From: Vsevolod Stakhov Date: Mon, 22 Feb 2016 11:30:35 +0000 (+0000) Subject: Add high level signing API for libcryptobox X-Git-Tag: 1.2.0~193 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f930951c6fe3721e9737e60d169c73aee89dd5b3;p=thirdparty%2Frspamd.git Add high level signing API for libcryptobox --- diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index a2b842320d..1568293e3b 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -20,6 +20,12 @@ #include "libutil/str_util.h" #include "libutil/printf.h" +static GQuark +rspamd_keypair_quark (void) +{ + return g_quark_from_static_string ("rspamd-cryptobox-keypair"); +} + /** * Returns specific private key for different keypair types */ @@ -806,3 +812,71 @@ rspamd_keypair_to_ucl (struct rspamd_cryptobox_keypair *kp, return ucl_out; } + +gboolean +rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp, + const void *data, gsize len, guchar **sig, gsize *outlen, + GError **err) +{ + gsize siglen; + guint sklen; + + g_assert (kp != NULL); + g_assert (data != NULL); + g_assert (sig != NULL); + + if (kp->type != RSPAMD_KEYPAIR_SIGN) { + g_set_error (err, rspamd_keypair_quark (), EINVAL, + "invalid keypair: expected signature pair"); + + return FALSE; + } + + siglen = rspamd_cryptobox_signature_bytes (kp->alg); + *sig = g_malloc (siglen); + rspamd_cryptobox_sign (*sig, &siglen, data, len, + rspamd_cryptobox_keypair_sk (kp, &sklen), kp->alg); + + if (outlen != NULL) { + *outlen = siglen; + } + + return TRUE; +} + +gboolean +rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk, + const void *data, gsize len, guchar *sig, gsize siglen, + GError **err) +{ + guint pklen; + + g_assert (pk != NULL); + g_assert (data != NULL); + g_assert (sig != NULL); + + if (pk->type != RSPAMD_KEYPAIR_SIGN) { + g_set_error (err, rspamd_keypair_quark (), EINVAL, + "invalid keypair: expected signature pair"); + + return FALSE; + } + + if (siglen != rspamd_cryptobox_signature_bytes (pk->alg)) { + g_set_error (err, rspamd_keypair_quark (), E2BIG, + "invalid signature length: %d; expected %d", + (int)siglen, (int) rspamd_cryptobox_signature_bytes (pk->alg)); + + return FALSE; + } + + if (!rspamd_cryptobox_verify (sig, data, len, + rspamd_cryptobox_pubkey_pk (pk, &pklen), pk->alg)) { + g_set_error (err, rspamd_keypair_quark (), EPERM, + "signature verification failed"); + + return FALSE; + } + + return TRUE; +} diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h index f913cfc658..6c30c51344 100644 --- a/src/libcryptobox/keypair.h +++ b/src/libcryptobox/keypair.h @@ -233,4 +233,33 @@ struct rspamd_cryptobox_keypair * rspamd_keypair_from_ucl (const ucl_object_t *o ucl_object_t * rspamd_keypair_to_ucl (struct rspamd_cryptobox_keypair *kp, gboolean is_hex); +/** + * Signs memory using the specified keypair + * @param kp keypair + * @param data data to sign + * @param data to sign + * @param sig output signature (allocated by function, must be freed by a callee) + * @param outlen length of output data + * @param err filled if function returns `FALSE` + * @return TRUE if signature operation succeeded + */ +gboolean rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp, + const void *data, gsize len, guchar **sig, gsize *outlen, + GError **err); + +/*** + * Verifies data using public key + * @param pk public key + * @param data data to sign + * @param len data to sign + * @param sig signature to verify + * @param siglen length of signature + * @param err filled if function returns `FALSE` + * @return TRUE if signature is valid + */ +gboolean rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk, + const void *data, gsize len, guchar *sig, gsize siglen, + GError **err); + + #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */