/*-
* Copyright 2016 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "config.h"
#include "libcryptobox/keypair.h"
#include "libcryptobox/keypair_private.h"
#include "libutil/str_util.h"
#include "libutil/printf.h"
static GQuark
rspamd_keypair_quark (void)
{
return g_quark_from_static_string ("rspamd-cryptobox-keypair");
}
/**
* Returns specific private key for different keypair types
*/
static void *
rspamd_cryptobox_keypair_sk (struct rspamd_cryptobox_keypair *kp,
guint *len)
{
g_assert (kp != NULL);
if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 32;
return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->sk;
}
else {
*len = 64;
return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->sk;
}
}
else {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 32;
return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->sk;
}
else {
*len = 32;
return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->sk;
}
}
/* Not reached */
return NULL;
}
static void *
rspamd_cryptobox_keypair_pk (struct rspamd_cryptobox_keypair *kp,
guint *len)
{
g_assert (kp != NULL);
if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 32;
return RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp)->pk;
}
else {
*len = 32;
return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_25519(kp)->pk;
}
}
else {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 65;
return RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp)->pk;
}
else {
*len = 65;
return RSPAMD_CRYPTOBOX_KEYPAIR_SIG_NIST(kp)->pk;
}
}
/* Not reached */
return NULL;
}
static void *
rspamd_cryptobox_pubkey_pk (const struct rspamd_cryptobox_pubkey *kp,
guint *len)
{
g_assert (kp != NULL);
if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 32;
return RSPAMD_CRYPTOBOX_PUBKEY_25519(kp)->pk;
}
else {
*len = 32;
return RSPAMD_CRYPTOBOX_PUBKEY_SIG_25519(kp)->pk;
}
}
else {
if (kp->type == RSPAMD_KEYPAIR_KEX) {
*len = 65;
return RSPAMD_CRYPTOBOX_PUBKEY_NIST(kp)->pk;
}
else {
*len = 65;
return RSPAMD_CRYPTOBOX_PUBKEY_SIG_NIST(kp)->pk;
}
}
/* Not reached */
return NULL;
}
static struct rspamd_cryptobox_keypair *
rspamd_cryptobox_keypair_alloc (enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
struct rspamd_cryptobox_keypair *kp;
guint size = 0;
if (alg == RSPAMD_CRYPTOBOX_MODE_25519) {
if (type == RSPAMD_KEYPAIR_KEX) {
size = sizeof (struct rspamd_cryptobox_keypair_25519);
}
else {
size = sizeof (struct rspamd_cryptobox_keypair_sig_25519);
}
}
else {
if (type == RSPAMD_KEYPAIR_KEX) {
size = sizeof (struct rspamd_cryptobox_keypair_nist);
}
else {
size = sizeof (struct rspamd_cryptobox_keypair_sig_nist);
}
}
g_assert (size >= sizeof (*kp));
if (posix_memalign ((void **)&kp, 32, size) != 0) {
abort ();
}
memset (kp, 0, size);
return kp;
}
static struct rspamd_cryptobox_pubkey *
rspamd_cryptobox_pubkey_alloc (enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
struct rspamd_cryptobox_pubkey *pk;
guint size = 0;
if (alg == RSPAMD_CRYPTOBOX_MODE_25519) {
if (type == RSPAMD_KEYPAIR_KEX) {
size = sizeof (struct rspamd_cryptobox_pubkey_25519);
}
else {
size = sizeof (struct rspamd_cryptobox_pubkey_sig_25519);
}
}
else {
if (type == RSPAMD_KEYPAIR_KEX) {
size = sizeof (struct rspamd_cryptobox_pubkey_nist);
}
else {
size = sizeof (struct rspamd_cryptobox_pubkey_sig_nist);
}
}
g_assert (size >= sizeof (*pk));
if (posix_memalign ((void **)&pk, 32, size) != 0) {
abort ();
}
memset (pk, 0, size);
return pk;
}
void
rspamd_cryptobox_nm_dtor (struct rspamd_cryptobox_nm *nm)
{
rspamd_explicit_memzero (nm->nm, sizeof (nm->nm));
free (nm);
}
void
rspamd_cryptobox_keypair_dtor (struct rspamd_cryptobox_keypair *kp)
{
void *sk;
guint len = 0;
sk = rspamd_cryptobox_keypair_sk (kp, &len);
g_assert (sk != NULL && len > 0);
rspamd_explicit_memzero (sk, len);
/* Not g_free as kp is aligned using posix_memalign */
free (kp);
}
void
rspamd_cryptobox_pubkey_dtor (struct rspamd_cryptobox_pubkey *p)
{
if (p->nm) {
REF_RELEASE (p->nm);
}
/* Not g_free as p is aligned using posix_memalign */
free (p);
}
struct rspamd_cryptobox_keypair*
rspamd_keypair_new (enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
struct rspamd_cryptobox_keypair *kp;
void *pk, *sk;
guint size;
kp = rspamd_cryptobox_keypair_alloc (type, alg);
kp->alg = alg;
kp->type = type;
sk = rspamd_cryptobox_keypair_sk (kp, &size);
pk = rspamd_cryptobox_keypair_pk (kp, &size);
if (type == RSPAMD_KEYPAIR_KEX) {
rspamd_cryptobox_keypair (pk, sk, alg);
}
else {
rspamd_cryptobox_keypair_sig (pk, sk, alg);
}
rspamd_cryptobox_hash (kp->id, pk, size, NULL, 0);
REF_INIT_RETAIN (kp, rspamd_cryptobox_keypair_dtor);
return kp;
}
struct rspamd_cryptobox_keypair*
rspamd_keypair_ref (struct rspamd_cryptobox_keypair *kp)
{
REF_RETAIN (kp);
return kp;
}
void
rspamd_keypair_unref (struct rspamd_cryptobox_keypair *kp)
{
REF_RELEASE (kp);
}
struct rspamd_cryptobox_pubkey*
rspamd_pubkey_ref (struct rspamd_cryptobox_pubkey *kp)
{
REF_RETAIN (kp);
return kp;
}
void
rspamd_pubkey_unref (struct rspamd_cryptobox_pubkey *kp)
{
REF_RELEASE (kp);
}
enum rspamd_cryptobox_keypair_type
rspamd_keypair_type (struct rspamd_cryptobox_keypair *kp)
{
g_assert (kp != NULL);
return kp->type;
}
enum rspamd_cryptobox_keypair_type
rspamd_pubkey_type (struct rspamd_cryptobox_pubkey *p)
{
g_assert (p != NULL);
return p->type;
}
enum rspamd_cryptobox_mode
rspamd_keypair_alg (struct rspamd_cryptobox_keypair *kp)
{
g_assert (kp != NULL);
return kp->alg;
}
enum rspamd_cryptobox_mode
rspamd_pubkey_alg (struct rspamd_cryptobox_pubkey *p)
{
g_assert (p != NULL);
return p->alg;
}
struct rspamd_cryptobox_pubkey*
rspamd_pubkey_from_base32 (const gchar *b32,
gsize len,
enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
guchar *decoded;
gsize dlen, expected_len;
guint pklen;
struct rspamd_cryptobox_pubkey *pk;
guchar *pk_data;
g_assert (b32 != NULL);
if (len == 0) {
len = strlen (b32);
}
decoded = rspamd_decode_base32 (b32, len, &dlen);
if (decoded == NULL) {
return NULL;
}
expected_len = (type == RSPAMD_KEYPAIR_KEX) ?
rspamd_cryptobox_pk_bytes (alg) : rspamd_cryptobox_pk_sig_bytes (alg);
if (dlen != expected_len) {
g_free (decoded);
return NULL;
}
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
REF_INIT_RETAIN (pk, rspamd_cryptobox_pubkey_dtor);
pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
return pk;
}
struct rspamd_cryptobox_pubkey*
rspamd_pubkey_from_hex (const gchar *hex,
gsize len,
enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
guchar *decoded;
gsize dlen, expected_len;
guint pklen;
struct rspamd_cryptobox_pubkey *pk;
guchar *pk_data;
g_assert (hex != NULL);
if (len == 0) {
len = strlen (hex);
}
dlen = len / 2;
decoded = rspamd_decode_hex (hex, len);
if (decoded == NULL) {
return NULL;
}
expected_len = (type == RSPAMD_KEYPAIR_KEX) ?
rspamd_cryptobox_pk_bytes (alg) : rspamd_cryptobox_pk_sig_bytes (alg);
if (dlen != expected_len) {
g_free (decoded);
return NULL;
}
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
REF_INIT_RETAIN (pk, rspamd_cryptobox_pubkey_dtor);
pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
memcpy (pk_data, decoded, pklen);
g_free (decoded);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
return pk;
}
struct rspamd_cryptobox_pubkey*
rspamd_pubkey_from_bin (const guchar *raw,
gsize len,
enum rspamd_cryptobox_keypair_type type,
enum rspamd_cryptobox_mode alg)
{
gsize expected_len;
guint pklen;
struct rspamd_cryptobox_pubkey *pk;
guchar *pk_data;
g_assert (raw != NULL && len > 0);
expected_len = (type == RSPAMD_KEYPAIR_KEX) ?
rspamd_cryptobox_pk_bytes (alg) : rspamd_cryptobox_pk_sig_bytes (alg);
if (len != expected_len) {
return NULL;
}
pk = rspamd_cryptobox_pubkey_alloc (type, alg);
REF_INIT_RETAIN (pk, rspamd_cryptobox_pubkey_dtor);
pk->alg = alg;
pk->type = type;
pk_data = rspamd_cryptobox_pubkey_pk (pk, &pklen);
memcpy (pk_data, raw, pklen);
rspamd_cryptobox_hash (pk->id, pk_data, pklen, NULL, 0);
return pk;
}
const guchar *
rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p)
{
g_assert (p != NULL);
if (p->nm) {
return p->nm->nm;
}
return NULL;
}
const guchar *
rspamd_pubkey_calculate_nm (struct rspamd_cryptobox_pubkey *p,
struct rspamd_cryptobox_keypair *kp)
{
g_assert (kp->alg == p->alg);
g_assert (kp->type == p->type);
g_assert (p->type == RSPAMD_KEYPAIR_KEX);
if (p->nm == NULL) {
if (posix_memalign ((void **)&p->nm, 32, sizeof (*p->nm)) != 0) {
abort ();
}
REF_INIT_RETAIN (p->nm, rspamd_cryptobox_nm_dtor);
}
if (kp->alg == RSPAMD_CRYPTOBOX_MODE_25519) {
struct rspamd_cryptobox_pubkey_25519 *rk_25519 =
RSPAMD_CRYPTOBOX_PUBKEY_25519(p);
struct rspamd_cryptobox_keypair_25519 *sk_25519 =
RSPAMD_CRYPTOBOX_KEYPAIR_25519(kp);
rspamd_cryptobox_nm (p->nm->nm, rk_25519->pk, sk_25519->sk, p->alg);
}
else {
struct rspamd_cryptobox_pubkey_nist *rk_nist =
RSPAMD_CRYPTOBOX_PUBKEY_NIST(p);
struct rspamd_cryptobox_keypair_nist *sk_nist =
RSPAMD_CRYPTOBOX_KEYPAIR_NIST(kp);
rspamd_cryptobox_nm (p->nm->nm, rk_nist->pk, sk_nist->sk, p->alg);
}
return p->nm->nm;
}
const guchar *
rspamd_keypair_get_id (struct rspamd_cryptobox_keypair *kp)
{
g_assert (kp != NULL);
return kp->id;
}
const guchar *
rspamd_pubkey_get_id (struct rspamd_cryptobox_pubkey *pk)
{
g_assert (pk != NULL);
return pk->id;
}
const guchar *
rspamd_pubkey_get_pk (struct rspamd_cryptobox_pubkey *pk,
guint *len)
{
guchar *ret = NULL;
guint rlen;
ret = rspamd_cryptobox_pubkey_pk (pk, &rlen);
if (len) {
*len = rlen;
}
return ret;
}
static void
rspamd_keypair_print_component (guchar *data, gsize datalen,
GString *res, guint how, const gchar *description)
{
gint olen, b32_len;
if (how & RSPAMD_KEYPAIR_HUMAN) {
rspamd_printf_gstring (res, "%s: ", description);
}
if (how & RSPAMD_KEYPAIR_BASE32) {
b32_len = (datalen * 8 / 5) + 2;
g_string_set_size (res, res->len + b32_len);
res->len -= b32_len;
olen = rspamd_encode_base32_buf (data, datalen, res->str + res->len,
res->len + b32_len - 1);
if (olen > 0) {
res->len += olen;
res->str[res->len] = '\0';
}
}
else if (how & RSPAMD_KEYPAIR_HEX) {
rspamd_printf_gstring (res, "%*xs", (gint)datalen, data);
}
else {
g_string_append_len (res, data, datalen);
}
if (how & RSPAMD_KEYPAIR_HUMAN) {
g_string_append_c (res, '\n');
}
}
GString *
rspamd_keypair_print (struct rspamd_cryptobox_keypair *kp, guint how)
{
GString *res;
guint len;
gpointer p;
g_assert (kp != NULL);
res = g_string_sized_new (63);
if ((how & RSPAMD_KEYPAIR_PUBKEY)) {
p = rspamd_cryptobox_keypair_pk (kp, &len);
rspamd_keypair_print_component (p, len, res, how, "Public key");
}
if ((how & RSPAMD_KEYPAIR_PRIVKEY)) {
p = rspamd_cryptobox_keypair_sk (kp, &len);
rspamd_keypair_print_component (p, len, res, how, "Private key");
}
if ((how & RSPAMD_KEYPAIR_ID_SHORT)) {
rspamd_keypair_print_component (kp->id, RSPAMD_KEYPAIR_SHORT_ID_LEN,
res, how, "Short key ID");
}
if ((how & RSPAMD_KEYPAIR_ID)) {
rspamd_keypair_print_component (kp->id, sizeof (kp->id), res, how, "Key ID");
}
return res;
}
GString *
rspamd_pubkey_print (struct rspamd_cryptobox_pubkey *pk, guint how)
{
GString *res;
guint len;
gpointer p;
g_assert (pk != NULL);
res = g_string_sized_new (63);
if ((how & RSPAMD_KEYPAIR_PUBKEY)) {
p = rspamd_cryptobox_pubkey_pk (pk, &len);
rspamd_keypair_print_component (p, len, res, how, "Public key");
}
if ((how & RSPAMD_KEYPAIR_ID_SHORT)) {
rspamd_keypair_print_component (pk->id, RSPAMD_KEYPAIR_SHORT_ID_LEN,
res, how, "Short key ID");
}
if ((how & RSPAMD_KEYPAIR_ID)) {
rspamd_keypair_print_component (pk->id, sizeof (pk->id), res, how,
"Key ID");
}
return res;
}
const guchar *
rspamd_keypair_component (struct rspamd_cryptobox_keypair *kp,
guint ncomp, guint *len)
{
guint rlen = 0;
const guchar *ret = NULL;
g_assert (kp != NULL);
switch (ncomp) {
case RSPAMD_KEYPAIR_COMPONENT_ID:
rlen = sizeof (kp->id);
ret = kp->id;
break;
case RSPAMD_KEYPAIR_COMPONENT_PK:
ret = rspamd_cryptobox_keypair_pk (kp, &rlen);
break;
case RSPAMD_KEYPAIR_COMPONENT_SK:
ret = rspamd_cryptobox_keypair_sk (kp, &rlen);
break;
}
if (len) {
*len = rlen;
}
return ret;
}
struct rspamd_cryptobox_keypair *
rspamd_keypair_from_ucl (const ucl_object_t *obj)
{
const ucl_object_t *privkey, *pubkey, *elt;
const gchar *str;
enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX;
enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;
gboolean is_hex = FALSE;
struct rspamd_cryptobox_keypair *kp;
guint len;
gsize ucl_len;
gint dec_len;
gpointer target;
if (ucl_object_type (obj) != UCL_OBJECT) {
return NULL;
}
elt = ucl_object_lookup (obj, "keypair");
if (elt != NULL) {
obj = elt;
}
pubkey = ucl_object_lookup_any (obj, "pubkey", "public", "public_key",
NULL);
if (pubkey == NULL || ucl_object_type (pubkey) != UCL_STRING) {
return NULL;
}
privkey = ucl_object_lookup_any (obj, "privkey", "private", "private_key",
"secret", "secret_key", NULL);
if (privkey == NULL || ucl_object_type (privkey) != UCL_STRING) {
return NULL;
}
/* Optional fields */
elt = ucl_object_lookup (obj, "type");
if (elt && ucl_object_type (elt) == UCL_STRING) {
str = ucl_object_tostring (elt);
if (g_ascii_strcasecmp (str, "kex") == 0) {
type = RSPAMD_KEYPAIR_KEX;
}
else if (g_ascii_strcasecmp (str, "sign") == 0) {
type = RSPAMD_KEYPAIR_SIGN;
}
/* TODO: handle errors */
}
elt = ucl_object_lookup (obj, "algorithm");
if (elt && ucl_object_type (elt) == UCL_STRING) {
str = ucl_object_tostring (elt);
if (g_ascii_strcasecmp (str, "curve25519") == 0) {
mode = RSPAMD_CRYPTOBOX_MODE_25519;
}
else if (g_ascii_strcasecmp (str, "nistp256") == 0) {
mode = RSPAMD_CRYPTOBOX_MODE_NIST;
}
/* TODO: handle errors */
}
elt = ucl_object_lookup (obj, "encoding");
if (elt && ucl_object_type (elt) == UCL_STRING) {
str = ucl_object_tostring (elt);
if (g_ascii_strcasecmp (str, "hex") == 0) {
is_hex = TRUE;
}
/* TODO: handle errors */
}
kp = rspamd_cryptobox_keypair_alloc (type, mode);
kp->type = type;
kp->alg = mode;
REF_INIT_RETAIN (kp, rspamd_cryptobox_keypair_dtor);
g_assert (kp != NULL);
target = rspamd_cryptobox_keypair_sk (kp, &len);
str = ucl_object_tolstring (privkey, &ucl_len);
if (is_hex) {
dec_len = rspamd_decode_hex_buf (str, ucl_len, target, len);
}
else {
dec_len = rspamd_decode_base32_buf (str, ucl_len, target, len);
}
if (dec_len != (gint)len) {
rspamd_keypair_unref (kp);
return NULL;
}
target = rspamd_cryptobox_keypair_pk (kp, &len);
str = ucl_object_tolstring (pubkey, &ucl_len);
if (is_hex) {
dec_len = rspamd_decode_hex_buf (str, ucl_len, target, len);
}
else {
dec_len = rspamd_decode_base32_buf (str, ucl_len, target, len);
}
if (dec_len != (gint)len) {
rspamd_keypair_unref (kp);
return NULL;
}
rspamd_cryptobox_hash (kp->id, target, len, NULL, 0);
return kp;
}
ucl_object_t *
rspamd_keypair_to_ucl (struct rspamd_cryptobox_keypair *kp,
gboolean is_hex)
{
ucl_object_t *ucl_out, *elt;
gint how = 0;
GString *keypair_out;
const gchar *encoding;
g_assert (kp != NULL);
if (is_hex) {
how |= RSPAMD_KEYPAIR_HEX;
encoding = "hex";
}
else {
how |= RSPAMD_KEYPAIR_BASE32;
encoding = "base32";
}
ucl_out = ucl_object_typed_new (UCL_OBJECT);
elt = ucl_object_typed_new (UCL_OBJECT);
ucl_object_insert_key (ucl_out, elt, "keypair", 0, false);
/* pubkey part */
keypair_out = rspamd_keypair_print (kp,
RSPAMD_KEYPAIR_PUBKEY|how);
ucl_object_insert_key (elt,
ucl_object_fromlstring (keypair_out->str, keypair_out->len),
"pubkey", 0, false);
g_string_free (keypair_out, TRUE);
/* privkey part */
keypair_out = rspamd_keypair_print (kp,
RSPAMD_KEYPAIR_PRIVKEY|how);
ucl_object_insert_key (elt,
ucl_object_fromlstring (keypair_out->str, keypair_out->len),
"privkey", 0, false);
g_string_free (keypair_out, TRUE);
keypair_out = rspamd_keypair_print (kp,
RSPAMD_KEYPAIR_ID|how);
ucl_object_insert_key (elt,
ucl_object_fromlstring (keypair_out->str, keypair_out->len),
"id", 0, false);
g_string_free (keypair_out, TRUE);
ucl_object_insert_key (elt,
ucl_object_fromstring (encoding),
"encoding", 0, false);
ucl_object_insert_key (elt,
ucl_object_fromstring (
kp->alg == RSPAMD_CRYPTOBOX_MODE_NIST ?
"nistp256" : "curve25519"),
"algorithm", 0, false);
ucl_object_insert_key (elt,
ucl_object_fromstring (
kp->type == RSPAMD_KEYPAIR_KEX ?
"kex" : "sign"),
"type", 0, false);
return ucl_out;
}
gboolean
rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp,
const void *data, gsize len, guchar **sig, gsize *outlen,
GError **err)
{
gsize siglen;
guint sklen;
g_assert (kp != NULL);
g_assert (data != NULL);
g_assert (sig != NULL);
if (kp->type != RSPAMD_KEYPAIR_SIGN) {
g_set_error (err, rspamd_keypair_quark (), EINVAL,
"invalid keypair: expected signature pair");
return FALSE;
}
siglen = rspamd_cryptobox_signature_bytes (kp->alg);
*sig = g_malloc (siglen);
rspamd_cryptobox_sign (*sig, &siglen, data, len,
rspamd_cryptobox_keypair_sk (kp, &sklen), kp->alg);
if (outlen != NULL) {
*outlen = siglen;
}
return TRUE;
}
gboolean
rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk,
const void *data, gsize len, guchar *sig, gsize siglen,
GError **err)
{
guint pklen;
g_assert (pk != NULL);
g_assert (data != NULL);
g_assert (sig != NULL);
if (pk->type != RSPAMD_KEYPAIR_SIGN) {
g_set_error (err, rspamd_keypair_quark (), EINVAL,
"invalid keypair: expected signature pair");
return FALSE;
}
if (siglen != rspamd_cryptobox_signature_bytes (pk->alg)) {
g_set_error (err, rspamd_keypair_quark (), E2BIG,
"invalid signature length: %d; expected %d",
(int)siglen, (int) rspamd_cryptobox_signature_bytes (pk->alg));
return FALSE;
}
if (!rspamd_cryptobox_verify (sig, data, len,
rspamd_cryptobox_pubkey_pk (pk, &pklen), pk->alg)) {
g_set_error (err, rspamd_keypair_quark (), EPERM,
"signature verification failed");
return FALSE;
}
return TRUE;
}
gboolean
rspamd_pubkey_equal (const struct rspamd_cryptobox_pubkey *k1,
const struct rspamd_cryptobox_pubkey *k2)
{
guchar *p1 = NULL, *p2 = NULL;
guint len1, len2;
if (k1->alg == k2->alg && k1->type == k2->type) {
p1 = rspamd_cryptobox_pubkey_pk (k1, &len1);
p2 = rspamd_cryptobox_pubkey_pk (k2, &len2);
if (len1 == len2) {
return (memcmp (p1, p2, len1) == 0);
}
}
return FALSE;
}