…

src/libexim-kitencrypt-dlfunc.c

@@ -0,0 +1,50 @@
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include "secretkey.h"
+#include <sodium.h>
+#include <local_scan.h>
+
+int kitencrypt(uschar **yield, int argc, uschar *argv[]) {
+	int sinit;
+	size_t inputlen;
+	unsigned char * input;
+
+	sinit = sodium_init();
+	if (sinit == -1 ) {
+		*yield = string_sprintf("Unable to initialize libsodium");
+		return ERROR;
+	}
+	if (argc != 1) {
+		*yield = string_sprintf("Wrong number of arguments (got %i, expected 1)", argc);
+		return ERROR;
+	}
+
+	input = argv[0];
+	inputlen = strlen(input);
+
+	unsigned char nonce[crypto_secretbox_NONCEBYTES];
+	randombytes_buf(nonce, sizeof nonce);
+
+	unsigned int cipherlen = inputlen + crypto_secretbox_MACBYTES;
+	unsigned char * ciphertext = malloc(cipherlen);
+	explicit_bzero(ciphertext, cipherlen);
+
+	crypto_secretbox_easy(ciphertext, input, inputlen, nonce, key);
+
+	unsigned int outputsize = sodium_base64_ENCODED_LEN(cipherlen, sodium_base64_VARIANT_URLSAFE);
+	unsigned char * outstring = malloc(outputsize);
+	explicit_bzero(outstring, outputsize);
+
+	sodium_bin2base64(outstring, outputsize,
+			ciphertext, cipherlen,
+			sodium_base64_VARIANT_URLSAFE);
+
+	free(ciphertext);
+
+	*yield = string_sprintf(outstring);
+
+	free(outstring);
+
+	return OK;
+}