diff options
Diffstat (limited to 'src/libcryptobox')
-rw-r--r-- | src/libcryptobox/CMakeLists.txt | 20 | ||||
-rw-r--r-- | src/libcryptobox/cryptobox.c | 62 | ||||
-rw-r--r-- | src/libcryptobox/cryptobox.h | 119 |
3 files changed, 201 insertions, 0 deletions
diff --git a/src/libcryptobox/CMakeLists.txt b/src/libcryptobox/CMakeLists.txt new file mode 100644 index 000000000..9d3286cd2 --- /dev/null +++ b/src/libcryptobox/CMakeLists.txt @@ -0,0 +1,20 @@ + + +SET(LIBCRYPTOBOXSRC cryptobox.c) + +ADD_LIBRARY(rspamd-cryptobox ${LINK_TYPE} ${LIBCRYPTOBOXSRC}) +IF(NOT DEBIAN_BUILD) + SET_TARGET_PROPERTIES(rspamd-cryptobox PROPERTIES VERSION ${RSPAMD_VERSION}) +ENDIF(NOT DEBIAN_BUILD) +SET_TARGET_PROPERTIES(rspamd-cryptobox PROPERTIES LINKER_LANGUAGE C COMPILE_FLAGS "-DRSPAMD_LIB") + +IF(CMAKE_COMPILER_IS_GNUCC) +SET_TARGET_PROPERTIES(rspamd-cryptobox PROPERTIES COMPILE_FLAGS "-DRSPAMD_LIB -fno-strict-aliasing") +ENDIF(CMAKE_COMPILER_IS_GNUCC) +TARGET_LINK_LIBRARIES(rspamd-cryptobox ottery) + +IF(NO_SHARED MATCHES "OFF") + INSTALL(TARGETS rspamd-cryptobox + LIBRARY DESTINATION ${LIBDIR} + PUBLIC_HEADER DESTINATION ${INCLUDEDIR}) +ENDIF(NO_SHARED MATCHES "OFF")
\ No newline at end of file diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c new file mode 100644 index 000000000..056368e68 --- /dev/null +++ b/src/libcryptobox/cryptobox.c @@ -0,0 +1,62 @@ +/* Copyright (c) 2015, Vsevolod Stakhov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "cryptobox.h" + +struct rspamd_cryptobox_config { + gboolean has_sse3; + gboolean has_avx; + gboolean has_avx2; +}; + + + +#ifdef HAVE_WEAK_SYMBOLS +__attribute__((weak)) void +_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len) +{ + (void) pnt; + (void) len; +} +#endif + +void +rspamd_explicit_memzero(void * const pnt, const gsize len) +{ +#if defined(HAVE_MEMSET_S) + if (memset_s (pnt, (rsize_t) len, 0, (rsize_t) len) != 0) { + g_assert (0); + } +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero (pnt, len); +#elif defined(HAVE_WEAK_SYMBOLS) + memset (pnt, 0, len); + _dummy_symbol_to_prevent_lto (pnt, len); +#else + volatile unsigned char *pnt_ = (volatile unsigned char *) pnt; + gsize i = (gsize) 0U; + while (i < len) { + pnt_[i++] = 0U; + } +#endif +} diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h new file mode 100644 index 000000000..af857197a --- /dev/null +++ b/src/libcryptobox/cryptobox.h @@ -0,0 +1,119 @@ +/* Copyright (c) 2015, Vsevolod Stakhov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef CRYPTOBOX_H_ +#define CRYPTOBOX_H_ + +#include "config.h" + +#define rspamd_cryptobox_NONCEBYTES 24 +#define rspamd_cryptobox_PKBYTES 32 +#define rspamd_cryptobox_SKBYTES 32 +#define rspamd_cryptobox_MACBYTES 16 +#define rspamd_cryptobox_NMBYTES 32 + +typedef guchar rspamd_pk_t[rspamd_cryptobox_PKBYTES]; +typedef guchar rspamd_sk_t[rspamd_cryptobox_SKBYTES]; +typedef guchar rspamd_sig_t[rspamd_cryptobox_MACBYTES]; +typedef guchar rspamd_nm_t[rspamd_cryptobox_NMBYTES]; + +struct rspamd_encrypt_segment { + guchar *buf; + gsize len; +}; + +/** + * Init cryptobox library + */ +void rspamd_cryptobox_init (void); + +/** + * Generate new keypair + * @param pk public key buffer + * @param sk secret key buffer + */ +void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk); + +/** + * Encrypt segments of data inplace adding signature to sig afterwards + * @param segments segments of data + * @param cnt count of segments + * @param pk remote pubkey + * @param sk local secret key + * @param sig output signature + */ +void rspamd_cryptobox_encrypt_inplace (struct rspamd_encrypt_segment *segments, + gsize cnt, const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig); + + +/** + * Decrypt and verify data chunk inplace + * @param data data to decrypt + * @param len lenght of data + * @param pk remote pubkey + * @param sk local privkey + * @param sig signature input + * @return TRUE if input has been verified successfully + */ +gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, + const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig); + +/** + * Encrypt segments of data inplace adding signature to sig afterwards + * @param segments segments of data + * @param cnt count of segments + * @param pk remote pubkey + * @param sk local secret key + * @param sig output signature + */ +void rspamd_cryptobox_encrypt_nm_inplace (struct rspamd_encrypt_segment *segments, + gsize cnt, const rspamd_nm_t nm, rspamd_sig_t sig); + + +/** + * Decrypt and verify data chunk inplace + * @param data data to decrypt + * @param len lenght of data + * @param pk remote pubkey + * @param sk local privkey + * @param sig signature input + * @return TRUE if input has been verified successfully + */ +gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, + const rspamd_nm_t nm, const rspamd_sig_t sig); + +/** + * Generate shared secret from local sk and remote pk + * @param nm shared secret + * @param pk remote pubkey + * @param sk local privkey + */ +void rspamd_cryptobox_nm (rspamd_nm_t nm, rspamd_pk_t pk, rspamd_sk_t sk); + +/** + * Securely clear the buffer specified + * @param buf buffer to zero + * @param buflen length of buffer + */ +void rspamd_explicit_memzero (void * const buf, gsize buflen); + +#endif /* CRYPTOBOX_H_ */ |