diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-29 11:24:43 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-29 11:24:43 +0100 |
| commit | c4ccac7afb09784d15a38a27ec1b4c167cb031c5 (patch) | |
| tree | 6fed6fb64529498175c57190582c975a63d3ec6d /src/libcryptobox | |
| parent | 53632b619666d67d14640b1dc0832b2ab6eb8aa8 (diff) | |
| download | rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.tar.gz rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.zip | |
[CritFix] Check NM part of pubkey to match it with rotating keypairs
Diffstat (limited to 'src/libcryptobox')
| -rw-r--r-- | src/libcryptobox/keypair.c | 12 | ||||
| -rw-r--r-- | src/libcryptobox/keypair.h | 3 | ||||
| -rw-r--r-- | src/libcryptobox/keypair_private.h | 1 |
3 files changed, 13 insertions, 3 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index c8fa5633a..ee9fa4649 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -444,12 +444,19 @@ rspamd_pubkey_from_bin (const guchar *raw, const guchar * -rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p) +rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p, + struct rspamd_cryptobox_keypair *kp) { g_assert (p != NULL); if (p->nm) { - return p->nm->nm; + if (memcmp (kp->id, (const guchar *)&p->nm->sk_id, sizeof (guint64)) == 0) { + return p->nm->nm; + } + + /* Wrong ID, need to recalculate */ + REF_RELEASE (p->nm); + p->nm = NULL; } return NULL; @@ -468,6 +475,7 @@ rspamd_pubkey_calculate_nm (struct rspamd_cryptobox_pubkey *p, abort (); } + memcpy (&p->nm->sk_id, kp->id, sizeof (guint64)); REF_INIT_RETAIN (p->nm, rspamd_cryptobox_nm_dtor); } diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h index d7c386b91..92af13b68 100644 --- a/src/libcryptobox/keypair.h +++ b/src/libcryptobox/keypair.h @@ -139,7 +139,8 @@ enum rspamd_cryptobox_mode rspamd_pubkey_alg (struct rspamd_cryptobox_pubkey *p) * @param p * @return */ -const guchar * rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p); +const guchar * rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p, + struct rspamd_cryptobox_keypair *kp); /** * Calculate and store nm value for the specified local key (performs ECDH) diff --git a/src/libcryptobox/keypair_private.h b/src/libcryptobox/keypair_private.h index d91d1c68e..78b894d38 100644 --- a/src/libcryptobox/keypair_private.h +++ b/src/libcryptobox/keypair_private.h @@ -25,6 +25,7 @@ */ struct RSPAMD_ALIGNED(32) rspamd_cryptobox_nm { guchar RSPAMD_ALIGNED(32) nm[rspamd_cryptobox_MAX_NMBYTES]; + guint64 sk_id; /* Used to store secret key id */ ref_entry_t ref; }; |