Rework keypairs cache

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c

index 4ccca298b3389441757611777daf2feaba36cecb..9e652ea1c4da47b7d2c5e996dd80e651e62f087a 100644 (file)
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -17,3 +17,10 @@
  #include "config.h"
  #include "keypair.h"
  #include "keypair_private.h"
+
+void
+rspamd_cryptobox_nm_dtor (struct rspamd_cryptobox_nm *nm)
+{
+       rspamd_explicit_memzero (nm->nm, sizeof (nm->nm));
+       g_slice_free1 (sizeof (*nm), nm);
+}
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h

index a6b708202534f2419695e8eb0f11d62f1da10b2d..49f4e2be0e5e4650dc43b76b8eca4ba022c0201c 100644 (file)
--- a/src/libcryptobox/keypair.h
+++ b/src/libcryptobox/keypair.h
@@ -28,14 +28,6 @@ enum rspamd_cryptobox_keypair_type {
         RSPAMD_KEYPAIR_SIGN
  };
  
-/**
- * Algorithm used for keypair
- */
-enum rspamd_cryptobox_keypair_algorithm {
-       RSPAMD_KEYPAIR_NIST = 0,
-       RSPAMD_KEYPAIR_25519
-};
-
  /**
   * Opaque structure for the full (public + private) keypair
   */
@@ -53,7 +45,7 @@ struct rspamd_cryptobox_keypair_public;
   */
  struct rspamd_cryptobox_keypair* rspamd_keypair_new (
                 enum rspamd_cryptobox_keypair_type type,
-               enum rspamd_cryptobox_keypair_algorithm alg);
+               enum rspamd_cryptobox_mode alg);
  
  /**
   * Increase refcount for the specific keypair
diff --git a/src/libcryptobox/keypair_private.h b/src/libcryptobox/keypair_private.h

index 1856c1a470063633aabaf5b30afb63cf09fecdf1..78aed7279f5d3afd33274a9775cb14f1849c3a92 100644 (file)
--- a/src/libcryptobox/keypair_private.h
+++ b/src/libcryptobox/keypair_private.h
@@ -20,14 +20,111 @@
  #include "ref.h"
  #include "cryptobox.h"
  
-struct RSPAMD_ALIGNED(32) rspamd_http_keypair  {
-       guchar RSPAMD_ALIGNED(32) sk[rspamd_cryptobox_MAX_SKBYTES];
+/*
+ * KEX cached data
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_nm {
         guchar RSPAMD_ALIGNED(32) nm[rspamd_cryptobox_MAX_NMBYTES];
-       guchar RSPAMD_ALIGNED(32) pk[rspamd_cryptobox_MAX_PKBYTES];
+       ref_entry_t ref;
+};
+
+/*
+ * Generic keypair
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair  {
+       guchar id[rspamd_cryptobox_HASHBYTES];
+       enum rspamd_cryptobox_keypair_type type;
+       enum rspamd_cryptobox_mode alg;
+       ref_entry_t ref;
+};
+
+/*
+ * NIST p256 ecdh keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_NIST(x) ((struct rspamd_cryptobox_keypair_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_nist {
+       struct rspamd_cryptobox_keypair parent;
+       guchar RSPAMD_ALIGNED(32) sk[32];
+       guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Curve25519 ecdh keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_25519(x) ((struct rspamd_cryptobox_keypair_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_25519 {
+       struct rspamd_cryptobox_keypair parent;
+       guchar RSPAMD_ALIGNED(32) sk[32];
+       guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * NIST p256 ecdsa keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(x) ((struct rspamd_cryptobox_keypair_sig_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_nist {
+       struct rspamd_cryptobox_keypair parent;
+       guchar RSPAMD_ALIGNED(32) sk[32];
+       guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Ed25519 keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(x) ((struct rspamd_cryptobox_keypair_sig_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_25519 {
+       struct rspamd_cryptobox_keypair parent;
+       guchar RSPAMD_ALIGNED(32) sk[64];
+       guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Public component of the keypair
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public {
         guchar id[rspamd_cryptobox_HASHBYTES];
-       gboolean has_nm;
+       struct rspamd_cryptobox_nm *nm;
+       enum rspamd_cryptobox_keypair_type type;
+       enum rspamd_cryptobox_mode alg;
         ref_entry_t ref;
  };
  
+/*
+ * Public p256 ecdh
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_NIST(x) ((struct rspamd_cryptobox_keypair_public_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public_nist {
+       struct rspamd_cryptobox_keypair_public parent;
+       guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Public curve25519 ecdh
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_25519(x) ((struct rspamd_cryptobox_keypair_public_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public_25519 {
+       struct rspamd_cryptobox_keypair_public parent;
+       guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Public p256 ecdsa
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_PUBLIC_NIST(x) ((struct rspamd_cryptobox_keypair_sig_public_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_public_nist {
+       struct rspamd_cryptobox_keypair_public parent;
+       guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Public ed25519
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_PUBLIC_25519(x) ((struct rspamd_cryptobox_keypair_sig_public_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_public_25519 {
+       struct rspamd_cryptobox_keypair_public parent;
+       guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+void rspamd_cryptobox_nm_dtor (struct rspamd_cryptobox_nm *nm);
  
  #endif /* KEYPAIR_PRIVATE_H_ */
diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c

index 5df5e8a275c3f6b4cbcebc34353e870327d0b51e..4b755fbd61dd6e57ed70ef5dd495cebc87173508 100644 (file)
--- a/src/libcryptobox/keypairs_cache.c
+++ b/src/libcryptobox/keypairs_cache.c
@@ -21,8 +21,8 @@
  #include "xxhash.h"
  
  struct rspamd_keypair_elt {
-       guchar nm[rspamd_cryptobox_MAX_NMBYTES];
-       guchar pair[rspamd_cryptobox_MAX_PKBYTES + rspamd_cryptobox_MAX_SKBYTES];
+       struct rspamd_cryptobox_nm *nm;
+       guchar pair[rspamd_cryptobox_HASHBYTES * 2];
  };
  
  struct rspamd_keypair_cache {
@@ -34,7 +34,7 @@ rspamd_keypair_destroy (gpointer ptr)
  {
         struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr;
  
-       rspamd_explicit_memzero (elt, sizeof (*elt));
+       REF_RELEASE (elt->nm);
         g_slice_free1 (sizeof (*elt), elt);
  }
  
@@ -71,37 +71,61 @@ rspamd_keypair_cache_new (guint max_items)
  
  void
  rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
-               gpointer lk, gpointer rk)
+               struct rspamd_cryptobox_keypair *lk,
+               struct rspamd_cryptobox_keypair_public *rk)
  {
-       struct rspamd_http_keypair *kp_local = (struct rspamd_http_keypair *)lk,
-                       *kp_remote = (struct rspamd_http_keypair *)rk;
         struct rspamd_keypair_elt search, *new;
  
-       g_assert (kp_local != NULL);
-       g_assert (kp_remote != NULL);
+       g_assert (lk != NULL);
+       g_assert (rk != NULL);
+       g_assert (rk->alg == lk->alg);
+       g_assert (rk->type == lk->type);
+       g_assert (rk->type == RSPAMD_KEYPAIR_KEX);
  
         memset (&search, 0, sizeof (search));
-       memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
-       memcpy (&search.pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
-                       rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
+       memcpy (search.pair, rk->id, rspamd_cryptobox_HASHBYTES);
+       memcpy (&search.pair[rspamd_cryptobox_HASHBYTES], lk->id,
+                       rspamd_cryptobox_HASHBYTES);
         new = rspamd_lru_hash_lookup (c->hash, &search, time (NULL));
  
+       if (rk->nm) {
+               REF_RELEASE (rk->nm);
+               rk->nm = NULL;
+       }
+
         if (new == NULL) {
                 new = g_slice_alloc0 (sizeof (*new));
-               memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
-               memcpy (&new->pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
-                               rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
-               rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk, RSPAMD_CRYPTOBOX_MODE_25519);
+               new->nm = g_slice_alloc (sizeof (*new->nm));
+               REF_INIT_RETAIN (new->nm, rspamd_cryptobox_nm_dtor);
+
+               memcpy (new->pair, rk->id, rspamd_cryptobox_HASHBYTES);
+               memcpy (&new->pair[rspamd_cryptobox_HASHBYTES], lk->id,
+                               rspamd_cryptobox_HASHBYTES);
+
+               if (rk->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
+                       struct rspamd_cryptobox_keypair_public_25519 *rk_25519 =
+                                       RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_25519(rk);
+                       struct rspamd_cryptobox_keypair_25519 *sk_25519 =
+                                       RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk);
+
+                       rspamd_cryptobox_nm (new->nm->nm, rk_25519->pk, sk_25519->sk, rk->alg);
+               }
+               else {
+                       struct rspamd_cryptobox_keypair_public_nist *rk_nist =
+                                       RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_NIST(rk);
+                       struct rspamd_cryptobox_keypair_nist *sk_nist =
+                                       RSPAMD_CRYPTOBOX_KEYPAIR_NIST(lk);
+
+                       rspamd_cryptobox_nm (new->nm->nm, rk_nist->pk, sk_nist->sk, rk->alg);
+               }
+
                 rspamd_lru_hash_insert (c->hash, new, new, time (NULL), -1);
         }
  
         g_assert (new != NULL);
  
-       memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
-       kp_remote->has_nm = TRUE;
-#if 0
-       memcpy (kp_local->nm, new->nm, rspamd_cryptobox_NMBYTES);
-#endif
+       rk->nm = new->nm;
+       REF_RETAIN (rk->nm);
  }
  
  void
diff --git a/src/libcryptobox/keypairs_cache.h b/src/libcryptobox/keypairs_cache.h

index e52d03cbe39cc3318d0b9dbb5075217419e90009..e04a5914bfe1ffe56c581aff4060fd00475f325c 100644 (file)
--- a/src/libcryptobox/keypairs_cache.h
+++ b/src/libcryptobox/keypairs_cache.h
@@ -17,6 +17,7 @@
  #define KEYPAIRS_CACHE_H_
  
  #include "config.h"
+#include "keypair.h"
  
  struct rspamd_keypair_cache;
  
@@ -35,7 +36,8 @@ struct rspamd_keypair_cache * rspamd_keypair_cache_new (guint max_items);
   * @param rk remote key
   */
  void rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
-               gpointer lk, gpointer rk);
+               struct rspamd_cryptobox_keypair *lk,
+               struct rspamd_cryptobox_keypair_public *rk);
  
  /**
   * Destroy old keypair cache
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 5 Feb 2016 15:49:44 +0000 (15:49 +0000)
src/libcryptobox/keypair.c		patch \| blob \| history
src/libcryptobox/keypair.h		patch \| blob \| history
src/libcryptobox/keypair_private.h		patch \| blob \| history
src/libcryptobox/keypairs_cache.c		patch \| blob \| history
src/libcryptobox/keypairs_cache.h		patch \| blob \| history