From 87d450793780e9da74016277272b3a5b521f80ab Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 6 Feb 2015 17:15:32 +0000 Subject: [PATCH] Implement verification and keypair generation. --- src/libcryptobox/chacha20/ref.c | 3 +- src/libcryptobox/cryptobox.c | 50 +++++++++++++++++++++++++++++++++ src/libcryptobox/cryptobox.h | 11 ++++++-- 3 files changed, 59 insertions(+), 5 deletions(-) diff --git a/src/libcryptobox/chacha20/ref.c b/src/libcryptobox/chacha20/ref.c index bd6a44a82..905e76c83 100644 --- a/src/libcryptobox/chacha20/ref.c +++ b/src/libcryptobox/chacha20/ref.c @@ -228,8 +228,7 @@ hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned ch void chacha_clear_state_ref(chacha_state_internal *state) { - void * (* volatile safe_memset)(void *s, int c, size_t n) = memset; - safe_memset(state, 0, 48); + rspamd_explicit_memzero (state, 48); } void diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index e96f4ec09..aee25c803 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -29,6 +29,12 @@ unsigned long cpu_config = 0; +static const rspamd_nonce_t n0 = {0}; +static const unsigned char sigma[16] = { + 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', + '-', 'b', 'y', 't', 'e', ' ', 'k' +}; + #ifdef HAVE_WEAK_SYMBOLS __attribute__((weak)) void _dummy_symbol_to_prevent_lto(void * const pnt, const size_t len) @@ -102,3 +108,47 @@ rspamd_cryptobox_init (void) chacha_load (); } + +void +rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk) +{ + ottery_rand_bytes (sk, rspamd_cryptobox_SKBYTES); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + curve25519 (pk, sk, curve25519_basepoint); +} + +void +rspamd_cryptobox_nm (rspamd_nm_t nm, rspamd_pk_t pk, rspamd_sk_t sk) +{ + guchar s[rspamd_cryptobox_PKBYTES]; + + curve25519 (s, sk, pk); + hchacha (s, sigma, nm, 20); +} + +gboolean +rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, + const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig) +{ + poly1305_context mac_ctx; + guchar subkey[32]; + rspamd_sig_t mac; + + /* Generate MAC key */ + memset (subkey, 0, sizeof (subkey)); + xchacha (nm, nonce, subkey, subkey, sizeof (subkey), 20); + + poly1305_init (&mac_ctx, subkey); + poly1305_update (&mac_ctx, data, len); + poly1305_finish (&mac_ctx, mac); + + if (!poly1305_verify (mac, sig)) { + return FALSE; + } + + + return TRUE; +} diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h index 565371b70..f0df9a188 100644 --- a/src/libcryptobox/cryptobox.h +++ b/src/libcryptobox/cryptobox.h @@ -35,6 +35,7 @@ typedef guchar rspamd_pk_t[rspamd_cryptobox_PKBYTES]; typedef guchar rspamd_sk_t[rspamd_cryptobox_SKBYTES]; typedef guchar rspamd_sig_t[rspamd_cryptobox_MACBYTES]; typedef guchar rspamd_nm_t[rspamd_cryptobox_NMBYTES]; +typedef guchar rspamd_nonce_t[rspamd_cryptobox_NONCEBYTES]; /** * Init cryptobox library @@ -57,7 +58,8 @@ void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk); * @param sig output signature */ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len, - gsize cnt, const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig); + const rspamd_nonce_t nonce, + const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig); /** @@ -70,7 +72,8 @@ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len, * @return TRUE if input has been verified successfully */ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, - const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig); + const rspamd_nonce_t nonce, + const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig); /** * Encrypt segments of data inplace adding signature to sig afterwards @@ -81,7 +84,8 @@ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, * @param sig output signature */ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, - gsize cnt, const rspamd_nm_t nm, rspamd_sig_t sig); + const rspamd_nonce_t nonce, + const rspamd_nm_t nm, rspamd_sig_t sig); /** @@ -94,6 +98,7 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, * @return TRUE if input has been verified successfully */ gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, + const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig); /** -- 2.39.5