static
void i_stream_decrypt_destroy(struct iostream_private *stream)
{
struct decrypt_istream *dstream =
(struct decrypt_istream *)stream;
if (dstream->buf != NULL)
buffer_free(&dstream->buf);
if (dstream->iv != NULL)
i_free_and_null(dstream->iv);
if (dstream->ctx_sym != NULL)
dcrypt_ctx_sym_destroy(&(dstream->ctx_sym));
if (dstream->ctx_mac != NULL)
dcrypt_ctx_hmac_destroy(&(dstream->ctx_mac));
if (dstream->priv_key != NULL)
dcrypt_key_unref_private(&(dstream->priv_key));
i_stream_unref(&(dstream->istream.parent));
}
static int
mail_crypt_mail_save_begin(struct mail_save_context *ctx,
struct istream *input)
{
const char *pubid;
struct mailbox *box = ctx->transaction->box;
struct mail_crypt_mailbox *mbox = MAIL_CRYPT_CONTEXT(box);
struct mail_crypt_user *muser =
MAIL_CRYPT_USER_CONTEXT(box->storage->user);
i_assert(muser != NULL);
enum io_stream_encrypt_flags enc_flags;
if (muser->save_version == 1) {
enc_flags = IO_STREAM_ENC_VERSION_1;
} else if (muser->save_version == 2) {
enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
} else {
i_assert(muser->save_version == 0);
i_panic("mail_crypt_mail_save_begin not supposed to be called"
"when mail_crypt_save_version is 0");
}
if (mbox->module_ctx.super.save_begin(ctx, input) < 0)
return -1;
struct dcrypt_public_key *pub_key;
if (muser->global_keys.public_key != NULL)
pub_key = muser->global_keys.public_key;
else if (mbox->pub_key != NULL)
pub_key = mbox->pub_key;
else {
const char *error;
int ret;
if ((ret = mail_crypt_box_get_public_key(box, &pub_key,
&error)) <= 0)
{
struct dcrypt_keypair pair;
if (ret < 0) {
mail_storage_set_error(box->storage,
MAIL_ERROR_PARAMS,
t_strdup_printf("get_public_key(%s) failed: %s",
mailbox_get_vname(box),
error));
return ret;
}
if (muser->save_version < 2) {
mail_storage_set_error(box->storage,
MAIL_ERROR_PARAMS,
t_strdup_printf("generate_keypair(%s) failed: "
"unsupported save_version=%d",
mailbox_get_vname(box),
muser->save_version));
return -1;
}
if (mail_crypt_box_generate_keypair(box, &pair, NULL,
&pubid, &error) < 0) {
mail_storage_set_error(box->storage,
MAIL_ERROR_PARAMS,
t_strdup_printf("generate_keypair(%s) failed: %s",
mailbox_get_vname(box),
error));
return -1;
}
pub_key = pair.pub;
dcrypt_key_unref_private(&pair.priv);
}
mbox->pub_key = pub_key;
}
/* encryption is the outermost layer (zlib etc. are inside) */
struct ostream *output = o_stream_create_encrypt(ctx->data.output,
MAIL_CRYPT_ENC_ALGORITHM, pub_key, enc_flags);
o_stream_unref(&ctx->data.output);
ctx->data.output = output;
o_stream_cork(ctx->data.output);
return 0;
}
