- Bridge Node Support: Added functionality to manage mail (send/receive) on remote nodes via a bridge node. Full transparent management requires a private key on the bridge, while the remote node can operate with only a public key. - End-to-End Encryption (E2EE): Integrated E2EE using age. Encryption and decryption occur strictly at the bridge level; node administrators cannot access message content. - New Addressing Schema: Transitioned from nodepub@yggmail to userpub@nodepub. - Key Adaptation: Implemented ed25519 to x25519 coordinate adaptation, allowing signing keys to be used for encryption. Changed - Address Encoding: Switched from hex16 to base32 for the address space. - Memory Optimization: Replaced direct memory allocations with streaming for mail processing to reduce RAM overhead. - Code Refactoring: Performed decomposition of the original inherited codebase to improve maintainability. Fixed - Mail Updates: Fixed the mail retrieval mechanism to ensure near-instant updates for incoming messages. Changes to be committed: modified: .gitignore modified: README.md modified: cmd/yggmail/main.go modified: go.mod modified: go.sum new file: internal/account/manager.go new file: internal/account/session.go modified: internal/imapserver/backend.go modified: internal/imapserver/imap.go modified: internal/imapserver/mailbox.go modified: internal/imapserver/notify.go modified: internal/imapserver/user.go new file: internal/notify/notify.go new file: internal/notify/remote/remote.go new file: internal/remote/client.go new file: internal/remote/handlers.go new file: internal/remote/io.go new file: internal/remote/server.go new file: internal/remote/sign.go new file: internal/remote/types/request.pb.go new file: internal/remote/types/request.proto new file: internal/remote/types/response.pb.go new file: internal/remote/types/response.proto new file: internal/shell/shell.go modified: internal/smtpsender/sender.go modified: internal/smtpserver/backend.go modified: internal/smtpserver/session_local.go modified: internal/smtpserver/session_remote.go modified: internal/smtpserver/smtp.go new file: internal/storage/filestore/filestore.go new file: internal/storage/local/storage.go new file: internal/storage/remote/mail.go new file: internal/storage/remote/mailbox.go new file: internal/storage/remote/queue.go new file: internal/storage/remote/storage.go new file: internal/storage/remote/watch.go modified: internal/storage/sqlite3/sqlite3.go new file: internal/storage/sqlite3/table_accounts.go modified: internal/storage/sqlite3/table_mailboxes.go modified: internal/storage/sqlite3/table_mails.go modified: internal/storage/sqlite3/table_queue.go modified: internal/storage/storage.go modified: internal/storage/types/types.go modified: internal/utils/address.go new file: internal/utils/age/age.go new file: internal/utils/age/bech32/bech32.go new file: internal/utils/crypt.go new file: internal/utils/e2ee/crypt.go new file: internal/utils/e2ee/e2ee_test.go new file: internal/utils/e2ee/msg.go new file: internal/utils/x25519.go modified: internal/welcome/welcome.go
102 lines
2.1 KiB
Go
102 lines
2.1 KiB
Go
/*
|
|
* Copyright (c) 2026 Kaiy Ragur
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
package e2ee
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"fmt"
|
|
"io"
|
|
"net/mail"
|
|
"time"
|
|
|
|
"github.com/emersion/go-message"
|
|
"github.com/neilalexander/yggmail/internal/utils"
|
|
)
|
|
|
|
func EncryptFilter(
|
|
origMsg io.ReadSeeker,
|
|
fromAddr string,
|
|
rcptPk []ed25519.PublicKey,
|
|
mySign Signer,
|
|
myEnc Encryptor,
|
|
) (io.ReadCloser, error) {
|
|
packReader, err := EncryptPack(origMsg, rcptPk, mySign, myEnc)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to sign and encrypt: %w", err)
|
|
}
|
|
|
|
hdr := new(message.Header)
|
|
hdr.Set("From", fromAddr)
|
|
hdr.Set("Date", time.Now().Format(time.RFC1123Z))
|
|
hdr.Set("X-Yggmail-Encryption", "v1")
|
|
|
|
pr, pw := io.Pipe()
|
|
go func() {
|
|
tw, err := message.CreateWriter(pw, *hdr)
|
|
if err != nil {
|
|
pw.CloseWithError(err)
|
|
return
|
|
}
|
|
|
|
_, err = io.Copy(tw, packReader)
|
|
tw.Close()
|
|
pw.CloseWithError(err)
|
|
}()
|
|
|
|
return pr, nil
|
|
}
|
|
|
|
func DecryptFilter(r io.ReadSeeker, decryptor Decryptor) (io.ReadCloser, error) {
|
|
r.Seek(0, io.SeekStart)
|
|
|
|
msg, err := mail.ReadMessage(r)
|
|
if err != nil {
|
|
r.Seek(0, io.SeekStart)
|
|
return io.NopCloser(r), nil
|
|
}
|
|
|
|
if msg.Header.Get("X-Yggmail-Encryption") != "v1" {
|
|
r.Seek(0, io.SeekStart)
|
|
return io.NopCloser(r), nil
|
|
}
|
|
|
|
fromStr := msg.Header.Get("From")
|
|
fPk := extractPublicKey(fromStr)
|
|
if fPk == nil {
|
|
r.Seek(0, io.SeekStart)
|
|
return io.NopCloser(r), nil
|
|
}
|
|
|
|
innerVerify := func(data []byte, sig []byte) error {
|
|
if !ed25519.Verify(fPk, data, sig) {
|
|
return fmt.Errorf("inner signature invalid")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
decrypted, err := DecryptPack(msg.Body, decryptor, innerVerify)
|
|
if err != nil {
|
|
r.Seek(0, io.SeekStart)
|
|
return nil, fmt.Errorf("decrypt enc packet error: %w", err)
|
|
}
|
|
|
|
return decrypted, nil
|
|
}
|
|
func extractPublicKey(addr string) ed25519.PublicKey {
|
|
a, err := mail.ParseAddress(addr)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
addr = a.Address
|
|
_, aPk, err := utils.ParseAddress(addr)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return aPk
|
|
}
|