summaryrefslogtreecommitdiffstats
path: root/src/lib-dcrypt/dcrypt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib-dcrypt/dcrypt.c660
1 files changed, 660 insertions, 0 deletions
diff --git a/src/lib-dcrypt/dcrypt.c b/src/lib-dcrypt/dcrypt.c
new file mode 100644
index 0000000..9916754
--- /dev/null
+++ b/src/lib-dcrypt/dcrypt.c
@@ -0,0 +1,660 @@
+/* Copyright (c) 2016-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "module-dir.h"
+#include "dcrypt.h"
+#include "istream.h"
+#include "json-tree.h"
+#include "dcrypt-private.h"
+
+static struct module *dcrypt_module = NULL;
+static struct dcrypt_vfs *dcrypt_vfs = NULL;
+static const struct dcrypt_settings dcrypt_default_set = {
+ .module_dir = DCRYPT_MODULE_DIR,
+};
+
+bool dcrypt_initialize(const char *backend, const struct dcrypt_settings *set,
+ const char **error_r)
+{
+ struct module_dir_load_settings mod_set;
+ const char *error;
+
+ if (dcrypt_vfs != NULL) {
+ return TRUE;
+ }
+ if (backend == NULL) backend = "openssl"; /* default for now */
+ if (set == NULL)
+ set = &dcrypt_default_set;
+
+ const char *implementation = t_strconcat("dcrypt_",backend,NULL);
+
+ i_zero(&mod_set);
+ mod_set.abi_version = DOVECOT_ABI_VERSION;
+ mod_set.require_init_funcs = TRUE;
+ if (module_dir_try_load_missing(&dcrypt_module, set->module_dir,
+ implementation, &mod_set, &error) < 0) {
+ if (error_r != NULL)
+ *error_r = error;
+ return FALSE;
+ }
+ module_dir_init(dcrypt_module);
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->initialize != NULL) {
+ if (!dcrypt_vfs->initialize(set, error_r)) {
+ dcrypt_deinitialize();
+ return FALSE;
+ }
+ }
+ /* Destroy SSL module after(most of) the others. Especially lib-fs
+ backends may still want to access SSL module in their own
+ atexit-callbacks. */
+ lib_atexit_priority(dcrypt_deinitialize, LIB_ATEXIT_PRIORITY_LOW);
+ return TRUE;
+}
+
+void dcrypt_deinitialize(void)
+{
+ module_dir_unload(&dcrypt_module);
+ dcrypt_vfs = NULL;
+}
+
+void dcrypt_set_vfs(struct dcrypt_vfs *vfs)
+{
+ dcrypt_vfs = vfs;
+}
+
+bool dcrypt_is_initialized(void)
+{
+ return dcrypt_vfs != NULL;
+}
+
+bool dcrypt_ctx_sym_create(const char *algorithm, enum dcrypt_sym_mode mode,
+ struct dcrypt_context_symmetric **ctx_r,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r);
+}
+
+void dcrypt_ctx_sym_destroy(struct dcrypt_context_symmetric **ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_destroy(ctx);
+}
+
+void dcrypt_ctx_sym_set_key(struct dcrypt_context_symmetric *ctx,
+ const unsigned char *key, size_t key_len)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_key(ctx, key, key_len);
+}
+
+void dcrypt_ctx_sym_set_iv(struct dcrypt_context_symmetric *ctx,
+ const unsigned char *iv, size_t iv_len)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_iv(ctx, iv, iv_len);
+}
+
+void dcrypt_ctx_sym_set_key_iv_random(struct dcrypt_context_symmetric *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_key_iv_random(ctx);
+}
+
+bool dcrypt_ctx_sym_get_key(struct dcrypt_context_symmetric *ctx, buffer_t *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_key(ctx, key);
+}
+bool dcrypt_ctx_sym_get_iv(struct dcrypt_context_symmetric *ctx, buffer_t *iv)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_iv(ctx, iv);
+}
+
+unsigned int dcrypt_ctx_sym_get_key_length(struct dcrypt_context_symmetric *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_key_length(ctx);
+}
+
+unsigned int dcrypt_ctx_sym_get_iv_length(struct dcrypt_context_symmetric *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_iv_length(ctx);
+}
+
+void dcrypt_ctx_sym_set_aad(struct dcrypt_context_symmetric *ctx,
+ const unsigned char *aad, size_t aad_len)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_aad(ctx, aad, aad_len);
+}
+
+bool dcrypt_ctx_sym_get_aad(struct dcrypt_context_symmetric *ctx, buffer_t *aad)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_aad(ctx, aad);
+}
+
+void dcrypt_ctx_sym_set_tag(struct dcrypt_context_symmetric *ctx,
+ const unsigned char *tag, size_t tag_len)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_tag(ctx, tag, tag_len);
+}
+
+bool dcrypt_ctx_sym_get_tag(struct dcrypt_context_symmetric *ctx, buffer_t *tag)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_tag(ctx, tag);
+}
+
+unsigned int dcrypt_ctx_sym_get_block_size(struct dcrypt_context_symmetric *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_get_block_size(ctx);
+}
+
+bool dcrypt_ctx_sym_init(struct dcrypt_context_symmetric *ctx,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_init(ctx, error_r);
+}
+
+bool dcrypt_ctx_sym_update(struct dcrypt_context_symmetric *ctx,
+ const unsigned char *data,
+ size_t data_len, buffer_t *result,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_update(ctx, data, data_len, result, error_r);
+}
+
+bool dcrypt_ctx_sym_final(struct dcrypt_context_symmetric *ctx,
+ buffer_t *result, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_sym_final(ctx, result, error_r);
+}
+
+void dcrypt_ctx_sym_set_padding(struct dcrypt_context_symmetric *ctx,
+ bool padding)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_sym_set_padding(ctx, padding);
+}
+
+bool dcrypt_ctx_hmac_create(const char *algorithm,
+ struct dcrypt_context_hmac **ctx_r,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_create(algorithm, ctx_r, error_r);
+}
+
+void dcrypt_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_hmac_destroy(ctx);
+}
+
+void dcrypt_ctx_hmac_set_key(struct dcrypt_context_hmac *ctx,
+ const unsigned char *key, size_t key_len)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_hmac_set_key(ctx, key, key_len);
+}
+
+bool dcrypt_ctx_hmac_get_key(struct dcrypt_context_hmac *ctx, buffer_t *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_get_key(ctx, key);
+}
+
+void dcrypt_ctx_hmac_set_key_random(struct dcrypt_context_hmac *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ctx_hmac_set_key_random(ctx);
+}
+
+unsigned int dcrypt_ctx_hmac_get_digest_length(struct dcrypt_context_hmac *ctx)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_get_digest_length(ctx);
+}
+
+bool dcrypt_ctx_hmac_init(struct dcrypt_context_hmac *ctx, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_init(ctx, error_r);
+}
+
+bool dcrypt_ctx_hmac_update(struct dcrypt_context_hmac *ctx,
+ const unsigned char *data, size_t data_len,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_update(ctx, data, data_len, error_r);
+}
+
+bool dcrypt_ctx_hmac_final(struct dcrypt_context_hmac *ctx, buffer_t *result,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ctx_hmac_final(ctx, result, error_r);
+}
+
+bool dcrypt_ecdh_derive_secret(struct dcrypt_private_key *local_key,
+ struct dcrypt_public_key *pub_key,
+ buffer_t *shared_secret,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->ecdh_derive_secret == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->ecdh_derive_secret(local_key, pub_key, shared_secret,
+ error_r);
+}
+
+bool dcrypt_ecdh_derive_secret_local(struct dcrypt_private_key *local_key,
+ buffer_t *R, buffer_t *S,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ecdh_derive_secret_local(local_key, R, S, error_r);
+}
+bool dcrypt_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key,
+ buffer_t *R, buffer_t *S,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->ecdh_derive_secret_peer(peer_key, R, S, error_r);
+}
+
+bool dcrypt_pbkdf2(const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ const char *hash, unsigned int rounds, buffer_t *result,
+ unsigned int result_len, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->pbkdf2(password, password_len, salt, salt_len,
+ hash, rounds, result, result_len, error_r);
+}
+
+bool dcrypt_keypair_generate(struct dcrypt_keypair *pair_r,
+ enum dcrypt_key_type kind, unsigned int bits,
+ const char *curve, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ i_zero(pair_r);
+ return dcrypt_vfs->generate_keypair(pair_r, kind, bits, curve, error_r);
+}
+
+bool dcrypt_key_load_private(struct dcrypt_private_key **key_r,
+ const char *data, const char *password,
+ struct dcrypt_private_key *dec_key,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->load_private_key(key_r, data, password,
+ dec_key, error_r);
+}
+
+bool dcrypt_key_load_public(struct dcrypt_public_key **key_r,
+ const char *data, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->load_public_key(key_r, data, error_r);
+}
+
+bool dcrypt_key_store_private(struct dcrypt_private_key *key,
+ enum dcrypt_key_format format,
+ const char *cipher, buffer_t *destination,
+ const char *password,
+ struct dcrypt_public_key *enc_key,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->store_private_key(key, format, cipher,
+ destination, password, enc_key,
+ error_r);
+}
+bool dcrypt_key_store_public(struct dcrypt_public_key *key,
+ enum dcrypt_key_format format,
+ buffer_t *destination, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->store_public_key(key, format, destination, error_r);
+}
+
+void dcrypt_key_convert_private_to_public(struct dcrypt_private_key *priv_key,
+ struct dcrypt_public_key **pub_key_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->private_to_public_key(priv_key, pub_key_r);
+}
+
+bool dcrypt_key_string_get_info(const char *key_data,
+ enum dcrypt_key_format *format_r,
+ enum dcrypt_key_version *version_r,
+ enum dcrypt_key_kind *kind_r,
+ enum dcrypt_key_encryption_type *encryption_type_r,
+ const char **encryption_key_hash_r,
+ const char **key_hash_r, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->
+ key_string_get_info(key_data, format_r, version_r, kind_r,
+ encryption_type_r, encryption_key_hash_r,
+ key_hash_r, error_r);
+}
+
+enum dcrypt_key_type dcrypt_key_type_private(struct dcrypt_private_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->private_key_type(key);
+}
+
+enum dcrypt_key_type dcrypt_key_type_public(struct dcrypt_public_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->public_key_type(key);
+}
+
+bool dcrypt_key_id_public(struct dcrypt_public_key *key, const char *algorithm,
+ buffer_t *result, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->public_key_id(key, algorithm, result, error_r);
+}
+
+bool dcrypt_key_id_public_old(struct dcrypt_public_key *key, buffer_t *result,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->public_key_id_old(key, result, error_r);
+}
+
+bool dcrypt_key_id_private(struct dcrypt_private_key *key,
+ const char *algorithm, buffer_t *result,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->private_key_id(key, algorithm, result, error_r);
+}
+
+bool dcrypt_key_id_private_old(struct dcrypt_private_key *key, buffer_t *result,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->private_key_id_old(key, result, error_r);
+}
+
+void dcrypt_keypair_unref(struct dcrypt_keypair *keypair)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->unref_keypair(keypair);
+}
+
+void dcrypt_key_ref_public(struct dcrypt_public_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ref_public_key(key);
+}
+
+void dcrypt_key_ref_private(struct dcrypt_private_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->ref_private_key(key);
+}
+
+void dcrypt_key_unref_public(struct dcrypt_public_key **key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->unref_public_key(key);
+}
+
+void dcrypt_key_unref_private(struct dcrypt_private_key **key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ dcrypt_vfs->unref_private_key(key);
+}
+
+bool dcrypt_rsa_encrypt(struct dcrypt_public_key *key,
+ const unsigned char *data, size_t data_len,
+ buffer_t *result, enum dcrypt_padding padding,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->rsa_encrypt(key, data, data_len, result,
+ padding, error_r);
+}
+
+bool dcrypt_rsa_decrypt(struct dcrypt_private_key *key,
+ const unsigned char *data, size_t data_len,
+ buffer_t *result, enum dcrypt_padding padding,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->rsa_decrypt(key, data, data_len, result,
+ padding, error_r);
+}
+
+const char *dcrypt_oid2name(const unsigned char *oid, size_t oid_len,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->oid2name(oid, oid_len, error_r);
+}
+
+bool dcrypt_name2oid(const char *name, buffer_t *oid, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ return dcrypt_vfs->name2oid(name, oid, error_r);
+}
+
+bool dcrypt_key_store_private_raw(struct dcrypt_private_key *key,
+ pool_t pool,
+ enum dcrypt_key_type *key_type_r,
+ ARRAY_TYPE(dcrypt_raw_key) *keys_r,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_store_private_raw == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->key_store_private_raw(key, pool, key_type_r, keys_r,
+ error_r);
+}
+
+bool dcrypt_key_store_public_raw(struct dcrypt_public_key *key,
+ pool_t pool,
+ enum dcrypt_key_type *key_type_r,
+ ARRAY_TYPE(dcrypt_raw_key) *keys_r,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_store_public_raw == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->key_store_public_raw(key, pool, key_type_r, keys_r,
+ error_r);
+}
+
+bool dcrypt_key_load_private_raw(struct dcrypt_private_key **key_r,
+ enum dcrypt_key_type key_type,
+ const ARRAY_TYPE(dcrypt_raw_key) *keys,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_load_private_raw == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->key_load_private_raw(key_r, key_type, keys,
+ error_r);
+}
+
+bool dcrypt_key_load_public_raw(struct dcrypt_public_key **key_r,
+ enum dcrypt_key_type key_type,
+ const ARRAY_TYPE(dcrypt_raw_key) *keys,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_load_public_raw == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->key_load_public_raw(key_r, key_type, keys,
+ error_r);
+}
+
+bool dcrypt_key_get_curve_public(struct dcrypt_public_key *key,
+ const char **curve_r, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_get_curve_public == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+ return dcrypt_vfs->key_get_curve_public(key, curve_r, error_r);
+}
+
+const char *dcrypt_key_get_id_public(struct dcrypt_public_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_get_id_public == NULL)
+ return NULL;
+ return dcrypt_vfs->key_get_id_public(key);
+}
+
+const char *dcrypt_key_get_id_private(struct dcrypt_private_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_get_id_private == NULL)
+ return NULL;
+ return dcrypt_vfs->key_get_id_private(key);
+}
+
+void dcrypt_key_set_id_public(struct dcrypt_public_key *key, const char *id)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_set_id_public == NULL)
+ return;
+ dcrypt_vfs->key_set_id_public(key, id);
+}
+
+void dcrypt_key_set_id_private(struct dcrypt_private_key *key, const char *id)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_set_id_private == NULL)
+ return;
+ dcrypt_vfs->key_set_id_private(key, id);
+}
+
+enum dcrypt_key_usage dcrypt_key_get_usage_public(struct dcrypt_public_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_get_usage_public == NULL)
+ return DCRYPT_KEY_USAGE_NONE;
+ return dcrypt_vfs->key_get_usage_public(key);
+}
+
+enum dcrypt_key_usage dcrypt_key_get_usage_private(struct dcrypt_private_key *key)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_get_usage_private == NULL)
+ return DCRYPT_KEY_USAGE_NONE;
+ return dcrypt_vfs->key_get_usage_private(key);
+}
+
+void dcrypt_key_set_usage_public(struct dcrypt_public_key *key,
+ enum dcrypt_key_usage usage)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_set_usage_public == NULL)
+ return;
+ dcrypt_vfs->key_set_usage_public(key, usage);
+}
+
+void dcrypt_key_set_usage_private(struct dcrypt_private_key *key,
+ enum dcrypt_key_usage usage)
+{
+ i_assert(dcrypt_vfs != NULL);
+ if (dcrypt_vfs->key_set_usage_private == NULL)
+ return;
+ dcrypt_vfs->key_set_usage_private(key, usage);
+}
+
+bool dcrypt_sign(struct dcrypt_private_key *key, const char *algorithm,
+ enum dcrypt_signature_format format,
+ const void *data, size_t data_len, buffer_t *signature_r,
+ enum dcrypt_padding padding, const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+
+ if (dcrypt_vfs->sign == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+
+ return dcrypt_vfs->sign(key, algorithm, format, data, data_len,
+ signature_r, padding, error_r);
+}
+
+bool dcrypt_verify(struct dcrypt_public_key *key, const char *algorithm,
+ enum dcrypt_signature_format format,
+ const void *data, size_t data_len,
+ const unsigned char *signature, size_t signature_len,
+ bool *valid_r, enum dcrypt_padding padding,
+ const char **error_r)
+{
+ i_assert(dcrypt_vfs != NULL);
+
+ if (dcrypt_vfs->verify == NULL) {
+ *error_r = "Not implemented";
+ return FALSE;
+ }
+
+ return dcrypt_vfs->verify(key, algorithm, format, data, data_len,
+ signature, signature_len,
+ valid_r, padding, error_r);
+}
+
+int parse_jwk_key(const char *key_data, struct json_tree **tree_r,
+ const char **error_r)
+{
+ struct istream *is = i_stream_create_from_data(key_data, strlen(key_data));
+ struct json_parser *parser = json_parser_init(is);
+ struct json_tree *tree = json_tree_init();
+ const char *error;
+ enum json_type type;
+ const char *value;
+ int ret;
+
+ i_stream_unref(&is);
+
+ while ((ret = json_parse_next(parser, &type, &value)) == 1)
+ json_tree_append(tree, type, value);
+
+ i_assert(ret == -1);
+
+ if (json_parser_deinit(&parser, &error) != 0) {
+ json_tree_deinit(&tree);
+ *error_r = error;
+ if (error == NULL)
+ *error_r = "Truncated JSON";
+ return -1;
+ }
+
+ *tree_r = tree;
+
+ return 0;
+}