aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-09 12:41:28 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-09 12:41:28 +0100
commitc1e80bdef0fdce05631cdc6a697d9832895b3d5a (patch)
tree5598524cf7a14e467aab9b126ec97143a44943c1
parent85e5de3d81b8bf6ef7bf4592ff77d56cd59191c6 (diff)
downloadrspamd-c1e80bdef0fdce05631cdc6a697d9832895b3d5a.tar.gz
rspamd-c1e80bdef0fdce05631cdc6a697d9832895b3d5a.zip
[Minor] Add ability to encrypt data using pubkey only
-rw-r--r--src/libcryptobox/keypair.c50
-rw-r--r--src/libcryptobox/keypair.h17
2 files changed, 66 insertions, 1 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index 21b497130..c8fa5633a 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -978,6 +978,7 @@ rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,
return TRUE;
}
+
gboolean
rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
const guchar *in, gsize inlen,
@@ -1026,4 +1027,53 @@ rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
}
return TRUE;
+}
+
+gboolean
+rspamd_pubkey_encrypt (struct rspamd_cryptobox_pubkey *pk,
+ const guchar *in, gsize inlen,
+ guchar **out, gsize *outlen,
+ GError **err)
+{
+ guchar *nonce, *mac, *data, *pubkey;
+ struct rspamd_cryptobox_keypair *local;
+ gsize olen;
+
+ g_assert (pk != NULL);
+ g_assert (in != NULL);
+
+ if (pk->type != RSPAMD_KEYPAIR_KEX) {
+ g_set_error (err, rspamd_keypair_quark (), EINVAL,
+ "invalid pubkey type");
+
+ return FALSE;
+ }
+
+ local = rspamd_keypair_new (pk->type, pk->alg);
+
+ olen = inlen + sizeof (encrypted_magic) +
+ rspamd_cryptobox_pk_bytes (pk->alg) +
+ rspamd_cryptobox_mac_bytes (pk->alg) +
+ rspamd_cryptobox_nonce_bytes (pk->alg);
+ *out = g_malloc (olen);
+ memcpy (*out, encrypted_magic, sizeof (encrypted_magic));
+ pubkey = *out + sizeof (encrypted_magic);
+ mac = pubkey + rspamd_cryptobox_pk_bytes (pk->alg);
+ nonce = mac + rspamd_cryptobox_mac_bytes (pk->alg);
+ data = nonce + rspamd_cryptobox_nonce_bytes (pk->alg);
+
+ ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (pk->alg));
+ memcpy (data, in, inlen);
+ memcpy (pubkey, rspamd_pubkey_get_pk (pk, NULL),
+ rspamd_cryptobox_pk_bytes (pk->alg));
+ rspamd_cryptobox_encrypt_inplace (data, inlen, nonce, pubkey,
+ rspamd_keypair_component (local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
+ mac, pk->alg);
+ rspamd_keypair_unref (local);
+
+ if (outlen) {
+ *outlen = olen;
+ }
+
+ return TRUE;
} \ No newline at end of file
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
index 3e78e7cbb..d7c386b91 100644
--- a/src/libcryptobox/keypair.h
+++ b/src/libcryptobox/keypair.h
@@ -303,6 +303,21 @@ gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
const guchar *in, gsize inlen,
guchar **out, gsize *outlen,
GError **err);
-
+/**
+ * Encrypts data usign specific pubkey (must have KEX type).
+ * This method actually generates ephemeral local keypair, use public key from
+ * the remote keypair and encrypts data
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @param err pointer to error
+ * @return TRUE if encryption has been completed, out must be freed in this case
+ */
+gboolean rspamd_pubkey_encrypt (struct rspamd_cryptobox_pubkey *pk,
+ const guchar *in, gsize inlen,
+ guchar **out, gsize *outlen,
+ GError **err);
#endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */