From 1e0332c701c7ecc79c8ec2f94b2a2700a47b9133 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 5 Feb 2016 14:47:25 +0000 Subject: Add flexible x25519/nist modes for cryptobox --- src/libcryptobox/cryptobox.c | 257 ++++++++++++++++++++----------------- src/libcryptobox/cryptobox.h | 60 +++++---- src/libcryptobox/ed25519/ed25519.c | 3 +- src/libcryptobox/keypairs_cache.c | 12 +- 4 files changed, 184 insertions(+), 148 deletions(-) (limited to 'src/libcryptobox') diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index d2d64a9d0..1971e42ce 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -56,7 +56,6 @@ unsigned long cpu_config = 0; -static gboolean use_openssl = FALSE; static gboolean cryptobox_loaded = FALSE; static const guchar n0[16] = {0}; @@ -322,9 +321,10 @@ rspamd_cryptobox_init (void) } void -rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk) +rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { ottery_rand_bytes (sk, rspamd_cryptobox_MAX_SKBYTES); sk[0] &= 248; sk[31] &= 127; @@ -357,7 +357,7 @@ rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk) g_assert (len <= (gint)sizeof (rspamd_sk_t)); BN_bn2bin (bn_sec, sk); len = BN_num_bytes (bn_pub); - g_assert (len <= (gint)rspamd_cryptobox_pk_bytes ()); + g_assert (len <= (gint)rspamd_cryptobox_pk_bytes (mode)); BN_bn2bin (bn_pub, pk); BN_free (bn_pub); EC_KEY_free (ec_sec); @@ -366,9 +366,10 @@ rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk) } void -rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk) +rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { ed25519_keypair (pk, sk); } else { @@ -396,7 +397,7 @@ rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk) g_assert (len <= (gint)sizeof (rspamd_sk_t)); BN_bn2bin (bn_sec, sk); len = BN_num_bytes (bn_pub); - g_assert (len <= (gint)rspamd_cryptobox_pk_bytes ()); + g_assert (len <= (gint)rspamd_cryptobox_pk_bytes (mode)); BN_bn2bin (bn_pub, pk); BN_free (bn_pub); EC_KEY_free (ec_sec); @@ -405,9 +406,11 @@ rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk) } void -rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk) +rspamd_cryptobox_nm (rspamd_nm_t nm, + const rspamd_pk_t pk, const rspamd_sk_t sk, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { guchar s[32]; guchar e[32]; @@ -434,7 +437,7 @@ rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk) lk = EC_KEY_new_by_curve_name (CRYPTOBOX_CURVE_NID); g_assert (lk != NULL); - bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (), NULL); + bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (mode), NULL); g_assert (bn_pub != NULL); bn_sec = BN_bin2bn (sk, sizeof (rspamd_sk_t), NULL); g_assert (bn_sec != NULL); @@ -459,9 +462,10 @@ rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk) void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, const guchar *m, gsize mlen, - const rspamd_sk_t sk) + const rspamd_sk_t sk, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { ed25519_sign (sig, siglen_p, m, mlen, sk); } else { @@ -472,7 +476,7 @@ rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, BIGNUM *bn_sec, *kinv = NULL, *rp = NULL; EVP_MD_CTX sha_ctx; unsigned char h[64]; - guint diglen = rspamd_cryptobox_signature_bytes (); + guint diglen = rspamd_cryptobox_signature_bytes (mode); /* Prehash */ g_assert (EVP_DigestInit (&sha_ctx, EVP_sha512()) == 1); @@ -505,11 +509,12 @@ bool rspamd_cryptobox_verify (const guchar *sig, const guchar *m, gsize mlen, - const rspamd_pk_t pk) + const rspamd_pk_t pk, + enum rspamd_cryptobox_mode mode) { bool ret = false; - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { ret = ed25519_verify (sig, m, mlen, pk); } else { @@ -530,7 +535,7 @@ rspamd_cryptobox_verify (const guchar *sig, /* Key setup */ lk = EC_KEY_new_by_curve_name (CRYPTOBOX_CURVE_NID); g_assert (lk != NULL); - bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (), NULL); + bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (mode), NULL); g_assert (bn_pub != NULL); ec_pub = EC_POINT_bn2point (EC_KEY_get0_group (lk), bn_pub, NULL, NULL); g_assert (ec_pub != NULL); @@ -538,7 +543,7 @@ rspamd_cryptobox_verify (const guchar *sig, /* ECDSA */ ret = ECDSA_verify (0, h, sizeof (h), sig, - rspamd_cryptobox_signature_bytes (), lk) == 1; + rspamd_cryptobox_signature_bytes (mode), lk) == 1; EC_KEY_free (lk); BN_free (bn_pub); @@ -550,9 +555,9 @@ rspamd_cryptobox_verify (const guchar *sig, } static gsize -rspamd_cryptobox_encrypt_ctx_len (void) +rspamd_cryptobox_encrypt_ctx_len (enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return sizeof (chacha_state) + CRYPTOBOX_ALIGNMENT; } else { @@ -567,9 +572,9 @@ rspamd_cryptobox_encrypt_ctx_len (void) } static gsize -rspamd_cryptobox_auth_ctx_len (void) +rspamd_cryptobox_auth_ctx_len (enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return sizeof (poly1305_state) + CRYPTOBOX_ALIGNMENT; } else { @@ -585,9 +590,10 @@ rspamd_cryptobox_auth_ctx_len (void) static void * rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, - const rspamd_nm_t nm) + const rspamd_nm_t nm, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { chacha_state *s; s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT); @@ -608,7 +614,7 @@ rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, memset (s, 0, sizeof (*s)); g_assert (EVP_EncryptInit_ex (s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1); g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, - rspamd_cryptobox_nonce_bytes (), NULL) == 1); + rspamd_cryptobox_nonce_bytes (mode), NULL) == 1); g_assert (EVP_EncryptInit_ex (s, NULL, NULL, nm, nonce) == 1); return s; @@ -619,9 +625,10 @@ rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, } static void * -rspamd_cryptobox_auth_init (void *auth_ctx, void *enc_ctx) +rspamd_cryptobox_auth_init (void *auth_ctx, void *enc_ctx, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { poly1305_state *mac_ctx; guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES]; @@ -648,9 +655,10 @@ rspamd_cryptobox_auth_init (void *auth_ctx, void *enc_ctx) static gboolean rspamd_cryptobox_encrypt_update (void *enc_ctx, const guchar *in, gsize inlen, - guchar *out, gsize *outlen) + guchar *out, gsize *outlen, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { gsize r; r = chacha_update (enc_ctx, in, out, inlen); @@ -683,9 +691,10 @@ rspamd_cryptobox_encrypt_update (void *enc_ctx, const guchar *in, gsize inlen, } static gboolean -rspamd_cryptobox_auth_update (void *auth_ctx, const guchar *in, gsize inlen) +rspamd_cryptobox_auth_update (void *auth_ctx, const guchar *in, gsize inlen, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { poly1305_update (auth_ctx, in, inlen); return TRUE; @@ -702,9 +711,10 @@ rspamd_cryptobox_auth_update (void *auth_ctx, const guchar *in, gsize inlen) } static gsize -rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain) +rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return chacha_final (enc_ctx, out); } else { @@ -724,9 +734,10 @@ rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain) } static gboolean -rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig) +rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { poly1305_finish (auth_ctx, sig); return TRUE; @@ -749,9 +760,10 @@ rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig) static void * rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, - const rspamd_nm_t nm) + const rspamd_nm_t nm, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { chacha_state *s; @@ -773,7 +785,7 @@ rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, memset (s, 0, sizeof (*s)); g_assert (EVP_DecryptInit_ex(s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1); g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, - rspamd_cryptobox_nonce_bytes (), NULL) == 1); + rspamd_cryptobox_nonce_bytes (mode), NULL) == 1); g_assert (EVP_DecryptInit_ex (s, NULL, NULL, nm, nonce) == 1); return s; @@ -784,9 +796,10 @@ rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, } static void * -rspamd_cryptobox_auth_verify_init (void *auth_ctx, void *enc_ctx) +rspamd_cryptobox_auth_verify_init (void *auth_ctx, void *enc_ctx, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { poly1305_state *mac_ctx; guchar RSPAMD_ALIGNED(32) subkey[CHACHA_BLOCKBYTES]; @@ -813,9 +826,10 @@ rspamd_cryptobox_auth_verify_init (void *auth_ctx, void *enc_ctx) static gboolean rspamd_cryptobox_decrypt_update (void *enc_ctx, const guchar *in, gsize inlen, - guchar *out, gsize *outlen) + guchar *out, gsize *outlen, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { gsize r; r = chacha_update (enc_ctx, in, out, inlen); @@ -846,9 +860,11 @@ rspamd_cryptobox_decrypt_update (void *enc_ctx, const guchar *in, gsize inlen, } static gboolean -rspamd_cryptobox_auth_verify_update (void *auth_ctx, const guchar *in, gsize inlen) +rspamd_cryptobox_auth_verify_update (void *auth_ctx, + const guchar *in, gsize inlen, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { poly1305_update (auth_ctx, in, inlen); return TRUE; @@ -865,9 +881,10 @@ rspamd_cryptobox_auth_verify_update (void *auth_ctx, const guchar *in, gsize inl } static gboolean -rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain) +rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { chacha_final (enc_ctx, out); return TRUE; @@ -891,9 +908,10 @@ rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain) } static gboolean -rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig) +rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { rspamd_mac_t mac; poly1305_finish (auth_ctx, mac); @@ -923,9 +941,10 @@ rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig) static void -rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx) +rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx, + enum rspamd_cryptobox_mode mode) { - if (G_LIKELY (!use_openssl)) { + if (G_LIKELY (RSPAMD_CRYPTOBOX_MODE_25519)) { rspamd_explicit_memzero (auth_ctx, sizeof (poly1305_state)); } else { @@ -942,24 +961,25 @@ rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx) void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, const rspamd_nm_t nm, - rspamd_mac_t sig) + rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { gsize r; void *enc_ctx, *auth_ctx; - enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ()); - auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ()); + enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode)); + auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode)); - enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm); - auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx); + enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm, mode); + auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx, mode); - rspamd_cryptobox_encrypt_update (enc_ctx, data, len, data, &r); - rspamd_cryptobox_encrypt_final (enc_ctx, data + r, len - r); + rspamd_cryptobox_encrypt_update (enc_ctx, data, len, data, &r, mode); + rspamd_cryptobox_encrypt_final (enc_ctx, data + r, len - r, mode); - rspamd_cryptobox_auth_update (auth_ctx, data, len); - rspamd_cryptobox_auth_final (auth_ctx, sig); + rspamd_cryptobox_auth_update (auth_ctx, data, len, mode); + rspamd_cryptobox_auth_final (auth_ctx, sig, mode); - rspamd_cryptobox_cleanup (enc_ctx, auth_ctx); + rspamd_cryptobox_cleanup (enc_ctx, auth_ctx, mode); } static void @@ -982,7 +1002,8 @@ void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, gsize cnt, const rspamd_nonce_t nonce, - const rspamd_nm_t nm, rspamd_mac_t sig) + const rspamd_nm_t nm, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { struct rspamd_cryptobox_segment *cur = segments, *start_seg = segments; guchar outbuf[CHACHA_BLOCKBYTES * 16]; @@ -990,11 +1011,11 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, guchar *out, *in; gsize r, remain, inremain, seg_offset; - enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ()); - auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ()); + enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode)); + auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode)); - enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm); - auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx); + enc_ctx = rspamd_cryptobox_encrypt_init (enc_ctx, nonce, nm, mode); + auth_ctx = rspamd_cryptobox_auth_init (auth_ctx, enc_ctx, mode); remain = sizeof (outbuf); out = outbuf; @@ -1014,8 +1035,9 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, if (remain == 0) { rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf), - outbuf, NULL); - rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf)); + outbuf, NULL, mode); + rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf), + mode); rspamd_cryptobox_flush_outbuf (start_seg, outbuf, sizeof (outbuf), seg_offset); start_seg = cur; @@ -1027,8 +1049,9 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, else { memcpy (out, cur->data, remain); rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf), - outbuf, NULL); - rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf)); + outbuf, NULL, mode); + rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf), + mode); rspamd_cryptobox_flush_outbuf (start_seg, outbuf, sizeof (outbuf), seg_offset); seg_offset = 0; @@ -1046,10 +1069,12 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, outbuf, sizeof (outbuf), outbuf, - NULL); + NULL, + mode); rspamd_cryptobox_auth_update (auth_ctx, outbuf, - sizeof (outbuf)); + sizeof (outbuf), + mode); memcpy (in, outbuf, sizeof (outbuf)); in += sizeof (outbuf); inremain -= sizeof (outbuf); @@ -1069,43 +1094,46 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, } rspamd_cryptobox_encrypt_update (enc_ctx, outbuf, sizeof (outbuf) - remain, - outbuf, &r); + outbuf, &r, mode); out = outbuf + r; - rspamd_cryptobox_encrypt_final (enc_ctx, out, sizeof (outbuf) - remain - r); + rspamd_cryptobox_encrypt_final (enc_ctx, out, sizeof (outbuf) - remain - r, + mode); - rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf) - remain); - rspamd_cryptobox_auth_final (auth_ctx, sig); + rspamd_cryptobox_auth_update (auth_ctx, outbuf, sizeof (outbuf) - remain, + mode); + rspamd_cryptobox_auth_final (auth_ctx, sig, mode); rspamd_cryptobox_flush_outbuf (start_seg, outbuf, sizeof (outbuf) - remain, seg_offset); - rspamd_cryptobox_cleanup (auth_ctx, enc_ctx); + rspamd_cryptobox_cleanup (auth_ctx, enc_ctx, mode); } gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, - const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_mac_t sig) + const rspamd_nonce_t nonce, const rspamd_nm_t nm, + const rspamd_mac_t sig, enum rspamd_cryptobox_mode mode) { gsize r = 0; gboolean ret = TRUE; void *enc_ctx, *auth_ctx; - enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len ()); - auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len ()); + enc_ctx = g_alloca (rspamd_cryptobox_encrypt_ctx_len (mode)); + auth_ctx = g_alloca (rspamd_cryptobox_auth_ctx_len (mode)); - enc_ctx = rspamd_cryptobox_decrypt_init (enc_ctx, nonce, nm); - auth_ctx = rspamd_cryptobox_auth_verify_init (auth_ctx, enc_ctx); + enc_ctx = rspamd_cryptobox_decrypt_init (enc_ctx, nonce, nm, mode); + auth_ctx = rspamd_cryptobox_auth_verify_init (auth_ctx, enc_ctx, mode); - rspamd_cryptobox_auth_verify_update (auth_ctx, data, len); + rspamd_cryptobox_auth_verify_update (auth_ctx, data, len, mode); - if (!rspamd_cryptobox_auth_verify_final (auth_ctx, sig)) { + if (!rspamd_cryptobox_auth_verify_final (auth_ctx, sig, mode)) { ret = FALSE; } else { - rspamd_cryptobox_decrypt_update (enc_ctx, data, len, data, &r); - ret = rspamd_cryptobox_decrypt_final (enc_ctx, data + r, len - r); + rspamd_cryptobox_decrypt_update (enc_ctx, data, len, data, &r, mode); + ret = rspamd_cryptobox_decrypt_final (enc_ctx, data + r, len - r, mode); } - rspamd_cryptobox_cleanup (enc_ctx, auth_ctx); + rspamd_cryptobox_cleanup (enc_ctx, auth_ctx, mode); return ret; } @@ -1113,13 +1141,15 @@ rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig) + const rspamd_pk_t pk, const rspamd_sk_t sk, + const rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { guchar nm[rspamd_cryptobox_MAX_NMBYTES]; gboolean ret; - rspamd_cryptobox_nm (nm, pk, sk); - ret = rspamd_cryptobox_decrypt_nm_inplace (data, len, nonce, nm, sig); + rspamd_cryptobox_nm (nm, pk, sk, mode); + ret = rspamd_cryptobox_decrypt_nm_inplace (data, len, nonce, nm, sig, mode); rspamd_explicit_memzero (nm, sizeof (nm)); @@ -1129,12 +1159,14 @@ rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig) + const rspamd_pk_t pk, const rspamd_sk_t sk, + rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { guchar nm[rspamd_cryptobox_MAX_NMBYTES]; - rspamd_cryptobox_nm (nm, pk, sk); - rspamd_cryptobox_encrypt_nm_inplace (data, len, nonce, nm, sig); + rspamd_cryptobox_nm (nm, pk, sk, mode); + rspamd_cryptobox_encrypt_nm_inplace (data, len, nonce, nm, sig, mode); rspamd_explicit_memzero (nm, sizeof (nm)); } @@ -1142,12 +1174,14 @@ void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments, gsize cnt, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig) + const rspamd_pk_t pk, const rspamd_sk_t sk, + rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode) { guchar nm[rspamd_cryptobox_MAX_NMBYTES]; - rspamd_cryptobox_nm (nm, pk, sk); - rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, nonce, nm, sig); + rspamd_cryptobox_nm (nm, pk, sk, mode); + rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, nonce, nm, sig, mode); rspamd_explicit_memzero (nm, sizeof (nm)); } @@ -1217,20 +1251,11 @@ rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len, return TRUE; } -gboolean -rspamd_cryptobox_openssl_mode (gboolean enable) -{ -#ifdef HAVE_USABLE_OPENSSL - use_openssl = enable; -#endif - - return use_openssl; -} guint -rspamd_cryptobox_pk_bytes (void) +rspamd_cryptobox_pk_bytes (enum rspamd_cryptobox_mode mode) { - if (G_UNLIKELY (!use_openssl)) { + if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return 32; } else { @@ -1239,9 +1264,9 @@ rspamd_cryptobox_pk_bytes (void) } guint -rspamd_cryptobox_pk_sig_bytes (void) +rspamd_cryptobox_pk_sig_bytes (enum rspamd_cryptobox_mode mode) { - if (G_UNLIKELY (!use_openssl)) { + if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return 32; } else { @@ -1250,9 +1275,9 @@ rspamd_cryptobox_pk_sig_bytes (void) } guint -rspamd_cryptobox_nonce_bytes (void) +rspamd_cryptobox_nonce_bytes (enum rspamd_cryptobox_mode mode) { - if (G_UNLIKELY (!use_openssl)) { + if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return 24; } else { @@ -1262,15 +1287,15 @@ rspamd_cryptobox_nonce_bytes (void) guint -rspamd_cryptobox_sk_bytes (void) +rspamd_cryptobox_sk_bytes (enum rspamd_cryptobox_mode mode) { return 32; } guint -rspamd_cryptobox_sk_sig_bytes (void) +rspamd_cryptobox_sk_sig_bytes (enum rspamd_cryptobox_mode mode) { - if (G_UNLIKELY (!use_openssl)) { + if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return 64; } else { @@ -1279,11 +1304,11 @@ rspamd_cryptobox_sk_sig_bytes (void) } guint -rspamd_cryptobox_signature_bytes (void) +rspamd_cryptobox_signature_bytes (enum rspamd_cryptobox_mode mode) { static guint ssl_keylen; - if (G_UNLIKELY (!use_openssl)) { + if (G_UNLIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { return 64; } else { @@ -1302,13 +1327,13 @@ rspamd_cryptobox_signature_bytes (void) } guint -rspamd_cryptobox_nm_bytes (void) +rspamd_cryptobox_nm_bytes (enum rspamd_cryptobox_mode mode) { return 32; } guint -rspamd_cryptobox_mac_bytes (void) +rspamd_cryptobox_mac_bytes (enum rspamd_cryptobox_mode mode) { return 16; } diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h index 16214f6f8..fffbc098b 100644 --- a/src/libcryptobox/cryptobox.h +++ b/src/libcryptobox/cryptobox.h @@ -54,6 +54,11 @@ typedef guchar rspamd_signature_t[rspamd_cryptobox_MAX_SIGBYTES]; typedef guchar rspamd_sig_pk_t[rspamd_cryptobox_MAX_SIGPKBYTES]; typedef guchar rspamd_sig_sk_t[rspamd_cryptobox_MAX_SIGSKBYTES]; +enum rspamd_cryptobox_mode { + RSPAMD_CRYPTOBOX_MODE_25519 = 0, + RSPAMD_CRYPTOBOX_MODE_NIST +}; + struct rspamd_cryptobox_library_ctx { gchar *cpu_extensions; const gchar *curve25519_impl; @@ -75,14 +80,16 @@ struct rspamd_cryptobox_library_ctx* rspamd_cryptobox_init (void); * @param pk public key buffer * @param sk secret key buffer */ -void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk); +void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk, + enum rspamd_cryptobox_mode mode); /** * Generate new keypair for signing * @param pk public key buffer * @param sk secret key buffer */ -void rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk); +void rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk, + enum rspamd_cryptobox_mode mode); /** * Encrypt data inplace adding signature to sig afterwards @@ -93,7 +100,8 @@ void rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk); */ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig); + const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** * Encrypt segments of data inplace adding signature to sig afterwards @@ -106,7 +114,8 @@ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len, void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments, gsize cnt, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig); + const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** @@ -120,7 +129,8 @@ void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segment */ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig); + const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** * Encrypt segments of data inplace adding signature to sig afterwards @@ -132,7 +142,8 @@ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, */ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_nm_t nm, rspamd_mac_t sig); + const rspamd_nm_t nm, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** * Encrypt segments of data inplace adding signature to sig afterwards @@ -145,7 +156,8 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments, gsize cnt, const rspamd_nonce_t nonce, - const rspamd_nm_t nm, rspamd_mac_t sig); + const rspamd_nm_t nm, rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** @@ -159,7 +171,8 @@ void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segm */ gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, const rspamd_nonce_t nonce, - const rspamd_nm_t nm, const rspamd_mac_t sig); + const rspamd_nm_t nm, const rspamd_mac_t sig, + enum rspamd_cryptobox_mode mode); /** * Generate shared secret from local sk and remote pk @@ -167,7 +180,8 @@ gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, * @param pk remote pubkey * @param sk local privkey */ -void rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk); +void rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, + const rspamd_sk_t sk, enum rspamd_cryptobox_mode mode); /** * Create digital signature for the specified message and place result in `sig` @@ -179,7 +193,8 @@ void rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_ */ void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, const guchar *m, gsize mlen, - const rspamd_sk_t sk); + const rspamd_sk_t sk, + enum rspamd_cryptobox_mode mode); /** * Verifies digital signature for the specified message using the specified @@ -193,7 +208,8 @@ void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, bool rspamd_cryptobox_verify (const guchar *sig, const guchar *m, gsize mlen, - const rspamd_pk_t pk); + const rspamd_pk_t pk, + enum rspamd_cryptobox_mode mode); /** * Securely clear the buffer specified @@ -228,51 +244,45 @@ gboolean rspamd_cryptobox_pbkdf(const char *pass, gsize pass_len, const guint8 *salt, gsize salt_len, guint8 *key, gsize key_len, unsigned int rounds); -/** - * Enable openssl mode in rspamd_cryptobox - * @param enable if TRUE then crypto code will use openssl, chacha20/poly1305 otherwize - */ -gboolean rspamd_cryptobox_openssl_mode (gboolean enable); - /** * Real size of rspamd cryptobox public key */ -guint rspamd_cryptobox_pk_bytes (void); +guint rspamd_cryptobox_pk_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox signing public key */ -guint rspamd_cryptobox_pk_sig_bytes (void); +guint rspamd_cryptobox_pk_sig_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of crypto nonce */ -guint rspamd_cryptobox_nonce_bytes (void); +guint rspamd_cryptobox_nonce_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox secret key */ -guint rspamd_cryptobox_sk_bytes (void); +guint rspamd_cryptobox_sk_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox signing secret key */ -guint rspamd_cryptobox_sk_sig_bytes (void); +guint rspamd_cryptobox_sk_sig_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox shared key */ -guint rspamd_cryptobox_nm_bytes (void); +guint rspamd_cryptobox_nm_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox MAC signature */ -guint rspamd_cryptobox_mac_bytes (void); +guint rspamd_cryptobox_mac_bytes (enum rspamd_cryptobox_mode mode); /** * Real size of rspamd cryptobox digital signature */ -guint rspamd_cryptobox_signature_bytes (void); +guint rspamd_cryptobox_signature_bytes (enum rspamd_cryptobox_mode mode); /* Hash IUF interface */ typedef struct RSPAMD_ALIGNED(32) rspamd_cryptobox_hash_state_s { diff --git a/src/libcryptobox/ed25519/ed25519.c b/src/libcryptobox/ed25519/ed25519.c index e5355a673..b022c16cc 100644 --- a/src/libcryptobox/ed25519/ed25519.c +++ b/src/libcryptobox/ed25519/ed25519.c @@ -269,7 +269,8 @@ ed25519_test (const ed25519_impl_t *impl) impl->sign (sig, NULL, msg, strlen (test_vectors[i].message) / 2, joint_sk); - if (memcmp (sig, expected, rspamd_cryptobox_signature_bytes ()) != 0) { + if (memcmp (sig, expected, + rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)) != 0) { return false; } diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c index 2e87561da..5df5e8a27 100644 --- a/src/libcryptobox/keypairs_cache.c +++ b/src/libcryptobox/keypairs_cache.c @@ -81,23 +81,23 @@ rspamd_keypair_cache_process (struct rspamd_keypair_cache *c, g_assert (kp_remote != NULL); memset (&search, 0, sizeof (search)); - memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ()); + memcpy (search.pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); memcpy (&search.pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk, - rspamd_cryptobox_sk_bytes ()); + rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); new = rspamd_lru_hash_lookup (c->hash, &search, time (NULL)); if (new == NULL) { new = g_slice_alloc0 (sizeof (*new)); - memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes ()); + memcpy (new->pair, kp_remote->pk, rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); memcpy (&new->pair[rspamd_cryptobox_MAX_PKBYTES], kp_local->sk, - rspamd_cryptobox_sk_bytes ()); - rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk); + rspamd_cryptobox_sk_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); + rspamd_cryptobox_nm (new->nm, kp_remote->pk, kp_local->sk, RSPAMD_CRYPTOBOX_MODE_25519); rspamd_lru_hash_insert (c->hash, new, new, time (NULL), -1); } g_assert (new != NULL); - memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes ()); + memcpy (kp_remote->nm, new->nm, rspamd_cryptobox_nm_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); kp_remote->has_nm = TRUE; #if 0 memcpy (kp_local->nm, new->nm, rspamd_cryptobox_NMBYTES); -- cgit v1.2.3