From 75865261ebd5d2b70048273447c740a1629c89cb Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Wed, 28 Jan 2015 15:56:49 +0000 Subject: [PATCH] Adopt tweetnacl for rspamd. --- CMakeLists.txt | 2 ++ contrib/tweetnacl/tweetnacl.c | 43 ++++++++++++++----------- contrib/tweetnacl/tweetnacl.h | 60 ++++++++++++++++++----------------- src/libutil/CMakeLists.txt | 1 + src/libutil/util.c | 8 +++++ 5 files changed, 66 insertions(+), 48 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 955a6fcbf..bb3c946b8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -832,6 +832,7 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/src" "${CMAKE_SOURCE_DIR}/contrib/snowball/include" "${CMAKE_SOURCE_DIR}/contrib/siphash" "${CMAKE_SOURCE_DIR}/contrib/blake2" + "${CMAKE_SOURCE_DIR}/contrib/tweetnacl" "${CMAKE_SOURCE_DIR}/src/rdns/include") ################################ SUBDIRS SECTION ########################### @@ -854,6 +855,7 @@ ADD_SUBDIRECTORY(contrib/libottery) ADD_SUBDIRECTORY(contrib/snowball) ADD_SUBDIRECTORY(contrib/siphash) ADD_SUBDIRECTORY(contrib/blake2) +ADD_SUBDIRECTORY(contrib/tweetnacl) ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(test) diff --git a/contrib/tweetnacl/tweetnacl.c b/contrib/tweetnacl/tweetnacl.c index 8ac0a1806..feec43f35 100644 --- a/contrib/tweetnacl/tweetnacl.c +++ b/contrib/tweetnacl/tweetnacl.c @@ -1,11 +1,12 @@ #include "tweetnacl.h" +#include "config.h" #define FOR(i,n) for (i = 0;i < n;++i) #define sv static void -typedef unsigned char u8; -typedef unsigned long u32; -typedef unsigned long long u64; -typedef long long i64; +typedef guint8 u8; +typedef guint32 u32; +typedef guint64 u64; +typedef gint64 i64; typedef i64 gf[16]; extern void randombytes(u8 *,u64); @@ -41,7 +42,7 @@ static u64 dl64(const u8 *x) sv st32(u8 *x,u32 u) { - int i; + unsigned int i; FOR(i,4) { x[i] = u; u >>= 8; } } @@ -51,7 +52,7 @@ sv ts64(u8 *x,u64 u) for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; } } -static int vn(const u8 *x,const u8 *y,int n) +static int vn(const u8 *x,const u8 *y,u32 n) { u32 i,d = 0; FOR(i,n) d |= x[i]^y[i]; @@ -71,7 +72,7 @@ int crypto_verify_32(const u8 *x,const u8 *y) sv core(u8 *out,const u8 *in,const u8 *k,const u8 *c,int h) { u32 w[16],x[16],y[16],t[4]; - int i,j,m; + unsigned int i,j,m; FOR(i,4) { x[5*i] = ld32(c+4*i); @@ -244,7 +245,7 @@ int crypto_onetimeauth_verify(const u8 *h,const u8 *m,u64 n,const u8 *k) int crypto_secretbox(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) { - int i; + unsigned int i; if (d < 32) return -1; crypto_stream_xor(c,m,d,n,k); crypto_onetimeauth(c + 16,c + 32,d - 32,c); @@ -254,7 +255,7 @@ int crypto_secretbox(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) { - int i; + unsigned int i; u8 x[32]; if (d < 32) return -1; crypto_stream(x,32,n,k); @@ -266,13 +267,13 @@ int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) sv set25519(gf r, const gf a) { - int i; + unsigned int i; FOR(i,16) r[i]=a[i]; } sv car25519(gf o) { - int i; + unsigned int i; i64 c; FOR(i,16) { o[i]+=(1LL<<16); @@ -284,7 +285,8 @@ sv car25519(gf o) sv sel25519(gf p,gf q,int b) { - i64 t,i,c=~(b-1); + i64 t,c=~(b-1); + u64 i; FOR(i,16) { t= c&(p[i]^q[i]); p[i]^=t; @@ -294,7 +296,8 @@ sv sel25519(gf p,gf q,int b) sv pack25519(u8 *o,const gf n) { - int i,j,b; + unsigned int i,j; + int b; gf m,t; FOR(i,16) t[i]=n[i]; car25519(t); @@ -334,26 +337,27 @@ static u8 par25519(const gf a) sv unpack25519(gf o, const u8 *n) { - int i; + unsigned int i; FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); o[15]&=0x7fff; } sv A(gf o,const gf a,const gf b) { - int i; + unsigned int i; FOR(i,16) o[i]=a[i]+b[i]; } sv Z(gf o,const gf a,const gf b) { - int i; + unsigned int i; FOR(i,16) o[i]=a[i]-b[i]; } sv M(gf o,const gf a,const gf b) { - i64 i,j,t[31]; + i64 t[31]; + u64 i,j; FOR(i,31) t[i]=0; FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; FOR(i,15) t[i]+=38*t[i+16]; @@ -711,7 +715,8 @@ sv reduce(u8 *r) int crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 n,const u8 *sk) { u8 d[64],h[64],r[64]; - i64 i,j,x[64]; + i64 x[64]; + u64 i, j; gf p[4]; crypto_hash(d, sk, 32); @@ -778,7 +783,7 @@ static int unpackneg(gf r[4],const u8 p[32]) int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk) { - int i; + u64 i; u8 t[32],h[64]; gf p[4],q[4]; diff --git a/contrib/tweetnacl/tweetnacl.h b/contrib/tweetnacl/tweetnacl.h index 9277fbf8f..c9d75fe8a 100644 --- a/contrib/tweetnacl/tweetnacl.h +++ b/contrib/tweetnacl/tweetnacl.h @@ -1,3 +1,5 @@ +#include "config.h" + #ifndef TWEETNACL_H #define TWEETNACL_H #define crypto_auth_PRIMITIVE "hmacsha512256" @@ -9,8 +11,8 @@ #define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION #define crypto_auth_hmacsha512256_tweet_BYTES 32 #define crypto_auth_hmacsha512256_tweet_KEYBYTES 32 -extern int crypto_auth_hmacsha512256_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); -extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth_hmacsha512256_tweet(guchar *,const guchar *,guint64,const guchar *); +extern int crypto_auth_hmacsha512256_tweet_verify(const guchar *,const guchar *,guint64,const guchar *); #define crypto_auth_hmacsha512256_tweet_VERSION "-" #define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet #define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify @@ -39,12 +41,12 @@ extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const un #define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24 #define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 32 #define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 16 -extern int crypto_box_curve25519xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); -extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); -extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(unsigned char *,unsigned char *); -extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(unsigned char *,const unsigned char *,const unsigned char *); -extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); -extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet(guchar *,const guchar *,guint64,const guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(guchar *,const guchar *,guint64,const guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(guchar *,guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(guchar *,const guchar *,guint64,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(guchar *,const guchar *,guint64,const guchar *,const guchar *); #define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-" #define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet #define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open @@ -72,7 +74,7 @@ extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned cha #define crypto_core_salsa20_tweet_INPUTBYTES 16 #define crypto_core_salsa20_tweet_KEYBYTES 32 #define crypto_core_salsa20_tweet_CONSTBYTES 16 -extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_core_salsa20_tweet(guchar *,const guchar *,const guchar *,const guchar *); #define crypto_core_salsa20_tweet_VERSION "-" #define crypto_core_salsa20 crypto_core_salsa20_tweet #define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES @@ -85,7 +87,7 @@ extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const #define crypto_core_hsalsa20_tweet_INPUTBYTES 16 #define crypto_core_hsalsa20_tweet_KEYBYTES 32 #define crypto_core_hsalsa20_tweet_CONSTBYTES 16 -extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_core_hsalsa20_tweet(guchar *,const guchar *,const guchar *,const guchar *); #define crypto_core_hsalsa20_tweet_VERSION "-" #define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet #define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES @@ -102,7 +104,7 @@ extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,cons #define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION #define crypto_hashblocks_sha512_tweet_STATEBYTES 64 #define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128 -extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hashblocks_sha512_tweet(guchar *,const guchar *,guint64); #define crypto_hashblocks_sha512_tweet_VERSION "-" #define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet #define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES @@ -111,7 +113,7 @@ extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *, #define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet" #define crypto_hashblocks_sha256_tweet_STATEBYTES 32 #define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64 -extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hashblocks_sha256_tweet(guchar *,const guchar *,guint64); #define crypto_hashblocks_sha256_tweet_VERSION "-" #define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet #define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES @@ -124,14 +126,14 @@ extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *, #define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION #define crypto_hash_VERSION crypto_hash_sha512_VERSION #define crypto_hash_sha512_tweet_BYTES 64 -extern int crypto_hash_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hash_sha512_tweet(guchar *,const guchar *,guint64); #define crypto_hash_sha512_tweet_VERSION "-" #define crypto_hash_sha512 crypto_hash_sha512_tweet #define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES #define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION #define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet" #define crypto_hash_sha256_tweet_BYTES 32 -extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hash_sha256_tweet(guchar *,const guchar *,guint64); #define crypto_hash_sha256_tweet_VERSION "-" #define crypto_hash_sha256 crypto_hash_sha256_tweet #define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES @@ -146,8 +148,8 @@ extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsign #define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION #define crypto_onetimeauth_poly1305_tweet_BYTES 16 #define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32 -extern int crypto_onetimeauth_poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); -extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_onetimeauth_poly1305_tweet(guchar *,const guchar *,guint64,const guchar *); +extern int crypto_onetimeauth_poly1305_tweet_verify(const guchar *,const guchar *,guint64,const guchar *); #define crypto_onetimeauth_poly1305_tweet_VERSION "-" #define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet #define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify @@ -164,8 +166,8 @@ extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const #define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION #define crypto_scalarmult_curve25519_tweet_BYTES 32 #define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32 -extern int crypto_scalarmult_curve25519_tweet(unsigned char *,const unsigned char *,const unsigned char *); -extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigned char *); +extern int crypto_scalarmult_curve25519_tweet(guchar *,const guchar *,const guchar *); +extern int crypto_scalarmult_curve25519_tweet_base(guchar *,const guchar *); #define crypto_scalarmult_curve25519_tweet_VERSION "-" #define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet #define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base @@ -186,8 +188,8 @@ extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigne #define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24 #define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32 #define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16 -extern int crypto_secretbox_xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); -extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_secretbox_xsalsa20poly1305_tweet(guchar *,const guchar *,guint64,const guchar *,const guchar *); +extern int crypto_secretbox_xsalsa20poly1305_tweet_open(guchar *,const guchar *,guint64,const guchar *,const guchar *); #define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-" #define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet #define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open @@ -209,9 +211,9 @@ extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const un #define crypto_sign_ed25519_tweet_BYTES 64 #define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32 #define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64 -extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); -extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); -extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *); +extern int crypto_sign_ed25519_tweet(guchar *,guint64 *,const guchar *,guint64,const guchar *); +extern int crypto_sign_ed25519_tweet_open(guchar *,guint64 *,const guchar *,guint64,const guchar *); +extern int crypto_sign_ed25519_tweet_keypair(guchar *,guchar *); #define crypto_sign_ed25519_tweet_VERSION "-" #define crypto_sign_ed25519 crypto_sign_ed25519_tweet #define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open @@ -230,8 +232,8 @@ extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *); #define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION #define crypto_stream_xsalsa20_tweet_KEYBYTES 32 #define crypto_stream_xsalsa20_tweet_NONCEBYTES 24 -extern int crypto_stream_xsalsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); -extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xsalsa20_tweet(guchar *,guint64,const guchar *,const guchar *); +extern int crypto_stream_xsalsa20_tweet_xor(guchar *,const guchar *,guint64,const guchar *,const guchar *); #define crypto_stream_xsalsa20_tweet_VERSION "-" #define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet #define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor @@ -241,8 +243,8 @@ extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char #define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet" #define crypto_stream_salsa20_tweet_KEYBYTES 32 #define crypto_stream_salsa20_tweet_NONCEBYTES 8 -extern int crypto_stream_salsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); -extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_salsa20_tweet(guchar *,guint64,const guchar *,const guchar *); +extern int crypto_stream_salsa20_tweet_xor(guchar *,const guchar *,guint64,const guchar *,const guchar *); #define crypto_stream_salsa20_tweet_VERSION "-" #define crypto_stream_salsa20 crypto_stream_salsa20_tweet #define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor @@ -256,14 +258,14 @@ extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char * #define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION #define crypto_verify_VERSION crypto_verify_16_VERSION #define crypto_verify_16_tweet_BYTES 16 -extern int crypto_verify_16_tweet(const unsigned char *,const unsigned char *); +extern int crypto_verify_16_tweet(const guchar *,const guchar *); #define crypto_verify_16_tweet_VERSION "-" #define crypto_verify_16 crypto_verify_16_tweet #define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES #define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION #define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet" #define crypto_verify_32_tweet_BYTES 32 -extern int crypto_verify_32_tweet(const unsigned char *,const unsigned char *); +extern int crypto_verify_32_tweet(const guchar *,const guchar *); #define crypto_verify_32_tweet_VERSION "-" #define crypto_verify_32 crypto_verify_32_tweet #define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES diff --git a/src/libutil/CMakeLists.txt b/src/libutil/CMakeLists.txt index 655b34487..ddfb5cf30 100644 --- a/src/libutil/CMakeLists.txt +++ b/src/libutil/CMakeLists.txt @@ -33,6 +33,7 @@ TARGET_LINK_LIBRARIES(rspamd-util event) TARGET_LINK_LIBRARIES(rspamd-util xxhash) TARGET_LINK_LIBRARIES(rspamd-util siphash) TARGET_LINK_LIBRARIES(rspamd-util blake2) +TARGET_LINK_LIBRARIES(rspamd-util tweetnacl) TARGET_LINK_LIBRARIES(rspamd-util rdns) IF(OPENSSL_FOUND) TARGET_LINK_LIBRARIES(rspamd-util ${OPENSSL_LIBRARIES}) diff --git a/src/libutil/util.c b/src/libutil/util.c index 1b0e08b9f..102bfc107 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -31,6 +31,7 @@ #include "message.h" #include "xxhash.h" +#include "ottery.h" #ifdef HAVE_OPENSSL #include @@ -2115,3 +2116,10 @@ rspamd_encode_base32 (guchar *in, gsize inlen) return out; } + + +void +randombytes (guchar *buf, guint64 len) +{ + ottery_rand_bytes (buf, (size_t)len); +} -- 2.39.5