From 09aec05782a08330d252e7f0aa9bd6b9fb5d485e Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Sat, 6 Feb 2016 01:38:33 +0000 Subject: [PATCH] Fix the rest sources --- src/fuzzy_storage.c | 54 +++++++++++++++++++---------- src/http_proxy.c | 27 ++++++++------- src/libcryptobox/keypair.c | 8 ++--- src/libserver/cfg_rcl.c | 71 ++++++-------------------------------- src/worker.c | 4 +-- 5 files changed, 67 insertions(+), 97 deletions(-) diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index a4e4b8a26..d27f93ea5 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -27,9 +27,9 @@ #include "ottery.h" #include "libserver/worker_util.h" #include "libserver/rspamd_control.h" -#include "cryptobox.h" -#include "keypairs_cache.h" -#include "keypair_private.h" +#include "libcryptobox/cryptobox.h" +#include "libcryptobox/keypairs_cache.h" +#include "libcryptobox/keypair.h" #include "ref.h" #include "xxhash.h" #include "libutil/hash.h" @@ -98,8 +98,8 @@ struct rspamd_fuzzy_storage_ctx { gint peer_fd; struct event peer_ev; /* Local keypair */ - gpointer default_keypair; /* Bad clash, need for parse keypair */ - gpointer default_key; + struct rspamd_cryptobox_keypair *default_keypair; /* Bad clash, need for parse keypair */ + struct fuzzy_key *default_key; GHashTable *keys; gboolean encrypted_only; struct rspamd_keypair_cache *keypair_cache; @@ -153,7 +153,7 @@ struct fuzzy_peer_request { }; struct fuzzy_key { - struct rspamd_http_keypair *key; + struct rspamd_cryptobox_keypair *key; struct fuzzy_key_stat *stat; }; @@ -192,7 +192,7 @@ fuzzy_key_dtor (gpointer p) fuzzy_key_stat_dtor (key->stat); } if (key->key) { - rspamd_http_connection_key_unref (key->key); + rspamd_keypair_unref (key->key); } g_slice_free1 (sizeof (*key), key); @@ -502,7 +502,8 @@ reply: sizeof (session->reply.rep), session->reply.hdr.nonce, session->nm, - session->reply.hdr.mac); + session->reply.hdr.mac, + RSPAMD_CRYPTOBOX_MODE_25519); } rspamd_fuzzy_write_reply (session); @@ -550,7 +551,7 @@ rspamd_fuzzy_decrypt_command (struct fuzzy_session *s) struct rspamd_fuzzy_encrypted_req_hdr *hdr; guchar *payload; gsize payload_len; - struct rspamd_http_keypair rk; + struct rspamd_cryptobox_pubkey *rk; struct fuzzy_key *key; if (s->ctx->default_key == NULL) { @@ -586,19 +587,28 @@ rspamd_fuzzy_decrypt_command (struct fuzzy_session *s) s->key_stat = key->stat; /* Now process keypair */ - memcpy (rk.pk, hdr->pubkey, sizeof (rk.pk)); - rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, &rk); + rk = rspamd_pubkey_from_bin (hdr->pubkey, sizeof (hdr->pubkey), + RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); + + if (rk == NULL) { + msg_err ("bad key"); + return FALSE; + } + + rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, rk); /* Now decrypt request */ if (!rspamd_cryptobox_decrypt_nm_inplace (payload, payload_len, hdr->nonce, - rk.nm, hdr->mac)) { + rspamd_pubkey_get_nm (rk), + hdr->mac, RSPAMD_CRYPTOBOX_MODE_25519)) { msg_debug ("decryption failed"); - rspamd_explicit_memzero (rk.nm, sizeof (rk.nm)); + rspamd_pubkey_unref (rk); + return FALSE; } - memcpy (s->nm, rk.nm, sizeof (s->nm)); - rspamd_explicit_memzero (rk.nm, sizeof (rk.nm)); + memcpy (s->nm, rspamd_pubkey_get_nm (rk), sizeof (s->nm)); + rspamd_pubkey_unref (rk); return TRUE; } @@ -1066,10 +1076,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool, { struct rspamd_rcl_struct_parser *pd = ud; struct rspamd_fuzzy_storage_ctx *ctx; - struct rspamd_http_keypair *kp; + struct rspamd_cryptobox_keypair *kp; struct fuzzy_key_stat *keystat; struct fuzzy_key *key; const ucl_object_t *cur; + const guchar *pk; ucl_object_iter_t it = NULL; gboolean ret; @@ -1094,6 +1105,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool, return FALSE; } + if (rspamd_keypair_alg (kp) != RSPAMD_CRYPTOBOX_MODE_25519 || + rspamd_keypair_type (kp) != RSPAMD_KEYPAIR_KEX) { + return FALSE; + } + key = g_slice_alloc (sizeof (*key)); key->key = kp; keystat = g_slice_alloc0 (sizeof (*keystat)); @@ -1102,9 +1118,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool, (GDestroyNotify)rspamd_inet_address_destroy, fuzzy_key_stat_dtor, rspamd_inet_address_hash, rspamd_inet_address_equal); key->stat = keystat; - g_hash_table_insert (ctx->keys, kp->pk, key); + pk = rspamd_keypair_component (kp, RSPAMD_KEYPAIR_COMPONENT_PK, + NULL); + g_hash_table_insert (ctx->keys, (gpointer)pk, key); ctx->default_key = key; - msg_info_pool ("loaded keypair %8xs", kp->pk); + msg_info_pool ("loaded keypair %8xs", pk); } else if (ucl_object_type (obj) == UCL_ARRAY) { while ((cur = ucl_iterate_object (obj, &it, true)) != NULL) { diff --git a/src/http_proxy.c b/src/http_proxy.c index dc618f6e4..1af159f48 100644 --- a/src/http_proxy.c +++ b/src/http_proxy.c @@ -48,7 +48,7 @@ worker_t http_proxy_worker = { struct rspamd_http_upstream { gchar *name; struct upstream_list *u; - gpointer key; + struct rspamd_cryptobox_pubkey *key; }; struct http_proxy_ctx { @@ -60,7 +60,7 @@ struct http_proxy_ctx { /* Events base */ struct event_base *ev_base; /* Encryption key for clients */ - gpointer key; + struct rspamd_cryptobox_keypair *key; /* Keys cache */ struct rspamd_keypair_cache *keys_cache; /* Upstreams to use */ @@ -68,7 +68,7 @@ struct http_proxy_ctx { /* Default upstream */ struct rspamd_http_upstream *default_upstream; /* Local rotating keypair for upstreams */ - gpointer local_key; + struct rspamd_cryptobox_keypair *local_key; struct event rotate_ev; gdouble rotate_tm; }; @@ -76,8 +76,8 @@ struct http_proxy_ctx { struct http_proxy_session { struct http_proxy_ctx *ctx; struct event_base *ev_base; - gpointer local_key; - gpointer remote_key; + struct rspamd_cryptobox_keypair *local_key; + struct rspamd_cryptobox_pubkey *remote_key; struct upstream *up; gint client_sock; gint backend_sock; @@ -128,7 +128,8 @@ http_proxy_parse_upstream (rspamd_mempool_t *pool, elt = ucl_object_find_key (obj, "key"); if (elt != NULL) { - up->key = rspamd_http_connection_make_peer_key (ucl_object_tostring (elt)); + up->key = rspamd_pubkey_from_base32 (ucl_object_tostring (elt), 0, + RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); if (up->key == NULL) { g_set_error (err, http_proxy_quark (), 100, @@ -171,7 +172,7 @@ err: rspamd_upstreams_destroy (up->u); if (up->key) { - rspamd_http_connection_key_unref (up->key); + rspamd_pubkey_unref (up->key); } g_slice_free1 (sizeof (*up), up); @@ -366,7 +367,7 @@ proxy_client_finish_handler (struct rspamd_http_connection *conn, rspamd_http_connection_set_key (session->backend_conn, session->ctx->local_key); - msg->peer_key = rspamd_http_connection_key_ref (backend->key); + msg->peer_key = rspamd_pubkey_ref (backend->key); session->replied = TRUE; rspamd_http_connection_write_message (session->backend_conn, @@ -452,8 +453,9 @@ proxy_rotate_key (gint fd, short what, void *arg) event_add (&ctx->rotate_ev, &rot_tv); kp = ctx->local_key; - ctx->local_key = rspamd_http_connection_gen_key (); - rspamd_http_connection_key_unref (kp); + ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, + RSPAMD_CRYPTOBOX_MODE_25519); + rspamd_keypair_unref (kp); } void @@ -478,7 +480,8 @@ start_http_proxy (struct rspamd_worker *worker) /* XXX: stupid default */ ctx->keys_cache = rspamd_keypair_cache_new (256); - ctx->local_key = rspamd_http_connection_gen_key (); + ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, + RSPAMD_CRYPTOBOX_MODE_25519); double_to_tv (ctx->rotate_tm, &rot_tv); rot_tv.tv_sec += ottery_rand_range (rot_tv.tv_sec); @@ -493,7 +496,7 @@ start_http_proxy (struct rspamd_worker *worker) rspamd_log_close (worker->srv->logger); if (ctx->key) { - rspamd_http_connection_key_unref (ctx->key); + rspamd_keypair_unref (ctx->key); } rspamd_keypair_cache_destroy (ctx->keys_cache); diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index c56daafa9..936ec219f 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -245,7 +245,7 @@ rspamd_keypair_new (enum rspamd_cryptobox_keypair_type type, struct rspamd_cryptobox_keypair* -rspamd__keypair_ref (struct rspamd_cryptobox_keypair *kp) +rspamd_keypair_ref (struct rspamd_cryptobox_keypair *kp) { REF_RETAIN (kp); return kp; @@ -340,7 +340,7 @@ rspamd_pubkey_from_base32 (const gchar *b32, pk = rspamd_cryptobox_pubkey_alloc (type, alg); pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen); - memcpy (decoded, pk_data, pklen); + memcpy (pk_data, decoded, pklen); g_free (decoded); rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0); pk->alg = alg; @@ -386,7 +386,7 @@ rspamd_pubkey_from_hex (const gchar *hex, pk = rspamd_cryptobox_pubkey_alloc (type, alg); pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen); - memcpy (decoded, pk_data, pklen); + memcpy (pk_data, decoded, pklen); g_free (decoded); rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0); pk->alg = alg; @@ -418,7 +418,7 @@ rspamd_pubkey_from_bin (const guchar *raw, pk = rspamd_cryptobox_pubkey_alloc (type, alg); pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen); - memcpy (raw, pk_data, pklen); + memcpy (pk_data, raw, pklen); rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0); pk->alg = alg; pk->type = type; diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c index ffc6f9086..440ccd40d 100644 --- a/src/libserver/cfg_rcl.c +++ b/src/libserver/cfg_rcl.c @@ -2408,57 +2408,26 @@ rspamd_rcl_parse_struct_keypair (rspamd_mempool_t *pool, GError **err) { struct rspamd_rcl_struct_parser *pd = ud; - gpointer *target; - gpointer key; - const gchar *val, *sem = NULL, *pk = NULL, *sk = NULL; - gchar keybuf[256]; - const ucl_object_t *elt; + struct rspamd_cryptobox_keypair **target, *kp; + target = (gpointer *)(((gchar *)pd->user_struct) + pd->offset); - if (obj->type == UCL_STRING) { - /* Pk and Sk are just linked all together */ - val = ucl_object_tostring (obj); - if ((sem = strchr (val, ':')) != NULL) { - sk = val; - pk = sem + 1; + if (obj->type == UCL_OBJECT) { + kp = rspamd_keypair_from_ucl (obj); + + if (kp != NULL) { + *target = kp; } else { - /* Try to parse the key as is */ - key = rspamd_http_connection_make_key ((gchar *)val, strlen (val)); - if (key != NULL) { - *target = key; - return TRUE; - } g_set_error (err, CFG_RCL_ERROR, EINVAL, - "invalid string with keypair content for %s", + "cannot load the keypair specified: %s", ucl_object_key (obj)); return FALSE; } } - else if (obj->type == UCL_OBJECT) { - elt = ucl_object_find_key (obj, "pubkey"); - if (elt == NULL || !ucl_object_tostring_safe (elt, &pk)) { - g_set_error (err, - CFG_RCL_ERROR, - EINVAL, - "no sane pubkey found in the keypair: %s", - ucl_object_key (obj)); - return FALSE; - } - elt = ucl_object_find_key (obj, "privkey"); - if (elt == NULL || !ucl_object_tostring_safe (elt, &sk)) { - g_set_error (err, - CFG_RCL_ERROR, - EINVAL, - "no sane privkey found in the keypair: %s", - ucl_object_key (obj)); - return FALSE; - } - } - - if (sk == NULL || pk == NULL) { + else { g_set_error (err, CFG_RCL_ERROR, EINVAL, @@ -2467,27 +2436,7 @@ rspamd_rcl_parse_struct_keypair (rspamd_mempool_t *pool, return FALSE; } - if (!sem) { - rspamd_snprintf (keybuf, sizeof (keybuf), "%s%s", sk, pk); - } - else { - rspamd_snprintf (keybuf, sizeof (keybuf), "%*s%s", (gint)(sem - sk), - sk, pk); - } - - key = rspamd_http_connection_make_key (keybuf, strlen (keybuf)); - if (key != NULL) { - /* XXX: clean buffer after usage */ - *target = key; - return TRUE; - } - - g_set_error (err, - CFG_RCL_ERROR, - EINVAL, - "cannot load the keypair specified: %s", - ucl_object_key (obj)); - return FALSE; + return TRUE; } static void diff --git a/src/worker.c b/src/worker.c index 3c33168b6..ab038f63f 100644 --- a/src/worker.c +++ b/src/worker.c @@ -93,7 +93,7 @@ struct rspamd_worker_ctx { /* Events base */ struct event_base *ev_base; /* Encryption key */ - gpointer key; + struct rspamd_cryptobox_keypair *key; /* Keys cache */ struct rspamd_keypair_cache *keys_cache; /* Configuration */ @@ -441,7 +441,7 @@ start_worker (struct rspamd_worker *worker) rspamd_log_close (worker->srv->logger); if (ctx->key) { - rspamd_http_connection_key_unref (ctx->key); + rspamd_keypair_unref (ctx->key); } rspamd_keypair_cache_destroy (ctx->keys_cache); -- 2.39.5