1 Return-Path: <david@tethera.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id B2132431FD7
\r
6 for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 23:37:54 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id r-s6PkguBvSK for <notmuch@notmuchmail.org>;
\r
16 Tue, 27 Jan 2015 23:37:08 -0800 (PST)
\r
17 Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net
\r
19 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
\r
20 (No client certificate requested)
\r
21 by olra.theworths.org (Postfix) with ESMTPS id 41B3E431FAF
\r
22 for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 23:37:08 -0800 (PST)
\r
23 Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim
\r
24 4.80) (envelope-from <david@tethera.net>)
\r
25 id 1YGNAw-0005LT-Eh; Wed, 28 Jan 2015 07:36:34 +0000
\r
26 Received: (nullmailer pid 19171 invoked by uid 1000); Wed, 28 Jan 2015
\r
28 From: David Bremner <david@tethera.net>
\r
29 To: notmuch@notmuchmail.org
\r
30 Subject: Re: [Patch v4 5/5] test: add broken test for SMIME decryption with
\r
32 In-Reply-To: <87h9vdup0j.fsf@maritornes.cs.unb.ca>
\r
33 References: <1421568167-18683-1-git-send-email-david@tethera.net>
\r
34 <1421568167-18683-6-git-send-email-david@tethera.net>
\r
35 <87h9vdup0j.fsf@maritornes.cs.unb.ca>
\r
36 User-Agent: Notmuch/0.19+48~gb74ed1c (http://notmuchmail.org) Emacs/24.4.1
\r
37 (x86_64-pc-linux-gnu)
\r
38 Date: Wed, 28 Jan 2015 08:36:21 +0100
\r
39 Message-ID: <87h9vbbbm2.fsf@maritornes.cs.unb.ca>
\r
41 Content-Type: multipart/mixed; boundary="=-=-="
\r
42 X-BeenThere: notmuch@notmuchmail.org
\r
43 X-Mailman-Version: 2.1.13
\r
45 List-Id: "Use and development of the notmuch mail system."
\r
46 <notmuch.notmuchmail.org>
\r
47 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
48 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
49 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
50 List-Post: <mailto:notmuch@notmuchmail.org>
\r
51 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
52 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
53 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
54 X-List-Received-Date: Wed, 28 Jan 2015 07:37:56 -0000
\r
57 Content-Type: text/plain
\r
59 David Bremner <david@tethera.net> writes:
\r
61 > David Bremner <david@tethera.net> writes:
\r
63 >> The test JSON here is not correct, but the larger problem is thatit
\r
64 >> seems like no actual decryption is being done.
\r
66 > I played with this some more, and it seems like Jamie's code (and the
\r
67 > gmime sample code [1] expects the top level part to be
\r
68 > multipart/encrypted.
\r
70 By repeated bludgeoning I convinced notmuch show to actually run the
\r
71 decryption code, but then I hit another problem: there isn't an obvious
\r
72 high level way to decrypt an application/(x)-pkcs7-mime part (and the
\r
73 current code only works for multipart/encrypted). It should
\r
74 be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but
\r
75 that seems like quite a bit more work than calling
\r
76 g_mime_multipart_encrypted_decrypt.
\r
80 Content-Type: text/x-diff
\r
81 Content-Disposition: inline; filename=smime.diff
\r
83 diff --git a/mime-node.c b/mime-node.c
\r
84 index fd9e4a4..7019be7 100644
\r
87 @@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res)
\r
93 +_is_smime_encrypted_part (GMimeObject *part) {
\r
95 + GMimeContentType *content_type = g_mime_object_get_content_type(part);
\r
96 + if (content_type) {
\r
97 + return g_mime_content_type_is_type (content_type, "application",
\r
99 + g_mime_content_type_is_type (content_type, "application",
\r
106 mime_node_open (const void *ctx, notmuch_message_t *message,
\r
107 notmuch_crypto_t *crypto, mime_node_t **root_out)
\r
108 @@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
\r
112 - if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt)
\r
113 + if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part))
\r
114 + && node->ctx->crypto->decrypt)
\r
115 || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
\r
116 GMimeContentType *content_type = g_mime_object_get_content_type (part);
\r
117 const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
\r
119 + if (_is_smime_encrypted_part (part)) {
\r
120 + protocol = "application/pkcs7-encrypted";
\r
123 cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol);
\r
126 - /* Handle PGP/MIME parts */
\r
127 - if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) {
\r
128 - if (node->nchildren != 2) {
\r
129 - /* this violates RFC 3156 section 4, so we won't bother with it. */
\r
130 - fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
\r
131 - "message (must be exactly 2)\n",
\r
132 - node->nchildren);
\r
134 + /* Are we ready and able to decrypt something ? */
\r
135 + if (node->ctx->crypto->decrypt && cryptoctx) {
\r
136 + if (_is_smime_encrypted_part (part)) {
\r
137 node_decrypt_and_verify (node, part, cryptoctx);
\r
138 + } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
\r
139 + /* Handle PGP/MIME parts */
\r
140 + if (node->nchildren != 2) {
\r
141 + /* this violates RFC 3156 section 4, so we won't bother with it. */
\r
142 + fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
\r
143 + "message (must be exactly 2)\n",
\r
144 + node->nchildren);
\r
146 + node_decrypt_and_verify (node, part, cryptoctx);
\r
149 } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) {
\r
150 if (node->nchildren != 2) {
\r