[Feature] Finish all features of dkim_keygen in Lua

rspamd · Apr 7, 2023 · a070e5a · a070e5a
1 parent 58bd6be
commit a070e5a
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 387 deletions.
diff --git a/lualib/rspamadm/dkim_keygen.lua b/lualib/rspamadm/dkim_keygen.lua
@@ -16,6 +16,7 @@ limitations under the License.
 
 local argparse = require "argparse"
 local rspamd_util = require "rspamd_util"
+local rspamd_cryptobox = require "rspamd_cryptobox"
 
 local parser = argparse()
     :name 'rspamadm dkim_keygen'
@@ -64,6 +65,8 @@ parser:option '--priv-output'
         ['der'] = 'der',
       }
       :default 'pem'
+parser:flag '-f --force'
+      :description 'Force overwrite of existing files'
 
 local function split_string(input, max_length)
   max_length = max_length or 253
@@ -114,6 +117,9 @@ local function gen_rsa_key(opts)
 
   local sk,pk = rsa.keypair(opts.bits or 1024)
   if opts.privkey then
+    if opts.force then
+      os.remove(opts.privkey)
+    end
     sk:save(opts.privkey, opts.priv_output)
   else
     sk:save("-", opts.priv_output)
@@ -122,6 +128,25 @@ local function gen_rsa_key(opts)
   print_public_key(opts, tostring(pk))
 end
 
+local function gen_eddsa_key(opts)
+  local sk,pk = rspamd_cryptobox.gen_dkim_keypair(opts.type)
+
+  if opts.privkey and opts.force then
+    os.remove(opts.privkey)
+  end
+  if not sk:save_in_file(opts.privkey, tonumber('0600', 8)) then
+    io.stderr:write('cannot save private key to ' .. (opts.privkey or 'stdout') .. '\n')
+    os.exit(1)
+  end
+
+  if not opts.privkey then
+    io.write("\n")
+    io.flush()
+  end
+
+  print_public_key(opts, tostring(pk))
+end
+
 local function handler(args)
   local opts = parser:parse(args)
 

diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
@@ -2700,6 +2700,39 @@ lua_cryptobox_gen_dkim_keypair (lua_State *L)
 		rspamd_explicit_memzero (pk, sizeof (pk));
 		rspamd_explicit_memzero (sk, sizeof (sk));
 	}
+	else if (strcmp (alg_str, "ed25519-seed") == 0) {
+		rspamd_sig_pk_t pk;
+		rspamd_sig_sk_t sk;
+		gchar *b64_data;
+		gsize b64_len;
+
+		rspamd_cryptobox_keypair_sig (pk, sk, RSPAMD_CRYPTOBOX_MODE_25519);
+
+		/* Process private key */
+		b64_data = rspamd_encode_base64 (sk,
+			32,
+			-1, &b64_len);
+
+		priv_out = lua_newuserdata (L, sizeof (*priv_out));
+		rspamd_lua_setclass (L, "rspamd{text}", -1);
+		priv_out->start = b64_data;
+		priv_out->len = b64_len;
+		priv_out->flags = RSPAMD_TEXT_FLAG_OWN|RSPAMD_TEXT_FLAG_WIPE;
+
+		/* Process public key */
+		b64_data = rspamd_encode_base64 (pk,
+			rspamd_cryptobox_pk_sig_bytes (RSPAMD_CRYPTOBOX_MODE_25519),
+			-1, &b64_len);
+
+		pub_out = lua_newuserdata (L, sizeof (*pub_out));
+		rspamd_lua_setclass (L, "rspamd{text}", -1);
+		pub_out->start = b64_data;
+		pub_out->len = b64_len;
+		pub_out->flags = RSPAMD_TEXT_FLAG_OWN;
+
+		rspamd_explicit_memzero (pk, sizeof (pk));
+		rspamd_explicit_memzero (sk, sizeof (sk));
+	}
 	else {
 		return luaL_error (L, "invalid algorithm %s", alg_str);
 	}

diff --git a/src/lua/lua_text.c b/src/lua/lua_text.c
@@ -1118,12 +1118,12 @@ lua_text_save_in_file (lua_State *L)
 			fname = luaL_checkstring (L, 2);
 
 			if (lua_type (L, 3) == LUA_TNUMBER) {
-				mode = lua_tonumber (L, 3);
+				mode = lua_tointeger(L, 3);
 			}
 		}
 		else if (lua_type (L, 2) == LUA_TNUMBER) {
 			/* Created fd */
-			fd = lua_tonumber (L, 2);
+			fd = lua_tointeger (L, 2);
 		}
 
 		if (fd == -1) {