1 Return-Path: <bremner@tesseract.cs.unb.ca>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by arlo.cworth.org (Postfix) with ESMTP id 7FCD16DE18FE
\r
6 for <notmuch@notmuchmail.org>; Sun, 16 Aug 2015 10:43:24 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at cworth.org
\r
11 X-Spam-Status: No, score=0.126 tagged_above=-999 required=5 tests=[AWL=0.116,
\r
12 T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=disabled
\r
13 Received: from arlo.cworth.org ([127.0.0.1])
\r
14 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id aDsRWghoG00M for <notmuch@notmuchmail.org>;
\r
16 Sun, 16 Aug 2015 10:43:22 -0700 (PDT)
\r
17 Received: from gitolite.debian.net (gitolite.debian.net [87.98.215.224])
\r
18 by arlo.cworth.org (Postfix) with ESMTPS id 5DEC06DE17FE
\r
19 for <notmuch@notmuchmail.org>; Sun, 16 Aug 2015 10:43:20 -0700 (PDT)
\r
20 Received: from remotemail by gitolite.debian.net with local (Exim 4.80)
\r
21 (envelope-from <bremner@tesseract.cs.unb.ca>)
\r
22 id 1ZR1wK-0003by-IW; Sun, 16 Aug 2015 17:41:48 +0000
\r
23 Received: (nullmailer pid 26317 invoked by uid 1000); Sun, 16 Aug 2015
\r
25 From: David Bremner <david@tethera.net>
\r
26 To: notmuch@notmuchmail.org
\r
27 Subject: [PATCH 6/8] cli: crypto: S/MIME verification support
\r
28 Date: Sun, 16 Aug 2015 19:41:14 +0200
\r
29 Message-Id: <1439746876-23654-7-git-send-email-david@tethera.net>
\r
30 X-Mailer: git-send-email 2.5.0
\r
31 In-Reply-To: <1439746876-23654-1-git-send-email-david@tethera.net>
\r
32 References: <54CA467B.30408@gnome.org>
\r
33 <1439746876-23654-1-git-send-email-david@tethera.net>
\r
34 X-BeenThere: notmuch@notmuchmail.org
\r
35 X-Mailman-Version: 2.1.18
\r
37 List-Id: "Use and development of the notmuch mail system."
\r
38 <notmuch.notmuchmail.org>
\r
39 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
40 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
41 List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
\r
42 List-Post: <mailto:notmuch@notmuchmail.org>
\r
43 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
44 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
45 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
46 X-List-Received-Date: Sun, 16 Aug 2015 17:43:24 -0000
\r
48 From: Jani Nikula <jani@nikula.org>
\r
50 notmuch-show --verify will now also process S/MIME multiparts if
\r
51 encountered. Requires gmime-2.6 and gpgsm.
\r
53 Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
\r
55 crypto.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
\r
56 notmuch-client.h | 7 +++++--
\r
57 test/T355-smime.sh | 1 -
\r
58 3 files changed, 55 insertions(+), 3 deletions(-)
\r
60 diff --git a/crypto.c b/crypto.c
\r
61 index 11c167e..ce683d2 100644
\r
64 @@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto)
\r
68 +/* Create a PKCS7 context (GMime 2.6) */
\r
69 +static notmuch_crypto_context_t *
\r
70 +create_pkcs7_context (notmuch_crypto_t *crypto)
\r
72 + notmuch_crypto_context_t *pkcs7ctx;
\r
74 + if (crypto->pkcs7ctx)
\r
75 + return crypto->pkcs7ctx;
\r
77 + /* TODO: GMimePasswordRequestFunc */
\r
78 + pkcs7ctx = g_mime_pkcs7_context_new (NULL);
\r
80 + fprintf (stderr, "Failed to construct pkcs7 context.\n");
\r
83 + crypto->pkcs7ctx = pkcs7ctx;
\r
85 + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
\r
91 +static const struct {
\r
92 + const char *protocol;
\r
93 + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
\r
96 + .protocol = "application/pgp-signature",
\r
97 + .get_context = create_gpg_context,
\r
100 + .protocol = "application/pgp-encrypted",
\r
101 + .get_context = create_gpg_context,
\r
104 + .protocol = "application/pkcs7-signature",
\r
105 + .get_context = create_pkcs7_context,
\r
108 + .protocol = "application/x-pkcs7-signature",
\r
109 + .get_context = create_pkcs7_context,
\r
113 /* for the specified protocol return the context pointer (initializing
\r
115 notmuch_crypto_context_t *
\r
116 @@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
\r
117 crypto->gpgctx = NULL;
\r
120 + if (crypto->pkcs7ctx) {
\r
121 + g_object_unref (crypto->pkcs7ctx);
\r
122 + crypto->pkcs7ctx = NULL;
\r
127 diff --git a/notmuch-client.h b/notmuch-client.h
\r
128 index 1f82656..774b620 100644
\r
129 --- a/notmuch-client.h
\r
130 +++ b/notmuch-client.h
\r
132 #include <gmime/gmime.h>
\r
134 typedef GMimeCryptoContext notmuch_crypto_context_t;
\r
135 +/* This is automatically included only since gmime 2.6.10 */
\r
136 +#include <gmime/gmime-pkcs7-context.h>
\r
138 #include "notmuch.h"
\r
140 @@ -69,6 +71,7 @@ typedef struct notmuch_show_format {
\r
142 typedef struct notmuch_crypto {
\r
143 notmuch_crypto_context_t* gpgctx;
\r
144 + notmuch_crypto_context_t* pkcs7ctx;
\r
145 notmuch_bool_t verify;
\r
146 notmuch_bool_t decrypt;
\r
147 const char *gpgpath;
\r
148 @@ -406,8 +409,8 @@ struct mime_node {
\r
149 /* Construct a new MIME node pointing to the root message part of
\r
150 * message. If crypto->verify is true, signed child parts will be
\r
151 * verified. If crypto->decrypt is true, encrypted child parts will be
\r
152 - * decrypted. If crypto->gpgctx is NULL, it will be lazily
\r
154 + * decrypted. If the crypto contexts (crypto->gpgctx or
\r
155 + * crypto->pkcs7) are NULL, they will be lazily initialized.
\r
159 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
160 index b3cc76e..caedf5e 100755
\r
161 --- a/test/T355-smime.sh
\r
162 +++ b/test/T355-smime.sh
\r
163 @@ -56,7 +56,6 @@ EOF
\r
164 test_expect_equal_file OUTPUT EXPECTED
\r
166 test_begin_subtest "signature verification (notmuch CLI)"
\r
167 -test_subtest_known_broken
\r
168 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
\r
169 | notmuch_json_show_sanitize \
\r
170 | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
\r