aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2015-02-06 17:15:32 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2015-02-06 17:15:32 +0000
commit87d450793780e9da74016277272b3a5b521f80ab (patch)
treec0270a57594a56943a03707c17ae6dd9e7a13b9e /src
parent5773d9e998e626328bf49a655d49df4810e6f980 (diff)
downloadrspamd-87d450793780e9da74016277272b3a5b521f80ab.tar.gz
rspamd-87d450793780e9da74016277272b3a5b521f80ab.zip
Implement verification and keypair generation.
Diffstat (limited to 'src')
-rw-r--r--src/libcryptobox/chacha20/ref.c3
-rw-r--r--src/libcryptobox/cryptobox.c50
-rw-r--r--src/libcryptobox/cryptobox.h11
3 files changed, 59 insertions, 5 deletions
diff --git a/src/libcryptobox/chacha20/ref.c b/src/libcryptobox/chacha20/ref.c
index bd6a44a82..905e76c83 100644
--- a/src/libcryptobox/chacha20/ref.c
+++ b/src/libcryptobox/chacha20/ref.c
@@ -228,8 +228,7 @@ hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned ch
void
chacha_clear_state_ref(chacha_state_internal *state) {
- void * (* volatile safe_memset)(void *s, int c, size_t n) = memset;
- safe_memset(state, 0, 48);
+ rspamd_explicit_memzero (state, 48);
}
void
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index e96f4ec09..aee25c803 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -29,6 +29,12 @@
unsigned long cpu_config = 0;
+static const rspamd_nonce_t n0 = {0};
+static const unsigned char sigma[16] = {
+ 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2',
+ '-', 'b', 'y', 't', 'e', ' ', 'k'
+};
+
#ifdef HAVE_WEAK_SYMBOLS
__attribute__((weak)) void
_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
@@ -102,3 +108,47 @@ rspamd_cryptobox_init (void)
chacha_load ();
}
+
+void
+rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk)
+{
+ ottery_rand_bytes (sk, rspamd_cryptobox_SKBYTES);
+ sk[0] &= 248;
+ sk[31] &= 127;
+ sk[31] |= 64;
+
+ curve25519 (pk, sk, curve25519_basepoint);
+}
+
+void
+rspamd_cryptobox_nm (rspamd_nm_t nm, rspamd_pk_t pk, rspamd_sk_t sk)
+{
+ guchar s[rspamd_cryptobox_PKBYTES];
+
+ curve25519 (s, sk, pk);
+ hchacha (s, sigma, nm, 20);
+}
+
+gboolean
+rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
+ const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig)
+{
+ poly1305_context mac_ctx;
+ guchar subkey[32];
+ rspamd_sig_t mac;
+
+ /* Generate MAC key */
+ memset (subkey, 0, sizeof (subkey));
+ xchacha (nm, nonce, subkey, subkey, sizeof (subkey), 20);
+
+ poly1305_init (&mac_ctx, subkey);
+ poly1305_update (&mac_ctx, data, len);
+ poly1305_finish (&mac_ctx, mac);
+
+ if (!poly1305_verify (mac, sig)) {
+ return FALSE;
+ }
+
+
+ return TRUE;
+}
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index 565371b70..f0df9a188 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -35,6 +35,7 @@ typedef guchar rspamd_pk_t[rspamd_cryptobox_PKBYTES];
typedef guchar rspamd_sk_t[rspamd_cryptobox_SKBYTES];
typedef guchar rspamd_sig_t[rspamd_cryptobox_MACBYTES];
typedef guchar rspamd_nm_t[rspamd_cryptobox_NMBYTES];
+typedef guchar rspamd_nonce_t[rspamd_cryptobox_NONCEBYTES];
/**
* Init cryptobox library
@@ -57,7 +58,8 @@ void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk);
* @param sig output signature
*/
void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
- gsize cnt, const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig);
+ const rspamd_nonce_t nonce,
+ const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig);
/**
@@ -70,7 +72,8 @@ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
* @return TRUE if input has been verified successfully
*/
gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
- const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig);
+ const rspamd_nonce_t nonce,
+ const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig);
/**
* Encrypt segments of data inplace adding signature to sig afterwards
@@ -81,7 +84,8 @@ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
* @param sig output signature
*/
void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
- gsize cnt, const rspamd_nm_t nm, rspamd_sig_t sig);
+ const rspamd_nonce_t nonce,
+ const rspamd_nm_t nm, rspamd_sig_t sig);
/**
@@ -94,6 +98,7 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
* @return TRUE if input has been verified successfully
*/
gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
+ const rspamd_nonce_t nonce,
const rspamd_nm_t nm, const rspamd_sig_t sig);
/**