.filter_array_field_name = "crypt_private_key_name" },
DEF(STR, crypt_write_algorithm),
- DEF(UINT, crypt_write_version),
{ .type = SET_FILTER_ARRAY, .key = "crypt_user_key_encryption_key",
.offset = offsetof(struct crypt_settings, crypt_user_key_encryption_keys),
.crypt_global_private_keys = ARRAY_INIT,
.crypt_write_algorithm = "aes-256-gcm-sha256",
- .crypt_write_version = UINT_MAX,
.crypt_user_key_encryption_keys = ARRAY_INIT,
.crypt_user_key_password = "",
enum io_stream_encrypt_flags enc_flags = 0;
if (muser != NULL && muser->set->crypt_write_algorithm[0] != '\0') {
- if (muser->set->crypt_write_version == 1) {
- enc_flags = IO_STREAM_ENC_VERSION_1;
- } else if (muser->set->crypt_write_version == 2) {
+ if (strstr(muser->set->crypt_write_algorithm, "gcm") != NULL ||
+ strstr(muser->set->crypt_write_algorithm, "ccm") != NULL)
enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
- } else {
- i_assert(muser->set->crypt_write_version == 0);
- }
+ else
+ enc_flags = IO_STREAM_ENC_INTEGRITY_HMAC;
}
if (mbox->module_ctx.super.save_begin(ctx, input) < 0)
if (enc_flags == 0)
return 0;
- if (muser->set->crypt_write_version != 2)
- ;
- else if (strstr(muser->set->crypt_write_algorithm, "gcm") != NULL ||
- strstr(muser->set->crypt_write_algorithm, "ccm") != NULL) {
- enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
- } else {
- enc_flags = IO_STREAM_ENC_INTEGRITY_HMAC;
- }
-
struct dcrypt_public_key *pub_key;
if (muser->global_keys.public_key != NULL)
pub_key = muser->global_keys.public_key;
return ret;
}
- if (muser->set->crypt_write_version < 2) {
- mail_storage_set_error(box->storage,
- MAIL_ERROR_PARAMS,
- t_strdup_printf("generate_keypair(%s) failed: "
- "unsupported crypt_write_version=%d",
- mailbox_get_vname(box),
- muser->set->crypt_write_version));
- return -1;
- }
-
if (mail_crypt_box_generate_keypair(box, &pair, NULL,
&pubid, &error) < 0) {
mail_storage_set_error(box->storage,
/* Within same user, consider safe only the case where
encryption is enabled and keys are global. */
raw_copy = muser != NULL &&
- muser->set->crypt_write_version != 0 &&
muser->set->crypt_write_algorithm[0] != '\0' &&
muser->global_keys.public_key != NULL;
}
v->save_begin = mail_crypt_mail_save_begin;
v->copy = mail_crypt_mailbox_copy;
- if (muser == NULL || muser->set->crypt_write_version == 0 ||
+ if (muser == NULL ||
muser->set->crypt_write_algorithm[0] == '\0')
v->save_finish = mail_crypt_mail_save_finish;
}
muser->set->crypt_user_key_curve, error);
}
- if (muser->set->crypt_write_version == UINT_MAX) {
- user->error = p_strdup_printf(user->pool,
- "mail_crypt_plugin: "
- "crypt_write_version setting missing");
- } else if (muser->set->crypt_write_version > 2) {
- user->error = p_strdup_printf(user->pool,
- "mail_crypt_plugin: Invalid "
- "crypt_write_version %u: use 0, 1, or 2 ",
- muser->set->crypt_write_version);
- }
-
if (mail_crypt_global_keys_load(user->event, muser->set,
&muser->global_keys, &error) < 0) {
user->error = p_strdup_printf(user->pool,
projects / thirdparty / dovecot / core.git / commitdiff
