#endif
|
||||
|
||||
#endif /* !HAVE_CRYPTO */
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -151,6 +151,9 @@ SQLITE3_LIB=@SQLITE3_LIB@
|
|||
SSL_INCLUDE=@OPENSSL_INCLUDE@
|
||||
SSL_LIB=@OPENSSL_LIB@
|
||||
|
||||
CRYPTO_INCLUDE=@CRYPTO_INCLUDE@
|
||||
CRYPTO_LIB=@CRYPTO_LIB@
|
||||
|
||||
TONEZONE_INCLUDE=@TONEZONE_INCLUDE@
|
||||
TONEZONE_LIB=@TONEZONE_LIB@
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
|
||||
/*** MODULEINFO
|
||||
<depend>zlib</depend>
|
||||
<use>crypto</use>
|
||||
***/
|
||||
|
||||
#include "asterisk.h"
|
||||
|
@ -173,8 +174,8 @@ struct dundi_transaction {
|
|||
int eidcount; /*!< Number of eids in eids */
|
||||
dundi_eid us_eid; /*!< Our EID, to them */
|
||||
dundi_eid them_eid; /*!< Their EID, to us */
|
||||
aes_encrypt_ctx ecx; /*!< AES 128 Encryption context */
|
||||
aes_decrypt_ctx dcx; /*!< AES 128 Decryption context */
|
||||
ast_aes_encrypt_key ecx; /*!< AES 128 Encryption context */
|
||||
ast_aes_decrypt_key dcx; /*!< AES 128 Decryption context */
|
||||
unsigned int flags; /*!< Has final packet been sent */
|
||||
int ttl; /*!< Remaining TTL for queries on this one */
|
||||
int thread; /*!< We have a calling thread */
|
||||
|
@ -240,11 +241,11 @@ struct dundi_peer {
|
|||
unsigned char txenckey[256]; /*!< Transmitted encrypted key + sig */
|
||||
unsigned char rxenckey[256]; /*!< Cache received encrypted key + sig */
|
||||
unsigned long us_keycrc32; /*!< CRC-32 of our key */
|
||||
aes_encrypt_ctx us_ecx; /*!< Cached AES 128 Encryption context */
|
||||
aes_decrypt_ctx us_dcx; /*!< Cached AES 128 Decryption context */
|
||||
ast_aes_encrypt_key us_ecx; /*!< Cached AES 128 Encryption context */
|
||||
ast_aes_decrypt_key us_dcx; /*!< Cached AES 128 Decryption context */
|
||||
unsigned long them_keycrc32; /*!< CRC-32 of our key */
|
||||
aes_encrypt_ctx them_ecx; /*!< Cached AES 128 Encryption context */
|
||||
aes_decrypt_ctx them_dcx; /*!< Cached AES 128 Decryption context */
|
||||
ast_aes_encrypt_key them_ecx; /*!< Cached AES 128 Encryption context */
|
||||
ast_aes_decrypt_key them_dcx; /*!< Cached AES 128 Decryption context */
|
||||
time_t keyexpire; /*!< When to expire/recreate key */
|
||||
int registerexpire;
|
||||
int lookuptimes[DUNDI_TIMING_HISTORY];
|
||||
|
@ -1300,8 +1301,8 @@ static int update_key(struct dundi_peer *peer)
|
|||
int res;
|
||||
if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
|
||||
build_iv(key);
|
||||
aes_encrypt_key128(key, &peer->us_ecx);
|
||||
aes_decrypt_key128(key, &peer->us_dcx);
|
||||
ast_aes_encrypt_key(key, &peer->us_ecx);
|
||||
ast_aes_decrypt_key(key, &peer->us_dcx);
|
||||
ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
|
||||
if (!ekey) {
|
||||
ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
|
||||
|
@ -1331,7 +1332,7 @@ static int update_key(struct dundi_peer *peer)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_encrypt_ctx *ecx)
|
||||
static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_encrypt_key *ecx)
|
||||
{
|
||||
unsigned char curblock[16];
|
||||
int x;
|
||||
|
@ -1339,7 +1340,7 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig
|
|||
while(len > 0) {
|
||||
for (x=0;x<16;x++)
|
||||
curblock[x] ^= src[x];
|
||||
aes_encrypt(curblock, dst, ecx);
|
||||
ast_aes_encrypt(curblock, dst, ecx);
|
||||
memcpy(curblock, dst, sizeof(curblock));
|
||||
dst += 16;
|
||||
src += 16;
|
||||
|
@ -1347,13 +1348,13 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_decrypt_ctx *dcx)
|
||||
static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_decrypt_key *dcx)
|
||||
{
|
||||
unsigned char lastblock[16];
|
||||
int x;
|
||||
memcpy(lastblock, iv, sizeof(lastblock));
|
||||
while(len > 0) {
|
||||
aes_decrypt(src, dst, dcx);
|
||||
ast_aes_decrypt(src, dst, dcx);
|
||||
for (x=0;x<16;x++)
|
||||
dst[x] ^= lastblock[x];
|
||||
memcpy(lastblock, src, sizeof(lastblock));
|
||||
|
@ -1507,8 +1508,8 @@ static int check_key(struct dundi_peer *peer, unsigned char *newkey, unsigned ch
|
|||
memcpy(peer->rxenckey, newkey, 128);
|
||||
memcpy(peer->rxenckey + 128, newsig, 128);
|
||||
peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
|
||||
aes_decrypt_key128(dst, &peer->them_dcx);
|
||||
aes_encrypt_key128(dst, &peer->them_ecx);
|
||||
ast_aes_decrypt_key(dst, &peer->them_dcx);
|
||||
ast_aes_encrypt_key(dst, &peer->them_ecx);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue