aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcryptobox/keypair.c7
-rw-r--r--src/libcryptobox/keypair.h10
-rw-r--r--src/libcryptobox/keypair_private.h105
-rw-r--r--src/libcryptobox/keypairs_cache.c64
-rw-r--r--src/libcryptobox/keypairs_cache.h4
5 files changed, 156 insertions, 34 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index 4ccca298b..9e652ea1c 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -17,3 +17,10 @@
#include "config.h"
#include "keypair.h"
#include "keypair_private.h"
+
+void
+rspamd_cryptobox_nm_dtor (struct rspamd_cryptobox_nm *nm)
+{
+ rspamd_explicit_memzero (nm->nm, sizeof (nm->nm));
+ g_slice_free1 (sizeof (*nm), nm);
+}
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
index a6b708202..49f4e2be0 100644
--- a/src/libcryptobox/keypair.h
+++ b/src/libcryptobox/keypair.h
@@ -29,14 +29,6 @@ enum rspamd_cryptobox_keypair_type {
};
/**
- * Algorithm used for keypair
- */
-enum rspamd_cryptobox_keypair_algorithm {
- RSPAMD_KEYPAIR_NIST = 0,
- RSPAMD_KEYPAIR_25519
-};
-
-/**
* Opaque structure for the full (public + private) keypair
*/
struct rspamd_cryptobox_keypair;
@@ -53,7 +45,7 @@ struct rspamd_cryptobox_keypair_public;
*/
struct rspamd_cryptobox_keypair* rspamd_keypair_new (
enum rspamd_cryptobox_keypair_type type,
- enum rspamd_cryptobox_keypair_algorithm alg);
+ enum rspamd_cryptobox_mode alg);
/**
* Increase refcount for the specific keypair
diff --git a/src/libcryptobox/keypair_private.h b/src/libcryptobox/keypair_private.h
index 1856c1a47..78aed7279 100644
--- a/src/libcryptobox/keypair_private.h
+++ b/src/libcryptobox/keypair_private.h
@@ -20,14 +20,111 @@
#include "ref.h"
#include "cryptobox.h"
-struct RSPAMD_ALIGNED(32) rspamd_http_keypair {
- guchar RSPAMD_ALIGNED(32) sk[rspamd_cryptobox_MAX_SKBYTES];
+/*
+ * KEX cached data
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_nm {
guchar RSPAMD_ALIGNED(32) nm[rspamd_cryptobox_MAX_NMBYTES];
- guchar RSPAMD_ALIGNED(32) pk[rspamd_cryptobox_MAX_PKBYTES];
+ ref_entry_t ref;
+};
+
+/*
+ * Generic keypair
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair {
+ guchar id[rspamd_cryptobox_HASHBYTES];
+ enum rspamd_cryptobox_keypair_type type;
+ enum rspamd_cryptobox_mode alg;
+ ref_entry_t ref;
+};
+
+/*
+ * NIST p256 ecdh keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_NIST(x) ((struct rspamd_cryptobox_keypair_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_nist {
+ struct rspamd_cryptobox_keypair parent;
+ guchar RSPAMD_ALIGNED(32) sk[32];
+ guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Curve25519 ecdh keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_25519(x) ((struct rspamd_cryptobox_keypair_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_25519 {
+ struct rspamd_cryptobox_keypair parent;
+ guchar RSPAMD_ALIGNED(32) sk[32];
+ guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * NIST p256 ecdsa keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(x) ((struct rspamd_cryptobox_keypair_sig_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_nist {
+ struct rspamd_cryptobox_keypair parent;
+ guchar RSPAMD_ALIGNED(32) sk[32];
+ guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Ed25519 keypair
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(x) ((struct rspamd_cryptobox_keypair_sig_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_25519 {
+ struct rspamd_cryptobox_keypair parent;
+ guchar RSPAMD_ALIGNED(32) sk[64];
+ guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Public component of the keypair
+ */
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public {
guchar id[rspamd_cryptobox_HASHBYTES];
- gboolean has_nm;
+ struct rspamd_cryptobox_nm *nm;
+ enum rspamd_cryptobox_keypair_type type;
+ enum rspamd_cryptobox_mode alg;
ref_entry_t ref;
};
+/*
+ * Public p256 ecdh
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_NIST(x) ((struct rspamd_cryptobox_keypair_public_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public_nist {
+ struct rspamd_cryptobox_keypair_public parent;
+ guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Public curve25519 ecdh
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_25519(x) ((struct rspamd_cryptobox_keypair_public_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_public_25519 {
+ struct rspamd_cryptobox_keypair_public parent;
+ guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+/*
+ * Public p256 ecdsa
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_PUBLIC_NIST(x) ((struct rspamd_cryptobox_keypair_sig_public_nist *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_public_nist {
+ struct rspamd_cryptobox_keypair_public parent;
+ guchar RSPAMD_ALIGNED(32) pk[65];
+};
+
+/*
+ * Public ed25519
+ */
+#define RSPAMD_CRYPTOBOX_KEYPAIR_SIG_PUBLIC_25519(x) ((struct rspamd_cryptobox_keypair_sig_public_25519 *)(x))
+struct RSPAMD_ALIGNED(32) rspamd_cryptobox_keypair_sig_public_25519 {
+ struct rspamd_cryptobox_keypair_public parent;
+ guchar RSPAMD_ALIGNED(32) pk[32];
+};
+
+void rspamd_cryptobox_nm_dtor (struct rspamd_cryptobox_nm *nm);
#endif /* KEYPAIR_PRIVATE_H_ */
diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c
index 5df5e8a27..4b755fbd6 100644
--- a/src/libcryptobox/keypairs_cache.c
+++ b/src/libcryptobox/keypairs_cache.c
@@ -21,8 +21,8 @@
#include "xxhash.h"
struct rspamd_keypair_elt {
- guchar nm[rspamd_cryptobox_MAX_NMBYTES];
- guchar pair[rspamd_cryptobox_MAX_PKBYTES + rspamd_cryptobox_MAX_SKBYTES];
+ struct rspamd_cryptobox_nm *nm;
+ guchar pair[rspamd_cryptobox_HASHBYTES * 2];
};
struct rspamd_keypair_cache {
@@ -34,7 +34,7 @@ rspamd_keypair_destroy (gpointer ptr)
{
struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr;
- rspamd_explicit_memzero (elt, sizeof (*elt));
+ REF_RELEASE (elt->nm);
g_slice_free1 (sizeof (*elt), elt);
}
@@ -71,37 +71,61 @@ rspamd_keypair_cache_new (guint max_items)
void
rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
- gpointer lk, gpointer rk)
+ struct rspamd_cryptobox_keypair *lk,
+ struct rspamd_cryptobox_keypair_public *rk)
{
- struct rspamd_http_keypair *kp_local = (struct rspamd_http_keypair *)lk,
- *kp_remote = (struct rspamd_http_keypair *)rk;
struct rspamd_keypair_elt search, *new;
- g_assert (kp_local != NULL);
- g_assert (kp_remote != NULL);
+ g_assert (lk != NULL);
+ g_assert (rk != NULL);
+ g_assert (rk->alg == lk->alg);
+ g_assert (rk->type == lk->type);
+ g_assert (rk->type == RSPAMD_KEYPAIR_KEX);
memset (&search, 0, sizeof (search));
- memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
- memcpy (&search.pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
- rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
+ memcpy (search.pair, rk->id, rspamd_cryptobox_HASHBYTES);
+ memcpy (&search.pair[rspamd_cryptobox_HASHBYTES], lk->id,
+ rspamd_cryptobox_HASHBYTES);
new = rspamd_lru_hash_lookup (c->hash, &search, time (NULL));
+ if (rk->nm) {
+ REF_RELEASE (rk->nm);
+ rk->nm = NULL;
+ }
+
if (new == NULL) {
new = g_slice_alloc0 (sizeof (*new));
- memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
- memcpy (&new->pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk,
- rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
- rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk, RSPAMD_CRYPTOBOX_MODE_25519);
+ new->nm = g_slice_alloc (sizeof (*new->nm));
+ REF_INIT_RETAIN (new->nm, rspamd_cryptobox_nm_dtor);
+
+ memcpy (new->pair, rk->id, rspamd_cryptobox_HASHBYTES);
+ memcpy (&new->pair[rspamd_cryptobox_HASHBYTES], lk->id,
+ rspamd_cryptobox_HASHBYTES);
+
+ if (rk->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
+ struct rspamd_cryptobox_keypair_public_25519 *rk_25519 =
+ RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_25519(rk);
+ struct rspamd_cryptobox_keypair_25519 *sk_25519 =
+ RSPAMD_CRYPTOBOX_KEYPAIR_25519(lk);
+
+ rspamd_cryptobox_nm (new->nm->nm, rk_25519->pk, sk_25519->sk, rk->alg);
+ }
+ else {
+ struct rspamd_cryptobox_keypair_public_nist *rk_nist =
+ RSPAMD_CRYPTOBOX_KEYPAIR_PUBLIC_NIST(rk);
+ struct rspamd_cryptobox_keypair_nist *sk_nist =
+ RSPAMD_CRYPTOBOX_KEYPAIR_NIST(lk);
+
+ rspamd_cryptobox_nm (new->nm->nm, rk_nist->pk, sk_nist->sk, rk->alg);
+ }
+
rspamd_lru_hash_insert (c->hash, new, new, time (NULL), -1);
}
g_assert (new != NULL);
- memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
- kp_remote->has_nm = TRUE;
-#if 0
- memcpy (kp_local->nm, new->nm, rspamd_cryptobox_NMBYTES);
-#endif
+ rk->nm = new->nm;
+ REF_RETAIN (rk->nm);
}
void
diff --git a/src/libcryptobox/keypairs_cache.h b/src/libcryptobox/keypairs_cache.h
index e52d03cbe..e04a5914b 100644
--- a/src/libcryptobox/keypairs_cache.h
+++ b/src/libcryptobox/keypairs_cache.h
@@ -17,6 +17,7 @@
#define KEYPAIRS_CACHE_H_
#include "config.h"
+#include "keypair.h"
struct rspamd_keypair_cache;
@@ -35,7 +36,8 @@ struct rspamd_keypair_cache * rspamd_keypair_cache_new (guint max_items);
* @param rk remote key
*/
void rspamd_keypair_cache_process (struct rspamd_keypair_cache *c,
- gpointer lk, gpointer rk);
+ struct rspamd_cryptobox_keypair *lk,
+ struct rspamd_cryptobox_keypair_public *rk);
/**
* Destroy old keypair cache
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-11 22:21:34 +0000