mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-02-18 18:18:06 -05:00
e895f5fd36
Note: even though the same algorithms were used, the data produced by this module doesn't work with the OpenSSL-based module and vice versa.
77 lines
2 KiB
C
77 lines
2 KiB
C
/* crypto.c - LMDB encryption helper module */
|
|
/*
|
|
* Copyright 2020-2024 Howard Chu, Symas Corp.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted only as authorized by the Symas
|
|
* Dual-Use License.
|
|
*
|
|
* A copy of this license is available in the file LICENSE in the
|
|
* source distribution.
|
|
*/
|
|
#include <string.h>
|
|
|
|
#include <sodium.h>
|
|
|
|
#include "lmdb.h"
|
|
|
|
#define KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES
|
|
#define NONCEBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES
|
|
#define MACBYTES crypto_aead_chacha20poly1305_ietf_ABYTES
|
|
|
|
MDB_crypto_hooks MDB_crypto;
|
|
|
|
static int mcf_str2key(const char *passwd, MDB_val *key)
|
|
{
|
|
crypto_hash_sha256_state state;
|
|
|
|
crypto_hash_sha256_init(&state);
|
|
crypto_hash_sha256_update(&state, (const unsigned char *)"Just a Constant", sizeof("Just a Constant"));
|
|
crypto_hash_sha256_update(&state, (const unsigned char *)passwd, strlen(passwd));
|
|
crypto_hash_sha256_final(&state, key->mv_data);
|
|
return 0;
|
|
}
|
|
|
|
#define ENC(dst, src, mac, key, iv) \
|
|
crypto_aead_chacha20poly1305_ietf_encrypt_detached(dst->mv_data, mac, &mlen, \
|
|
src->mv_data, src->mv_size, NULL, 0, NULL, iv, key)
|
|
|
|
#define DEC(dst, src, mac, key, iv) \
|
|
crypto_aead_chacha20poly1305_ietf_decrypt_detached(dst->mv_data, NULL, src->mv_data, \
|
|
src->mv_size, mac, NULL, 0, iv, key)
|
|
|
|
static int mcf_encfunc(const MDB_val *src, MDB_val *dst, const MDB_val *key, int encdec)
|
|
{
|
|
unsigned char iv[NONCEBYTES];
|
|
mdb_size_t *ptr;
|
|
int ivl, rc;
|
|
unsigned long long mlen;
|
|
|
|
/* the nonce is only 12 bytes */
|
|
ptr = key[1].mv_data;
|
|
ivl = ptr[0] & 0xffffffff;
|
|
memcpy(iv, &ivl, 4);
|
|
memcpy(iv+4, ptr+1, sizeof(mdb_size_t));
|
|
|
|
if (encdec) {
|
|
rc = ENC(dst, src, key[2].mv_data, key[0].mv_data, iv);
|
|
} else {
|
|
rc = DEC(dst, src, key[2].mv_data, key[0].mv_data, iv);
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
static const MDB_crypto_funcs mcf_table = {
|
|
mcf_str2key,
|
|
mcf_encfunc,
|
|
NULL,
|
|
KEYBYTES,
|
|
MACBYTES,
|
|
0
|
|
};
|
|
|
|
MDB_crypto_funcs *MDB_crypto()
|
|
{
|
|
return (MDB_crypto_funcs *)&mcf_table;
|
|
}
|