aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-05-19 15:42:02 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-05-19 15:42:02 +0100
commit8fb0982059b332bb0eab66ab11b74c52047f73ea (patch)
tree71ddd49cc8b588eb629f1cf142d293bad4356c99
parent2013b2d0919a45ae8a8297a8ba7eafd72f410d5c (diff)
downloadrspamd-8fb0982059b332bb0eab66ab11b74c52047f73ea.tar.gz
rspamd-8fb0982059b332bb0eab66ab11b74c52047f73ea.zip
[Minor] Add method to encrypt and seal data using keypair
-rw-r--r--src/libcryptobox/keypair.c50
-rw-r--r--src/libcryptobox/keypair.h17
2 files changed, 67 insertions, 0 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index 1f8acc6d1..50e3614d9 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -19,6 +19,7 @@
#include "libcryptobox/keypair_private.h"
#include "libutil/str_util.h"
#include "libutil/printf.h"
+#include "contrib/libottery/ottery.h"
const guchar encrypted_magic[7] = {'r', 'u', 'c', 'l', 'e', 'v', '1'};
@@ -977,3 +978,52 @@ rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,
return TRUE;
}
+gboolean
+rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
+ const guchar *in, gsize inlen,
+ guchar **out, gsize *outlen,
+ GError **err)
+{
+ guchar *nonce, *mac, *data, *pubkey;
+ struct rspamd_cryptobox_keypair *local;
+ gsize olen;
+
+ g_assert (kp != NULL);
+ g_assert (in != NULL);
+
+ if (kp->type != RSPAMD_KEYPAIR_KEX) {
+ g_set_error (err, rspamd_keypair_quark (), EINVAL,
+ "invalid keypair type");
+
+ return FALSE;
+ }
+
+ local = rspamd_keypair_new (kp->type, kp->alg);
+
+ olen = inlen + sizeof (encrypted_magic) +
+ rspamd_cryptobox_pk_bytes (kp->alg) +
+ rspamd_cryptobox_mac_bytes (kp->alg) +
+ rspamd_cryptobox_nonce_bytes (kp->alg);
+ *out = g_malloc (olen);
+ memcpy (*out, encrypted_magic, sizeof (encrypted_magic));
+ pubkey = *out + sizeof (encrypted_magic);
+ mac = pubkey + rspamd_cryptobox_pk_bytes (kp->alg);
+ nonce = mac + rspamd_cryptobox_mac_bytes (kp->alg);
+ data = nonce + rspamd_cryptobox_nonce_bytes (kp->alg);
+
+ ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (kp->alg));
+ memcpy (data, in, inlen);
+ memcpy (pubkey, rspamd_keypair_component (kp,
+ RSPAMD_KEYPAIR_COMPONENT_PK, NULL),
+ rspamd_cryptobox_pk_bytes (kp->alg));
+ rspamd_cryptobox_encrypt_inplace (data, inlen, nonce, pubkey,
+ rspamd_keypair_component (local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL),
+ mac, kp->alg);
+ rspamd_keypair_unref (local);
+
+ if (outlen) {
+ *outlen = olen;
+ }
+
+ return TRUE;
+} \ No newline at end of file
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
index fc17412e2..3e78e7cbb 100644
--- a/src/libcryptobox/keypair.h
+++ b/src/libcryptobox/keypair.h
@@ -287,5 +287,22 @@ gboolean rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,
guchar **out, gsize *outlen,
GError **err);
+/**
+ * Encrypts data usign specific keypair.
+ * This method actually generates ephemeral local keypair, use public key from
+ * the remote keypair and encrypts data
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @param err pointer to error
+ * @return TRUE if encryption has been completed, out must be freed in this case
+ */
+gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,
+ const guchar *in, gsize inlen,
+ guchar **out, gsize *outlen,
+ GError **err);
+
#endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */