diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-05-19 15:42:02 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-05-19 15:42:02 +0100 |
| commit | 8fb0982059b332bb0eab66ab11b74c52047f73ea (patch) | |
| tree | 71ddd49cc8b588eb629f1cf142d293bad4356c99 /src/libcryptobox | |
| parent | 2013b2d0919a45ae8a8297a8ba7eafd72f410d5c (diff) | |
| download | rspamd-8fb0982059b332bb0eab66ab11b74c52047f73ea.tar.gz rspamd-8fb0982059b332bb0eab66ab11b74c52047f73ea.zip | |
[Minor] Add method to encrypt and seal data using keypair
Diffstat (limited to 'src/libcryptobox')
| -rw-r--r-- | src/libcryptobox/keypair.c | 50 | ||||
| -rw-r--r-- | src/libcryptobox/keypair.h | 17 |
2 files changed, 67 insertions, 0 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index 1f8acc6d1..50e3614d9 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -19,6 +19,7 @@ #include "libcryptobox/keypair_private.h" #include "libutil/str_util.h" #include "libutil/printf.h" +#include "contrib/libottery/ottery.h" const guchar encrypted_magic[7] = {'r', 'u', 'c', 'l', 'e', 'v', '1'}; @@ -977,3 +978,52 @@ rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp, return TRUE; } +gboolean +rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp, + const guchar *in, gsize inlen, + guchar **out, gsize *outlen, + GError **err) +{ + guchar *nonce, *mac, *data, *pubkey; + struct rspamd_cryptobox_keypair *local; + gsize olen; + + g_assert (kp != NULL); + g_assert (in != NULL); + + if (kp->type != RSPAMD_KEYPAIR_KEX) { + g_set_error (err, rspamd_keypair_quark (), EINVAL, + "invalid keypair type"); + + return FALSE; + } + + local = rspamd_keypair_new (kp->type, kp->alg); + + olen = inlen + sizeof (encrypted_magic) + + rspamd_cryptobox_pk_bytes (kp->alg) + + rspamd_cryptobox_mac_bytes (kp->alg) + + rspamd_cryptobox_nonce_bytes (kp->alg); + *out = g_malloc (olen); + memcpy (*out, encrypted_magic, sizeof (encrypted_magic)); + pubkey = *out + sizeof (encrypted_magic); + mac = pubkey + rspamd_cryptobox_pk_bytes (kp->alg); + nonce = mac + rspamd_cryptobox_mac_bytes (kp->alg); + data = nonce + rspamd_cryptobox_nonce_bytes (kp->alg); + + ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (kp->alg)); + memcpy (data, in, inlen); + memcpy (pubkey, rspamd_keypair_component (kp, + RSPAMD_KEYPAIR_COMPONENT_PK, NULL), + rspamd_cryptobox_pk_bytes (kp->alg)); + rspamd_cryptobox_encrypt_inplace (data, inlen, nonce, pubkey, + rspamd_keypair_component (local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), + mac, kp->alg); + rspamd_keypair_unref (local); + + if (outlen) { + *outlen = olen; + } + + return TRUE; +}
\ No newline at end of file diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h index fc17412e2..3e78e7cbb 100644 --- a/src/libcryptobox/keypair.h +++ b/src/libcryptobox/keypair.h @@ -287,5 +287,22 @@ gboolean rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp, guchar **out, gsize *outlen, GError **err); +/** + * Encrypts data usign specific keypair. + * This method actually generates ephemeral local keypair, use public key from + * the remote keypair and encrypts data + * @param kp keypair + * @param in raw input + * @param inlen input length + * @param out output (allocated internally using g_malloc) + * @param outlen output size + * @param err pointer to error + * @return TRUE if encryption has been completed, out must be freed in this case + */ +gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp, + const guchar *in, gsize inlen, + guchar **out, gsize *outlen, + GError **err); + #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */ |