struct http_parser_settings decrypted_cb;
nonce = msg->body->str;
- m = msg->body->str + rspamd_cryptobox_NONCEBYTES +
- rspamd_cryptobox_MACBYTES;
- dec_len = msg->body->len - rspamd_cryptobox_NONCEBYTES -
- rspamd_cryptobox_MACBYTES;
+ m = msg->body->str + rspamd_cryptobox_nonce_bytes () +
+ rspamd_cryptobox_mac_bytes ();
+ dec_len = msg->body->len - rspamd_cryptobox_nonce_bytes () -
+ rspamd_cryptobox_mac_bytes ();
if (!peer_key->has_nm) {
/* We still save NM for the following encryption */
}
if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce,
- peer_key->nm, m - rspamd_cryptobox_MACBYTES)) {
+ peer_key->nm, m - rspamd_cryptobox_mac_bytes ())) {
msg_err ("cannot verify encrypted message");
return -1;
}
if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && priv->encrypted) {
if (priv->local_key == NULL || priv->msg->peer_key == NULL ||
- priv->msg->body->len < rspamd_cryptobox_NONCEBYTES +
- rspamd_cryptobox_MACBYTES) {
+ priv->msg->body->len < rspamd_cryptobox_nonce_bytes () +
+ rspamd_cryptobox_mac_bytes ()) {
msg_err ("cannot decrypt message");
return -1;
}
struct rspamd_http_keypair *peer_key)
{
struct rspamd_cryptobox_segment *segments;
- guchar *crlfp = mp + rspamd_cryptobox_MACBYTES;
+ guchar *crlfp = mp + rspamd_cryptobox_mac_bytes ();
gint i, cnt;
guint outlen;
struct rspamd_http_header *hdr;
* iov[4..i] = encrypted HTTP request/reply
*/
priv->out[2].iov_base = np;
- priv->out[2].iov_len = rspamd_cryptobox_NONCEBYTES;
+ priv->out[2].iov_len = rspamd_cryptobox_nonce_bytes ();
priv->out[3].iov_base = mp;
- priv->out[3].iov_len = rspamd_cryptobox_MACBYTES;
+ priv->out[3].iov_len = rspamd_cryptobox_mac_bytes ();
- outlen += rspamd_cryptobox_NONCEBYTES + rspamd_cryptobox_MACBYTES;
+ outlen += rspamd_cryptobox_nonce_bytes () + rspamd_cryptobox_mac_bytes ();
for (i = 0; i < cnt; i ++) {
priv->out[i + 4].iov_base = segments[i].data;
rspamd_fstring_t *buf;
gboolean encrypted = FALSE;
gchar *b32_key, *b32_id;
- guchar nonce[rspamd_cryptobox_NONCEBYTES], mac[rspamd_cryptobox_MACBYTES],
+ guchar nonce[rspamd_cryptobox_MAX_NONCEBYTES], mac[rspamd_cryptobox_MAX_MACBYTES],
id[BLAKE2B_OUTBYTES];
guchar *np = NULL, *mp = NULL, *meth_pos = NULL;
struct rspamd_http_keypair *peer_key = NULL;
* [iov[n + 2] = encrypted body]
*/
priv->outlen = 7;
- enclen = rspamd_cryptobox_NONCEBYTES + rspamd_cryptobox_MACBYTES +
+ enclen = rspamd_cryptobox_nonce_bytes () +
+ rspamd_cryptobox_mac_bytes () +
4 + /* 2 * CRLF */
bodylen;
}
ENCRYPTED_VERSION);
}
- enclen = rspamd_cryptobox_NONCEBYTES + rspamd_cryptobox_MACBYTES +
+ enclen = rspamd_cryptobox_nonce_bytes () +
+ rspamd_cryptobox_mac_bytes () +
preludelen + /* version [content-length] + 2 * CRLF */
bodylen;
}
if (encrypted) {
memcpy (id, peer_key->id, sizeof (id));
b32_key = rspamd_encode_base32 (priv->local_key->pk,
- sizeof (priv->local_key->pk));
+ rspamd_cryptobox_pk_bytes ());
b32_id = rspamd_encode_base32 (id, RSPAMD_HTTP_KEY_ID_LEN);
/* XXX: add some fuzz here */
rspamd_printf_fstring (&buf, "Key: %s=%s\r\n", b32_id, b32_key);
if (encrypted) {
gint meth_offset, nonce_offset, mac_offset;
- ottery_rand_bytes (nonce, sizeof (nonce));
- memset (mac, 0, sizeof (mac));
+ ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes ());
+ memset (mac, 0, rspamd_cryptobox_mac_bytes ());
meth_offset = buf->len;
if (conn->type == RSPAMD_HTTP_SERVER) {
}
nonce_offset = buf->len;
- buf = rspamd_fstring_append (buf, nonce, sizeof (nonce));
+ buf = rspamd_fstring_append (buf, nonce, rspamd_cryptobox_nonce_bytes ());
mac_offset = buf->len;
- buf = rspamd_fstring_append (buf, mac, sizeof (mac));
+ buf = rspamd_fstring_append (buf, mac, rspamd_cryptobox_mac_bytes ());
/* Need to be encrypted */
if (conn->type == RSPAMD_HTTP_SERVER) {
decoded_pk = rspamd_decode_base32 (key + keylen / 2, keylen / 2, &decoded_len);
if (decoded_pk != NULL && decoded_sk != NULL) {
- if (decoded_len == rspamd_cryptobox_PKBYTES) {
+ if (decoded_len == rspamd_cryptobox_pk_bytes ()) {
kp = g_slice_alloc (sizeof (*kp));
REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor);
- memcpy (kp->sk, decoded_sk, rspamd_cryptobox_SKBYTES);
- memcpy (kp->pk, decoded_pk, rspamd_cryptobox_PKBYTES);
- blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0);
+ memcpy (kp->sk, decoded_sk, rspamd_cryptobox_sk_bytes ());
+ memcpy (kp->pk, decoded_pk, rspamd_cryptobox_pk_bytes ());
+ blake2b (kp->id, kp->pk, NULL, sizeof (kp->id),
+ rspamd_cryptobox_pk_bytes (), 0);
return (gpointer)kp;
}
REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor);
rspamd_cryptobox_keypair (kp->pk, kp->sk);
- blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0);
+ blake2b (kp->id, kp->pk, NULL, sizeof (kp->id),
+ rspamd_cryptobox_pk_bytes (), 0);
return (gpointer)kp;
}
res = g_string_new (NULL);
if ((how & RSPAMD_KEYPAIR_PUBKEY)) {
- rspamd_http_print_key_component (kp->pk, sizeof (kp->pk), res, how,
+ rspamd_http_print_key_component (kp->pk,
+ rspamd_cryptobox_pk_bytes (), res, how,
"Public key");
}
if ((how & RSPAMD_KEYPAIR_PRIVKEY)) {
- rspamd_http_print_key_component (kp->sk, sizeof (kp->sk), res, how,
+ rspamd_http_print_key_component (kp->sk, rspamd_cryptobox_sk_bytes (),
+ res, how,
"Private key");
}
if ((how & RSPAMD_KEYPAIR_ID)) {
pk_decoded = rspamd_decode_base32 (key, strlen (key), &dec_len);
- if (pk_decoded != NULL && dec_len == rspamd_cryptobox_PKBYTES) {
+ if (pk_decoded != NULL && dec_len == rspamd_cryptobox_pk_bytes ()) {
kp = g_slice_alloc0 (sizeof (*kp));
REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor);
- memcpy (kp->pk, pk_decoded, sizeof (kp->pk));
- blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0);
+ memcpy (kp->pk, pk_decoded, rspamd_cryptobox_pk_bytes ());
+ blake2b (kp->id, kp->pk, NULL, sizeof (kp->id),
+ rspamd_cryptobox_pk_bytes (), 0);
}
g_free (pk_decoded);
#include "xxhash.h"
struct rspamd_keypair_elt {
- guchar nm[rspamd_cryptobox_NMBYTES];
- guchar pair[rspamd_cryptobox_PKBYTES + rspamd_cryptobox_SKBYTES];
+ guchar nm[rspamd_cryptobox_MAX_NMBYTES];
+ guchar pair[rspamd_cryptobox_MAX_PKBYTES + rspamd_cryptobox_MAX_SKBYTES];
};
struct rspamd_keypair_cache {
g_assert (kp_local != NULL);
g_assert (kp_remote != NULL);
- memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_PKBYTES);
- memcpy (&search.pair[rspamd_cryptobox_PKBYTES], kp_local->sk,
- rspamd_cryptobox_SKBYTES);
+ memset (&search, 0, sizeof (search));
+ memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ());
+ memcpy (&search.pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
+ rspamd_cryptobox_sk_bytes ());
new = rspamd_lru_hash_lookup (c->hash, &search, time (NULL));
if (new == NULL) {
- new = g_slice_alloc (sizeof (*new));
- memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_PKBYTES);
- memcpy (&new->pair[rspamd_cryptobox_PKBYTES], kp_local->sk,
- rspamd_cryptobox_SKBYTES);
+ new = g_slice_alloc0 (sizeof (*new));
+ memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ());
+ memcpy (&new->pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
+ rspamd_cryptobox_sk_bytes ());
rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk);
rspamd_lru_hash_insert (c->hash, new, new, time (NULL), -1);
}
g_assert (new != NULL);
- memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_NMBYTES);
+ memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes ());
kp_remote->has_nm = TRUE;
#if 0
memcpy (kp_local->nm, new->nm, rspamd_cryptobox_NMBYTES);