aboutsummaryrefslogtreecommitdiffstats
path: root/src/lua
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-05 17:02:58 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-05 17:02:58 +0100
commit5658e4bfd4045bf31b2ba9f4e2a31066dc252d67 (patch)
tree9b3bee9cf8a4823d497362db5f4a4e64c588e555 /src/lua
parent0d4bbf0f00d4278e1dc10f205884871f4666b544 (diff)
downloadrspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.tar.gz
rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.zip
[Fix] Fix NIST signatures
Diffstat (limited to 'src/lua')
-rw-r--r--src/lua/lua_cryptobox.c65
1 files changed, 54 insertions, 11 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index 0323fe098..6fa2aa997 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -585,7 +585,7 @@ lua_cryptobox_keypair_get_pk (lua_State *L)
}
/***
- * @function rspamd_cryptobox_signature.load(file)
+ * @function rspamd_cryptobox_signature.load(file, [alg = 'curve25519'])
* Loads signature from raw file
* @param {string} file filename to load
* @return {cryptobox_signature} new signature
@@ -598,6 +598,7 @@ lua_cryptobox_signature_load (lua_State *L)
gpointer data;
int fd;
struct stat st;
+ enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
filename = luaL_checkstring (L, 1);
if (filename != NULL) {
@@ -608,7 +609,6 @@ lua_cryptobox_signature_load (lua_State *L)
lua_pushnil (L);
}
else {
- sig = g_malloc (sizeof (rspamd_fstring_t));
if (fstat (fd, &st) == -1 ||
(data =
mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0))
@@ -617,8 +617,20 @@ lua_cryptobox_signature_load (lua_State *L)
lua_pushnil (L);
}
else {
- if (st.st_size == rspamd_cryptobox_signature_bytes (
- RSPAMD_CRYPTOBOX_MODE_25519)) {
+ if (lua_isstring (L, 2)) {
+ const gchar *str = lua_tostring (L, 2);
+
+ if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_NIST;
+ }
+ else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_25519;
+ }
+ else {
+ return luaL_error (L, "invalid keypair algorithm: %s", str);
+ }
+ }
+ if (st.st_size > 0) {
sig = rspamd_fstring_new_init (data, st.st_size);
psig = lua_newuserdata (L, sizeof (rspamd_fstring_t *));
rspamd_lua_setclass (L, "rspamd{cryptobox_signature}", -1);
@@ -627,7 +639,7 @@ lua_cryptobox_signature_load (lua_State *L)
else {
msg_err ("size of %s mismatches: %d while %d is expected",
filename, (int)st.st_size,
- rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
+ rspamd_cryptobox_signature_bytes (alg));
lua_pushnil (L);
}
@@ -1289,7 +1301,7 @@ lua_cryptobox_hash_gc (lua_State *L)
}
/***
- * @function rspamd_cryptobox.verify_memory(pk, sig, data)
+ * @function rspamd_cryptobox.verify_memory(pk, sig, data, [alg = 'curve25519'])
* Check memory using specified cryptobox key and signature
* @param {pubkey} pk public key to verify
* @param {sig} signature to check
@@ -1303,6 +1315,7 @@ lua_cryptobox_verify_memory (lua_State *L)
rspamd_fstring_t *signature;
struct rspamd_lua_text *t;
const gchar *data;
+ enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
gsize len;
gint ret;
@@ -1323,9 +1336,23 @@ lua_cryptobox_verify_memory (lua_State *L)
data = luaL_checklstring (L, 3, &len);
}
+ if (lua_isstring (L, 4)) {
+ const gchar *str = lua_tostring (L, 4);
+
+ if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_NIST;
+ }
+ else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_25519;
+ }
+ else {
+ return luaL_error (L, "invalid algorithm: %s", str);
+ }
+ }
+
if (pk != NULL && signature != NULL && data != NULL) {
- ret = rspamd_cryptobox_verify (signature->str, data, len,
- rspamd_pubkey_get_pk (pk, NULL), RSPAMD_CRYPTOBOX_MODE_25519);
+ ret = rspamd_cryptobox_verify (signature->str, signature->len, data, len,
+ rspamd_pubkey_get_pk (pk, NULL), alg);
if (ret) {
lua_pushboolean (L, 1);
@@ -1342,7 +1369,7 @@ lua_cryptobox_verify_memory (lua_State *L)
}
/***
- * @function rspamd_cryptobox.verify_file(pk, sig, file)
+ * @function rspamd_cryptobox.verify_file(pk, sig, file, [alg = 'curve25519'])
* Check file using specified cryptobox key and signature
* @param {pubkey} pk public key to verify
* @param {sig} signature to check
@@ -1356,6 +1383,7 @@ lua_cryptobox_verify_file (lua_State *L)
struct rspamd_cryptobox_pubkey *pk;
rspamd_fstring_t *signature;
guchar *map = NULL;
+ enum rspamd_cryptobox_mode alg = RSPAMD_CRYPTOBOX_MODE_25519;
gsize len;
gint ret;
@@ -1363,11 +1391,26 @@ lua_cryptobox_verify_file (lua_State *L)
signature = lua_check_cryptobox_sign (L, 2);
fname = luaL_checkstring (L, 3);
+ if (lua_isstring (L, 4)) {
+ const gchar *str = lua_tostring (L, 4);
+
+ if (strcmp (str, "nist") == 0 || strcmp (str, "openssl") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_NIST;
+ }
+ else if (strcmp (str, "curve25519") == 0 || strcmp (str, "default") == 0) {
+ alg = RSPAMD_CRYPTOBOX_MODE_25519;
+ }
+ else {
+ return luaL_error (L, "invalid algorithm: %s", str);
+ }
+ }
+
map = rspamd_file_xmap (fname, PROT_READ, &len, TRUE);
if (map != NULL && pk != NULL && signature != NULL) {
- ret = rspamd_cryptobox_verify (signature->str, map, len,
- rspamd_pubkey_get_pk (pk, NULL), RSPAMD_CRYPTOBOX_MODE_25519);
+ ret = rspamd_cryptobox_verify (signature->str, signature->len,
+ map, len,
+ rspamd_pubkey_get_pk (pk, NULL), alg);
if (ret) {
lua_pushboolean (L, 1);