[Minor] Add method to encrypt and seal data using keypair

diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index 1f8acc6d1d803def07468e461fa4b7cf042260bd..50e3614d9759d1857f7e827c0469461d40072072 100644 (file)
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -19,6 +19,7 @@
 #include "libcryptobox/keypair_private.h"
 #include "libutil/str_util.h"
 #include "libutil/printf.h"
+#include "contrib/libottery/ottery.h"
 
 const guchar encrypted_magic[7] = {'r', 'u', 'c', 'l', 'e', 'v', '1'};
 
@@ -977,3 +978,52 @@ rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,
 
        return TRUE;
 }
+gboolean
+rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
+                                               const guchar *in, gsize inlen,
+                                               guchar **out, gsize *outlen,
+                                               GError **err)
+{
+       guchar *nonce, *mac, *data, *pubkey;
+       struct rspamd_cryptobox_keypair *local;
+       gsize olen;
+
+       g_assert (kp != NULL);
+       g_assert (in != NULL);
+
+       if (kp->type != RSPAMD_KEYPAIR_KEX) {
+               g_set_error (err, rspamd_keypair_quark (), EINVAL,
+                               "invalid keypair type");
+
+               return FALSE;
+       }
+
+       local = rspamd_keypair_new (kp->type, kp->alg);
+
+       olen = inlen + sizeof (encrypted_magic) +
+                       rspamd_cryptobox_pk_bytes (kp->alg) +
+                       rspamd_cryptobox_mac_bytes (kp->alg) +
+                       rspamd_cryptobox_nonce_bytes (kp->alg);
+       *out = g_malloc (olen);
+       memcpy (*out, encrypted_magic, sizeof (encrypted_magic));
+       pubkey = *out + sizeof (encrypted_magic);
+       mac = pubkey + rspamd_cryptobox_pk_bytes (kp->alg);
+       nonce = mac + rspamd_cryptobox_mac_bytes (kp->alg);
+       data = nonce + rspamd_cryptobox_nonce_bytes (kp->alg);
+
+       ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (kp->alg));
+       memcpy (data, in, inlen);
+       memcpy (pubkey, rspamd_keypair_component (kp,
+                       RSPAMD_KEYPAIR_COMPONENT_PK, NULL),
+                       rspamd_cryptobox_pk_bytes (kp->alg));
+       rspamd_cryptobox_encrypt_inplace (data, inlen, nonce, pubkey,
+                       rspamd_keypair_component (local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
+                       mac, kp->alg);
+       rspamd_keypair_unref (local);
+
+       if (outlen) {
+               *outlen = olen;
+       }
+
+       return TRUE;
+}
\ No newline at end of file

diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
index fc17412e21f323bebfb4b5f94ed23281b52fea25..3e78e7cbba8009ccc4796f72f04b5fe585e968f3 100644 (file)
--- a/src/libcryptobox/keypair.h
+++ b/src/libcryptobox/keypair.h
@@ -287,5 +287,22 @@ gboolean rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,
                                                                 guchar **out, gsize *outlen,
                                                                 GError **err);
 
+/**
+ * Encrypts data usign specific keypair.
+ * This method actually generates ephemeral local keypair, use public key from
+ * the remote keypair and encrypts data
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @param err pointer to error
+ * @return TRUE if encryption has been completed, out must be freed in this case
+ */
+gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
+                                                                const guchar *in, gsize inlen,
+                                                                guchar **out, gsize *outlen,
+                                                                GError **err);
+
 
 #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */