From: David Bremner Date: Wed, 28 Jan 2015 07:36:21 +0000 (+0100) Subject: Re: [Patch v4 5/5] test: add broken test for SMIME decryption with notmuch CLI X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5f6858e9d1964a8e467973ad32f13ff0a92b7e28;p=notmuch-archives.git Re: [Patch v4 5/5] test: add broken test for SMIME decryption with notmuch CLI --- diff --git a/95/253b98c5183c25680a9ec270789d3165ed88c8 b/95/253b98c5183c25680a9ec270789d3165ed88c8 new file mode 100644 index 000000000..23b8d7566 --- /dev/null +++ b/95/253b98c5183c25680a9ec270789d3165ed88c8 @@ -0,0 +1,152 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id B2132431FD7 + for ; Tue, 27 Jan 2015 23:37:54 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 2.438 +X-Spam-Level: ** +X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id r-s6PkguBvSK for ; + Tue, 27 Jan 2015 23:37:08 -0800 (PST) +Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net + [87.98.215.224]) + (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 41B3E431FAF + for ; Tue, 27 Jan 2015 23:37:08 -0800 (PST) +Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim + 4.80) (envelope-from ) + id 1YGNAw-0005LT-Eh; Wed, 28 Jan 2015 07:36:34 +0000 +Received: (nullmailer pid 19171 invoked by uid 1000); Wed, 28 Jan 2015 + 07:36:21 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: Re: [Patch v4 5/5] test: add broken test for SMIME decryption with + notmuch CLI +In-Reply-To: <87h9vdup0j.fsf@maritornes.cs.unb.ca> +References: <1421568167-18683-1-git-send-email-david@tethera.net> + <1421568167-18683-6-git-send-email-david@tethera.net> + <87h9vdup0j.fsf@maritornes.cs.unb.ca> +User-Agent: Notmuch/0.19+48~gb74ed1c (http://notmuchmail.org) Emacs/24.4.1 + (x86_64-pc-linux-gnu) +Date: Wed, 28 Jan 2015 08:36:21 +0100 +Message-ID: <87h9vbbbm2.fsf@maritornes.cs.unb.ca> +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="=-=-=" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Wed, 28 Jan 2015 07:37:56 -0000 + +--=-=-= +Content-Type: text/plain + +David Bremner writes: + +> David Bremner writes: +> +>> The test JSON here is not correct, but the larger problem is thatit +>> seems like no actual decryption is being done. +> +> I played with this some more, and it seems like Jamie's code (and the +> gmime sample code [1] expects the top level part to be +> multipart/encrypted. + +By repeated bludgeoning I convinced notmuch show to actually run the +decryption code, but then I hit another problem: there isn't an obvious +high level way to decrypt an application/(x)-pkcs7-mime part (and the +current code only works for multipart/encrypted). It should +be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but +that seems like quite a bit more work than calling +g_mime_multipart_encrypted_decrypt. + + +--=-=-= +Content-Type: text/x-diff +Content-Disposition: inline; filename=smime.diff + +diff --git a/mime-node.c b/mime-node.c +index fd9e4a4..7019be7 100644 +--- a/mime-node.c ++++ b/mime-node.c +@@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res) + return 0; + } + ++static ++notmuch_bool_t ++_is_smime_encrypted_part (GMimeObject *part) { ++ ++ GMimeContentType *content_type = g_mime_object_get_content_type(part); ++ if (content_type) { ++ return g_mime_content_type_is_type (content_type, "application", ++ "pkcs7-mime") || ++ g_mime_content_type_is_type (content_type, "application", ++ "x-pkcs7-mime"); ++ } ++ return FALSE; ++} ++ + notmuch_status_t + mime_node_open (const void *ctx, notmuch_message_t *message, + notmuch_crypto_t *crypto, mime_node_t **root_out) +@@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) + return NULL; + } + +- if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) ++ if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part)) ++ && node->ctx->crypto->decrypt) + || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { + GMimeContentType *content_type = g_mime_object_get_content_type (part); + const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); ++ if (!protocol) { ++ if (_is_smime_encrypted_part (part)) { ++ protocol = "application/pkcs7-encrypted"; ++ } ++ } + cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol); + } + +- /* Handle PGP/MIME parts */ +- if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) { +- if (node->nchildren != 2) { +- /* this violates RFC 3156 section 4, so we won't bother with it. */ +- fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " +- "message (must be exactly 2)\n", +- node->nchildren); +- } else { ++ /* Are we ready and able to decrypt something ? */ ++ if (node->ctx->crypto->decrypt && cryptoctx) { ++ if (_is_smime_encrypted_part (part)) { + node_decrypt_and_verify (node, part, cryptoctx); ++ } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) { ++ /* Handle PGP/MIME parts */ ++ if (node->nchildren != 2) { ++ /* this violates RFC 3156 section 4, so we won't bother with it. */ ++ fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " ++ "message (must be exactly 2)\n", ++ node->nchildren); ++ } else { ++ node_decrypt_and_verify (node, part, cryptoctx); ++ } + } + } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) { + if (node->nchildren != 2) { + +--=-=-=--