+/*
+ * Copyright 2024 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
/*
* Copyright (c) 2014, Vsevolod Stakhov
*
#include <tweetnacl.h>
-void
-randombytes(uint8_t *data, uint64_t len)
+void randombytes(uint8_t *data, uint64_t len)
{
- ottery_rand_bytes (data, len);
+ ottery_rand_bytes(data, len);
}
-void sodium_memzero (uint8_t *data, uint64_t len)
+void sodium_memzero(uint8_t *data, uint64_t len)
{
volatile uint8_t *p = data;
}
void sodium_init(void)
{
-
}
-ssize_t rdns_curve_send (struct rdns_request *req, void *plugin_data);
-ssize_t rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len,
- void *plugin_data, struct rdns_request **req_out);
-void rdns_curve_finish_request (struct rdns_request *req, void *plugin_data);
-void rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data);
+ssize_t rdns_curve_send(struct rdns_request *req, void *plugin_data);
+ssize_t rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len,
+ void *plugin_data, struct rdns_request **req_out);
+void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data);
+void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data);
struct rdns_curve_entry {
char *name;
};
static struct rdns_curve_client_key *
-rdns_curve_client_key_new (struct rdns_curve_ctx *ctx)
+rdns_curve_client_key_new(struct rdns_curve_ctx *ctx)
{
struct rdns_curve_client_key *new;
struct rdns_curve_nm_entry *nm;
struct rdns_curve_entry *entry, *tmp;
- new = calloc (1, sizeof (struct rdns_curve_client_key));
- crypto_box_keypair (new->pk, new->sk);
+ new = calloc(1, sizeof(struct rdns_curve_client_key));
+ crypto_box_keypair(new->pk, new->sk);
- HASH_ITER (hh, ctx->entries, entry, tmp) {
- nm = calloc (1, sizeof (struct rdns_curve_nm_entry));
+ HASH_ITER(hh, ctx->entries, entry, tmp)
+ {
+ nm = calloc(1, sizeof(struct rdns_curve_nm_entry));
nm->entry = entry;
- crypto_box_beforenm (nm->k, entry->pk, new->sk);
+ crypto_box_beforenm(nm->k, entry->pk, new->sk);
- DL_APPEND (new->nms, nm);
+ DL_APPEND(new->nms, nm);
}
- new->counter = ottery_rand_uint64 ();
+ new->counter = ottery_rand_uint64();
return new;
}
static struct rdns_curve_nm_entry *
-rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry *entry)
+rdns_curve_find_nm(struct rdns_curve_client_key *key, struct rdns_curve_entry *entry)
{
struct rdns_curve_nm_entry *nm;
- DL_FOREACH (key->nms, nm) {
+ DL_FOREACH(key->nms, nm)
+ {
if (nm->entry == entry) {
return nm;
}
}
static void
-rdns_curve_client_key_free (struct rdns_curve_client_key *key)
+rdns_curve_client_key_free(struct rdns_curve_client_key *key)
{
struct rdns_curve_nm_entry *nm, *tmp;
- DL_FOREACH_SAFE (key->nms, nm, tmp) {
- sodium_memzero (nm->k, sizeof (nm->k));
- free (nm);
+ DL_FOREACH_SAFE(key->nms, nm, tmp)
+ {
+ sodium_memzero(nm->k, sizeof(nm->k));
+ free(nm);
}
- sodium_memzero (key->sk, sizeof (key->sk));
- free (key);
+ sodium_memzero(key->sk, sizeof(key->sk));
+ free(key);
}
-struct rdns_curve_ctx*
-rdns_curve_ctx_new (double key_refresh_interval)
+struct rdns_curve_ctx *
+rdns_curve_ctx_new(double key_refresh_interval)
{
struct rdns_curve_ctx *new;
- new = calloc (1, sizeof (struct rdns_curve_ctx));
+ new = calloc(1, sizeof(struct rdns_curve_ctx));
new->key_refresh_interval = key_refresh_interval;
return new;
}
-void
-rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx,
- const char *name, const unsigned char *pubkey)
+void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx,
+ const char *name, const unsigned char *pubkey)
{
struct rdns_curve_entry *entry;
bool success = true;
- entry = malloc (sizeof (struct rdns_curve_entry));
+ entry = malloc(sizeof(struct rdns_curve_entry));
if (entry != NULL) {
- entry->name = strdup (name);
+ entry->name = strdup(name);
if (entry->name == NULL) {
success = false;
}
- memcpy (entry->pk, pubkey, sizeof (entry->pk));
+ memcpy(entry->pk, pubkey, sizeof(entry->pk));
if (success) {
- HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry);
+ HASH_ADD_KEYPTR(hh, ctx->entries, entry->name, strlen(entry->name), entry);
}
}
}
-#define rdns_curve_write_hex(in, out, offset, base) do { \
- *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \
-} while (0)
+#define rdns_curve_write_hex(in, out, offset, base) \
+ do { \
+ *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \
+ } while (0)
static bool
-rdns_curve_hex_to_byte (const char *in, unsigned char *out)
+rdns_curve_hex_to_byte(const char *in, unsigned char *out)
{
int i;
- for (i = 0; i <= 1; i ++) {
+ for (i = 0; i <= 1; i++) {
if (in[i] >= '0' && in[i] <= '9') {
- rdns_curve_write_hex (in, out, i, '0');
+ rdns_curve_write_hex(in, out, i, '0');
}
else if (in[i] >= 'a' && in[i] <= 'f') {
- rdns_curve_write_hex (in, out, i, 'a' - 10);
+ rdns_curve_write_hex(in, out, i, 'a' - 10);
}
else if (in[i] >= 'A' && in[i] <= 'F') {
- rdns_curve_write_hex (in, out, i, 'A' - 10);
+ rdns_curve_write_hex(in, out, i, 'A' - 10);
}
else {
return false;
#undef rdns_curve_write_hex
unsigned char *
-rdns_curve_key_from_hex (const char *hex)
+rdns_curve_key_from_hex(const char *hex)
{
- unsigned int len = strlen (hex), i;
+ unsigned int len = strlen(hex), i;
unsigned char *res = NULL;
if (len == crypto_box_PUBLICKEYBYTES * 2) {
- res = calloc (1, crypto_box_PUBLICKEYBYTES);
- for (i = 0; i < crypto_box_PUBLICKEYBYTES; i ++) {
- if (!rdns_curve_hex_to_byte (&hex[i * 2], &res[i])) {
- free (res);
+ res = calloc(1, crypto_box_PUBLICKEYBYTES);
+ for (i = 0; i < crypto_box_PUBLICKEYBYTES; i++) {
+ if (!rdns_curve_hex_to_byte(&hex[i * 2], &res[i])) {
+ free(res);
return NULL;
}
}
return res;
}
-void
-rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx)
+void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx)
{
struct rdns_curve_entry *entry, *tmp;
- HASH_ITER (hh, ctx->entries, entry, tmp) {
- free (entry->name);
- free (entry);
+ HASH_ITER(hh, ctx->entries, entry, tmp)
+ {
+ free(entry->name);
+ free(entry);
}
- free (ctx);
+ free(ctx);
}
static void
-rdns_curve_refresh_key_callback (void *user_data)
+rdns_curve_refresh_key_callback(void *user_data)
{
struct rdns_curve_ctx *ctx = user_data;
struct rdns_resolver *resolver;
resolver = ctx->resolver;
- rdns_info ("refresh dnscurve keys");
- REF_RELEASE (ctx->cur_key);
- ctx->cur_key = rdns_curve_client_key_new (ctx);
- REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free);
+ rdns_info("refresh dnscurve keys");
+ REF_RELEASE(ctx->cur_key);
+ ctx->cur_key = rdns_curve_client_key_new(ctx);
+ REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free);
}
-void
-rdns_curve_register_plugin (struct rdns_resolver *resolver,
- struct rdns_curve_ctx *ctx)
+void rdns_curve_register_plugin(struct rdns_resolver *resolver,
+ struct rdns_curve_ctx *ctx)
{
struct rdns_plugin *plugin;
return;
}
- plugin = calloc (1, sizeof (struct rdns_plugin));
+ plugin = calloc(1, sizeof(struct rdns_plugin));
if (plugin != NULL) {
plugin->data = ctx;
plugin->type = RDNS_PLUGIN_CURVE;
plugin->cb.curve_plugin.recv_cb = rdns_curve_recv;
plugin->cb.curve_plugin.finish_cb = rdns_curve_finish_request;
plugin->dtor = rdns_curve_dtor;
- sodium_init ();
- ctx->cur_key = rdns_curve_client_key_new (ctx);
- REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free);
+ sodium_init();
+ ctx->cur_key = rdns_curve_client_key_new(ctx);
+ REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free);
if (ctx->key_refresh_interval > 0) {
- ctx->key_refresh_event = resolver->async->add_periodic (
- resolver->async->data, ctx->key_refresh_interval,
- rdns_curve_refresh_key_callback, ctx);
+ ctx->key_refresh_event = resolver->async->add_periodic(
+ resolver->async->data, ctx->key_refresh_interval,
+ rdns_curve_refresh_key_callback, ctx);
}
ctx->resolver = resolver;
- rdns_resolver_register_plugin (resolver, plugin);
+ rdns_resolver_register_plugin(resolver, plugin);
}
}
ssize_t
-rdns_curve_send (struct rdns_request *req, void *plugin_data)
+rdns_curve_send(struct rdns_request *req, void *plugin_data)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
struct rdns_curve_entry *entry;
struct iovec iov[4];
unsigned char *m;
ssize_t ret, boxed_len;
/* Check for key */
- HASH_FIND_STR (ctx->entries, req->io->srv->name, entry);
+ HASH_FIND_STR(ctx->entries, req->io->srv->name, entry);
if (entry != NULL) {
- nm = rdns_curve_find_nm (ctx->cur_key, entry);
- creq = malloc (sizeof (struct rdns_curve_request));
+ nm = rdns_curve_find_nm(ctx->cur_key, entry);
+ creq = malloc(sizeof(struct rdns_curve_request));
if (creq == NULL) {
return -1;
}
boxed_len = req->pos + crypto_box_ZEROBYTES;
- m = malloc (boxed_len);
+ m = malloc(boxed_len);
if (m == NULL) {
return -1;
}
/* Ottery is faster than sodium native PRG that uses /dev/random only */
- memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t));
- ottery_rand_bytes (creq->nonce + sizeof (uint64_t), 12 - sizeof (uint64_t));
- sodium_memzero (creq->nonce + 12, crypto_box_NONCEBYTES - 12);
+ memcpy(creq->nonce, &ctx->cur_key->counter, sizeof(uint64_t));
+ ottery_rand_bytes(creq->nonce + sizeof(uint64_t), 12 - sizeof(uint64_t));
+ sodium_memzero(creq->nonce + 12, crypto_box_NONCEBYTES - 12);
- sodium_memzero (m, crypto_box_ZEROBYTES);
- memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos);
+ sodium_memzero(m, crypto_box_ZEROBYTES);
+ memcpy(m + crypto_box_ZEROBYTES, req->packet, req->pos);
- if (crypto_box_afternm (m, m, boxed_len,
- creq->nonce, nm->k) == -1) {
- sodium_memzero (m, boxed_len);
- free (m);
+ if (crypto_box_afternm(m, m, boxed_len,
+ creq->nonce, nm->k) == -1) {
+ sodium_memzero(m, boxed_len);
+ free(m);
return -1;
}
creq->key = ctx->cur_key;
- REF_RETAIN (ctx->cur_key);
+ REF_RETAIN(ctx->cur_key);
creq->entry = entry;
creq->req = req;
creq->nm = nm;
- HASH_ADD_KEYPTR (hh, ctx->requests, creq->nonce, 12, creq);
+ HASH_ADD_KEYPTR(hh, ctx->requests, creq->nonce, 12, creq);
req->curve_plugin_data = creq;
- ctx->cur_key->counter ++;
- ctx->cur_key->uses ++;
+ ctx->cur_key->counter++;
+ ctx->cur_key->uses++;
/* Now form a dnscurve packet */
- iov[0].iov_base = (void *)qmagic;
- iov[0].iov_len = sizeof (qmagic) - 1;
+ iov[0].iov_base = (void *) qmagic;
+ iov[0].iov_len = sizeof(qmagic) - 1;
iov[1].iov_base = ctx->cur_key->pk;
- iov[1].iov_len = sizeof (ctx->cur_key->pk);
+ iov[1].iov_len = sizeof(ctx->cur_key->pk);
iov[2].iov_base = creq->nonce;
iov[2].iov_len = 12;
iov[3].iov_base = m + crypto_box_BOXZEROBYTES;
iov[3].iov_len = boxed_len - crypto_box_BOXZEROBYTES;
- ret = writev (req->io->sock, iov, sizeof (iov) / sizeof (iov[0]));
- sodium_memzero (m, boxed_len);
- free (m);
+ ret = writev(req->io->sock, iov, sizeof(iov) / sizeof(iov[0]));
+ sodium_memzero(m, boxed_len);
+ free(m);
}
else {
- ret = write (req->io->sock, req->packet, req->pos);
+ ret = write(req->io->sock, req->packet, req->pos);
req->curve_plugin_data = NULL;
}
}
ssize_t
-rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data,
- struct rdns_request **req_out)
+rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data,
+ struct rdns_request **req_out)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
ssize_t ret, boxlen;
static const char rmagic[] = "R6fnvWJ8";
unsigned char *p, *box;
struct rdns_resolver *resolver;
resolver = ctx->resolver;
- ret = read (ioc->sock, buf, len);
+ ret = read(ioc->sock, buf, len);
if (ret <= 0 || ret < 64) {
/* Definitely not a DNSCurve packet */
return ret;
}
- if (memcmp (buf, rmagic, sizeof (rmagic) - 1) == 0) {
+ if (memcmp(buf, rmagic, sizeof(rmagic) - 1) == 0) {
/* Likely DNSCurve packet */
- p = ((unsigned char *)buf) + 8;
- HASH_FIND (hh, ctx->requests, p, 12, creq);
+ p = ((unsigned char *) buf) + 8;
+ HASH_FIND(hh, ctx->requests, p, 12, creq);
if (creq == NULL) {
- rdns_info ("unable to find nonce in the internal hash");
+ rdns_info("unable to find nonce in the internal hash");
return ret;
}
- memcpy (enonce, p, crypto_box_NONCEBYTES);
+ memcpy(enonce, p, crypto_box_NONCEBYTES);
p += crypto_box_NONCEBYTES;
boxlen = ret - crypto_box_NONCEBYTES +
- crypto_box_BOXZEROBYTES -
- sizeof (rmagic) + 1;
+ crypto_box_BOXZEROBYTES -
+ sizeof(rmagic) + 1;
if (boxlen < 0) {
return ret;
}
- box = malloc (boxlen);
- sodium_memzero (box, crypto_box_BOXZEROBYTES);
- memcpy (box + crypto_box_BOXZEROBYTES, p,
- boxlen - crypto_box_BOXZEROBYTES);
-
- if (crypto_box_open_afternm (box, box, boxlen, enonce, creq->nm->k) != -1) {
- memcpy (buf, box + crypto_box_ZEROBYTES,
- boxlen - crypto_box_ZEROBYTES);
+ box = malloc(boxlen);
+ sodium_memzero(box, crypto_box_BOXZEROBYTES);
+ memcpy(box + crypto_box_BOXZEROBYTES, p,
+ boxlen - crypto_box_BOXZEROBYTES);
+
+ if (crypto_box_open_afternm(box, box, boxlen, enonce, creq->nm->k) != -1) {
+ memcpy(buf, box + crypto_box_ZEROBYTES,
+ boxlen - crypto_box_ZEROBYTES);
ret = boxlen - crypto_box_ZEROBYTES;
*req_out = creq->req;
}
else {
- rdns_info ("unable open cryptobox of size %d", (int)boxlen);
+ rdns_info("unable open cryptobox of size %d", (int) boxlen);
}
- free (box);
+ free(box);
}
return ret;
}
-void
-rdns_curve_finish_request (struct rdns_request *req, void *plugin_data)
+void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
struct rdns_curve_request *creq = req->curve_plugin_data;
if (creq != NULL) {
- REF_RELEASE (creq->key);
- HASH_DELETE (hh, ctx->requests, creq);
+ REF_RELEASE(creq->key);
+ HASH_DELETE(hh, ctx->requests, creq);
}
}
-void
-rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data)
+void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
if (ctx->key_refresh_event != NULL) {
- resolver->async->del_periodic (resolver->async->data,
- ctx->key_refresh_event);
+ resolver->async->del_periodic(resolver->async->data,
+ ctx->key_refresh_event);
}
- REF_RELEASE (ctx->cur_key);
+ REF_RELEASE(ctx->cur_key);
}
#elif defined(USE_RSPAMD_CRYPTOBOX)
#define crypto_box_BOXZEROBYTES 16
#endif
-ssize_t rdns_curve_send (struct rdns_request *req, void *plugin_data,
- struct sockaddr *saddr, socklen_t slen);
-ssize_t rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len,
- void *plugin_data, struct rdns_request **req_out,
- struct sockaddr *saddr, socklen_t slen);
-void rdns_curve_finish_request (struct rdns_request *req, void *plugin_data);
-void rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data);
+ssize_t rdns_curve_send(struct rdns_request *req, void *plugin_data,
+ struct sockaddr *saddr, socklen_t slen);
+ssize_t rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len,
+ void *plugin_data, struct rdns_request **req_out,
+ struct sockaddr *saddr, socklen_t slen);
+void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data);
+void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data);
struct rdns_curve_entry {
char *name;
};
static struct rdns_curve_client_key *
-rdns_curve_client_key_new (struct rdns_curve_ctx *ctx)
+rdns_curve_client_key_new(struct rdns_curve_ctx *ctx)
{
struct rdns_curve_client_key *new;
struct rdns_curve_nm_entry *nm;
struct rdns_curve_entry *entry, *tmp;
- new = calloc (1, sizeof (struct rdns_curve_client_key));
- rspamd_cryptobox_keypair (new->pk, new->sk, RSPAMD_CRYPTOBOX_MODE_25519);
+ new = calloc(1, sizeof(struct rdns_curve_client_key));
+ rspamd_cryptobox_keypair(new->pk, new->sk);
- HASH_ITER (hh, ctx->entries, entry, tmp) {
- nm = calloc (1, sizeof (struct rdns_curve_nm_entry));
+ HASH_ITER(hh, ctx->entries, entry, tmp)
+ {
+ nm = calloc(1, sizeof(struct rdns_curve_nm_entry));
nm->entry = entry;
- rspamd_cryptobox_nm (nm->k, entry->pk, new->sk,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_nm(nm->k, entry->pk, new->sk);
- DL_APPEND (new->nms, nm);
+ DL_APPEND(new->nms, nm);
}
- new->counter = ottery_rand_uint64 ();
+ new->counter = ottery_rand_uint64();
return new;
}
static struct rdns_curve_nm_entry *
-rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry *entry)
+rdns_curve_find_nm(struct rdns_curve_client_key *key, struct rdns_curve_entry *entry)
{
struct rdns_curve_nm_entry *nm;
- DL_FOREACH (key->nms, nm) {
+ DL_FOREACH(key->nms, nm)
+ {
if (nm->entry == entry) {
return nm;
}
}
static void
-rdns_curve_client_key_free (struct rdns_curve_client_key *key)
+rdns_curve_client_key_free(struct rdns_curve_client_key *key)
{
struct rdns_curve_nm_entry *nm, *tmp;
- DL_FOREACH_SAFE (key->nms, nm, tmp) {
- rspamd_explicit_memzero (nm->k, sizeof (nm->k));
- free (nm);
+ DL_FOREACH_SAFE(key->nms, nm, tmp)
+ {
+ rspamd_explicit_memzero(nm->k, sizeof(nm->k));
+ free(nm);
}
- rspamd_explicit_memzero (key->sk, sizeof (key->sk));
- free (key);
+ rspamd_explicit_memzero(key->sk, sizeof(key->sk));
+ free(key);
}
-struct rdns_curve_ctx*
-rdns_curve_ctx_new (double key_refresh_interval)
+struct rdns_curve_ctx *
+rdns_curve_ctx_new(double key_refresh_interval)
{
struct rdns_curve_ctx *new;
- new = calloc (1, sizeof (struct rdns_curve_ctx));
+ new = calloc(1, sizeof(struct rdns_curve_ctx));
new->key_refresh_interval = key_refresh_interval;
return new;
}
-void
-rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx,
- const char *name, const unsigned char *pubkey)
+void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx,
+ const char *name, const unsigned char *pubkey)
{
struct rdns_curve_entry *entry;
bool success = true;
- entry = malloc (sizeof (struct rdns_curve_entry));
+ entry = malloc(sizeof(struct rdns_curve_entry));
if (entry != NULL) {
- entry->name = strdup (name);
+ entry->name = strdup(name);
if (entry->name == NULL) {
success = false;
}
- memcpy (entry->pk, pubkey, sizeof (entry->pk));
+ memcpy(entry->pk, pubkey, sizeof(entry->pk));
if (success) {
- HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry);
+ HASH_ADD_KEYPTR(hh, ctx->entries, entry->name, strlen(entry->name), entry);
}
}
}
-#define rdns_curve_write_hex(in, out, offset, base) do { \
- *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \
-} while (0)
+#define rdns_curve_write_hex(in, out, offset, base) \
+ do { \
+ *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \
+ } while (0)
static bool
-rdns_curve_hex_to_byte (const char *in, unsigned char *out)
+rdns_curve_hex_to_byte(const char *in, unsigned char *out)
{
int i;
- for (i = 0; i <= 1; i ++) {
+ for (i = 0; i <= 1; i++) {
if (in[i] >= '0' && in[i] <= '9') {
- rdns_curve_write_hex (in, out, i, '0');
+ rdns_curve_write_hex(in, out, i, '0');
}
else if (in[i] >= 'a' && in[i] <= 'f') {
- rdns_curve_write_hex (in, out, i, 'a' - 10);
+ rdns_curve_write_hex(in, out, i, 'a' - 10);
}
else if (in[i] >= 'A' && in[i] <= 'F') {
- rdns_curve_write_hex (in, out, i, 'A' - 10);
+ rdns_curve_write_hex(in, out, i, 'A' - 10);
}
else {
return false;
#undef rdns_curve_write_hex
unsigned char *
-rdns_curve_key_from_hex (const char *hex)
+rdns_curve_key_from_hex(const char *hex)
{
- unsigned int len = strlen (hex), i;
+ unsigned int len = strlen(hex), i;
unsigned char *res = NULL;
- if (len == rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519) * 2) {
- res = calloc (1, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
+ if (len == crypto_box_publickeybytes() * 2) {
+ res = calloc(1, crypto_box_publickeybytes());
for (i = 0;
- i < rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
- i ++) {
- if (!rdns_curve_hex_to_byte (&hex[i * 2], &res[i])) {
- free (res);
+ i < crypto_box_publickeybytes();
+ i++) {
+ if (!rdns_curve_hex_to_byte(&hex[i * 2], &res[i])) {
+ free(res);
return NULL;
}
}
return res;
}
-void
-rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx)
+void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx)
{
struct rdns_curve_entry *entry, *tmp;
- HASH_ITER (hh, ctx->entries, entry, tmp) {
- free (entry->name);
- free (entry);
+ HASH_ITER(hh, ctx->entries, entry, tmp)
+ {
+ free(entry->name);
+ free(entry);
}
- free (ctx);
+ free(ctx);
}
static void
-rdns_curve_refresh_key_callback (void *user_data)
+rdns_curve_refresh_key_callback(void *user_data)
{
struct rdns_curve_ctx *ctx = user_data;
struct rdns_resolver *resolver;
resolver = ctx->resolver;
- rdns_info ("refresh dnscurve keys");
- REF_RELEASE (ctx->cur_key);
- ctx->cur_key = rdns_curve_client_key_new (ctx);
- REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free);
+ rdns_info("refresh dnscurve keys");
+ REF_RELEASE(ctx->cur_key);
+ ctx->cur_key = rdns_curve_client_key_new(ctx);
+ REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free);
}
-void
-rdns_curve_register_plugin (struct rdns_resolver *resolver,
- struct rdns_curve_ctx *ctx)
+void rdns_curve_register_plugin(struct rdns_resolver *resolver,
+ struct rdns_curve_ctx *ctx)
{
struct rdns_plugin *plugin;
return;
}
- plugin = calloc (1, sizeof (struct rdns_plugin));
+ plugin = calloc(1, sizeof(struct rdns_plugin));
if (plugin != NULL) {
plugin->data = ctx;
plugin->type = RDNS_PLUGIN_CURVE;
plugin->cb.curve_plugin.recv_cb = rdns_curve_recv;
plugin->cb.curve_plugin.finish_cb = rdns_curve_finish_request;
plugin->dtor = rdns_curve_dtor;
- ctx->cur_key = rdns_curve_client_key_new (ctx);
- REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free);
+ ctx->cur_key = rdns_curve_client_key_new(ctx);
+ REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free);
if (ctx->key_refresh_interval > 0) {
- ctx->key_refresh_event = resolver->async->add_periodic (
- resolver->async->data, ctx->key_refresh_interval,
- rdns_curve_refresh_key_callback, ctx);
+ ctx->key_refresh_event = resolver->async->add_periodic(
+ resolver->async->data, ctx->key_refresh_interval,
+ rdns_curve_refresh_key_callback, ctx);
}
ctx->resolver = resolver;
- rdns_resolver_register_plugin (resolver, plugin);
+ rdns_resolver_register_plugin(resolver, plugin);
}
}
ssize_t
-rdns_curve_send (struct rdns_request *req, void *plugin_data,
- struct sockaddr *saddr, socklen_t slen)
+rdns_curve_send(struct rdns_request *req, void *plugin_data,
+ struct sockaddr *saddr, socklen_t slen)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
struct rdns_curve_entry *entry;
struct iovec iov[4];
unsigned char *m;
ssize_t ret, boxed_len;
/* Check for key */
- HASH_FIND_STR (ctx->entries, req->io->srv->name, entry);
+ HASH_FIND_STR(ctx->entries, req->io->srv->name, entry);
if (entry != NULL) {
- nm = rdns_curve_find_nm (ctx->cur_key, entry);
- creq = malloc (sizeof (struct rdns_curve_request));
+ nm = rdns_curve_find_nm(ctx->cur_key, entry);
+ creq = malloc(sizeof(struct rdns_curve_request));
if (creq == NULL) {
return -1;
}
boxed_len = req->pos + crypto_box_ZEROBYTES;
- m = malloc (boxed_len);
+ m = malloc(boxed_len);
if (m == NULL) {
free(creq);
return -1;
}
/* Ottery is faster than sodium native PRG that uses /dev/random only */
- memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t));
- ottery_rand_bytes (creq->nonce + sizeof (uint64_t), 12 - sizeof (uint64_t));
- rspamd_explicit_memzero (creq->nonce + 12,
- rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) - 12);
+ memcpy(creq->nonce, &ctx->cur_key->counter, sizeof(uint64_t));
+ ottery_rand_bytes(creq->nonce + sizeof(uint64_t), 12 - sizeof(uint64_t));
+ rspamd_explicit_memzero(creq->nonce + 12,
+ crypto_box_noncebytes() - 12);
- rspamd_explicit_memzero (m, crypto_box_ZEROBYTES);
- memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos);
+ rspamd_explicit_memzero(m, crypto_box_ZEROBYTES);
+ memcpy(m + crypto_box_ZEROBYTES, req->packet, req->pos);
- rspamd_cryptobox_encrypt_nm_inplace (m + crypto_box_ZEROBYTES,
- boxed_len,
- creq->nonce,
- nm->k,
- m,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_encrypt_nm_inplace(m + crypto_box_ZEROBYTES,
+ boxed_len,
+ creq->nonce,
+ nm->k,
+ m);
creq->key = ctx->cur_key;
- REF_RETAIN (ctx->cur_key);
+ REF_RETAIN(ctx->cur_key);
creq->entry = entry;
creq->req = req;
creq->nm = nm;
- HASH_ADD_KEYPTR (hh, ctx->requests, creq->nonce, 12, creq);
+ HASH_ADD_KEYPTR(hh, ctx->requests, creq->nonce, 12, creq);
req->curve_plugin_data = creq;
- ctx->cur_key->counter ++;
- ctx->cur_key->uses ++;
+ ctx->cur_key->counter++;
+ ctx->cur_key->uses++;
/* Now form a dnscurve packet */
- iov[0].iov_base = (void *)qmagic;
- iov[0].iov_len = sizeof (qmagic) - 1;
+ iov[0].iov_base = (void *) qmagic;
+ iov[0].iov_len = sizeof(qmagic) - 1;
iov[1].iov_base = ctx->cur_key->pk;
- iov[1].iov_len = sizeof (ctx->cur_key->pk);
+ iov[1].iov_len = sizeof(ctx->cur_key->pk);
iov[2].iov_base = creq->nonce;
iov[2].iov_len = 12;
iov[3].iov_base = m + crypto_box_BOXZEROBYTES;
struct msghdr msg;
- memset (&msg, 0, sizeof (msg));
+ memset(&msg, 0, sizeof(msg));
msg.msg_namelen = slen;
msg.msg_name = saddr;
msg.msg_iov = iov;
- msg.msg_iovlen = sizeof (iov) / sizeof (iov[0]);
- ret = sendmsg (req->io->sock, &msg, 0);
- rspamd_explicit_memzero (m, boxed_len);
- free (m);
+ msg.msg_iovlen = sizeof(iov) / sizeof(iov[0]);
+ ret = sendmsg(req->io->sock, &msg, 0);
+ rspamd_explicit_memzero(m, boxed_len);
+ free(m);
}
else {
- ret = sendto (req->io->sock, req->packet, req->pos, 0, saddr, slen);
+ ret = sendto(req->io->sock, req->packet, req->pos, 0, saddr, slen);
req->curve_plugin_data = NULL;
}
}
ssize_t
-rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data,
- struct rdns_request **req_out, struct sockaddr *saddr, socklen_t slen)
+rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data,
+ struct rdns_request **req_out, struct sockaddr *saddr, socklen_t slen)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
ssize_t ret, boxlen;
static const char rmagic[] = "R6fnvWJ8";
unsigned char *p, *box;
struct rdns_resolver *resolver;
resolver = ctx->resolver;
- ret = recv (ioc->sock, buf, len, 0);
+ ret = recv(ioc->sock, buf, len, 0);
if (ret <= 0 || ret < 64) {
/* Definitely not a DNSCurve packet */
return ret;
}
- if (memcmp (buf, rmagic, sizeof (rmagic) - 1) == 0) {
+ if (memcmp(buf, rmagic, sizeof(rmagic) - 1) == 0) {
/* Likely DNSCurve packet */
- p = ((unsigned char *)buf) + 8;
- HASH_FIND (hh, ctx->requests, p, 12, creq);
+ p = ((unsigned char *) buf) + 8;
+ HASH_FIND(hh, ctx->requests, p, 12, creq);
if (creq == NULL) {
- rdns_info ("unable to find nonce in the internal hash");
+ rdns_info("unable to find nonce in the internal hash");
return ret;
}
- memcpy (enonce, p, rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
- p += rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
- boxlen = ret - rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
- crypto_box_BOXZEROBYTES -
- sizeof (rmagic) + 1;
+ memcpy(enonce, p, crypto_box_noncebytes());
+ p += crypto_box_noncebytes();
+ boxlen = ret - crypto_box_noncebytes() +
+ crypto_box_BOXZEROBYTES -
+ sizeof(rmagic) + 1;
if (boxlen < 0) {
return ret;
}
- box = malloc (boxlen);
- rspamd_explicit_memzero (box, crypto_box_BOXZEROBYTES);
- memcpy (box + crypto_box_BOXZEROBYTES, p,
- boxlen - crypto_box_BOXZEROBYTES);
-
- if (!rspamd_cryptobox_decrypt_nm_inplace (
- box + rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519),
- boxlen - rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519),
- enonce, creq->nm->k, box, RSPAMD_CRYPTOBOX_MODE_25519)) {
- memcpy (buf, box + crypto_box_ZEROBYTES,
- boxlen - crypto_box_ZEROBYTES);
+ box = malloc(boxlen);
+ rspamd_explicit_memzero(box, crypto_box_BOXZEROBYTES);
+ memcpy(box + crypto_box_BOXZEROBYTES, p,
+ boxlen - crypto_box_BOXZEROBYTES);
+
+ if (!rspamd_cryptobox_decrypt_nm_inplace(
+ box + crypto_box_macbytes(),
+ boxlen - crypto_box_macbytes(),
+ enonce, creq->nm->k, box)) {
+ memcpy(buf, box + crypto_box_ZEROBYTES,
+ boxlen - crypto_box_ZEROBYTES);
ret = boxlen - crypto_box_ZEROBYTES;
*req_out = creq->req;
}
else {
- rdns_info ("unable open cryptobox of size %d", (int)boxlen);
+ rdns_info("unable open cryptobox of size %d", (int) boxlen);
}
- free (box);
+ free(box);
}
return ret;
}
-void
-rdns_curve_finish_request (struct rdns_request *req, void *plugin_data)
+void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
struct rdns_curve_request *creq = req->curve_plugin_data;
if (creq != NULL) {
- REF_RELEASE (creq->key);
- HASH_DELETE (hh, ctx->requests, creq);
+ REF_RELEASE(creq->key);
+ HASH_DELETE(hh, ctx->requests, creq);
}
}
-void
-rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data)
+void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data)
{
- struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data;
+ struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data;
if (ctx->key_refresh_event != NULL) {
- resolver->async->del_periodic (resolver->async->data,
- ctx->key_refresh_event);
+ resolver->async->del_periodic(resolver->async->data,
+ ctx->key_refresh_event);
}
- REF_RELEASE (ctx->cur_key);
+ REF_RELEASE(ctx->cur_key);
}
#else
/* Fake functions */
-struct rdns_curve_ctx* rdns_curve_ctx_new (double rekey_interval)
+struct rdns_curve_ctx *rdns_curve_ctx_new(double rekey_interval)
{
return NULL;
}
-void rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx,
- const char *name, const unsigned char *pubkey)
+void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx,
+ const char *name, const unsigned char *pubkey)
{
-
}
-void rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx)
+void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx)
{
-
}
-void rdns_curve_register_plugin (struct rdns_resolver *resolver,
- struct rdns_curve_ctx *ctx)
+void rdns_curve_register_plugin(struct rdns_resolver *resolver,
+ struct rdns_curve_ctx *ctx)
{
-
}
unsigned char *
-rdns_curve_key_from_hex (const char *hex)
+rdns_curve_key_from_hex(const char *hex)
{
return NULL;
}
conn->timeout = timeout;
if (key) {
- conn->key = rspamd_pubkey_from_base32(key, 0, RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ conn->key = rspamd_pubkey_from_base32(key, 0, RSPAMD_KEYPAIR_KEX);
if (conn->key) {
- conn->keypair = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ conn->keypair = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX);
rspamd_http_connection_set_key(conn->http_conn, conn->keypair);
}
else {
len,
session->reply.hdr.nonce,
session->nm,
- session->reply.hdr.mac,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ session->reply.hdr.mac);
}
else if (default_disabled) {
/* Hash is from a forbidden flag by default, and there is no encryption override */
}
/* Now process the remote pubkey */
- rk = rspamd_pubkey_from_bin(hdr.pubkey, sizeof(hdr.pubkey),
- RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+ rk = rspamd_pubkey_from_bin(hdr.pubkey, sizeof(hdr.pubkey), RSPAMD_KEYPAIR_KEX);
if (rk == NULL) {
msg_err("bad key; ip=%s",
/* Now decrypt request */
if (!rspamd_cryptobox_decrypt_nm_inplace(buf, buflen, hdr.nonce,
rspamd_pubkey_get_nm(rk, key->key),
- hdr.mac, RSPAMD_CRYPTOBOX_MODE_25519)) {
+ hdr.mac)) {
msg_err("decryption failed; ip=%s",
rspamd_inet_address_to_string(s->addr));
rspamd_pubkey_unref(rk);
return NULL;
}
- if (rspamd_keypair_alg(kp) != RSPAMD_CRYPTOBOX_MODE_25519 ||
- rspamd_keypair_type(kp) != RSPAMD_KEYPAIR_KEX) {
+ if (rspamd_keypair_type(kp) != RSPAMD_KEYPAIR_KEX) {
return FALSE;
}
}
}
- msg_debug("loaded keypair %*bs", rspamd_cryptobox_pk_bytes(RSPAMD_CRYPTOBOX_MODE_25519), pk);
+ msg_debug("loaded keypair %*bs", crypto_box_publickeybytes(), pk);
return key;
}
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
{
g_assert(kp != NULL);
- if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 32;
- return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->sk;
- }
- else {
- *len = 64;
- return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->sk;
- }
+ if (kp->type == RSPAMD_KEYPAIR_KEX) {
+ *len = 32;
+ return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->sk;
}
else {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 32;
- return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->sk;
- }
- else {
- *len = 32;
- return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->sk;
- }
+ *len = 64;
+ return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->sk;
}
-
- /* Not reached */
- return NULL;
}
static void *
{
g_assert(kp != NULL);
- if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 32;
- return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->pk;
- }
- else {
- *len = 32;
- return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->pk;
- }
+ if (kp->type == RSPAMD_KEYPAIR_KEX) {
+ *len = 32;
+ return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->pk;
}
else {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 65;
- return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->pk;
- }
- else {
- *len = 65;
- return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->pk;
- }
+ *len = 32;
+ return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->pk;
}
-
- /* Not reached */
- return NULL;
}
static void *
{
g_assert(kp != NULL);
- if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 32;
- return RSPAMD_CRYPTOBOX_PUBKEY_25519(kp)->pk;
- }
- else {
- *len = 32;
- return RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(kp)->pk;
- }
+ if (kp->type == RSPAMD_KEYPAIR_KEX) {
+ *len = 32;
+ return RSPAMD_CRYPTOBOX_PUBKEY_25519(kp)->pk;
}
else {
- if (kp->type == RSPAMD_KEYPAIR_KEX) {
- *len = 65;
- return RSPAMD_CRYPTOBOX_PUBKEY_NIST(kp)->pk;
- }
- else {
- *len = 65;
- return RSPAMD_CRYPTOBOX_PUBKEY_SIG_NIST(kp)->pk;
- }
+ *len = 32;
+ return RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(kp)->pk;
}
-
- /* Not reached */
- return NULL;
}
static struct rspamd_cryptobox_keypair *
-rspamd_cryptobox_keypair_alloc(enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+rspamd_cryptobox_keypair_alloc(enum rspamd_cryptobox_keypair_type type)
{
struct rspamd_cryptobox_keypair *kp;
unsigned int size = 0;
- if (alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- if (type == RSPAMD_KEYPAIR_KEX) {
- size = sizeof(struct rspamd_cryptobox_keypair_25519);
- }
- else {
- size = sizeof(struct rspamd_cryptobox_keypair_sig_25519);
- }
+ if (type == RSPAMD_KEYPAIR_KEX) {
+ size = sizeof(struct rspamd_cryptobox_keypair_25519);
}
else {
- if (type == RSPAMD_KEYPAIR_KEX) {
- size = sizeof(struct rspamd_cryptobox_keypair_nist);
- }
- else {
- size = sizeof(struct rspamd_cryptobox_keypair_sig_nist);
- }
+ size = sizeof(struct rspamd_cryptobox_keypair_sig_25519);
}
g_assert(size >= sizeof(*kp));
}
static struct rspamd_cryptobox_pubkey *
-rspamd_cryptobox_pubkey_alloc(enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+rspamd_cryptobox_pubkey_alloc(enum rspamd_cryptobox_keypair_type type)
{
struct rspamd_cryptobox_pubkey *pk;
unsigned int size = 0;
- if (alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- if (type == RSPAMD_KEYPAIR_KEX) {
- size = sizeof(struct rspamd_cryptobox_pubkey_25519);
- }
- else {
- size = sizeof(struct rspamd_cryptobox_pubkey_sig_25519);
- }
+
+ if (type == RSPAMD_KEYPAIR_KEX) {
+ size = sizeof(struct rspamd_cryptobox_pubkey_25519);
}
else {
- if (type == RSPAMD_KEYPAIR_KEX) {
- size = sizeof(struct rspamd_cryptobox_pubkey_nist);
- }
- else {
- size = sizeof(struct rspamd_cryptobox_pubkey_sig_nist);
- }
+ size = sizeof(struct rspamd_cryptobox_pubkey_sig_25519);
}
g_assert(size >= sizeof(*pk));
}
struct rspamd_cryptobox_keypair *
-rspamd_keypair_new(enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+rspamd_keypair_new(enum rspamd_cryptobox_keypair_type type)
{
struct rspamd_cryptobox_keypair *kp;
void *pk, *sk;
unsigned int size;
- kp = rspamd_cryptobox_keypair_alloc(type, alg);
- kp->alg = alg;
+ kp = rspamd_cryptobox_keypair_alloc(type);
kp->type = type;
sk = rspamd_cryptobox_keypair_sk(kp, &size);
pk = rspamd_cryptobox_keypair_pk(kp, &size);
if (type == RSPAMD_KEYPAIR_KEX) {
- rspamd_cryptobox_keypair(pk, sk, alg);
+ rspamd_cryptobox_keypair(pk, sk);
}
else {
- rspamd_cryptobox_keypair_sig(pk, sk, alg);
+ rspamd_cryptobox_keypair_sig(pk, sk);
}
rspamd_cryptobox_hash(kp->id, pk, size, NULL, 0);
}
-enum rspamd_cryptobox_mode
-rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp)
-{
- g_assert(kp != NULL);
-
- return kp->alg;
-}
-
-enum rspamd_cryptobox_mode
-rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p)
-{
- g_assert(p != NULL);
-
- return p->alg;
-}
-
struct rspamd_cryptobox_pubkey *
rspamd_pubkey_from_base32(const char *b32,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+ enum rspamd_cryptobox_keypair_type type)
{
unsigned char *decoded;
gsize dlen, expected_len;
return NULL;
}
- expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg);
+ expected_len = (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES;
if (dlen != expected_len) {
g_free(decoded);
return NULL;
}
- pk = rspamd_cryptobox_pubkey_alloc(type, alg);
+ pk = rspamd_cryptobox_pubkey_alloc(type);
REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor);
- pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen);
struct rspamd_cryptobox_pubkey *
rspamd_pubkey_from_hex(const char *hex,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+ enum rspamd_cryptobox_keypair_type type)
{
unsigned char *decoded;
gsize dlen, expected_len;
return NULL;
}
- expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg);
+ expected_len = (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES;
if (dlen != expected_len) {
g_free(decoded);
return NULL;
}
- pk = rspamd_cryptobox_pubkey_alloc(type, alg);
+ pk = rspamd_cryptobox_pubkey_alloc(type);
REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor);
- pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen);
struct rspamd_cryptobox_pubkey *
rspamd_pubkey_from_bin(const unsigned char *raw,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg)
+ enum rspamd_cryptobox_keypair_type type)
{
gsize expected_len;
unsigned int pklen;
g_assert(raw != NULL && len > 0);
- expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg);
+ (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES;
if (len != expected_len) {
return NULL;
}
- pk = rspamd_cryptobox_pubkey_alloc(type, alg);
+ pk = rspamd_cryptobox_pubkey_alloc(type);
REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor);
- pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen);
rspamd_pubkey_calculate_nm(struct rspamd_cryptobox_pubkey *p,
struct rspamd_cryptobox_keypair *kp)
{
- g_assert(kp->alg == p->alg);
g_assert(kp->type == p->type);
g_assert(p->type == RSPAMD_KEYPAIR_KEX);
REF_INIT_RETAIN(p->nm, rspamd_cryptobox_nm_dtor);
}
- if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- struct rspamd_cryptobox_pubkey_25519 *rk_25519 =
- RSPAMD_CRYPTOBOX_PUBKEY_25519(p);
- struct rspamd_cryptobox_keypair_25519 *sk_25519 =
- RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp);
+ struct rspamd_cryptobox_pubkey_25519 *rk_25519 =
+ RSPAMD_CRYPTOBOX_PUBKEY_25519(p);
+ struct rspamd_cryptobox_keypair_25519 *sk_25519 =
+ RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp);
- rspamd_cryptobox_nm(p->nm->nm, rk_25519->pk, sk_25519->sk, p->alg);
- }
- else {
- struct rspamd_cryptobox_pubkey_nist *rk_nist =
- RSPAMD_CRYPTOBOX_PUBKEY_NIST(p);
- struct rspamd_cryptobox_keypair_nist *sk_nist =
- RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp);
-
- rspamd_cryptobox_nm(p->nm->nm, rk_nist->pk, sk_nist->sk, p->alg);
- }
+ rspamd_cryptobox_nm(p->nm->nm, rk_25519->pk, sk_25519->sk);
return p->nm->nm;
}
const ucl_object_t *privkey, *pubkey, *elt;
const char *str;
enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX;
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
gboolean is_hex = FALSE;
struct rspamd_cryptobox_keypair *kp;
unsigned int len;
/* TODO: handle errors */
}
- elt = ucl_object_lookup(obj, "algorithm");
- if (elt && ucl_object_type(elt) == UCL_STRING) {
- str = ucl_object_tostring(elt);
-
- if (g_ascii_strcasecmp(str, "curve25519") == 0) {
- mode = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else if (g_ascii_strcasecmp(str, "nistp256") == 0) {
- mode = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- /* TODO: handle errors */
- }
-
elt = ucl_object_lookup(obj, "encoding");
if (elt && ucl_object_type(elt) == UCL_STRING) {
str = ucl_object_tostring(elt);
/* TODO: handle errors */
}
- kp = rspamd_cryptobox_keypair_alloc(type, mode);
+ kp = rspamd_cryptobox_keypair_alloc(type);
kp->type = type;
- kp->alg = mode;
REF_INIT_RETAIN(kp, rspamd_cryptobox_keypair_dtor);
g_assert(kp != NULL);
"encoding", 0, false);
ucl_object_insert_key(elt,
- ucl_object_fromstring(
- kp->alg == RSPAMD_CRYPTOBOX_MODE_NIST ? "nistp256" : "curve25519"),
+ ucl_object_fromstring("curve25519"),
"algorithm", 0, false);
ucl_object_insert_key(elt,
return FALSE;
}
- if (inlen < sizeof(encrypted_magic) + rspamd_cryptobox_pk_bytes(kp->alg) +
- rspamd_cryptobox_mac_bytes(kp->alg) +
- rspamd_cryptobox_nonce_bytes(kp->alg)) {
+ if (inlen < sizeof(encrypted_magic) + crypto_box_publickeybytes() +
+ crypto_box_macbytes() +
+ crypto_box_noncebytes()) {
g_set_error(err, rspamd_keypair_quark(), E2BIG, "invalid size: too small");
return FALSE;
/* Set pointers */
pubkey = in + sizeof(encrypted_magic);
- mac = pubkey + rspamd_cryptobox_pk_bytes(kp->alg);
- nonce = mac + rspamd_cryptobox_mac_bytes(kp->alg);
- data = nonce + rspamd_cryptobox_nonce_bytes(kp->alg);
+ mac = pubkey + crypto_box_publickeybytes();
+ nonce = mac + crypto_box_macbytes();
+ data = nonce + crypto_box_noncebytes();
if (data - in >= inlen) {
g_set_error(err, rspamd_keypair_quark(), E2BIG, "invalid size: too small");
if (!rspamd_cryptobox_decrypt_inplace(*out, inlen, nonce, pubkey,
rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
- mac, kp->alg)) {
+ mac)) {
g_set_error(err, rspamd_keypair_quark(), EPERM, "verification failed");
g_free(*out);
return FALSE;
}
- local = rspamd_keypair_new(kp->type, kp->alg);
+ local = rspamd_keypair_new(kp->type);
olen = inlen + sizeof(encrypted_magic) +
- rspamd_cryptobox_pk_bytes(kp->alg) +
- rspamd_cryptobox_mac_bytes(kp->alg) +
- rspamd_cryptobox_nonce_bytes(kp->alg);
+ crypto_box_publickeybytes() +
+ crypto_box_macbytes() +
+ crypto_box_noncebytes();
*out = g_malloc(olen);
memcpy(*out, encrypted_magic, sizeof(encrypted_magic));
pubkey = *out + sizeof(encrypted_magic);
- mac = pubkey + rspamd_cryptobox_pk_bytes(kp->alg);
- nonce = mac + rspamd_cryptobox_mac_bytes(kp->alg);
- data = nonce + rspamd_cryptobox_nonce_bytes(kp->alg);
+ mac = pubkey + crypto_box_publickeybytes();
+ nonce = mac + crypto_box_macbytes();
+ data = nonce + crypto_box_noncebytes();
- ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(kp->alg));
+ ottery_rand_bytes(nonce, crypto_box_noncebytes());
memcpy(data, in, inlen);
memcpy(pubkey, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_PK, NULL),
- rspamd_cryptobox_pk_bytes(kp->alg));
+ crypto_box_publickeybytes());
rspamd_cryptobox_encrypt_inplace(data, inlen, nonce, pubkey,
rspamd_keypair_component(local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
- mac, kp->alg);
+ mac);
rspamd_keypair_unref(local);
if (outlen) {
return FALSE;
}
- local = rspamd_keypair_new(pk->type, pk->alg);
+ local = rspamd_keypair_new(pk->type);
olen = inlen + sizeof(encrypted_magic) +
- rspamd_cryptobox_pk_bytes(pk->alg) +
- rspamd_cryptobox_mac_bytes(pk->alg) +
- rspamd_cryptobox_nonce_bytes(pk->alg);
+ crypto_box_publickeybytes() +
+ crypto_box_macbytes() +
+ crypto_box_noncebytes();
*out = g_malloc(olen);
memcpy(*out, encrypted_magic, sizeof(encrypted_magic));
pubkey = *out + sizeof(encrypted_magic);
- mac = pubkey + rspamd_cryptobox_pk_bytes(pk->alg);
- nonce = mac + rspamd_cryptobox_mac_bytes(pk->alg);
- data = nonce + rspamd_cryptobox_nonce_bytes(pk->alg);
+ mac = pubkey + crypto_box_publickeybytes();
+ nonce = mac + crypto_box_macbytes();
+ data = nonce + crypto_box_noncebytes();
- ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(pk->alg));
+ ottery_rand_bytes(nonce, crypto_box_noncebytes());
memcpy(data, in, inlen);
memcpy(pubkey, rspamd_pubkey_get_pk(pk, NULL),
- rspamd_cryptobox_pk_bytes(pk->alg));
+ crypto_box_publickeybytes());
rspamd_cryptobox_encrypt_inplace(data, inlen, nonce, pubkey,
rspamd_keypair_component(local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
- mac, pk->alg);
+ mac);
rspamd_keypair_unref(local);
if (outlen) {
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* @return fresh keypair generated
*/
struct rspamd_cryptobox_keypair *rspamd_keypair_new(
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg);
+ enum rspamd_cryptobox_keypair_type type);
/**
* Increase refcount for the specific keypair
*/
struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32(const char *b32,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg);
+ enum rspamd_cryptobox_keypair_type type);
/**
* Load pubkey from hex string
*/
struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex(const char *hex,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg);
+ enum rspamd_cryptobox_keypair_type type);
/**
* Load pubkey from raw chunk string
*/
struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_bin(const unsigned char *raw,
gsize len,
- enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_mode alg);
+ enum rspamd_cryptobox_keypair_type type);
/**
/**
* Get type of pubkey
*/
-enum rspamd_cryptobox_keypair_type rspamd_pubkey_type(
- struct rspamd_cryptobox_pubkey *p);
-
-/**
- * Get algorithm of keypair
- */
-enum rspamd_cryptobox_mode rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp);
-
-/**
- * Get algorithm of pubkey
- */
-enum rspamd_cryptobox_mode rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p);
+enum rspamd_cryptobox_keypair_type rspamd_pubkey_type(struct rspamd_cryptobox_pubkey *p);
/**
* Get cached NM for this specific pubkey
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
struct rspamd_cryptobox_keypair {
unsigned char id[rspamd_cryptobox_HASHBYTES];
enum rspamd_cryptobox_keypair_type type;
- enum rspamd_cryptobox_mode alg;
ucl_object_t *extensions;
ref_entry_t ref;
};
-/*
- * NIST p256 ecdh keypair
- */
-#define RSPAMD_CRYPTOBOX_KEYPAIR_NIST(x) ((struct rspamd_cryptobox_keypair_nist *) (x))
-struct rspamd_cryptobox_keypair_nist {
- struct rspamd_cryptobox_keypair parent;
- unsigned char sk[32];
- unsigned char pk[65];
-};
-
/*
* Curve25519 ecdh keypair
*/
unsigned char pk[32];
};
-/*
- * NIST p256 ecdsa keypair
- */
-#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(x) ((struct rspamd_cryptobox_keypair_sig_nist *) (x))
-struct rspamd_cryptobox_keypair_sig_nist {
- struct rspamd_cryptobox_keypair parent;
- unsigned char sk[32];
- unsigned char pk[65];
-};
-
/*
* Ed25519 keypair
*/
unsigned char id[rspamd_cryptobox_HASHBYTES];
struct rspamd_cryptobox_nm *nm;
enum rspamd_cryptobox_keypair_type type;
- enum rspamd_cryptobox_mode alg;
ref_entry_t ref;
};
-/*
- * Public p256 ecdh
- */
-#define RSPAMD_CRYPTOBOX_PUBKEY_NIST(x) ((struct rspamd_cryptobox_pubkey_nist *) (x))
-struct rspamd_cryptobox_pubkey_nist {
- struct rspamd_cryptobox_pubkey parent;
- unsigned char pk[65];
-};
-
/*
* Public curve25519 ecdh
*/
unsigned char pk[32];
};
-/*
- * Public p256 ecdsa
- */
-#define RSPAMD_CRYPTOBOX_PUBKEY_SIG_NIST(x) ((struct rspamd_cryptobox_pubkey_sig_nist *) (x))
-struct rspamd_cryptobox_pubkey_sig_nist {
- struct rspamd_cryptobox_pubkey parent;
- unsigned char pk[65];
-};
-
/*
* Public ed25519
*/
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
g_assert(lk != NULL);
g_assert(rk != NULL);
- g_assert(rk->alg == lk->alg);
g_assert(rk->type == lk->type);
g_assert(rk->type == RSPAMD_KEYPAIR_KEX);
rspamd_cryptobox_HASHBYTES);
memcpy(&new->nm->sk_id, lk->id, sizeof(uint64_t));
- if (rk->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- struct rspamd_cryptobox_pubkey_25519 *rk_25519 =
- RSPAMD_CRYPTOBOX_PUBKEY_25519(rk);
- struct rspamd_cryptobox_keypair_25519 *sk_25519 =
- RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk);
+ struct rspamd_cryptobox_pubkey_25519 *rk_25519 =
+ RSPAMD_CRYPTOBOX_PUBKEY_25519(rk);
+ struct rspamd_cryptobox_keypair_25519 *sk_25519 =
+ RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk);
- rspamd_cryptobox_nm(new->nm->nm, rk_25519->pk, sk_25519->sk, rk->alg);
- }
- else {
- struct rspamd_cryptobox_pubkey_nist *rk_nist =
- RSPAMD_CRYPTOBOX_PUBKEY_NIST(rk);
- struct rspamd_cryptobox_keypair_nist *sk_nist =
- RSPAMD_CRYPTOBOX_KEYPAIR_NIST(lk);
-
- rspamd_cryptobox_nm(new->nm->nm, rk_nist->pk, sk_nist->sk, rk->alg);
- }
+ rspamd_cryptobox_nm(new->nm->nm, rk_25519->pk, sk_25519->sk);
rspamd_lru_hash_insert(c->hash, new, new, time(NULL), -1);
}
gsize len;
const char *str;
rspamd_cryptobox_keypair_type keypair_type = RSPAMD_KEYPAIR_KEX;
- rspamd_cryptobox_mode keypair_mode = RSPAMD_CRYPTOBOX_MODE_25519;
if (pd->flags & RSPAMD_CL_FLAG_SIGNKEY) {
keypair_type = RSPAMD_KEYPAIR_SIGN;
}
- if (pd->flags & RSPAMD_CL_FLAG_NISTKEY) {
- keypair_mode = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
target = (struct rspamd_cryptobox_pubkey **) (((char *) pd->user_struct) +
pd->offset);
if (obj->type == UCL_STRING) {
str = ucl_object_tolstring(obj, &len);
- pk = rspamd_pubkey_from_base32(str, len, keypair_type,
- keypair_mode);
+ pk = rspamd_pubkey_from_base32(str, len, keypair_type);
if (pk != nullptr) {
*target = pk;
/*
- * Copyright 2023 Vsevolod Stakhov
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RSPAMD_CL_FLAG_STRING_LIST_HASH = 0x1 << 12,
RSPAMD_CL_FLAG_MULTIPLE = 0x1 << 13,
RSPAMD_CL_FLAG_SIGNKEY = 0x1 << 14,
- RSPAMD_CL_FLAG_NISTKEY = 0x1 << 15,
};
struct rspamd_rcl_struct_parser {
if (key->type == RSPAMD_DKIM_KEY_EDDSA) {
key->specific.key_eddsa = key->keydata;
- if (key->decoded_len != rspamd_cryptobox_pk_sig_bytes(
- RSPAMD_CRYPTOBOX_MODE_25519)) {
+ if (key->decoded_len != crypto_sign_publickeybytes()) {
g_set_error(err,
DKIM_ERROR,
DKIM_SIGERROR_KEYFAIL,
- "DKIM key is has invalid length %d for eddsa; expected %d",
+ "DKIM key is has invalid length %d for eddsa; expected %zd",
(int) key->decoded_len,
- rspamd_cryptobox_pk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519));
+ crypto_sign_publickeybytes());
REF_RELEASE(key);
return NULL;
case RSPAMD_DKIM_KEY_EDDSA:
if (!rspamd_cryptobox_verify(ctx->b, ctx->blen, raw_digest, dlen,
- key->specific.key_eddsa, RSPAMD_CRYPTOBOX_MODE_25519)) {
+ key->specific.key_eddsa)) {
msg_info_dkim(
"%s: headers EDDSA verification failure; "
"body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s",
}
if (type == RSPAMD_DKIM_KEY_RAW && (len == 32 ||
- len == rspamd_cryptobox_sk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519))) {
+ len == crypto_sign_secretkeybytes())) {
if (len == 32) {
/* Seeded key, need scalarmult */
unsigned char pk[32];
nkey->type = RSPAMD_DKIM_KEY_EDDSA;
- nkey->specific.key_eddsa = g_malloc(
- rspamd_cryptobox_sk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519));
+ nkey->specific.key_eddsa = g_malloc(crypto_sign_secretkeybytes());
crypto_sign_ed25519_seed_keypair(pk, nkey->specific.key_eddsa, key);
- nkey->keylen = rspamd_cryptobox_sk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519);
+ nkey->keylen = crypto_sign_secretkeybytes();
}
else {
/* Full ed25519 key */
- unsigned klen = rspamd_cryptobox_sk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519);
+ unsigned klen = crypto_sign_secretkeybytes();
nkey->type = RSPAMD_DKIM_KEY_EDDSA;
nkey->specific.key_eddsa = g_malloc(klen);
memcpy(nkey->specific.key_eddsa, key, klen);
}
}
else if (ctx->key->type == RSPAMD_DKIM_KEY_EDDSA) {
- sig_len = rspamd_cryptobox_signature_bytes(RSPAMD_CRYPTOBOX_MODE_25519);
+ sig_len = crypto_sign_bytes();
sig_buf = g_alloca(sig_len);
- rspamd_cryptobox_sign(sig_buf, NULL, raw_digest, dlen,
- ctx->key->specific.key_eddsa, RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_sign(sig_buf, NULL, raw_digest, dlen, ctx->key->specific.key_eddsa);
}
else {
g_string_free(hdr, TRUE);
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
if (decoded_id != NULL && id_len >= RSPAMD_KEYPAIR_SHORT_ID_LEN) {
pk = rspamd_pubkey_from_base32(eq_pos + 1,
data->begin + data->len - eq_pos - 1,
- RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ RSPAMD_KEYPAIR_KEX);
if (pk != NULL) {
if (memcmp(rspamd_keypair_get_id(priv->local_key),
decoded_id,
struct rspamd_http_header *hdr, *hcur, *hcurtmp;
struct http_parser decrypted_parser;
struct http_parser_settings decrypted_cb;
- enum rspamd_cryptobox_mode mode;
- mode = rspamd_keypair_alg(priv->local_key);
nonce = msg->body_buf.str;
- m = msg->body_buf.str + rspamd_cryptobox_nonce_bytes(mode) +
- rspamd_cryptobox_mac_bytes(mode);
- dec_len = msg->body_buf.len - rspamd_cryptobox_nonce_bytes(mode) -
- rspamd_cryptobox_mac_bytes(mode);
+ m = msg->body_buf.str + crypto_box_noncebytes() +
+ crypto_box_macbytes();
+ dec_len = msg->body_buf.len - crypto_box_noncebytes() - crypto_box_macbytes();
if ((nm = rspamd_pubkey_get_nm(peer_key, priv->local_key)) == NULL) {
nm = rspamd_pubkey_calculate_nm(peer_key, priv->local_key);
}
if (!rspamd_cryptobox_decrypt_nm_inplace(m, dec_len, nonce,
- nm, m - rspamd_cryptobox_mac_bytes(mode), mode)) {
+ nm, m - crypto_box_macbytes())) {
msg_err("cannot verify encrypted message, first bytes of the input: %*xs",
(int) MIN(msg->body_buf.len, 64), msg->body_buf.begin);
return -1;
(struct rspamd_http_connection *) parser->data;
struct rspamd_http_connection_private *priv;
int ret = 0;
- enum rspamd_cryptobox_mode mode;
if (conn->finished) {
return 0;
}
if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED(priv)) {
- mode = rspamd_keypair_alg(priv->local_key);
if (priv->local_key == NULL || priv->msg->peer_key == NULL ||
- priv->msg->body_buf.len < rspamd_cryptobox_nonce_bytes(mode) +
- rspamd_cryptobox_mac_bytes(mode)) {
+ priv->msg->body_buf.len < crypto_box_noncebytes() +
+ crypto_box_macbytes()) {
msg_err("cannot decrypt message");
return -1;
}
int i, cnt;
unsigned int outlen;
struct rspamd_http_header *hdr, *hcur;
- enum rspamd_cryptobox_mode mode;
- mode = rspamd_keypair_alg(priv->local_key);
- crlfp = mp + rspamd_cryptobox_mac_bytes(mode);
+ crlfp = mp + crypto_box_macbytes();
outlen = priv->out[0].iov_len + priv->out[1].iov_len;
/*
nm = rspamd_pubkey_calculate_nm(peer_key, priv->local_key);
}
-rspamd_cryptobox_encryptv_nm_inplace(segments, cnt, np, nm, mp, mode);
+rspamd_cryptobox_encryptv_nm_inplace(segments, cnt, np, nm, mp);
/*
* iov[0] = base HTTP request
* iov[4..i] = encrypted HTTP request/reply
*/
priv->out[2].iov_base = np;
-priv->out[2].iov_len = rspamd_cryptobox_nonce_bytes(mode);
+priv->out[2].iov_len = crypto_box_noncebytes();
priv->out[3].iov_base = mp;
-priv->out[3].iov_len = rspamd_cryptobox_mac_bytes(mode);
+priv->out[3].iov_len = crypto_box_macbytes();
-outlen += rspamd_cryptobox_nonce_bytes(mode) +
- rspamd_cryptobox_mac_bytes(mode);
+outlen += crypto_box_noncebytes() +
+ crypto_box_macbytes();
for (i = 0; i < cnt; i++) {
priv->out[i + 4].iov_base = segments[i].data;
unsigned char nonce[rspamd_cryptobox_MAX_NONCEBYTES], mac[rspamd_cryptobox_MAX_MACBYTES];
unsigned char *np = NULL, *mp = NULL, *meth_pos = NULL;
struct rspamd_cryptobox_pubkey *peer_key = NULL;
- enum rspamd_cryptobox_mode mode;
GError *err;
conn->ud = ud;
if (msg->peer_key != NULL) {
if (priv->local_key == NULL) {
/* Automatically generate a temporary keypair */
- priv->local_key = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ priv->local_key = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX);
}
encrypted = TRUE;
}
if (encrypted) {
- mode = rspamd_keypair_alg(priv->local_key);
-
if (msg->body_buf.len == 0) {
pbody = NULL;
bodylen = 0;
* [iov[n + 2] = encrypted body]
*/
priv->outlen = 7;
- enclen = rspamd_cryptobox_nonce_bytes(mode) +
- rspamd_cryptobox_mac_bytes(mode) +
+ enclen = crypto_box_noncebytes() +
+ crypto_box_macbytes() +
4 + /* 2 * CRLF */
bodylen;
}
ENCRYPTED_VERSION);
}
- enclen = rspamd_cryptobox_nonce_bytes(mode) +
- rspamd_cryptobox_mac_bytes(mode) +
+ enclen = crypto_box_noncebytes() +
+ crypto_box_macbytes() +
preludelen + /* version [content-length] + 2 * CRLF */
bodylen;
}
/* Buf will be used eventually for encryption */
if (encrypted) {
int meth_offset, nonce_offset, mac_offset;
- mode = rspamd_keypair_alg(priv->local_key);
- ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(mode));
- memset(mac, 0, rspamd_cryptobox_mac_bytes(mode));
+ ottery_rand_bytes(nonce, crypto_box_noncebytes());
+ memset(mac, 0, crypto_box_macbytes());
meth_offset = buf->len;
if (conn->type == RSPAMD_HTTP_SERVER) {
}
nonce_offset = buf->len;
- buf = rspamd_fstring_append(buf, nonce,
- rspamd_cryptobox_nonce_bytes(mode));
+ buf = rspamd_fstring_append(buf, nonce, crypto_box_noncebytes());
mac_offset = buf->len;
- buf = rspamd_fstring_append(buf, mac,
- rspamd_cryptobox_mac_bytes(mode));
+ buf = rspamd_fstring_append(buf, mac, crypto_box_macbytes());
/* Need to be encrypted */
if (conn->type == RSPAMD_HTTP_SERVER) {
gpointer ssl_ctx = (msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY) ? priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx;
if (!ssl_ctx) {
- err = g_error_new(HTTP_ERROR, 400, "ssl message requested "
- "with no ssl ctx");
- rspamd_http_connection_ref(conn);
- conn->error_handler(conn, err);
- rspamd_http_connection_unref(conn);
- g_error_free(err);
- return FALSE;
+ err = g_error_new(HTTP_ERROR, 400, "ssl message requested "
+ "with no ssl ctx");
+ rspamd_http_connection_ref(conn);
+ conn->error_handler(conn, err);
+ rspamd_http_connection_unref(conn);
+ g_error_free(err);
+ return FALSE;
}
else {
- if (!priv->ssl) {
- priv->ssl = rspamd_ssl_connection_new(ssl_ctx, priv->ctx->event_loop,
- !(msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY),
- conn->log_tag);
- g_assert(priv->ssl != NULL);
-
- if (!rspamd_ssl_connect_fd(priv->ssl, conn->fd, host, &priv->ev,
- priv->timeout, rspamd_http_event_handler,
- rspamd_http_ssl_err_handler, conn)) {
-
- err = g_error_new(HTTP_ERROR, 400,
- "ssl connection error: ssl error=%s, errno=%s",
- ERR_error_string(ERR_get_error(), NULL),
- strerror(errno));
- rspamd_http_connection_ref(conn);
- conn->error_handler(conn, err);
- rspamd_http_connection_unref(conn);
- g_error_free(err);
- return FALSE;
- }
- }
- else {
- /* Just restore SSL handlers */
- rspamd_ssl_connection_restore_handlers(priv->ssl,
- rspamd_http_event_handler,
- rspamd_http_ssl_err_handler,
- conn,
- EV_WRITE);
+ if (!priv->ssl) {
+ priv->ssl = rspamd_ssl_connection_new(ssl_ctx, priv->ctx->event_loop,
+ !(msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY),
+ conn->log_tag);
+ g_assert(priv->ssl != NULL);
+
+ if (!rspamd_ssl_connect_fd(priv->ssl, conn->fd, host, &priv->ev,
+ priv->timeout, rspamd_http_event_handler,
+ rspamd_http_ssl_err_handler, conn)) {
+
+ err = g_error_new(HTTP_ERROR, 400,
+ "ssl connection error: ssl error=%s, errno=%s",
+ ERR_error_string(ERR_get_error(), NULL),
+ strerror(errno));
+ rspamd_http_connection_ref(conn);
+ conn->error_handler(conn, err);
+ rspamd_http_connection_unref(conn);
+ g_error_free(err);
+ return FALSE;
}
+ }
+ else {
+ /* Just restore SSL handlers */
+ rspamd_ssl_connection_restore_handlers(priv->ssl,
+ rspamd_http_event_handler,
+ rspamd_http_ssl_err_handler,
+ conn,
+ EV_WRITE);
+ }
}
}
else {
struct rspamd_http_connection_private *priv = conn->priv;
if (priv->peer_key) {
- return priv->peer_key;
+ return priv->peer_key;
}
else if (priv->msg) {
- return priv->msg->peer_key;
+ return priv->msg->peer_key;
}
return NULL;
struct rspamd_http_connection_private *priv = conn->priv;
if (priv->peer_key != NULL) {
- return TRUE;
+ return TRUE;
}
else if (priv->msg) {
- return priv->msg->peer_key != NULL;
+ return priv->msg->peer_key != NULL;
}
return FALSE;
rspamd_fstring_mapped_ftok_free);
if (msg->url && msg->url->len > 0) {
- http_parser_parse_url(msg->url->str, msg->url->len, TRUE, &u);
-
- if (u.field_set & (1 << UF_QUERY)) {
- p = msg->url->str + u.field_data[UF_QUERY].off;
- c = p;
- end = p + u.field_data[UF_QUERY].len;
-
- while (p <= end) {
- switch (state) {
- case parse_key:
- if ((p == end || *p == '&') && p > c) {
- /* We have a single parameter without a value */
- key = rspamd_fstring_new_init(c, p - c);
- key_tok = rspamd_ftok_map(key);
- key_tok->len = rspamd_url_decode(key->str, key->str,
- key->len);
-
- value = rspamd_fstring_new_init("", 0);
- value_tok = rspamd_ftok_map(value);
+ http_parser_parse_url(msg->url->str, msg->url->len, TRUE, &u);
+
+ if (u.field_set & (1 << UF_QUERY)) {
+ p = msg->url->str + u.field_data[UF_QUERY].off;
+ c = p;
+ end = p + u.field_data[UF_QUERY].len;
+
+ while (p <= end) {
+ switch (state) {
+ case parse_key:
+ if ((p == end || *p == '&') && p > c) {
+ /* We have a single parameter without a value */
+ key = rspamd_fstring_new_init(c, p - c);
+ key_tok = rspamd_ftok_map(key);
+ key_tok->len = rspamd_url_decode(key->str, key->str,
+ key->len);
+
+ value = rspamd_fstring_new_init("", 0);
+ value_tok = rspamd_ftok_map(value);
+
+ g_hash_table_replace(res, key_tok, value_tok);
+ state = parse_ampersand;
+ }
+ else if (*p == '=' && p > c) {
+ /* We have something like key=value */
+ key = rspamd_fstring_new_init(c, p - c);
+ key_tok = rspamd_ftok_map(key);
+ key_tok->len = rspamd_url_decode(key->str, key->str,
+ key->len);
+
+ state = parse_eqsign;
+ }
+ else {
+ p++;
+ }
+ break;
- g_hash_table_replace(res, key_tok, value_tok);
- state = parse_ampersand;
- }
- else if (*p == '=' && p > c) {
- /* We have something like key=value */
- key = rspamd_fstring_new_init(c, p - c);
- key_tok = rspamd_ftok_map(key);
- key_tok->len = rspamd_url_decode(key->str, key->str,
- key->len);
-
- state = parse_eqsign;
- }
- else {
- p++;
- }
- break;
+ case parse_eqsign:
+ if (*p != '=') {
+ c = p;
+ state = parse_value;
+ }
+ else {
+ p++;
+ }
+ break;
- case parse_eqsign:
- if (*p != '=') {
- c = p;
- state = parse_value;
- }
- else {
- p++;
- }
- break;
-
- case parse_value:
- if ((p == end || *p == '&') && p >= c) {
- g_assert(key != NULL);
- if (p > c) {
- value = rspamd_fstring_new_init(c, p - c);
- value_tok = rspamd_ftok_map(value);
- value_tok->len = rspamd_url_decode(value->str,
- value->str,
- value->len);
- /* Detect quotes for value */
- if (value_tok->begin[0] == '"') {
- memmove(value->str, value->str + 1,
- value_tok->len - 1);
- value_tok->len--;
- }
- if (value_tok->begin[value_tok->len - 1] == '"') {
- value_tok->len--;
- }
+ case parse_value:
+ if ((p == end || *p == '&') && p >= c) {
+ g_assert(key != NULL);
+ if (p > c) {
+ value = rspamd_fstring_new_init(c, p - c);
+ value_tok = rspamd_ftok_map(value);
+ value_tok->len = rspamd_url_decode(value->str,
+ value->str,
+ value->len);
+ /* Detect quotes for value */
+ if (value_tok->begin[0] == '"') {
+ memmove(value->str, value->str + 1,
+ value_tok->len - 1);
+ value_tok->len--;
}
- else {
- value = rspamd_fstring_new_init("", 0);
- value_tok = rspamd_ftok_map(value);
+ if (value_tok->begin[value_tok->len - 1] == '"') {
+ value_tok->len--;
}
-
- g_hash_table_replace(res, key_tok, value_tok);
- key = value = NULL;
- key_tok = value_tok = NULL;
- state = parse_ampersand;
}
else {
- p++;
+ value = rspamd_fstring_new_init("", 0);
+ value_tok = rspamd_ftok_map(value);
}
- break;
- case parse_ampersand:
- if (p != end && *p != '&') {
- c = p;
- state = parse_key;
- }
- else {
- p++;
- }
- break;
+ g_hash_table_replace(res, key_tok, value_tok);
+ key = value = NULL;
+ key_tok = value_tok = NULL;
+ state = parse_ampersand;
+ }
+ else {
+ p++;
+ }
+ break;
+
+ case parse_ampersand:
+ if (p != end && *p != '&') {
+ c = p;
+ state = parse_key;
+ }
+ else {
+ p++;
}
+ break;
}
}
+ }
- if (state != parse_ampersand && key != NULL) {
- rspamd_fstring_free(key);
- }
+ if (state != parse_ampersand && key != NULL) {
+ rspamd_fstring_free(key);
+ }
}
return res;
priv = conn->priv;
if (priv) {
- if (priv->local_key) {
- rspamd_keypair_unref(priv->local_key);
- }
- if (priv->peer_key) {
- rspamd_pubkey_unref(priv->peer_key);
- }
+ if (priv->local_key) {
+ rspamd_keypair_unref(priv->local_key);
+ }
+ if (priv->peer_key) {
+ rspamd_pubkey_unref(priv->peer_key);
+ }
- priv->local_key = NULL;
- priv->peer_key = NULL;
- priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
+ priv->local_key = NULL;
+ priv->peer_key = NULL;
+ priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
}
}
\ No newline at end of file
ev_timer_again(loop, w);
kp = ctx->client_kp;
- ctx->client_kp = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ ctx->client_kp = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX);
rspamd_keypair_unref(kp);
}
/*
- * Copyright 2023 Vsevolod Stakhov
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
if (cfg->log_encryption_key) {
logger->pk = rspamd_pubkey_ref(cfg->log_encryption_key);
- logger->keypair = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ logger->keypair = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX);
rspamd_pubkey_calculate_nm(logger->pk, logger->keypair);
}
}
g_assert(end > begin);
/* base64 (pubkey | nonce | message) */
- inlen = rspamd_cryptobox_nonce_bytes(RSPAMD_CRYPTOBOX_MODE_25519) +
- rspamd_cryptobox_pk_bytes(RSPAMD_CRYPTOBOX_MODE_25519) +
- rspamd_cryptobox_mac_bytes(RSPAMD_CRYPTOBOX_MODE_25519) +
+ inlen = crypto_box_noncebytes() +
+ crypto_box_publickeybytes() +
+ crypto_box_macbytes() +
(end - begin);
out = g_malloc(inlen);
comp = rspamd_pubkey_get_pk(rspamd_log->pk, &len);
memcpy(p, comp, len);
p += len;
- ottery_rand_bytes(p, rspamd_cryptobox_nonce_bytes(RSPAMD_CRYPTOBOX_MODE_25519));
+ ottery_rand_bytes(p, crypto_box_noncebytes());
nonce = p;
- p += rspamd_cryptobox_nonce_bytes(RSPAMD_CRYPTOBOX_MODE_25519);
+ p += crypto_box_noncebytes();
mac = p;
- p += rspamd_cryptobox_mac_bytes(RSPAMD_CRYPTOBOX_MODE_25519);
+ p += crypto_box_macbytes();
memcpy(p, begin, end - begin);
comp = rspamd_pubkey_get_nm(rspamd_log->pk, rspamd_log->keypair);
g_assert(comp != NULL);
- rspamd_cryptobox_encrypt_nm_inplace(p, end - begin, nonce, comp, mac,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_encrypt_nm_inplace(p, end - begin, nonce, comp, mac);
b64 = rspamd_encode_base64(out, inlen, 0, enc_len);
g_free(out);
GString *b32_key;
gboolean ret = TRUE;
- if (siglen != rspamd_cryptobox_signature_bytes(RSPAMD_CRYPTOBOX_MODE_25519)) {
+ if (siglen != crypto_sign_bytes()) {
msg_err_map("can't open signature for %s: invalid size: %z", map->name, siglen);
ret = FALSE;
}
if (ret && !rspamd_cryptobox_verify(sig, siglen, input, inlen,
- rspamd_pubkey_get_pk(pk, NULL), RSPAMD_CRYPTOBOX_MODE_25519)) {
+ rspamd_pubkey_get_pk(pk, NULL))) {
msg_err_map("can't verify signature for %s: incorrect signature", map->name);
ret = FALSE;
return FALSE;
}
- pk = rspamd_pubkey_from_base32(data, len, RSPAMD_KEYPAIR_SIGN,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ pk = rspamd_pubkey_from_base32(data, len, RSPAMD_KEYPAIR_SIGN);
munmap(data, len);
if (pk == NULL) {
end_key = memchr(pos, '+', end - pos);
if (end_key != NULL) {
- bk->trusted_pubkey = rspamd_pubkey_from_base32(pos, end_key - pos,
- RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519);
+ bk->trusted_pubkey = rspamd_pubkey_from_base32(pos, end_key - pos, RSPAMD_KEYPAIR_SIGN);
if (bk->trusted_pubkey == NULL) {
msg_err_config("cannot read pubkey from map: %s",
}
else if (end - pos > 64) {
/* Try hex encoding */
- bk->trusted_pubkey = rspamd_pubkey_from_hex(pos, 64,
- RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519);
+ bk->trusted_pubkey = rspamd_pubkey_from_hex(pos, 64, RSPAMD_KEYPAIR_SIGN);
if (bk->trusted_pubkey == NULL) {
msg_err_config("cannot read pubkey from map: %s",
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* Loads public key from base32 encoded file
* @param {string} file filename to load
* @param {string} type optional 'sign' or 'kex' for signing and encryption
- * @param {string} alg optional 'default' or 'nist' for curve25519/nistp256 keys
* @return {cryptobox_pubkey} new public key
*/
static int
struct rspamd_cryptobox_pubkey *pkey = NULL, **ppkey;
const char *filename, *arg;
int type = RSPAMD_KEYPAIR_SIGN;
- int alg = RSPAMD_CRYPTOBOX_MODE_25519;
unsigned char *map;
gsize len;
type = RSPAMD_KEYPAIR_KEX;
}
}
- if (lua_type(L, 3) == LUA_TSTRING) {
- /* algorithm */
- arg = lua_tostring(L, 3);
-
- if (strcmp(arg, "default") == 0 || strcmp(arg, "curve25519") == 0) {
- type = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else if (strcmp(arg, "nist") == 0) {
- type = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- }
- pkey = rspamd_pubkey_from_base32(map, len, type, alg);
+ pkey = rspamd_pubkey_from_base32(map, len, type);
if (pkey == NULL) {
msg_err("cannot open pubkey from file: %s", filename);
* Loads public key from base32 encoded string
* @param {base32 string} base32 string with the key
* @param {string} type optional 'sign' or 'kex' for signing and encryption
- * @param {string} alg optional 'default' or 'nist' for curve25519/nistp256 keys
* @return {cryptobox_pubkey} new public key
*/
static int
const char *buf, *arg;
gsize len;
int type = RSPAMD_KEYPAIR_SIGN;
- int alg = RSPAMD_CRYPTOBOX_MODE_25519;
buf = luaL_checklstring(L, 1, &len);
if (buf != NULL) {
type = RSPAMD_KEYPAIR_KEX;
}
}
- if (lua_type(L, 3) == LUA_TSTRING) {
- /* algorithm */
- arg = lua_tostring(L, 3);
-
- if (strcmp(arg, "default") == 0 || strcmp(arg, "curve25519") == 0) {
- type = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else if (strcmp(arg, "nist") == 0) {
- type = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- }
- pkey = rspamd_pubkey_from_base32(buf, len, type, alg);
+ pkey = rspamd_pubkey_from_base32(buf, len, type);
if (pkey == NULL) {
msg_err("cannot load pubkey from string");
* @function rspamd_cryptobox_keypair.create([type='encryption'[, alg='curve25519']])
* Generates new keypair
* @param {string} type type of keypair: 'encryption' (default) or 'sign'
- * @param {string} alg algorithm of keypair: 'curve25519' (default) or 'nist'
* @return {cryptobox_keypair} new keypair
*/
static int
LUA_TRACE_POINT;
struct rspamd_cryptobox_keypair *kp, **pkp;
enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX;
- enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
if (lua_isstring(L, 1)) {
const char *str = lua_tostring(L, 1);
}
}
- if (lua_isstring(L, 2)) {
- const char *str = lua_tostring(L, 2);
-
- if (strcmp(str, "nist") == 0 || strcmp(str, "openssl") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- else if (strcmp(str, "curve25519") == 0 || strcmp(str, "default") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else {
- return luaL_error(L, "invalid keypair algorithm: %s", str);
- }
- }
-
- kp = rspamd_keypair_new(type, alg);
+ kp = rspamd_keypair_new(type);
pkp = lua_newuserdata(L, sizeof(gpointer));
*pkp = kp;
struct rspamd_cryptobox_keypair *kp = lua_check_cryptobox_keypair(L, 1);
if (kp) {
- if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
- lua_pushstring(L, "curve25519");
- }
- else {
- lua_pushstring(L, "nist");
- }
+ lua_pushstring(L, "curve25519");
}
else {
return luaL_error(L, "invalid arguments");
if (kp) {
data = rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_PK, &dlen);
- pk = rspamd_pubkey_from_bin(data, dlen, kp->type, kp->alg);
+ pk = rspamd_pubkey_from_bin(data, dlen, kp->type);
if (pk == NULL) {
return luaL_error(L, "invalid keypair");
}
/***
- * @function rspamd_cryptobox_signature.load(file, [alg = 'curve25519'])
+ * @function rspamd_cryptobox_signature.load(file)
* Loads signature from raw file
* @param {string} file filename to load
* @return {cryptobox_signature} new signature
gpointer data;
int fd;
struct stat st;
- enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
filename = luaL_checkstring(L, 1);
if (filename != NULL) {
lua_pushnil(L);
}
else {
- if (lua_isstring(L, 2)) {
- const char *str = lua_tostring(L, 2);
-
- if (strcmp(str, "nist") == 0 || strcmp(str, "openssl") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- else if (strcmp(str, "curve25519") == 0 || strcmp(str, "default") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else {
- munmap(data, st.st_size);
- close(fd);
-
- return luaL_error(L, "invalid keypair algorithm: %s", str);
- }
- }
if (st.st_size > 0) {
sig = rspamd_fstring_new_init(data, st.st_size);
psig = lua_newuserdata(L, sizeof(rspamd_fstring_t *));
else {
msg_err("size of %s mismatches: %d while %d is expected",
filename, (int) st.st_size,
- rspamd_cryptobox_signature_bytes(alg));
+ crypto_sign_bytes());
lua_pushnil(L);
}
}
if (data != NULL) {
- if (dlen == rspamd_cryptobox_signature_bytes(RSPAMD_CRYPTOBOX_MODE_25519)) {
+ if (dlen == crypto_sign_bytes()) {
sig = rspamd_fstring_new_init(data, dlen);
psig = lua_newuserdata(L, sizeof(rspamd_fstring_t *));
rspamd_lua_setclass(L, rspamd_cryptobox_signature_classname, -1);
}
/***
- * @function rspamd_cryptobox.verify_memory(pk, sig, data, [alg = 'curve25519'])
+ * @function rspamd_cryptobox.verify_memory(pk, sig, data)
* Check memory using specified cryptobox key and signature
* @param {pubkey} pk public key to verify
* @param {sig} signature to check
rspamd_fstring_t *signature;
struct rspamd_lua_text *t;
const char *data;
- enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
gsize len;
int ret;
data = luaL_checklstring(L, 3, &len);
}
- if (lua_isstring(L, 4)) {
- const char *str = lua_tostring(L, 4);
-
- if (strcmp(str, "nist") == 0 || strcmp(str, "openssl") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- else if (strcmp(str, "curve25519") == 0 || strcmp(str, "default") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else {
- return luaL_error(L, "invalid algorithm: %s", str);
- }
- }
-
if (pk != NULL && signature != NULL && data != NULL) {
ret = rspamd_cryptobox_verify(signature->str, signature->len, data, len,
- rspamd_pubkey_get_pk(pk, NULL), alg);
+ rspamd_pubkey_get_pk(pk, NULL));
if (ret) {
lua_pushboolean(L, 1);
}
/***
- * @function rspamd_cryptobox.verify_file(pk, sig, file, [alg = 'curve25519'])
+ * @function rspamd_cryptobox.verify_file(pk, sig, file)
* Check file using specified cryptobox key and signature
* @param {pubkey} pk public key to verify
* @param {sig} signature to check
struct rspamd_cryptobox_pubkey *pk;
rspamd_fstring_t *signature;
unsigned char *map = NULL;
- enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
gsize len;
int ret;
signature = lua_check_cryptobox_sign(L, 2);
fname = luaL_checkstring(L, 3);
- if (lua_isstring(L, 4)) {
- const char *str = lua_tostring(L, 4);
-
- if (strcmp(str, "nist") == 0 || strcmp(str, "openssl") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
- else if (strcmp(str, "curve25519") == 0 || strcmp(str, "default") == 0) {
- alg = RSPAMD_CRYPTOBOX_MODE_25519;
- }
- else {
- return luaL_error(L, "invalid algorithm: %s", str);
- }
- }
-
map = rspamd_file_xmap(fname, PROT_READ, &len, TRUE);
if (map != NULL && pk != NULL && signature != NULL) {
ret = rspamd_cryptobox_verify(signature->str, signature->len,
map, len,
- rspamd_pubkey_get_pk(pk, NULL), alg);
+ rspamd_pubkey_get_pk(pk, NULL));
if (ret) {
lua_pushboolean(L, 1);
return luaL_error(L, "invalid arguments");
}
- sig = rspamd_fstring_sized_new(rspamd_cryptobox_signature_bytes(
- rspamd_keypair_alg(kp)));
+ sig = rspamd_fstring_sized_new(crypto_sign_bytes());
unsigned long long siglen = sig->len;
rspamd_cryptobox_sign(sig->str, &siglen, data,
- len, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), rspamd_keypair_alg(kp));
+ len, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL));
sig->len = siglen;
psig = lua_newuserdata(L, sizeof(void *));
lua_pushnil(L);
}
else {
- sig = rspamd_fstring_sized_new(rspamd_cryptobox_signature_bytes(
- rspamd_keypair_alg(kp)));
+ sig = rspamd_fstring_sized_new(crypto_sign_bytes());
unsigned long long siglen = sig->len;
rspamd_cryptobox_sign(sig->str, &siglen, data,
- len, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), rspamd_keypair_alg(kp));
+ len, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL));
sig->len = siglen;
psig = lua_newuserdata(L, sizeof(void *));
}
/***
- * @function rspamd_cryptobox.encrypt_memory(kp, data[, nist=false])
+ * @function rspamd_cryptobox.encrypt_memory(kp, data)
* Encrypt data using specified keypair/pubkey
* @param {keypair|string} kp keypair or pubkey in base32 to use
* @param {string|text} data
gsize blen;
b32 = lua_tolstring(L, 1, &blen);
- pk = rspamd_pubkey_from_base32(b32, blen, RSPAMD_KEYPAIR_KEX,
- lua_toboolean(L, 3) ? RSPAMD_CRYPTOBOX_MODE_NIST : RSPAMD_CRYPTOBOX_MODE_25519);
+ pk = rspamd_pubkey_from_base32(b32, blen, RSPAMD_KEYPAIR_KEX);
owned_pk = true;
}
}
/***
- * @function rspamd_cryptobox.encrypt_file(kp|pk_string, filename[, nist=false])
+ * @function rspamd_cryptobox.encrypt_file(kp|pk_string, filename)
* Encrypt data using specified keypair/pubkey
* @param {keypair|string} kp keypair or pubkey in base32 to use
* @param {string} filename
gsize blen;
b32 = lua_tolstring(L, 1, &blen);
- pk = rspamd_pubkey_from_base32(b32, blen, RSPAMD_KEYPAIR_KEX,
- lua_toboolean(L, 3) ? RSPAMD_CRYPTOBOX_MODE_NIST : RSPAMD_CRYPTOBOX_MODE_25519);
+ pk = rspamd_pubkey_from_base32(b32, blen, RSPAMD_KEYPAIR_KEX);
own_pk = true;
}
char *b64_data;
gsize b64_len;
- rspamd_cryptobox_keypair_sig(pk, sk, RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_keypair_sig(pk, sk);
/* Process private key */
b64_data = rspamd_encode_base64(sk,
- rspamd_cryptobox_sk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519),
+ crypto_sign_secretkeybytes(),
-1, &b64_len);
priv_out = lua_newuserdata(L, sizeof(*priv_out));
/* Process public key */
b64_data = rspamd_encode_base64(pk,
- rspamd_cryptobox_pk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519),
+ crypto_sign_publickeybytes(),
-1, &b64_len);
pub_out = lua_newuserdata(L, sizeof(*pub_out));
char *b64_data;
gsize b64_len;
- rspamd_cryptobox_keypair_sig(pk, sk, RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_cryptobox_keypair_sig(pk, sk);
/* Process private key */
b64_data = rspamd_encode_base64(sk,
/* Process public key */
b64_data = rspamd_encode_base64(pk,
- rspamd_cryptobox_pk_sig_bytes(RSPAMD_CRYPTOBOX_MODE_25519),
+ crypto_sign_publickeybytes(),
-1, &b64_len);
pub_out = lua_newuserdata(L, sizeof(*pub_out));
/*
- * Copyright 2023 Vsevolod Stakhov
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
gsize inlen;
in = lua_tolstring(L, -1, &inlen);
- peer_key = rspamd_pubkey_from_base32(in, inlen,
- RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+ peer_key = rspamd_pubkey_from_base32(in, inlen, RSPAMD_KEYPAIR_KEX);
}
lua_pop(L, 1);
pk_str = lua_tolstring(L, 2, &len);
if (map && pk_str) {
- pk = rspamd_pubkey_from_base32(pk_str, len, RSPAMD_KEYPAIR_SIGN,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ pk = rspamd_pubkey_from_base32(pk_str, len, RSPAMD_KEYPAIR_SIGN);
if (!pk) {
return luaL_error(L, "invalid pubkey string");
k = ucl_object_tostring(value);
if (k == NULL || (rule->peer_key =
- rspamd_pubkey_from_base32(k, 0, RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519)) == NULL) {
+ rspamd_pubkey_from_base32(k, 0, RSPAMD_KEYPAIR_KEX)) == NULL) {
msg_err_config("bad encryption key value: %s",
k);
return -1;
}
- rule->local_key = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,
- RSPAMD_CRYPTOBOX_MODE_25519);
+ rule->local_key = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX);
}
if ((value = ucl_object_lookup(obj, "learn_condition")) != NULL) {
rule->local_key, rule->peer_key);
rspamd_cryptobox_encrypt_nm_inplace(data, datalen,
hdr->nonce, rspamd_pubkey_get_nm(rule->peer_key, rule->local_key),
- hdr->mac,
- rspamd_pubkey_alg(rule->peer_key));
+ hdr->mac);
}
static struct fuzzy_cmd_io *
sizeof(encrep.rep),
encrep.hdr.nonce,
rspamd_pubkey_get_nm(rule->peer_key, rule->local_key),
- encrep.hdr.mac,
- rspamd_pubkey_alg(rule->peer_key))) {
+ encrep.hdr.mac)) {
msg_info("cannot decrypt reply");
return NULL;
}
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
#include <sys/wait.h>
#endif
-static gboolean openssl = FALSE;
static gboolean verify = FALSE;
static gboolean quiet = FALSE;
static char *suffix = NULL;
static char *keypair_file = NULL;
static char *editor = NULL;
static gboolean edit = FALSE;
-enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
static void rspamadm_signtool(int argc, char **argv,
const struct rspamadm_command *cmd);
};
static GOptionEntry entries[] = {
- {"openssl", 'o', 0, G_OPTION_ARG_NONE, &openssl,
- "Generate openssl nistp256 keypair not curve25519 one", NULL},
{"verify", 'v', 0, G_OPTION_ARG_NONE, &verify,
"Verify signatures and not sign", NULL},
{"suffix", 'S', 0, G_OPTION_ARG_STRING, &suffix,
exit(EXIT_FAILURE);
}
- g_assert(rspamd_cryptobox_MAX_SIGBYTES >=
- rspamd_cryptobox_signature_bytes(mode));
-
sk = rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL);
- rspamd_cryptobox_sign(sig, NULL, map, st.st_size, sk, mode);
+ rspamd_cryptobox_sign(sig, NULL, map, st.st_size, sk);
if (edit) {
/* We also need to rename .new file */
rspamd_snprintf(sigpath, sizeof(sigpath), "%s%s", fname, suffix);
- if (write(fd_sig, sig, rspamd_cryptobox_signature_bytes(mode)) == -1) {
+ if (write(fd_sig, sig, crypto_sign_bytes()) == -1) {
rspamd_fprintf(stderr, "cannot write signature to %s: %s\n", sigpath,
strerror(errno));
exit(EXIT_FAILURE);
struct stat st, st_sig;
bool ret;
- g_assert(rspamd_cryptobox_MAX_SIGBYTES >=
- rspamd_cryptobox_signature_bytes(mode));
-
if (suffix == NULL) {
suffix = ".sig";
}
g_assert(fstat(fd_sig, &st_sig) != -1);
- if (st_sig.st_size != rspamd_cryptobox_signature_bytes(mode)) {
+ if (st_sig.st_size != crypto_sign_bytes()) {
close(fd_sig);
rspamd_fprintf(stderr, "invalid signature size %s: %ud\n", fname,
(unsigned int) st_sig.st_size);
}
ret = rspamd_cryptobox_verify(map_sig, st_sig.st_size,
- map, st.st_size, pk, mode);
+ map, st.st_size, pk);
munmap(map, st.st_size);
munmap(map_sig, st_sig.st_size);
g_option_context_free(context);
- if (openssl) {
- mode = RSPAMD_CRYPTOBOX_MODE_NIST;
- }
-
if (verify && (!pubkey && !pubkey_file)) {
rspamd_fprintf(stderr, "no pubkey for verification\n");
exit(EXIT_FAILURE);
flen--;
}
- pk = rspamd_pubkey_from_base32(map, flen,
- RSPAMD_KEYPAIR_SIGN, mode);
+ pk = rspamd_pubkey_from_base32(map, flen, RSPAMD_KEYPAIR_SIGN);
if (pk == NULL) {
rspamd_fprintf(stderr, "bad size %s: %ud, %ud expected\n",
pubkey_file,
(unsigned int) flen,
- rspamd_cryptobox_pk_sig_bytes(mode));
+ crypto_sign_publickeybytes());
exit(EXIT_FAILURE);
}
}
else {
pk = rspamd_pubkey_from_base32(pubkey, strlen(pubkey),
- RSPAMD_KEYPAIR_SIGN, mode);
+ RSPAMD_KEYPAIR_SIGN);
if (pk == NULL) {
rspamd_fprintf(stderr, "bad size %s: %ud, %ud expected\n",
pubkey_file,
(unsigned int) strlen(pubkey),
- rspamd_cryptobox_pk_sig_bytes(mode));
+ crypto_sign_publickeybytes());
exit(EXIT_FAILURE);
}
}
elt = ucl_object_lookup(obj, "key");
if (elt != NULL) {
up->key = rspamd_pubkey_from_base32(ucl_object_tostring(elt), 0,
- RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+ RSPAMD_KEYPAIR_KEX);
if (up->key == NULL) {
g_set_error(err, rspamd_proxy_quark(), 100,
elt = ucl_object_lookup(obj, "key");
if (elt != NULL) {
up->key = rspamd_pubkey_from_base32(ucl_object_tostring(elt), 0,
- RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+ RSPAMD_KEYPAIR_KEX);
if (up->key == NULL) {
g_set_error(err, rspamd_proxy_quark(), 100,
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
static const int mapping_size = 64 * 8192 + 1;
static const int max_seg = 32;
static const int random_fuzz_cnt = 10000;
-enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
static void *
create_mapping(int mapping_len, unsigned char **beg, unsigned char **end)
uint64_t *t = (uint64_t *) begin;
g_assert(rspamd_cryptobox_decrypt_nm_inplace(begin, end - begin, nonce, key,
- mac, mode));
+ mac));
while (t < (uint64_t *) end) {
g_assert(*t == 0);
/* Test baseline */
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encrypt_nm_inplace(begin, end - begin, nonce, key, mac,
- mode);
+ rspamd_cryptobox_encrypt_nm_inplace(begin, end - begin, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
msg_info("baseline encryption: %.0f", t2 - t1);
- mode = RSPAMD_CRYPTOBOX_MODE_NIST;
- t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encrypt_nm_inplace(begin,
- end - begin,
- nonce,
- key,
- mac,
- mode);
- t2 = rspamd_get_ticks(TRUE);
- check_result(key, nonce, mac, begin, end);
-
- msg_info("openssl baseline encryption: %.0f", t2 - t1);
- mode = RSPAMD_CRYPTOBOX_MODE_25519;
-
-start:
/* A single chunk as vector */
seg[0].data = begin;
seg[0].len = end - begin;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 1, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 1, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
seg[2].data = begin + seg[0].len + seg[1].len;
seg[2].len = (end - begin) - seg[0].len - seg[1].len;
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, 3, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, 3, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
cnt = create_random_split(seg, max_seg, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
cnt = create_realistic_split(seg, max_seg, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
cnt = create_constrained_split(seg, max_seg + 1, 32, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
ms = ottery_rand_range(i % max_seg * 2) + 1;
cnt = create_random_split(seg, ms, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
ms = ottery_rand_range(i % max_seg * 2) + 1;
cnt = create_realistic_split(seg, ms, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
ms = ottery_rand_range(i % max_seg * 10) + 1;
cnt = create_constrained_split(seg, ms, i, begin, end);
t1 = rspamd_get_ticks(TRUE);
- rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);
+ rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks(TRUE);
check_result(key, nonce, mac, begin, end);
msg_info("constrained fuzz iterations: %d", i);
}
}
-
- if (!checked_openssl) {
- checked_openssl = TRUE;
- mode = RSPAMD_CRYPTOBOX_MODE_NIST;
- goto start;
- }
}
TEST_CASE("rspamd_cryptobox_keypair")
{
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_NIST;
rspamd_sk_t sk;
rspamd_pk_t pk;
- rspamd_cryptobox_keypair(pk, sk, mode);
+ rspamd_cryptobox_keypair(pk, sk);
}
TEST_CASE("rspamd_cryptobox_keypair_sig")
{
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_NIST;
rspamd_sig_sk_t sk;
rspamd_sig_pk_t pk;
- rspamd_cryptobox_keypair_sig(pk, sk, mode);
+ rspamd_cryptobox_keypair_sig(pk, sk);
}
TEST_CASE("rspamd_cryptobox_hash")
rspamd_pk_t pk;
rspamd_sk_t sk;
rspamd_mac_t sig;
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
ottery_rand_bytes(nonce, sizeof(nonce));
- rspamd_cryptobox_keypair(pk, sk, mode);
+ rspamd_cryptobox_keypair(pk, sk);
memset(sig, 0, sizeof(sig));
- rspamd_cryptobox_encrypt_inplace(data, len, nonce, pk, sk, sig, mode);
+ rspamd_cryptobox_encrypt_inplace(data, len, nonce, pk, sk, sig);
- CHECK(rspamd_cryptobox_decrypt_inplace(data, len, nonce, pk, sk, sig, mode));
- }
-
- TEST_CASE("rspamd_cryptobox_encrypt_inplace_p256")
- {
- unsigned char data[256];
- gsize len = sizeof(data);
- rspamd_nonce_t nonce;
- rspamd_pk_t pk;
- rspamd_sk_t sk;
- rspamd_mac_t sig;
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_NIST;
-
- ottery_rand_bytes(nonce, sizeof(nonce));
-
- rspamd_cryptobox_keypair(pk, sk, mode);
-
- memset(sig, 0, sizeof(sig));
-
- rspamd_cryptobox_encrypt_inplace(data, len, nonce, pk, sk, sig, mode);
-
- CHECK(rspamd_cryptobox_decrypt_inplace(data, len, nonce, pk, sk, sig, mode));
+ CHECK(rspamd_cryptobox_decrypt_inplace(data, len, nonce, pk, sk, sig));
}
TEST_CASE("rspamd_cryptobox_sign_25519")
{
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
- rspamd_sig_sk_t sk;
- rspamd_sig_pk_t pk;
- unsigned char sig[256];
- unsigned long long siglen;
- std::string m{"data to be signed"};
-
- rspamd_cryptobox_keypair_sig(pk, sk, mode);
-
- rspamd_cryptobox_sign(sig, &siglen,
- reinterpret_cast<const unsigned char *>(m.data()), m.size(), sk, mode);
- bool check_result = rspamd_cryptobox_verify(sig, siglen,
- reinterpret_cast<const unsigned char *>(m.data()), m.size(), pk, mode);
- CHECK(check_result == true);
- }
-
- TEST_CASE("rspamd_cryptobox_sign_nist")
- {
- enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_NIST;
rspamd_sig_sk_t sk;
rspamd_sig_pk_t pk;
unsigned char sig[256];
unsigned long long siglen;
std::string m{"data to be signed"};
- rspamd_cryptobox_keypair_sig(pk, sk, mode);
+ rspamd_cryptobox_keypair_sig(pk, sk);
rspamd_cryptobox_sign(sig, &siglen,
- reinterpret_cast<const unsigned char *>(m.data()), m.size(), sk, mode);
+ reinterpret_cast<const unsigned char *>(m.data()), m.size(), sk);
bool check_result = rspamd_cryptobox_verify(sig, siglen,
- reinterpret_cast<const unsigned char *>(m.data()), m.size(), pk, mode);
+ reinterpret_cast<const unsigned char *>(m.data()), m.size(),
+ pk);
CHECK(check_result == true);
}
}
projects / thirdparty / rspamd.git / commitdiff
