diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-08-09 11:12:23 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-08-09 11:12:23 +0100 |
commit | 12c12bdf0c00438d0cb37d02dae5a34f41066865 (patch) | |
tree | d186aac0d2a8557fc191939339ed141e8d84c334 /contrib | |
parent | 96cd1f0968158e5b3d0460cf364138d22f3d22e3 (diff) | |
download | rspamd-12c12bdf0c00438d0cb37d02dae5a34f41066865.tar.gz rspamd-12c12bdf0c00438d0cb37d02dae5a34f41066865.zip |
[Project] Remove NIST mode from everywhere
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/librdns/curve.c | 569 |
1 files changed, 289 insertions, 280 deletions
diff --git a/contrib/librdns/curve.c b/contrib/librdns/curve.c index 19ec2508c..9fc345fb5 100644 --- a/contrib/librdns/curve.c +++ b/contrib/librdns/curve.c @@ -1,4 +1,20 @@ /* + * Copyright 2024 Vsevolod Stakhov + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* * Copyright (c) 2014, Vsevolod Stakhov * * All rights reserved. @@ -39,12 +55,11 @@ #include <tweetnacl.h> -void -randombytes(uint8_t *data, uint64_t len) +void randombytes(uint8_t *data, uint64_t len) { - ottery_rand_bytes (data, len); + ottery_rand_bytes(data, len); } -void sodium_memzero (uint8_t *data, uint64_t len) +void sodium_memzero(uint8_t *data, uint64_t len) { volatile uint8_t *p = data; @@ -54,14 +69,13 @@ void sodium_memzero (uint8_t *data, uint64_t len) } void sodium_init(void) { - } -ssize_t rdns_curve_send (struct rdns_request *req, void *plugin_data); -ssize_t rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, - void *plugin_data, struct rdns_request **req_out); -void rdns_curve_finish_request (struct rdns_request *req, void *plugin_data); -void rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data); +ssize_t rdns_curve_send(struct rdns_request *req, void *plugin_data); +ssize_t rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, + void *plugin_data, struct rdns_request **req_out); +void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data); +void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data); struct rdns_curve_entry { char *name; @@ -103,34 +117,36 @@ struct rdns_curve_ctx { }; static struct rdns_curve_client_key * -rdns_curve_client_key_new (struct rdns_curve_ctx *ctx) +rdns_curve_client_key_new(struct rdns_curve_ctx *ctx) { struct rdns_curve_client_key *new; struct rdns_curve_nm_entry *nm; struct rdns_curve_entry *entry, *tmp; - new = calloc (1, sizeof (struct rdns_curve_client_key)); - crypto_box_keypair (new->pk, new->sk); + new = calloc(1, sizeof(struct rdns_curve_client_key)); + crypto_box_keypair(new->pk, new->sk); - HASH_ITER (hh, ctx->entries, entry, tmp) { - nm = calloc (1, sizeof (struct rdns_curve_nm_entry)); + HASH_ITER(hh, ctx->entries, entry, tmp) + { + nm = calloc(1, sizeof(struct rdns_curve_nm_entry)); nm->entry = entry; - crypto_box_beforenm (nm->k, entry->pk, new->sk); + crypto_box_beforenm(nm->k, entry->pk, new->sk); - DL_APPEND (new->nms, nm); + DL_APPEND(new->nms, nm); } - new->counter = ottery_rand_uint64 (); + new->counter = ottery_rand_uint64(); return new; } static struct rdns_curve_nm_entry * -rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry *entry) +rdns_curve_find_nm(struct rdns_curve_client_key *key, struct rdns_curve_entry *entry) { struct rdns_curve_nm_entry *nm; - DL_FOREACH (key->nms, nm) { + DL_FOREACH(key->nms, nm) + { if (nm->entry == entry) { return nm; } @@ -140,67 +156,68 @@ rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry * } static void -rdns_curve_client_key_free (struct rdns_curve_client_key *key) +rdns_curve_client_key_free(struct rdns_curve_client_key *key) { struct rdns_curve_nm_entry *nm, *tmp; - DL_FOREACH_SAFE (key->nms, nm, tmp) { - sodium_memzero (nm->k, sizeof (nm->k)); - free (nm); + DL_FOREACH_SAFE(key->nms, nm, tmp) + { + sodium_memzero(nm->k, sizeof(nm->k)); + free(nm); } - sodium_memzero (key->sk, sizeof (key->sk)); - free (key); + sodium_memzero(key->sk, sizeof(key->sk)); + free(key); } -struct rdns_curve_ctx* -rdns_curve_ctx_new (double key_refresh_interval) +struct rdns_curve_ctx * +rdns_curve_ctx_new(double key_refresh_interval) { struct rdns_curve_ctx *new; - new = calloc (1, sizeof (struct rdns_curve_ctx)); + new = calloc(1, sizeof(struct rdns_curve_ctx)); new->key_refresh_interval = key_refresh_interval; return new; } -void -rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx, - const char *name, const unsigned char *pubkey) +void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx, + const char *name, const unsigned char *pubkey) { struct rdns_curve_entry *entry; bool success = true; - entry = malloc (sizeof (struct rdns_curve_entry)); + entry = malloc(sizeof(struct rdns_curve_entry)); if (entry != NULL) { - entry->name = strdup (name); + entry->name = strdup(name); if (entry->name == NULL) { success = false; } - memcpy (entry->pk, pubkey, sizeof (entry->pk)); + memcpy(entry->pk, pubkey, sizeof(entry->pk)); if (success) { - HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry); + HASH_ADD_KEYPTR(hh, ctx->entries, entry->name, strlen(entry->name), entry); } } } -#define rdns_curve_write_hex(in, out, offset, base) do { \ - *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \ -} while (0) +#define rdns_curve_write_hex(in, out, offset, base) \ + do { \ + *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \ + } while (0) static bool -rdns_curve_hex_to_byte (const char *in, unsigned char *out) +rdns_curve_hex_to_byte(const char *in, unsigned char *out) { int i; - for (i = 0; i <= 1; i ++) { + for (i = 0; i <= 1; i++) { if (in[i] >= '0' && in[i] <= '9') { - rdns_curve_write_hex (in, out, i, '0'); + rdns_curve_write_hex(in, out, i, '0'); } else if (in[i] >= 'a' && in[i] <= 'f') { - rdns_curve_write_hex (in, out, i, 'a' - 10); + rdns_curve_write_hex(in, out, i, 'a' - 10); } else if (in[i] >= 'A' && in[i] <= 'F') { - rdns_curve_write_hex (in, out, i, 'A' - 10); + rdns_curve_write_hex(in, out, i, 'A' - 10); } else { return false; @@ -212,16 +229,16 @@ rdns_curve_hex_to_byte (const char *in, unsigned char *out) #undef rdns_curve_write_hex unsigned char * -rdns_curve_key_from_hex (const char *hex) +rdns_curve_key_from_hex(const char *hex) { - unsigned int len = strlen (hex), i; + unsigned int len = strlen(hex), i; unsigned char *res = NULL; if (len == crypto_box_PUBLICKEYBYTES * 2) { - res = calloc (1, crypto_box_PUBLICKEYBYTES); - for (i = 0; i < crypto_box_PUBLICKEYBYTES; i ++) { - if (!rdns_curve_hex_to_byte (&hex[i * 2], &res[i])) { - free (res); + res = calloc(1, crypto_box_PUBLICKEYBYTES); + for (i = 0; i < crypto_box_PUBLICKEYBYTES; i++) { + if (!rdns_curve_hex_to_byte(&hex[i * 2], &res[i])) { + free(res); return NULL; } } @@ -230,35 +247,34 @@ rdns_curve_key_from_hex (const char *hex) return res; } -void -rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx) +void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx) { struct rdns_curve_entry *entry, *tmp; - HASH_ITER (hh, ctx->entries, entry, tmp) { - free (entry->name); - free (entry); + HASH_ITER(hh, ctx->entries, entry, tmp) + { + free(entry->name); + free(entry); } - free (ctx); + free(ctx); } static void -rdns_curve_refresh_key_callback (void *user_data) +rdns_curve_refresh_key_callback(void *user_data) { struct rdns_curve_ctx *ctx = user_data; struct rdns_resolver *resolver; resolver = ctx->resolver; - rdns_info ("refresh dnscurve keys"); - REF_RELEASE (ctx->cur_key); - ctx->cur_key = rdns_curve_client_key_new (ctx); - REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free); + rdns_info("refresh dnscurve keys"); + REF_RELEASE(ctx->cur_key); + ctx->cur_key = rdns_curve_client_key_new(ctx); + REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free); } -void -rdns_curve_register_plugin (struct rdns_resolver *resolver, - struct rdns_curve_ctx *ctx) +void rdns_curve_register_plugin(struct rdns_resolver *resolver, + struct rdns_curve_ctx *ctx) { struct rdns_plugin *plugin; @@ -266,7 +282,7 @@ rdns_curve_register_plugin (struct rdns_resolver *resolver, return; } - plugin = calloc (1, sizeof (struct rdns_plugin)); + plugin = calloc(1, sizeof(struct rdns_plugin)); if (plugin != NULL) { plugin->data = ctx; plugin->type = RDNS_PLUGIN_CURVE; @@ -274,24 +290,24 @@ rdns_curve_register_plugin (struct rdns_resolver *resolver, plugin->cb.curve_plugin.recv_cb = rdns_curve_recv; plugin->cb.curve_plugin.finish_cb = rdns_curve_finish_request; plugin->dtor = rdns_curve_dtor; - sodium_init (); - ctx->cur_key = rdns_curve_client_key_new (ctx); - REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free); + sodium_init(); + ctx->cur_key = rdns_curve_client_key_new(ctx); + REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free); if (ctx->key_refresh_interval > 0) { - ctx->key_refresh_event = resolver->async->add_periodic ( - resolver->async->data, ctx->key_refresh_interval, - rdns_curve_refresh_key_callback, ctx); + ctx->key_refresh_event = resolver->async->add_periodic( + resolver->async->data, ctx->key_refresh_interval, + rdns_curve_refresh_key_callback, ctx); } ctx->resolver = resolver; - rdns_resolver_register_plugin (resolver, plugin); + rdns_resolver_register_plugin(resolver, plugin); } } ssize_t -rdns_curve_send (struct rdns_request *req, void *plugin_data) +rdns_curve_send(struct rdns_request *req, void *plugin_data) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; struct rdns_curve_entry *entry; struct iovec iov[4]; unsigned char *m; @@ -301,62 +317,62 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data) ssize_t ret, boxed_len; /* Check for key */ - HASH_FIND_STR (ctx->entries, req->io->srv->name, entry); + HASH_FIND_STR(ctx->entries, req->io->srv->name, entry); if (entry != NULL) { - nm = rdns_curve_find_nm (ctx->cur_key, entry); - creq = malloc (sizeof (struct rdns_curve_request)); + nm = rdns_curve_find_nm(ctx->cur_key, entry); + creq = malloc(sizeof(struct rdns_curve_request)); if (creq == NULL) { return -1; } boxed_len = req->pos + crypto_box_ZEROBYTES; - m = malloc (boxed_len); + m = malloc(boxed_len); if (m == NULL) { return -1; } /* Ottery is faster than sodium native PRG that uses /dev/random only */ - memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t)); - ottery_rand_bytes (creq->nonce + sizeof (uint64_t), 12 - sizeof (uint64_t)); - sodium_memzero (creq->nonce + 12, crypto_box_NONCEBYTES - 12); + memcpy(creq->nonce, &ctx->cur_key->counter, sizeof(uint64_t)); + ottery_rand_bytes(creq->nonce + sizeof(uint64_t), 12 - sizeof(uint64_t)); + sodium_memzero(creq->nonce + 12, crypto_box_NONCEBYTES - 12); - sodium_memzero (m, crypto_box_ZEROBYTES); - memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos); + sodium_memzero(m, crypto_box_ZEROBYTES); + memcpy(m + crypto_box_ZEROBYTES, req->packet, req->pos); - if (crypto_box_afternm (m, m, boxed_len, - creq->nonce, nm->k) == -1) { - sodium_memzero (m, boxed_len); - free (m); + if (crypto_box_afternm(m, m, boxed_len, + creq->nonce, nm->k) == -1) { + sodium_memzero(m, boxed_len); + free(m); return -1; } creq->key = ctx->cur_key; - REF_RETAIN (ctx->cur_key); + REF_RETAIN(ctx->cur_key); creq->entry = entry; creq->req = req; creq->nm = nm; - HASH_ADD_KEYPTR (hh, ctx->requests, creq->nonce, 12, creq); + HASH_ADD_KEYPTR(hh, ctx->requests, creq->nonce, 12, creq); req->curve_plugin_data = creq; - ctx->cur_key->counter ++; - ctx->cur_key->uses ++; + ctx->cur_key->counter++; + ctx->cur_key->uses++; /* Now form a dnscurve packet */ - iov[0].iov_base = (void *)qmagic; - iov[0].iov_len = sizeof (qmagic) - 1; + iov[0].iov_base = (void *) qmagic; + iov[0].iov_len = sizeof(qmagic) - 1; iov[1].iov_base = ctx->cur_key->pk; - iov[1].iov_len = sizeof (ctx->cur_key->pk); + iov[1].iov_len = sizeof(ctx->cur_key->pk); iov[2].iov_base = creq->nonce; iov[2].iov_len = 12; iov[3].iov_base = m + crypto_box_BOXZEROBYTES; iov[3].iov_len = boxed_len - crypto_box_BOXZEROBYTES; - ret = writev (req->io->sock, iov, sizeof (iov) / sizeof (iov[0])); - sodium_memzero (m, boxed_len); - free (m); + ret = writev(req->io->sock, iov, sizeof(iov) / sizeof(iov[0])); + sodium_memzero(m, boxed_len); + free(m); } else { - ret = write (req->io->sock, req->packet, req->pos); + ret = write(req->io->sock, req->packet, req->pos); req->curve_plugin_data = NULL; } @@ -364,10 +380,10 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data) } ssize_t -rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data, - struct rdns_request **req_out) +rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data, + struct rdns_request **req_out) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; ssize_t ret, boxlen; static const char rmagic[] = "R6fnvWJ8"; unsigned char *p, *box; @@ -376,71 +392,69 @@ rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugi struct rdns_resolver *resolver; resolver = ctx->resolver; - ret = read (ioc->sock, buf, len); + ret = read(ioc->sock, buf, len); if (ret <= 0 || ret < 64) { /* Definitely not a DNSCurve packet */ return ret; } - if (memcmp (buf, rmagic, sizeof (rmagic) - 1) == 0) { + if (memcmp(buf, rmagic, sizeof(rmagic) - 1) == 0) { /* Likely DNSCurve packet */ - p = ((unsigned char *)buf) + 8; - HASH_FIND (hh, ctx->requests, p, 12, creq); + p = ((unsigned char *) buf) + 8; + HASH_FIND(hh, ctx->requests, p, 12, creq); if (creq == NULL) { - rdns_info ("unable to find nonce in the internal hash"); + rdns_info("unable to find nonce in the internal hash"); return ret; } - memcpy (enonce, p, crypto_box_NONCEBYTES); + memcpy(enonce, p, crypto_box_NONCEBYTES); p += crypto_box_NONCEBYTES; boxlen = ret - crypto_box_NONCEBYTES + - crypto_box_BOXZEROBYTES - - sizeof (rmagic) + 1; + crypto_box_BOXZEROBYTES - + sizeof(rmagic) + 1; if (boxlen < 0) { return ret; } - box = malloc (boxlen); - sodium_memzero (box, crypto_box_BOXZEROBYTES); - memcpy (box + crypto_box_BOXZEROBYTES, p, - boxlen - crypto_box_BOXZEROBYTES); - - if (crypto_box_open_afternm (box, box, boxlen, enonce, creq->nm->k) != -1) { - memcpy (buf, box + crypto_box_ZEROBYTES, - boxlen - crypto_box_ZEROBYTES); + box = malloc(boxlen); + sodium_memzero(box, crypto_box_BOXZEROBYTES); + memcpy(box + crypto_box_BOXZEROBYTES, p, + boxlen - crypto_box_BOXZEROBYTES); + + if (crypto_box_open_afternm(box, box, boxlen, enonce, creq->nm->k) != -1) { + memcpy(buf, box + crypto_box_ZEROBYTES, + boxlen - crypto_box_ZEROBYTES); ret = boxlen - crypto_box_ZEROBYTES; *req_out = creq->req; } else { - rdns_info ("unable open cryptobox of size %d", (int)boxlen); + rdns_info("unable open cryptobox of size %d", (int) boxlen); } - free (box); + free(box); } return ret; } -void -rdns_curve_finish_request (struct rdns_request *req, void *plugin_data) +void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; struct rdns_curve_request *creq = req->curve_plugin_data; if (creq != NULL) { - REF_RELEASE (creq->key); - HASH_DELETE (hh, ctx->requests, creq); + REF_RELEASE(creq->key); + HASH_DELETE(hh, ctx->requests, creq); } } -void -rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data) +void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; if (ctx->key_refresh_event != NULL) { - resolver->async->del_periodic (resolver->async->data, - ctx->key_refresh_event); + resolver->async->del_periodic(resolver->async->data, + ctx->key_refresh_event); } - REF_RELEASE (ctx->cur_key); + REF_RELEASE(ctx->cur_key); } #elif defined(USE_RSPAMD_CRYPTOBOX) @@ -454,13 +468,13 @@ rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data) #define crypto_box_BOXZEROBYTES 16 #endif -ssize_t rdns_curve_send (struct rdns_request *req, void *plugin_data, - struct sockaddr *saddr, socklen_t slen); -ssize_t rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, - void *plugin_data, struct rdns_request **req_out, - struct sockaddr *saddr, socklen_t slen); -void rdns_curve_finish_request (struct rdns_request *req, void *plugin_data); -void rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data); +ssize_t rdns_curve_send(struct rdns_request *req, void *plugin_data, + struct sockaddr *saddr, socklen_t slen); +ssize_t rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, + void *plugin_data, struct rdns_request **req_out, + struct sockaddr *saddr, socklen_t slen); +void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data); +void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data); struct rdns_curve_entry { char *name; @@ -502,35 +516,36 @@ struct rdns_curve_ctx { }; static struct rdns_curve_client_key * -rdns_curve_client_key_new (struct rdns_curve_ctx *ctx) +rdns_curve_client_key_new(struct rdns_curve_ctx *ctx) { struct rdns_curve_client_key *new; struct rdns_curve_nm_entry *nm; struct rdns_curve_entry *entry, *tmp; - new = calloc (1, sizeof (struct rdns_curve_client_key)); - rspamd_cryptobox_keypair (new->pk, new->sk, RSPAMD_CRYPTOBOX_MODE_25519); + new = calloc(1, sizeof(struct rdns_curve_client_key)); + rspamd_cryptobox_keypair(new->pk, new->sk); - HASH_ITER (hh, ctx->entries, entry, tmp) { - nm = calloc (1, sizeof (struct rdns_curve_nm_entry)); + HASH_ITER(hh, ctx->entries, entry, tmp) + { + nm = calloc(1, sizeof(struct rdns_curve_nm_entry)); nm->entry = entry; - rspamd_cryptobox_nm (nm->k, entry->pk, new->sk, - RSPAMD_CRYPTOBOX_MODE_25519); + rspamd_cryptobox_nm(nm->k, entry->pk, new->sk); - DL_APPEND (new->nms, nm); + DL_APPEND(new->nms, nm); } - new->counter = ottery_rand_uint64 (); + new->counter = ottery_rand_uint64(); return new; } static struct rdns_curve_nm_entry * -rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry *entry) +rdns_curve_find_nm(struct rdns_curve_client_key *key, struct rdns_curve_entry *entry) { struct rdns_curve_nm_entry *nm; - DL_FOREACH (key->nms, nm) { + DL_FOREACH(key->nms, nm) + { if (nm->entry == entry) { return nm; } @@ -540,68 +555,69 @@ rdns_curve_find_nm (struct rdns_curve_client_key *key, struct rdns_curve_entry * } static void -rdns_curve_client_key_free (struct rdns_curve_client_key *key) +rdns_curve_client_key_free(struct rdns_curve_client_key *key) { struct rdns_curve_nm_entry *nm, *tmp; - DL_FOREACH_SAFE (key->nms, nm, tmp) { - rspamd_explicit_memzero (nm->k, sizeof (nm->k)); - free (nm); + DL_FOREACH_SAFE(key->nms, nm, tmp) + { + rspamd_explicit_memzero(nm->k, sizeof(nm->k)); + free(nm); } - rspamd_explicit_memzero (key->sk, sizeof (key->sk)); - free (key); + rspamd_explicit_memzero(key->sk, sizeof(key->sk)); + free(key); } -struct rdns_curve_ctx* -rdns_curve_ctx_new (double key_refresh_interval) +struct rdns_curve_ctx * +rdns_curve_ctx_new(double key_refresh_interval) { struct rdns_curve_ctx *new; - new = calloc (1, sizeof (struct rdns_curve_ctx)); + new = calloc(1, sizeof(struct rdns_curve_ctx)); new->key_refresh_interval = key_refresh_interval; return new; } -void -rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx, - const char *name, const unsigned char *pubkey) +void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx, + const char *name, const unsigned char *pubkey) { struct rdns_curve_entry *entry; bool success = true; - entry = malloc (sizeof (struct rdns_curve_entry)); + entry = malloc(sizeof(struct rdns_curve_entry)); if (entry != NULL) { - entry->name = strdup (name); + entry->name = strdup(name); if (entry->name == NULL) { success = false; } - memcpy (entry->pk, pubkey, sizeof (entry->pk)); + memcpy(entry->pk, pubkey, sizeof(entry->pk)); if (success) { - HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry); + HASH_ADD_KEYPTR(hh, ctx->entries, entry->name, strlen(entry->name), entry); } } } -#define rdns_curve_write_hex(in, out, offset, base) do { \ - *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \ -} while (0) +#define rdns_curve_write_hex(in, out, offset, base) \ + do { \ + *(out) |= ((in)[(offset)] - (base)) << ((1 - offset) * 4); \ + } while (0) static bool -rdns_curve_hex_to_byte (const char *in, unsigned char *out) +rdns_curve_hex_to_byte(const char *in, unsigned char *out) { int i; - for (i = 0; i <= 1; i ++) { + for (i = 0; i <= 1; i++) { if (in[i] >= '0' && in[i] <= '9') { - rdns_curve_write_hex (in, out, i, '0'); + rdns_curve_write_hex(in, out, i, '0'); } else if (in[i] >= 'a' && in[i] <= 'f') { - rdns_curve_write_hex (in, out, i, 'a' - 10); + rdns_curve_write_hex(in, out, i, 'a' - 10); } else if (in[i] >= 'A' && in[i] <= 'F') { - rdns_curve_write_hex (in, out, i, 'A' - 10); + rdns_curve_write_hex(in, out, i, 'A' - 10); } else { return false; @@ -613,18 +629,18 @@ rdns_curve_hex_to_byte (const char *in, unsigned char *out) #undef rdns_curve_write_hex unsigned char * -rdns_curve_key_from_hex (const char *hex) +rdns_curve_key_from_hex(const char *hex) { - unsigned int len = strlen (hex), i; + unsigned int len = strlen(hex), i; unsigned char *res = NULL; - if (len == rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519) * 2) { - res = calloc (1, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); + if (len == crypto_box_publickeybytes() * 2) { + res = calloc(1, crypto_box_publickeybytes()); for (i = 0; - i < rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519); - i ++) { - if (!rdns_curve_hex_to_byte (&hex[i * 2], &res[i])) { - free (res); + i < crypto_box_publickeybytes(); + i++) { + if (!rdns_curve_hex_to_byte(&hex[i * 2], &res[i])) { + free(res); return NULL; } } @@ -633,35 +649,34 @@ rdns_curve_key_from_hex (const char *hex) return res; } -void -rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx) +void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx) { struct rdns_curve_entry *entry, *tmp; - HASH_ITER (hh, ctx->entries, entry, tmp) { - free (entry->name); - free (entry); + HASH_ITER(hh, ctx->entries, entry, tmp) + { + free(entry->name); + free(entry); } - free (ctx); + free(ctx); } static void -rdns_curve_refresh_key_callback (void *user_data) +rdns_curve_refresh_key_callback(void *user_data) { struct rdns_curve_ctx *ctx = user_data; struct rdns_resolver *resolver; resolver = ctx->resolver; - rdns_info ("refresh dnscurve keys"); - REF_RELEASE (ctx->cur_key); - ctx->cur_key = rdns_curve_client_key_new (ctx); - REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free); + rdns_info("refresh dnscurve keys"); + REF_RELEASE(ctx->cur_key); + ctx->cur_key = rdns_curve_client_key_new(ctx); + REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free); } -void -rdns_curve_register_plugin (struct rdns_resolver *resolver, - struct rdns_curve_ctx *ctx) +void rdns_curve_register_plugin(struct rdns_resolver *resolver, + struct rdns_curve_ctx *ctx) { struct rdns_plugin *plugin; @@ -669,7 +684,7 @@ rdns_curve_register_plugin (struct rdns_resolver *resolver, return; } - plugin = calloc (1, sizeof (struct rdns_plugin)); + plugin = calloc(1, sizeof(struct rdns_plugin)); if (plugin != NULL) { plugin->data = ctx; plugin->type = RDNS_PLUGIN_CURVE; @@ -677,24 +692,24 @@ rdns_curve_register_plugin (struct rdns_resolver *resolver, plugin->cb.curve_plugin.recv_cb = rdns_curve_recv; plugin->cb.curve_plugin.finish_cb = rdns_curve_finish_request; plugin->dtor = rdns_curve_dtor; - ctx->cur_key = rdns_curve_client_key_new (ctx); - REF_INIT_RETAIN (ctx->cur_key, rdns_curve_client_key_free); + ctx->cur_key = rdns_curve_client_key_new(ctx); + REF_INIT_RETAIN(ctx->cur_key, rdns_curve_client_key_free); if (ctx->key_refresh_interval > 0) { - ctx->key_refresh_event = resolver->async->add_periodic ( - resolver->async->data, ctx->key_refresh_interval, - rdns_curve_refresh_key_callback, ctx); + ctx->key_refresh_event = resolver->async->add_periodic( + resolver->async->data, ctx->key_refresh_interval, + rdns_curve_refresh_key_callback, ctx); } ctx->resolver = resolver; - rdns_resolver_register_plugin (resolver, plugin); + rdns_resolver_register_plugin(resolver, plugin); } } ssize_t -rdns_curve_send (struct rdns_request *req, void *plugin_data, - struct sockaddr *saddr, socklen_t slen) +rdns_curve_send(struct rdns_request *req, void *plugin_data, + struct sockaddr *saddr, socklen_t slen) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; struct rdns_curve_entry *entry; struct iovec iov[4]; unsigned char *m; @@ -704,53 +719,52 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data, ssize_t ret, boxed_len; /* Check for key */ - HASH_FIND_STR (ctx->entries, req->io->srv->name, entry); + HASH_FIND_STR(ctx->entries, req->io->srv->name, entry); if (entry != NULL) { - nm = rdns_curve_find_nm (ctx->cur_key, entry); - creq = malloc (sizeof (struct rdns_curve_request)); + nm = rdns_curve_find_nm(ctx->cur_key, entry); + creq = malloc(sizeof(struct rdns_curve_request)); if (creq == NULL) { return -1; } boxed_len = req->pos + crypto_box_ZEROBYTES; - m = malloc (boxed_len); + m = malloc(boxed_len); if (m == NULL) { free(creq); return -1; } /* Ottery is faster than sodium native PRG that uses /dev/random only */ - memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t)); - ottery_rand_bytes (creq->nonce + sizeof (uint64_t), 12 - sizeof (uint64_t)); - rspamd_explicit_memzero (creq->nonce + 12, - rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) - 12); + memcpy(creq->nonce, &ctx->cur_key->counter, sizeof(uint64_t)); + ottery_rand_bytes(creq->nonce + sizeof(uint64_t), 12 - sizeof(uint64_t)); + rspamd_explicit_memzero(creq->nonce + 12, + crypto_box_noncebytes() - 12); - rspamd_explicit_memzero (m, crypto_box_ZEROBYTES); - memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos); + rspamd_explicit_memzero(m, crypto_box_ZEROBYTES); + memcpy(m + crypto_box_ZEROBYTES, req->packet, req->pos); - rspamd_cryptobox_encrypt_nm_inplace (m + crypto_box_ZEROBYTES, - boxed_len, - creq->nonce, - nm->k, - m, - RSPAMD_CRYPTOBOX_MODE_25519); + rspamd_cryptobox_encrypt_nm_inplace(m + crypto_box_ZEROBYTES, + boxed_len, + creq->nonce, + nm->k, + m); creq->key = ctx->cur_key; - REF_RETAIN (ctx->cur_key); + REF_RETAIN(ctx->cur_key); creq->entry = entry; creq->req = req; creq->nm = nm; - HASH_ADD_KEYPTR (hh, ctx->requests, creq->nonce, 12, creq); + HASH_ADD_KEYPTR(hh, ctx->requests, creq->nonce, 12, creq); req->curve_plugin_data = creq; - ctx->cur_key->counter ++; - ctx->cur_key->uses ++; + ctx->cur_key->counter++; + ctx->cur_key->uses++; /* Now form a dnscurve packet */ - iov[0].iov_base = (void *)qmagic; - iov[0].iov_len = sizeof (qmagic) - 1; + iov[0].iov_base = (void *) qmagic; + iov[0].iov_len = sizeof(qmagic) - 1; iov[1].iov_base = ctx->cur_key->pk; - iov[1].iov_len = sizeof (ctx->cur_key->pk); + iov[1].iov_len = sizeof(ctx->cur_key->pk); iov[2].iov_base = creq->nonce; iov[2].iov_len = 12; iov[3].iov_base = m + crypto_box_BOXZEROBYTES; @@ -758,17 +772,17 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data, struct msghdr msg; - memset (&msg, 0, sizeof (msg)); + memset(&msg, 0, sizeof(msg)); msg.msg_namelen = slen; msg.msg_name = saddr; msg.msg_iov = iov; - msg.msg_iovlen = sizeof (iov) / sizeof (iov[0]); - ret = sendmsg (req->io->sock, &msg, 0); - rspamd_explicit_memzero (m, boxed_len); - free (m); + msg.msg_iovlen = sizeof(iov) / sizeof(iov[0]); + ret = sendmsg(req->io->sock, &msg, 0); + rspamd_explicit_memzero(m, boxed_len); + free(m); } else { - ret = sendto (req->io->sock, req->packet, req->pos, 0, saddr, slen); + ret = sendto(req->io->sock, req->packet, req->pos, 0, saddr, slen); req->curve_plugin_data = NULL; } @@ -776,10 +790,10 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data, } ssize_t -rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data, - struct rdns_request **req_out, struct sockaddr *saddr, socklen_t slen) +rdns_curve_recv(struct rdns_io_channel *ioc, void *buf, size_t len, void *plugin_data, + struct rdns_request **req_out, struct sockaddr *saddr, socklen_t slen) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; ssize_t ret, boxlen; static const char rmagic[] = "R6fnvWJ8"; unsigned char *p, *box; @@ -788,102 +802,97 @@ rdns_curve_recv (struct rdns_io_channel *ioc, void *buf, size_t len, void *plugi struct rdns_resolver *resolver; resolver = ctx->resolver; - ret = recv (ioc->sock, buf, len, 0); + ret = recv(ioc->sock, buf, len, 0); if (ret <= 0 || ret < 64) { /* Definitely not a DNSCurve packet */ return ret; } - if (memcmp (buf, rmagic, sizeof (rmagic) - 1) == 0) { + if (memcmp(buf, rmagic, sizeof(rmagic) - 1) == 0) { /* Likely DNSCurve packet */ - p = ((unsigned char *)buf) + 8; - HASH_FIND (hh, ctx->requests, p, 12, creq); + p = ((unsigned char *) buf) + 8; + HASH_FIND(hh, ctx->requests, p, 12, creq); if (creq == NULL) { - rdns_info ("unable to find nonce in the internal hash"); + rdns_info("unable to find nonce in the internal hash"); return ret; } - memcpy (enonce, p, rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); - p += rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519); - boxlen = ret - rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) + - crypto_box_BOXZEROBYTES - - sizeof (rmagic) + 1; + memcpy(enonce, p, crypto_box_noncebytes()); + p += crypto_box_noncebytes(); + boxlen = ret - crypto_box_noncebytes() + + crypto_box_BOXZEROBYTES - + sizeof(rmagic) + 1; if (boxlen < 0) { return ret; } - box = malloc (boxlen); - rspamd_explicit_memzero (box, crypto_box_BOXZEROBYTES); - memcpy (box + crypto_box_BOXZEROBYTES, p, - boxlen - crypto_box_BOXZEROBYTES); - - if (!rspamd_cryptobox_decrypt_nm_inplace ( - box + rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519), - boxlen - rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519), - enonce, creq->nm->k, box, RSPAMD_CRYPTOBOX_MODE_25519)) { - memcpy (buf, box + crypto_box_ZEROBYTES, - boxlen - crypto_box_ZEROBYTES); + box = malloc(boxlen); + rspamd_explicit_memzero(box, crypto_box_BOXZEROBYTES); + memcpy(box + crypto_box_BOXZEROBYTES, p, + boxlen - crypto_box_BOXZEROBYTES); + + if (!rspamd_cryptobox_decrypt_nm_inplace( + box + crypto_box_macbytes(), + boxlen - crypto_box_macbytes(), + enonce, creq->nm->k, box)) { + memcpy(buf, box + crypto_box_ZEROBYTES, + boxlen - crypto_box_ZEROBYTES); ret = boxlen - crypto_box_ZEROBYTES; *req_out = creq->req; } else { - rdns_info ("unable open cryptobox of size %d", (int)boxlen); + rdns_info("unable open cryptobox of size %d", (int) boxlen); } - free (box); + free(box); } return ret; } -void -rdns_curve_finish_request (struct rdns_request *req, void *plugin_data) +void rdns_curve_finish_request(struct rdns_request *req, void *plugin_data) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; struct rdns_curve_request *creq = req->curve_plugin_data; if (creq != NULL) { - REF_RELEASE (creq->key); - HASH_DELETE (hh, ctx->requests, creq); + REF_RELEASE(creq->key); + HASH_DELETE(hh, ctx->requests, creq); } } -void -rdns_curve_dtor (struct rdns_resolver *resolver, void *plugin_data) +void rdns_curve_dtor(struct rdns_resolver *resolver, void *plugin_data) { - struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *)plugin_data; + struct rdns_curve_ctx *ctx = (struct rdns_curve_ctx *) plugin_data; if (ctx->key_refresh_event != NULL) { - resolver->async->del_periodic (resolver->async->data, - ctx->key_refresh_event); + resolver->async->del_periodic(resolver->async->data, + ctx->key_refresh_event); } - REF_RELEASE (ctx->cur_key); + REF_RELEASE(ctx->cur_key); } #else /* Fake functions */ -struct rdns_curve_ctx* rdns_curve_ctx_new (double rekey_interval) +struct rdns_curve_ctx *rdns_curve_ctx_new(double rekey_interval) { return NULL; } -void rdns_curve_ctx_add_key (struct rdns_curve_ctx *ctx, - const char *name, const unsigned char *pubkey) +void rdns_curve_ctx_add_key(struct rdns_curve_ctx *ctx, + const char *name, const unsigned char *pubkey) { - } -void rdns_curve_ctx_destroy (struct rdns_curve_ctx *ctx) +void rdns_curve_ctx_destroy(struct rdns_curve_ctx *ctx) { - } -void rdns_curve_register_plugin (struct rdns_resolver *resolver, - struct rdns_curve_ctx *ctx) +void rdns_curve_register_plugin(struct rdns_resolver *resolver, + struct rdns_curve_ctx *ctx) { - } unsigned char * -rdns_curve_key_from_hex (const char *hex) +rdns_curve_key_from_hex(const char *hex) { return NULL; } |