#include "printf.h"
#include "http.h"
#include "ucl.h"
-#include "keypair_private.h"
+#include "libcryptobox/keypair.h"
#include "libutil/str_util.h"
static gboolean hex_encode = FALSE;
{
GOptionContext *context;
GError *error = NULL;
- gpointer keypair;
- GString *keypair_out;
- gint how;
- ucl_object_t *ucl_out, *elt;
+ struct rspamd_cryptobox_keypair *kp;
+ gint how = 0;
+ ucl_object_t *ucl_out;
struct ucl_emitter_functions *ucl_emit_subr;
- guchar *sig_sk, *sig_pk;
- gchar *sig_sk_encoded, *sig_pk_encoded, *pk_id_encoded;
- guchar kh[rspamd_cryptobox_HASHBYTES];
- const gchar *encoding;
+ GString *out;
+ enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX;
+ enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
context = g_option_context_new (
"keypair - create encryption keys");
}
if (openssl) {
- if (!rspamd_cryptobox_openssl_mode (TRUE)) {
- fprintf (stderr, "cannot enable openssl mode (incompatible openssl)\n");
- exit (1);
- }
+ mode = RSPAMD_CRYPTOBOX_MODE_NIST;
}
-
- if (!sign) {
- keypair = rspamd_http_connection_gen_key ();
- if (keypair == NULL) {
- exit (EXIT_FAILURE);
- }
-
- how = 0;
-
- if (hex_encode) {
- how |= RSPAMD_KEYPAIR_HEX;
- encoding = "hex";
- }
- else {
- how |= RSPAMD_KEYPAIR_BASE32;
- encoding = "base32";
- }
-
- if (ucl) {
- ucl_out = ucl_object_typed_new (UCL_OBJECT);
- elt = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (ucl_out, elt, "keypair", 0, false);
-
- /* pubkey part */
- keypair_out = rspamd_http_connection_print_key (keypair,
- RSPAMD_KEYPAIR_PUBKEY|how);
- ucl_object_insert_key (elt,
- ucl_object_fromlstring (keypair_out->str, keypair_out->len),
- "pubkey", 0, false);
- g_string_free (keypair_out, TRUE);
-
- /* privkey part */
- keypair_out = rspamd_http_connection_print_key (keypair,
- RSPAMD_KEYPAIR_PRIVKEY|how);
- ucl_object_insert_key (elt,
- ucl_object_fromlstring (keypair_out->str, keypair_out->len),
- "privkey", 0, false);
- g_string_free (keypair_out, TRUE);
-
- keypair_out = rspamd_http_connection_print_key (keypair,
- RSPAMD_KEYPAIR_ID|how);
- ucl_object_insert_key (elt,
- ucl_object_fromlstring (keypair_out->str, keypair_out->len),
- "id", 0, false);
- ucl_object_insert_key (elt,
- ucl_object_fromstring (encoding),
- "encoding", 0, false);
- ucl_object_insert_key (elt,
- ucl_object_fromstring (openssl ? "nistp256" : "curve25519"),
- "algorithm", 0, false);
- ucl_object_insert_key (elt,
- ucl_object_fromstring ("kex"),
- "type", 0, false);
-
- ucl_emit_subr = ucl_object_emit_file_funcs (stdout);
- ucl_object_emit_full (ucl_out, UCL_EMIT_CONFIG, ucl_emit_subr);
- ucl_object_emit_funcs_free (ucl_emit_subr);
- ucl_object_unref (ucl_out);
- }
- else {
- how |= RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_PRIVKEY;
-
- if (!raw) {
- how |= RSPAMD_KEYPAIR_HUMAN|RSPAMD_KEYPAIR_ID;
- }
-
- keypair_out = rspamd_http_connection_print_key (keypair, how);
- rspamd_printf ("%v", keypair_out);
- }
-
- rspamd_http_connection_key_unref (keypair);
- rspamd_explicit_memzero (keypair_out->str, keypair_out->len);
- g_string_free (keypair_out, TRUE);
+ if (hex_encode) {
+ how |= RSPAMD_KEYPAIR_HEX;
}
else {
- sig_sk = g_malloc (rspamd_cryptobox_sk_sig_bytes ());
- sig_pk = g_malloc (rspamd_cryptobox_pk_sig_bytes ());
-
- rspamd_cryptobox_keypair_sig (sig_pk, sig_sk);
- rspamd_cryptobox_hash (kh, sig_pk, rspamd_cryptobox_pk_sig_bytes (),
- NULL, 0);
-
- if (hex_encode) {
- encoding = "hex";
- sig_pk_encoded = rspamd_encode_hex (sig_pk,
- rspamd_cryptobox_pk_sig_bytes ());
- sig_sk_encoded = rspamd_encode_hex (sig_sk,
- rspamd_cryptobox_sk_sig_bytes ());
- pk_id_encoded = rspamd_encode_hex (kh, sizeof (kh));
- }
- else {
- encoding = "base32";
- sig_pk_encoded = rspamd_encode_base32 (sig_pk,
- rspamd_cryptobox_pk_sig_bytes ());
- sig_sk_encoded = rspamd_encode_base32 (sig_sk,
- rspamd_cryptobox_sk_sig_bytes ());
- pk_id_encoded = rspamd_encode_base32 (kh, sizeof (kh));
- }
-
- if (ucl) {
- ucl_out = ucl_object_typed_new (UCL_OBJECT);
- elt = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (ucl_out, elt, "keypair", 0, false);
-
- /* pubkey part */
- ucl_object_insert_key (elt,
- ucl_object_fromstring (sig_pk_encoded),
- "pubkey", 0, false);
-
- /* privkey part */
- ucl_object_insert_key (elt,
- ucl_object_fromstring (sig_sk_encoded),
- "privkey", 0, false);
+ how |= RSPAMD_KEYPAIR_BASE32;
+ }
- ucl_object_insert_key (elt,
- ucl_object_fromstring (pk_id_encoded),
- "id", 0, false);
+ if (sign) {
+ type = RSPAMD_KEYPAIR_SIGN;
+ }
- ucl_object_insert_key (elt,
- ucl_object_fromstring (encoding),
- "encoding", 0, false);
+ kp = rspamd_keypair_new (type, mode);
- ucl_object_insert_key (elt,
- ucl_object_fromstring (openssl ? "nistp256" : "curve25519"),
- "algorithm", 0, false);
- ucl_object_insert_key (elt,
- ucl_object_fromstring ("sign"),
- "type", 0, false);
+ if (ucl) {
+ ucl_out = rspamd_keypair_to_ucl (kp, hex_encode);
+ ucl_emit_subr = ucl_object_emit_file_funcs (stdout);
+ ucl_object_emit_full (ucl_out, UCL_EMIT_CONFIG, ucl_emit_subr);
+ ucl_object_emit_funcs_free (ucl_emit_subr);
+ ucl_object_unref (ucl_out);
+ }
+ else {
+ how |= RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_PRIVKEY;
- ucl_emit_subr = ucl_object_emit_file_funcs (stdout);
- ucl_object_emit_full (ucl_out, UCL_EMIT_CONFIG, ucl_emit_subr);
- ucl_object_emit_funcs_free (ucl_emit_subr);
- ucl_object_unref (ucl_out);
+ if (!raw) {
+ how |= RSPAMD_KEYPAIR_HUMAN|RSPAMD_KEYPAIR_ID;
}
- else {
- rspamd_printf ("Public key: %s\nPrivate key: %s\nKey ID: %s\n",
- sig_pk_encoded,
- sig_sk_encoded,
- pk_id_encoded);
- }
-
- rspamd_explicit_memzero (sig_sk, rspamd_cryptobox_sk_sig_bytes ());
- rspamd_explicit_memzero (sig_sk_encoded, strlen (sig_sk_encoded));
- g_free (sig_pk);
- g_free (sig_sk);
- g_free (sig_pk_encoded);
- g_free (sig_sk_encoded);
- g_free (pk_id_encoded);
+ out = rspamd_keypair_print (kp, how);
+ rspamd_printf ("%v", kp);
+ g_string_free (out, TRUE);
}
+
+ rspamd_keypair_unref (kp);
}
#include "cryptobox.h"
#include "printf.h"
#include "ucl.h"
-#include "keypair_private.h"
+#include "libcryptobox/keypair.h"
#include "libutil/str_util.h"
#include "libutil/util.h"
#include "unix-std.h"
static gchar *pubkey_file = NULL;
static gchar *pubkey = NULL;
static gchar *keypair_file = NULL;
+enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
static void rspamadm_signtool (gint argc, gchar **argv);
static const char *rspamadm_signtool_help (gboolean full_help);
exit (errno);
}
- g_assert (rspamd_cryptobox_MAX_SIGBYTES >= rspamd_cryptobox_signature_bytes ());
+ g_assert (rspamd_cryptobox_MAX_SIGBYTES >=
+ rspamd_cryptobox_signature_bytes (mode));
- rspamd_cryptobox_sign (sig, NULL, map, st.st_size, sk);
- write (fd_sig, sig, rspamd_cryptobox_signature_bytes ());
+ rspamd_cryptobox_sign (sig, NULL, map, st.st_size, sk, mode);
+ write (fd_sig, sig, rspamd_cryptobox_signature_bytes (mode));
close (fd_sig);
munmap (map, st.st_size);
struct stat st, st_sig;
bool ret;
- g_assert (rspamd_cryptobox_MAX_SIGBYTES >= rspamd_cryptobox_signature_bytes ());
+ g_assert (rspamd_cryptobox_MAX_SIGBYTES >=
+ rspamd_cryptobox_signature_bytes (mode));
if (suffix == NULL) {
suffix = ".sig";
g_assert (fstat (fd_sig, &st_sig) != -1);
- if (st_sig.st_size != rspamd_cryptobox_signature_bytes ()) {
+ if (st_sig.st_size != rspamd_cryptobox_signature_bytes (mode)) {
close (fd_sig);
rspamd_fprintf (stderr, "invalid signature size %s: %ud\n", fname,
(guint)st_sig.st_size);
exit (errno);
}
- ret = rspamd_cryptobox_verify (map_sig, map, st.st_size, pk);
+ ret = rspamd_cryptobox_verify (map_sig, map, st.st_size, pk, mode);
munmap (map, st.st_size);
munmap (map_sig, st_sig.st_size);
GError *error = NULL;
struct ucl_parser *parser;
ucl_object_t *top;
- const ucl_object_t *elt;
- guchar *pk, *sk;
- gsize fsize, flen, klen;
+ struct rspamd_cryptobox_pubkey *pk;
+ struct rspamd_cryptobox_keypair *kp;
+ gsize fsize, flen;
gint i;
context = g_option_context_new (
}
if (openssl) {
- if (!rspamd_cryptobox_openssl_mode (TRUE)) {
- rspamd_fprintf (stderr, "cannot enable openssl mode (incompatible openssl)\n");
- exit (1);
- }
+ mode = RSPAMD_CRYPTOBOX_MODE_NIST;
}
if (verify && (!pubkey && !pubkey_file)) {
flen --;
}
- pk = rspamd_decode_base32 (map, flen, &klen);
+ pk = rspamd_pubkey_from_base32 (map, flen,
+ RSPAMD_KEYPAIR_SIGN, mode);
- if (klen != rspamd_cryptobox_pk_sig_bytes () || pk == NULL) {
- rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n", klen,
- rspamd_cryptobox_pk_sig_bytes ());
+ if (pk == NULL) {
+ rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n", flen,
+ rspamd_cryptobox_pk_sig_bytes (mode));
exit (errno);
}
munmap (map, fsize);
}
else {
- pk = rspamd_decode_base32 (pubkey, strlen (pubkey), &klen);
+ pk = rspamd_pubkey_from_base32 (pubkey, strlen (pubkey),
+ RSPAMD_KEYPAIR_SIGN, mode);
- if (klen != rspamd_cryptobox_pk_sig_bytes () || pk == NULL) {
- rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n", klen,
- rspamd_cryptobox_pk_sig_bytes ());
+ if (pk == NULL) {
+ rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n",
+ strlen (pubkey),
+ rspamd_cryptobox_pk_sig_bytes (mode));
exit (errno);
}
}
for (i = 1; i < argc; i++) {
/* XXX: support cmd line signature */
- if (!rspamadm_verify_file (argv[i], pk)) {
+ if (!rspamadm_verify_file (argv[i], rspamd_pubkey_get_pk (pk, NULL))) {
exit (EXIT_FAILURE);
}
}
ucl_parser_free (parser);
- /* XXX: add generic routine to parse all keypair types */
- elt = ucl_object_find_key (top, "keypair");
-
- /* XXX: add secure cleanup */
- if (elt == NULL || ucl_object_type (elt) != UCL_OBJECT) {
- rspamd_fprintf (stderr, "cannot load keypair: absent keypair\n");
- ucl_object_unref (top);
- exit (EINVAL);
- }
-
- elt = ucl_object_find_key (elt, "privkey");
-
- if (elt == NULL || ucl_object_type (elt) != UCL_STRING) {
- rspamd_fprintf (stderr, "cannot load keypair: absent privkey\n");
- ucl_object_unref (top);
- exit (EINVAL);
- }
-
- sk = rspamd_decode_base32 (ucl_object_tostring (elt),
- elt->len, &klen);
- ucl_object_unref (top);
-
- if (klen != rspamd_cryptobox_sk_sig_bytes () || sk == NULL) {
- rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n",
- ucl_object_tostring (elt),klen,
- rspamd_cryptobox_sk_sig_bytes ());
- exit (errno);
- }
+ kp = rspamd_keypair_from_ucl (top);
for (i = 1; i < argc; i++) {
/* XXX: support cmd line signature */
- if (!rspamadm_sign_file (argv[i], sk)) {
- rspamd_explicit_memzero (sk, klen);
+ if (!rspamadm_sign_file (argv[i], rspamd_keypair_component (
+ kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL))) {
+ rspamd_keypair_unref (kp);
exit (EXIT_FAILURE);
}
}
- rspamd_explicit_memzero (sk, klen);
- g_free (sk);
+ rspamd_keypair_unref (kp);
}
}