#include "ottery.h"
#include "libserver/worker_util.h"
#include "libserver/rspamd_control.h"
-#include "cryptobox.h"
-#include "keypairs_cache.h"
-#include "keypair_private.h"
+#include "libcryptobox/cryptobox.h"
+#include "libcryptobox/keypairs_cache.h"
+#include "libcryptobox/keypair.h"
#include "ref.h"
#include "xxhash.h"
#include "libutil/hash.h"
gint peer_fd;
struct event peer_ev;
/* Local keypair */
- gpointer default_keypair; /* Bad clash, need for parse keypair */
- gpointer default_key;
+ struct rspamd_cryptobox_keypair *default_keypair; /* Bad clash, need for parse keypair */
+ struct fuzzy_key *default_key;
GHashTable *keys;
gboolean encrypted_only;
struct rspamd_keypair_cache *keypair_cache;
};
struct fuzzy_key {
- struct rspamd_http_keypair *key;
+ struct rspamd_cryptobox_keypair *key;
struct fuzzy_key_stat *stat;
};
fuzzy_key_stat_dtor (key->stat);
}
if (key->key) {
- rspamd_http_connection_key_unref (key->key);
+ rspamd_keypair_unref (key->key);
}
g_slice_free1 (sizeof (*key), key);
sizeof (session->reply.rep),
session->reply.hdr.nonce,
session->nm,
- session->reply.hdr.mac);
+ session->reply.hdr.mac,
+ RSPAMD_CRYPTOBOX_MODE_25519);
}
rspamd_fuzzy_write_reply (session);
struct rspamd_fuzzy_encrypted_req_hdr *hdr;
guchar *payload;
gsize payload_len;
- struct rspamd_http_keypair rk;
+ struct rspamd_cryptobox_pubkey *rk;
struct fuzzy_key *key;
if (s->ctx->default_key == NULL) {
s->key_stat = key->stat;
/* Now process keypair */
- memcpy (rk.pk, hdr->pubkey, sizeof (rk.pk));
- rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, &rk);
+ rk = rspamd_pubkey_from_bin (hdr->pubkey, sizeof (hdr->pubkey),
+ RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+
+ if (rk == NULL) {
+ msg_err ("bad key");
+ return FALSE;
+ }
+
+ rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, rk);
/* Now decrypt request */
if (!rspamd_cryptobox_decrypt_nm_inplace (payload, payload_len, hdr->nonce,
- rk.nm, hdr->mac)) {
+ rspamd_pubkey_get_nm (rk),
+ hdr->mac, RSPAMD_CRYPTOBOX_MODE_25519)) {
msg_debug ("decryption failed");
- rspamd_explicit_memzero (rk.nm, sizeof (rk.nm));
+ rspamd_pubkey_unref (rk);
+
return FALSE;
}
- memcpy (s->nm, rk.nm, sizeof (s->nm));
- rspamd_explicit_memzero (rk.nm, sizeof (rk.nm));
+ memcpy (s->nm, rspamd_pubkey_get_nm (rk), sizeof (s->nm));
+ rspamd_pubkey_unref (rk);
return TRUE;
}
{
struct rspamd_rcl_struct_parser *pd = ud;
struct rspamd_fuzzy_storage_ctx *ctx;
- struct rspamd_http_keypair *kp;
+ struct rspamd_cryptobox_keypair *kp;
struct fuzzy_key_stat *keystat;
struct fuzzy_key *key;
const ucl_object_t *cur;
+ const guchar *pk;
ucl_object_iter_t it = NULL;
gboolean ret;
return FALSE;
}
+ if (rspamd_keypair_alg (kp) != RSPAMD_CRYPTOBOX_MODE_25519 ||
+ rspamd_keypair_type (kp) != RSPAMD_KEYPAIR_KEX) {
+ return FALSE;
+ }
+
key = g_slice_alloc (sizeof (*key));
key->key = kp;
keystat = g_slice_alloc0 (sizeof (*keystat));
(GDestroyNotify)rspamd_inet_address_destroy, fuzzy_key_stat_dtor,
rspamd_inet_address_hash, rspamd_inet_address_equal);
key->stat = keystat;
- g_hash_table_insert (ctx->keys, kp->pk, key);
+ pk = rspamd_keypair_component (kp, RSPAMD_KEYPAIR_COMPONENT_PK,
+ NULL);
+ g_hash_table_insert (ctx->keys, (gpointer)pk, key);
ctx->default_key = key;
- msg_info_pool ("loaded keypair %8xs", kp->pk);
+ msg_info_pool ("loaded keypair %8xs", pk);
}
else if (ucl_object_type (obj) == UCL_ARRAY) {
while ((cur = ucl_iterate_object (obj, &it, true)) != NULL) {
struct rspamd_http_upstream {
gchar *name;
struct upstream_list *u;
- gpointer key;
+ struct rspamd_cryptobox_pubkey *key;
};
struct http_proxy_ctx {
/* Events base */
struct event_base *ev_base;
/* Encryption key for clients */
- gpointer key;
+ struct rspamd_cryptobox_keypair *key;
/* Keys cache */
struct rspamd_keypair_cache *keys_cache;
/* Upstreams to use */
/* Default upstream */
struct rspamd_http_upstream *default_upstream;
/* Local rotating keypair for upstreams */
- gpointer local_key;
+ struct rspamd_cryptobox_keypair *local_key;
struct event rotate_ev;
gdouble rotate_tm;
};
struct http_proxy_session {
struct http_proxy_ctx *ctx;
struct event_base *ev_base;
- gpointer local_key;
- gpointer remote_key;
+ struct rspamd_cryptobox_keypair *local_key;
+ struct rspamd_cryptobox_pubkey *remote_key;
struct upstream *up;
gint client_sock;
gint backend_sock;
elt = ucl_object_find_key (obj, "key");
if (elt != NULL) {
- up->key = rspamd_http_connection_make_peer_key (ucl_object_tostring (elt));
+ up->key = rspamd_pubkey_from_base32 (ucl_object_tostring (elt), 0,
+ RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
if (up->key == NULL) {
g_set_error (err, http_proxy_quark (), 100,
rspamd_upstreams_destroy (up->u);
if (up->key) {
- rspamd_http_connection_key_unref (up->key);
+ rspamd_pubkey_unref (up->key);
}
g_slice_free1 (sizeof (*up), up);
rspamd_http_connection_set_key (session->backend_conn,
session->ctx->local_key);
- msg->peer_key = rspamd_http_connection_key_ref (backend->key);
+ msg->peer_key = rspamd_pubkey_ref (backend->key);
session->replied = TRUE;
rspamd_http_connection_write_message (session->backend_conn,
event_add (&ctx->rotate_ev, &rot_tv);
kp = ctx->local_key;
- ctx->local_key = rspamd_http_connection_gen_key ();
- rspamd_http_connection_key_unref (kp);
+ ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX,
+ RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_keypair_unref (kp);
}
void
/* XXX: stupid default */
ctx->keys_cache = rspamd_keypair_cache_new (256);
- ctx->local_key = rspamd_http_connection_gen_key ();
+ ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX,
+ RSPAMD_CRYPTOBOX_MODE_25519);
double_to_tv (ctx->rotate_tm, &rot_tv);
rot_tv.tv_sec += ottery_rand_range (rot_tv.tv_sec);
rspamd_log_close (worker->srv->logger);
if (ctx->key) {
- rspamd_http_connection_key_unref (ctx->key);
+ rspamd_keypair_unref (ctx->key);
}
rspamd_keypair_cache_destroy (ctx->keys_cache);
struct rspamd_cryptobox_keypair*
-rspamd__keypair_ref (struct rspamd_cryptobox_keypair *kp)
+rspamd_keypair_ref (struct rspamd_cryptobox_keypair *kp)
{
REF_RETAIN (kp);
return kp;
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (decoded, pk_data, pklen);
+ memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (decoded, pk_data, pklen);
+ memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (raw, pk_data, pklen);
+ memcpy (pk_data, raw, pklen);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
pk->type = type;
GError **err)
{
struct rspamd_rcl_struct_parser *pd = ud;
- gpointer *target;
- gpointer key;
- const gchar *val, *sem = NULL, *pk = NULL, *sk = NULL;
- gchar keybuf[256];
- const ucl_object_t *elt;
+ struct rspamd_cryptobox_keypair **target, *kp;
+
target = (gpointer *)(((gchar *)pd->user_struct) + pd->offset);
- if (obj->type == UCL_STRING) {
- /* Pk and Sk are just linked all together */
- val = ucl_object_tostring (obj);
- if ((sem = strchr (val, ':')) != NULL) {
- sk = val;
- pk = sem + 1;
+ if (obj->type == UCL_OBJECT) {
+ kp = rspamd_keypair_from_ucl (obj);
+
+ if (kp != NULL) {
+ *target = kp;
}
else {
- /* Try to parse the key as is */
- key = rspamd_http_connection_make_key ((gchar *)val, strlen (val));
- if (key != NULL) {
- *target = key;
- return TRUE;
- }
g_set_error (err,
CFG_RCL_ERROR,
EINVAL,
- "invalid string with keypair content for %s",
+ "cannot load the keypair specified: %s",
ucl_object_key (obj));
return FALSE;
}
}
- else if (obj->type == UCL_OBJECT) {
- elt = ucl_object_find_key (obj, "pubkey");
- if (elt == NULL || !ucl_object_tostring_safe (elt, &pk)) {
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "no sane pubkey found in the keypair: %s",
- ucl_object_key (obj));
- return FALSE;
- }
- elt = ucl_object_find_key (obj, "privkey");
- if (elt == NULL || !ucl_object_tostring_safe (elt, &sk)) {
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "no sane privkey found in the keypair: %s",
- ucl_object_key (obj));
- return FALSE;
- }
- }
-
- if (sk == NULL || pk == NULL) {
+ else {
g_set_error (err,
CFG_RCL_ERROR,
EINVAL,
return FALSE;
}
- if (!sem) {
- rspamd_snprintf (keybuf, sizeof (keybuf), "%s%s", sk, pk);
- }
- else {
- rspamd_snprintf (keybuf, sizeof (keybuf), "%*s%s", (gint)(sem - sk),
- sk, pk);
- }
-
- key = rspamd_http_connection_make_key (keybuf, strlen (keybuf));
- if (key != NULL) {
- /* XXX: clean buffer after usage */
- *target = key;
- return TRUE;
- }
-
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "cannot load the keypair specified: %s",
- ucl_object_key (obj));
- return FALSE;
+ return TRUE;
}
static void
/* Events base */
struct event_base *ev_base;
/* Encryption key */
- gpointer key;
+ struct rspamd_cryptobox_keypair *key;
/* Keys cache */
struct rspamd_keypair_cache *keys_cache;
/* Configuration */
rspamd_log_close (worker->srv->logger);
if (ctx->key) {
- rspamd_http_connection_key_unref (ctx->key);
+ rspamd_keypair_unref (ctx->key);
}
rspamd_keypair_cache_destroy (ctx->keys_cache);
projects / rspamd.git / commitdiff