lib10_mail_crypt_plugin_la_SOURCES = \
crypt-settings.c \
mail-crypt-global-key.c \
- mail-crypt-userenv.c \
mail-crypt-key.c \
mail-crypt-plugin.c
test-mail-key.c \
crypt-settings.c \
mail-crypt-key.c \
- mail-crypt-global-key.c \
- mail-crypt-userenv.c
+ mail-crypt-global-key.c
test_mail_key_LDADD = $(LIBDOVECOT_STORAGE) $(LIBDOVECOT)
test_mail_key_DEPENDENCIES = $(LIBDOVECOT_DEPS) $(LIBDOVECOT_STORAGE_DEPS)
.filter_array_field_name = "crypt_private_key_name" },
DEF(STR, crypt_user_key_password),
DEF(STR, crypt_user_key_curve),
- DEF(BOOL, crypt_user_private_key_require_encrypted),
+ DEF(BOOL, crypt_user_key_require_encrypted),
SETTING_DEFINE_LIST_END
};
.crypt_user_key_encryption_keys = ARRAY_INIT,
.crypt_user_key_password = "",
.crypt_user_key_curve = "",
- .crypt_user_private_key_require_encrypted = FALSE,
+ .crypt_user_key_require_encrypted = FALSE,
};
const struct setting_parser_info crypt_setting_parser_info = {
ARRAY_TYPE(const_string) crypt_user_key_encryption_keys;
const char *crypt_user_key_password;
const char *crypt_user_key_curve; /* for generating new user keys */
- bool crypt_user_private_key_require_encrypted;
+ bool crypt_user_key_require_encrypted;
};
extern const struct setting_parser_info crypt_setting_parser_info;
#include "buffer.h"
#include "ioloop.h"
#include "ioloop-private.h"
+#include "settings.h"
#include "mail-namespace.h"
#include "mail-storage.h"
#include "mail-storage-private.h"
ctx->new_password = p_strdup(_ctx->pool, passw);
}
+ const struct crypt_settings *set;
+ const char *error;
+ if (settings_get(user->event, &crypt_setting_parser_info, 0,
+ &set, &error) < 0) {
+ e_error(cctx->event, "%s", error);
+ return -1;
+ }
+
if (ctx->clear_password &&
(ctx->new_password != NULL ||
- mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD) != NULL)) {
+ set->crypt_user_key_password[0] != '\0')) {
doveadm_print("clear password and new password specified");
_ctx->exit_code = EX_USAGE;
+ settings_free(set);
return -1;
}
+ settings_free(set);
struct mail_namespace *ns = mail_namespace_find_inbox(user->namespaces);
struct mailbox *box = mailbox_alloc(ns->list, "INBOX", 0);
MAIL_ATTRIBUTE_TYPE_PRIVATE,
USER_CRYPT_PREFIX
PRIVKEYS_PREFIX);
- const char *error;
const char *key_id;
int ret = 1;
unsigned int count = 0;
#define MAIL_CRYPT_KEY_ID_ALGORITHM "sha256"
#define MAIL_CRYPT_KEY_ATTRIBUTE_FORMAT DCRYPT_FORMAT_DOVECOT
#define MAIL_CRYPT_ACL_SECURE_SHARE_SETTING "mail_crypt_acl_require_secure_key_sharing"
-#define MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY "mail_crypt_require_encrypted_user_key"
#define MAIL_CRYPT_HASH_BUF_SIZE 128
#define MAIL_CRYPT_KEY_BUF_SIZE 1024
#define ACTIVE_KEY_NAME "active"
MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT_SERVER \
MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT"crypt/"
-#define MAIL_CRYPT_USERENV_PASSWORD "mail_crypt_private_password"
-#define MAIL_CRYPT_USERENV_KEY "mail_crypt_private_key"
-#define MAIL_CRYPT_USERENV_CURVE "mail_crypt_curve"
-
ARRAY_DEFINE_TYPE(dcrypt_private_key, struct dcrypt_private_key*);
#endif
}
int mail_crypt_load_global_private_key(const char *set_key, const char *key_data,
- const char *set_pw, const char *key_password,
+ const char *key_password,
struct mail_crypt_global_keys *global_keys,
const char **error_r)
{
if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_PASSWORD) {
/* Fail here if password is not set since openssl will prompt
* for it otherwise */
- if (key_password == NULL || key_password[0] == '\0') {
- *error_r = t_strdup_printf("%s: %s unset, no password to decrypt the key",
- set_key, set_pw);
+ if (key_password[0] == '\0') {
+ *error_r = t_strdup_printf("%s: crypt_private_key_password unset, no password to decrypt the key",
+ set_key);
return -1;
}
}
}
if (mail_crypt_load_global_private_key(
key_name, key_set->crypt_private_key,
- key_name, key_set->crypt_private_key_password,
+ key_set->crypt_private_key_password,
global_keys_r, error_r) < 0) {
settings_free(key_set);
return -1;
struct mail_crypt_global_keys *global_keys_r,
bool ignore_privkey_errors,
const char **error_r);
-int mail_crypt_global_keys_load_pluginenv(const char *set_prefix,
- struct mail_crypt_global_keys *global_keys_r,
- const char **error_r);
void mail_crypt_global_keys_init(struct mail_crypt_global_keys *global_keys_r);
void mail_crypt_global_keys_free(struct mail_crypt_global_keys *global_keys);
struct mail_crypt_global_keys *global_keys,
const char **error_r);
int mail_crypt_load_global_private_key(const char *set_key, const char *key_data,
- const char *set_pw, const char *key_password,
+ const char *key_password,
struct mail_crypt_global_keys *global_keys,
const char **error_r);
#include "dict.h"
#include "array.h"
#include "var-expand.h"
+#include "settings.h"
#include "mail-storage.h"
#include "mailbox-attribute.h"
#include "mail-crypt-common.h"
return 1;
}
+static int
+mail_crypt_user_encryption_keys_load(struct event *event,
+ const struct crypt_settings *set,
+ struct mail_crypt_global_keys *global_keys_r,
+ const char **error_r)
+{
+ const struct crypt_private_key_settings *key_set;
+ const char *key_name, *error;
+
+ mail_crypt_global_keys_init(global_keys_r);
+ if (!array_is_created(&set->crypt_user_key_encryption_keys))
+ return 0;
+
+ array_foreach_elem(&set->crypt_user_key_encryption_keys, key_name) {
+ if (settings_get_filter(event, "crypt_user_key_encryption_key",
+ key_name,
+ &crypt_private_key_setting_parser_info,
+ 0, &key_set, &error) < 0) {
+ *error_r = t_strdup_printf(
+ "Failed to get crypt_private_key %s: %s",
+ key_name, error);
+ return -1;
+ }
+ if (mail_crypt_load_global_private_key(
+ key_name, key_set->crypt_private_key,
+ key_set->crypt_private_key_password,
+ global_keys_r, &error) < 0) {
+ /* skip this key */
+ e_debug(event, "%s - skipping", error);
+ }
+ settings_free(key_set);
+ }
+ return 0;
+}
+
static
int mail_crypt_env_get_private_key(struct mail_user *user, const char *pubid,
struct dcrypt_private_key **key_r,
const char **error_r)
{
+ struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
struct mail_crypt_global_keys global_keys;
int ret = 0;
- if (mail_crypt_global_keys_load_from_user(user, "mail_crypt",
- &global_keys, TRUE, error_r) < 0) {
+
+ if (mail_crypt_user_encryption_keys_load(user->event, muser->set,
+ &global_keys, error_r) < 0) {
mail_crypt_global_keys_free(&global_keys);
return -1;
}
const char *enc_hash = NULL, *key_hash = NULL, *pw = NULL;
struct dcrypt_private_key *key = NULL, *dec_key = NULL;
struct mail_user *user = mail_storage_get_user(mailbox_get_storage(box));
+ struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
int ret = 0;
i_assert(pubid != NULL);
if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_NONE) {
/* no key or password */
} else if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_PASSWORD) {
- pw = mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD);
- if (pw == NULL) {
+ pw = muser->set->crypt_user_key_password;
+ if (pw[0] == '\0') {
*error_r = t_strdup_printf("Cannot decrypt key %s: "
"Password not available",
pubid);
struct mail_user *user = mail_storage_get_user(
mailbox_get_storage(
mailbox_transaction_get_mailbox(t)));
+ struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
const char *attr_name = mail_crypt_get_key_path(user_key, FALSE, pubid);
struct mail_attribute_value value;
int ret;
if (enc_key != NULL) {
algo = MAIL_CRYPT_KEY_CIPHER;
- } else if (user_key &&
- (pw = mail_user_plugin_getenv(user,MAIL_CRYPT_USERENV_PASSWORD))
- != NULL) {
+ } else if (user_key && muser->set->crypt_user_key_password[0] != '\0') {
+ pw = muser->set->crypt_user_key_password;
algo = MAIL_CRYPT_PW_CIPHER;
}
struct dcrypt_private_key *key,
const char **error_r)
{
+ struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
struct dcrypt_private_key *env_key = NULL;
struct dcrypt_public_key *enc_key = NULL;
struct mailbox_transaction_context *t;
dcrypt_key_unref_private(&env_key);
}
- bool require_encrypted_user_key =
- mail_user_plugin_getenv_bool(user, MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY);
-
- if (require_encrypted_user_key &&
- mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD) == NULL &&
- mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_KEY) == NULL)
- {
- *error_r = MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY " set, cannot "
+ if (muser->set->crypt_user_key_require_encrypted &&
+ muser->set->crypt_user_key_password[0] == '\0' &&
+ (!array_is_created(&muser->set->crypt_user_key_encryption_keys) ||
+ array_is_empty(&muser->set->crypt_user_key_encryption_keys))) {
+ *error_r = "crypt_user_key_require_encrypted set, cannot "
"generate user keypair without password or key";
return -1;
}
const char **pubid_r,
const char **error_r)
{
- if (curve == NULL) {
- *error_r = MAIL_CRYPT_USERENV_CURVE " not set, cannot generate EC key";
+ if (curve[0] == '\0') {
+ *error_r = "crypt_user_key_curve not set, cannot generate EC key";
return -1;
}
const char **error_r)
{
struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
- const char *curve = mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_CURVE);
- if (mail_crypt_generate_keypair(curve, pair, pubid_r, error_r) < 0) {
+ if (mail_crypt_generate_keypair(muser->set->crypt_user_key_curve,
+ pair, pubid_r, error_r) < 0) {
return -1;
}
int ret;
struct mail_user *user = mail_storage_get_user(mailbox_get_storage(box));
struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user);
- const char *curve = mail_user_plugin_getenv(user,
- MAIL_CRYPT_USERENV_CURVE);
if (user_key == NULL) {
if ((ret = mail_crypt_user_get_public_key(user,
dcrypt_key_ref_public(user_key);
}
- if ((ret = mail_crypt_generate_keypair(curve, pair, pubid_r, error_r)) < 0) {
+ ret = mail_crypt_generate_keypair(muser->set->crypt_user_key_curve,
+ pair, pubid_r, error_r);
+ if (ret < 0) {
/* failed */
} else if ((ret = mail_crypt_box_set_keys(box, *pubid_r,
pair->priv, user_key, pair->pub,
#include "istream-seekable.h"
#include "ostream.h"
#include "ostream-encrypt.h"
+#include "settings.h"
#include "mail-user.h"
#include "mail-copy.h"
#include "index-storage.h"
#include "mail-crypt-common.h"
#include "mail-crypt-key.h"
#include "mail-crypt-plugin.h"
+#include "crypt-settings.h"
#include "sha2.h"
#include "dcrypt-iostream.h"
#include "hex-binary.h"
enum io_stream_encrypt_flags enc_flags = 0;
if (muser != NULL) {
- if (muser->save_version == 1) {
+ if (muser->set->crypt_write_version == 1) {
enc_flags = IO_STREAM_ENC_VERSION_1;
- } else if (muser->save_version == 2) {
+ } else if (muser->set->crypt_write_version == 2) {
enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
} else {
- i_assert(muser->save_version == 0);
+ i_assert(muser->set->crypt_write_version == 0);
}
}
return ret;
}
- if (muser->save_version < 2) {
+ if (muser->set->crypt_write_version < 2) {
mail_storage_set_error(box->storage,
MAIL_ERROR_PARAMS,
t_strdup_printf("generate_keypair(%s) failed: "
- "unsupported save_version=%d",
+ "unsupported crypt_write_version=%d",
mailbox_get_vname(box),
- muser->save_version));
+ muser->set->crypt_write_version));
return -1;
}
/* Within same user, consider safe only the case where
encryption is enabled and keys are global. */
raw_copy = muser != NULL &&
- muser->save_version != 0 &&
+ muser->set->crypt_write_version != 0 &&
muser->global_keys.public_key != NULL;
}
v->save_begin = mail_crypt_mail_save_begin;
v->copy = mail_crypt_mailbox_copy;
- if (muser == NULL || muser->save_version == 0)
+ if (muser == NULL || muser->set->crypt_write_version == 0)
v->save_finish = mail_crypt_mail_save_finish;
}
}
mail_crypt_key_cache_destroy(&muser->key_cache);
mail_crypt_global_keys_free(&muser->global_keys);
mail_crypt_cache_close(muser);
+ settings_free(muser->set);
muser->module_ctx.super.deinit(user);
}
{
struct mail_user_vfuncs *v = user->vlast;
struct mail_crypt_user *muser;
- const char *error = NULL;
+ const char *error;
muser = p_new(user->pool, struct mail_crypt_user, 1);
muser->module_ctx.super = *v;
user->vlast = &muser->module_ctx.super;
- const char *curve = mail_user_plugin_getenv(user, "mail_crypt_curve");
+ if (settings_get(user->event, &crypt_setting_parser_info, 0,
+ &muser->set, &error) < 0) {
+ user->error = p_strdup(user->pool, error);
+ return;
+ }
+
buffer_t *tmp = t_str_new(64);
- if (curve == NULL || *curve == '\0') {
- e_debug(user->event, "mail_crypt_plugin: mail_crypt_curve setting "
+ if (muser->set->crypt_user_key_curve[0] == '\0') {
+ e_debug(user->event, "mail_crypt_plugin: crypt_user_key_curve setting "
"missing - generating EC keys disabled");
- } else if (!dcrypt_name2oid(curve, tmp, &error)) {
+ } else if (!dcrypt_name2oid(muser->set->crypt_user_key_curve, tmp, &error)) {
user->error = p_strdup_printf(user->pool,
"mail_crypt_plugin: "
- "invalid mail_crypt_curve setting %s: %s",
- curve, error);
- } else {
- muser->curve = p_strdup(user->pool, curve);
+ "invalid crypt_user_key_curve setting %s: %s",
+ muser->set->crypt_user_key_curve, error);
}
- const char *version = mail_user_plugin_getenv(user,
- "mail_crypt_save_version");
-
- if (version == NULL || *version == '\0') {
+ if (muser->set->crypt_write_version == UINT_MAX) {
user->error = p_strdup_printf(user->pool,
"mail_crypt_plugin: "
- "mail_crypt_save_version setting missing");
- } else if (version[0] == '0') {
- muser->save_version = 0;
- } else if (version[0] == '1') {
- muser->save_version = 1;
- } else if (version[0] == '2') {
- muser->save_version = 2;
- } else {
+ "crypt_write_version setting missing");
+ } else if (muser->set->crypt_write_version > 2) {
user->error = p_strdup_printf(user->pool,
"mail_crypt_plugin: Invalid "
- "mail_crypt_save_version %s: use 0, 1, or 2 ",
- version);
+ "crypt_write_version %u: use 0, 1, or 2 ",
+ muser->set->crypt_write_version);
}
- if (mail_crypt_global_keys_load_from_user(user, "mail_crypt_global",
- &muser->global_keys, FALSE, &error) < 0) {
+ if (mail_crypt_global_keys_load(user->event, muser->set,
+ &muser->global_keys, &error) < 0) {
user->error = p_strdup_printf(user->pool,
"mail_crypt_plugin: %s", error);
}
struct mail_crypt_user {
union mail_user_module_context module_ctx;
+ const struct crypt_settings *set;
struct mail_crypt_global_keys global_keys;
struct mail_crypt_cache cache;
struct mail_crypt_key_cache_entry *key_cache;
- const char *curve;
- int save_version;
};
void mail_crypt_plugin_init(struct module *module);
+++ /dev/null
-/* Copyright (c) 2015-2018 Dovecot authors, see the included COPYING file */
-#include "lib.h"
-#include "str.h"
-#include "mail-user.h"
-#include "mail-crypt-common.h"
-#include "mail-crypt-key.h"
-
-static int
-mail_crypt_load_global_private_keys(struct mail_user *user,
- const char *set_prefix,
- struct mail_crypt_global_keys *global_keys,
- bool ignore_errors,
- const char **error_r)
-{
- string_t *set_key = t_str_new(64);
- str_append(set_key, set_prefix);
- str_append(set_key, "_private_key");
- size_t prefix_len = str_len(set_key);
-
- unsigned int i = 1;
- const char *key_data;
- while ((key_data = mail_user_plugin_getenv(user, str_c(set_key))) != NULL) {
- const char *set_pw = t_strconcat(str_c(set_key), "_password", NULL);
- const char *password = mail_user_plugin_getenv(user, set_pw);
- if (*key_data != '\0' &&
- mail_crypt_load_global_private_key(str_c(set_key), key_data,
- set_pw, password,
- global_keys,
- error_r) < 0) {
- /* skip this key */
- if (ignore_errors) {
- e_debug(user->event, "mail-crypt-plugin: "
- "mail_crypt_load_global_private_key failed: %s",
- *error_r);
- *error_r = NULL;
- continue;
- }
- return -1;
- }
- str_truncate(set_key, prefix_len);
- str_printfa(set_key, "%u", ++i);
- }
- return 0;
-}
-
-int mail_crypt_global_keys_load_from_user(struct mail_user *user, const char *set_prefix,
- struct mail_crypt_global_keys *global_keys_r,
- bool ignore_privkey_errors,
- const char **error_r)
-{
- const char *set_key = t_strconcat(set_prefix, "_public_key", NULL);
- const char *key_data = mail_user_plugin_getenv(user, set_key);
-
- mail_crypt_global_keys_init(global_keys_r);
- if (key_data != NULL && *key_data != '\0') {
- if (mail_crypt_load_global_public_key(set_key,
- key_data,
- global_keys_r,
- error_r) < 0)
- return -1;
- }
- if (mail_crypt_load_global_private_keys(user, set_prefix, global_keys_r,
- ignore_privkey_errors,
- error_r) < 0)
- return -1;
- return 0;
-}
#include "str.h"
#include "dcrypt.h"
#include "hex-binary.h"
+#include "settings.h"
#include "mail-crypt-common.h"
#include "mail-crypt-key.h"
-struct test_settings {
- ARRAY(const char *) plugin_envs;
-};
-
-static struct test_settings test_set;
-
static const char *settings[] = {
- "mail_crypt_global_private_key",
+ "crypt_global_private_key", "nopw pw",
+ "crypt_global_private_key/nopw/crypt_private_key",
"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1lJdWZKWlplMlk2aUZ6NXgKa29Jb3lzYjNkWkxaV3N5ZWtqT2MvR2pzTGQyaFJBTkNBQVNuSVdnUXVoRThqcUFMY21maXVuUnlFazd2a3EveQphOXZZSzUwYjNjRmhDc0xVNHRmVlRMa0IxWS82VmxaajYzUUtNelhOdms1RzVPRDFvZkVsY3B5agotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==",
- "mail_crypt_global_public_key",
+ "crypt_global_public_key",
"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFcHlGb0VMb1JQSTZnQzNKbjRycDBjaEpPNzVLdgo4bXZiMkN1ZEc5M0JZUXJDMU9MWDFVeTVBZFdQK2xaV1krdDBDak0xemI1T1J1VGc5YUh4SlhLY293PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==",
- "mail_crypt_global_private_key2",
+ "crypt_global_private_key/pw/crypt_private_key",
"LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUhlTUVrR0NTcUdTSWIzRFFFRkRUQThNQnNHQ1NxR1NJYjNEUUVGRERBT0JBaXA2cUpja1FET3F3SUNDQUF3CkhRWUpZSVpJQVdVREJBRXFCQkFXN09oUFRlU0xSOExLcGYwZjZHa3ZCSUdRZk5rYUpodnM2VWVWS2RkN2NzdFMKMURSNXJYTWtON09FbVNjTTljRlk2UDVrMzdnY1VJUFZudTQrOTFYZUE1MTU2cnBpUEpycEdkZnprcjhPNVFqZApsMWRycmR6Z0hqZHE4T2VmbUR1MEEzMjRZd25SS3hGRExUcjlHMkxVMkhoYmV6a0xjV1FwMVJISDZsNXRRcUtwCjZid05iMnc3OXhCb01YSjN6MVZqcElOZk9wRnJ6M3lucVlqUXhseTIrQjg2Ci0tLS0tRU5EIEVOQ1JZUFRFRCBQUklWQVRFIEtFWS0tLS0tCg==",
- "mail_crypt_global_private_key2_password",
+ "crypt_global_private_key/pw/crypt_private_key_password",
"password",
+ NULL
};
-static
-const char *mail_crypt_plugin_getenv(const struct test_settings *set,
- const char *name)
-{
- const char *const *envs;
- unsigned int i, count;
-
- if (set == NULL)
- return NULL;
-
- if (!array_is_created(&set->plugin_envs))
- return NULL;
-
- envs = array_get(&set->plugin_envs, &count);
- for (i = 0; i < count; i += 2) {
- if (strcmp(envs[i], name) == 0)
- return envs[i+1];
- }
- return NULL;
-}
-
-static int
-mail_crypt_load_global_private_keys(const struct test_settings *set,
- const char *set_prefix,
- struct mail_crypt_global_keys *global_keys,
- const char **error_r)
-{
- string_t *set_key = t_str_new(64);
- str_append(set_key, set_prefix);
- str_append(set_key, "_private_key");
- size_t prefix_len = str_len(set_key);
-
- unsigned int i = 1;
- const char *key_data;
- while ((key_data = mail_crypt_plugin_getenv(set, str_c(set_key))) != NULL) {
- const char *set_pw = t_strconcat(str_c(set_key), "_password", NULL);
- const char *password = mail_crypt_plugin_getenv(set, set_pw);
- if (*key_data != '\0' &&
- mail_crypt_load_global_private_key(str_c(set_key), key_data,
- set_pw, password,
- global_keys, error_r) < 0)
- return -1;
- str_truncate(set_key, prefix_len);
- str_printfa(set_key, "%u", ++i);
- }
- return 0;
-}
+static struct settings_simple test_set;
static void test_setup(void)
{
i_info("No functional dcrypt backend found - skipping tests: %s", error);
test_exit(0);
}
- i_array_init(&test_set.plugin_envs, 8);
- array_append(&test_set.plugin_envs, settings, N_ELEMENTS(settings));
+ settings_simple_init(&test_set, settings);
}
static void test_try_load_keys(void)
const char *error = NULL;
test_begin("try_load_keys");
- struct mail_crypt_global_keys keys;
- i_zero(&keys);
- mail_crypt_global_keys_init(&keys);
-
- const char *set_prefix = "mail_crypt_global";
- const char *set_key = t_strconcat(set_prefix, "_public_key", NULL);
- const char *key_data = mail_crypt_plugin_getenv(&test_set, set_key);
-
- test_assert(key_data != NULL);
-
- if (key_data != NULL) {
- test_assert(mail_crypt_load_global_public_key(set_key, key_data,
- &keys, &error) == 0);
- test_assert(mail_crypt_load_global_private_keys(&test_set, set_prefix,
- &keys, &error) == 0);
- /* did we get two private keys? */
- test_assert(array_count(&keys.private_keys) == 2);
+ const struct crypt_settings *set;
+ if (settings_get(test_set.event, &crypt_setting_parser_info, 0,
+ &set, &error) < 0)
+ i_fatal("%s", error);
- /* public key id checks */
+ struct mail_crypt_global_keys keys;
+ if (mail_crypt_global_keys_load(test_set.event, set, &keys, &error) < 0)
+ i_fatal("%s", error);
- buffer_set_used_size(key_id, 0);
- test_assert(dcrypt_key_id_public(keys.public_key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
- test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0);
+ /* did we get two private keys? */
+ test_assert(array_count(&keys.private_keys) == 2);
- const struct mail_crypt_global_private_key *key =
- array_front(&keys.private_keys);
+ /* public key id checks */
+ buffer_set_used_size(key_id, 0);
+ test_assert(dcrypt_key_id_public(keys.public_key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
+ test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0);
- buffer_set_used_size(key_id, 0);
- test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
- test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0);
+ const struct mail_crypt_global_private_key *key =
+ array_front(&keys.private_keys);
- key = array_idx(&keys.private_keys, 1);
- buffer_set_used_size(key_id, 0);
- test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
- test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid2) == 0);
+ buffer_set_used_size(key_id, 0);
+ test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
+ test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0);
- }
+ key = array_idx(&keys.private_keys, 1);
+ buffer_set_used_size(key_id, 0);
+ test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE);
+ test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid2) == 0);
mail_crypt_global_keys_free(&keys);
+ settings_free(set);
test_end();
}
static void test_teardown(void)
{
- array_free(&test_set.plugin_envs);
+ settings_simple_deinit(&test_set);
dcrypt_deinitialize();
}
static const char *test_box_key_id;
static struct mail_crypt_user mail_crypt_user;
+static struct crypt_settings mail_crypt_settings = {
+ .crypt_user_key_curve = "prime256v1",
+ .crypt_user_key_password = "",
+};
struct mail_crypt_user *mail_crypt_get_mail_crypt_user(struct mail_user *user ATTR_UNUSED)
{
test_ctx = test_mail_storage_init();
const char *username = "mcp_test@example.com";
const char *const extra_input[] = {
- t_strdup_printf("mail_crypt_curve=prime256v1"),
"mail_attribute/dict_driver=file",
t_strdup_printf("dict_file_path=%s/%s/dovecot-attributes",
test_ctx->home_root, username),
.extra_input = extra_input,
};
test_mail_storage_init_user(test_ctx, &storage_set);
+ mail_crypt_user.set = &mail_crypt_settings;
mail_crypt_key_register_mailbox_internal_attributes();
}
projects / thirdparty / dovecot / core.git / commitdiff
