#include "libutil/str_util.h"
#include "libutil/printf.h"
+static GQuark
+rspamd_keypair_quark (void)
+{
+ return g_quark_from_static_string ("rspamd-cryptobox-keypair");
+}
+
/**
* Returns specific private key for different keypair types
*/
return ucl_out;
}
+
+gboolean
+rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp,
+ const void *data, gsize len, guchar **sig, gsize *outlen,
+ GError **err)
+{
+ gsize siglen;
+ guint sklen;
+
+ g_assert (kp != NULL);
+ g_assert (data != NULL);
+ g_assert (sig != NULL);
+
+ if (kp->type != RSPAMD_KEYPAIR_SIGN) {
+ g_set_error (err, rspamd_keypair_quark (), EINVAL,
+ "invalid keypair: expected signature pair");
+
+ return FALSE;
+ }
+
+ siglen = rspamd_cryptobox_signature_bytes (kp->alg);
+ *sig = g_malloc (siglen);
+ rspamd_cryptobox_sign (*sig, &siglen, data, len,
+ rspamd_cryptobox_keypair_sk (kp, &sklen), kp->alg);
+
+ if (outlen != NULL) {
+ *outlen = siglen;
+ }
+
+ return TRUE;
+}
+
+gboolean
+rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk,
+ const void *data, gsize len, guchar *sig, gsize siglen,
+ GError **err)
+{
+ guint pklen;
+
+ g_assert (pk != NULL);
+ g_assert (data != NULL);
+ g_assert (sig != NULL);
+
+ if (pk->type != RSPAMD_KEYPAIR_SIGN) {
+ g_set_error (err, rspamd_keypair_quark (), EINVAL,
+ "invalid keypair: expected signature pair");
+
+ return FALSE;
+ }
+
+ if (siglen != rspamd_cryptobox_signature_bytes (pk->alg)) {
+ g_set_error (err, rspamd_keypair_quark (), E2BIG,
+ "invalid signature length: %d; expected %d",
+ (int)siglen, (int) rspamd_cryptobox_signature_bytes (pk->alg));
+
+ return FALSE;
+ }
+
+ if (!rspamd_cryptobox_verify (sig, data, len,
+ rspamd_cryptobox_pubkey_pk (pk, &pklen), pk->alg)) {
+ g_set_error (err, rspamd_keypair_quark (), EPERM,
+ "signature verification failed");
+
+ return FALSE;
+ }
+
+ return TRUE;
+}
ucl_object_t * rspamd_keypair_to_ucl (struct rspamd_cryptobox_keypair *kp,
gboolean is_hex);
+/**
+ * Signs memory using the specified keypair
+ * @param kp keypair
+ * @param data data to sign
+ * @param data to sign
+ * @param sig output signature (allocated by function, must be freed by a callee)
+ * @param outlen length of output data
+ * @param err filled if function returns `FALSE`
+ * @return TRUE if signature operation succeeded
+ */
+gboolean rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp,
+ const void *data, gsize len, guchar **sig, gsize *outlen,
+ GError **err);
+
+/***
+ * Verifies data using public key
+ * @param pk public key
+ * @param data data to sign
+ * @param len data to sign
+ * @param sig signature to verify
+ * @param siglen length of signature
+ * @param err filled if function returns `FALSE`
+ * @return TRUE if signature is valid
+ */
+gboolean rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk,
+ const void *data, gsize len, guchar *sig, gsize siglen,
+ GError **err);
+
+
#endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */
projects / thirdparty / rspamd.git / commitdiff
