From: David Bremner Date: Sun, 24 Jan 2016 16:21:17 +0000 (+2000) Subject: [Patch v4 3/5] cli: crypto: S/MIME verification support X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cc70198b195e968d67666fec347f1f900db3bc6c;p=notmuch-archives.git [Patch v4 3/5] cli: crypto: S/MIME verification support --- diff --git a/95/a7d593bc0a8089bc04eecfc76e5426d77ba5cf b/95/a7d593bc0a8089bc04eecfc76e5426d77ba5cf new file mode 100644 index 000000000..740433e17 --- /dev/null +++ b/95/a7d593bc0a8089bc04eecfc76e5426d77ba5cf @@ -0,0 +1,164 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 3F3756DE173C + for ; Sun, 24 Jan 2016 08:21:53 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.31 +X-Spam-Level: +X-Spam-Status: No, score=-0.31 tagged_above=-999 required=5 tests=[AWL=0.241, + RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id ZKAiWfdpqF9S for ; + Sun, 24 Jan 2016 08:21:51 -0800 (PST) +Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) + by arlo.cworth.org (Postfix) with ESMTPS id 9C7A26DE1639 + for ; Sun, 24 Jan 2016 08:21:32 -0800 (PST) +Received: from remotemail by fethera.tethera.net with local (Exim 4.84) + (envelope-from ) + id 1aNNPH-0002NT-6c; Sun, 24 Jan 2016 11:20:51 -0500 +Received: (nullmailer pid 16071 invoked by uid 1000); + Sun, 24 Jan 2016 16:21:25 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: [Patch v4 3/5] cli: crypto: S/MIME verification support +Date: Sun, 24 Jan 2016 12:21:17 -0400 +Message-Id: <1453652479-15968-4-git-send-email-david@tethera.net> +X-Mailer: git-send-email 2.6.4 +In-Reply-To: <1453652479-15968-1-git-send-email-david@tethera.net> +References: <1453652479-15968-1-git-send-email-david@tethera.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 24 Jan 2016 16:21:53 -0000 + +From: Jani Nikula + +notmuch-show --verify will now also process S/MIME multiparts if +encountered. Requires gmime-2.6 and gpgsm. + +Based on work by Jameson Graef Rollins . +--- + crypto.c | 35 +++++++++++++++++++++++++++++++++++ + notmuch-client.h | 7 +++++-- + test/T355-smime.sh | 1 - + 3 files changed, 40 insertions(+), 3 deletions(-) + +diff --git a/crypto.c b/crypto.c +index feae949..3dabc97 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto) + return gpgctx; + } + ++/* Create a PKCS7 context (GMime 2.6) */ ++static notmuch_crypto_context_t * ++create_pkcs7_context (notmuch_crypto_t *crypto) ++{ ++ notmuch_crypto_context_t *pkcs7ctx; ++ ++ if (crypto->pkcs7ctx) ++ return crypto->pkcs7ctx; ++ ++ /* TODO: GMimePasswordRequestFunc */ ++ pkcs7ctx = g_mime_pkcs7_context_new (NULL); ++ if (! pkcs7ctx) { ++ fprintf (stderr, "Failed to construct pkcs7 context.\n"); ++ return NULL; ++ } ++ crypto->pkcs7ctx = pkcs7ctx; ++ ++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, ++ FALSE); ++ ++ return pkcs7ctx; ++} + static const struct { + const char *protocol; + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); +@@ -55,6 +77,14 @@ static const struct { + .protocol = "application/pgp-encrypted", + .get_context = create_gpg_context, + }, ++ { ++ .protocol = "application/pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, ++ { ++ .protocol = "application/x-pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, + }; + + /* for the specified protocol return the context pointer (initializing +@@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) + crypto->gpgctx = NULL; + } + ++ if (crypto->pkcs7ctx) { ++ g_object_unref (crypto->pkcs7ctx); ++ crypto->pkcs7ctx = NULL; ++ } ++ + return 0; + } +diff --git a/notmuch-client.h b/notmuch-client.h +index 3bd2903..18e6c60 100644 +--- a/notmuch-client.h ++++ b/notmuch-client.h +@@ -31,6 +31,8 @@ + #include + + typedef GMimeCryptoContext notmuch_crypto_context_t; ++/* This is automatically included only since gmime 2.6.10 */ ++#include + + #include "notmuch.h" + +@@ -70,6 +72,7 @@ typedef struct notmuch_show_format { + + typedef struct notmuch_crypto { + notmuch_crypto_context_t* gpgctx; ++ notmuch_crypto_context_t* pkcs7ctx; + notmuch_bool_t verify; + notmuch_bool_t decrypt; + const char *gpgpath; +@@ -407,8 +410,8 @@ struct mime_node { + /* Construct a new MIME node pointing to the root message part of + * message. If crypto->verify is true, signed child parts will be + * verified. If crypto->decrypt is true, encrypted child parts will be +- * decrypted. If crypto->gpgctx is NULL, it will be lazily +- * initialized. ++ * decrypted. If the crypto contexts (crypto->gpgctx or ++ * crypto->pkcs7) are NULL, they will be lazily initialized. + * + * Return value: + * +diff --git a/test/T355-smime.sh b/test/T355-smime.sh +index a059fac..d942412 100755 +--- a/test/T355-smime.sh ++++ b/test/T355-smime.sh +@@ -44,7 +44,6 @@ EOF + test_expect_equal_file EXPECTED OUTPUT + + test_begin_subtest "signature verification (notmuch CLI)" +-test_subtest_known_broken + output=$(notmuch show --format=json --verify subject:"test signed message 001" \ + | notmuch_json_show_sanitize \ + | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \ +-- +2.6.4 +