summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2016-02-06 01:38:33 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2016-02-06 01:38:33 +0000
commit09aec05782a08330d252e7f0aa9bd6b9fb5d485e (patch)
tree23b5d0e24834c1aff3674c4eb021adf335348a19 /src
parentc1b90ddc7dd856671c9585368b2f34b4548ca690 (diff)
downloadrspamd-09aec05782a08330d252e7f0aa9bd6b9fb5d485e.tar.gz
rspamd-09aec05782a08330d252e7f0aa9bd6b9fb5d485e.zip
Fix the rest sources
Diffstat (limited to 'src')
-rw-r--r--src/fuzzy_storage.c54
-rw-r--r--src/http_proxy.c27
-rw-r--r--src/libcryptobox/keypair.c8
-rw-r--r--src/libserver/cfg_rcl.c71
-rw-r--r--src/worker.c4
5 files changed, 67 insertions, 97 deletions
diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index a4e4b8a26..d27f93ea5 100644
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -27,9 +27,9 @@
#include "ottery.h"
#include "libserver/worker_util.h"
#include "libserver/rspamd_control.h"
-#include "cryptobox.h"
-#include "keypairs_cache.h"
-#include "keypair_private.h"
+#include "libcryptobox/cryptobox.h"
+#include "libcryptobox/keypairs_cache.h"
+#include "libcryptobox/keypair.h"
#include "ref.h"
#include "xxhash.h"
#include "libutil/hash.h"
@@ -98,8 +98,8 @@ struct rspamd_fuzzy_storage_ctx {
gint peer_fd;
struct event peer_ev;
/* Local keypair */
- gpointer default_keypair; /* Bad clash, need for parse keypair */
- gpointer default_key;
+ struct rspamd_cryptobox_keypair *default_keypair; /* Bad clash, need for parse keypair */
+ struct fuzzy_key *default_key;
GHashTable *keys;
gboolean encrypted_only;
struct rspamd_keypair_cache *keypair_cache;
@@ -153,7 +153,7 @@ struct fuzzy_peer_request {
};
struct fuzzy_key {
- struct rspamd_http_keypair *key;
+ struct rspamd_cryptobox_keypair *key;
struct fuzzy_key_stat *stat;
};
@@ -192,7 +192,7 @@ fuzzy_key_dtor (gpointer p)
fuzzy_key_stat_dtor (key->stat);
}
if (key->key) {
- rspamd_http_connection_key_unref (key->key);
+ rspamd_keypair_unref (key->key);
}
g_slice_free1 (sizeof (*key), key);
@@ -502,7 +502,8 @@ reply:
sizeof (session->reply.rep),
session->reply.hdr.nonce,
session->nm,
- session->reply.hdr.mac);
+ session->reply.hdr.mac,
+ RSPAMD_CRYPTOBOX_MODE_25519);
}
rspamd_fuzzy_write_reply (session);
@@ -550,7 +551,7 @@ rspamd_fuzzy_decrypt_command (struct fuzzy_session *s)
struct rspamd_fuzzy_encrypted_req_hdr *hdr;
guchar *payload;
gsize payload_len;
- struct rspamd_http_keypair rk;
+ struct rspamd_cryptobox_pubkey *rk;
struct fuzzy_key *key;
if (s->ctx->default_key == NULL) {
@@ -586,19 +587,28 @@ rspamd_fuzzy_decrypt_command (struct fuzzy_session *s)
s->key_stat = key->stat;
/* Now process keypair */
- memcpy (rk.pk, hdr->pubkey, sizeof (rk.pk));
- rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, &rk);
+ rk = rspamd_pubkey_from_bin (hdr->pubkey, sizeof (hdr->pubkey),
+ RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
+
+ if (rk == NULL) {
+ msg_err ("bad key");
+ return FALSE;
+ }
+
+ rspamd_keypair_cache_process (s->ctx->keypair_cache, key->key, rk);
/* Now decrypt request */
if (!rspamd_cryptobox_decrypt_nm_inplace (payload, payload_len, hdr->nonce,
- rk.nm, hdr->mac)) {
+ rspamd_pubkey_get_nm (rk),
+ hdr->mac, RSPAMD_CRYPTOBOX_MODE_25519)) {
msg_debug ("decryption failed");
- rspamd_explicit_memzero (rk.nm, sizeof (rk.nm));
+ rspamd_pubkey_unref (rk);
+
return FALSE;
}
- memcpy (s->nm, rk.nm, sizeof (s->nm));
- rspamd_explicit_memzero (rk.nm, sizeof (rk.nm));
+ memcpy (s->nm, rspamd_pubkey_get_nm (rk), sizeof (s->nm));
+ rspamd_pubkey_unref (rk);
return TRUE;
}
@@ -1066,10 +1076,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool,
{
struct rspamd_rcl_struct_parser *pd = ud;
struct rspamd_fuzzy_storage_ctx *ctx;
- struct rspamd_http_keypair *kp;
+ struct rspamd_cryptobox_keypair *kp;
struct fuzzy_key_stat *keystat;
struct fuzzy_key *key;
const ucl_object_t *cur;
+ const guchar *pk;
ucl_object_iter_t it = NULL;
gboolean ret;
@@ -1094,6 +1105,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool,
return FALSE;
}
+ if (rspamd_keypair_alg (kp) != RSPAMD_CRYPTOBOX_MODE_25519 ||
+ rspamd_keypair_type (kp) != RSPAMD_KEYPAIR_KEX) {
+ return FALSE;
+ }
+
key = g_slice_alloc (sizeof (*key));
key->key = kp;
keystat = g_slice_alloc0 (sizeof (*keystat));
@@ -1102,9 +1118,11 @@ fuzzy_parse_keypair (rspamd_mempool_t *pool,
(GDestroyNotify)rspamd_inet_address_destroy, fuzzy_key_stat_dtor,
rspamd_inet_address_hash, rspamd_inet_address_equal);
key->stat = keystat;
- g_hash_table_insert (ctx->keys, kp->pk, key);
+ pk = rspamd_keypair_component (kp, RSPAMD_KEYPAIR_COMPONENT_PK,
+ NULL);
+ g_hash_table_insert (ctx->keys, (gpointer)pk, key);
ctx->default_key = key;
- msg_info_pool ("loaded keypair %8xs", kp->pk);
+ msg_info_pool ("loaded keypair %8xs", pk);
}
else if (ucl_object_type (obj) == UCL_ARRAY) {
while ((cur = ucl_iterate_object (obj, &it, true)) != NULL) {
diff --git a/src/http_proxy.c b/src/http_proxy.c
index dc618f6e4..1af159f48 100644
--- a/src/http_proxy.c
+++ b/src/http_proxy.c
@@ -48,7 +48,7 @@ worker_t http_proxy_worker = {
struct rspamd_http_upstream {
gchar *name;
struct upstream_list *u;
- gpointer key;
+ struct rspamd_cryptobox_pubkey *key;
};
struct http_proxy_ctx {
@@ -60,7 +60,7 @@ struct http_proxy_ctx {
/* Events base */
struct event_base *ev_base;
/* Encryption key for clients */
- gpointer key;
+ struct rspamd_cryptobox_keypair *key;
/* Keys cache */
struct rspamd_keypair_cache *keys_cache;
/* Upstreams to use */
@@ -68,7 +68,7 @@ struct http_proxy_ctx {
/* Default upstream */
struct rspamd_http_upstream *default_upstream;
/* Local rotating keypair for upstreams */
- gpointer local_key;
+ struct rspamd_cryptobox_keypair *local_key;
struct event rotate_ev;
gdouble rotate_tm;
};
@@ -76,8 +76,8 @@ struct http_proxy_ctx {
struct http_proxy_session {
struct http_proxy_ctx *ctx;
struct event_base *ev_base;
- gpointer local_key;
- gpointer remote_key;
+ struct rspamd_cryptobox_keypair *local_key;
+ struct rspamd_cryptobox_pubkey *remote_key;
struct upstream *up;
gint client_sock;
gint backend_sock;
@@ -128,7 +128,8 @@ http_proxy_parse_upstream (rspamd_mempool_t *pool,
elt = ucl_object_find_key (obj, "key");
if (elt != NULL) {
- up->key = rspamd_http_connection_make_peer_key (ucl_object_tostring (elt));
+ up->key = rspamd_pubkey_from_base32 (ucl_object_tostring (elt), 0,
+ RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519);
if (up->key == NULL) {
g_set_error (err, http_proxy_quark (), 100,
@@ -171,7 +172,7 @@ err:
rspamd_upstreams_destroy (up->u);
if (up->key) {
- rspamd_http_connection_key_unref (up->key);
+ rspamd_pubkey_unref (up->key);
}
g_slice_free1 (sizeof (*up), up);
@@ -366,7 +367,7 @@ proxy_client_finish_handler (struct rspamd_http_connection *conn,
rspamd_http_connection_set_key (session->backend_conn,
session->ctx->local_key);
- msg->peer_key = rspamd_http_connection_key_ref (backend->key);
+ msg->peer_key = rspamd_pubkey_ref (backend->key);
session->replied = TRUE;
rspamd_http_connection_write_message (session->backend_conn,
@@ -452,8 +453,9 @@ proxy_rotate_key (gint fd, short what, void *arg)
event_add (&ctx->rotate_ev, &rot_tv);
kp = ctx->local_key;
- ctx->local_key = rspamd_http_connection_gen_key ();
- rspamd_http_connection_key_unref (kp);
+ ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX,
+ RSPAMD_CRYPTOBOX_MODE_25519);
+ rspamd_keypair_unref (kp);
}
void
@@ -478,7 +480,8 @@ start_http_proxy (struct rspamd_worker *worker)
/* XXX: stupid default */
ctx->keys_cache = rspamd_keypair_cache_new (256);
- ctx->local_key = rspamd_http_connection_gen_key ();
+ ctx->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX,
+ RSPAMD_CRYPTOBOX_MODE_25519);
double_to_tv (ctx->rotate_tm, &rot_tv);
rot_tv.tv_sec += ottery_rand_range (rot_tv.tv_sec);
@@ -493,7 +496,7 @@ start_http_proxy (struct rspamd_worker *worker)
rspamd_log_close (worker->srv->logger);
if (ctx->key) {
- rspamd_http_connection_key_unref (ctx->key);
+ rspamd_keypair_unref (ctx->key);
}
rspamd_keypair_cache_destroy (ctx->keys_cache);
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index c56daafa9..936ec219f 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -245,7 +245,7 @@ rspamd_keypair_new (enum rspamd_cryptobox_keypair_type type,
struct rspamd_cryptobox_keypair*
-rspamd__keypair_ref (struct rspamd_cryptobox_keypair *kp)
+rspamd_keypair_ref (struct rspamd_cryptobox_keypair *kp)
{
REF_RETAIN (kp);
return kp;
@@ -340,7 +340,7 @@ rspamd_pubkey_from_base32 (const gchar *b32,
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (decoded, pk_data, pklen);
+ memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
@@ -386,7 +386,7 @@ rspamd_pubkey_from_hex (const gchar *hex,
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (decoded, pk_data, pklen);
+ memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
@@ -418,7 +418,7 @@ rspamd_pubkey_from_bin (const guchar *raw,
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
- memcpy (raw, pk_data, pklen);
+ memcpy (pk_data, raw, pklen);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
pk->alg = alg;
pk->type = type;
diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c
index ffc6f9086..440ccd40d 100644
--- a/src/libserver/cfg_rcl.c
+++ b/src/libserver/cfg_rcl.c
@@ -2408,57 +2408,26 @@ rspamd_rcl_parse_struct_keypair (rspamd_mempool_t *pool,
GError **err)
{
struct rspamd_rcl_struct_parser *pd = ud;
- gpointer *target;
- gpointer key;
- const gchar *val, *sem = NULL, *pk = NULL, *sk = NULL;
- gchar keybuf[256];
- const ucl_object_t *elt;
+ struct rspamd_cryptobox_keypair **target, *kp;
+
target = (gpointer *)(((gchar *)pd->user_struct) + pd->offset);
- if (obj->type == UCL_STRING) {
- /* Pk and Sk are just linked all together */
- val = ucl_object_tostring (obj);
- if ((sem = strchr (val, ':')) != NULL) {
- sk = val;
- pk = sem + 1;
+ if (obj->type == UCL_OBJECT) {
+ kp = rspamd_keypair_from_ucl (obj);
+
+ if (kp != NULL) {
+ *target = kp;
}
else {
- /* Try to parse the key as is */
- key = rspamd_http_connection_make_key ((gchar *)val, strlen (val));
- if (key != NULL) {
- *target = key;
- return TRUE;
- }
g_set_error (err,
CFG_RCL_ERROR,
EINVAL,
- "invalid string with keypair content for %s",
+ "cannot load the keypair specified: %s",
ucl_object_key (obj));
return FALSE;
}
}
- else if (obj->type == UCL_OBJECT) {
- elt = ucl_object_find_key (obj, "pubkey");
- if (elt == NULL || !ucl_object_tostring_safe (elt, &pk)) {
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "no sane pubkey found in the keypair: %s",
- ucl_object_key (obj));
- return FALSE;
- }
- elt = ucl_object_find_key (obj, "privkey");
- if (elt == NULL || !ucl_object_tostring_safe (elt, &sk)) {
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "no sane privkey found in the keypair: %s",
- ucl_object_key (obj));
- return FALSE;
- }
- }
-
- if (sk == NULL || pk == NULL) {
+ else {
g_set_error (err,
CFG_RCL_ERROR,
EINVAL,
@@ -2467,27 +2436,7 @@ rspamd_rcl_parse_struct_keypair (rspamd_mempool_t *pool,
return FALSE;
}
- if (!sem) {
- rspamd_snprintf (keybuf, sizeof (keybuf), "%s%s", sk, pk);
- }
- else {
- rspamd_snprintf (keybuf, sizeof (keybuf), "%*s%s", (gint)(sem - sk),
- sk, pk);
- }
-
- key = rspamd_http_connection_make_key (keybuf, strlen (keybuf));
- if (key != NULL) {
- /* XXX: clean buffer after usage */
- *target = key;
- return TRUE;
- }
-
- g_set_error (err,
- CFG_RCL_ERROR,
- EINVAL,
- "cannot load the keypair specified: %s",
- ucl_object_key (obj));
- return FALSE;
+ return TRUE;
}
static void
diff --git a/src/worker.c b/src/worker.c
index 3c33168b6..ab038f63f 100644
--- a/src/worker.c
+++ b/src/worker.c
@@ -93,7 +93,7 @@ struct rspamd_worker_ctx {
/* Events base */
struct event_base *ev_base;
/* Encryption key */
- gpointer key;
+ struct rspamd_cryptobox_keypair *key;
/* Keys cache */
struct rspamd_keypair_cache *keys_cache;
/* Configuration */
@@ -441,7 +441,7 @@ start_worker (struct rspamd_worker *worker)
rspamd_log_close (worker->srv->logger);
if (ctx->key) {
- rspamd_http_connection_key_unref (ctx->key);
+ rspamd_keypair_unref (ctx->key);
}
rspamd_keypair_cache_destroy (ctx->keys_cache);