unsigned long cpu_config = 0;
-static gboolean use_openssl = FALSE;
static gboolean cryptobox_loaded = FALSE;
static const guchar n0[16] = {0};
}
void
-rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk)
+rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
ottery_rand_bytes (sk, rspamd_cryptobox_MAX_SKBYTES);
sk[0] &= 248;
sk[31] &= 127;
g_assert (len <= (gint)sizeof (rspamd_sk_t));
BN_bn2bin (bn_sec, sk);
len = BN_num_bytes (bn_pub);
- g_assert (len <= (gint)rspamd_cryptobox_pk_bytes ());
+ g_assert (len <= (gint)rspamd_cryptobox_pk_bytes (mode));
BN_bn2bin (bn_pub, pk);
BN_free (bn_pub);
EC_KEY_free (ec_sec);
}
void
-rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk)
+rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
ed25519_keypair (pk, sk);
}
else {
g_assert (len <= (gint)sizeof (rspamd_sk_t));
BN_bn2bin (bn_sec, sk);
len = BN_num_bytes (bn_pub);
- g_assert (len <= (gint)rspamd_cryptobox_pk_bytes ());
+ g_assert (len <= (gint)rspamd_cryptobox_pk_bytes (mode));
BN_bn2bin (bn_pub, pk);
BN_free (bn_pub);
EC_KEY_free (ec_sec);
}
void
-rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk)
+rspamd_cryptobox_nm (rspamd_nm_t nm,
+ const rspamd_pk_t pk, const rspamd_sk_t sk,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
guchar s[32];
guchar e[32];
lk = EC_KEY_new_by_curve_name (CRYPTOBOX_CURVE_NID);
g_assert (lk != NULL);
- bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (), NULL);
+ bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (mode), NULL);
g_assert (bn_pub != NULL);
bn_sec = BN_bin2bn (sk, sizeof (rspamd_sk_t), NULL);
g_assert (bn_sec != NULL);
void
rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p,
const guchar *m, gsize mlen,
- const rspamd_sk_t sk)
+ const rspamd_sk_t sk,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
ed25519_sign (sig, siglen_p, m, mlen, sk);
}
else {
BIGNUM *bn_sec, *kinv = NULL, *rp = NULL;
EVP_MD_CTX sha_ctx;
unsigned char h[64];
- guint diglen = rspamd_cryptobox_signature_bytes ();
+ guint diglen = rspamd_cryptobox_signature_bytes (mode);
/* Prehash */
g_assert (EVP_DigestInit (&sha_ctx, EVP_sha512()) == 1);
rspamd_cryptobox_verify (const guchar *sig,
const guchar *m,
gsize mlen,
- const rspamd_pk_t pk)
+ const rspamd_pk_t pk,
+ enum rspamd_cryptobox_mode mode)
{
bool ret = false;
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
ret = ed25519_verify (sig, m, mlen, pk);
}
else {
/* Key setup */
lk = EC_KEY_new_by_curve_name (CRYPTOBOX_CURVE_NID);
g_assert (lk != NULL);
- bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (), NULL);
+ bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (mode), NULL);
g_assert (bn_pub != NULL);
ec_pub = EC_POINT_bn2point (EC_KEY_get0_group (lk), bn_pub, NULL, NULL);
g_assert (ec_pub != NULL);
/* ECDSA */
ret = ECDSA_verify (0, h, sizeof (h), sig,
- rspamd_cryptobox_signature_bytes (), lk) == 1;
+ rspamd_cryptobox_signature_bytes (mode), lk) == 1;
EC_KEY_free (lk);
BN_free (bn_pub);
}
static gsize
-rspamd_cryptobox_encrypt_ctx_len (void)
+rspamd_cryptobox_encrypt_ctx_len (enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return sizeof (chacha_state) + CRYPTOBOX_ALIGNMENT;
}
else {
}
static gsize
-rspamd_cryptobox_auth_ctx_len (void)
+rspamd_cryptobox_auth_ctx_len (enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return sizeof (poly1305_state) + CRYPTOBOX_ALIGNMENT;
}
else {
static void *
rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
- const rspamd_nm_t nm)
+ const rspamd_nm_t nm,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
chacha_state *s;
s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT);
memset (s, 0, sizeof (*s));
g_assert (EVP_EncryptInit_ex (s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
- rspamd_cryptobox_nonce_bytes (), NULL) == 1);
+ rspamd_cryptobox_nonce_bytes (mode), NULL) == 1);
g_assert (EVP_EncryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
return s;
}
static void *
-rspamd_cryptobox_auth_init (void *auth_ctx, void *enc_ctx)
+rspamd_cryptobox_auth_init (void *auth_ctx, void *enc_ctx,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
poly1305_state *mac_ctx;
guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES];
static gboolean
rspamd_cryptobox_encrypt_update (void *enc_ctx, const guchar *in, gsize inlen,
- guchar *out, gsize *outlen)
+ guchar *out, gsize *outlen,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
gsize r;
r = chacha_update (enc_ctx, in, out, inlen);
}
static gboolean
-rspamd_cryptobox_auth_update (void *auth_ctx, const guchar *in, gsize inlen)
+rspamd_cryptobox_auth_update (void *auth_ctx, const guchar *in, gsize inlen,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
poly1305_update (auth_ctx, in, inlen);
return TRUE;
}
static gsize
-rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain)
+rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return chacha_final (enc_ctx, out);
}
else {
}
static gboolean
-rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig)
+rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
poly1305_finish (auth_ctx, sig);
return TRUE;
static void *
rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
- const rspamd_nm_t nm)
+ const rspamd_nm_t nm,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
chacha_state *s;
memset (s, 0, sizeof (*s));
g_assert (EVP_DecryptInit_ex(s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
- rspamd_cryptobox_nonce_bytes (), NULL) == 1);
+ rspamd_cryptobox_nonce_bytes (mode), NULL) == 1);
g_assert (EVP_DecryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
return s;
}
static void *
-rspamd_cryptobox_auth_verify_init (void *auth_ctx, void *enc_ctx)
+rspamd_cryptobox_auth_verify_init (void *auth_ctx, void *enc_ctx,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
poly1305_state *mac_ctx;
guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES];
static gboolean
rspamd_cryptobox_decrypt_update (void *enc_ctx, const guchar *in, gsize inlen,
- guchar *out, gsize *outlen)
+ guchar *out, gsize *outlen,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
gsize r;
r = chacha_update (enc_ctx, in, out, inlen);
}
static gboolean
-rspamd_cryptobox_auth_verify_update (void *auth_ctx, const guchar *in, gsize inlen)
+rspamd_cryptobox_auth_verify_update (void *auth_ctx,
+ const guchar *in, gsize inlen,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
poly1305_update (auth_ctx, in, inlen);
return TRUE;
}
static gboolean
-rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain)
+rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
chacha_final (enc_ctx, out);
return TRUE;
}
static gboolean
-rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig)
+rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
rspamd_mac_t mac;
poly1305_finish (auth_ctx, mac);
static void
-rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx)
+rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx,
+ enum rspamd_cryptobox_mode mode)
{
- if (G_LIKELY (!use_openssl)) {
+ if (G_LIKELY (RSPAMD_CRYPTOBOX_MODE_25519)) {
rspamd_explicit_memzero (auth_ctx, sizeof (poly1305_state));
}
else {
void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
const rspamd_nm_t nm,
- rspamd_mac_t sig)
+ rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
gsize r;
void *enc_ctx, *auth_ctx;
- enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ());
- auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ());
+ enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode));
+ auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode));
- enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm);
- auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx);
+ enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm, mode);
+ auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx, mode);
- rspamd_cryptobox_encrypt_update (enc_ctx, data, len, data, &r);
- rspamd_cryptobox_encrypt_final (enc_ctx, data + r, len - r);
+ rspamd_cryptobox_encrypt_update (enc_ctx, data, len, data, &r, mode);
+ rspamd_cryptobox_encrypt_final (enc_ctx, data + r, len - r, mode);
- rspamd_cryptobox_auth_update (auth_ctx, data, len);
- rspamd_cryptobox_auth_final (auth_ctx, sig);
+ rspamd_cryptobox_auth_update (auth_ctx, data, len, mode);
+ rspamd_cryptobox_auth_final (auth_ctx, sig, mode);
- rspamd_cryptobox_cleanup (enc_ctx, auth_ctx);
+ rspamd_cryptobox_cleanup (enc_ctx, auth_ctx, mode);
}
static void
rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments,
gsize cnt,
const rspamd_nonce_t nonce,
- const rspamd_nm_t nm, rspamd_mac_t sig)
+ const rspamd_nm_t nm, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
struct rspamd_cryptobox_segment *cur = segments, *start_seg = segments;
guchar outbuf[CHACHA_BLOCKBYTES * 16];
guchar *out, *in;
gsize r, remain, inremain, seg_offset;
- enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ());
- auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ());
+ enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode));
+ auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode));
- enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm);
- auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx);
+ enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm, mode);
+ auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx, mode);
remain = sizeof (outbuf);
out = outbuf;
if (remain == 0) {
rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf),
- outbuf, NULL);
- rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf));
+ outbuf, NULL, mode);
+ rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf),
+ mode);
rspamd_cryptobox_flush_outbuf (start_seg, outbuf,
sizeof (outbuf), seg_offset);
start_seg = cur;
else {
memcpy (out, cur->data, remain);
rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf),
- outbuf, NULL);
- rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf));
+ outbuf, NULL, mode);
+ rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf),
+ mode);
rspamd_cryptobox_flush_outbuf (start_seg, outbuf, sizeof (outbuf),
seg_offset);
seg_offset = 0;
outbuf,
sizeof (outbuf),
outbuf,
- NULL);
+ NULL,
+ mode);
rspamd_cryptobox_auth_update (auth_ctx,
outbuf,
- sizeof (outbuf));
+ sizeof (outbuf),
+ mode);
memcpy (in, outbuf, sizeof (outbuf));
in += sizeof (outbuf);
inremain -= sizeof (outbuf);
}
rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf) - remain,
- outbuf, &r);
+ outbuf, &r, mode);
out = outbuf + r;
- rspamd_cryptobox_encrypt_final (enc_ctx, out, sizeof (outbuf) - remain - r);
+ rspamd_cryptobox_encrypt_final (enc_ctx, out, sizeof (outbuf) - remain - r,
+ mode);
- rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf) - remain);
- rspamd_cryptobox_auth_final (auth_ctx, sig);
+ rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf) - remain,
+ mode);
+ rspamd_cryptobox_auth_final (auth_ctx, sig, mode);
rspamd_cryptobox_flush_outbuf (start_seg, outbuf, sizeof (outbuf) - remain,
seg_offset);
- rspamd_cryptobox_cleanup (auth_ctx, enc_ctx);
+ rspamd_cryptobox_cleanup (auth_ctx, enc_ctx, mode);
}
gboolean
rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
- const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_mac_t sig)
+ const rspamd_nonce_t nonce, const rspamd_nm_t nm,
+ const rspamd_mac_t sig, enum rspamd_cryptobox_mode mode)
{
gsize r = 0;
gboolean ret = TRUE;
void *enc_ctx, *auth_ctx;
- enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ());
- auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ());
+ enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode));
+ auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode));
- enc_ctx = rspamd_cryptobox_decrypt_init (enc_ctx, nonce, nm);
- auth_ctx = rspamd_cryptobox_auth_verify_init (auth_ctx, enc_ctx);
+ enc_ctx = rspamd_cryptobox_decrypt_init (enc_ctx, nonce, nm, mode);
+ auth_ctx = rspamd_cryptobox_auth_verify_init (auth_ctx, enc_ctx, mode);
- rspamd_cryptobox_auth_verify_update (auth_ctx, data, len);
+ rspamd_cryptobox_auth_verify_update (auth_ctx, data, len, mode);
- if (!rspamd_cryptobox_auth_verify_final (auth_ctx, sig)) {
+ if (!rspamd_cryptobox_auth_verify_final (auth_ctx, sig, mode)) {
ret = FALSE;
}
else {
- rspamd_cryptobox_decrypt_update (enc_ctx, data, len, data, &r);
- ret = rspamd_cryptobox_decrypt_final (enc_ctx, data + r, len - r);
+ rspamd_cryptobox_decrypt_update (enc_ctx, data, len, data, &r, mode);
+ ret = rspamd_cryptobox_decrypt_final (enc_ctx, data + r, len - r, mode);
}
- rspamd_cryptobox_cleanup (enc_ctx, auth_ctx);
+ rspamd_cryptobox_cleanup (enc_ctx, auth_ctx, mode);
return ret;
}
gboolean
rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig)
+ const rspamd_pk_t pk, const rspamd_sk_t sk,
+ const rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
guchar nm[rspamd_cryptobox_MAX_NMBYTES];
gboolean ret;
- rspamd_cryptobox_nm (nm, pk, sk);
- ret = rspamd_cryptobox_decrypt_nm_inplace (data, len, nonce, nm, sig);
+ rspamd_cryptobox_nm (nm, pk, sk, mode);
+ ret = rspamd_cryptobox_decrypt_nm_inplace (data, len, nonce, nm, sig, mode);
rspamd_explicit_memzero (nm, sizeof (nm));
void
rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig)
+ const rspamd_pk_t pk, const rspamd_sk_t sk,
+ rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
guchar nm[rspamd_cryptobox_MAX_NMBYTES];
- rspamd_cryptobox_nm (nm, pk, sk);
- rspamd_cryptobox_encrypt_nm_inplace (data, len, nonce, nm, sig);
+ rspamd_cryptobox_nm (nm, pk, sk, mode);
+ rspamd_cryptobox_encrypt_nm_inplace (data, len, nonce, nm, sig, mode);
rspamd_explicit_memzero (nm, sizeof (nm));
}
rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments,
gsize cnt,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig)
+ const rspamd_pk_t pk, const rspamd_sk_t sk,
+ rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode)
{
guchar nm[rspamd_cryptobox_MAX_NMBYTES];
- rspamd_cryptobox_nm (nm, pk, sk);
- rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, nonce, nm, sig);
+ rspamd_cryptobox_nm (nm, pk, sk, mode);
+ rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, nonce, nm, sig, mode);
rspamd_explicit_memzero (nm, sizeof (nm));
}
return TRUE;
}
-gboolean
-rspamd_cryptobox_openssl_mode (gboolean enable)
-{
-#ifdef HAVE_USABLE_OPENSSL
- use_openssl = enable;
-#endif
-
- return use_openssl;
-}
guint
-rspamd_cryptobox_pk_bytes (void)
+rspamd_cryptobox_pk_bytes (enum rspamd_cryptobox_mode mode)
{
- if (G_UNLIKELY (!use_openssl)) {
+ if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return 32;
}
else {
}
guint
-rspamd_cryptobox_pk_sig_bytes (void)
+rspamd_cryptobox_pk_sig_bytes (enum rspamd_cryptobox_mode mode)
{
- if (G_UNLIKELY (!use_openssl)) {
+ if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return 32;
}
else {
}
guint
-rspamd_cryptobox_nonce_bytes (void)
+rspamd_cryptobox_nonce_bytes (enum rspamd_cryptobox_mode mode)
{
- if (G_UNLIKELY (!use_openssl)) {
+ if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return 24;
}
else {
guint
-rspamd_cryptobox_sk_bytes (void)
+rspamd_cryptobox_sk_bytes (enum rspamd_cryptobox_mode mode)
{
return 32;
}
guint
-rspamd_cryptobox_sk_sig_bytes (void)
+rspamd_cryptobox_sk_sig_bytes (enum rspamd_cryptobox_mode mode)
{
- if (G_UNLIKELY (!use_openssl)) {
+ if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return 64;
}
else {
}
guint
-rspamd_cryptobox_signature_bytes (void)
+rspamd_cryptobox_signature_bytes (enum rspamd_cryptobox_mode mode)
{
static guint ssl_keylen;
- if (G_UNLIKELY (!use_openssl)) {
+ if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
return 64;
}
else {
}
guint
-rspamd_cryptobox_nm_bytes (void)
+rspamd_cryptobox_nm_bytes (enum rspamd_cryptobox_mode mode)
{
return 32;
}
guint
-rspamd_cryptobox_mac_bytes (void)
+rspamd_cryptobox_mac_bytes (enum rspamd_cryptobox_mode mode)
{
return 16;
}
typedef guchar rspamd_sig_pk_t[rspamd_cryptobox_MAX_SIGPKBYTES];
typedef guchar rspamd_sig_sk_t[rspamd_cryptobox_MAX_SIGSKBYTES];
+enum rspamd_cryptobox_mode {
+ RSPAMD_CRYPTOBOX_MODE_25519 = 0,
+ RSPAMD_CRYPTOBOX_MODE_NIST
+};
+
struct rspamd_cryptobox_library_ctx {
gchar *cpu_extensions;
const gchar *curve25519_impl;
* @param pk public key buffer
* @param sk secret key buffer
*/
-void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk);
+void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk,
+ enum rspamd_cryptobox_mode mode);
/**
* Generate new keypair for signing
* @param pk public key buffer
* @param sk secret key buffer
*/
-void rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk);
+void rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk,
+ enum rspamd_cryptobox_mode mode);
/**
* Encrypt data inplace adding signature to sig afterwards
*/
void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig);
+ const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
* Encrypt segments of data inplace adding signature to sig afterwards
void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments,
gsize cnt,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig);
+ const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
*/
gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig);
+ const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
* Encrypt segments of data inplace adding signature to sig afterwards
*/
void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_nm_t nm, rspamd_mac_t sig);
+ const rspamd_nm_t nm, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
* Encrypt segments of data inplace adding signature to sig afterwards
void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments,
gsize cnt,
const rspamd_nonce_t nonce,
- const rspamd_nm_t nm, rspamd_mac_t sig);
+ const rspamd_nm_t nm, rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
*/
gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
const rspamd_nonce_t nonce,
- const rspamd_nm_t nm, const rspamd_mac_t sig);
+ const rspamd_nm_t nm, const rspamd_mac_t sig,
+ enum rspamd_cryptobox_mode mode);
/**
* Generate shared secret from local sk and remote pk
* @param pk remote pubkey
* @param sk local privkey
*/
-void rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk);
+void rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk,
+ const rspamd_sk_t sk, enum rspamd_cryptobox_mode mode);
/**
* Create digital signature for the specified message and place result in `sig`
*/
void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p,
const guchar *m, gsize mlen,
- const rspamd_sk_t sk);
+ const rspamd_sk_t sk,
+ enum rspamd_cryptobox_mode mode);
/**
* Verifies digital signature for the specified message using the specified
bool rspamd_cryptobox_verify (const guchar *sig,
const guchar *m,
gsize mlen,
- const rspamd_pk_t pk);
+ const rspamd_pk_t pk,
+ enum rspamd_cryptobox_mode mode);
/**
* Securely clear the buffer specified
const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,
unsigned int rounds);
-/**
- * Enable openssl mode in rspamd_cryptobox
- * @param enable if TRUE then crypto code will use openssl, chacha20/poly1305 otherwize
- */
-gboolean rspamd_cryptobox_openssl_mode (gboolean enable);
-
/**
* Real size of rspamd cryptobox public key
*/
-guint rspamd_cryptobox_pk_bytes (void);
+guint rspamd_cryptobox_pk_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox signing public key
*/
-guint rspamd_cryptobox_pk_sig_bytes (void);
+guint rspamd_cryptobox_pk_sig_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of crypto nonce
*/
-guint rspamd_cryptobox_nonce_bytes (void);
+guint rspamd_cryptobox_nonce_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox secret key
*/
-guint rspamd_cryptobox_sk_bytes (void);
+guint rspamd_cryptobox_sk_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox signing secret key
*/
-guint rspamd_cryptobox_sk_sig_bytes (void);
+guint rspamd_cryptobox_sk_sig_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox shared key
*/
-guint rspamd_cryptobox_nm_bytes (void);
+guint rspamd_cryptobox_nm_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox MAC signature
*/
-guint rspamd_cryptobox_mac_bytes (void);
+guint rspamd_cryptobox_mac_bytes (enum rspamd_cryptobox_mode mode);
/**
* Real size of rspamd cryptobox digital signature
*/
-guint rspamd_cryptobox_signature_bytes (void);
+guint rspamd_cryptobox_signature_bytes (enum rspamd_cryptobox_mode mode);
/* Hash IUF interface */
typedef struct RSPAMD_ALIGNED(32) rspamd_cryptobox_hash_state_s {