1 Return-Path: <bremner@tethera.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by arlo.cworth.org (Postfix) with ESMTP id 3101F6DE1603
\r
6 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:55:06 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at cworth.org
\r
11 X-Spam-Status: No, score=-0.316 tagged_above=-999 required=5 tests=[AWL=0.235,
\r
12 RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled
\r
13 Received: from arlo.cworth.org ([127.0.0.1])
\r
14 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id BCN0fmvZ1n0c for <notmuch@notmuchmail.org>;
\r
16 Fri, 11 Dec 2015 05:55:04 -0800 (PST)
\r
17 Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197])
\r
18 by arlo.cworth.org (Postfix) with ESMTPS id A81616DE170E
\r
19 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:54:57 -0800 (PST)
\r
20 Received: from remotemail by fethera.tethera.net with local (Exim 4.84)
\r
21 (envelope-from <bremner@tethera.net>)
\r
22 id 1a7O9s-0000RV-AA; Fri, 11 Dec 2015 08:54:52 -0500
\r
23 Received: (nullmailer pid 11214 invoked by uid 1000);
\r
24 Fri, 11 Dec 2015 13:54:52 -0000
\r
25 From: David Bremner <david@tethera.net>
\r
26 To: notmuch@notmuchmail.org
\r
27 Subject: [Patch v2 6/8] cli: crypto: S/MIME verification support
\r
28 Date: Fri, 11 Dec 2015 09:54:45 -0400
\r
29 Message-Id: <1449842087-10972-7-git-send-email-david@tethera.net>
\r
30 X-Mailer: git-send-email 2.6.2
\r
31 In-Reply-To: <1449842087-10972-1-git-send-email-david@tethera.net>
\r
32 References: <1449842087-10972-1-git-send-email-david@tethera.net>
\r
33 X-BeenThere: notmuch@notmuchmail.org
\r
34 X-Mailman-Version: 2.1.20
\r
36 List-Id: "Use and development of the notmuch mail system."
\r
37 <notmuch.notmuchmail.org>
\r
38 List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
\r
39 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
40 List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
\r
41 List-Post: <mailto:notmuch@notmuchmail.org>
\r
42 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
43 List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
\r
44 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
45 X-List-Received-Date: Fri, 11 Dec 2015 13:55:06 -0000
\r
47 From: Jani Nikula <jani@nikula.org>
\r
49 notmuch-show --verify will now also process S/MIME multiparts if
\r
50 encountered. Requires gmime-2.6 and gpgsm.
\r
52 Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
\r
54 crypto.c | 35 +++++++++++++++++++++++++++++++++++
\r
55 notmuch-client.h | 7 +++++--
\r
56 test/T355-smime.sh | 1 -
\r
57 3 files changed, 40 insertions(+), 3 deletions(-)
\r
59 diff --git a/crypto.c b/crypto.c
\r
60 index feae949..3dabc97 100644
\r
63 @@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto)
\r
67 +/* Create a PKCS7 context (GMime 2.6) */
\r
68 +static notmuch_crypto_context_t *
\r
69 +create_pkcs7_context (notmuch_crypto_t *crypto)
\r
71 + notmuch_crypto_context_t *pkcs7ctx;
\r
73 + if (crypto->pkcs7ctx)
\r
74 + return crypto->pkcs7ctx;
\r
76 + /* TODO: GMimePasswordRequestFunc */
\r
77 + pkcs7ctx = g_mime_pkcs7_context_new (NULL);
\r
79 + fprintf (stderr, "Failed to construct pkcs7 context.\n");
\r
82 + crypto->pkcs7ctx = pkcs7ctx;
\r
84 + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
\r
89 static const struct {
\r
90 const char *protocol;
\r
91 notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
\r
92 @@ -55,6 +77,14 @@ static const struct {
\r
93 .protocol = "application/pgp-encrypted",
\r
94 .get_context = create_gpg_context,
\r
97 + .protocol = "application/pkcs7-signature",
\r
98 + .get_context = create_pkcs7_context,
\r
101 + .protocol = "application/x-pkcs7-signature",
\r
102 + .get_context = create_pkcs7_context,
\r
106 /* for the specified protocol return the context pointer (initializing
\r
107 @@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
\r
108 crypto->gpgctx = NULL;
\r
111 + if (crypto->pkcs7ctx) {
\r
112 + g_object_unref (crypto->pkcs7ctx);
\r
113 + crypto->pkcs7ctx = NULL;
\r
118 diff --git a/notmuch-client.h b/notmuch-client.h
\r
119 index 3bd2903..18e6c60 100644
\r
120 --- a/notmuch-client.h
\r
121 +++ b/notmuch-client.h
\r
123 #include <gmime/gmime.h>
\r
125 typedef GMimeCryptoContext notmuch_crypto_context_t;
\r
126 +/* This is automatically included only since gmime 2.6.10 */
\r
127 +#include <gmime/gmime-pkcs7-context.h>
\r
129 #include "notmuch.h"
\r
131 @@ -70,6 +72,7 @@ typedef struct notmuch_show_format {
\r
133 typedef struct notmuch_crypto {
\r
134 notmuch_crypto_context_t* gpgctx;
\r
135 + notmuch_crypto_context_t* pkcs7ctx;
\r
136 notmuch_bool_t verify;
\r
137 notmuch_bool_t decrypt;
\r
138 const char *gpgpath;
\r
139 @@ -407,8 +410,8 @@ struct mime_node {
\r
140 /* Construct a new MIME node pointing to the root message part of
\r
141 * message. If crypto->verify is true, signed child parts will be
\r
142 * verified. If crypto->decrypt is true, encrypted child parts will be
\r
143 - * decrypted. If crypto->gpgctx is NULL, it will be lazily
\r
145 + * decrypted. If the crypto contexts (crypto->gpgctx or
\r
146 + * crypto->pkcs7) are NULL, they will be lazily initialized.
\r
150 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
151 index b3cc76e..caedf5e 100755
\r
152 --- a/test/T355-smime.sh
\r
153 +++ b/test/T355-smime.sh
\r
154 @@ -56,7 +56,6 @@ EOF
\r
155 test_expect_equal_file OUTPUT EXPECTED
\r
157 test_begin_subtest "signature verification (notmuch CLI)"
\r
158 -test_subtest_known_broken
\r
159 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
\r
160 | notmuch_json_show_sanitize \
\r
161 | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
\r