diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 17:02:58 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 17:02:58 +0100 |
commit | 5658e4bfd4045bf31b2ba9f4e2a31066dc252d67 (patch) | |
tree | 9b3bee9cf8a4823d497362db5f4a4e64c588e555 /src/lua | |
parent | 0d4bbf0f00d4278e1dc10f205884871f4666b544 (diff) | |
download | rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.tar.gz rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.zip |
[Fix] Fix NIST signatures
Diffstat (limited to 'src/lua')
-rw-r--r-- | src/lua/lua_cryptobox.c | 65 |
1 files changed, 54 insertions, 11 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index 0323fe098..6fa2aa997 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -585,7 +585,7 @@ lua_cryptobox_keypair_get_pk (lua_State *L) } /*** - * @function rspamd_cryptobox_signature.load(file) + * @function rspamd_cryptobox_signature.load(file, [alg = 'curve25519']) * Loads signature from raw file * @param {string} file filename to load * @return {cryptobox_signature} new signature @@ -598,6 +598,7 @@ lua_cryptobox_signature_load (lua_State *L) gpointer data; int fd; struct stat st; + enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519; filename = luaL_checkstring (L, 1); if (filename != NULL) { @@ -608,7 +609,6 @@ lua_cryptobox_signature_load (lua_State *L) lua_pushnil (L); } else { - sig = g_malloc (sizeof (rspamd_fstring_t)); if (fstat (fd, &st) == -1 || (data = mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) @@ -617,8 +617,20 @@ lua_cryptobox_signature_load (lua_State *L) lua_pushnil (L); } else { - if (st.st_size == rspamd_cryptobox_signature_bytes ( - RSPAMD_CRYPTOBOX_MODE_25519)) { + if (lua_isstring (L, 2)) { + const gchar *str = lua_tostring (L, 2); + + if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_NIST; + } + else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_25519; + } + else { + return luaL_error (L, "invalid keypair algorithm: %s", str); + } + } + if (st.st_size > 0) { sig = rspamd_fstring_new_init (data, st.st_size); psig = lua_newuserdata (L, sizeof (rspamd_fstring_t *)); rspamd_lua_setclass (L, "rspamd{cryptobox_signature}", -1); @@ -627,7 +639,7 @@ lua_cryptobox_signature_load (lua_State *L) else { msg_err ("size of %s mismatches: %d while %d is expected", filename, (int)st.st_size, - rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); + rspamd_cryptobox_signature_bytes (alg)); lua_pushnil (L); } @@ -1289,7 +1301,7 @@ lua_cryptobox_hash_gc (lua_State *L) } /*** - * @function rspamd_cryptobox.verify_memory(pk, sig, data) + * @function rspamd_cryptobox.verify_memory(pk, sig, data, [alg = 'curve25519']) * Check memory using specified cryptobox key and signature * @param {pubkey} pk public key to verify * @param {sig} signature to check @@ -1303,6 +1315,7 @@ lua_cryptobox_verify_memory (lua_State *L) rspamd_fstring_t *signature; struct rspamd_lua_text *t; const gchar *data; + enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519; gsize len; gint ret; @@ -1323,9 +1336,23 @@ lua_cryptobox_verify_memory (lua_State *L) data = luaL_checklstring (L, 3, &len); } + if (lua_isstring (L, 4)) { + const gchar *str = lua_tostring (L, 4); + + if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_NIST; + } + else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_25519; + } + else { + return luaL_error (L, "invalid algorithm: %s", str); + } + } + if (pk != NULL && signature != NULL && data != NULL) { - ret = rspamd_cryptobox_verify (signature->str, data, len, - rspamd_pubkey_get_pk (pk, NULL), RSPAMD_CRYPTOBOX_MODE_25519); + ret = rspamd_cryptobox_verify (signature->str, signature->len, data, len, + rspamd_pubkey_get_pk (pk, NULL), alg); if (ret) { lua_pushboolean (L, 1); @@ -1342,7 +1369,7 @@ lua_cryptobox_verify_memory (lua_State *L) } /*** - * @function rspamd_cryptobox.verify_file(pk, sig, file) + * @function rspamd_cryptobox.verify_file(pk, sig, file, [alg = 'curve25519']) * Check file using specified cryptobox key and signature * @param {pubkey} pk public key to verify * @param {sig} signature to check @@ -1356,6 +1383,7 @@ lua_cryptobox_verify_file (lua_State *L) struct rspamd_cryptobox_pubkey *pk; rspamd_fstring_t *signature; guchar *map = NULL; + enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519; gsize len; gint ret; @@ -1363,11 +1391,26 @@ lua_cryptobox_verify_file (lua_State *L) signature = lua_check_cryptobox_sign (L, 2); fname = luaL_checkstring (L, 3); + if (lua_isstring (L, 4)) { + const gchar *str = lua_tostring (L, 4); + + if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_NIST; + } + else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) { + alg = RSPAMD_CRYPTOBOX_MODE_25519; + } + else { + return luaL_error (L, "invalid algorithm: %s", str); + } + } + map = rspamd_file_xmap (fname, PROT_READ, &len, TRUE); if (map != NULL && pk != NULL && signature != NULL) { - ret = rspamd_cryptobox_verify (signature->str, map, len, - rspamd_pubkey_get_pk (pk, NULL), RSPAMD_CRYPTOBOX_MODE_25519); + ret = rspamd_cryptobox_verify (signature->str, signature->len, + map, len, + rspamd_pubkey_get_pk (pk, NULL), alg); if (ret) { lua_pushboolean (L, 1); |