diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-01-28 22:52:58 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-01-28 22:52:58 +0000 |
| commit | 1ff1b64500d0423a7a2bf8f4ef66ebec2de1a201 (patch) | |
| tree | 689172d327250f12af629aecf500a89f179a41cc | |
| parent | ff7aec707dd37abe4f2bd71ddee50cfa5499c98d (diff) | |
| parent | d68fea7bc475bdcb88ec8ca85b5567734fc8e7da (diff) | |
| download | rspamd-1ff1b64500d0423a7a2bf8f4ef66ebec2de1a201.tar.gz rspamd-1ff1b64500d0423a7a2bf8f4ef66ebec2de1a201.zip | |
Merge branch 'crypto'
| -rw-r--r-- | CMakeLists.txt | 2 | ||||
| -rw-r--r-- | contrib/blake2/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | contrib/libottery/CMakeLists.txt | 6 | ||||
| -rw-r--r-- | contrib/tweetnacl/CMakeLists.txt | 8 | ||||
| -rw-r--r-- | contrib/tweetnacl/tweetnacl.c | 895 | ||||
| -rw-r--r-- | contrib/tweetnacl/tweetnacl.h | 277 | ||||
| -rw-r--r-- | src/libutil/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | src/libutil/http.c | 239 | ||||
| -rw-r--r-- | src/libutil/http.h | 30 | ||||
| -rw-r--r-- | src/libutil/util.c | 82 | ||||
| -rw-r--r-- | src/libutil/util.h | 8 |
11 files changed, 1533 insertions, 19 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 955a6fcbf..bb3c946b8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -832,6 +832,7 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/src" "${CMAKE_SOURCE_DIR}/contrib/snowball/include" "${CMAKE_SOURCE_DIR}/contrib/siphash" "${CMAKE_SOURCE_DIR}/contrib/blake2" + "${CMAKE_SOURCE_DIR}/contrib/tweetnacl" "${CMAKE_SOURCE_DIR}/src/rdns/include") ################################ SUBDIRS SECTION ########################### @@ -854,6 +855,7 @@ ADD_SUBDIRECTORY(contrib/libottery) ADD_SUBDIRECTORY(contrib/snowball) ADD_SUBDIRECTORY(contrib/siphash) ADD_SUBDIRECTORY(contrib/blake2) +ADD_SUBDIRECTORY(contrib/tweetnacl) ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(test) diff --git a/contrib/blake2/CMakeLists.txt b/contrib/blake2/CMakeLists.txt index 58c79450b..76ea48591 100644 --- a/contrib/blake2/CMakeLists.txt +++ b/contrib/blake2/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 2.6) set(BLAKE_SRC blake2b-ref.c) +add_library(blake2 STATIC "${BLAKE_SRC}") if ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang" OR "${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3") + set_target_properties(blake2 PROPERTIES COMPILER_FLAGS "-O3") endif () -add_library(blake2 STATIC "${BLAKE_SRC}") diff --git a/contrib/libottery/CMakeLists.txt b/contrib/libottery/CMakeLists.txt index 0483c49f3..a2b3d8c0a 100644 --- a/contrib/libottery/CMakeLists.txt +++ b/contrib/libottery/CMakeLists.txt @@ -3,7 +3,7 @@ SET(OTTERYSRC chacha_merged.c ottery_cpuinfo.c ottery_entropy.c ottery_global.c) +ADD_LIBRARY(ottery STATIC ${OTTERYSRC}) if ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang" OR "${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3") -endif () -ADD_LIBRARY(ottery STATIC ${OTTERYSRC})
\ No newline at end of file + set_target_properties(ottery PROPERTIES COMPILER_FLAGS "-O3") +endif ()
\ No newline at end of file diff --git a/contrib/tweetnacl/CMakeLists.txt b/contrib/tweetnacl/CMakeLists.txt new file mode 100644 index 000000000..ac4f6e806 --- /dev/null +++ b/contrib/tweetnacl/CMakeLists.txt @@ -0,0 +1,8 @@ +cmake_minimum_required(VERSION 2.6) + +set(NACL_SRC tweetnacl.c) + +add_library(tweetnacl STATIC "${NACL_SRC}") +if ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang" OR "${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") + set_target_properties(tweetnacl PROPERTIES COMPILER_FLAGS "-O3") +endif ()
\ No newline at end of file diff --git a/contrib/tweetnacl/tweetnacl.c b/contrib/tweetnacl/tweetnacl.c new file mode 100644 index 000000000..b414ffc25 --- /dev/null +++ b/contrib/tweetnacl/tweetnacl.c @@ -0,0 +1,895 @@ +#include "tweetnacl.h" +#include "config.h" +#define FOR(i,n) for (i = 0;i < n;++i) +#define sv static void + +typedef guint8 u8; +typedef guint32 u32; +typedef guint64 u64; +typedef gint64 i64; +typedef i64 gf[16]; +extern void randombytes(u8 *,u64); + +static const u8 + _0[16], + _9[32] = {9}; +static const gf + gf0, + gf1 = {1}, + _121665 = {0xDB41,1}, + D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203}, + D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406}, + X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169}, + Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666}, + I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83}; + +static u32 L32(u32 x,int c) { return (x << c) | ((x&0xffffffff) >> (32 - c)); } + +static u32 ld32(const u8 *x) +{ + u32 u = x[3]; + u = (u<<8)|x[2]; + u = (u<<8)|x[1]; + return (u<<8)|x[0]; +} + +static u64 dl64(const u8 *x) +{ + u64 i,u=0; + FOR(i,8) u=(u<<8)|x[i]; + return u; +} + +sv st32(u8 *x,u32 u) +{ + unsigned int i; + FOR(i,4) { x[i] = u; u >>= 8; } +} + +sv ts64(u8 *x,u64 u) +{ + int i; + for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; } +} + +static int vn(const u8 *x,const u8 *y,u32 n) +{ + u32 i,d = 0; + FOR(i,n) d |= x[i]^y[i]; + return (1 & ((d - 1) >> 8)) - 1; +} + +int crypto_verify_16(const u8 *x,const u8 *y) +{ + return vn(x,y,16); +} + +int crypto_verify_32(const u8 *x,const u8 *y) +{ + return vn(x,y,32); +} + +sv core(u8 *out,const u8 *in,const u8 *k,const u8 *c,int h) +{ + u32 w[16],x[16],y[16],t[4]; + unsigned int i,j,m; + + FOR(i,4) { + x[5*i] = ld32(c+4*i); + x[1+i] = ld32(k+4*i); + x[6+i] = ld32(in+4*i); + x[11+i] = ld32(k+16+4*i); + } + + FOR(i,16) y[i] = x[i]; + + FOR(i,20) { + FOR(j,4) { + FOR(m,4) t[m] = x[(5*j+4*m)%16]; + t[1] ^= L32(t[0]+t[3], 7); + t[2] ^= L32(t[1]+t[0], 9); + t[3] ^= L32(t[2]+t[1],13); + t[0] ^= L32(t[3]+t[2],18); + FOR(m,4) w[4*j+(j+m)%4] = t[m]; + } + FOR(m,16) x[m] = w[m]; + } + + if (h) { + FOR(i,16) x[i] += y[i]; + FOR(i,4) { + x[5*i] -= ld32(c+4*i); + x[6+i] -= ld32(in+4*i); + } + FOR(i,4) { + st32(out+4*i,x[5*i]); + st32(out+16+4*i,x[6+i]); + } + } else + FOR(i,16) st32(out + 4 * i,x[i] + y[i]); +} + +int crypto_core_salsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c) +{ + core(out,in,k,c,0); + return 0; +} + +int crypto_core_hsalsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c) +{ + core(out,in,k,c,1); + return 0; +} + +static const u8 sigma[16] = "expand 32-byte k"; + +int crypto_stream_salsa20_xor(u8 *c,const u8 *m,u64 b,const u8 *n,const u8 *k) +{ + u8 z[16],x[64]; + u32 u,i; + if (!b) return 0; + FOR(i,16) z[i] = 0; + FOR(i,8) z[i] = n[i]; + while (b >= 64) { + crypto_core_salsa20(x,z,k,sigma); + FOR(i,64) c[i] = (m?m[i]:0) ^ x[i]; + u = 1; + for (i = 8;i < 16;++i) { + u += (u32) z[i]; + z[i] = u; + u >>= 8; + } + b -= 64; + c += 64; + if (m) m += 64; + } + if (b) { + crypto_core_salsa20(x,z,k,sigma); + FOR(i,b) c[i] = (m?m[i]:0) ^ x[i]; + } + return 0; +} + +int crypto_stream_salsa20_xor2(u8 *c1, u8 *c2,const u8 *m1,const u8 *m2,u64 d1,u64 d2,const u8 *n,const u8 *k) +{ + u8 z[16],x[64]; + u32 u,i,j; + u64 b = d1, r = 0; + const u8 *m = m1; + u8 *c = c1; + if (!d1) return 0; + FOR(i,16) z[i] = 0; + FOR(i,8) z[i] = n[i]; + + for(j = 0; j < 2; j ++, m = m2, b = d2, c = c2) { + if (r > 0) { + if (r <= b) { + FOR(i,r) c[i] = (m?m[i]:0) ^ x[i]; + r = 0; + m += r; + b -= r; + } + else { + FOR(i,b) c[i] = (m?m[i]:0) ^ x[i]; + return 0; + } + r = 0; + } + while (b >= 64) { + crypto_core_salsa20(x,z,k,sigma); + FOR(i,64) c[i] = (m?m[i]:0) ^ x[i]; + u = 1; + for (i = 8;i < 16;++i) { + u += (u32) z[i]; + z[i] = u; + u >>= 8; + } + b -= 64; + c += 64; + if (m) m += 64; + } + if (b) { + crypto_core_salsa20(x,z,k,sigma); + FOR(i,b) c[i] = (m?m[i]:0) ^ x[i]; + r = 64 - b; + } + } + return 0; +} + +int crypto_stream_salsa20(u8 *c,u64 d,const u8 *n,const u8 *k) +{ + return crypto_stream_salsa20_xor(c,0,d,n,k); +} + +int crypto_stream(u8 *c,u64 d,const u8 *n,const u8 *k) +{ + u8 s[32]; + crypto_core_hsalsa20(s,n,k,sigma); + return crypto_stream_salsa20(c,d,n+16,s); +} + +int crypto_stream_xor(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) +{ + u8 s[32]; + crypto_core_hsalsa20(s,n,k,sigma); + return crypto_stream_salsa20_xor(c,m,d,n+16,s); +} + +int crypto_stream_xor2(u8 *c1, u8 *c2,const u8 *m1,const u8 *m2,u64 d1,u64 d2,const u8 *n,const u8 *k) +{ + u8 s[32]; + crypto_core_hsalsa20(s,n,k,sigma); + return crypto_stream_salsa20_xor2(c1,c2,m1,m2,d1,d2,n+16,s); +} + +sv add1305(u32 *h,const u32 *c) +{ + u32 j,u = 0; + FOR(j,17) { + u += h[j] + c[j]; + h[j] = u & 255; + u >>= 8; + } +} + +static const u32 minusp[17] = { + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 +} ; + +int crypto_onetimeauth(u8 *out,const u8 *m,u64 n,const u8 *k) +{ + u32 s,i,j,u,x[17],r[17],h[17],c[17],g[17]; + + FOR(j,17) r[j]=h[j]=0; + FOR(j,16) r[j]=k[j]; + r[3]&=15; + r[4]&=252; + r[7]&=15; + r[8]&=252; + r[11]&=15; + r[12]&=252; + r[15]&=15; + + while (n > 0) { + FOR(j,17) c[j] = 0; + for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j]; + c[j] = 1; + m += j; n -= j; + add1305(h,c); + FOR(i,17) { + x[i] = 0; + FOR(j,17) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]); + } + FOR(i,17) h[i] = x[i]; + u = 0; + FOR(j,16) { + u += h[j]; + h[j] = u & 255; + u >>= 8; + } + u += h[16]; h[16] = u & 3; + u = 5 * (u >> 2); + FOR(j,16) { + u += h[j]; + h[j] = u & 255; + u >>= 8; + } + u += h[16]; h[16] = u; + } + + FOR(j,17) g[j] = h[j]; + add1305(h,minusp); + s = -(h[16] >> 7); + FOR(j,17) h[j] ^= s & (g[j] ^ h[j]); + + FOR(j,16) c[j] = k[j + 16]; + c[16] = 0; + add1305(h,c); + FOR(j,16) out[j] = h[j]; + return 0; +} + +int crypto_onetimeauth_verify(const u8 *h,const u8 *m,u64 n,const u8 *k) +{ + u8 x[16]; + crypto_onetimeauth(x,m,n,k); + return crypto_verify_16(h,x); +} + +int crypto_secretbox(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) +{ + unsigned int i; + if (d < crypto_box_ZEROBYTES) return -1; + crypto_stream_xor(c,m,d,n,k); + crypto_onetimeauth(c + crypto_box_BOXZEROBYTES,c + crypto_box_ZEROBYTES, + d - crypto_box_ZEROBYTES,c); + FOR(i,crypto_box_BOXZEROBYTES) c[i] = 0; + return 0; +} + +int crypto_secretbox_detached(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k, u8 *a) +{ + unsigned int i; + volatile u8 mk[crypto_onetimeauth_poly1305_KEYBYTES]; + if (d == 0) return -1; + FOR(i, crypto_onetimeauth_poly1305_KEYBYTES) mk[i] = 0; + crypto_stream_xor2((u8 *)mk,c,(u8 *)mk,m,crypto_onetimeauth_poly1305_KEYBYTES,d,n,k); + crypto_onetimeauth(a,c,d,(const u8*)mk); + /* TODO: add really secure bzero here */ + FOR(i,crypto_onetimeauth_poly1305_KEYBYTES) mk[i] = 0; + return 0; +} + +int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) +{ + unsigned int i; + u8 x[32]; + if (d < crypto_box_ZEROBYTES) return -1; + crypto_stream(x,32,n,k); + if (crypto_onetimeauth_verify(c + crypto_box_BOXZEROBYTES, + c + crypto_box_ZEROBYTES,d - crypto_box_ZEROBYTES,x) != 0) return -1; + crypto_stream_xor(m,c,d,n,k); + FOR(i,crypto_box_ZEROBYTES) m[i] = 0; + return 0; +} + +sv set25519(gf r, const gf a) +{ + unsigned int i; + FOR(i,16) r[i]=a[i]; +} + +sv car25519(gf o) +{ + unsigned int i; + i64 c; + FOR(i,16) { + o[i]+=(1LL<<16); + c=o[i]>>16; + o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15); + o[i]-=c<<16; + } +} + +sv sel25519(gf p,gf q,int b) +{ + i64 t,c=~(b-1); + u64 i; + FOR(i,16) { + t= c&(p[i]^q[i]); + p[i]^=t; + q[i]^=t; + } +} + +sv pack25519(u8 *o,const gf n) +{ + unsigned int i,j; + int b; + gf m,t; + FOR(i,16) t[i]=n[i]; + car25519(t); + car25519(t); + car25519(t); + FOR(j,2) { + m[0]=t[0]-0xffed; + for(i=1;i<15;i++) { + m[i]=t[i]-0xffff-((m[i-1]>>16)&1); + m[i-1]&=0xffff; + } + m[15]=t[15]-0x7fff-((m[14]>>16)&1); + b=(m[15]>>16)&1; + m[14]&=0xffff; + sel25519(t,m,1-b); + } + FOR(i,16) { + o[2*i]=t[i]&0xff; + o[2*i+1]=t[i]>>8; + } +} + +static int neq25519(const gf a, const gf b) +{ + u8 c[32],d[32]; + pack25519(c,a); + pack25519(d,b); + return crypto_verify_32(c,d); +} + +static u8 par25519(const gf a) +{ + u8 d[32]; + pack25519(d,a); + return d[0]&1; +} + +sv unpack25519(gf o, const u8 *n) +{ + unsigned int i; + FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); + o[15]&=0x7fff; +} + +sv A(gf o,const gf a,const gf b) +{ + unsigned int i; + FOR(i,16) o[i]=a[i]+b[i]; +} + +sv Z(gf o,const gf a,const gf b) +{ + unsigned int i; + FOR(i,16) o[i]=a[i]-b[i]; +} + +sv M(gf o,const gf a,const gf b) +{ + i64 t[31]; + u64 i,j; + FOR(i,31) t[i]=0; + FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; + FOR(i,15) t[i]+=38*t[i+16]; + FOR(i,16) o[i]=t[i]; + car25519(o); + car25519(o); +} + +sv S(gf o,const gf a) +{ + M(o,a,a); +} + +sv inv25519(gf o,const gf i) +{ + gf c; + int a; + FOR(a,16) c[a]=i[a]; + for(a=253;a>=0;a--) { + S(c,c); + if(a!=2&&a!=4) M(c,c,i); + } + FOR(a,16) o[a]=c[a]; +} + +sv pow2523(gf o,const gf i) +{ + gf c; + int a; + FOR(a,16) c[a]=i[a]; + for(a=250;a>=0;a--) { + S(c,c); + if(a!=1) M(c,c,i); + } + FOR(a,16) o[a]=c[a]; +} + +int crypto_scalarmult(u8 *q,const u8 *n,const u8 *p) +{ + u8 z[32]; + i64 x[80],r,i; + gf a,b,c,d,e,f; + FOR(i,31) z[i]=n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + FOR(i,16) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; + } + a[0]=d[0]=1; + for(i=254;i>=0;--i) { + r=(z[i>>3]>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); + } + FOR(i,16) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; + } + inv25519(x+32,x+32); + M(x+16,x+16,x+32); + pack25519(q,x+16); + return 0; +} + +int crypto_scalarmult_base(u8 *q,const u8 *n) +{ + return crypto_scalarmult(q,n,_9); +} + +int crypto_box_keypair(u8 *y,u8 *x) +{ + randombytes(x,32); + return crypto_scalarmult_base(y,x); +} + +int crypto_box_beforenm(u8 *k,const u8 *y,const u8 *x) +{ + u8 s[32]; + crypto_scalarmult(s,x,y); + return crypto_core_hsalsa20(k,_0,s,sigma); +} + +int crypto_box_afternm(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) +{ + return crypto_secretbox(c,m,d,n,k); +} + +int crypto_box_afternm_detached(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k, u8 *a) +{ + return crypto_secretbox_detached(c,m,d,n,k,a); +} + +int crypto_box_open_afternm(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) +{ + return crypto_secretbox_open(m,c,d,n,k); +} + +int crypto_box(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x) +{ + u8 k[32]; + crypto_box_beforenm(k,y,x); + return crypto_box_afternm(c,m,d,n,k); +} + +int crypto_box_detached(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x,u8 *a) +{ + u8 k[32]; + crypto_box_beforenm(k,y,x); + return crypto_box_afternm_detached(c,m,d,n,k,a); +} + +int crypto_box_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *y,const u8 *x) +{ + u8 k[32]; + crypto_box_beforenm(k,y,x); + return crypto_box_open_afternm(m,c,d,n,k); +} + +static u64 R(u64 x,int c) { return (x >> c) | (x << (64 - c)); } +static u64 Ch(u64 x,u64 y,u64 z) { return (x & y) ^ (~x & z); } +static u64 Maj(u64 x,u64 y,u64 z) { return (x & y) ^ (x & z) ^ (y & z); } +static u64 Sigma0(u64 x) { return R(x,28) ^ R(x,34) ^ R(x,39); } +static u64 Sigma1(u64 x) { return R(x,14) ^ R(x,18) ^ R(x,41); } +static u64 sigma0(u64 x) { return R(x, 1) ^ R(x, 8) ^ (x >> 7); } +static u64 sigma1(u64 x) { return R(x,19) ^ R(x,61) ^ (x >> 6); } + +static const u64 K[80] = +{ + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +int crypto_hashblocks(u8 *x,const u8 *m,u64 n) +{ + u64 z[8],b[8],a[8],w[16],t; + int i,j; + + FOR(i,8) z[i] = a[i] = dl64(x + 8 * i); + + while (n >= 128) { + FOR(i,16) w[i] = dl64(m + 8 * i); + + FOR(i,80) { + FOR(j,8) b[j] = a[j]; + t = a[7] + Sigma1(a[4]) + Ch(a[4],a[5],a[6]) + K[i] + w[i%16]; + b[7] = t + Sigma0(a[0]) + Maj(a[0],a[1],a[2]); + b[3] += t; + FOR(j,8) a[(j+1)%8] = b[j]; + if (i%16 == 15) + FOR(j,16) + w[j] += w[(j+9)%16] + sigma0(w[(j+1)%16]) + sigma1(w[(j+14)%16]); + } + + FOR(i,8) { a[i] += z[i]; z[i] = a[i]; } + + m += 128; + n -= 128; + } + + FOR(i,8) ts64(x+8*i,z[i]); + + return n; +} + +static const u8 iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +int crypto_hash(u8 *out,const u8 *m,u64 n) +{ + u8 h[64],x[256]; + u64 i,b = n; + + FOR(i,64) h[i] = iv[i]; + + crypto_hashblocks(h,m,n); + m += n; + n &= 127; + m -= n; + + FOR(i,256) x[i] = 0; + FOR(i,n) x[i] = m[i]; + x[n] = 128; + + n = 256-128*(n<112); + x[n-9] = b >> 61; + ts64(x+n-8,b<<3); + crypto_hashblocks(h,x,n); + + FOR(i,64) out[i] = h[i]; + + return 0; +} + +sv add(gf p[4],gf q[4]) +{ + gf a,b,c,d,t,e,f,g,h; + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); + + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); +} + +sv cswap(gf p[4],gf q[4],u8 b) +{ + int i; + FOR(i,4) + sel25519(p[i],q[i],b); +} + +sv pack(u8 *r,gf p[4]) +{ + gf tx, ty, zi; + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; +} + +sv scalarmult(gf p[4],gf q[4],const u8 *s) +{ + int i; + set25519(p[0],gf0); + set25519(p[1],gf1); + set25519(p[2],gf1); + set25519(p[3],gf0); + for (i = 255;i >= 0;--i) { + u8 b = (s[i/8]>>(i&7))&1; + cswap(p,q,b); + add(q,p); + add(p,p); + cswap(p,q,b); + } +} + +sv scalarbase(gf p[4],const u8 *s) +{ + gf q[4]; + set25519(q[0],X); + set25519(q[1],Y); + set25519(q[2],gf1); + M(q[3],X,Y); + scalarmult(p,q,s); +} + +int crypto_sign_keypair(u8 *pk, u8 *sk) +{ + u8 d[64]; + gf p[4]; + int i; + + randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + + scalarbase(p,d); + pack(pk,p); + + FOR(i,32) sk[32 + i] = pk[i]; + return 0; +} + +static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10}; + +sv modL(u8 *r,i64 x[64]) +{ + i64 carry,i,j; + for (i = 63;i >= 32;--i) { + carry = 0; + for (j = i - 32;j < i - 12;++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = (x[j] + 128) >> 8; + x[j] -= carry << 8; + } + x[j] += carry; + x[i] = 0; + } + carry = 0; + FOR(j,32) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + FOR(j,32) x[j] -= carry * L[j]; + FOR(i,32) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; + } +} + +sv reduce(u8 *r) +{ + i64 x[64],i; + FOR(i,64) x[i] = (u64) r[i]; + FOR(i,64) r[i] = 0; + modL(r,x); +} + +int crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 n,const u8 *sk) +{ + u8 d[64],h[64],r[64]; + i64 x[64]; + u64 i, j; + gf p[4]; + + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + + *smlen = n+64; + FOR(i,n) sm[64 + i] = m[i]; + FOR(i,32) sm[32 + i] = d[32 + i]; + + crypto_hash(r, sm+32, n+32); + reduce(r); + scalarbase(p,r); + pack(sm,p); + + FOR(i,32) sm[i+32] = sk[i+32]; + crypto_hash(h,sm,n + 64); + reduce(h); + + FOR(i,64) x[i] = 0; + FOR(i,32) x[i] = (u64) r[i]; + FOR(i,32) FOR(j,32) x[i+j] += h[i] * (u64) d[j]; + modL(sm + 32,x); + + return 0; +} + +static int unpackneg(gf r[4],const u8 p[32]) +{ + gf t, chk, num, den, den2, den4, den6; + set25519(r[2],gf1); + unpack25519(r[1],p); + S(num,r[1]); + M(den,num,D); + Z(num,num,r[2]); + A(den,r[2],den); + + S(den2,den); + S(den4,den2); + M(den6,den4,den2); + M(t,den6,num); + M(t,t,den); + + pow2523(t,t); + M(t,t,num); + M(t,t,den); + M(t,t,den); + M(r[0],t,den); + + S(chk,r[0]); + M(chk,chk,den); + if (neq25519(chk, num)) M(r[0],r[0],I); + + S(chk,r[0]); + M(chk,chk,den); + if (neq25519(chk, num)) return -1; + + if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]); + + M(r[3],r[0],r[1]); + return 0; +} + +int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk) +{ + u64 i; + u8 t[32],h[64]; + gf p[4],q[4]; + + *mlen = -1; + if (n < 64) return -1; + + if (unpackneg(q,pk)) return -1; + + FOR(i,n) m[i] = sm[i]; + FOR(i,32) m[i+32] = pk[i]; + crypto_hash(h,m,n); + reduce(h); + scalarmult(p,q,h); + + scalarbase(q,sm + 32); + add(p,q); + pack(t,p); + + n -= 64; + if (crypto_verify_32(sm, t)) { + FOR(i,n) m[i] = 0; + return -1; + } + + FOR(i,n) m[i] = sm[i + 64]; + *mlen = n; + return 0; +} diff --git a/contrib/tweetnacl/tweetnacl.h b/contrib/tweetnacl/tweetnacl.h new file mode 100644 index 000000000..59fa902e0 --- /dev/null +++ b/contrib/tweetnacl/tweetnacl.h @@ -0,0 +1,277 @@ +#include "config.h" + +#ifndef TWEETNACL_H +#define TWEETNACL_H +#define crypto_auth_PRIMITIVE "hmacsha512256" +#define crypto_auth crypto_auth_hmacsha512256 +#define crypto_auth_verify crypto_auth_hmacsha512256_verify +#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES +#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES +#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION +#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION +#define crypto_auth_hmacsha512256_tweet_BYTES 32 +#define crypto_auth_hmacsha512256_tweet_KEYBYTES 32 +extern int crypto_auth_hmacsha512256_tweet(guchar *,const guchar *,guint64,const guchar *); +extern int crypto_auth_hmacsha512256_tweet_verify(const guchar *,const guchar *,guint64,const guchar *); +#define crypto_auth_hmacsha512256_tweet_VERSION "-" +#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet +#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify +#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_tweet_BYTES +#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_tweet_KEYBYTES +#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_tweet_VERSION +#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/tweet" +#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305" +#define crypto_box crypto_box_curve25519xsalsa20poly1305 +#define crypto_box_detached crypto_box_curve25519xsalsa20poly1305_detached +#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open +#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair +#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm +#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm +#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm +#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES +#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES +#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES +#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES +#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES +#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES +#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION +#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION +#define crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES 32 +#define crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES 32 +#define crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES 32 +#define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24 +#define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 16 +#define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 0 +extern int crypto_box_curve25519xsalsa20poly1305_tweet(guchar *,const guchar *,guint64,const guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_detached(guchar *,const guchar *,guint64,const guchar *,const guchar *,const guchar *, guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(guchar *,const guchar *,guint64,const guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(guchar *,guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(guchar *,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(guchar *,const guchar *,guint64,const guchar *,const guchar *); +extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(guchar *,const guchar *,guint64,const guchar *,const guchar *); +#define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-" +#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet +#define crypto_box_curve25519xsalsa20poly1305_detached crypto_box_curve25519xsalsa20poly1305_tweet_detached +#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open +#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_tweet_keypair +#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_tweet_beforenm +#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_tweet_afternm +#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm +#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES +#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES +#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES +#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES +#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES +#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES +#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_tweet_VERSION +#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/tweet" +#define crypto_core_PRIMITIVE "salsa20" +#define crypto_core crypto_core_salsa20 +#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES +#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES +#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES +#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES +#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION +#define crypto_core_VERSION crypto_core_salsa20_VERSION +#define crypto_core_salsa20_tweet_OUTPUTBYTES 64 +#define crypto_core_salsa20_tweet_INPUTBYTES 16 +#define crypto_core_salsa20_tweet_KEYBYTES 32 +#define crypto_core_salsa20_tweet_CONSTBYTES 16 +extern int crypto_core_salsa20_tweet(guchar *,const guchar *,const guchar *,const guchar *); +#define crypto_core_salsa20_tweet_VERSION "-" +#define crypto_core_salsa20 crypto_core_salsa20_tweet +#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES +#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_tweet_INPUTBYTES +#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_tweet_KEYBYTES +#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_tweet_CONSTBYTES +#define crypto_core_salsa20_VERSION crypto_core_salsa20_tweet_VERSION +#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/tweet" +#define crypto_core_hsalsa20_tweet_OUTPUTBYTES 32 +#define crypto_core_hsalsa20_tweet_INPUTBYTES 16 +#define crypto_core_hsalsa20_tweet_KEYBYTES 32 +#define crypto_core_hsalsa20_tweet_CONSTBYTES 16 +extern int crypto_core_hsalsa20_tweet(guchar *,const guchar *,const guchar *,const guchar *); +#define crypto_core_hsalsa20_tweet_VERSION "-" +#define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet +#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES +#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_tweet_INPUTBYTES +#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_tweet_KEYBYTES +#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_tweet_CONSTBYTES +#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_tweet_VERSION +#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/tweet" +#define crypto_hashblocks_PRIMITIVE "sha512" +#define crypto_hashblocks crypto_hashblocks_sha512 +#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES +#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES +#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION +#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION +#define crypto_hashblocks_sha512_tweet_STATEBYTES 64 +#define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128 +extern int crypto_hashblocks_sha512_tweet(guchar *,const guchar *,guint64); +#define crypto_hashblocks_sha512_tweet_VERSION "-" +#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet +#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES +#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_tweet_BLOCKBYTES +#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_tweet_VERSION +#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet" +#define crypto_hashblocks_sha256_tweet_STATEBYTES 32 +#define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64 +extern int crypto_hashblocks_sha256_tweet(guchar *,const guchar *,guint64); +#define crypto_hashblocks_sha256_tweet_VERSION "-" +#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet +#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES +#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_tweet_BLOCKBYTES +#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_tweet_VERSION +#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/tweet" +#define crypto_hash_PRIMITIVE "sha512" +#define crypto_hash crypto_hash_sha512 +#define crypto_hash_BYTES crypto_hash_sha512_BYTES +#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION +#define crypto_hash_VERSION crypto_hash_sha512_VERSION +#define crypto_hash_sha512_tweet_BYTES 64 +extern int crypto_hash_sha512_tweet(guchar *,const guchar *,guint64); +#define crypto_hash_sha512_tweet_VERSION "-" +#define crypto_hash_sha512 crypto_hash_sha512_tweet +#define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES +#define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION +#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet" +#define crypto_hash_sha256_tweet_BYTES 32 +extern int crypto_hash_sha256_tweet(guchar *,const guchar *,guint64); +#define crypto_hash_sha256_tweet_VERSION "-" +#define crypto_hash_sha256 crypto_hash_sha256_tweet +#define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES +#define crypto_hash_sha256_VERSION crypto_hash_sha256_tweet_VERSION +#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/tweet" +#define crypto_onetimeauth_PRIMITIVE "poly1305" +#define crypto_onetimeauth crypto_onetimeauth_poly1305 +#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify +#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES +#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES +#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION +#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION +#define crypto_onetimeauth_poly1305_tweet_BYTES 16 +#define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32 +extern int crypto_onetimeauth_poly1305_tweet(guchar *,const guchar *,guint64,const guchar *); +extern int crypto_onetimeauth_poly1305_tweet_verify(const guchar *,const guchar *,guint64,const guchar *); +#define crypto_onetimeauth_poly1305_tweet_VERSION "-" +#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet +#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify +#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_tweet_BYTES +#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_tweet_KEYBYTES +#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_tweet_VERSION +#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/tweet" +#define crypto_scalarmult_PRIMITIVE "curve25519" +#define crypto_scalarmult crypto_scalarmult_curve25519 +#define crypto_scalarmult_base crypto_scalarmult_curve25519_base +#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES +#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES +#define crypto_scalarmult_IMPLEMENTATION crypto_scalarmult_curve25519_IMPLEMENTATION +#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION +#define crypto_scalarmult_curve25519_tweet_BYTES 32 +#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32 +extern int crypto_scalarmult_curve25519_tweet(guchar *,const guchar *,const guchar *); +extern int crypto_scalarmult_curve25519_tweet_base(guchar *,const guchar *); +#define crypto_scalarmult_curve25519_tweet_VERSION "-" +#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet +#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base +#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_tweet_BYTES +#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_tweet_SCALARBYTES +#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_tweet_VERSION +#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/tweet" +#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305" +#define crypto_secretbox crypto_secretbox_xsalsa20poly1305 +#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open +#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES +#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES +#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES +#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES +#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION +#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION +#define crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES 32 +#define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24 +#define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32 +#define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16 +extern int crypto_secretbox_xsalsa20poly1305_tweet(guchar *,const guchar *,guint64,const guchar *,const guchar *); +extern int crypto_secretbox_xsalsa20poly1305_tweet_open(guchar *,const guchar *,guint64,const guchar *,const guchar *); +#define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-" +#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet +#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open +#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES +#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES +#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES +#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES +#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_tweet_VERSION +#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/tweet" +#define crypto_sign_PRIMITIVE "ed25519" +#define crypto_sign crypto_sign_ed25519 +#define crypto_sign_open crypto_sign_ed25519_open +#define crypto_sign_keypair crypto_sign_ed25519_keypair +#define crypto_sign_BYTES crypto_sign_ed25519_BYTES +#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES +#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES +#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION +#define crypto_sign_VERSION crypto_sign_ed25519_VERSION +#define crypto_sign_ed25519_tweet_BYTES 64 +#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32 +#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64 +extern int crypto_sign_ed25519_tweet(guchar *,guint64 *,const guchar *,guint64,const guchar *); +extern int crypto_sign_ed25519_tweet_open(guchar *,guint64 *,const guchar *,guint64,const guchar *); +extern int crypto_sign_ed25519_tweet_keypair(guchar *,guchar *); +#define crypto_sign_ed25519_tweet_VERSION "-" +#define crypto_sign_ed25519 crypto_sign_ed25519_tweet +#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open +#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair +#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES +#define crypto_sign_ed25519_PUBLICKEYBYTES crypto_sign_ed25519_tweet_PUBLICKEYBYTES +#define crypto_sign_ed25519_SECRETKEYBYTES crypto_sign_ed25519_tweet_SECRETKEYBYTES +#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION +#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet" +#define crypto_stream_PRIMITIVE "xsalsa20" +#define crypto_stream crypto_stream_xsalsa20 +#define crypto_stream_xor crypto_stream_xsalsa20_xor +#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES +#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES +#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION +#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION +#define crypto_stream_xsalsa20_tweet_KEYBYTES 32 +#define crypto_stream_xsalsa20_tweet_NONCEBYTES 24 +extern int crypto_stream_xsalsa20_tweet(guchar *,guint64,const guchar *,const guchar *); +extern int crypto_stream_xsalsa20_tweet_xor(guchar *,const guchar *,guint64,const guchar *,const guchar *); +#define crypto_stream_xsalsa20_tweet_VERSION "-" +#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet +#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor +#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_tweet_KEYBYTES +#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_tweet_NONCEBYTES +#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_tweet_VERSION +#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet" +#define crypto_stream_salsa20_tweet_KEYBYTES 32 +#define crypto_stream_salsa20_tweet_NONCEBYTES 8 +extern int crypto_stream_salsa20_tweet(guchar *,guint64,const guchar *,const guchar *); +extern int crypto_stream_salsa20_tweet_xor(guchar *,const guchar *,guint64,const guchar *,const guchar *); +#define crypto_stream_salsa20_tweet_VERSION "-" +#define crypto_stream_salsa20 crypto_stream_salsa20_tweet +#define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor +#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_tweet_KEYBYTES +#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_tweet_NONCEBYTES +#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_tweet_VERSION +#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/tweet" +#define crypto_verify_PRIMITIVE "16" +#define crypto_verify crypto_verify_16 +#define crypto_verify_BYTES crypto_verify_16_BYTES +#define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION +#define crypto_verify_VERSION crypto_verify_16_VERSION +#define crypto_verify_16_tweet_BYTES 16 +extern int crypto_verify_16_tweet(const guchar *,const guchar *); +#define crypto_verify_16_tweet_VERSION "-" +#define crypto_verify_16 crypto_verify_16_tweet +#define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES +#define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION +#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet" +#define crypto_verify_32_tweet_BYTES 32 +extern int crypto_verify_32_tweet(const guchar *,const guchar *); +#define crypto_verify_32_tweet_VERSION "-" +#define crypto_verify_32 crypto_verify_32_tweet +#define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES +#define crypto_verify_32_VERSION crypto_verify_32_tweet_VERSION +#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/tweet" +#endif diff --git a/src/libutil/CMakeLists.txt b/src/libutil/CMakeLists.txt index 655b34487..ddfb5cf30 100644 --- a/src/libutil/CMakeLists.txt +++ b/src/libutil/CMakeLists.txt @@ -33,6 +33,7 @@ TARGET_LINK_LIBRARIES(rspamd-util event) TARGET_LINK_LIBRARIES(rspamd-util xxhash) TARGET_LINK_LIBRARIES(rspamd-util siphash) TARGET_LINK_LIBRARIES(rspamd-util blake2) +TARGET_LINK_LIBRARIES(rspamd-util tweetnacl) TARGET_LINK_LIBRARIES(rspamd-util rdns) IF(OPENSSL_FOUND) TARGET_LINK_LIBRARIES(rspamd-util ${OPENSSL_LIBRARIES}) diff --git a/src/libutil/http.c b/src/libutil/http.c index 5a597fbd2..74474365b 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -28,15 +28,28 @@ #include "printf.h" #include "logger.h" #include "ref.h" +#include "tweetnacl.h" +#include "blake2.h" +#include "ottery.h" #include <limits.h> +struct rspamd_http_keypair { + guchar pk[crypto_box_PUBLICKEYBYTES]; + guchar sk[crypto_box_SECRETKEYBYTES]; + guchar id[BLAKE2B_OUTBYTES]; + ref_entry_t ref; +}; + struct rspamd_http_connection_private { struct _rspamd_http_privbuf { GString *data; ref_entry_t ref; } *buf; gboolean new_header; + gboolean encrypted; + struct rspamd_http_keypair *local_key; + GString *peer_key; struct rspamd_http_header *header; struct http_parser parser; struct http_parser_settings parser_cb; @@ -71,9 +84,11 @@ static const struct _rspamd_http_magic { [HTTP_MAGIC_JPG] = { "jpg", "image/jpeg" }, }; -static gchar *http_week[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; -static gchar *http_month[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", +static const gchar *http_week[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; +static const gchar *http_month[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; +static const gchar *key_header = "Key"; +static const gchar *date_header = "Date"; #define HTTP_ERROR http_error_quark () @@ -387,13 +402,46 @@ rspamd_http_parse_date (const gchar *header, gsize len) return (time_t) time; } +static void +rspamd_http_parse_key (GString *data, struct rspamd_http_connection_private *priv) +{ + guchar *decoded; + gsize decoded_len; + + if (priv->local_key == NULL) { + /* In this case we cannot do anything, e.g. we cannot decrypt payload */ + priv->encrypted = TRUE; + } + else { + /* Check sanity of what we have */ + decoded = rspamd_decode_base32 (data->str, data->len, &decoded_len); + if (decoded != NULL) { + if (decoded_len >= sizeof (priv->local_key->id) + + sizeof (priv->local_key->pk)) { + if (memcmp (priv->local_key->id, decoded, + sizeof (priv->local_key->id)) == 0) { + priv->peer_key = g_string_sized_new (sizeof (priv->local_key->pk)); + g_string_append_len (priv->peer_key, + decoded + sizeof (priv->local_key->id), + sizeof (priv->local_key->pk)); + } + } + } + priv->encrypted = TRUE; + g_free (decoded); + } +} + static inline void -rspamd_http_check_date (struct rspamd_http_connection_private *priv) +rspamd_http_check_special_header (struct rspamd_http_connection_private *priv) { - if (g_ascii_strcasecmp (priv->header->name->str, "date") == 0) { + if (g_ascii_strcasecmp (priv->header->name->str, date_header) == 0) { priv->msg->date = rspamd_http_parse_date (priv->header->value->str, priv->header->value->len); } + else if (g_ascii_strcasecmp (priv->header->name->str, key_header) == 0) { + rspamd_http_parse_key (priv->header->value, priv); + } } static gint @@ -447,7 +495,7 @@ rspamd_http_on_header_field (http_parser * parser, } else if (priv->new_header) { DL_APPEND (priv->msg->headers, priv->header); - rspamd_http_check_date (priv); + rspamd_http_check_special_header (priv); priv->header = g_slice_alloc (sizeof (struct rspamd_http_header)); priv->header->name = g_string_sized_new (32); priv->header->value = g_string_sized_new (32); @@ -492,7 +540,7 @@ rspamd_http_on_headers_complete (http_parser * parser) if (priv->header != NULL) { DL_APPEND (priv->msg->headers, priv->header); - rspamd_http_check_date (priv); + rspamd_http_check_special_header (priv); priv->header = NULL; } @@ -520,7 +568,8 @@ rspamd_http_on_body (http_parser * parser, const gchar *at, size_t length) g_string_append_len (priv->msg->body, at, length); - if (conn->opts & RSPAMD_HTTP_BODY_PARTIAL) { + if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) && !priv->encrypted) { + /* Incremental update is basically impossible for encrypted requests */ return (conn->body_handler (conn, priv->msg, at, length)); } @@ -534,18 +583,57 @@ rspamd_http_on_message_complete (http_parser * parser) (struct rspamd_http_connection *)parser->data; struct rspamd_http_connection_private *priv; int ret = 0; + guchar *nonce, *m; + gsize dec_len; + GError *err; priv = conn->priv; if (conn->body_handler != NULL) { - rspamd_http_connection_ref (conn); - if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0) { + + if (priv->encrypted) { + if (priv->local_key == NULL || priv->peer_key == NULL || + priv->msg->body->len < crypto_box_NONCEBYTES + crypto_box_ZEROBYTES) { + err = g_error_new (HTTP_ERROR, 500, "Cannot decrypt message"); + rspamd_http_connection_ref (conn); + conn->error_handler (conn, err); + rspamd_http_connection_unref (conn); + g_error_free (err); + return -1; + } + /* We have keys, so we can decrypt message */ + /* TODO: add pubkey<->privkey pairs to LRU cache */ + nonce = priv->msg->body->str; + m = priv->msg->body->str + crypto_box_NONCEBYTES; + dec_len = priv->msg->body->len - crypto_box_NONCEBYTES; + + if (crypto_box_open (m + crypto_box_ZEROBYTES, m, dec_len, nonce, + priv->peer_key->str, priv->local_key->sk) != 0) { + err = g_error_new (HTTP_ERROR, 500, "Cannot verify encrypted message"); + rspamd_http_connection_ref (conn); + conn->error_handler (conn, err); + rspamd_http_connection_unref (conn); + g_error_free (err); + return -1; + } + m += crypto_box_ZEROBYTES; + dec_len -= crypto_box_ZEROBYTES; + + rspamd_http_connection_ref (conn); + ret = conn->body_handler (conn, + priv->msg, + m, + dec_len); + rspamd_http_connection_unref (conn); + } + else if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0) { + rspamd_http_connection_ref (conn); ret = conn->body_handler (conn, priv->msg, priv->msg->body->str, priv->msg->body->len); + rspamd_http_connection_unref (conn); } - rspamd_http_connection_unref (conn); } if (ret == 0) { @@ -821,6 +909,11 @@ rspamd_http_connection_reset (struct rspamd_http_connection *conn) REF_RELEASE (priv->buf); } + if (priv->peer_key != NULL) { + g_string_free (priv->peer_key, TRUE); + } + priv->encrypted = FALSE; + rspamd_http_parser_reset (conn); if (priv->out != NULL) { @@ -836,6 +929,11 @@ rspamd_http_connection_free (struct rspamd_http_connection *conn) priv = conn->priv; rspamd_http_connection_reset (conn); + + if (priv->local_key) { + REF_RELEASE (priv->local_key); + } + g_slice_free1 (sizeof (struct rspamd_http_connection_private), priv); g_slice_free1 (sizeof (struct rspamd_http_connection), conn); } @@ -889,6 +987,10 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, gint i; gsize bodylen; GString *buf; + gboolean encrypted = FALSE; + gchar *b32_key, *b32_id; + guchar nonce[crypto_box_NONCEBYTES], mac[crypto_box_ZEROBYTES], id[BLAKE2B_OUTBYTES]; + guchar *np, *mp; conn->fd = fd; conn->ud = ud; @@ -931,6 +1033,15 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, return; } + if (priv->local_key != NULL && priv->peer_key != NULL) { + encrypted = TRUE; + } + + if (encrypted) { + priv->outlen += 2; + bodylen += crypto_box_NONCEBYTES + crypto_box_ZEROBYTES; + } + if (conn->type == RSPAMD_HTTP_SERVER) { /* Format reply */ if (msg->method < HTTP_SYMBOLS) { @@ -985,6 +1096,16 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, host != NULL ? host : msg->host->str, bodylen); } + if (encrypted) { + blake2b (id, priv->local_key->pk, NULL, sizeof (id), + sizeof (priv->local_key->pk), 0); + b32_key = rspamd_encode_base32 (priv->local_key->pk, + sizeof (priv->local_key->pk)); + b32_id = rspamd_encode_base32 (id, sizeof (id)); + rspamd_printf_gstring (buf, "Key: %s%s\r\n", b32_id, b32_key); + g_free (b32_key); + g_free (b32_id); + } } /* Allocate iov */ priv->wr_total = bodylen + buf->len + 2; @@ -999,7 +1120,19 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, /* Now set up all iov */ priv->out[0].iov_base = buf->str; - priv->out[0].iov_len = buf->len; + if (!encrypted) { + priv->out[0].iov_len = buf->len; + } + else { + ottery_rand_bytes (nonce, sizeof (nonce)); + memset (mac, 0, sizeof (mac)); + np = buf->str + buf->len; + g_string_append_len (buf, nonce, sizeof (nonce)); + mp = buf->str + buf->len; + g_string_append_len (buf, mac, sizeof (mac)); + priv->out[0].iov_len = buf->len - sizeof (nonce) - sizeof (mac); + } + i = 1; LL_FOREACH (msg->headers, hdr) { @@ -1021,8 +1154,21 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, priv->wr_total -= 2; } if (msg->body != NULL) { - priv->out[i].iov_base = pbody; - priv->out[i++].iov_len = bodylen; + if (encrypted) { + crypto_box_detached (pbody, pbody, + bodylen - sizeof (nonce) - sizeof (mac), np, + priv->peer_key->str, priv->local_key->sk, mp); + priv->out[i].iov_base = np; + priv->out[i++].iov_len = sizeof (nonce); + priv->out[i].iov_base = mp; + priv->out[i++].iov_len = sizeof (mac); + priv->out[i].iov_base = pbody; + priv->out[i++].iov_len = bodylen; + } + else { + priv->out[i].iov_base = pbody; + priv->out[i++].iov_len = bodylen; + } } event_set (&priv->ev, fd, EV_WRITE, rspamd_http_event_handler, conn); @@ -1482,3 +1628,70 @@ rspamd_http_router_free (struct rspamd_http_connection_router *router) g_slice_free1 (sizeof (struct rspamd_http_connection_router), router); } } + +static void +rspamd_http_keypair_dtor (struct rspamd_http_keypair *kp) +{ + g_slice_free1 (sizeof (*kp), kp); +} + +gpointer +rspamd_http_connection_make_key (gchar *key, gsize keylen) +{ + guchar *decoded; + gsize decoded_len; + struct rspamd_http_keypair *kp; + + decoded = rspamd_decode_base32 (key, keylen, &decoded_len); + + if (decoded != NULL) { + if (decoded_len == crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES) { + kp = g_slice_alloc (sizeof (*kp)); + REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor); + memcpy (kp->sk, decoded, crypto_box_SECRETKEYBYTES); + memcpy (kp->pk, decoded + crypto_box_SECRETKEYBYTES, + crypto_box_PUBLICKEYBYTES); + blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0); + + return (gpointer)kp; + } + g_free (decoded); + } + + return FALSE; +} + +gpointer +rspamd_http_connection_gen_key (void) +{ + struct rspamd_http_keypair *kp; + + kp = g_slice_alloc (sizeof (*kp)); + REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor); + + crypto_box_keypair (kp->pk, kp->sk); + blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0); + + return (gpointer)kp; +} + +void +rspamd_http_connection_set_key (struct rspamd_http_connection *conn, + gpointer key) +{ + struct rspamd_http_connection_private *priv = conn->priv; + struct rspamd_http_keypair *kp = (struct rspamd_http_keypair *)key; + + g_assert (key != NULL); + REF_RETAIN (kp); + priv->local_key = kp; +} + +void +rspamd_http_connection_key_destroy (gpointer key) +{ + struct rspamd_http_keypair *kp = (struct rspamd_http_keypair *)key; + + g_assert (key != NULL); + REF_RELEASE (kp); +} diff --git a/src/libutil/http.h b/src/libutil/http.h index c6fcf0b83..d88424626 100644 --- a/src/libutil/http.h +++ b/src/libutil/http.h @@ -70,7 +70,8 @@ struct rspamd_http_message { */ enum rspamd_http_options { RSPAMD_HTTP_BODY_PARTIAL = 0x1, /**< Call body handler on all body data portions */ - RSPAMD_HTTP_CLIENT_SIMPLE = 0x2 /**< Read HTTP client reply automatically */ + RSPAMD_HTTP_CLIENT_SIMPLE = 0x2, /**< Read HTTP client reply automatically */ + RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x4 /**< Encrypt data for client */ }; struct rspamd_http_connection_private; @@ -147,6 +148,33 @@ struct rspamd_http_connection * rspamd_http_connection_new ( enum rspamd_http_connection_type type); /** + * Load the encryption keypair + * @param key base32 encoded privkey and pubkey (in that order) + * @param keylen length of base32 string + * @return opaque pointer pr NULL in case of error + */ +gpointer rspamd_http_connection_make_key (gchar *key, gsize keylen); + +/** + * Generate the encryption keypair + * @return opaque pointer pr NULL in case of error + */ +gpointer rspamd_http_connection_gen_key (void); + +/** + * Set key pointed by an opaque pointer + * @param conn connection structure + * @param key opaque key structure + */ +void rspamd_http_connection_set_key (struct rspamd_http_connection *conn, + gpointer key); +/** + * Release key pointed by an opaque pointer + * @param key opaque key structure + */ +void rspamd_http_connection_key_destroy (gpointer key); + +/** * Handle a request using socket fd and user data ud * @param conn connection structure * @param ud opaque user data diff --git a/src/libutil/util.c b/src/libutil/util.c index 1b0e08b9f..ada373eb1 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -31,6 +31,7 @@ #include "message.h" #include "xxhash.h" +#include "ottery.h" #ifdef HAVE_OPENSSL #include <openssl/rand.h> @@ -2115,3 +2116,84 @@ rspamd_encode_base32 (guchar *in, gsize inlen) return out; } + +static const guchar b32_dec[] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x12, 0xff, 0x19, 0x1a, 0x1b, 0x1e, 0x1d, + 0x07, 0x1f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x18, 0x01, 0x0c, 0x03, 0x08, 0x05, 0x06, + 0x1c, 0x15, 0x09, 0x0a, 0xff, 0x0b, 0x02, 0x10, + 0x0d, 0x0e, 0x04, 0x16, 0x11, 0x13, 0xff, 0x14, + 0x0f, 0x00, 0x17, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x18, 0x01, 0x0c, 0x03, 0x08, 0x05, 0x06, + 0x1c, 0x15, 0x09, 0x0a, 0xff, 0x0b, 0x02, 0x10, + 0x0d, 0x0e, 0x04, 0x16, 0x11, 0x13, 0xff, 0x14, + 0x0f, 0x00, 0x17, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff +}; + +guchar* +rspamd_decode_base32 (gchar *in, gsize inlen, gsize *outlen) +{ + guchar *res, decoded; + guchar c; + guint acc = 0U; + guint processed_bits = 0; + gsize olen = 0, i, allocated_len = inlen * 8 / 5 + 1; + + res = g_malloc (allocated_len); + + for (i = 0; i < inlen; i ++) { + c = (guchar)in[i]; + + if (processed_bits >= 8) { + processed_bits -= 8; + res[olen++] = acc & 0xFF; + acc >>= 8; + } + + decoded = b32_dec[c]; + if (decoded == 0xff) { + g_free (res); + return NULL; + } + + acc = (decoded << processed_bits) | acc; + processed_bits += 5; + } + + if (processed_bits > 0) { + res[olen++] = (acc & 0xFF); + } + + *outlen = olen; + + return res; +} + +/* Required for tweetnacl */ +void +randombytes (guchar *buf, guint64 len) +{ + ottery_rand_bytes (buf, (size_t)len); +} diff --git a/src/libutil/util.h b/src/libutil/util.h index 62a28d474..23964fc07 100644 --- a/src/libutil/util.h +++ b/src/libutil/util.h @@ -426,4 +426,12 @@ void rspamd_ucl_emit_gstring (ucl_object_t *obj, */ gchar * rspamd_encode_base32 (guchar *in, gsize inlen); +/** + * Decode string using base32 encoding + * @param in input + * @param inlen input length + * @return freshly allocated base32 decoded value or NULL if input is invalid + */ +guchar* rspamd_decode_base32 (gchar *in, gsize inlen, gsize *outlen); + #endif |