From 39dffacdd86b8866954f78e079f1fd81f43d169e Mon Sep 17 00:00:00 2001 From: David Bremner Date: Tue, 15 Dec 2015 09:38:55 +2000 Subject: [PATCH] [Patch v3 6/8] cli: crypto: S/MIME verification support --- a6/98e90ccaa4d663cd066802ffbff1555c1e732c | 164 ++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 a6/98e90ccaa4d663cd066802ffbff1555c1e732c diff --git a/a6/98e90ccaa4d663cd066802ffbff1555c1e732c b/a6/98e90ccaa4d663cd066802ffbff1555c1e732c new file mode 100644 index 000000000..5cc89e8e1 --- /dev/null +++ b/a6/98e90ccaa4d663cd066802ffbff1555c1e732c @@ -0,0 +1,164 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 61C156DE15A1 + for ; Mon, 14 Dec 2015 05:39:13 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.314 +X-Spam-Level: +X-Spam-Status: No, score=-0.314 tagged_above=-999 required=5 tests=[AWL=0.237, + RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id AyJOZUz0r1il for ; + Mon, 14 Dec 2015 05:39:11 -0800 (PST) +Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) + by arlo.cworth.org (Postfix) with ESMTPS id 315BF6DE0A4A + for ; Mon, 14 Dec 2015 05:39:10 -0800 (PST) +Received: from remotemail by fethera.tethera.net with local (Exim 4.84) + (envelope-from ) + id 1a8TLF-0008Ed-Eq; Mon, 14 Dec 2015 08:39:05 -0500 +Received: (nullmailer pid 31806 invoked by uid 1000); + Mon, 14 Dec 2015 13:39:05 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: [Patch v3 6/8] cli: crypto: S/MIME verification support +Date: Mon, 14 Dec 2015 09:38:55 -0400 +Message-Id: <1450100337-31655-7-git-send-email-david@tethera.net> +X-Mailer: git-send-email 2.6.2 +In-Reply-To: <1450100337-31655-1-git-send-email-david@tethera.net> +References: <1450100337-31655-1-git-send-email-david@tethera.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 14 Dec 2015 13:39:13 -0000 + +From: Jani Nikula + +notmuch-show --verify will now also process S/MIME multiparts if +encountered. Requires gmime-2.6 and gpgsm. + +Based on work by Jameson Graef Rollins . +--- + crypto.c | 35 +++++++++++++++++++++++++++++++++++ + notmuch-client.h | 7 +++++-- + test/T355-smime.sh | 1 - + 3 files changed, 40 insertions(+), 3 deletions(-) + +diff --git a/crypto.c b/crypto.c +index feae949..3dabc97 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto) + return gpgctx; + } + ++/* Create a PKCS7 context (GMime 2.6) */ ++static notmuch_crypto_context_t * ++create_pkcs7_context (notmuch_crypto_t *crypto) ++{ ++ notmuch_crypto_context_t *pkcs7ctx; ++ ++ if (crypto->pkcs7ctx) ++ return crypto->pkcs7ctx; ++ ++ /* TODO: GMimePasswordRequestFunc */ ++ pkcs7ctx = g_mime_pkcs7_context_new (NULL); ++ if (! pkcs7ctx) { ++ fprintf (stderr, "Failed to construct pkcs7 context.\n"); ++ return NULL; ++ } ++ crypto->pkcs7ctx = pkcs7ctx; ++ ++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, ++ FALSE); ++ ++ return pkcs7ctx; ++} + static const struct { + const char *protocol; + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); +@@ -55,6 +77,14 @@ static const struct { + .protocol = "application/pgp-encrypted", + .get_context = create_gpg_context, + }, ++ { ++ .protocol = "application/pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, ++ { ++ .protocol = "application/x-pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, + }; + + /* for the specified protocol return the context pointer (initializing +@@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) + crypto->gpgctx = NULL; + } + ++ if (crypto->pkcs7ctx) { ++ g_object_unref (crypto->pkcs7ctx); ++ crypto->pkcs7ctx = NULL; ++ } ++ + return 0; + } +diff --git a/notmuch-client.h b/notmuch-client.h +index 3bd2903..18e6c60 100644 +--- a/notmuch-client.h ++++ b/notmuch-client.h +@@ -31,6 +31,8 @@ + #include + + typedef GMimeCryptoContext notmuch_crypto_context_t; ++/* This is automatically included only since gmime 2.6.10 */ ++#include + + #include "notmuch.h" + +@@ -70,6 +72,7 @@ typedef struct notmuch_show_format { + + typedef struct notmuch_crypto { + notmuch_crypto_context_t* gpgctx; ++ notmuch_crypto_context_t* pkcs7ctx; + notmuch_bool_t verify; + notmuch_bool_t decrypt; + const char *gpgpath; +@@ -407,8 +410,8 @@ struct mime_node { + /* Construct a new MIME node pointing to the root message part of + * message. If crypto->verify is true, signed child parts will be + * verified. If crypto->decrypt is true, encrypted child parts will be +- * decrypted. If crypto->gpgctx is NULL, it will be lazily +- * initialized. ++ * decrypted. If the crypto contexts (crypto->gpgctx or ++ * crypto->pkcs7) are NULL, they will be lazily initialized. + * + * Return value: + * +diff --git a/test/T355-smime.sh b/test/T355-smime.sh +index 70a8287..47e3e94 100755 +--- a/test/T355-smime.sh ++++ b/test/T355-smime.sh +@@ -44,7 +44,6 @@ EOF + test_expect_equal_file EXPECTED OUTPUT + + test_begin_subtest "signature verification (notmuch CLI)" +-test_subtest_known_broken + output=$(notmuch show --format=json --verify subject:"test signed message 001" \ + | notmuch_json_show_sanitize \ + | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \ +-- +2.6.2 + -- 2.26.2