From: Jani Nikula <jani@nikula.org>
Date: Sun, 18 Jan 2015 10:45:53 +0000 (+0200)
Subject: [PATCH 3/3] cli: crypto: S/MIME verification/decryption support
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5da65d5f13a88a0ac83a6e092339a533b994542e;p=notmuch-archives.git

[PATCH 3/3] cli: crypto: S/MIME verification/decryption support
---

diff --git a/3e/948921d2063870be24f500a60b711149331fe9 b/3e/948921d2063870be24f500a60b711149331fe9
new file mode 100644
index 000000000..e076c75d2
--- /dev/null
+++ b/3e/948921d2063870be24f500a60b711149331fe9
@@ -0,0 +1,199 @@
+Return-Path: <jani@nikula.org>
+X-Original-To: notmuch@notmuchmail.org
+Delivered-To: notmuch@notmuchmail.org
+Received: from localhost (localhost [127.0.0.1])
+	by olra.theworths.org (Postfix) with ESMTP id C49E5431FD9
+	for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:57 -0800 (PST)
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
+X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
+X-Spam-Flag: NO
+X-Spam-Score: 1.738
+X-Spam-Level: *
+X-Spam-Status: No, score=1.738 tagged_above=-999 required=5
+	tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_LOW=-0.7]
+	autolearn=disabled
+Received: from olra.theworths.org ([127.0.0.1])
+	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
+	with ESMTP id 6Z+4gY4wQbqL for <notmuch@notmuchmail.org>;
+	Sun, 18 Jan 2015 02:45:55 -0800 (PST)
+Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com
+	[209.85.212.180]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
+	(No client certificate requested)
+	by olra.theworths.org (Postfix) with ESMTPS id 420A3431FDC
+	for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:48 -0800 (PST)
+Received: by mail-wi0-f180.google.com with SMTP id bs8so11170790wib.1
+	for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 02:45:47 -0800 (PST)
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+	d=1e100.net; s=20130820;
+	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
+	:references:in-reply-to:references;
+	bh=GAW1ZFHzuP3VpdY7t2TExsS+EKg2zM1d6UsYROwg/Ko=;
+	b=ghVl79pGC1/3cXtaMYWky58olohZX7oVVtOaUG9dQJrSX26E8GbLfUhQcWtTD7P/eA
+	gwF8I3BXwz0ydM4aQ0tb4H7jsikKF/O+08kq1+sajIoeTA7AZDPOSAeEZWCBNrD3YNgz
+	8IZbExoeLvTXQfdZFVfjT712ySxjheo6++lzx5QkdzkkTw+b0A/WPdhDqcXDxlHsoxl6
+	WQZQOtDyfoUqSzU9x9ChdCds64qzZX6cjx3NUsQBHSPvHC35PI8awSpOz3NUzwB6Pd4Q
+	LzNFA+QlADcfTkINEhh2TAoVWp6EOwDHrEltvqALPTO/nySnyWs3CeD/Blo3kj8tLS0f
+	o0qA==
+X-Gm-Message-State:
+ ALoCoQnmMFzo2WnUeYIkQnr+CUIX88iIvhISZpWS0kpdZGQ2Gg7lsfxzsPRc1B3xLD7RL8Qvjfls
+X-Received: by 10.194.179.166 with SMTP id dh6mr25422649wjc.87.1421577947339; 
+	Sun, 18 Jan 2015 02:45:47 -0800 (PST)
+Received: from localhost (mobile-internet-bcee14-89.dhcp.inet.fi.
+	[188.238.20.89]) by mx.google.com with ESMTPSA id
+	bo3sm12904624wjb.44.2015.01.18.02.45.46
+	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
+	Sun, 18 Jan 2015 02:45:46 -0800 (PST)
+From: Jani Nikula <jani@nikula.org>
+To: david@tethera.net,
+	notmuch@notmuchmail.org
+Subject: [PATCH 3/3] cli: crypto: S/MIME verification/decryption support
+Date: Sun, 18 Jan 2015 12:45:53 +0200
+Message-Id:
+ <dab06251b946c0c65a564874ee296a5ac5675d35.1421577605.git.jani@nikula.org>
+X-Mailer: git-send-email 2.1.4
+In-Reply-To: <cover.1421577605.git.jani@nikula.org>
+References: <1421568167-18683-3-git-send-email-david@tethera.net>
+	<cover.1421577605.git.jani@nikula.org>
+In-Reply-To: <cover.1421577605.git.jani@nikula.org>
+References: <cover.1421577605.git.jani@nikula.org>
+X-BeenThere: notmuch@notmuchmail.org
+X-Mailman-Version: 2.1.13
+Precedence: list
+List-Id: "Use and development of the notmuch mail system."
+	<notmuch.notmuchmail.org>
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>
+List-Post: <mailto:notmuch@notmuchmail.org>
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
+X-List-Received-Date: Sun, 18 Jan 2015 10:45:58 -0000
+
+The notmuch-show flags --decrypt and --verify will now also process
+S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm.
+
+Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
+
+---
+
+id:1340995101-9616-2-git-send-email-jrollins@finestructure.net
+---
+ crypto.c         | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ notmuch-client.h |  7 +++++--
+ 2 files changed, 53 insertions(+), 2 deletions(-)
+
+diff --git a/crypto.c b/crypto.c
+index 8e58dcca4ee5..8944cc5d4bcd 100644
+--- a/crypto.c
++++ b/crypto.c
+@@ -45,6 +45,29 @@ create_gpg_context (notmuch_crypto_t *crypto)
+     return gpgctx;
+ }
+ 
++/* Create a PKCS7 context (GMime 2.6) */
++static notmuch_crypto_context_t *
++create_pkcs7_context (notmuch_crypto_t *crypto)
++{
++    notmuch_crypto_context_t *pkcs7ctx;
++
++    if (crypto->pkcs7ctx)
++	return crypto->pkcs7ctx;
++
++    /* TODO: GMimePasswordRequestFunc */
++    pkcs7ctx = g_mime_pkcs7_context_new (NULL);
++    if (! pkcs7ctx) {
++	fprintf (stderr, "Failed to construct pkcs7 context.\n");
++	return NULL;
++    }
++    crypto->pkcs7ctx = pkcs7ctx;
++
++    g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
++					   FALSE);
++
++    return pkcs7ctx;
++}
++
+ #else /* GMIME_ATLEAST_26 */
+ 
+ /* Create a GPG context (GMime 2.4) */
+@@ -72,6 +95,14 @@ create_gpg_context (notmuch_crypto_t *crypto)
+     return gpgctx;
+ }
+ 
++/* Create a PKCS7 context (GMime 2.4) */
++static notmuch_crypto_context_t *
++create_pkcs7_context (notmuch_crypto_t *crypto)
++{
++    fprintf (stderr, "pkcs7 is not supported in gmime 2.4.\n");
++    return NULL;
++}
++
+ #endif /* GMIME_ATLEAST_26 */
+ 
+ static struct {
+@@ -86,6 +117,18 @@ static struct {
+ 	.protocol = "application/pgp-encrypted",
+ 	.get_context = create_gpg_context,
+     },
++    {
++	.protocol = "application/pkcs7-signature",
++	.get_context = create_pkcs7_context,
++    },
++    {
++	.protocol = "application/x-pkcs7-signature",
++	.get_context = create_pkcs7_context,
++    },
++    {
++	.protocol = "application/pkcs7-encrypted",
++	.get_context = create_pkcs7_context,
++    },
+ };
+ 
+ /* for the specified protocol return the context pointer (initializing
+@@ -124,5 +167,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
+ 	crypto->gpgctx = NULL;
+     }
+ 
++    if (crypto->pkcs7ctx) {
++	g_object_unref (crypto->pkcs7ctx);
++	crypto->pkcs7ctx = NULL;
++    }
++
+     return 0;
+ }
+diff --git a/notmuch-client.h b/notmuch-client.h
+index 5e0d47508c6a..5f2a11ed8dc5 100644
+--- a/notmuch-client.h
++++ b/notmuch-client.h
+@@ -37,6 +37,8 @@
+ #ifdef GMIME_MAJOR_VERSION
+ #define GMIME_ATLEAST_26
+ typedef GMimeCryptoContext notmuch_crypto_context_t;
++/* This is automatically included only since gmime 2.6.10 */
++#include <gmime/gmime-pkcs7-context.h>
+ #else
+ typedef GMimeCipherContext notmuch_crypto_context_t;
+ #endif
+@@ -78,6 +80,7 @@ typedef struct notmuch_show_format {
+ 
+ typedef struct notmuch_crypto {
+     notmuch_crypto_context_t* gpgctx;
++    notmuch_crypto_context_t* pkcs7ctx;
+     notmuch_bool_t verify;
+     notmuch_bool_t decrypt;
+ } notmuch_crypto_t;
+@@ -414,8 +417,8 @@ struct mime_node {
+ /* Construct a new MIME node pointing to the root message part of
+  * message. If crypto->verify is true, signed child parts will be
+  * verified. If crypto->decrypt is true, encrypted child parts will be
+- * decrypted.  If crypto->gpgctx is NULL, it will be lazily
+- * initialized.
++ * decrypted.  If the crypto contexts (crypto->gpgctx or
++ * crypto->pkcs7) are NULL, they will be lazily initialized.
+  *
+  * Return value:
+  *
+-- 
+2.1.4
+