Start keypair framework conversion

6 files changed, 288 insertions, 1 deletions

diff --git a/src/libcryptobox/CMakeLists.txt b/src/libcryptobox/CMakeLists.txt
index 874e94567..b3defe63f 100644
--- a/src/libcryptobox/CMakeLists.txt
+++ b/src/libcryptobox/CMakeLists.txt
@@ -85,7 +85,9 @@ ENDIF(HAVE_SSE41)
 
 CONFIGURE_FILE(platform_config.h.in platform_config.h)
 INCLUDE_DIRECTORIES("${CMAKE_CURRENT_BINARY_DIR}")
-SET(LIBCRYPTOBOXSRC ${CMAKE_CURRENT_SOURCE_DIR}/cryptobox.c)
+SET(LIBCRYPTOBOXSRC	${CMAKE_CURRENT_SOURCE_DIR}/cryptobox.c
+					${CMAKE_CURRENT_SOURCE_DIR}/keypair.c
+					${CMAKE_CURRENT_SOURCE_DIR}/keypairs_cache.c)
 
 SET(RSPAMD_CRYPTOBOX ${LIBCRYPTOBOXSRC} ${CHACHASRC} ${POLYSRC} ${SIPHASHSRC}
 	${CURVESRC} ${BLAKE2SRC} ${EDSRC} PARENT_SCOPE)
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
new file mode 100644
index 000000000..4ccca298b
--- /dev/null
+++ b/src/libcryptobox/keypair.c
@@ -0,0 +1,19 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "config.h"
+#include "keypair.h"
+#include "keypair_private.h"
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
new file mode 100644
index 000000000..a6b708202
--- /dev/null
+++ b/src/libcryptobox/keypair.h
@@ -0,0 +1,72 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef SRC_LIBCRYPTOBOX_KEYPAIR_H_
+#define SRC_LIBCRYPTOBOX_KEYPAIR_H_
+
+#include "config.h"
+#include "cryptobox.h"
+#include "ucl.h"
+
+/**
+ * Keypair type
+ */
+enum rspamd_cryptobox_keypair_type {
+	RSPAMD_KEYPAIR_KEX = 0,
+	RSPAMD_KEYPAIR_SIGN
+};
+
+/**
+ * Algorithm used for keypair
+ */
+enum rspamd_cryptobox_keypair_algorithm {
+	RSPAMD_KEYPAIR_NIST = 0,
+	RSPAMD_KEYPAIR_25519
+};
+
+/**
+ * Opaque structure for the full (public + private) keypair
+ */
+struct rspamd_cryptobox_keypair;
+/**
+ * Opaque structure for public only keypair
+ */
+struct rspamd_cryptobox_keypair_public;
+
+/**
+ * Creates new full keypair
+ * @param type type of the keypair
+ * @param alg algorithm for the keypair
+ * @return fresh keypair generated
+ */
+struct rspamd_cryptobox_keypair* rspamd_keypair_new (
+		enum rspamd_cryptobox_keypair_type type,
+		enum rspamd_cryptobox_keypair_algorithm alg);
+
+/**
+ * Increase refcount for the specific keypair
+ * @param kp
+ * @return
+ */
+struct rspamd_cryptobox_keypair* rspamd_keypair_ref (
+		struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Decrease refcount for the specific keypair (or destroy when refcount == 0)
+ * @param kp
+ */
+void rspamd_keypair_unref (struct rspamd_cryptobox_keypair *kp);
+
+#endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */
diff --git a/src/libcryptobox/keypair_private.h b/src/libcryptobox/keypair_private.h
new file mode 100644
index 000000000..1856c1a47
--- /dev/null
+++ b/src/libcryptobox/keypair_private.h
@@ -0,0 +1,33 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef KEYPAIR_PRIVATE_H_
+#define KEYPAIR_PRIVATE_H_
+
+#include "config.h"
+#include "ref.h"
+#include "cryptobox.h"
+
+struct RSPAMD_ALIGNED(32) rspamd_http_keypair  {
+	guchar RSPAMD_ALIGNED(32) sk[rspamd_cryptobox_MAX_SKBYTES];
+	guchar RSPAMD_ALIGNED(32) nm[rspamd_cryptobox_MAX_NMBYTES];
+	guchar RSPAMD_ALIGNED(32) pk[rspamd_cryptobox_MAX_PKBYTES];
+	guchar id[rspamd_cryptobox_HASHBYTES];
+	gboolean has_nm;
+	ref_entry_t ref;
+};
+
+
+#endif /* KEYPAIR_PRIVATE_H_ */
diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c
new file mode 100644
index 000000000..2e87561da
--- /dev/null
+++ b/src/libcryptobox/keypairs_cache.c
@@ -0,0 +1,114 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+#include "rspamd.h"
+#include "keypairs_cache.h"
+#include "keypair_private.h"
+#include "hash.h"
+#include "xxhash.h"
+
+struct rspamd_keypair_elt {
+	guchar nm[rspamd_cryptobox_MAX_NMBYTES];
+	guchar pair[rspamd_cryptobox_MAX_PKBYTES + rspamd_cryptobox_MAX_SKBYTES];
+};
+
+struct rspamd_keypair_cache {
+	rspamd_lru_hash_t *hash;
+};
+
+static void
+rspamd_keypair_destroy (gpointer ptr)
+{
+	struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr;
+
+	rspamd_explicit_memzero (elt, sizeof (*elt));
+	g_slice_free1 (sizeof (*elt), elt);
+}
+
+static guint
+rspamd_keypair_hash (gconstpointer ptr)
+{
+	struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr;
+
+	return XXH64 (elt->pair, sizeof (elt->pair), rspamd_hash_seed ());
+}
+
+static gboolean
+rspamd_keypair_equal (gconstpointer p1, gconstpointer p2)
+{
+	struct rspamd_keypair_elt *e1 = (struct rspamd_keypair_elt *)p1,
+			*e2 = (struct rspamd_keypair_elt *)p2;
+
+	return memcmp (e1->pair, e2->pair, sizeof (e1->pair)) == 0;
+}
+
+struct rspamd_keypair_cache *
+rspamd_keypair_cache_new (guint max_items)
+{
+	struct rspamd_keypair_cache *c;
+
+	g_assert (max_items > 0);
+
+	c = g_slice_alloc (sizeof (*c));
+	c->hash = rspamd_lru_hash_new_full (max_items, -1, NULL,
+			rspamd_keypair_destroy, rspamd_keypair_hash, rspamd_keypair_equal);
+
+	return c;
+}
+
+void
+rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
+		gpointer lk, gpointer rk)
+{
+	struct rspamd_http_keypair *kp_local = (struct rspamd_http_keypair *)lk,
+			*kp_remote = (struct rspamd_http_keypair *)rk;
+	struct rspamd_keypair_elt search, *new;
+
+	g_assert (kp_local != NULL);
+	g_assert (kp_remote != NULL);
+
+	memset (&search, 0, sizeof (search));
+	memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ());
+	memcpy (&search.pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
+			rspamd_cryptobox_sk_bytes ());
+	new = rspamd_lru_hash_lookup (c->hash, &search, time (NULL));
+
+	if (new == NULL) {
+		new = g_slice_alloc0 (sizeof (*new));
+		memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ());
+		memcpy (&new->pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
+				rspamd_cryptobox_sk_bytes ());
+		rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk);
+		rspamd_lru_hash_insert (c->hash, new, new, time (NULL), -1);
+	}
+
+	g_assert (new != NULL);
+
+	memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes ());
+	kp_remote->has_nm = TRUE;
+#if 0
+	memcpy (kp_local->nm, new->nm, rspamd_cryptobox_NMBYTES);
+#endif
+}
+
+void
+rspamd_keypair_cache_destroy (struct rspamd_keypair_cache *c)
+{
+	if (c != NULL) {
+		rspamd_lru_hash_destroy (c->hash);
+		g_slice_free1 (sizeof (*c), c);
+	}
+}
diff --git a/src/libcryptobox/keypairs_cache.h b/src/libcryptobox/keypairs_cache.h
new file mode 100644
index 000000000..e52d03cbe
--- /dev/null
+++ b/src/libcryptobox/keypairs_cache.h
@@ -0,0 +1,47 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef KEYPAIRS_CACHE_H_
+#define KEYPAIRS_CACHE_H_
+
+#include "config.h"
+
+struct rspamd_keypair_cache;
+
+/**
+ * Create new keypair cache of the specified size
+ * @param max_items defines maximum count of elements in the cache
+ * @return new cache
+ */
+struct rspamd_keypair_cache * rspamd_keypair_cache_new (guint max_items);
+
+
+/**
+ * Process local and remote keypair setting beforenm value as appropriate
+ * @param c cache of keypairs
+ * @param lk local key
+ * @param rk remote key
+ */
+void rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
+		gpointer lk, gpointer rk);
+
+/**
+ * Destroy old keypair cache
+ * @param c cache object
+ */
+void rspamd_keypair_cache_destroy (struct rspamd_keypair_cache *c);
+
+
+#endif /* KEYPAIRS_CACHE_H_ */