diff options
Diffstat (limited to 'src/doveadm/doveadm-dump-dcrypt-file.c')
-rw-r--r-- | src/doveadm/doveadm-dump-dcrypt-file.c | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c new file mode 100644 index 0000000..3703bf4 --- /dev/null +++ b/src/doveadm/doveadm-dump-dcrypt-file.c @@ -0,0 +1,93 @@ +/* Copyright (c) 2016-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "dcrypt.h" +#include "istream.h" +#include "istream-decrypt.h" +#include "dcrypt-iostream.h" +#include "doveadm-dump.h" +#include <stdio.h> + +static int get_digest(const char *digest, + struct dcrypt_private_key **priv_key_r ATTR_UNUSED, + const char **error_r ATTR_UNUSED, + void *context) +{ + const char **digest_r = (const char**)context; + *digest_r = t_strdup(digest); + return 0; +} + +static void dcrypt_istream_dump_metadata(const struct istream *stream) +{ + enum io_stream_encrypt_flags flags = i_stream_encrypt_get_flags(stream); + if ((flags & IO_STREAM_ENC_INTEGRITY_HMAC) != 0) + printf("flags: IO_STREAM_ENC_INTEGRITY_HMAC\n"); + if ((flags & IO_STREAM_ENC_INTEGRITY_AEAD) != 0) + printf("flags: IO_STREAM_ENC_INTEGRITY_AEAD\n"); + if ((flags & IO_STREAM_ENC_INTEGRITY_NONE) != 0) + printf("flags: IO_STREAM_ENC_INTEGRITY_NONE\n"); + if ((flags & IO_STREAM_ENC_VERSION_1) != 0) + printf("flags: IO_STREAM_ENC_VERSION_1\n"); + + enum decrypt_istream_format format = i_stream_encrypt_get_format(stream); + switch (format) { + case DECRYPT_FORMAT_V1: + printf("format: DECRYPT_FORMAT_V1\n"); + break; + case DECRYPT_FORMAT_V2: + printf("format: DECRYPT_FORMAT_V2\n"); + break; + } +} + +static bool dcrypt_file_dump_metadata(const char *filename, bool print) +{ + bool ret = FALSE; + struct istream *is = i_stream_create_file(filename, IO_BLOCK_SIZE); + const char *key_digest = NULL; + struct istream *ds = i_stream_create_decrypt_callback(is, + get_digest, &key_digest); + + ssize_t size = i_stream_read(ds); + i_assert(size < 0); + + if (key_digest != NULL) { + ret = TRUE; + if (print) { + dcrypt_istream_dump_metadata(ds); + printf("decrypt key digest: %s\n", key_digest); + } + } else if (print && ds->stream_errno != 0) { + i_error("read(%s) failed: %s", + i_stream_get_name(ds), + i_stream_get_error(ds)); + } + + i_stream_unref(&ds); + i_stream_unref(&is); + return ret; +} + +static bool test_dump_dcrypt_file(const char *path) +{ + if (!dcrypt_initialize("openssl", NULL, NULL)) + return FALSE; + bool ret = dcrypt_file_dump_metadata(path, FALSE); + return ret; +} + +static void +cmd_dump_dcrypt_file(const char *path, const char *const *args ATTR_UNUSED) +{ + const char *error = NULL; + if (!dcrypt_initialize("openssl", NULL, &error)) + i_fatal("dcrypt_initialize failed: %s", error); + (void)dcrypt_file_dump_metadata(path, TRUE); +} + +struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file = { + "dcrypt-file", + test_dump_dcrypt_file, + cmd_dump_dcrypt_file +}; |