diff --git a/README.md b/README.md index b1a8185..61bd5c5 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ # exim-encrypt-dlfunc This library injects functions for string encryption and decryption into [exim4](https://www.exim.org/). It is basically -a little glue code to parts of the [libsodium library](https://github.com/jedisct1/libsodium) -to exim at runtime. +glue code that exports certain parts of the [libsodium library](https://github.com/jedisct1/libsodium) to exim at runtime. ## Installation @@ -11,37 +10,31 @@ These instructions are currently only tested on Debian Linux. 1. Install development tools and libsodium development files: ```shell -apt-get install build-essential exim4-dev libsodium-dev +apt-get build-essential exim4-dev libsodium-dev meson pkg-config openssl exim4-daemon-heavy ``` 2. Clone this repository: ```shell git clone https://git.scc.kit.edu/mail/exim-encrypt-dlfunc.git -cd exim-encrypt-dlfunc/src +cd exim-encrypt-dlfunc ``` -3. Build `genkey` if needed (see below for an explanation): +3. Build and test everything: ```shell -make genkey -``` - -4. Build the library: - -```shell -make +meson build # run only once +cd build +ninja ``` 5. Copy to final destination (feel free to pick another place than `/usr/local/lib/`): -```shell -sudo install --group=Debian-exim --owner=Debian-exim libexim-encrypt-dlfunc.so /usr/local/lib/ -``` +TBD… -6. Ensure you have the correct exim flavor: +6. Ensure you have the correct exim build: - Not every flavor of exim is able to load libraries at runtime. Please refer to the + Not every build of exim is able to load libraries at runtime. Please refer to the [documentation](https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html) of the `${dlfunc{…}}` function for details. exim from the debian package `exim4-daemon-heavy` meets all the requirements. @@ -63,11 +56,11 @@ Public key encryption that uses a key pair that needs to be created beforehand: * `sodium_crypto_box_seal_open(private key, public key, ciphertext) → cleartext` The second pair needs a proper key pair in the correct format. This is what the -`genkey` utility is for. Simply run it once to generate a pair. Be aware that every invocation will overwrite the -previous key pair without confirmation! Please save both parts in a safe place before proceeding. +`generate_encryption_keys` utility is for. Simply run it once to generate a pair. Be aware that every invocation will +overwrite the previous key pair without confirmation! Please save both parts in a safe place before proceeding. ```shell -$ ./genkey +$ ./generate_encryption_keys === Creating cryptobox key pair === Wrote »cryptobox_recipient_pk_exim.conf« Wrote »cryptobox_recipient_pk.raw« @@ -75,8 +68,8 @@ $ ./genkey Wrote »cryptobox_recipient_sk.raw ``` -The `*_exim.conf` files contain the keys in a format that can simply be pasted into -`exim.conf` (the first line contains the key as C code and can usually be discarded): +The `*_exim.conf` files contain the keys in a format that can simply be used in +`exim.conf` (the first line contains the key as a C code comment and can usually be discarded): ```shell $ cat cryptobox_recipient_pk_exim.conf diff --git a/src/Makefile b/src/Makefile deleted file mode 100644 index 5964293..0000000 --- a/src/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -CC=gcc -CFLAGS=-I/usr/include/exim4 -g -LDFLAGS=-lsodium -LDFLAGS_LIB=-fpic -shared - -.PHONY: clean all - -.DEFAULT_GOAL := all - -libexim-encrypt-dlfunc.so: libexim-encrypt-dlfunc.c - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) $(LDFLAGS_LIB) - -genkey: genkey.c - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) - -clean: - rm -f libexim-encrypt-dlfunc.so genkey - -all: libexim-encrypt-dlfunc.so genkey diff --git a/src/genkey.c b/src/generate_encryption_keys.c similarity index 95% rename from src/genkey.c rename to src/generate_encryption_keys.c index 03a52d3..3fc43a7 100644 --- a/src/genkey.c +++ b/src/generate_encryption_keys.c @@ -5,7 +5,7 @@ bool key_contains_zero(unsigned char *key, unsigned int keylen) { bool has_zero = false; - for (int i = 0; i < keylen; i++) { + for (unsigned int i = 0; i < keylen; i++) { if (key[i] == 0) { has_zero = true; } @@ -18,7 +18,7 @@ dump_key_as_c_code(FILE * f, const char *name, unsigned char *key, unsigned int keylen) { fprintf(f, "const unsigned char %s[] = { ", name); - for (int i = 0; i < keylen; i++) { + for (unsigned int i = 0; i < keylen; i++) { fprintf(f, "0x%02x", key[i]); if (i < keylen - 1) { fprintf(f, ", "); @@ -34,7 +34,7 @@ dump_key_as_exim_config(FILE * f, const char *name, unsigned char *key, { // write a comment with C variable declaration fprintf(f, "# const unsigned char %s[%d] = { ", name, keylen); - for (int i = 0; i < keylen; i++) { + for (unsigned int i = 0; i < keylen; i++) { fprintf(f, "0x%02x", key[i]); if (i < keylen - 1) { fprintf(f, ", "); @@ -132,7 +132,7 @@ void create_secretbox_key(const char *filebase, const char *varname) { write_key_files(key_filename, key_varname, key, crypto_secretbox_KEYBYTES); } -int main(int argc, char *argv[]) { +int main(void) { if (sodium_init() < 0) { fputs("Unable to initialize libsodium", stderr); exit(128); diff --git a/src/meson.build b/src/meson.build index de5ab0a..c263e62 100644 --- a/src/meson.build +++ b/src/meson.build @@ -2,7 +2,7 @@ configure_file( output: 'config.h', configuration: conf_data) -executable('genkey', 'genkey.c', dependencies : [ sodium_deps ] ) +executable('generate_encryption_keys', 'generate_encryption_keys.c', dependencies : [ sodium_deps ] ) shared_library('exim-encrypt-dlfunc', 'libexim-encrypt-dlfunc.c', dependencies : [ sodium_deps ],