summaryrefslogtreecommitdiffstats
path: root/src/doveadm/doveadm-dump-dcrypt-file.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/doveadm/doveadm-dump-dcrypt-file.c')
-rw-r--r--src/doveadm/doveadm-dump-dcrypt-file.c93
1 files changed, 93 insertions, 0 deletions
diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c
new file mode 100644
index 0000000..3703bf4
--- /dev/null
+++ b/src/doveadm/doveadm-dump-dcrypt-file.c
@@ -0,0 +1,93 @@
+/* Copyright (c) 2016-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "dcrypt.h"
+#include "istream.h"
+#include "istream-decrypt.h"
+#include "dcrypt-iostream.h"
+#include "doveadm-dump.h"
+#include <stdio.h>
+
+static int get_digest(const char *digest,
+ struct dcrypt_private_key **priv_key_r ATTR_UNUSED,
+ const char **error_r ATTR_UNUSED,
+ void *context)
+{
+ const char **digest_r = (const char**)context;
+ *digest_r = t_strdup(digest);
+ return 0;
+}
+
+static void dcrypt_istream_dump_metadata(const struct istream *stream)
+{
+ enum io_stream_encrypt_flags flags = i_stream_encrypt_get_flags(stream);
+ if ((flags & IO_STREAM_ENC_INTEGRITY_HMAC) != 0)
+ printf("flags: IO_STREAM_ENC_INTEGRITY_HMAC\n");
+ if ((flags & IO_STREAM_ENC_INTEGRITY_AEAD) != 0)
+ printf("flags: IO_STREAM_ENC_INTEGRITY_AEAD\n");
+ if ((flags & IO_STREAM_ENC_INTEGRITY_NONE) != 0)
+ printf("flags: IO_STREAM_ENC_INTEGRITY_NONE\n");
+ if ((flags & IO_STREAM_ENC_VERSION_1) != 0)
+ printf("flags: IO_STREAM_ENC_VERSION_1\n");
+
+ enum decrypt_istream_format format = i_stream_encrypt_get_format(stream);
+ switch (format) {
+ case DECRYPT_FORMAT_V1:
+ printf("format: DECRYPT_FORMAT_V1\n");
+ break;
+ case DECRYPT_FORMAT_V2:
+ printf("format: DECRYPT_FORMAT_V2\n");
+ break;
+ }
+}
+
+static bool dcrypt_file_dump_metadata(const char *filename, bool print)
+{
+ bool ret = FALSE;
+ struct istream *is = i_stream_create_file(filename, IO_BLOCK_SIZE);
+ const char *key_digest = NULL;
+ struct istream *ds = i_stream_create_decrypt_callback(is,
+ get_digest, &key_digest);
+
+ ssize_t size = i_stream_read(ds);
+ i_assert(size < 0);
+
+ if (key_digest != NULL) {
+ ret = TRUE;
+ if (print) {
+ dcrypt_istream_dump_metadata(ds);
+ printf("decrypt key digest: %s\n", key_digest);
+ }
+ } else if (print && ds->stream_errno != 0) {
+ i_error("read(%s) failed: %s",
+ i_stream_get_name(ds),
+ i_stream_get_error(ds));
+ }
+
+ i_stream_unref(&ds);
+ i_stream_unref(&is);
+ return ret;
+}
+
+static bool test_dump_dcrypt_file(const char *path)
+{
+ if (!dcrypt_initialize("openssl", NULL, NULL))
+ return FALSE;
+ bool ret = dcrypt_file_dump_metadata(path, FALSE);
+ return ret;
+}
+
+static void
+cmd_dump_dcrypt_file(const char *path, const char *const *args ATTR_UNUSED)
+{
+ const char *error = NULL;
+ if (!dcrypt_initialize("openssl", NULL, &error))
+ i_fatal("dcrypt_initialize failed: %s", error);
+ (void)dcrypt_file_dump_metadata(path, TRUE);
+}
+
+struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file = {
+ "dcrypt-file",
+ test_dump_dcrypt_file,
+ cmd_dump_dcrypt_file
+};