mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21061 Commits
28 Branches
Tree: 6b2b416718
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6b2b416718'
${ noResults }
rspamd/src/libcryptobox/cryptobox.c

cryptobox.c 42KB
Raw Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778 
  1. /*

  2.  * Copyright 2024 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *    http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. /* Workaround for memset_s */

  17. #ifdef __APPLE__

  18. #define __STDC_WANT_LIB_EXT1__ 1

  19. #include <string.h>

  20. #endif

  21. 

  22. #include "config.h"

  23. #include "cryptobox.h"

  24. #include "platform_config.h"

  25. #include "chacha20/chacha.h"

  26. #include "catena/catena.h"

  27. #include "base64/base64.h"

  28. #include "ottery.h"

  29. #include "printf.h"

  30. #define XXH_INLINE_ALL

  31. #define XXH_PRIVATE_API

  32. #include "xxhash.h"

  33. #define MUM_TARGET_INDEPENDENT_HASH 1 /* For 32/64 bit equal hashes */

  34. #include "../../contrib/mumhash/mum.h"

  35. #include "../../contrib/t1ha/t1ha.h"

  36. #ifdef HAVE_CPUID_H

  37. #include <cpuid.h>

  38. #endif

  39. #ifdef HAVE_OPENSSL

  40. #include <openssl/opensslv.h>

  41. /* Openssl >= 1.0.1d is required for GCM verification */

  42. #if OPENSSL_VERSION_NUMBER >= 0x1000104fL

  43. #define HAVE_USABLE_OPENSSL 1

  44. #endif

  45. #endif

  46. 

  47. #ifdef HAVE_USABLE_OPENSSL

  48. #include <openssl/evp.h>

  49. #include <openssl/ec.h>

  50. #include <openssl/ecdh.h>

  51. #include <openssl/ecdsa.h>

  52. #include <openssl/rand.h>

  53. #define CRYPTOBOX_CURVE_NID NID_X9_62_prime256v1

  54. #endif

  55. 

  56. #include <signal.h>

  57. #include <setjmp.h>

  58. #include <stdalign.h>

  59. 

  60. #include <sodium.h>

  61. 

  62. unsigned cpu_config = 0;

  63. 

  64. static gboolean cryptobox_loaded = FALSE;

  65. 

  66. static const guchar n0[16] = {0};

  67. 

  68. #define CRYPTOBOX_ALIGNMENT 16

  69. #define cryptobox_align_ptr(p, a) \

  70. 	(void *) (((uintptr_t) (p) + ((uintptr_t) a - 1)) & ~((uintptr_t) a - 1))

  71. 

  72. static void

  73. rspamd_cryptobox_cpuid(gint cpu[4], gint info)

  74. {

  75. 	uint32_t __attribute__((unused)) eax, __attribute__((unused)) ecx = 0, __attribute__((unused)) ebx = 0, __attribute__((unused)) edx = 0;

  76. 

  77. 	eax = info;

  78. #if defined(__GNUC__) && (defined(__x86_64__) || defined(__i386__))

  79. #if defined(__i386__) && defined(__PIC__)

  80. 

  81. 	/* in case of PIC under 32-bit EBX cannot be clobbered */

  82. 

  83. 	__asm__ volatile("movl %%ebx, %%edi \n\t cpuid \n\t xchgl %%ebx, %%edi"

  84. 					 : "=D"(ebx),

  85. 					   "+a"(eax), "+c"(ecx), "=d"(edx));

  86. #else

  87. 	__asm__ volatile("cpuid"

  88. 					 : "+b"(ebx), "+a"(eax), "+c"(ecx), "=d"(edx));

  89. #endif

  90. 

  91. 	cpu[0] = eax;

  92. 	cpu[1] = ebx;

  93. 	cpu[2] = ecx;

  94. 	cpu[3] = edx;

  95. #else

  96. 	memset(cpu, 0, sizeof(gint) * 4);

  97. #endif

  98. }

  99. 

  100. static sig_atomic_t ok = 0;

  101. static jmp_buf j;

  102. 

  103. __attribute__((noreturn)) static void

  104. rspamd_cryptobox_ill_handler(int signo)

  105. {

  106. 	ok = 0;

  107. 	longjmp(j, -1);

  108. }

  109. 

  110. static gboolean

  111. rspamd_cryptobox_test_instr(gint instr)

  112. {

  113. 	void (*old_handler)(int);

  114. 	uint32_t rd;

  115. 

  116. #if defined(__GNUC__)

  117. 	ok = 1;

  118. 	old_handler = signal(SIGILL, rspamd_cryptobox_ill_handler);

  119. 

  120. 	if (setjmp(j) != 0) {

  121. 		signal(SIGILL, old_handler);

  122. 

  123. 		return FALSE;

  124. 	}

  125. 

  126. 	switch (instr) {

  127. #if defined HAVE_SSE2 && defined(__x86_64__)

  128. 	case CPUID_SSE2:

  129. 		__asm__ volatile("psubb %xmm0, %xmm0");

  130. 		break;

  131. 	case CPUID_RDRAND:

  132. 		/* Use byte code here for compatibility */

  133. 		__asm__ volatile(".byte 0x0f,0xc7,0xf0; setc %1"

  134. 						 : "=a"(rd), "=qm"(ok)

  135. 						 :

  136. 						 : "edx");

  137. 		break;

  138. #endif

  139. #ifdef HAVE_SSE3

  140. 	case CPUID_SSE3:

  141. 		__asm__ volatile("movshdup %xmm0, %xmm0");

  142. 		break;

  143. #endif

  144. #ifdef HAVE_SSSE3

  145. 	case CPUID_SSSE3:

  146. 		__asm__ volatile("pshufb %xmm0, %xmm0");

  147. 		break;

  148. #endif

  149. #ifdef HAVE_SSE41

  150. 	case CPUID_SSE41:

  151. 		__asm__ volatile("pcmpeqq %xmm0, %xmm0");

  152. 		break;

  153. #endif

  154. #if defined HAVE_SSE42 && defined(__x86_64__)

  155. 	case CPUID_SSE42:

  156. 		__asm__ volatile("pushq %rax\n"

  157. 						 "xorq %rax, %rax\n"

  158. 						 "crc32 %rax, %rax\n"

  159. 						 "popq %rax");

  160. 		break;

  161. #endif

  162. #ifdef HAVE_AVX

  163. 	case CPUID_AVX:

  164. 		__asm__ volatile("vpaddq %xmm0, %xmm0, %xmm0");

  165. 		break;

  166. #endif

  167. #ifdef HAVE_AVX2

  168. 	case CPUID_AVX2:

  169. 		__asm__ volatile("vpaddq %ymm0, %ymm0, %ymm0");

  170. 		break;

  171. #endif

  172. 	default:

  173. 		return FALSE;

  174. 		break;

  175. 	}

  176. 

  177. 	signal(SIGILL, old_handler);

  178. #endif

  179. 

  180. 	(void) rd; /* Silence warning */

  181. 

  182. 	/* We actually never return here if SIGILL has been caught */

  183. 	return ok == 1;

  184. }

  185. 

  186. struct rspamd_cryptobox_library_ctx *

  187. rspamd_cryptobox_init(void)

  188. {

  189. 	gint cpu[4], nid;

  190. 	const uint32_t osxsave_mask = (1 << 27);

  191. 	const uint32_t fma_movbe_osxsave_mask = ((1 << 12) | (1 << 22) | (1 << 27));

  192. 	const uint32_t avx2_bmi12_mask = (1 << 5) | (1 << 3) | (1 << 8);

  193. 	gulong bit;

  194. 	static struct rspamd_cryptobox_library_ctx *ctx;

  195. 	GString *buf;

  196. 

  197. 	if (cryptobox_loaded) {

  198. 		/* Ignore reload attempts */

  199. 		return ctx;

  200. 	}

  201. 

  202. 	cryptobox_loaded = TRUE;

  203. 	ctx = g_malloc0(sizeof(*ctx));

  204. 

  205. 	rspamd_cryptobox_cpuid(cpu, 0);

  206. 	nid = cpu[0];

  207. 	rspamd_cryptobox_cpuid(cpu, 1);

  208. 

  209. 	if (nid > 1) {

  210. 		if ((cpu[3] & ((uint32_t) 1 << 26))) {

  211. 			if (rspamd_cryptobox_test_instr(CPUID_SSE2)) {

  212. 				cpu_config |= CPUID_SSE2;

  213. 			}

  214. 		}

  215. 		if ((cpu[2] & ((uint32_t) 1 << 0))) {

  216. 			if (rspamd_cryptobox_test_instr(CPUID_SSE3)) {

  217. 				cpu_config |= CPUID_SSE3;

  218. 			}

  219. 		}

  220. 		if ((cpu[2] & ((uint32_t) 1 << 9))) {

  221. 			if (rspamd_cryptobox_test_instr(CPUID_SSSE3)) {

  222. 				cpu_config |= CPUID_SSSE3;

  223. 			}

  224. 		}

  225. 		if ((cpu[2] & ((uint32_t) 1 << 19))) {

  226. 			if (rspamd_cryptobox_test_instr(CPUID_SSE41)) {

  227. 				cpu_config |= CPUID_SSE41;

  228. 			}

  229. 		}

  230. 		if ((cpu[2] & ((uint32_t) 1 << 20))) {

  231. 			if (rspamd_cryptobox_test_instr(CPUID_SSE42)) {

  232. 				cpu_config |= CPUID_SSE42;

  233. 			}

  234. 		}

  235. 		if ((cpu[2] & ((uint32_t) 1 << 30))) {

  236. 			if (rspamd_cryptobox_test_instr(CPUID_RDRAND)) {

  237. 				cpu_config |= CPUID_RDRAND;

  238. 			}

  239. 		}

  240. 

  241. 		/* OSXSAVE */

  242. 		if ((cpu[2] & osxsave_mask) == osxsave_mask) {

  243. 			if ((cpu[2] & ((uint32_t) 1 << 28))) {

  244. 				if (rspamd_cryptobox_test_instr(CPUID_AVX)) {

  245. 					cpu_config |= CPUID_AVX;

  246. 				}

  247. 			}

  248. 

  249. 			if (nid >= 7 &&

  250. 				(cpu[2] & fma_movbe_osxsave_mask) == fma_movbe_osxsave_mask) {

  251. 				rspamd_cryptobox_cpuid(cpu, 7);

  252. 

  253. 				if ((cpu[1] & avx2_bmi12_mask) == avx2_bmi12_mask) {

  254. 					if (rspamd_cryptobox_test_instr(CPUID_AVX2)) {

  255. 						cpu_config |= CPUID_AVX2;

  256. 					}

  257. 				}

  258. 			}

  259. 		}

  260. 	}

  261. 

  262. 	buf = g_string_new("");

  263. 

  264. 	for (bit = 0x1; bit != 0; bit <<= 1) {

  265. 		if (cpu_config & bit) {

  266. 			switch (bit) {

  267. 			case CPUID_SSE2:

  268. 				rspamd_printf_gstring(buf, "sse2, ");

  269. 				break;

  270. 			case CPUID_SSE3:

  271. 				rspamd_printf_gstring(buf, "sse3, ");

  272. 				break;

  273. 			case CPUID_SSSE3:

  274. 				rspamd_printf_gstring(buf, "ssse3, ");

  275. 				break;

  276. 			case CPUID_SSE41:

  277. 				rspamd_printf_gstring(buf, "sse4.1, ");

  278. 				break;

  279. 			case CPUID_SSE42:

  280. 				rspamd_printf_gstring(buf, "sse4.2, ");

  281. 				break;

  282. 			case CPUID_AVX:

  283. 				rspamd_printf_gstring(buf, "avx, ");

  284. 				break;

  285. 			case CPUID_AVX2:

  286. 				rspamd_printf_gstring(buf, "avx2, ");

  287. 				break;

  288. 			case CPUID_RDRAND:

  289. 				rspamd_printf_gstring(buf, "rdrand, ");

  290. 				break;

  291. 			default:

  292. 				break; /* Silence warning */

  293. 			}

  294. 		}

  295. 	}

  296. 

  297. 	if (buf->len > 2) {

  298. 		/* Trim last chars */

  299. 		g_string_erase(buf, buf->len - 2, 2);

  300. 	}

  301. 

  302. 	ctx->cpu_extensions = buf->str;

  303. 	g_string_free(buf, FALSE);

  304. 	ctx->cpu_config = cpu_config;

  305. 	g_assert(sodium_init() != -1);

  306. 

  307. 	ctx->chacha20_impl = chacha_load();

  308. 	ctx->base64_impl = base64_load();

  309. #if defined(HAVE_USABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))

  310. 	/* Needed for old openssl api, not sure about LibreSSL */

  311. 	ERR_load_EC_strings();

  312. 	ERR_load_RAND_strings();

  313. 	ERR_load_EVP_strings();

  314. #endif

  315. 

  316. 	return ctx;

  317. }

  318. 

  319. void rspamd_cryptobox_deinit(struct rspamd_cryptobox_library_ctx *ctx)

  320. {

  321. 	if (ctx) {

  322. 		g_free(ctx->cpu_extensions);

  323. 		g_free(ctx);

  324. 	}

  325. }

  326. 

  327. void rspamd_cryptobox_keypair(rspamd_pk_t pk, rspamd_sk_t sk,

  328. 							  enum rspamd_cryptobox_mode mode)

  329. {

  330. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  331. 		ottery_rand_bytes(sk, rspamd_cryptobox_MAX_SKBYTES);

  332. 		sk[0] &= 248;

  333. 		sk[31] &= 127;

  334. 		sk[31] |= 64;

  335. 

  336. 		crypto_scalarmult_base(pk, sk);

  337. 	}

  338. 	else {

  339. #ifndef HAVE_USABLE_OPENSSL

  340. 		g_assert(0);

  341. #else

  342. 		EC_KEY *ec_sec;

  343. 		const BIGNUM *bn_sec;

  344. 

  345. 		const EC_POINT *ec_pub;

  346. 		gsize len;

  347. 

  348. 		ec_sec = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  349. 		g_assert(ec_sec != NULL);

  350. 		g_assert(EC_KEY_generate_key(ec_sec) != 0);

  351. 

  352. 		bn_sec = EC_KEY_get0_private_key(ec_sec);

  353. 		g_assert(bn_sec != NULL);

  354. 		ec_pub = EC_KEY_get0_public_key(ec_sec);

  355. 		g_assert(ec_pub != NULL);

  356. #if OPENSSL_VERSION_MAJOR >= 3

  357. 		unsigned char *buf = NULL; /* Thanks openssl for this API (no) */

  358. 		len = EC_POINT_point2buf(EC_KEY_get0_group(ec_sec), ec_pub,

  359. 								 POINT_CONVERSION_UNCOMPRESSED, &buf, NULL);

  360. 		g_assert(len <= (gint) rspamd_cryptobox_pk_bytes(mode));

  361. 		memcpy(pk, buf, len);

  362. 		OPENSSL_free(buf);

  363. #else

  364. 		BIGNUM *bn_pub;

  365. 		bn_pub = EC_POINT_point2bn(EC_KEY_get0_group(ec_sec),

  366. 								   ec_pub, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);

  367. 		len = BN_num_bytes(bn_pub);

  368. 		g_assert(len <= (gint) rspamd_cryptobox_pk_bytes(mode));

  369. 		BN_bn2bin(bn_pub, pk);

  370. 		BN_free(bn_pub);

  371. #endif

  372. 

  373. 		len = BN_num_bytes(bn_sec);

  374. 		g_assert(len <= (gint) sizeof(rspamd_sk_t));

  375. 		BN_bn2bin(bn_sec, sk);

  376. 

  377. 		EC_KEY_free(ec_sec);

  378. #endif

  379. 	}

  380. }

  381. 

  382. void rspamd_cryptobox_keypair_sig(rspamd_sig_pk_t pk, rspamd_sig_sk_t sk,

  383. 								  enum rspamd_cryptobox_mode mode)

  384. {

  385. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  386. 		crypto_sign_keypair(pk, sk);

  387. 	}

  388. 	else {

  389. #ifndef HAVE_USABLE_OPENSSL

  390. 		g_assert(0);

  391. #else

  392. 		EC_KEY *ec_sec;

  393. 		const BIGNUM *bn_sec;

  394. 		const EC_POINT *ec_pub;

  395. 		gsize len;

  396. 

  397. 		ec_sec = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  398. 		g_assert(ec_sec != NULL);

  399. 		g_assert(EC_KEY_generate_key(ec_sec) != 0);

  400. 

  401. 		bn_sec = EC_KEY_get0_private_key(ec_sec);

  402. 		g_assert(bn_sec != NULL);

  403. 		ec_pub = EC_KEY_get0_public_key(ec_sec);

  404. 		g_assert(ec_pub != NULL);

  405. 

  406. #if OPENSSL_VERSION_MAJOR >= 3

  407. 		unsigned char *buf = NULL; /* Thanks openssl for this API (no) */

  408. 		len = EC_POINT_point2buf(EC_KEY_get0_group(ec_sec), ec_pub,

  409. 								 POINT_CONVERSION_UNCOMPRESSED, &buf, NULL);

  410. 		g_assert(len <= (gint) rspamd_cryptobox_pk_bytes(mode));

  411. 		memcpy(pk, buf, len);

  412. 		OPENSSL_free(buf);

  413. #else

  414. 		BIGNUM *bn_pub;

  415. 		bn_pub = EC_POINT_point2bn(EC_KEY_get0_group(ec_sec),

  416. 								   ec_pub, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);

  417. 		len = BN_num_bytes(bn_pub);

  418. 		g_assert(len <= (gint) rspamd_cryptobox_pk_bytes(mode));

  419. 		BN_bn2bin(bn_pub, pk);

  420. 		BN_free(bn_pub);

  421. #endif

  422. 

  423. 		len = BN_num_bytes(bn_sec);

  424. 		g_assert(len <= (gint) sizeof(rspamd_sk_t));

  425. 		BN_bn2bin(bn_sec, sk);

  426. 		EC_KEY_free(ec_sec);

  427. #endif

  428. 	}

  429. }

  430. 

  431. #if OPENSSL_VERSION_MAJOR >= 3

  432. /* Compatibility function for OpenSSL 3.0 - thanks for breaking all API one more time */

  433. EC_POINT *ec_point_bn2point_compat(const EC_GROUP *group,

  434. 								   const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)

  435. {

  436. 	size_t buf_len = 0;

  437. 	unsigned char *buf;

  438. 	EC_POINT *ret;

  439. 

  440. 	if ((buf_len = BN_num_bytes(bn)) == 0)

  441. 		buf_len = 1;

  442. 	if ((buf = OPENSSL_malloc(buf_len)) == NULL) {

  443. 		return NULL;

  444. 	}

  445. 

  446. 	if (!BN_bn2binpad(bn, buf, buf_len)) {

  447. 		OPENSSL_free(buf);

  448. 		return NULL;

  449. 	}

  450. 

  451. 	if (point == NULL) {

  452. 		if ((ret = EC_POINT_new(group)) == NULL) {

  453. 			OPENSSL_free(buf);

  454. 			return NULL;

  455. 		}

  456. 	}

  457. 	else

  458. 		ret = point;

  459. 

  460. 	if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {

  461. 		if (ret != point)

  462. 			EC_POINT_clear_free(ret);

  463. 		OPENSSL_free(buf);

  464. 		return NULL;

  465. 	}

  466. 

  467. 	OPENSSL_free(buf);

  468. 	return ret;

  469. }

  470. #else

  471. #define ec_point_bn2point_compat EC_POINT_bn2point

  472. #endif

  473. 

  474. void rspamd_cryptobox_nm(rspamd_nm_t nm,

  475. 						 const rspamd_pk_t pk, const rspamd_sk_t sk,

  476. 						 enum rspamd_cryptobox_mode mode)

  477. {

  478. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  479. 		guchar s[32];

  480. 		guchar e[32];

  481. 

  482. 		memcpy(e, sk, 32);

  483. 		e[0] &= 248;

  484. 		e[31] &= 127;

  485. 		e[31] |= 64;

  486. 

  487. 		if (crypto_scalarmult(s, e, pk) != -1) {

  488. 			hchacha(s, n0, nm, 20);

  489. 		}

  490. 

  491. 		rspamd_explicit_memzero(e, 32);

  492. 	}

  493. 	else {

  494. #ifndef HAVE_USABLE_OPENSSL

  495. 		g_assert(0);

  496. #else

  497. 		EC_KEY *lk;

  498. 		EC_POINT *ec_pub;

  499. 		BIGNUM *bn_pub, *bn_sec;

  500. 		gint len;

  501. 		guchar s[32];

  502. 

  503. 		lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  504. 		g_assert(lk != NULL);

  505. 

  506. 		bn_pub = BN_bin2bn(pk, rspamd_cryptobox_pk_bytes(mode), NULL);

  507. 		g_assert(bn_pub != NULL);

  508. 		bn_sec = BN_bin2bn(sk, sizeof(rspamd_sk_t), NULL);

  509. 		g_assert(bn_sec != NULL);

  510. 

  511. 		g_assert(EC_KEY_set_private_key(lk, bn_sec) == 1);

  512. 		ec_pub = ec_point_bn2point_compat(EC_KEY_get0_group(lk), bn_pub, NULL, NULL);

  513. 		g_assert(ec_pub != NULL);

  514. 		len = ECDH_compute_key(s, sizeof(s), ec_pub, lk, NULL);

  515. 		g_assert(len == sizeof(s));

  516. 

  517. 		/* Still do hchacha iteration since we are not using SHA1 KDF */

  518. 		hchacha(s, n0, nm, 20);

  519. 

  520. 		EC_KEY_free(lk);

  521. 		EC_POINT_free(ec_pub);

  522. 		BN_free(bn_sec);

  523. 		BN_free(bn_pub);

  524. #endif

  525. 	}

  526. }

  527. 

  528. void rspamd_cryptobox_sign(guchar *sig, unsigned long long *siglen_p,

  529. 						   const guchar *m, gsize mlen,

  530. 						   const rspamd_sk_t sk,

  531. 						   enum rspamd_cryptobox_mode mode)

  532. {

  533. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  534. 		crypto_sign_detached(sig, siglen_p, m, mlen, sk);

  535. 	}

  536. 	else {

  537. #ifndef HAVE_USABLE_OPENSSL

  538. 		g_assert(0);

  539. #else

  540. 		EC_KEY *lk;

  541. 		BIGNUM *bn_sec;

  542. 		EVP_MD_CTX *sha_ctx;

  543. 		unsigned char h[64];

  544. 		guint diglen = rspamd_cryptobox_signature_bytes(mode);

  545. 

  546. 		/* Prehash */

  547. 		sha_ctx = EVP_MD_CTX_create();

  548. 		g_assert(EVP_DigestInit(sha_ctx, EVP_sha512()) == 1);

  549. 		EVP_DigestUpdate(sha_ctx, m, mlen);

  550. 		EVP_DigestFinal(sha_ctx, h, NULL);

  551. 

  552. 		/* Key setup */

  553. 		lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  554. 		g_assert(lk != NULL);

  555. 		bn_sec = BN_bin2bn(sk, sizeof(rspamd_sk_t), NULL);

  556. 		g_assert(bn_sec != NULL);

  557. 		g_assert(EC_KEY_set_private_key(lk, bn_sec) == 1);

  558. 

  559. 		/* ECDSA */

  560. 		g_assert(ECDSA_sign(0, h, sizeof(h), sig, &diglen, lk) == 1);

  561. 		g_assert(diglen <= sizeof(rspamd_signature_t));

  562. 

  563. 		if (siglen_p) {

  564. 			*siglen_p = diglen;

  565. 		}

  566. 

  567. 		EC_KEY_free(lk);

  568. 		EVP_MD_CTX_destroy(sha_ctx);

  569. 		BN_free(bn_sec);

  570. #endif

  571. 	}

  572. }

  573. 

  574. bool rspamd_cryptobox_verify(const guchar *sig,

  575. 							 gsize siglen,

  576. 							 const guchar *m,

  577. 							 gsize mlen,

  578. 							 const rspamd_pk_t pk,

  579. 							 enum rspamd_cryptobox_mode mode)

  580. {

  581. 	bool ret = false;

  582. 

  583. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  584. 		if (siglen == rspamd_cryptobox_signature_bytes(RSPAMD_CRYPTOBOX_MODE_25519)) {

  585. 			ret = (crypto_sign_verify_detached(sig, m, mlen, pk) == 0);

  586. 		}

  587. 	}

  588. 	else {

  589. #ifndef HAVE_USABLE_OPENSSL

  590. 		g_assert(0);

  591. #else

  592. 		EC_KEY *lk;

  593. 		EC_POINT *ec_pub;

  594. 		BIGNUM *bn_pub;

  595. 		EVP_MD_CTX *sha_ctx;

  596. 		unsigned char h[64];

  597. 

  598. 		/* Prehash */

  599. 		sha_ctx = EVP_MD_CTX_create();

  600. 		g_assert(EVP_DigestInit(sha_ctx, EVP_sha512()) == 1);

  601. 		EVP_DigestUpdate(sha_ctx, m, mlen);

  602. 		EVP_DigestFinal(sha_ctx, h, NULL);

  603. 

  604. 		/* Key setup */

  605. 		lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  606. 		g_assert(lk != NULL);

  607. 		bn_pub = BN_bin2bn(pk, rspamd_cryptobox_pk_bytes(mode), NULL);

  608. 		g_assert(bn_pub != NULL);

  609. 		ec_pub = ec_point_bn2point_compat(EC_KEY_get0_group(lk), bn_pub, NULL, NULL);

  610. 		g_assert(ec_pub != NULL);

  611. 		g_assert(EC_KEY_set_public_key(lk, ec_pub) == 1);

  612. 

  613. 		/* ECDSA */

  614. 		ret = ECDSA_verify(0, h, sizeof(h), sig, siglen, lk) == 1;

  615. 

  616. 		EC_KEY_free(lk);

  617. 		EVP_MD_CTX_destroy(sha_ctx);

  618. 		BN_free(bn_pub);

  619. 		EC_POINT_free(ec_pub);

  620. #endif

  621. 	}

  622. 

  623. 	return ret;

  624. }

  625. 

  626. static gsize

  627. rspamd_cryptobox_encrypt_ctx_len(enum rspamd_cryptobox_mode mode)

  628. {

  629. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  630. 		return sizeof(chacha_state) + CRYPTOBOX_ALIGNMENT;

  631. 	}

  632. 	else {

  633. #ifndef HAVE_USABLE_OPENSSL

  634. 		g_assert(0);

  635. #else

  636. 		return sizeof(EVP_CIPHER_CTX *) + CRYPTOBOX_ALIGNMENT;

  637. #endif

  638. 	}

  639. 

  640. 	return 0;

  641. }

  642. 

  643. static gsize

  644. rspamd_cryptobox_auth_ctx_len(enum rspamd_cryptobox_mode mode)

  645. {

  646. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  647. 		return sizeof(crypto_onetimeauth_state) + RSPAMD_ALIGNOF(crypto_onetimeauth_state);

  648. 	}

  649. 	else {

  650. #ifndef HAVE_USABLE_OPENSSL

  651. 		g_assert(0);

  652. #else

  653. 		return sizeof(void *);

  654. #endif

  655. 	}

  656. 

  657. 	return 0;

  658. }

  659. 

  660. static void *

  661. rspamd_cryptobox_encrypt_init(void *enc_ctx, const rspamd_nonce_t nonce,

  662. 							  const rspamd_nm_t nm,

  663. 							  enum rspamd_cryptobox_mode mode)

  664. {

  665. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  666. 		chacha_state *s;

  667. 

  668. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  669. 		xchacha_init(s,

  670. 					 (const chacha_key *) nm,

  671. 					 (const chacha_iv24 *) nonce,

  672. 					 20);

  673. 

  674. 		return s;

  675. 	}

  676. 	else {

  677. #ifndef HAVE_USABLE_OPENSSL

  678. 		g_assert(0);

  679. #else

  680. 		EVP_CIPHER_CTX **s;

  681. 

  682. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  683. 		memset(s, 0, sizeof(*s));

  684. 		*s = EVP_CIPHER_CTX_new();

  685. 		g_assert(EVP_EncryptInit_ex(*s, EVP_aes_256_gcm(), NULL, NULL, NULL) == 1);

  686. 		g_assert(EVP_CIPHER_CTX_ctrl(*s, EVP_CTRL_GCM_SET_IVLEN,

  687. 									 rspamd_cryptobox_nonce_bytes(mode), NULL) == 1);

  688. 		g_assert(EVP_EncryptInit_ex(*s, NULL, NULL, nm, nonce) == 1);

  689. 

  690. 		return s;

  691. #endif

  692. 	}

  693. 

  694. 	return NULL;

  695. }

  696. 

  697. static void *

  698. rspamd_cryptobox_auth_init(void *auth_ctx, void *enc_ctx,

  699. 						   enum rspamd_cryptobox_mode mode)

  700. {

  701. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  702. 		crypto_onetimeauth_state *mac_ctx;

  703. 		guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES];

  704. 

  705. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  706. 		memset(subkey, 0, sizeof(subkey));

  707. 		chacha_update(enc_ctx, subkey, subkey, sizeof(subkey));

  708. 		crypto_onetimeauth_init(mac_ctx, subkey);

  709. 		rspamd_explicit_memzero(subkey, sizeof(subkey));

  710. 

  711. 		return mac_ctx;

  712. 	}

  713. 	else {

  714. #ifndef HAVE_USABLE_OPENSSL

  715. 		g_assert(0);

  716. #else

  717. 		auth_ctx = enc_ctx;

  718. 

  719. 		return auth_ctx;

  720. #endif

  721. 	}

  722. 

  723. 	return NULL;

  724. }

  725. 

  726. static gboolean

  727. rspamd_cryptobox_encrypt_update(void *enc_ctx, const guchar *in, gsize inlen,

  728. 								guchar *out, gsize *outlen,

  729. 								enum rspamd_cryptobox_mode mode)

  730. {

  731. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  732. 		gsize r;

  733. 		chacha_state *s;

  734. 

  735. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  736. 

  737. 		r = chacha_update(s, in, out, inlen);

  738. 

  739. 		if (outlen != NULL) {

  740. 			*outlen = r;

  741. 		}

  742. 

  743. 		return TRUE;

  744. 	}

  745. 	else {

  746. #ifndef HAVE_USABLE_OPENSSL

  747. 		g_assert(0);

  748. #else

  749. 		EVP_CIPHER_CTX **s = enc_ctx;

  750. 		gint r;

  751. 

  752. 		r = inlen;

  753. 		g_assert(EVP_EncryptUpdate(*s, out, &r, in, inlen) == 1);

  754. 

  755. 		if (outlen) {

  756. 			*outlen = r;

  757. 		}

  758. 

  759. 		return TRUE;

  760. #endif

  761. 	}

  762. 

  763. 	return FALSE;

  764. }

  765. 

  766. static gboolean

  767. rspamd_cryptobox_auth_update(void *auth_ctx, const guchar *in, gsize inlen,

  768. 							 enum rspamd_cryptobox_mode mode)

  769. {

  770. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  771. 		crypto_onetimeauth_state *mac_ctx;

  772. 

  773. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  774. 		crypto_onetimeauth_update(mac_ctx, in, inlen);

  775. 

  776. 		return TRUE;

  777. 	}

  778. 	else {

  779. #ifndef HAVE_USABLE_OPENSSL

  780. 		g_assert(0);

  781. #else

  782. 		return TRUE;

  783. #endif

  784. 	}

  785. 

  786. 	return FALSE;

  787. }

  788. 

  789. static gsize

  790. rspamd_cryptobox_encrypt_final(void *enc_ctx, guchar *out, gsize remain,

  791. 							   enum rspamd_cryptobox_mode mode)

  792. {

  793. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  794. 		chacha_state *s;

  795. 

  796. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  797. 		return chacha_final(s, out);

  798. 	}

  799. 	else {

  800. #ifndef HAVE_USABLE_OPENSSL

  801. 		g_assert(0);

  802. #else

  803. 		EVP_CIPHER_CTX **s = enc_ctx;

  804. 		gint r = remain;

  805. 

  806. 		g_assert(EVP_EncryptFinal_ex(*s, out, &r) == 1);

  807. 

  808. 		return r;

  809. #endif

  810. 	}

  811. 

  812. 	return 0;

  813. }

  814. 

  815. static gboolean

  816. rspamd_cryptobox_auth_final(void *auth_ctx, rspamd_mac_t sig,

  817. 							enum rspamd_cryptobox_mode mode)

  818. {

  819. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  820. 		crypto_onetimeauth_state *mac_ctx;

  821. 

  822. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  823. 		crypto_onetimeauth_final(mac_ctx, sig);

  824. 

  825. 		return TRUE;

  826. 	}

  827. 	else {

  828. #ifndef HAVE_USABLE_OPENSSL

  829. 		g_assert(0);

  830. #else

  831. 		EVP_CIPHER_CTX **s = auth_ctx;

  832. 

  833. 		g_assert(EVP_CIPHER_CTX_ctrl(*s, EVP_CTRL_GCM_GET_TAG,

  834. 									 sizeof(rspamd_mac_t), sig) == 1);

  835. 

  836. 		return TRUE;

  837. #endif

  838. 	}

  839. 

  840. 	return FALSE;

  841. }

  842. 

  843. static void *

  844. rspamd_cryptobox_decrypt_init(void *enc_ctx, const rspamd_nonce_t nonce,

  845. 							  const rspamd_nm_t nm,

  846. 							  enum rspamd_cryptobox_mode mode)

  847. {

  848. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  849. 

  850. 		chacha_state *s;

  851. 

  852. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  853. 		xchacha_init(s,

  854. 					 (const chacha_key *) nm,

  855. 					 (const chacha_iv24 *) nonce,

  856. 					 20);

  857. 

  858. 		return s;

  859. 	}

  860. 	else {

  861. #ifndef HAVE_USABLE_OPENSSL

  862. 		g_assert(0);

  863. #else

  864. 		EVP_CIPHER_CTX **s;

  865. 

  866. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  867. 		memset(s, 0, sizeof(*s));

  868. 		*s = EVP_CIPHER_CTX_new();

  869. 		g_assert(EVP_DecryptInit_ex(*s, EVP_aes_256_gcm(), NULL, NULL, NULL) == 1);

  870. 		g_assert(EVP_CIPHER_CTX_ctrl(*s, EVP_CTRL_GCM_SET_IVLEN,

  871. 									 rspamd_cryptobox_nonce_bytes(mode), NULL) == 1);

  872. 		g_assert(EVP_DecryptInit_ex(*s, NULL, NULL, nm, nonce) == 1);

  873. 

  874. 		return s;

  875. #endif

  876. 	}

  877. 

  878. 	return NULL;

  879. }

  880. 

  881. static void *

  882. rspamd_cryptobox_auth_verify_init(void *auth_ctx, void *enc_ctx,

  883. 								  enum rspamd_cryptobox_mode mode)

  884. {

  885. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  886. 		crypto_onetimeauth_state *mac_ctx;

  887. 		guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES];

  888. 

  889. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  890. 		memset(subkey, 0, sizeof(subkey));

  891. 		chacha_update(enc_ctx, subkey, subkey, sizeof(subkey));

  892. 		crypto_onetimeauth_init(mac_ctx, subkey);

  893. 		rspamd_explicit_memzero(subkey, sizeof(subkey));

  894. 

  895. 		return mac_ctx;

  896. 	}

  897. 	else {

  898. #ifndef HAVE_USABLE_OPENSSL

  899. 		g_assert(0);

  900. #else

  901. 		auth_ctx = enc_ctx;

  902. 

  903. 		return auth_ctx;

  904. #endif

  905. 	}

  906. 

  907. 	return NULL;

  908. }

  909. 

  910. static gboolean

  911. rspamd_cryptobox_decrypt_update(void *enc_ctx, const guchar *in, gsize inlen,

  912. 								guchar *out, gsize *outlen,

  913. 								enum rspamd_cryptobox_mode mode)

  914. {

  915. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  916. 		gsize r;

  917. 		chacha_state *s;

  918. 

  919. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  920. 		r = chacha_update(s, in, out, inlen);

  921. 

  922. 		if (outlen != NULL) {

  923. 			*outlen = r;

  924. 		}

  925. 

  926. 		return TRUE;

  927. 	}

  928. 	else {

  929. #ifndef HAVE_USABLE_OPENSSL

  930. 		g_assert(0);

  931. #else

  932. 		EVP_CIPHER_CTX **s = enc_ctx;

  933. 		gint r;

  934. 

  935. 		r = outlen ? *outlen : inlen;

  936. 		g_assert(EVP_DecryptUpdate(*s, out, &r, in, inlen) == 1);

  937. 

  938. 		if (outlen) {

  939. 			*outlen = r;

  940. 		}

  941. 

  942. 		return TRUE;

  943. #endif

  944. 	}

  945. }

  946. 

  947. static gboolean

  948. rspamd_cryptobox_auth_verify_update(void *auth_ctx,

  949. 									const guchar *in, gsize inlen,

  950. 									enum rspamd_cryptobox_mode mode)

  951. {

  952. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  953. 		crypto_onetimeauth_state *mac_ctx;

  954. 

  955. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  956. 		crypto_onetimeauth_update(mac_ctx, in, inlen);

  957. 

  958. 		return TRUE;

  959. 	}

  960. 	else {

  961. #ifndef HAVE_USABLE_OPENSSL

  962. 		/* We do not need to authenticate as a separate process */

  963. 		return TRUE;

  964. #else

  965. #endif

  966. 	}

  967. 

  968. 	return FALSE;

  969. }

  970. 

  971. static gboolean

  972. rspamd_cryptobox_decrypt_final(void *enc_ctx, guchar *out, gsize remain,

  973. 							   enum rspamd_cryptobox_mode mode)

  974. {

  975. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  976. 		chacha_state *s;

  977. 

  978. 		s = cryptobox_align_ptr(enc_ctx, CRYPTOBOX_ALIGNMENT);

  979. 		chacha_final(s, out);

  980. 

  981. 		return TRUE;

  982. 	}

  983. 	else {

  984. #ifndef HAVE_USABLE_OPENSSL

  985. 		g_assert(0);

  986. #else

  987. 		EVP_CIPHER_CTX **s = enc_ctx;

  988. 		gint r = remain;

  989. 

  990. 		if (EVP_DecryptFinal_ex(*s, out, &r) < 0) {

  991. 			return FALSE;

  992. 		}

  993. 

  994. 		return TRUE;

  995. #endif

  996. 	}

  997. 

  998. 	return FALSE;

  999. }

  1000. 

  1001. static gboolean

  1002. rspamd_cryptobox_auth_verify_final(void *auth_ctx, const rspamd_mac_t sig,

  1003. 								   enum rspamd_cryptobox_mode mode)

  1004. {

  1005. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1006. 		rspamd_mac_t mac;

  1007. 		crypto_onetimeauth_state *mac_ctx;

  1008. 

  1009. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  1010. 		crypto_onetimeauth_final(mac_ctx, mac);

  1011. 

  1012. 		if (crypto_verify_16(mac, sig) != 0) {

  1013. 			return FALSE;

  1014. 		}

  1015. 

  1016. 		return TRUE;

  1017. 	}

  1018. 	else {

  1019. #ifndef HAVE_USABLE_OPENSSL

  1020. 		g_assert(0);

  1021. #else

  1022. 		EVP_CIPHER_CTX **s = auth_ctx;

  1023. 

  1024. 		if (EVP_CIPHER_CTX_ctrl(*s, EVP_CTRL_GCM_SET_TAG, 16, (guchar *) sig) != 1) {

  1025. 			return FALSE;

  1026. 		}

  1027. 

  1028. 		return TRUE;

  1029. #endif

  1030. 	}

  1031. 

  1032. 	return FALSE;

  1033. }

  1034. 

  1035. 

  1036. static void

  1037. rspamd_cryptobox_cleanup(void *enc_ctx, void *auth_ctx,

  1038. 						 enum rspamd_cryptobox_mode mode)

  1039. {

  1040. 	if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1041. 		crypto_onetimeauth_state *mac_ctx;

  1042. 

  1043. 		mac_ctx = cryptobox_align_ptr(auth_ctx, CRYPTOBOX_ALIGNMENT);

  1044. 		rspamd_explicit_memzero(mac_ctx, sizeof(*mac_ctx));

  1045. 	}

  1046. 	else {

  1047. #ifndef HAVE_USABLE_OPENSSL

  1048. 		g_assert(0);

  1049. #else

  1050. 		EVP_CIPHER_CTX **s = enc_ctx;

  1051. 

  1052. 		EVP_CIPHER_CTX_cleanup(*s);

  1053. 		EVP_CIPHER_CTX_free(*s);

  1054. #endif

  1055. 	}

  1056. }

  1057. 

  1058. void rspamd_cryptobox_encrypt_nm_inplace(guchar *data, gsize len,

  1059. 										 const rspamd_nonce_t nonce,

  1060. 										 const rspamd_nm_t nm,

  1061. 										 rspamd_mac_t sig,

  1062. 										 enum rspamd_cryptobox_mode mode)

  1063. {

  1064. 	gsize r;

  1065. 	void *enc_ctx, *auth_ctx;

  1066. 

  1067. 	enc_ctx = g_alloca(rspamd_cryptobox_encrypt_ctx_len(mode));

  1068. 	auth_ctx = g_alloca(rspamd_cryptobox_auth_ctx_len(mode));

  1069. 

  1070. 	enc_ctx = rspamd_cryptobox_encrypt_init(enc_ctx, nonce, nm, mode);

  1071. 	auth_ctx = rspamd_cryptobox_auth_init(auth_ctx, enc_ctx, mode);

  1072. 

  1073. 	rspamd_cryptobox_encrypt_update(enc_ctx, data, len, data, &r, mode);

  1074. 	rspamd_cryptobox_encrypt_final(enc_ctx, data + r, len - r, mode);

  1075. 

  1076. 	rspamd_cryptobox_auth_update(auth_ctx, data, len, mode);

  1077. 	rspamd_cryptobox_auth_final(auth_ctx, sig, mode);

  1078. 

  1079. 	rspamd_cryptobox_cleanup(enc_ctx, auth_ctx, mode);

  1080. }

  1081. 

  1082. static void

  1083. rspamd_cryptobox_flush_outbuf(struct rspamd_cryptobox_segment *st,

  1084. 							  const guchar *buf, gsize len, gsize offset)

  1085. {

  1086. 	gsize cpy_len;

  1087. 

  1088. 	while (len > 0) {

  1089. 		cpy_len = MIN(len, st->len - offset);

  1090. 		memcpy(st->data + offset, buf, cpy_len);

  1091. 		st++;

  1092. 		buf += cpy_len;

  1093. 		len -= cpy_len;

  1094. 		offset = 0;

  1095. 	}

  1096. }

  1097. 

  1098. void rspamd_cryptobox_encryptv_nm_inplace(struct rspamd_cryptobox_segment *segments,

  1099. 										  gsize cnt,

  1100. 										  const rspamd_nonce_t nonce,

  1101. 										  const rspamd_nm_t nm, rspamd_mac_t sig,

  1102. 										  enum rspamd_cryptobox_mode mode)

  1103. {

  1104. 	struct rspamd_cryptobox_segment *cur = segments, *start_seg = segments;

  1105. 	guchar outbuf[CHACHA_BLOCKBYTES * 16];

  1106. 	void *enc_ctx, *auth_ctx;

  1107. 	guchar *out, *in;

  1108. 	gsize r, remain, inremain, seg_offset;

  1109. 

  1110. 	enc_ctx = g_alloca(rspamd_cryptobox_encrypt_ctx_len(mode));

  1111. 	auth_ctx = g_alloca(rspamd_cryptobox_auth_ctx_len(mode));

  1112. 

  1113. 	enc_ctx = rspamd_cryptobox_encrypt_init(enc_ctx, nonce, nm, mode);

  1114. 	auth_ctx = rspamd_cryptobox_auth_init(auth_ctx, enc_ctx, mode);

  1115. 

  1116. 	remain = sizeof(outbuf);

  1117. 	out = outbuf;

  1118. 	inremain = cur->len;

  1119. 	seg_offset = 0;

  1120. 

  1121. 	for (;;) {

  1122. 		if (cur - segments == (gint) cnt) {

  1123. 			break;

  1124. 		}

  1125. 

  1126. 		if (cur->len <= remain) {

  1127. 			memcpy(out, cur->data, cur->len);

  1128. 			remain -= cur->len;

  1129. 			out += cur->len;

  1130. 			cur++;

  1131. 

  1132. 			if (remain == 0) {

  1133. 				rspamd_cryptobox_encrypt_update(enc_ctx, outbuf, sizeof(outbuf),

  1134. 												outbuf, NULL, mode);

  1135. 				rspamd_cryptobox_auth_update(auth_ctx, outbuf, sizeof(outbuf),

  1136. 											 mode);

  1137. 				rspamd_cryptobox_flush_outbuf(start_seg, outbuf,

  1138. 											  sizeof(outbuf), seg_offset);

  1139. 				start_seg = cur;

  1140. 				seg_offset = 0;

  1141. 				remain = sizeof(outbuf);

  1142. 				out = outbuf;

  1143. 			}

  1144. 		}

  1145. 		else {

  1146. 			memcpy(out, cur->data, remain);

  1147. 			rspamd_cryptobox_encrypt_update(enc_ctx, outbuf, sizeof(outbuf),

  1148. 											outbuf, NULL, mode);

  1149. 			rspamd_cryptobox_auth_update(auth_ctx, outbuf, sizeof(outbuf),

  1150. 										 mode);

  1151. 			rspamd_cryptobox_flush_outbuf(start_seg, outbuf, sizeof(outbuf),

  1152. 										  seg_offset);

  1153. 			seg_offset = 0;

  1154. 

  1155. 			inremain = cur->len - remain;

  1156. 			in = cur->data + remain;

  1157. 			out = outbuf;

  1158. 			remain = 0;

  1159. 			start_seg = cur;

  1160. 

  1161. 			while (inremain > 0) {

  1162. 				if (sizeof(outbuf) <= inremain) {

  1163. 					memcpy(outbuf, in, sizeof(outbuf));

  1164. 					rspamd_cryptobox_encrypt_update(enc_ctx,

  1165. 													outbuf,

  1166. 													sizeof(outbuf),

  1167. 													outbuf,

  1168. 													NULL,

  1169. 													mode);

  1170. 					rspamd_cryptobox_auth_update(auth_ctx,

  1171. 												 outbuf,

  1172. 												 sizeof(outbuf),

  1173. 												 mode);

  1174. 					memcpy(in, outbuf, sizeof(outbuf));

  1175. 					in += sizeof(outbuf);

  1176. 					inremain -= sizeof(outbuf);

  1177. 					remain = sizeof(outbuf);

  1178. 				}

  1179. 				else {

  1180. 					memcpy(outbuf, in, inremain);

  1181. 					remain = sizeof(outbuf) - inremain;

  1182. 					out = outbuf + inremain;

  1183. 					inremain = 0;

  1184. 				}

  1185. 			}

  1186. 

  1187. 			seg_offset = cur->len - (sizeof(outbuf) - remain);

  1188. 			cur++;

  1189. 		}

  1190. 	}

  1191. 

  1192. 	rspamd_cryptobox_encrypt_update(enc_ctx, outbuf, sizeof(outbuf) - remain,

  1193. 									outbuf, &r, mode);

  1194. 	out = outbuf + r;

  1195. 	rspamd_cryptobox_encrypt_final(enc_ctx, out, sizeof(outbuf) - remain - r,

  1196. 								   mode);

  1197. 

  1198. 	rspamd_cryptobox_auth_update(auth_ctx, outbuf, sizeof(outbuf) - remain,

  1199. 								 mode);

  1200. 	rspamd_cryptobox_auth_final(auth_ctx, sig, mode);

  1201. 

  1202. 	rspamd_cryptobox_flush_outbuf(start_seg, outbuf, sizeof(outbuf) - remain,

  1203. 								  seg_offset);

  1204. 	rspamd_cryptobox_cleanup(enc_ctx, auth_ctx, mode);

  1205. }

  1206. 

  1207. gboolean

  1208. rspamd_cryptobox_decrypt_nm_inplace(guchar *data, gsize len,

  1209. 									const rspamd_nonce_t nonce, const rspamd_nm_t nm,

  1210. 									const rspamd_mac_t sig, enum rspamd_cryptobox_mode mode)

  1211. {

  1212. 	gsize r = 0;

  1213. 	gboolean ret = TRUE;

  1214. 	void *enc_ctx, *auth_ctx;

  1215. 

  1216. 	enc_ctx = g_alloca(rspamd_cryptobox_encrypt_ctx_len(mode));

  1217. 	auth_ctx = g_alloca(rspamd_cryptobox_auth_ctx_len(mode));

  1218. 

  1219. 	enc_ctx = rspamd_cryptobox_decrypt_init(enc_ctx, nonce, nm, mode);

  1220. 	auth_ctx = rspamd_cryptobox_auth_verify_init(auth_ctx, enc_ctx, mode);

  1221. 

  1222. 	rspamd_cryptobox_auth_verify_update(auth_ctx, data, len, mode);

  1223. 

  1224. 	if (!rspamd_cryptobox_auth_verify_final(auth_ctx, sig, mode)) {

  1225. 		ret = FALSE;

  1226. 	}

  1227. 	else {

  1228. 		rspamd_cryptobox_decrypt_update(enc_ctx, data, len, data, &r, mode);

  1229. 		ret = rspamd_cryptobox_decrypt_final(enc_ctx, data + r, len - r, mode);

  1230. 	}

  1231. 

  1232. 	rspamd_cryptobox_cleanup(enc_ctx, auth_ctx, mode);

  1233. 

  1234. 	return ret;

  1235. }

  1236. 

  1237. gboolean

  1238. rspamd_cryptobox_decrypt_inplace(guchar *data, gsize len,

  1239. 								 const rspamd_nonce_t nonce,

  1240. 								 const rspamd_pk_t pk, const rspamd_sk_t sk,

  1241. 								 const rspamd_mac_t sig,

  1242. 								 enum rspamd_cryptobox_mode mode)

  1243. {

  1244. 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];

  1245. 	gboolean ret;

  1246. 

  1247. 	rspamd_cryptobox_nm(nm, pk, sk, mode);

  1248. 	ret = rspamd_cryptobox_decrypt_nm_inplace(data, len, nonce, nm, sig, mode);

  1249. 

  1250. 	rspamd_explicit_memzero(nm, sizeof(nm));

  1251. 

  1252. 	return ret;

  1253. }

  1254. 

  1255. void rspamd_cryptobox_encrypt_inplace(guchar *data, gsize len,

  1256. 									  const rspamd_nonce_t nonce,

  1257. 									  const rspamd_pk_t pk, const rspamd_sk_t sk,

  1258. 									  rspamd_mac_t sig,

  1259. 									  enum rspamd_cryptobox_mode mode)

  1260. {

  1261. 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];

  1262. 

  1263. 	rspamd_cryptobox_nm(nm, pk, sk, mode);

  1264. 	rspamd_cryptobox_encrypt_nm_inplace(data, len, nonce, nm, sig, mode);

  1265. 	rspamd_explicit_memzero(nm, sizeof(nm));

  1266. }

  1267. 

  1268. void rspamd_cryptobox_encryptv_inplace(struct rspamd_cryptobox_segment *segments,

  1269. 									   gsize cnt,

  1270. 									   const rspamd_nonce_t nonce,

  1271. 									   const rspamd_pk_t pk, const rspamd_sk_t sk,

  1272. 									   rspamd_mac_t sig,

  1273. 									   enum rspamd_cryptobox_mode mode)

  1274. {

  1275. 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];

  1276. 

  1277. 	rspamd_cryptobox_nm(nm, pk, sk, mode);

  1278. 	rspamd_cryptobox_encryptv_nm_inplace(segments, cnt, nonce, nm, sig, mode);

  1279. 	rspamd_explicit_memzero(nm, sizeof(nm));

  1280. }

  1281. 

  1282. 

  1283. void rspamd_cryptobox_siphash(unsigned char *out, const unsigned char *in,

  1284. 							  unsigned long long inlen,

  1285. 							  const rspamd_sipkey_t k)

  1286. {

  1287. 	crypto_shorthash_siphash24(out, in, inlen, k);

  1288. }

  1289. 

  1290. /*

  1291.  * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).

  1292.  * Code based on IEEE Std 802.11-2007, Annex H.4.2.

  1293.  */

  1294. static gboolean

  1295. rspamd_cryptobox_pbkdf2(const char *pass, gsize pass_len,

  1296. 						const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,

  1297. 						unsigned int rounds)

  1298. {

  1299. 	guint8 *asalt, obuf[crypto_generichash_blake2b_BYTES_MAX];

  1300. 	guint8 d1[crypto_generichash_blake2b_BYTES_MAX],

  1301. 		d2[crypto_generichash_blake2b_BYTES_MAX];

  1302. 	unsigned int i, j;

  1303. 	unsigned int count;

  1304. 	gsize r;

  1305. 

  1306. 	if (rounds < 1 || key_len == 0) {

  1307. 		return FALSE;

  1308. 	}

  1309. 	if (salt_len == 0 || salt_len > G_MAXSIZE - 4) {

  1310. 		return FALSE;

  1311. 	}

  1312. 

  1313. 	asalt = g_malloc(salt_len + 4);

  1314. 	memcpy(asalt, salt, salt_len);

  1315. 

  1316. 	for (count = 1; key_len > 0; count++) {

  1317. 		asalt[salt_len + 0] = (count >> 24) & 0xff;

  1318. 		asalt[salt_len + 1] = (count >> 16) & 0xff;

  1319. 		asalt[salt_len + 2] = (count >> 8) & 0xff;

  1320. 		asalt[salt_len + 3] = count & 0xff;

  1321. 

  1322. 		if (pass_len <= crypto_generichash_blake2b_KEYBYTES_MAX) {

  1323. 			crypto_generichash_blake2b(d1, sizeof(d1), asalt, salt_len + 4,

  1324. 									   pass, pass_len);

  1325. 		}

  1326. 		else {

  1327. 			guint8 k[crypto_generichash_blake2b_BYTES_MAX];

  1328. 

  1329. 			/*

  1330. 			 * We use additional blake2 iteration to store large key

  1331. 			 * XXX: it is not compatible with the original implementation but safe

  1332. 			 */

  1333. 			crypto_generichash_blake2b(k, sizeof(k), pass, pass_len,

  1334. 									   NULL, 0);

  1335. 			crypto_generichash_blake2b(d1, sizeof(d1), asalt, salt_len + 4,

  1336. 									   k, sizeof(k));

  1337. 		}

  1338. 

  1339. 		memcpy(obuf, d1, sizeof(obuf));

  1340. 

  1341. 		for (i = 1; i < rounds; i++) {

  1342. 			if (pass_len <= crypto_generichash_blake2b_KEYBYTES_MAX) {

  1343. 				crypto_generichash_blake2b(d2, sizeof(d2), d1, sizeof(d1),

  1344. 										   pass, pass_len);

  1345. 			}

  1346. 			else {

  1347. 				guint8 k[crypto_generichash_blake2b_BYTES_MAX];

  1348. 

  1349. 				/*

  1350. 				 * We use additional blake2 iteration to store large key

  1351. 				 * XXX: it is not compatible with the original implementation but safe

  1352. 				 */

  1353. 				crypto_generichash_blake2b(k, sizeof(k), pass, pass_len,

  1354. 										   NULL, 0);

  1355. 				crypto_generichash_blake2b(d2, sizeof(d2), d1, sizeof(d1),

  1356. 										   k, sizeof(k));

  1357. 			}

  1358. 

  1359. 			memcpy(d1, d2, sizeof(d1));

  1360. 

  1361. 			for (j = 0; j < sizeof(obuf); j++) {

  1362. 				obuf[j] ^= d1[j];

  1363. 			}

  1364. 		}

  1365. 

  1366. 		r = MIN(key_len, crypto_generichash_blake2b_BYTES_MAX);

  1367. 		memcpy(key, obuf, r);

  1368. 		key += r;

  1369. 		key_len -= r;

  1370. 	}

  1371. 

  1372. 	rspamd_explicit_memzero(asalt, salt_len + 4);

  1373. 	g_free(asalt);

  1374. 	rspamd_explicit_memzero(d1, sizeof(d1));

  1375. 	rspamd_explicit_memzero(d2, sizeof(d2));

  1376. 	rspamd_explicit_memzero(obuf, sizeof(obuf));

  1377. 

  1378. 	return TRUE;

  1379. }

  1380. 

  1381. gboolean

  1382. rspamd_cryptobox_pbkdf(const char *pass, gsize pass_len,

  1383. 					   const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len,

  1384. 					   unsigned int complexity, enum rspamd_cryptobox_pbkdf_type type)

  1385. {

  1386. 	gboolean ret = FALSE;

  1387. 

  1388. 	switch (type) {

  1389. 	case RSPAMD_CRYPTOBOX_CATENA:

  1390. 		if (catena(pass, pass_len, salt, salt_len, "rspamd", 6,

  1391. 				   4, complexity, complexity, key_len, key) == 0) {

  1392. 			ret = TRUE;

  1393. 		}

  1394. 		break;

  1395. 	case RSPAMD_CRYPTOBOX_PBKDF2:

  1396. 	default:

  1397. 		ret = rspamd_cryptobox_pbkdf2(pass, pass_len, salt, salt_len, key,

  1398. 									  key_len, complexity);

  1399. 		break;

  1400. 	}

  1401. 

  1402. 	return ret;

  1403. }

  1404. 

  1405. guint rspamd_cryptobox_pk_bytes(enum rspamd_cryptobox_mode mode)

  1406. {

  1407. 	if (G_UNLIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1408. 		return 32;

  1409. 	}

  1410. 	else {

  1411. 		return 65;

  1412. 	}

  1413. }

  1414. 

  1415. guint rspamd_cryptobox_pk_sig_bytes(enum rspamd_cryptobox_mode mode)

  1416. {

  1417. 	if (G_UNLIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1418. 		return 32;

  1419. 	}

  1420. 	else {

  1421. 		return 65;

  1422. 	}

  1423. }

  1424. 

  1425. guint rspamd_cryptobox_nonce_bytes(enum rspamd_cryptobox_mode mode)

  1426. {

  1427. 	if (G_UNLIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1428. 		return 24;

  1429. 	}

  1430. 	else {

  1431. 		return 16;

  1432. 	}

  1433. }

  1434. 

  1435. 

  1436. guint rspamd_cryptobox_sk_bytes(enum rspamd_cryptobox_mode mode)

  1437. {

  1438. 	return 32;

  1439. }

  1440. 

  1441. guint rspamd_cryptobox_sk_sig_bytes(enum rspamd_cryptobox_mode mode)

  1442. {

  1443. 	if (G_UNLIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1444. 		return 64;

  1445. 	}

  1446. 	else {

  1447. 		return 32;

  1448. 	}

  1449. }

  1450. 

  1451. guint rspamd_cryptobox_signature_bytes(enum rspamd_cryptobox_mode mode)

  1452. {

  1453. 	static guint ssl_keylen;

  1454. 

  1455. 	if (G_UNLIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {

  1456. 		return 64;

  1457. 	}

  1458. 	else {

  1459. #ifndef HAVE_USABLE_OPENSSL

  1460. 		g_assert(0);

  1461. #else

  1462. 		if (ssl_keylen == 0) {

  1463. 			EC_KEY *lk;

  1464. 			lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);

  1465. 			ssl_keylen = ECDSA_size(lk);

  1466. 			EC_KEY_free(lk);

  1467. 		}

  1468. #endif

  1469. 		return ssl_keylen;

  1470. 	}

  1471. }

  1472. 

  1473. guint rspamd_cryptobox_nm_bytes(enum rspamd_cryptobox_mode mode)

  1474. {

  1475. 	return 32;

  1476. }

  1477. 

  1478. guint rspamd_cryptobox_mac_bytes(enum rspamd_cryptobox_mode mode)

  1479. {

  1480. 	return 16;

  1481. }

  1482. 

  1483. void rspamd_cryptobox_hash_init(rspamd_cryptobox_hash_state_t *p, const guchar *key, gsize keylen)

  1484. {

  1485. 	crypto_generichash_blake2b_state *st = cryptobox_align_ptr(p,

  1486. 															   RSPAMD_ALIGNOF(crypto_generichash_blake2b_state));

  1487. 	crypto_generichash_blake2b_init(st, key, keylen,

  1488. 									crypto_generichash_blake2b_BYTES_MAX);

  1489. }

  1490. 

  1491. /**

  1492.  * Update hash with data portion

  1493.  */

  1494. void rspamd_cryptobox_hash_update(rspamd_cryptobox_hash_state_t *p, const guchar *data, gsize len)

  1495. {

  1496. 	crypto_generichash_blake2b_state *st = cryptobox_align_ptr(p,

  1497. 															   RSPAMD_ALIGNOF(crypto_generichash_blake2b_state));

  1498. 	crypto_generichash_blake2b_update(st, data, len);

  1499. }

  1500. 

  1501. /**

  1502.  * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length

  1503.  */

  1504. void rspamd_cryptobox_hash_final(rspamd_cryptobox_hash_state_t *p, guchar *out)

  1505. {

  1506. 	crypto_generichash_blake2b_state *st = cryptobox_align_ptr(p,

  1507. 															   RSPAMD_ALIGNOF(crypto_generichash_blake2b_state));

  1508. 	crypto_generichash_blake2b_final(st, out, crypto_generichash_blake2b_BYTES_MAX);

  1509. }

  1510. 

  1511. /**

  1512.  * One in all function

  1513.  */

  1514. void rspamd_cryptobox_hash(guchar *out,

  1515. 						   const guchar *data,

  1516. 						   gsize len,

  1517. 						   const guchar *key,

  1518. 						   gsize keylen)

  1519. {

  1520. 	crypto_generichash_blake2b(out, crypto_generichash_blake2b_BYTES_MAX,

  1521. 							   data, len, key, keylen);

  1522. }

  1523. 

  1524. G_STATIC_ASSERT(sizeof(t1ha_context_t) <=

  1525. 				sizeof(((rspamd_cryptobox_fast_hash_state_t *) NULL)->opaque));

  1526. G_STATIC_ASSERT(sizeof(struct XXH3_state_s) <=

  1527. 				sizeof(((rspamd_cryptobox_fast_hash_state_t *) NULL)->opaque));

  1528. 

  1529. 

  1530. struct RSPAMD_ALIGNED(16) _mum_iuf {

  1531. 	union {

  1532. 		int64_t ll;

  1533. 		unsigned char b[sizeof(uint64_t)];

  1534. 	} buf;

  1535. 	int64_t h;

  1536. 	unsigned rem;

  1537. };

  1538. 

  1539. rspamd_cryptobox_fast_hash_state_t *

  1540. rspamd_cryptobox_fast_hash_new(void)

  1541. {

  1542. 	rspamd_cryptobox_fast_hash_state_t *nst;

  1543. 	int ret = posix_memalign((void **) &nst, RSPAMD_ALIGNOF(rspamd_cryptobox_fast_hash_state_t),

  1544. 							 sizeof(rspamd_cryptobox_fast_hash_state_t));

  1545. 

  1546. 	if (ret != 0) {

  1547. 		abort();

  1548. 	}

  1549. 

  1550. 	return nst;

  1551. }

  1552. 

  1553. void rspamd_cryptobox_fast_hash_free(rspamd_cryptobox_fast_hash_state_t *st)

  1554. {

  1555. 	free(st);

  1556. }

  1557. 

  1558. void rspamd_cryptobox_fast_hash_init(rspamd_cryptobox_fast_hash_state_t *st,

  1559. 									 uint64_t seed)

  1560. {

  1561. 	XXH3_state_t *xst = (XXH3_state_t *) st->opaque;

  1562. 	st->type = RSPAMD_CRYPTOBOX_XXHASH3;

  1563. 	XXH3_INITSTATE(xst);

  1564. 	XXH3_64bits_reset_withSeed(xst, seed);

  1565. }

  1566. 

  1567. void rspamd_cryptobox_fast_hash_init_specific(rspamd_cryptobox_fast_hash_state_t *st,

  1568. 											  enum rspamd_cryptobox_fast_hash_type type,

  1569. 											  uint64_t seed)

  1570. {

  1571. 	switch (type) {

  1572. 	case RSPAMD_CRYPTOBOX_T1HA:

  1573. 	case RSPAMD_CRYPTOBOX_HASHFAST:

  1574. 	case RSPAMD_CRYPTOBOX_HASHFAST_INDEPENDENT: {

  1575. 		t1ha_context_t *rst = (t1ha_context_t *) st->opaque;

  1576. 		st->type = RSPAMD_CRYPTOBOX_T1HA;

  1577. 		t1ha2_init(rst, seed, 0);

  1578. 		break;

  1579. 	}

  1580. 	case RSPAMD_CRYPTOBOX_XXHASH64: {

  1581. 		XXH64_state_t *xst = (XXH64_state_t *) st->opaque;

  1582. 		memset(xst, 0, sizeof(*xst));

  1583. 		st->type = RSPAMD_CRYPTOBOX_XXHASH64;

  1584. 		XXH64_reset(xst, seed);

  1585. 		break;

  1586. 	}

  1587. 	case RSPAMD_CRYPTOBOX_XXHASH32: {

  1588. 		XXH32_state_t *xst = (XXH32_state_t *) st->opaque;

  1589. 		memset(xst, 0, sizeof(*xst));

  1590. 		st->type = RSPAMD_CRYPTOBOX_XXHASH32;

  1591. 		XXH32_reset(xst, seed);

  1592. 		break;

  1593. 	}

  1594. 	case RSPAMD_CRYPTOBOX_XXHASH3: {

  1595. 		XXH3_state_t *xst = (XXH3_state_t *) st->opaque;

  1596. 		XXH3_INITSTATE(xst);

  1597. 		st->type = RSPAMD_CRYPTOBOX_XXHASH3;

  1598. 		XXH3_64bits_reset_withSeed(xst, seed);

  1599. 		break;

  1600. 	}

  1601. 	case RSPAMD_CRYPTOBOX_MUMHASH: {

  1602. 		struct _mum_iuf *iuf = (struct _mum_iuf *) st->opaque;

  1603. 		st->type = RSPAMD_CRYPTOBOX_MUMHASH;

  1604. 		iuf->h = seed;

  1605. 		iuf->buf.ll = 0;

  1606. 		iuf->rem = 0;

  1607. 		break;

  1608. 	}

  1609. 	}

  1610. }

  1611. 

  1612. void rspamd_cryptobox_fast_hash_update(rspamd_cryptobox_fast_hash_state_t *st,

  1613. 									   const void *data, gsize len)

  1614. {

  1615. 	if (st->type == RSPAMD_CRYPTOBOX_T1HA) {

  1616. 		t1ha_context_t *rst = (t1ha_context_t *) st->opaque;

  1617. 		t1ha2_update(rst, data, len);

  1618. 	}

  1619. 	else {

  1620. 		switch (st->type) {

  1621. 		case RSPAMD_CRYPTOBOX_XXHASH64: {

  1622. 			XXH64_state_t *xst = (XXH64_state_t *) st->opaque;

  1623. 			XXH64_update(xst, data, len);

  1624. 			break;

  1625. 		}

  1626. 		case RSPAMD_CRYPTOBOX_XXHASH32: {

  1627. 			XXH32_state_t *xst = (XXH32_state_t *) st->opaque;

  1628. 			XXH32_update(xst, data, len);

  1629. 			break;

  1630. 		}

  1631. 		case RSPAMD_CRYPTOBOX_XXHASH3: {

  1632. 			XXH3_state_t *xst = (XXH3_state_t *) st->opaque;

  1633. 			XXH3_64bits_update(xst, data, len);

  1634. 			break;

  1635. 		}

  1636. 		case RSPAMD_CRYPTOBOX_MUMHASH: {

  1637. 			struct _mum_iuf *iuf = (struct _mum_iuf *) st->opaque;

  1638. 			gsize drem = len;

  1639. 			const guchar *p = data;

  1640. 

  1641. 			if (iuf->rem > 0) {

  1642. 				/* Process remainder */

  1643. 				if (drem >= iuf->rem) {

  1644. 					memcpy(iuf->buf.b + sizeof(iuf->buf.ll) - iuf->rem,

  1645. 						   p, iuf->rem);

  1646. 					drem -= iuf->rem;

  1647. 					p += iuf->rem;

  1648. 					iuf->h = mum_hash_step(iuf->h, iuf->buf.ll);

  1649. 					iuf->rem = 0;

  1650. 				}

  1651. 				else {

  1652. 					memcpy(iuf->buf.b + sizeof(iuf->buf.ll) - iuf->rem, p, drem);

  1653. 					iuf->rem -= drem;

  1654. 					drem = 0;

  1655. 				}

  1656. 			}

  1657. 

  1658. 			while (drem >= sizeof(iuf->buf.ll)) {

  1659. 				memcpy(iuf->buf.b, p, sizeof(iuf->buf.ll));

  1660. 				iuf->h = mum_hash_step(iuf->h, iuf->buf.ll);

  1661. 				drem -= sizeof(iuf->buf.ll);

  1662. 				p += sizeof(iuf->buf.ll);

  1663. 			}

  1664. 

  1665. 			/* Leftover */

  1666. 			if (drem > 0) {

  1667. 				iuf->rem = sizeof(uint64_t) - drem;

  1668. 				iuf->buf.ll = 0;

  1669. 				memcpy(iuf->buf.b, p, drem);

  1670. 			}

  1671. 			break;

  1672. 		}

  1673. 		case RSPAMD_CRYPTOBOX_T1HA:

  1674. 		case RSPAMD_CRYPTOBOX_HASHFAST:

  1675. 		case RSPAMD_CRYPTOBOX_HASHFAST_INDEPENDENT: {

  1676. 			t1ha_context_t *rst = (t1ha_context_t *) st->opaque;

  1677. 			t1ha2_update(rst, data, len);

  1678. 			break;

  1679. 		}

  1680. 		}

  1681. 	}

  1682. }

  1683. 

  1684. uint64_t

  1685. rspamd_cryptobox_fast_hash_final(rspamd_cryptobox_fast_hash_state_t *st)

  1686. {

  1687. 	uint64_t ret;

  1688. 

  1689. 	if (st->type == RSPAMD_CRYPTOBOX_T1HA) {

  1690. 		t1ha_context_t *rst = (t1ha_context_t *) st->opaque;

  1691. 

  1692. 		return t1ha2_final(rst, NULL);

  1693. 	}

  1694. 	else {

  1695. 		switch (st->type) {

  1696. 		case RSPAMD_CRYPTOBOX_XXHASH64: {

  1697. 			XXH64_state_t *xst = (XXH64_state_t *) st->opaque;

  1698. 			ret = XXH64_digest(xst);

  1699. 			break;

  1700. 		}

  1701. 		case RSPAMD_CRYPTOBOX_XXHASH32: {

  1702. 			XXH32_state_t *xst = (XXH32_state_t *) st->opaque;

  1703. 			ret = XXH32_digest(xst);

  1704. 			break;

  1705. 		}

  1706. 		case RSPAMD_CRYPTOBOX_XXHASH3: {

  1707. 			XXH3_state_t *xst = (XXH3_state_t *) st->opaque;

  1708. 			ret = XXH3_64bits_digest(xst);

  1709. 			break;

  1710. 		}

  1711. 		case RSPAMD_CRYPTOBOX_MUMHASH: {

  1712. 			struct _mum_iuf *iuf = (struct _mum_iuf *) st->opaque;

  1713. 			iuf->h = mum_hash_step(iuf->h, iuf->buf.ll);

  1714. 			ret = mum_hash_finish(iuf->h);

  1715. 			break;

  1716. 		}

  1717. 		case RSPAMD_CRYPTOBOX_T1HA:

  1718. 		case RSPAMD_CRYPTOBOX_HASHFAST:

  1719. 		case RSPAMD_CRYPTOBOX_HASHFAST_INDEPENDENT: {

  1720. 			t1ha_context_t *rst = (t1ha_context_t *) st->opaque;

  1721. 

  1722. 			ret = t1ha2_final(rst, NULL);

  1723. 			break;

  1724. 		}

  1725. 		}

  1726. 	}

  1727. 

  1728. 	return ret;

  1729. }

  1730. 

  1731. /**

  1732.  * One in all function

  1733.  */

  1734. static inline uint64_t

  1735. rspamd_cryptobox_fast_hash_machdep(const void *data,

  1736. 								   gsize len, uint64_t seed)

  1737. {

  1738. 	return XXH3_64bits_withSeed(data, len, seed);

  1739. }

  1740. 

  1741. static inline uint64_t

  1742. rspamd_cryptobox_fast_hash_indep(const void *data,

  1743. 								 gsize len, uint64_t seed)

  1744. {

  1745. 	return XXH3_64bits_withSeed(data, len, seed);

  1746. }

  1747. 

  1748. uint64_t

  1749. rspamd_cryptobox_fast_hash(const void *data,

  1750. 						   gsize len, uint64_t seed)

  1751. {

  1752. 	return rspamd_cryptobox_fast_hash_machdep(data, len, seed);

  1753. }

  1754. 

  1755. uint64_t

  1756. rspamd_cryptobox_fast_hash_specific(

  1757. 	enum rspamd_cryptobox_fast_hash_type type,

  1758. 	const void *data,

  1759. 	gsize len, uint64_t seed)

  1760. {

  1761. 	switch (type) {

  1762. 	case RSPAMD_CRYPTOBOX_XXHASH32:

  1763. 		return XXH32(data, len, seed);

  1764. 	case RSPAMD_CRYPTOBOX_XXHASH3:

  1765. 		return XXH3_64bits_withSeed(data, len, seed);

  1766. 	case RSPAMD_CRYPTOBOX_XXHASH64:

  1767. 		return XXH64(data, len, seed);

  1768. 	case RSPAMD_CRYPTOBOX_MUMHASH:

  1769. 		return mum_hash(data, len, seed);

  1770. 	case RSPAMD_CRYPTOBOX_T1HA:

  1771. 		return t1ha2_atonce(data, len, seed);

  1772. 	case RSPAMD_CRYPTOBOX_HASHFAST_INDEPENDENT:

  1773. 		return rspamd_cryptobox_fast_hash_indep(data, len, seed);

  1774. 	case RSPAMD_CRYPTOBOX_HASHFAST:

  1775. 	default:

  1776. 		return rspamd_cryptobox_fast_hash_machdep(data, len, seed);

  1777. 	}

  1778. }