diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-06 23:00:04 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-06 23:00:04 +0000 |
| commit | 4ff127afee66be44587384b160d232f8cf901ea1 (patch) | |
| tree | 6749b9c726a0b76004f3b16e38d0197b4650a9eb /src/libcryptobox | |
| parent | 87d450793780e9da74016277272b3a5b521f80ab (diff) | |
| download | rspamd-4ff127afee66be44587384b160d232f8cf901ea1.tar.gz rspamd-4ff127afee66be44587384b160d232f8cf901ea1.zip | |
Add cryptobox encryption.
Diffstat (limited to 'src/libcryptobox')
| -rw-r--r-- | src/libcryptobox/cryptobox.c | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index aee25c803..972f341be 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -29,7 +29,7 @@ unsigned long cpu_config = 0; -static const rspamd_nonce_t n0 = {0}; +static const guchar n0[16] = {0}; static const unsigned char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k' @@ -126,7 +126,28 @@ rspamd_cryptobox_nm (rspamd_nm_t nm, rspamd_pk_t pk, rspamd_sk_t sk) guchar s[rspamd_cryptobox_PKBYTES]; curve25519 (s, sk, pk); - hchacha (s, sigma, nm, 20); + hchacha (s, n0, nm, 20); +} + +void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, + const rspamd_nonce_t nonce, + const rspamd_nm_t nm, rspamd_sig_t sig) +{ + poly1305_context mac_ctx; + guchar subkey[32]; + chacha_state s; + gsize r; + + xchacha_init (&s, (const chacha_key *)nm, (const chacha_iv24 *)nonce, 20); + memset (subkey, 0, sizeof (subkey)); + chacha_update (&s, subkey, subkey, sizeof (subkey)); + + r = chacha_update (&s, data, data, len); + chacha_final (&s, data + r); + + poly1305_init (&mac_ctx, subkey); + poly1305_update (&mac_ctx, data, len); + poly1305_finish (&mac_ctx, sig); } gboolean @@ -136,19 +157,29 @@ rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, poly1305_context mac_ctx; guchar subkey[32]; rspamd_sig_t mac; + chacha_state s; + gsize r; + gboolean ret = TRUE; /* Generate MAC key */ + xchacha_init (&s, (const chacha_key *)nm, (const chacha_iv24 *)nonce, 20); memset (subkey, 0, sizeof (subkey)); - xchacha (nm, nonce, subkey, subkey, sizeof (subkey), 20); + chacha_update (&s, subkey, subkey, sizeof (subkey)); poly1305_init (&mac_ctx, subkey); poly1305_update (&mac_ctx, data, len); poly1305_finish (&mac_ctx, mac); if (!poly1305_verify (mac, sig)) { - return FALSE; + ret = FALSE; + } + else { + r = chacha_update (&s, data, data, len); + chacha_final (&s, data + r); } + rspamd_explicit_memzero (&mac_ctx, sizeof (mac_ctx)); + rspamd_explicit_memzero (subkey, sizeof (subkey)); - return TRUE; + return ret; } |