From: Aki Tuomi Date: Mon, 19 Aug 2019 11:20:47 +0000 (+0300) Subject: lib-dcrypt: Add API for dealing with raw keys X-Git-Tag: 2.3.9~298 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=556de9010623d5a32ac517c49c84d32e4a0bf783;p=thirdparty%2Fdovecot%2Fcore.git lib-dcrypt: Add API for dealing with raw keys --- diff --git a/src/lib-dcrypt/dcrypt-private.h b/src/lib-dcrypt/dcrypt-private.h index ac146dbc92..c13bc84eb5 100644 --- a/src/lib-dcrypt/dcrypt-private.h +++ b/src/lib-dcrypt/dcrypt-private.h @@ -151,6 +151,24 @@ struct dcrypt_vfs { const char **error_r); bool (*private_key_id_old)(struct dcrypt_private_key *key, buffer_t *result, const char **error_r); + bool (*key_store_private_raw)(struct dcrypt_private_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r); + bool (*key_store_public_raw)(struct dcrypt_public_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r); + bool (*key_load_private_raw)(struct dcrypt_private_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r); + bool (*key_load_public_raw)(struct dcrypt_public_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r); }; void dcrypt_set_vfs(struct dcrypt_vfs *vfs); diff --git a/src/lib-dcrypt/dcrypt.c b/src/lib-dcrypt/dcrypt.c index d9922054b0..2db30c19ac 100644 --- a/src/lib-dcrypt/dcrypt.c +++ b/src/lib-dcrypt/dcrypt.c @@ -433,3 +433,60 @@ bool dcrypt_name2oid(const char *name, buffer_t *oid, const char **error_r) return dcrypt_vfs->name2oid(name, oid, error_r); } +bool dcrypt_key_store_private_raw(struct dcrypt_private_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r) +{ + i_assert(dcrypt_vfs != NULL); + if (dcrypt_vfs->key_store_private_raw == NULL) { + *error_r = "Not implemented"; + return FALSE; + } + return dcrypt_vfs->key_store_private_raw(key, pool, key_type_r, keys_r, + error_r); +} + +bool dcrypt_key_store_public_raw(struct dcrypt_public_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r) +{ + i_assert(dcrypt_vfs != NULL); + if (dcrypt_vfs->key_store_public_raw == NULL) { + *error_r = "Not implemented"; + return FALSE; + } + return dcrypt_vfs->key_store_public_raw(key, pool, key_type_r, keys_r, + error_r); +} + +bool dcrypt_key_load_private_raw(struct dcrypt_private_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r) +{ + i_assert(dcrypt_vfs != NULL); + if (dcrypt_vfs->key_load_private_raw == NULL) { + *error_r = "Not implemented"; + return FALSE; + } + return dcrypt_vfs->key_load_private_raw(key_r, key_type, keys, + error_r); +} + +bool dcrypt_key_load_public_raw(struct dcrypt_public_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r) +{ + i_assert(dcrypt_vfs != NULL); + if (dcrypt_vfs->key_load_public_raw == NULL) { + *error_r = "Not implemented"; + return FALSE; + } + return dcrypt_vfs->key_load_public_raw(key_r, key_type, keys, + error_r); +} diff --git a/src/lib-dcrypt/dcrypt.h b/src/lib-dcrypt/dcrypt.h index f6145b0c27..da20496bff 100644 --- a/src/lib-dcrypt/dcrypt.h +++ b/src/lib-dcrypt/dcrypt.h @@ -1,5 +1,6 @@ #ifndef DCRYPT_H #define DCRYPT_H 1 +#include "array.h" struct dcrypt_context_symmetric; struct dcrypt_context_hmac; @@ -56,6 +57,13 @@ struct dcrypt_settings { const char *module_dir; }; +struct dcrypt_raw_key { + const void *parameter; + size_t len; +}; + +ARRAY_DEFINE_TYPE(dcrypt_raw_key, struct dcrypt_raw_key); + /** * load and initialize dcrypt backend, use either openssl or gnutls */ @@ -254,6 +262,48 @@ bool dcrypt_key_id_private(struct dcrypt_private_key *key, bool dcrypt_key_id_private_old(struct dcrypt_private_key *key, buffer_t *result, const char **error_r); +/* return raw private key: + Only ECC supported currently + + returns OID bytes and private key in bigendian bytes +*/ +bool dcrypt_key_store_private_raw(struct dcrypt_private_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r); + +/* return raw public key + Only ECC supported currently + + returns OID bytes and public key in compressed form (z||x) +*/ +bool dcrypt_key_store_public_raw(struct dcrypt_public_key *key, + pool_t pool, + enum dcrypt_key_type *key_type_r, + ARRAY_TYPE(dcrypt_raw_key) *keys_r, + const char **error_r); + +/* load raw private key: + Only ECC supported currently + + expects OID bytes and private key in bigendian bytes +*/ +bool dcrypt_key_load_private_raw(struct dcrypt_private_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r); + +/* load raw public key + Only ECC supported currently + + expects OID bytes and public key bytes. +*/ +bool dcrypt_key_load_public_raw(struct dcrypt_public_key **key_r, + enum dcrypt_key_type key_type, + const ARRAY_TYPE(dcrypt_raw_key) *keys, + const char **error_r); + bool dcrypt_key_string_get_info(const char *key_data, enum dcrypt_key_format *format_r, enum dcrypt_key_version *version_r,