Move to pluggable cryptobox object sizes

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c

index 0bc52288ac3e6688c4017f2986d11c224938618b..d9a0bc7185c095e516c0add896421cb547b6b166 100644 (file)
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -50,6 +50,7 @@
  #ifdef HAVE_USABLE_OPENSSL
  #include <openssl/evp.h>
  #include <openssl/ec.h>
+#include <openssl/ecdh.h>
  
  #define CRYPTOBOX_CURVE_NID NID_X9_62_prime256v1
  #endif
@@ -240,7 +241,7 @@ void
  rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk)
  {
         if (G_LIKELY (!use_openssl)) {
-               ottery_rand_bytes (sk, rspamd_cryptobox_SKBYTES);
+               ottery_rand_bytes (sk, rspamd_cryptobox_MAX_SKBYTES);
                 sk[0] &= 248;
                 sk[31] &= 127;
                 sk[31] |= 64;
@@ -266,13 +267,13 @@ rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk)
                 ec_pub = EC_KEY_get0_public_key (ec_sec);
                 g_assert (ec_pub != NULL);
                 bn_pub = EC_POINT_point2bn (EC_KEY_get0_group (ec_sec),
-                               ec_pub, POINT_CONVERSION_COMPRESSED, NULL, NULL);
+                               ec_pub, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
  
-               len = BN_num_bits (bn_sec) / NBBY;
+               len = BN_num_bytes (bn_sec);
                 g_assert (len <= (gint)sizeof (rspamd_sk_t));
                 BN_bn2bin (bn_sec, sk);
-               len = BN_num_bits (bn_pub) / NBBY;
-               g_assert (len <= (gint)sizeof (rspamd_pk_t));
+               len = BN_num_bytes (bn_pub);
+               g_assert (len <= rspamd_cryptobox_pk_bytes ());
                 BN_bn2bin (bn_pub, pk);
                 BN_free (bn_pub);
                 EC_KEY_free (ec_sec);
@@ -283,18 +284,55 @@ rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk)
  void
  rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk)
  {
-       guchar s[rspamd_cryptobox_PKBYTES];
-       guchar e[rspamd_cryptobox_SKBYTES];
+       if (G_LIKELY (!use_openssl)) {
+               guchar s[32];
+               guchar e[32];
+
+               memcpy (e, sk, 32);
+               e[0] &= 248;
+               e[31] &= 127;
+               e[31] |= 64;
+
+               curve25519 (s, e, pk);
+               hchacha (s, n0, nm, 20);
  
-       memcpy (e, sk, rspamd_cryptobox_SKBYTES);
-       e[0] &= 248;
-       e[31] &= 127;
-       e[31] |= 64;
+               rspamd_explicit_memzero (e, 32);
+       }
+       else {
+#ifndef HAVE_USABLE_OPENSSL
+               g_assert (0);
+#else
+               EC_KEY *lk;
+               EC_POINT *ec_pub;
+               BIGNUM *bn_pub, *bn_sec;
+               gint len;
+               guchar s[32];
  
-       curve25519 (s, e, pk);
-       hchacha (s, n0, nm, 20);
+               lk = EC_KEY_new_by_curve_name (CRYPTOBOX_CURVE_NID);
+               g_assert (lk != NULL);
  
-       rspamd_explicit_memzero (e, rspamd_cryptobox_SKBYTES);
+               bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (), NULL);
+               g_assert (bn_pub != NULL);
+               bn_sec = BN_bin2bn (sk, sizeof (rspamd_sk_t), NULL);
+               g_assert (bn_sec != NULL);
+
+               g_assert (EC_KEY_set_private_key (lk, bn_sec) == 1);
+               ec_pub = EC_POINT_new (EC_KEY_get0_group (lk));
+               g_assert (EC_POINT_set_compressed_coordinates_GF2m (EC_KEY_get0_group (lk),
+                               ec_pub, bn_pub, pk[0] & 1, NULL) == 1);
+               g_assert (ec_pub != NULL);
+               len = ECDH_compute_key (s, sizeof (s), ec_pub, lk, NULL);
+               g_assert (len == sizeof (s));
+
+               /* Still do hchacha iteration since we are not using SHA1 KDF */
+               hchacha (s, n0, nm, 20);
+
+               EC_KEY_free (lk);
+               EC_POINT_free (ec_pub);
+               BN_free (bn_sec);
+               BN_free (bn_pub);
+#endif
+       }
  }
  
  static gsize
@@ -861,7 +899,7 @@ rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
                 const rspamd_nonce_t nonce,
                 const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig)
  {
-       guchar nm[rspamd_cryptobox_NMBYTES];
+       guchar nm[rspamd_cryptobox_MAX_NMBYTES];
         gboolean ret;
  
         rspamd_cryptobox_nm (nm, pk, sk);
@@ -877,7 +915,7 @@ rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
                 const rspamd_nonce_t nonce,
                 const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig)
  {
-       guchar nm[rspamd_cryptobox_NMBYTES];
+       guchar nm[rspamd_cryptobox_MAX_NMBYTES];
  
         rspamd_cryptobox_nm (nm, pk, sk);
         rspamd_cryptobox_encrypt_nm_inplace (data, len, nonce, nm, sig);
@@ -890,7 +928,7 @@ rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments,
                 const rspamd_nonce_t nonce,
                 const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig)
  {
-       guchar nm[rspamd_cryptobox_NMBYTES];
+       guchar nm[rspamd_cryptobox_MAX_NMBYTES];
  
         rspamd_cryptobox_nm (nm, pk, sk);
         rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, nonce, nm, sig);
@@ -973,3 +1011,44 @@ rspamd_cryptobox_openssl_mode (gboolean enable)
  
         return use_openssl;
  }
+
+guint
+rspamd_cryptobox_pk_bytes (void)
+{
+       if (G_UNLIKELY (!use_openssl)) {
+               return 32;
+       }
+       else {
+               return 65;
+       }
+}
+
+guint
+rspamd_cryptobox_nonce_bytes (void)
+{
+       if (G_UNLIKELY (!use_openssl)) {
+               return 24;
+       }
+       else {
+               return 16;
+       }
+}
+
+
+guint
+rspamd_cryptobox_sk_bytes (void)
+{
+       return 32;
+}
+
+guint
+rspamd_cryptobox_nm_bytes (void)
+{
+       return 32;
+}
+
+guint
+rspamd_cryptobox_mac_bytes (void)
+{
+       return 16;
+}
+\ No newline at end of file
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h

index aed90079c101bb5e5310322efdb532c3af339559..a9eef3770d98cbacb898f2de8529a8c32327cf05 100644 (file)
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -30,18 +30,18 @@ struct rspamd_cryptobox_segment {
         gsize len;
  };
  
-#define rspamd_cryptobox_NONCEBYTES 24
-#define rspamd_cryptobox_PKBYTES 32
-#define rspamd_cryptobox_SKBYTES 32
-#define rspamd_cryptobox_MACBYTES 16
-#define rspamd_cryptobox_NMBYTES 32
+#define rspamd_cryptobox_MAX_NONCEBYTES 24
+#define rspamd_cryptobox_MAX_PKBYTES 65
+#define rspamd_cryptobox_MAX_SKBYTES 32
+#define rspamd_cryptobox_MAX_MACBYTES 16
+#define rspamd_cryptobox_MAX_NMBYTES 32
  #define rspamd_cryptobox_SIPKEYBYTES 16
  
-typedef guchar rspamd_pk_t[rspamd_cryptobox_PKBYTES];
-typedef guchar rspamd_sk_t[rspamd_cryptobox_SKBYTES];
-typedef guchar rspamd_sig_t[rspamd_cryptobox_MACBYTES];
-typedef guchar rspamd_nm_t[rspamd_cryptobox_NMBYTES];
-typedef guchar rspamd_nonce_t[rspamd_cryptobox_NONCEBYTES];
+typedef guchar rspamd_pk_t[rspamd_cryptobox_MAX_PKBYTES];
+typedef guchar rspamd_sk_t[rspamd_cryptobox_MAX_SKBYTES];
+typedef guchar rspamd_sig_t[rspamd_cryptobox_MAX_MACBYTES];
+typedef guchar rspamd_nm_t[rspamd_cryptobox_MAX_NMBYTES];
+typedef guchar rspamd_nonce_t[rspamd_cryptobox_MAX_NONCEBYTES];
  typedef guchar rspamd_sipkey_t[rspamd_cryptobox_SIPKEYBYTES];
  
  /**
@@ -180,4 +180,29 @@ gboolean rspamd_cryptobox_pbkdf(const char *pass, gsize pass_len,
   */
  gboolean rspamd_cryptobox_openssl_mode (gboolean enable);
  
+/**
+ * Real size of rspamd cryptobox public key
+ */
+guint rspamd_cryptobox_pk_bytes (void);
+
+/**
+ * Real size of crypto nonce
+ */
+guint rspamd_cryptobox_nonce_bytes (void);
+
+/**
+ * Real size of rspamd cryptobox secret key
+ */
+guint rspamd_cryptobox_sk_bytes (void);
+
+/**
+ * Real size of rspamd cryptobox shared key
+ */
+guint rspamd_cryptobox_nm_bytes (void);
+
+/**
+ * Real size of rspamd cryptobox MAC signature
+ */
+guint rspamd_cryptobox_mac_bytes (void);
+
  #endif /* CRYPTOBOX_H_ */
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 19 Oct 2015 10:08:50 +0000 (11:08 +0100)
src/libcryptobox/cryptobox.c		patch \| blob \| history
src/libcryptobox/cryptobox.h		patch \| blob \| history