[PATCH 3/3] cli: crypto: S/MIME verification/decryption support
authorJani Nikula <jani@nikula.org>
Sun, 18 Jan 2015 10:45:53 +0000 (12:45 +0200)
committerW. Trevor King <wking@tremily.us>
Sat, 20 Aug 2016 21:47:32 +0000 (14:47 -0700)
3e/948921d2063870be24f500a60b711149331fe9 [new file with mode: 0644]

diff --git a/3e/948921d2063870be24f500a60b711149331fe9 b/3e/948921d2063870be24f500a60b711149331fe9
new file mode 100644 (file)
index 0000000..e076c75
--- /dev/null
@@ -0,0 +1,199 @@
+Return-Path: <jani@nikula.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id C49E5431FD9\r
+       for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:57 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 1.738\r
+X-Spam-Level: *\r
+X-Spam-Status: No, score=1.738 tagged_above=-999 required=5\r
+       tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_LOW=-0.7]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id 6Z+4gY4wQbqL for <notmuch@notmuchmail.org>;\r
+       Sun, 18 Jan 2015 02:45:55 -0800 (PST)\r
+Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com\r
+       [209.85.212.180]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 420A3431FDC\r
+       for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:48 -0800 (PST)\r
+Received: by mail-wi0-f180.google.com with SMTP id bs8so11170790wib.1\r
+       for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:47 -0800 (PST)\r
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r
+       d=1e100.net; s=20130820;\r
+       h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\r
+       :references:in-reply-to:references;\r
+       bh=GAW1ZFHzuP3VpdY7t2TExsS+EKg2zM1d6UsYROwg/Ko=;\r
+       b=ghVl79pGC1/3cXtaMYWky58olohZX7oVVtOaUG9dQJrSX26E8GbLfUhQcWtTD7P/eA\r
+       gwF8I3BXwz0ydM4aQ0tb4H7jsikKF/O+08kq1+sajIoeTA7AZDPOSAeEZWCBNrD3YNgz\r
+       8IZbExoeLvTXQfdZFVfjT712ySxjheo6++lzx5QkdzkkTw+b0A/WPdhDqcXDxlHsoxl6\r
+       WQZQOtDyfoUqSzU9x9ChdCds64qzZX6cjx3NUsQBHSPvHC35PI8awSpOz3NUzwB6Pd4Q\r
+       LzNFA+QlADcfTkINEhh2TAoVWp6EOwDHrEltvqALPTO/nySnyWs3CeD/Blo3kj8tLS0f\r
+       o0qA==\r
+X-Gm-Message-State:\r
+ ALoCoQnmMFzo2WnUeYIkQnr+CUIX88iIvhISZpWS0kpdZGQ2Gg7lsfxzsPRc1B3xLD7RL8Qvjfls\r
+X-Received: by 10.194.179.166 with SMTP id dh6mr25422649wjc.87.1421577947339; \r
+       Sun, 18 Jan 2015 02:45:47 -0800 (PST)\r
+Received: from localhost (mobile-internet-bcee14-89.dhcp.inet.fi.\r
+       [188.238.20.89]) by mx.google.com with ESMTPSA id\r
+       bo3sm12904624wjb.44.2015.01.18.02.45.46\r
+       (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\r
+       Sun, 18 Jan 2015 02:45:46 -0800 (PST)\r
+From: Jani Nikula <jani@nikula.org>\r
+To: david@tethera.net,\r
+       notmuch@notmuchmail.org\r
+Subject: [PATCH 3/3] cli: crypto: S/MIME verification/decryption support\r
+Date: Sun, 18 Jan 2015 12:45:53 +0200\r
+Message-Id:\r
+ <dab06251b946c0c65a564874ee296a5ac5675d35.1421577605.git.jani@nikula.org>\r
+X-Mailer: git-send-email 2.1.4\r
+In-Reply-To: <cover.1421577605.git.jani@nikula.org>\r
+References: <1421568167-18683-3-git-send-email-david@tethera.net>\r
+       <cover.1421577605.git.jani@nikula.org>\r
+In-Reply-To: <cover.1421577605.git.jani@nikula.org>\r
+References: <cover.1421577605.git.jani@nikula.org>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sun, 18 Jan 2015 10:45:58 -0000\r
+\r
+The notmuch-show flags --decrypt and --verify will now also process\r
+S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm.\r
+\r
+Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.\r
+\r
+---\r
+\r
+id:1340995101-9616-2-git-send-email-jrollins@finestructure.net\r
+---\r
+ crypto.c         | 48 ++++++++++++++++++++++++++++++++++++++++++++++++\r
+ notmuch-client.h |  7 +++++--\r
+ 2 files changed, 53 insertions(+), 2 deletions(-)\r
+\r
+diff --git a/crypto.c b/crypto.c\r
+index 8e58dcca4ee5..8944cc5d4bcd 100644\r
+--- a/crypto.c\r
++++ b/crypto.c\r
+@@ -45,6 +45,29 @@ create_gpg_context (notmuch_crypto_t *crypto)\r
+     return gpgctx;\r
+ }\r
\r
++/* Create a PKCS7 context (GMime 2.6) */\r
++static notmuch_crypto_context_t *\r
++create_pkcs7_context (notmuch_crypto_t *crypto)\r
++{\r
++    notmuch_crypto_context_t *pkcs7ctx;\r
++\r
++    if (crypto->pkcs7ctx)\r
++      return crypto->pkcs7ctx;\r
++\r
++    /* TODO: GMimePasswordRequestFunc */\r
++    pkcs7ctx = g_mime_pkcs7_context_new (NULL);\r
++    if (! pkcs7ctx) {\r
++      fprintf (stderr, "Failed to construct pkcs7 context.\n");\r
++      return NULL;\r
++    }\r
++    crypto->pkcs7ctx = pkcs7ctx;\r
++\r
++    g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,\r
++                                         FALSE);\r
++\r
++    return pkcs7ctx;\r
++}\r
++\r
+ #else /* GMIME_ATLEAST_26 */\r
\r
+ /* Create a GPG context (GMime 2.4) */\r
+@@ -72,6 +95,14 @@ create_gpg_context (notmuch_crypto_t *crypto)\r
+     return gpgctx;\r
+ }\r
\r
++/* Create a PKCS7 context (GMime 2.4) */\r
++static notmuch_crypto_context_t *\r
++create_pkcs7_context (notmuch_crypto_t *crypto)\r
++{\r
++    fprintf (stderr, "pkcs7 is not supported in gmime 2.4.\n");\r
++    return NULL;\r
++}\r
++\r
+ #endif /* GMIME_ATLEAST_26 */\r
\r
+ static struct {\r
+@@ -86,6 +117,18 @@ static struct {\r
+       .protocol = "application/pgp-encrypted",\r
+       .get_context = create_gpg_context,\r
+     },\r
++    {\r
++      .protocol = "application/pkcs7-signature",\r
++      .get_context = create_pkcs7_context,\r
++    },\r
++    {\r
++      .protocol = "application/x-pkcs7-signature",\r
++      .get_context = create_pkcs7_context,\r
++    },\r
++    {\r
++      .protocol = "application/pkcs7-encrypted",\r
++      .get_context = create_pkcs7_context,\r
++    },\r
+ };\r
\r
+ /* for the specified protocol return the context pointer (initializing\r
+@@ -124,5 +167,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)\r
+       crypto->gpgctx = NULL;\r
+     }\r
\r
++    if (crypto->pkcs7ctx) {\r
++      g_object_unref (crypto->pkcs7ctx);\r
++      crypto->pkcs7ctx = NULL;\r
++    }\r
++\r
+     return 0;\r
+ }\r
+diff --git a/notmuch-client.h b/notmuch-client.h\r
+index 5e0d47508c6a..5f2a11ed8dc5 100644\r
+--- a/notmuch-client.h\r
++++ b/notmuch-client.h\r
+@@ -37,6 +37,8 @@\r
+ #ifdef GMIME_MAJOR_VERSION\r
+ #define GMIME_ATLEAST_26\r
+ typedef GMimeCryptoContext notmuch_crypto_context_t;\r
++/* This is automatically included only since gmime 2.6.10 */\r
++#include <gmime/gmime-pkcs7-context.h>\r
+ #else\r
+ typedef GMimeCipherContext notmuch_crypto_context_t;\r
+ #endif\r
+@@ -78,6 +80,7 @@ typedef struct notmuch_show_format {\r
\r
+ typedef struct notmuch_crypto {\r
+     notmuch_crypto_context_t* gpgctx;\r
++    notmuch_crypto_context_t* pkcs7ctx;\r
+     notmuch_bool_t verify;\r
+     notmuch_bool_t decrypt;\r
+ } notmuch_crypto_t;\r
+@@ -414,8 +417,8 @@ struct mime_node {\r
+ /* Construct a new MIME node pointing to the root message part of\r
+  * message. If crypto->verify is true, signed child parts will be\r
+  * verified. If crypto->decrypt is true, encrypted child parts will be\r
+- * decrypted.  If crypto->gpgctx is NULL, it will be lazily\r
+- * initialized.\r
++ * decrypted.  If the crypto contexts (crypto->gpgctx or\r
++ * crypto->pkcs7) are NULL, they will be lazily initialized.\r
+  *\r
+  * Return value:\r
+  *\r
+-- \r
+2.1.4\r
+\r