From: Vsevolod Stakhov Date: Sat, 19 May 2018 14:42:02 +0000 (+0100) Subject: [Minor] Add method to encrypt and seal data using keypair X-Git-Tag: 1.7.6~122 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8fb0982059b332bb0eab66ab11b74c52047f73ea;p=rspamd.git [Minor] Add method to encrypt and seal data using keypair --- diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index 1f8acc6d1..50e3614d9 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -19,6 +19,7 @@ #include "libcryptobox/keypair_private.h" #include "libutil/str_util.h" #include "libutil/printf.h" +#include "contrib/libottery/ottery.h" const guchar encrypted_magic[7] = {'r', 'u', 'c', 'l', 'e', 'v', '1'}; @@ -977,3 +978,52 @@ rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp, return TRUE; } +gboolean +rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp, + const guchar *in, gsize inlen, + guchar **out, gsize *outlen, + GError **err) +{ + guchar *nonce, *mac, *data, *pubkey; + struct rspamd_cryptobox_keypair *local; + gsize olen; + + g_assert (kp != NULL); + g_assert (in != NULL); + + if (kp->type != RSPAMD_KEYPAIR_KEX) { + g_set_error (err, rspamd_keypair_quark (), EINVAL, + "invalid keypair type"); + + return FALSE; + } + + local = rspamd_keypair_new (kp->type, kp->alg); + + olen = inlen + sizeof (encrypted_magic) + + rspamd_cryptobox_pk_bytes (kp->alg) + + rspamd_cryptobox_mac_bytes (kp->alg) + + rspamd_cryptobox_nonce_bytes (kp->alg); + *out = g_malloc (olen); + memcpy (*out, encrypted_magic, sizeof (encrypted_magic)); + pubkey = *out + sizeof (encrypted_magic); + mac = pubkey + rspamd_cryptobox_pk_bytes (kp->alg); + nonce = mac + rspamd_cryptobox_mac_bytes (kp->alg); + data = nonce + rspamd_cryptobox_nonce_bytes (kp->alg); + + ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (kp->alg)); + memcpy (data, in, inlen); + memcpy (pubkey, rspamd_keypair_component (kp, + RSPAMD_KEYPAIR_COMPONENT_PK, NULL), + rspamd_cryptobox_pk_bytes (kp->alg)); + rspamd_cryptobox_encrypt_inplace (data, inlen, nonce, pubkey, + rspamd_keypair_component (local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), + mac, kp->alg); + rspamd_keypair_unref (local); + + if (outlen) { + *outlen = olen; + } + + return TRUE; +} \ No newline at end of file diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h index fc17412e2..3e78e7cbb 100644 --- a/src/libcryptobox/keypair.h +++ b/src/libcryptobox/keypair.h @@ -287,5 +287,22 @@ gboolean rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp, guchar **out, gsize *outlen, GError **err); +/** + * Encrypts data usign specific keypair. + * This method actually generates ephemeral local keypair, use public key from + * the remote keypair and encrypts data + * @param kp keypair + * @param in raw input + * @param inlen input length + * @param out output (allocated internally using g_malloc) + * @param outlen output size + * @param err pointer to error + * @return TRUE if encryption has been completed, out must be freed in this case + */ +gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp, + const guchar *in, gsize inlen, + guchar **out, gsize *outlen, + GError **err); + #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */