{
const gchar *start, *end;
gint64 id;
- gsize size;
+ gsize size, i;
gboolean ret = FALSE;
+ const struct rspamd_controller_pbkdf *p;
if (password[0] == '$') {
/* Parse id */
gchar *endptr;
id = strtoul (start, &endptr, 10);
- if ((endptr == NULL || *endptr == *end) && id == RSPAMD_PBKDF_ID_V1) {
- ret = TRUE;
+ if ((endptr == NULL || *endptr == *end)) {
+ for (i = 0; i < RSPAMD_PBKDF_ID_MAX - 1; i ++) {
+ p = &pbkdf_list[i];
+
+ if (p->id == id) {
+ ret = TRUE;
+ if (pbkdf != NULL) {
+ *pbkdf = &pbkdf_list[0];
+ }
- if (pbkdf != NULL) {
- *pbkdf = &pbkdf_list[0];
+ break;
+ }
}
}
}
local_key = g_alloca (pbkdf->key_len);
rspamd_cryptobox_pbkdf (password->begin, password->len,
salt_decoded, salt_len,
- local_key, pbkdf->key_len, pbkdf->rounds);
+ local_key, pbkdf->key_len, pbkdf->complexity,
+ pbkdf->type);
if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {
msg_info_ctx ("incorrect or absent password has been specified");
g_free (tmp);
}
-static int __Catena(const uint8_t *pwd, const uint32_t pwdlen,
+static int
+__Catena (const uint8_t *pwd, const uint32_t pwdlen,
const uint8_t *salt, const uint8_t saltlen, const uint8_t *data,
const uint32_t datalen, const uint8_t lambda, const uint8_t min_garlic,
const uint8_t garlic, const uint8_t hashlen, const uint8_t client,
/***************************************************/
int
-catena (uint8_t *pwd, const uint32_t pwdlen, const uint8_t *salt,
+catena (const uint8_t *pwd, const uint32_t pwdlen, const uint8_t *salt,
const uint8_t saltlen, const uint8_t *data, const uint32_t datalen,
const uint8_t lambda, const uint8_t min_garlic, const uint8_t garlic,
const uint8_t hashlen, uint8_t *hash)
}
int
-simple_catena (uint8_t *pwd, const uint32_t pwdlen,
+simple_catena (const uint8_t *pwd, const uint32_t pwdlen,
const uint8_t *salt, const uint8_t saltlen,
const uint8_t *data, const uint32_t datalen,
uint8_t hash[H_LEN])
{
- return __Catena(pwd, pwdlen, salt, saltlen, data, datalen,
+ return __Catena (pwd, pwdlen, salt, saltlen, data, datalen,
LAMBDA, MIN_GARLIC, GARLIC, H_LEN,
REGULAR, PASSWORD_HASHING_MODE, hash);
}
#define CATENA_HLEN 64
int
-catena (uint8_t *pwd, const uint32_t pwdlen,
+catena (const uint8_t *pwd, const uint32_t pwdlen,
const uint8_t *salt, const uint8_t saltlen,
const uint8_t *data, const uint32_t datalen,
const uint8_t lambda, const uint8_t min_garlic,
* @param hash output hash
* @return 0 if hash is generated, -1 in case of error
*/
-int simple_catena(uint8_t *pwd, const uint32_t pwdlen,
+int simple_catena (const uint8_t *pwd, const uint32_t pwdlen,
const uint8_t *salt, const uint8_t saltlen,
const uint8_t *data, const uint32_t datalen,
uint8_t hash[CATENA_HLEN]);
* Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
* Code based on IEEE Std 802.11-2007, Annex H.4.2.
*/
-gboolean
-rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len,
+static gboolean
+rspamd_cryptobox_pbkdf2 (const char *pass, gsize pass_len,
const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,
unsigned int rounds)
{
return TRUE;
}
+gboolean
+rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len,
+ const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,
+ unsigned int complexity, enum rspamd_cryptobox_pbkdf_type type)
+{
+ gboolean ret = FALSE;
+
+ switch (type) {
+ case RSPAMD_CRYPTOBOX_CATENA:
+ if (catena (pass, pass_len, salt, salt_len, "rspamd", 6,
+ 4, complexity, complexity, key_len, key) == 0) {
+ ret = TRUE;
+ }
+ break;
+ case RSPAMD_CRYPTOBOX_PBKDF2:
+ default:
+ ret = rspamd_cryptobox_pbkdf2 (pass, pass_len, salt, salt_len, key,
+ key_len, complexity);
+ break;
+ }
+
+ return ret;
+}
guint
rspamd_cryptobox_pk_bytes (enum rspamd_cryptobox_mode mode)
unsigned long long inlen,
const rspamd_sipkey_t k);
+enum rspamd_cryptobox_pbkdf_type {
+ RSPAMD_CRYPTOBOX_PBKDF2 = 0,
+ RSPAMD_CRYPTOBOX_CATENA
+};
+
+
/**
- * Derive key from password using PKCS#5 and HMAC-blake2
+ * Derive key from password using the specified algorithm
* @param pass input password
* @param pass_len length of the password
* @param salt input salt
* @param salt_len length of salt
* @param key output key
* @param key_len size of the key
- * @param rounds number of rounds (should be reasonably high)
+ * @param complexity empiric number of complexity (rounds for pbkdf2 and garlic for catena)
* @return TRUE in case of success and FALSE if failed
*/
-gboolean rspamd_cryptobox_pbkdf(const char *pass, gsize pass_len,
- const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,
- unsigned int rounds);
+gboolean rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len,
+ const guint8 *salt, gsize salt_len,
+ guint8 *key, gsize key_len,
+ unsigned int complexity,
+ enum rspamd_cryptobox_pbkdf_type type);
+
/**
* Real size of rspamd cryptobox public key
const struct rspamd_controller_pbkdf pbkdf_list[] = {
{
+ .type = RSPAMD_CRYPTOBOX_PBKDF2,
.id = RSPAMD_PBKDF_ID_V1,
- .rounds = 16000,
+ .complexity = 16000,
+ .salt_len = 20,
+ .key_len = rspamd_cryptobox_HASHBYTES / 2
+ },
+ {
+ .type = RSPAMD_CRYPTOBOX_CATENA,
+ .id = RSPAMD_PBKDF_ID_V2,
+ .complexity = 10,
.salt_len = 20,
.key_len = rspamd_cryptobox_HASHBYTES / 2
}
ottery_rand_bytes (salt, pbkdf->salt_len);
/* Derive key */
rspamd_cryptobox_pbkdf (password, strlen (password),
- salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->rounds);
+ salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->complexity);
encoded_salt = rspamd_encode_base32 (salt, pbkdf->salt_len);
encoded_key = rspamd_encode_base32 (key, pbkdf->key_len);
local_key = g_alloca (pbkdf->key_len);
rspamd_cryptobox_pbkdf (test_password, plen,
salt_decoded, salt_len,
- local_key, pbkdf->key_len, pbkdf->rounds);
+ local_key, pbkdf->key_len, pbkdf->complexity);
rspamd_explicit_memzero (test_password, plen);
if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {
};
struct rspamd_controller_pbkdf {
+ enum rspamd_cryptobox_pbkdf_type type;
gint id;
- guint rounds;
+ guint complexity;
gsize salt_len;
gsize key_len;
};
gboolean privilleged,
gboolean require_message);
-#define RSPAMD_PBKDF_ID_V1 1
+enum rspamd_pbkdf_version_id {
+ RSPAMD_PBKDF_ID_V1 = 1,
+ RSPAMD_PBKDF_ID_V2= 2,
+ RSPAMD_PBKDF_ID_MAX
+};
+
extern const struct rspamd_controller_pbkdf pbkdf_list[];
+
#endif
/*
projects / rspamd.git / commitdiff