From 982df2fc61c9cfe9d0be9733b5c622b4fa3b13f8 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 2 Feb 2024 11:51:29 +0200 Subject: [PATCH] mail-crypt: Convert crypt_private_key and crypt_global_public_key to file type --- src/plugins/mail-crypt/crypt-settings.c | 8 +-- src/plugins/mail-crypt/crypt-settings.h | 4 +- .../mail-crypt/mail-crypt-global-key.c | 57 ++++++++++++------- .../mail-crypt/mail-crypt-global-key.h | 7 ++- src/plugins/mail-crypt/mail-crypt-key.c | 5 +- 5 files changed, 50 insertions(+), 31 deletions(-) diff --git a/src/plugins/mail-crypt/crypt-settings.c b/src/plugins/mail-crypt/crypt-settings.c index 09c3494d4d..fc5c93eb6e 100644 --- a/src/plugins/mail-crypt/crypt-settings.c +++ b/src/plugins/mail-crypt/crypt-settings.c @@ -9,7 +9,7 @@ SETTING_DEFINE_STRUCT_##type(#name, name, struct crypt_private_key_settings) static const struct setting_define crypt_private_key_setting_defines[] = { DEF(STR, crypt_private_key_name), - DEF(STR, crypt_private_key), + DEF(FILE, crypt_private_key_file), DEF(STR, crypt_private_key_password), SETTING_DEFINE_LIST_END @@ -17,7 +17,7 @@ static const struct setting_define crypt_private_key_setting_defines[] = { static const struct crypt_private_key_settings crypt_private_key_default_settings = { .crypt_private_key_name = "", - .crypt_private_key = "", + .crypt_private_key_file = "", .crypt_private_key_password = "", }; @@ -37,7 +37,7 @@ const struct setting_parser_info crypt_private_key_setting_parser_info = { static const struct setting_define crypt_setting_defines[] = { DEF(BOOL, fs_crypt_read_plain_fallback), - DEF(STR, crypt_global_public_key), + DEF(FILE, crypt_global_public_key_file), { .type = SET_FILTER_ARRAY, .key = "crypt_global_private_key", .offset = offsetof(struct crypt_settings, crypt_global_private_keys), .filter_array_field_name = "crypt_private_key_name" }, @@ -57,7 +57,7 @@ static const struct setting_define crypt_setting_defines[] = { static const struct crypt_settings crypt_default_settings = { .fs_crypt_read_plain_fallback = FALSE, - .crypt_global_public_key = "", + .crypt_global_public_key_file = "", .crypt_global_private_keys = ARRAY_INIT, .crypt_write_algorithm = "aes-256-gcm-sha256", diff --git a/src/plugins/mail-crypt/crypt-settings.h b/src/plugins/mail-crypt/crypt-settings.h index b561d2b02f..21bda7bd29 100644 --- a/src/plugins/mail-crypt/crypt-settings.h +++ b/src/plugins/mail-crypt/crypt-settings.h @@ -5,7 +5,7 @@ struct crypt_private_key_settings { pool_t pool; const char *crypt_private_key_name; - const char *crypt_private_key; + const char *crypt_private_key_file; const char *crypt_private_key_password; }; @@ -14,7 +14,7 @@ struct crypt_settings { bool fs_crypt_read_plain_fallback; - const char *crypt_global_public_key; + const char *crypt_global_public_key_file; ARRAY_TYPE(const_string) crypt_global_private_keys; const char *crypt_write_algorithm; diff --git a/src/plugins/mail-crypt/mail-crypt-global-key.c b/src/plugins/mail-crypt/mail-crypt-global-key.c index c19f82f613..3242f33d3d 100644 --- a/src/plugins/mail-crypt/mail-crypt-global-key.c +++ b/src/plugins/mail-crypt/mail-crypt-global-key.c @@ -11,11 +11,12 @@ #include "mail-crypt-key.h" #include "mail-crypt-plugin.h" -int mail_crypt_load_global_public_key(const char *set_key, const char *key_data, +int mail_crypt_load_global_public_key(const char *set_key, + const struct settings_file *file, struct mail_crypt_global_keys *global_keys, const char **error_r) { - const char *error; + const char *error, *key_data = file->content; enum dcrypt_key_format format; enum dcrypt_key_kind kind; if (!dcrypt_key_string_get_info(key_data, &format, NULL, @@ -23,18 +24,19 @@ int mail_crypt_load_global_public_key(const char *set_key, const char *key_data, key_data = str_c(t_base64_decode_str(key_data)); if (!dcrypt_key_string_get_info(key_data, &format, NULL, &kind, NULL, NULL, NULL, &error)) { - *error_r = t_strdup_printf("%s: Couldn't parse public key: %s", - set_key, error); + *error_r = t_strdup_printf("%s: Couldn't parse public key file %s: %s", + set_key, file->path, error); return -1; } } if (kind != DCRYPT_KEY_KIND_PUBLIC) { - *error_r = t_strdup_printf("%s: key is not public", set_key); + *error_r = t_strdup_printf("%s: key file %s is not public", + set_key, file->path); return -1; } if (!dcrypt_key_load_public(&global_keys->public_key, key_data, &error)) { - *error_r = t_strdup_printf("%s: Couldn't load public key: %s", - set_key, error); + *error_r = t_strdup_printf("%s: Couldn't load public key file %s: %s", + set_key, file->path, error); return -1; } return 0; @@ -74,11 +76,13 @@ mail_crypt_key_get_ids(struct dcrypt_private_key *key, return 0; } -int mail_crypt_load_global_private_key(const char *set_key, const char *key_data, - const char *key_password, - struct mail_crypt_global_keys *global_keys, - const char **error_r) +int mail_crypt_load_global_private_key(const char *set_key, + const struct settings_file *file, + const char *key_password, + struct mail_crypt_global_keys *global_keys, + const char **error_r) { + const char *key_data = file->content; enum dcrypt_key_format format; enum dcrypt_key_kind kind; enum dcrypt_key_encryption_type enc_type; @@ -89,13 +93,16 @@ int mail_crypt_load_global_private_key(const char *set_key, const char *key_data key_data = str_c(t_base64_decode_str(key_data)); if (!dcrypt_key_string_get_info(key_data, &format, NULL, &kind, &enc_type, NULL, NULL, &error)) { - *error_r = t_strdup_printf("%s: Couldn't parse private" - " key: %s", set_key, error); + *error_r = t_strdup_printf( + "%s: Couldn't parse private key %s: %s", + set_key, file->path, error); return -1; } } if (kind != DCRYPT_KEY_KIND_PRIVATE) { - *error_r = t_strdup_printf("%s: key is not private", set_key); + *error_r = t_strdup_printf( + "%s: file %s is not a private key", + set_key, file->path); return -1; } @@ -103,16 +110,18 @@ int mail_crypt_load_global_private_key(const char *set_key, const char *key_data /* Fail here if password is not set since openssl will prompt * for it otherwise */ if (key_password[0] == '\0') { - *error_r = t_strdup_printf("%s: crypt_private_key_password unset, no password to decrypt the key", - set_key); + *error_r = t_strdup_printf( + "%s: crypt_private_key_password unset, no password to decrypt the key file %s", + set_key, file->path); return -1; } } struct dcrypt_private_key *key = NULL; if (!dcrypt_key_load_private(&key, key_data, key_password, NULL, &error)) { - *error_r = t_strdup_printf("%s: Couldn't load private key: %s", - set_key, error); + *error_r = t_strdup_printf( + "%s: Couldn't load private key file %s: %s", + set_key, file->path, error); return -1; } @@ -136,13 +145,15 @@ int mail_crypt_global_keys_load(struct event *event, const char **error_r) { const struct crypt_private_key_settings *key_set; + struct settings_file file; const char *key_name, *error; mail_crypt_global_keys_init(global_keys_r); - if (set->crypt_global_public_key[0] != '\0') { + if (set->crypt_global_public_key_file[0] != '\0') { + settings_file_get(set->crypt_global_public_key_file, + unsafe_data_stack_pool, &file); if (mail_crypt_load_global_public_key( - "crypt_global_public_key", - set->crypt_global_public_key, global_keys_r, + "crypt_global_public_key", &file, global_keys_r, error_r) < 0) return -1; } @@ -159,8 +170,10 @@ int mail_crypt_global_keys_load(struct event *event, key_name, error); return -1; } + settings_file_get(key_set->crypt_private_key_file, + unsafe_data_stack_pool, &file); if (mail_crypt_load_global_private_key( - key_name, key_set->crypt_private_key, + key_name, &file, key_set->crypt_private_key_password, global_keys_r, error_r) < 0) { settings_free(key_set); diff --git a/src/plugins/mail-crypt/mail-crypt-global-key.h b/src/plugins/mail-crypt/mail-crypt-global-key.h index 27375b98ce..9f54a7b763 100644 --- a/src/plugins/mail-crypt/mail-crypt-global-key.h +++ b/src/plugins/mail-crypt/mail-crypt-global-key.h @@ -1,6 +1,7 @@ #ifndef MAIL_CRYPT_GLOBAL_KEY_H #define MAIL_CRYPT_GLOBAL_KEY_H +struct settings_file; struct crypt_settings; struct mail_crypt_global_private_key { @@ -28,10 +29,12 @@ int mail_crypt_global_keys_load_from_user(struct mail_user *user, void mail_crypt_global_keys_init(struct mail_crypt_global_keys *global_keys_r); void mail_crypt_global_keys_free(struct mail_crypt_global_keys *global_keys); -int mail_crypt_load_global_public_key(const char *set_key, const char *key_data, +int mail_crypt_load_global_public_key(const char *set_key, + const struct settings_file *file, struct mail_crypt_global_keys *global_keys, const char **error_r); -int mail_crypt_load_global_private_key(const char *set_key, const char *key_data, +int mail_crypt_load_global_private_key(const char *set_key, + const struct settings_file *file, const char *key_password, struct mail_crypt_global_keys *global_keys, const char **error_r); diff --git a/src/plugins/mail-crypt/mail-crypt-key.c b/src/plugins/mail-crypt/mail-crypt-key.c index fbd6fed9b5..74fa56b10a 100644 --- a/src/plugins/mail-crypt/mail-crypt-key.c +++ b/src/plugins/mail-crypt/mail-crypt-key.c @@ -173,6 +173,7 @@ mail_crypt_user_encryption_keys_load(struct event *event, const char **error_r) { const struct crypt_private_key_settings *key_set; + struct settings_file file; const char *key_name, *error; mail_crypt_global_keys_init(global_keys_r); @@ -189,8 +190,10 @@ mail_crypt_user_encryption_keys_load(struct event *event, key_name, error); return -1; } + settings_file_get(key_set->crypt_private_key_file, + unsafe_data_stack_pool, &file); if (mail_crypt_load_global_private_key( - key_name, key_set->crypt_private_key, + key_name, &file, key_set->crypt_private_key_password, global_keys_r, &error) < 0) { /* skip this key */ -- 2.47.3