From: Jani Nikula Date: Sat, 26 Sep 2015 11:58:41 +0000 (+0300) Subject: Re: [PATCH 6/8] cli: crypto: S/MIME verification support X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=12c580e03f78d45aa8b83785bcdd91c249e1679c;p=notmuch-archives.git Re: [PATCH 6/8] cli: crypto: S/MIME verification support --- diff --git a/5d/2faac5abe2dade86ce61d17e8b24a0debe7ca5 b/5d/2faac5abe2dade86ce61d17e8b24a0debe7ca5 new file mode 100644 index 000000000..e54285d39 --- /dev/null +++ b/5d/2faac5abe2dade86ce61d17e8b24a0debe7ca5 @@ -0,0 +1,206 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id CCB1B6DE02D2 + for ; Sat, 26 Sep 2015 04:59:03 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.165 +X-Spam-Level: +X-Spam-Status: No, score=-0.165 tagged_above=-999 required=5 + tests=[AWL=-0.189, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, + RCVD_IN_MSPIKE_WL=-0.01, URIBL_SBL=0.644, URIBL_SBL_A=0.1] + autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id EWWG6s_GSnTV for ; + Sat, 26 Sep 2015 04:59:02 -0700 (PDT) +Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com + [209.85.212.169]) + by arlo.cworth.org (Postfix) with ESMTPS id 9823B6DE0298 + for ; Sat, 26 Sep 2015 04:59:01 -0700 (PDT) +Received: by wicfx3 with SMTP id fx3so48325526wic.0 + for ; Sat, 26 Sep 2015 04:59:00 -0700 (PDT) +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:from:to:subject:in-reply-to:references + :user-agent:date:message-id:mime-version:content-type; + bh=L4QKMhpPrTIOx2qiMH/utGh+iDvkdoraIcBTfsGb+UA=; + b=hZmG0p8CXNzl5pIuQ21PZNC9Df2iK35MvEpssQiFy9cmUTu8rtqyrQ0muYTkk2ZXWc + lvT5ISe6DUF9/MNAb6oPIQ6GG67R0BLOfr+c2Scbdg3f/k4b74xEOqP+bUrbr5/iEUxi + dc7/wTxfQxLclXcORMlvslH7DPt/iKuwVZ4a1yNHknJtZQ/SRTOLVGHG0PBcR9JhdxbN + uFBAuB334hb2jDvlIyCbfkiO+9WfFG6Rj7Qio+AaZkDGPhOFbuGffU36AwU8EK9BXwJB + YBl63PvgeH2y5vjyMH7Hk4icrePdGJOmTSfvNo/LT732tKHoVJBqjViIr/my/Fv8vRg0 + 49qA== +X-Gm-Message-State: + ALoCoQmdvHDSZhgcrGhf+6Ct3OR+2+DJEr+PuYyn7PzVCHHxoR3MFCSmxuRP6w3x/Xiq5i88/x7W +X-Received: by 10.194.110.37 with SMTP id hx5mr11554063wjb.149.1443268739965; + Sat, 26 Sep 2015 04:58:59 -0700 (PDT) +Received: from localhost (mobile-access-bcee63-221.dhcp.inet.fi. + [188.238.99.221]) + by smtp.gmail.com with ESMTPSA id lm3sm8039209wjc.39.2015.09.26.04.58.59 + (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); + Sat, 26 Sep 2015 04:58:59 -0700 (PDT) +From: Jani Nikula +To: David Bremner , notmuch@notmuchmail.org +Subject: Re: [PATCH 6/8] cli: crypto: S/MIME verification support +In-Reply-To: <1439746876-23654-7-git-send-email-david@tethera.net> +References: <54CA467B.30408@gnome.org> + <1439746876-23654-1-git-send-email-david@tethera.net> + <1439746876-23654-7-git-send-email-david@tethera.net> +User-Agent: Notmuch/0.20.2+66~gb33abd9 (http://notmuchmail.org) Emacs/24.4.1 + (x86_64-pc-linux-gnu) +Date: Sat, 26 Sep 2015 14:58:41 +0300 +Message-ID: <87bncpmlxq.fsf@nikula.org> +MIME-Version: 1.0 +Content-Type: text/plain +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sat, 26 Sep 2015 11:59:03 -0000 + +On Sun, 16 Aug 2015, David Bremner wrote: +> From: Jani Nikula +> +> notmuch-show --verify will now also process S/MIME multiparts if +> encountered. Requires gmime-2.6 and gpgsm. +> +> Based on work by Jameson Graef Rollins . +> --- +> crypto.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ +> notmuch-client.h | 7 +++++-- +> test/T355-smime.sh | 1 - +> 3 files changed, 55 insertions(+), 3 deletions(-) +> +> diff --git a/crypto.c b/crypto.c +> index 11c167e..ce683d2 100644 +> --- a/crypto.c +> +++ b/crypto.c +> @@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto) +> return gpgctx; +> } +> +> +/* Create a PKCS7 context (GMime 2.6) */ +> +static notmuch_crypto_context_t * +> +create_pkcs7_context (notmuch_crypto_t *crypto) +> +{ +> + notmuch_crypto_context_t *pkcs7ctx; +> + +> + if (crypto->pkcs7ctx) +> + return crypto->pkcs7ctx; +> + +> + /* TODO: GMimePasswordRequestFunc */ +> + pkcs7ctx = g_mime_pkcs7_context_new (NULL); +> + if (! pkcs7ctx) { +> + fprintf (stderr, "Failed to construct pkcs7 context.\n"); +> + return NULL; +> + } +> + crypto->pkcs7ctx = pkcs7ctx; +> + +> + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, +> + FALSE); +> + +> + return pkcs7ctx; +> +} +> + +> +static const struct { +> + const char *protocol; +> + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); +> +} protocols[] = { +> + { +> + .protocol = "application/pgp-signature", +> + .get_context = create_gpg_context, +> + }, +> + { +> + .protocol = "application/pgp-encrypted", +> + .get_context = create_gpg_context, +> + }, +> + { +> + .protocol = "application/pkcs7-signature", +> + .get_context = create_pkcs7_context, +> + }, +> + { +> + .protocol = "application/x-pkcs7-signature", +> + .get_context = create_pkcs7_context, +> + }, +> +}; + +The array itself should be added in patch 2 as it depends on it, and +this patch should only add the pkcs7 ones. I guess this got broken at +some rebase. + +BR, +Jani. + + +> + +> /* for the specified protocol return the context pointer (initializing +> * if needed) */ +> notmuch_crypto_context_t * +> @@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) +> crypto->gpgctx = NULL; +> } +> +> + if (crypto->pkcs7ctx) { +> + g_object_unref (crypto->pkcs7ctx); +> + crypto->pkcs7ctx = NULL; +> + } +> + +> return 0; +> } +> diff --git a/notmuch-client.h b/notmuch-client.h +> index 1f82656..774b620 100644 +> --- a/notmuch-client.h +> +++ b/notmuch-client.h +> @@ -31,6 +31,8 @@ +> #include +> +> typedef GMimeCryptoContext notmuch_crypto_context_t; +> +/* This is automatically included only since gmime 2.6.10 */ +> +#include +> +> #include "notmuch.h" +> +> @@ -69,6 +71,7 @@ typedef struct notmuch_show_format { +> +> typedef struct notmuch_crypto { +> notmuch_crypto_context_t* gpgctx; +> + notmuch_crypto_context_t* pkcs7ctx; +> notmuch_bool_t verify; +> notmuch_bool_t decrypt; +> const char *gpgpath; +> @@ -406,8 +409,8 @@ struct mime_node { +> /* Construct a new MIME node pointing to the root message part of +> * message. If crypto->verify is true, signed child parts will be +> * verified. If crypto->decrypt is true, encrypted child parts will be +> - * decrypted. If crypto->gpgctx is NULL, it will be lazily +> - * initialized. +> + * decrypted. If the crypto contexts (crypto->gpgctx or +> + * crypto->pkcs7) are NULL, they will be lazily initialized. +> * +> * Return value: +> * +> diff --git a/test/T355-smime.sh b/test/T355-smime.sh +> index b3cc76e..caedf5e 100755 +> --- a/test/T355-smime.sh +> +++ b/test/T355-smime.sh +> @@ -56,7 +56,6 @@ EOF +> test_expect_equal_file OUTPUT EXPECTED +> +> test_begin_subtest "signature verification (notmuch CLI)" +> -test_subtest_known_broken +> output=$(notmuch show --format=json --verify subject:"test signed message 001" \ +> | notmuch_json_show_sanitize \ +> | sed -e 's|"created": [1234567890]*|"created": 946728000|' \ +> -- +> 2.5.0