diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-19 09:24:08 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-19 09:24:08 +0100 |
| commit | 517e542fcfe4cde88785117b18119b10ab43c33f (patch) | |
| tree | 2b6ba5241f532b8c8fd5318b38788e0b54aa905a /src/libcryptobox/cryptobox.c | |
| parent | e02c179c3b3f001f02b2d3b974b30aca4d0266ee (diff) | |
| download | rspamd-517e542fcfe4cde88785117b18119b10ab43c33f.tar.gz rspamd-517e542fcfe4cde88785117b18119b10ab43c33f.zip | |
Enable openssl mode for keypair generation
Diffstat (limited to 'src/libcryptobox/cryptobox.c')
| -rw-r--r-- | src/libcryptobox/cryptobox.c | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index e424dac1f..6282dcca4 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -45,7 +45,11 @@ #if OPENSSL_VERSION_NUMBER >= 0x1000104fL #define HAVE_USABLE_OPENSSL 1 #endif +#endif + +#ifdef HAVE_USABLE_OPENSSL #include <openssl/evp.h> +#include <openssl/ec.h> #endif #include <signal.h> @@ -233,12 +237,42 @@ rspamd_cryptobox_init (void) void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk) { - ottery_rand_bytes (sk, rspamd_cryptobox_SKBYTES); - sk[0] &= 248; - sk[31] &= 127; - sk[31] |= 64; + if (G_LIKELY (!use_openssl)) { + ottery_rand_bytes (sk, rspamd_cryptobox_SKBYTES); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; - curve25519 (pk, sk, curve25519_basepoint); + curve25519 (pk, sk, curve25519_basepoint); + } + else { +#ifndef HAVE_USABLE_OPENSSL + g_assert (0); +#else + EC_KEY *ec_sec; + const BIGNUM *bn_sec, *bn_pub; + const EC_POINT *ec_pub; + gint len; + + ec_sec = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + g_assert (ec_sec != NULL); + g_assert (EC_KEY_generate_key (ec_sec) != 0); + + bn_sec = EC_KEY_get0_private_key (ec_sec); + g_assert (bn_sec != NULL); + ec_pub = EC_KEY_get0_public_key (ec_sec); + g_assert (ec_pub != NULL); + bn_pub = EC_POINT_point2bn (EC_KEY_get0_group (ec_sec), + ec_pub, POINT_CONVERSION_COMPRESSED, NULL, NULL); + + len = BN_num_bits (bn_sec) / NBBY; + g_assert (len <= sizeof (rspamd_sk_t)); + BN_bn2bin (bn_sec, sk); + len = BN_num_bits (bn_pub) / NBBY; + g_assert (len <= sizeof (rspamd_pk_t)); + BN_bn2bin (bn_pub, pk); +#endif + } } void |