diff options
| author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-08-09 11:12:23 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-08-09 11:12:23 +0100 |
| commit | 12c12bdf0c00438d0cb37d02dae5a34f41066865 (patch) | |
| tree | d186aac0d2a8557fc191939339ed141e8d84c334 /src/libcryptobox | |
| parent | 96cd1f0968158e5b3d0460cf364138d22f3d22e3 (diff) | |
| download | rspamd-12c12bdf0c00438d0cb37d02dae5a34f41066865.tar.gz rspamd-12c12bdf0c00438d0cb37d02dae5a34f41066865.zip | |
[Project] Remove NIST mode from everywhere
Diffstat (limited to 'src/libcryptobox')
| -rw-r--r-- | src/libcryptobox/keypair.c | 265 | ||||
| -rw-r--r-- | src/libcryptobox/keypair.h | 31 | ||||
| -rw-r--r-- | src/libcryptobox/keypair_private.h | 46 | ||||
| -rw-r--r-- | src/libcryptobox/keypairs_cache.c | 27 |
4 files changed, 93 insertions, 276 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index 02070bb46..f6f932957 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -38,29 +38,14 @@ rspamd_cryptobox_keypair_sk(struct rspamd_cryptobox_keypair *kp, { g_assert(kp != NULL); - if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 32; - return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->sk; - } - else { - *len = 64; - return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->sk; - } + if (kp->type == RSPAMD_KEYPAIR_KEX) { + *len = 32; + return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->sk; } else { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 32; - return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->sk; - } - else { - *len = 32; - return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->sk; - } + *len = 64; + return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->sk; } - - /* Not reached */ - return NULL; } static void * @@ -69,29 +54,14 @@ rspamd_cryptobox_keypair_pk(struct rspamd_cryptobox_keypair *kp, { g_assert(kp != NULL); - if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 32; - return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->pk; - } - else { - *len = 32; - return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->pk; - } + if (kp->type == RSPAMD_KEYPAIR_KEX) { + *len = 32; + return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->pk; } else { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 65; - return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->pk; - } - else { - *len = 65; - return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->pk; - } + *len = 32; + return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->pk; } - - /* Not reached */ - return NULL; } static void * @@ -100,53 +70,27 @@ rspamd_cryptobox_pubkey_pk(const struct rspamd_cryptobox_pubkey *kp, { g_assert(kp != NULL); - if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 32; - return RSPAMD_CRYPTOBOX_PUBKEY_25519(kp)->pk; - } - else { - *len = 32; - return RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(kp)->pk; - } + if (kp->type == RSPAMD_KEYPAIR_KEX) { + *len = 32; + return RSPAMD_CRYPTOBOX_PUBKEY_25519(kp)->pk; } else { - if (kp->type == RSPAMD_KEYPAIR_KEX) { - *len = 65; - return RSPAMD_CRYPTOBOX_PUBKEY_NIST(kp)->pk; - } - else { - *len = 65; - return RSPAMD_CRYPTOBOX_PUBKEY_SIG_NIST(kp)->pk; - } + *len = 32; + return RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(kp)->pk; } - - /* Not reached */ - return NULL; } static struct rspamd_cryptobox_keypair * -rspamd_cryptobox_keypair_alloc(enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) +rspamd_cryptobox_keypair_alloc(enum rspamd_cryptobox_keypair_type type) { struct rspamd_cryptobox_keypair *kp; unsigned int size = 0; - if (alg == RSPAMD_CRYPTOBOX_MODE_25519) { - if (type == RSPAMD_KEYPAIR_KEX) { - size = sizeof(struct rspamd_cryptobox_keypair_25519); - } - else { - size = sizeof(struct rspamd_cryptobox_keypair_sig_25519); - } + if (type == RSPAMD_KEYPAIR_KEX) { + size = sizeof(struct rspamd_cryptobox_keypair_25519); } else { - if (type == RSPAMD_KEYPAIR_KEX) { - size = sizeof(struct rspamd_cryptobox_keypair_nist); - } - else { - size = sizeof(struct rspamd_cryptobox_keypair_sig_nist); - } + size = sizeof(struct rspamd_cryptobox_keypair_sig_25519); } g_assert(size >= sizeof(*kp)); @@ -161,27 +105,17 @@ rspamd_cryptobox_keypair_alloc(enum rspamd_cryptobox_keypair_type type, } static struct rspamd_cryptobox_pubkey * -rspamd_cryptobox_pubkey_alloc(enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) +rspamd_cryptobox_pubkey_alloc(enum rspamd_cryptobox_keypair_type type) { struct rspamd_cryptobox_pubkey *pk; unsigned int size = 0; - if (alg == RSPAMD_CRYPTOBOX_MODE_25519) { - if (type == RSPAMD_KEYPAIR_KEX) { - size = sizeof(struct rspamd_cryptobox_pubkey_25519); - } - else { - size = sizeof(struct rspamd_cryptobox_pubkey_sig_25519); - } + + if (type == RSPAMD_KEYPAIR_KEX) { + size = sizeof(struct rspamd_cryptobox_pubkey_25519); } else { - if (type == RSPAMD_KEYPAIR_KEX) { - size = sizeof(struct rspamd_cryptobox_pubkey_nist); - } - else { - size = sizeof(struct rspamd_cryptobox_pubkey_sig_nist); - } + size = sizeof(struct rspamd_cryptobox_pubkey_sig_25519); } g_assert(size >= sizeof(*pk)); @@ -230,25 +164,23 @@ void rspamd_cryptobox_pubkey_dtor(struct rspamd_cryptobox_pubkey *p) } struct rspamd_cryptobox_keypair * -rspamd_keypair_new(enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) +rspamd_keypair_new(enum rspamd_cryptobox_keypair_type type) { struct rspamd_cryptobox_keypair *kp; void *pk, *sk; unsigned int size; - kp = rspamd_cryptobox_keypair_alloc(type, alg); - kp->alg = alg; + kp = rspamd_cryptobox_keypair_alloc(type); kp->type = type; sk = rspamd_cryptobox_keypair_sk(kp, &size); pk = rspamd_cryptobox_keypair_pk(kp, &size); if (type == RSPAMD_KEYPAIR_KEX) { - rspamd_cryptobox_keypair(pk, sk, alg); + rspamd_cryptobox_keypair(pk, sk); } else { - rspamd_cryptobox_keypair_sig(pk, sk, alg); + rspamd_cryptobox_keypair_sig(pk, sk); } rspamd_cryptobox_hash(kp->id, pk, size, NULL, 0); @@ -302,27 +234,10 @@ rspamd_pubkey_type(struct rspamd_cryptobox_pubkey *p) } -enum rspamd_cryptobox_mode -rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp) -{ - g_assert(kp != NULL); - - return kp->alg; -} - -enum rspamd_cryptobox_mode -rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p) -{ - g_assert(p != NULL); - - return p->alg; -} - struct rspamd_cryptobox_pubkey * rspamd_pubkey_from_base32(const char *b32, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) + enum rspamd_cryptobox_keypair_type type) { unsigned char *decoded; gsize dlen, expected_len; @@ -342,16 +257,15 @@ rspamd_pubkey_from_base32(const char *b32, return NULL; } - expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg); + expected_len = (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES; if (dlen != expected_len) { g_free(decoded); return NULL; } - pk = rspamd_cryptobox_pubkey_alloc(type, alg); + pk = rspamd_cryptobox_pubkey_alloc(type); REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor); - pk->alg = alg; pk->type = type; pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen); @@ -365,8 +279,7 @@ rspamd_pubkey_from_base32(const char *b32, struct rspamd_cryptobox_pubkey * rspamd_pubkey_from_hex(const char *hex, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) + enum rspamd_cryptobox_keypair_type type) { unsigned char *decoded; gsize dlen, expected_len; @@ -388,16 +301,15 @@ rspamd_pubkey_from_hex(const char *hex, return NULL; } - expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg); + expected_len = (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES; if (dlen != expected_len) { g_free(decoded); return NULL; } - pk = rspamd_cryptobox_pubkey_alloc(type, alg); + pk = rspamd_cryptobox_pubkey_alloc(type); REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor); - pk->alg = alg; pk->type = type; pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen); @@ -411,8 +323,7 @@ rspamd_pubkey_from_hex(const char *hex, struct rspamd_cryptobox_pubkey * rspamd_pubkey_from_bin(const unsigned char *raw, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg) + enum rspamd_cryptobox_keypair_type type) { gsize expected_len; unsigned int pklen; @@ -421,15 +332,14 @@ rspamd_pubkey_from_bin(const unsigned char *raw, g_assert(raw != NULL && len > 0); - expected_len = (type == RSPAMD_KEYPAIR_KEX) ? rspamd_cryptobox_pk_bytes(alg) : rspamd_cryptobox_pk_sig_bytes(alg); + (type == RSPAMD_KEYPAIR_KEX) ? crypto_box_PUBLICKEYBYTES : crypto_sign_PUBLICKEYBYTES; if (len != expected_len) { return NULL; } - pk = rspamd_cryptobox_pubkey_alloc(type, alg); + pk = rspamd_cryptobox_pubkey_alloc(type); REF_INIT_RETAIN(pk, rspamd_cryptobox_pubkey_dtor); - pk->alg = alg; pk->type = type; pk_data = rspamd_cryptobox_pubkey_pk(pk, &pklen); @@ -463,7 +373,6 @@ const unsigned char * rspamd_pubkey_calculate_nm(struct rspamd_cryptobox_pubkey *p, struct rspamd_cryptobox_keypair *kp) { - g_assert(kp->alg == p->alg); g_assert(kp->type == p->type); g_assert(p->type == RSPAMD_KEYPAIR_KEX); @@ -476,22 +385,12 @@ rspamd_pubkey_calculate_nm(struct rspamd_cryptobox_pubkey *p, REF_INIT_RETAIN(p->nm, rspamd_cryptobox_nm_dtor); } - if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) { - struct rspamd_cryptobox_pubkey_25519 *rk_25519 = - RSPAMD_CRYPTOBOX_PUBKEY_25519(p); - struct rspamd_cryptobox_keypair_25519 *sk_25519 = - RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp); + struct rspamd_cryptobox_pubkey_25519 *rk_25519 = + RSPAMD_CRYPTOBOX_PUBKEY_25519(p); + struct rspamd_cryptobox_keypair_25519 *sk_25519 = + RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp); - rspamd_cryptobox_nm(p->nm->nm, rk_25519->pk, sk_25519->sk, p->alg); - } - else { - struct rspamd_cryptobox_pubkey_nist *rk_nist = - RSPAMD_CRYPTOBOX_PUBKEY_NIST(p); - struct rspamd_cryptobox_keypair_nist *sk_nist = - RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp); - - rspamd_cryptobox_nm(p->nm->nm, rk_nist->pk, sk_nist->sk, p->alg); - } + rspamd_cryptobox_nm(p->nm->nm, rk_25519->pk, sk_25519->sk); return p->nm->nm; } @@ -662,7 +561,6 @@ rspamd_keypair_from_ucl(const ucl_object_t *obj) const ucl_object_t *privkey, *pubkey, *elt; const char *str; enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX; - enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519; gboolean is_hex = FALSE; struct rspamd_cryptobox_keypair *kp; unsigned int len; @@ -705,19 +603,6 @@ rspamd_keypair_from_ucl(const ucl_object_t *obj) /* TODO: handle errors */ } - elt = ucl_object_lookup(obj, "algorithm"); - if (elt && ucl_object_type(elt) == UCL_STRING) { - str = ucl_object_tostring(elt); - - if (g_ascii_strcasecmp(str, "curve25519") == 0) { - mode = RSPAMD_CRYPTOBOX_MODE_25519; - } - else if (g_ascii_strcasecmp(str, "nistp256") == 0) { - mode = RSPAMD_CRYPTOBOX_MODE_NIST; - } - /* TODO: handle errors */ - } - elt = ucl_object_lookup(obj, "encoding"); if (elt && ucl_object_type(elt) == UCL_STRING) { str = ucl_object_tostring(elt); @@ -728,9 +613,8 @@ rspamd_keypair_from_ucl(const ucl_object_t *obj) /* TODO: handle errors */ } - kp = rspamd_cryptobox_keypair_alloc(type, mode); + kp = rspamd_cryptobox_keypair_alloc(type); kp->type = type; - kp->alg = mode; REF_INIT_RETAIN(kp, rspamd_cryptobox_keypair_dtor); g_assert(kp != NULL); @@ -838,8 +722,7 @@ rspamd_keypair_to_ucl(struct rspamd_cryptobox_keypair *kp, "encoding", 0, false); ucl_object_insert_key(elt, - ucl_object_fromstring( - kp->alg == RSPAMD_CRYPTOBOX_MODE_NIST ? "nistp256" : "curve25519"), + ucl_object_fromstring("curve25519"), "algorithm", 0, false); ucl_object_insert_key(elt, @@ -873,9 +756,9 @@ rspamd_keypair_decrypt(struct rspamd_cryptobox_keypair *kp, return FALSE; } - if (inlen < sizeof(encrypted_magic) + rspamd_cryptobox_pk_bytes(kp->alg) + - rspamd_cryptobox_mac_bytes(kp->alg) + - rspamd_cryptobox_nonce_bytes(kp->alg)) { + if (inlen < sizeof(encrypted_magic) + crypto_box_publickeybytes() + + crypto_box_macbytes() + + crypto_box_noncebytes()) { g_set_error(err, rspamd_keypair_quark(), E2BIG, "invalid size: too small"); return FALSE; @@ -890,9 +773,9 @@ rspamd_keypair_decrypt(struct rspamd_cryptobox_keypair *kp, /* Set pointers */ pubkey = in + sizeof(encrypted_magic); - mac = pubkey + rspamd_cryptobox_pk_bytes(kp->alg); - nonce = mac + rspamd_cryptobox_mac_bytes(kp->alg); - data = nonce + rspamd_cryptobox_nonce_bytes(kp->alg); + mac = pubkey + crypto_box_publickeybytes(); + nonce = mac + crypto_box_macbytes(); + data = nonce + crypto_box_noncebytes(); if (data - in >= inlen) { g_set_error(err, rspamd_keypair_quark(), E2BIG, "invalid size: too small"); @@ -908,7 +791,7 @@ rspamd_keypair_decrypt(struct rspamd_cryptobox_keypair *kp, if (!rspamd_cryptobox_decrypt_inplace(*out, inlen, nonce, pubkey, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), - mac, kp->alg)) { + mac)) { g_set_error(err, rspamd_keypair_quark(), EPERM, "verification failed"); g_free(*out); @@ -942,26 +825,26 @@ rspamd_keypair_encrypt(struct rspamd_cryptobox_keypair *kp, return FALSE; } - local = rspamd_keypair_new(kp->type, kp->alg); + local = rspamd_keypair_new(kp->type); olen = inlen + sizeof(encrypted_magic) + - rspamd_cryptobox_pk_bytes(kp->alg) + - rspamd_cryptobox_mac_bytes(kp->alg) + - rspamd_cryptobox_nonce_bytes(kp->alg); + crypto_box_publickeybytes() + + crypto_box_macbytes() + + crypto_box_noncebytes(); *out = g_malloc(olen); memcpy(*out, encrypted_magic, sizeof(encrypted_magic)); pubkey = *out + sizeof(encrypted_magic); - mac = pubkey + rspamd_cryptobox_pk_bytes(kp->alg); - nonce = mac + rspamd_cryptobox_mac_bytes(kp->alg); - data = nonce + rspamd_cryptobox_nonce_bytes(kp->alg); + mac = pubkey + crypto_box_publickeybytes(); + nonce = mac + crypto_box_macbytes(); + data = nonce + crypto_box_noncebytes(); - ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(kp->alg)); + ottery_rand_bytes(nonce, crypto_box_noncebytes()); memcpy(data, in, inlen); memcpy(pubkey, rspamd_keypair_component(kp, RSPAMD_KEYPAIR_COMPONENT_PK, NULL), - rspamd_cryptobox_pk_bytes(kp->alg)); + crypto_box_publickeybytes()); rspamd_cryptobox_encrypt_inplace(data, inlen, nonce, pubkey, rspamd_keypair_component(local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), - mac, kp->alg); + mac); rspamd_keypair_unref(local); if (outlen) { @@ -991,26 +874,26 @@ rspamd_pubkey_encrypt(struct rspamd_cryptobox_pubkey *pk, return FALSE; } - local = rspamd_keypair_new(pk->type, pk->alg); + local = rspamd_keypair_new(pk->type); olen = inlen + sizeof(encrypted_magic) + - rspamd_cryptobox_pk_bytes(pk->alg) + - rspamd_cryptobox_mac_bytes(pk->alg) + - rspamd_cryptobox_nonce_bytes(pk->alg); + crypto_box_publickeybytes() + + crypto_box_macbytes() + + crypto_box_noncebytes(); *out = g_malloc(olen); memcpy(*out, encrypted_magic, sizeof(encrypted_magic)); pubkey = *out + sizeof(encrypted_magic); - mac = pubkey + rspamd_cryptobox_pk_bytes(pk->alg); - nonce = mac + rspamd_cryptobox_mac_bytes(pk->alg); - data = nonce + rspamd_cryptobox_nonce_bytes(pk->alg); + mac = pubkey + crypto_box_publickeybytes(); + nonce = mac + crypto_box_macbytes(); + data = nonce + crypto_box_noncebytes(); - ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(pk->alg)); + ottery_rand_bytes(nonce, crypto_box_noncebytes()); memcpy(data, in, inlen); memcpy(pubkey, rspamd_pubkey_get_pk(pk, NULL), - rspamd_cryptobox_pk_bytes(pk->alg)); + crypto_box_publickeybytes()); rspamd_cryptobox_encrypt_inplace(data, inlen, nonce, pubkey, rspamd_keypair_component(local, RSPAMD_KEYPAIR_COMPONENT_SK, NULL), - mac, pk->alg); + mac); rspamd_keypair_unref(local); if (outlen) { diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h index 849246255..97b46cbf5 100644 --- a/src/libcryptobox/keypair.h +++ b/src/libcryptobox/keypair.h @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -50,8 +50,7 @@ struct rspamd_cryptobox_pubkey; * @return fresh keypair generated */ struct rspamd_cryptobox_keypair *rspamd_keypair_new( - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg); + enum rspamd_cryptobox_keypair_type type); /** * Increase refcount for the specific keypair @@ -84,8 +83,7 @@ struct rspamd_cryptobox_pubkey *rspamd_pubkey_ref( */ struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32(const char *b32, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg); + enum rspamd_cryptobox_keypair_type type); /** * Load pubkey from hex string @@ -96,8 +94,7 @@ struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32(const char *b32, */ struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex(const char *hex, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg); + enum rspamd_cryptobox_keypair_type type); /** * Load pubkey from raw chunk string @@ -108,8 +105,7 @@ struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex(const char *hex, */ struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_bin(const unsigned char *raw, gsize len, - enum rspamd_cryptobox_keypair_type type, - enum rspamd_cryptobox_mode alg); + enum rspamd_cryptobox_keypair_type type); /** @@ -127,18 +123,7 @@ enum rspamd_cryptobox_keypair_type rspamd_keypair_type( /** * Get type of pubkey */ -enum rspamd_cryptobox_keypair_type rspamd_pubkey_type( - struct rspamd_cryptobox_pubkey *p); - -/** - * Get algorithm of keypair - */ -enum rspamd_cryptobox_mode rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp); - -/** - * Get algorithm of pubkey - */ -enum rspamd_cryptobox_mode rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p); +enum rspamd_cryptobox_keypair_type rspamd_pubkey_type(struct rspamd_cryptobox_pubkey *p); /** * Get cached NM for this specific pubkey diff --git a/src/libcryptobox/keypair_private.h b/src/libcryptobox/keypair_private.h index 793231701..2e372777c 100644 --- a/src/libcryptobox/keypair_private.h +++ b/src/libcryptobox/keypair_private.h @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -38,22 +38,11 @@ struct rspamd_cryptobox_nm { struct rspamd_cryptobox_keypair { unsigned char id[rspamd_cryptobox_HASHBYTES]; enum rspamd_cryptobox_keypair_type type; - enum rspamd_cryptobox_mode alg; ucl_object_t *extensions; ref_entry_t ref; }; /* - * NIST p256 ecdh keypair - */ -#define RSPAMD_CRYPTOBOX_KEYPAIR_NIST(x) ((struct rspamd_cryptobox_keypair_nist *) (x)) -struct rspamd_cryptobox_keypair_nist { - struct rspamd_cryptobox_keypair parent; - unsigned char sk[32]; - unsigned char pk[65]; -}; - -/* * Curve25519 ecdh keypair */ #define RSPAMD_CRYPTOBOX_KEYPAIR_25519(x) ((struct rspamd_cryptobox_keypair_25519 *) (x)) @@ -64,16 +53,6 @@ struct rspamd_cryptobox_keypair_25519 { }; /* - * NIST p256 ecdsa keypair - */ -#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(x) ((struct rspamd_cryptobox_keypair_sig_nist *) (x)) -struct rspamd_cryptobox_keypair_sig_nist { - struct rspamd_cryptobox_keypair parent; - unsigned char sk[32]; - unsigned char pk[65]; -}; - -/* * Ed25519 keypair */ #define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(x) ((struct rspamd_cryptobox_keypair_sig_25519 *) (x)) @@ -90,20 +69,10 @@ struct rspamd_cryptobox_pubkey { unsigned char id[rspamd_cryptobox_HASHBYTES]; struct rspamd_cryptobox_nm *nm; enum rspamd_cryptobox_keypair_type type; - enum rspamd_cryptobox_mode alg; ref_entry_t ref; }; /* - * Public p256 ecdh - */ -#define RSPAMD_CRYPTOBOX_PUBKEY_NIST(x) ((struct rspamd_cryptobox_pubkey_nist *) (x)) -struct rspamd_cryptobox_pubkey_nist { - struct rspamd_cryptobox_pubkey parent; - unsigned char pk[65]; -}; - -/* * Public curve25519 ecdh */ #define RSPAMD_CRYPTOBOX_PUBKEY_25519(x) ((struct rspamd_cryptobox_pubkey_25519 *) (x)) @@ -113,15 +82,6 @@ struct rspamd_cryptobox_pubkey_25519 { }; /* - * Public p256 ecdsa - */ -#define RSPAMD_CRYPTOBOX_PUBKEY_SIG_NIST(x) ((struct rspamd_cryptobox_pubkey_sig_nist *) (x)) -struct rspamd_cryptobox_pubkey_sig_nist { - struct rspamd_cryptobox_pubkey parent; - unsigned char pk[65]; -}; - -/* * Public ed25519 */ #define RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(x) ((struct rspamd_cryptobox_pubkey_sig_25519 *) (x)) diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c index 6003d9923..0b069a64b 100644 --- a/src/libcryptobox/keypairs_cache.c +++ b/src/libcryptobox/keypairs_cache.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -77,7 +77,6 @@ void rspamd_keypair_cache_process(struct rspamd_keypair_cache *c, g_assert(lk != NULL); g_assert(rk != NULL); - g_assert(rk->alg == lk->alg); g_assert(rk->type == lk->type); g_assert(rk->type == RSPAMD_KEYPAIR_KEX); @@ -106,22 +105,12 @@ void rspamd_keypair_cache_process(struct rspamd_keypair_cache *c, rspamd_cryptobox_HASHBYTES); memcpy(&new->nm->sk_id, lk->id, sizeof(uint64_t)); - if (rk->alg == RSPAMD_CRYPTOBOX_MODE_25519) { - struct rspamd_cryptobox_pubkey_25519 *rk_25519 = - RSPAMD_CRYPTOBOX_PUBKEY_25519(rk); - struct rspamd_cryptobox_keypair_25519 *sk_25519 = - RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk); + struct rspamd_cryptobox_pubkey_25519 *rk_25519 = + RSPAMD_CRYPTOBOX_PUBKEY_25519(rk); + struct rspamd_cryptobox_keypair_25519 *sk_25519 = + RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk); - rspamd_cryptobox_nm(new->nm->nm, rk_25519->pk, sk_25519->sk, rk->alg); - } - else { - struct rspamd_cryptobox_pubkey_nist *rk_nist = - RSPAMD_CRYPTOBOX_PUBKEY_NIST(rk); - struct rspamd_cryptobox_keypair_nist *sk_nist = - RSPAMD_CRYPTOBOX_KEYPAIR_NIST(lk); - - rspamd_cryptobox_nm(new->nm->nm, rk_nist->pk, sk_nist->sk, rk->alg); - } + rspamd_cryptobox_nm(new->nm->nm, rk_25519->pk, sk_25519->sk); rspamd_lru_hash_insert(c->hash, new, new, time(NULL), -1); } |