From: LeftTry Date: Sun, 28 Jul 2024 13:50:17 +0000 (+0600) Subject: [Minor] Provide description for rspamd_cryptobox_verify_compat function X-Git-Tag: 3.10.0~70 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ea02746c12a99f55445f5396ba7301b79046b79c;p=thirdparty%2Frspamd.git [Minor] Provide description for rspamd_cryptobox_verify_compat function --- diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index 25ee9a471e..8462aab67c 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -706,87 +706,6 @@ void rspamd_cryptobox_sign(unsigned char *sig, unsigned long long *siglen_p, } } -void rspamd_cryptobox_sign_compat(int nid, unsigned char *sig, unsigned long long *siglen_p, - const unsigned char *m, gsize mlen, - struct evp_pkey_st *sec_key, int ktype, - enum rspamd_cryptobox_mode mode) -{ - if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) { - rspamd_sk_t sk; - size_t sk_len = sizeof(rspamd_sk_t); - EVP_PKEY_get_raw_private_key(sec_key, sk, &sk_len); - crypto_sign_detached(sig, siglen_p, m, mlen, sk); - } - else { -#ifndef HAVE_USABLE_OPENSSL - g_assert(0); -#else - EVP_MD_CTX *sha_ctx; - unsigned char h[64]; - unsigned int diglen = rspamd_cryptobox_signature_bytes(mode); - - /* Prehash */ - sha_ctx = EVP_MD_CTX_create(); - EVP_MD *type = NULL; - switch(nid) - { - case NID_sha1: - type = EVP_sha1(); - break; - case NID_sha256: - type = EVP_sha256(); - break; - case NID_sha512: - type = EVP_sha512(); - break; - default: - type = NULL; - } - g_assert(EVP_DigestInit(sha_ctx, type) == 1); - EVP_DigestUpdate(sha_ctx, m, mlen); - EVP_DigestFinal(sha_ctx, h, NULL); - - /* ECDSA */ -#if OPENSSL_VERSION_MAJOR >= 3 - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(sec_key, NULL); - - if(ktype == 1) - EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING); - - g_assert(EVP_DigestSignInit(sha_ctx, NULL, type, NULL, sec_key) == 1); - - size_t diglen_size_t = diglen; - EVP_DigestSign(sha_ctx, sig, &diglen_size_t, m, mlen); - diglen = diglen_size_t; - - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_free(sec_key); -#else - EC_KEY *lk; - BIGNUM *bn_sec; - - /* Key setup */ - lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID); - g_assert(lk != NULL); - bn_sec = BN_bin2bn(sk, sizeof(rspamd_sk_t), NULL); - g_assert(bn_sec != NULL); - g_assert(EC_KEY_set_private_key(lk, bn_sec) == 1); - - g_assert(ECDSA_sign(0, h, sizeof(h), sig, &diglen, lk) == 1); - EC_KEY_free(lk); - BN_free(bn_sec); -#endif - g_assert(diglen <= sizeof(rspamd_signature_t)); - - if (siglen_p) { - *siglen_p = diglen; - } - - EVP_MD_CTX_destroy(sha_ctx); -#endif - } -} - bool rspamd_cryptobox_verify_compat(int nid, const unsigned char *sig, gsize siglen, diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h index f11d319949..fa5a018dfa 100644 --- a/src/libcryptobox/cryptobox.h +++ b/src/libcryptobox/cryptobox.h @@ -207,11 +207,6 @@ void rspamd_cryptobox_sign(unsigned char *sig, unsigned long long *siglen_p, const rspamd_sk_t sk, enum rspamd_cryptobox_mode mode); -void rspamd_cryptobox_sign_compat(int nid, unsigned char *sig, unsigned long long *siglen_p, - const unsigned char *m, gsize mlen, - struct evp_pkey_st *sec_key, int ktype, - enum rspamd_cryptobox_mode mode); - /** * Verifies digital signature for the specified message using the specified * pubkey @@ -228,11 +223,20 @@ bool rspamd_cryptobox_verify(const unsigned char *sig, const rspamd_pk_t pk, enum rspamd_cryptobox_mode mode); +/** + * Verifies digital signature for specified raw digest with specified pubkey + * @param nid signing algorithm nid + * @param sig signature source + * @param digest raw digest + * @param pub_key public key for verification + * @param ktype type of public key (1 - RSA, 0 - ECDSA) + * @return true if signature is valid, false otherwise + */ bool rspamd_cryptobox_verify_compat(int nid, const unsigned char *sig, gsize siglen, - const unsigned char *m, - gsize mlen, + const unsigned char *digest, + gsize dlen, struct evp_pkey_st *pub_key, int ktype, enum rspamd_cryptobox_mode mode);