fs-crypt-common.c revision bcb4e51a409d94ae670de96afb8483a4f7855294
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody/* Copyright (c) 2015-2018 Dovecot authors, see the included COPYING file */
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "lib.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "randgen.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "istream.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "ostream.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "istream-decrypt.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "ostream-encrypt.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "iostream-temp.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "mailbox-list.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "mail-namespace.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "mail-crypt-common.h"
c9d76e2baf653fa5504d6849e5c1aae32eff3c53Josef 'Jeff' Sipek#include "mail-crypt-key.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "dcrypt-iostream.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody#include "fs-api-private.h"
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmodystruct crypt_fs {
9a18972285665fc8ce3709f444f0f1e72e8b71a7Timo Sirainen struct fs fs;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct mail_crypt_global_keys keys;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody bool keys_loaded;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody char *enc_algo;
134b5022c0549daef243e2c3220bd0238f396868Martti Rannanjärvi char *set_prefix;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody char *public_key_path;
71b92ca8e3ecfba24c2247df997719a4a482850cTimo Sirainen char *private_key_path;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody char *password;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody};
4d9181518769b1f78d8078f7fae899fd0b95907fAki Tuomi
f7060b8499ed07205734cf7af94ad5405fa687b5Aki Tuomistruct crypt_fs_file {
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct fs_file file;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct crypt_fs *fs;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct fs_file *super_read;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody enum fs_open_mode open_mode;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct istream *input;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct ostream *super_output;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct ostream *temp_output;
ddf9529d37056f8817825f6265c27d8070123013Timo Sirainen};
1de7b73a11afda43323410a4481d866930b1e632Aki Tuomi
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody/* defined outside this file */
c81ec7de302a1c38f4ea27a82dad3b2f631701d9Timo Sirainenextern const struct fs FS_CLASS_CRYPT;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
e9fe799e27b5a3b67c256766d4bafd388e560684Timo Sirainenstatic
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmodyint fs_crypt_load_keys(struct crypt_fs *fs, const char **error_r);
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmodystatic struct fs *fs_crypt_alloc(void)
0043fea12a75cf8fcf2892673106844376da8e76Stephan Bosch{
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct crypt_fs *fs;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
b716136fc47efd434d60be5db262b4013e375fa9Timo Sirainen fs = i_new(struct crypt_fs, 1);
b716136fc47efd434d60be5db262b4013e375fa9Timo Sirainen fs->fs = FS_CLASS_CRYPT;
4c7d704408fc77467143a945dc2d0a856f72e674Timo Sirainen
6509aa7306649042e828fef9e2f280f4535ea137Timo Sirainen return &fs->fs;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody}
6509aa7306649042e828fef9e2f280f4535ea137Timo Sirainen
6509aa7306649042e828fef9e2f280f4535ea137Timo Sirainenstatic int
8734467f39c1d36050380f07a408860404d60996Aki Tuomifs_crypt_init(struct fs *_fs, const char *args, const
8734467f39c1d36050380f07a408860404d60996Aki Tuomi struct fs_settings *set)
f6de86ea29e87fba001b6231d38a4c51e8a5c543Aki Tuomi{
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody struct crypt_fs *fs = (struct crypt_fs *)_fs;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody const char *enc_algo, *set_prefix;
19b42eb8acd9aa4790476d5c42df304679b33de3Stephan Bosch const char *p, *arg, *value, *error, *parent_name, *parent_args;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody const char *public_key_path = "", *private_key_path = "", *password = "";
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody if (!dcrypt_initialize("openssl", NULL, &error))
1de7b73a11afda43323410a4481d866930b1e632Aki Tuomi i_fatal("dcrypt_initialize(): %s", error);
1de7b73a11afda43323410a4481d866930b1e632Aki Tuomi
b28403dc4da6ee942ff18315596b43d4c4e9b7bdMartti Rannanjärvi /* [algo=<s>:][set_prefix=<n>:][public_key_path=<s>:]
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody [private_key_path=<s>:[password=<s>:]]<parent fs> */
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody set_prefix = "mail_crypt_global";
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody enc_algo = "aes-256-gcm-sha256";
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody for (;;) {
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody p = strchr(args, ':');
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody if (p == NULL) {
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody fs_set_error(_fs, "Missing parameters");
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody return -1;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody }
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody arg = t_strdup_until(args, p);
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody if ((value = strchr(arg, '=')) == NULL)
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody break;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody arg = t_strdup_until(arg, value++);
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody args = p+1;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody if (strcmp(arg, "algo") == 0)
458d877d84f62005e0ffc338f8591a8e2a36adadStephan Bosch enc_algo = value;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody else if (strcmp(arg, "set_prefix") == 0)
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody set_prefix = value;
6335b1be387359ac461b0c34087bbba98a925a49Phil Carmody else if (strcmp(arg, "public_key_path") == 0)
public_key_path = value;
else if (strcmp(arg, "private_key_path") == 0)
private_key_path = value;
else if (strcmp(arg, "password") == 0)
password = value;
else {
fs_set_error(_fs, "Invalid parameter '%s'", arg);
return -1;
}
}
parent_args = strchr(args, ':');
if (parent_args == NULL) {
parent_name = args;
parent_args = "";
} else {
parent_name = t_strdup_until(args, parent_args);
parent_args++;
}
if (fs_init(parent_name, parent_args, set, &_fs->parent, &error) < 0) {
fs_set_error(_fs, "%s: %s", parent_name, error);
return -1;
}
fs->enc_algo = i_strdup(enc_algo);
fs->set_prefix = i_strdup(set_prefix);
fs->public_key_path = i_strdup_empty(public_key_path);
fs->private_key_path = i_strdup_empty(private_key_path);
fs->password = i_strdup_empty(password);
return 0;
}
static void fs_crypt_deinit(struct fs *_fs)
{
struct crypt_fs *fs = (struct crypt_fs *)_fs;
mail_crypt_global_keys_free(&fs->keys);
if (_fs->parent != NULL)
fs_deinit(&_fs->parent);
i_free(fs->enc_algo);
i_free(fs->set_prefix);
i_free(fs->public_key_path);
i_free(fs->private_key_path);
i_free(fs->password);
i_free(fs);
}
static struct fs_file *fs_crypt_file_alloc(void)
{
struct crypt_fs_file *file = i_new(struct crypt_fs_file, 1);
return &file->file;
}
static void
fs_crypt_file_init(struct fs_file *_file, const char *path,
enum fs_open_mode mode, enum fs_open_flags flags)
{
struct crypt_fs *fs = (struct crypt_fs *)_file->fs;
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
file->file.path = i_strdup(path);
file->fs = fs;
file->open_mode = mode;
/* avoid unnecessarily creating two seekable streams */
flags &= ~FS_OPEN_FLAG_SEEKABLE;
file->file.parent = fs_file_init_parent(_file, path, mode | flags);
if (mode == FS_OPEN_MODE_READONLY &&
(flags & FS_OPEN_FLAG_ASYNC) == 0) {
/* use async stream for super, so fs_read_stream() won't create
another seekable stream needlessly */
file->super_read = fs_file_init_parent(_file, path,
mode | flags | FS_OPEN_FLAG_ASYNC);
} else {
file->super_read = file->file.parent;
}
}
static void fs_crypt_file_deinit(struct fs_file *_file)
{
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
if (file->super_read != _file->parent && file->super_read != NULL)
fs_file_deinit(&file->super_read);
fs_file_deinit(&_file->parent);
i_free(file->file.path);
i_free(file);
}
static void fs_crypt_file_close(struct fs_file *_file)
{
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
i_stream_unref(&file->input);
if (file->super_read != NULL)
fs_file_close(file->super_read);
if (_file->parent != NULL)
fs_file_close(_file->parent);
}
static int fs_crypt_read_file(const char *set_name, const char *path,
char **key_data_r, const char **error_r)
{
struct istream *input;
int ret;
input = i_stream_create_file(path, (size_t)-1);
while (i_stream_read(input) > 0) ;
if (input->stream_errno != 0) {
*error_r = t_strdup_printf("%s: read(%s) failed: %s",
set_name, path, i_stream_get_error(input));
ret = -1;
} else {
size_t size;
const unsigned char *data = i_stream_get_data(input, &size);
*key_data_r = i_strndup(data, size);
ret = 0;
}
i_stream_unref(&input);
return ret;
}
static int
fs_crypt_load_keys_from_path(struct crypt_fs *fs, const char **error_r)
{
char *key_data;
mail_crypt_global_keys_init(&fs->keys);
if (fs->public_key_path != NULL) {
if (fs_crypt_read_file("crypt:public_key_path",
fs->public_key_path,
&key_data, error_r) < 0)
return -1;
if (mail_crypt_load_global_public_key("crypt:public_key_path",
key_data, &fs->keys,
error_r) < 0) {
i_free(key_data);
return -1;
}
i_free(key_data);
}
if (fs->private_key_path != NULL) {
if (fs_crypt_read_file("crypt:private_key_path",
fs->private_key_path,
&key_data, error_r) < 0)
return -1;
if (mail_crypt_load_global_private_key("crypt:private_key_path",
key_data, "crypt:password",
fs->password, &fs->keys,
error_r) < 0) {
i_free(key_data);
return -1;
}
i_free(key_data);
}
return 0;
}
static int
fs_crypt_istream_get_key(const char *pubkey_digest,
struct dcrypt_private_key **priv_key_r,
const char **error_r, void *context)
{
struct crypt_fs_file *file = context;
if (fs_crypt_load_keys(file->fs, error_r) < 0)
return -1;
*priv_key_r = mail_crypt_global_key_find(&file->fs->keys, pubkey_digest);
return *priv_key_r == NULL ? 0 : 1;
}
static struct istream *
fs_crypt_read_stream(struct fs_file *_file, size_t max_buffer_size)
{
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
struct istream *input;
if (file->input != NULL) {
i_stream_ref(file->input);
i_stream_seek(file->input, 0);
return file->input;
}
input = fs_read_stream(file->super_read, max_buffer_size);
file->input = i_stream_create_decrypt_callback(input,
fs_crypt_istream_get_key, file);
i_stream_unref(&input);
i_stream_ref(file->input);
return file->input;
}
static void fs_crypt_write_stream(struct fs_file *_file)
{
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
const char *error;
i_assert(_file->output == NULL);
if (fs_crypt_load_keys(file->fs, &error) < 0) {
_file->output = o_stream_create_error_str(EIO,
"Couldn't read settings: %s", error);
return;
}
if (file->fs->keys.public_key == NULL) {
if (_file->fs->set.debug)
i_debug("No public key provided, "
"NOT encrypting stream %s",
fs_file_path(_file));
file->super_output = fs_write_stream(_file->parent);
_file->output = file->super_output;
return;
}
enum io_stream_encrypt_flags flags;
if (strstr(file->fs->enc_algo, "gcm") != NULL ||
strstr(file->fs->enc_algo, "ccm") != NULL) {
flags = IO_STREAM_ENC_INTEGRITY_AEAD;
} else {
flags = IO_STREAM_ENC_INTEGRITY_HMAC;
}
file->temp_output =
iostream_temp_create_named(_file->fs->temp_path_prefix,
IOSTREAM_TEMP_FLAG_TRY_FD_DUP,
fs_file_path(_file));
_file->output = o_stream_create_encrypt(file->temp_output,
file->fs->enc_algo, file->fs->keys.public_key,
flags);
}
static int fs_crypt_write_stream_finish(struct fs_file *_file, bool success)
{
struct crypt_fs_file *file = (struct crypt_fs_file *)_file;
struct istream *input;
int ret;
if (_file->output != NULL) {
if (_file->output == file->super_output)
_file->output = NULL;
else
o_stream_unref(&_file->output);
}
if (!success) {
if (file->super_output != NULL) {
/* no encryption */
i_assert(file->temp_output == NULL);
fs_write_stream_abort_error(_file->parent, &file->super_output,
"write(%s) failed: %s",
o_stream_get_name(file->super_output),
o_stream_get_error(file->super_output));
} else {
o_stream_destroy(&file->temp_output);
}
return -1;
}
if (file->super_output != NULL) {
/* no encrypt */
i_assert(file->temp_output == NULL);
return fs_write_stream_finish(_file->parent, &file->super_output);
}
if (file->temp_output == NULL) {
/* finishing up */
i_assert(file->super_output == NULL);
return fs_write_stream_finish_async(_file->parent);
}
/* finish writing the temporary file */
input = iostream_temp_finish(&file->temp_output, IO_BLOCK_SIZE);
file->super_output = fs_write_stream(_file->parent);
o_stream_nsend_istream(file->super_output, input);
ret = fs_write_stream_finish(_file->parent, &file->super_output);
i_stream_unref(&input);
return ret;
}