From 7886a66baf09fa6f216b03c9b0ca5242f5fae91c Mon Sep 17 00:00:00 2001 From: David Bremner Date: Sun, 16 Aug 2015 19:41:14 +0200 Subject: [PATCH] [PATCH 6/8] cli: crypto: S/MIME verification support --- 98/9f9d2715da1838031e929d3062a84ef4b02666 | 173 ++++++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 98/9f9d2715da1838031e929d3062a84ef4b02666 diff --git a/98/9f9d2715da1838031e929d3062a84ef4b02666 b/98/9f9d2715da1838031e929d3062a84ef4b02666 new file mode 100644 index 000000000..af5076d88 --- /dev/null +++ b/98/9f9d2715da1838031e929d3062a84ef4b02666 @@ -0,0 +1,173 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 7FCD16DE18FE + for ; Sun, 16 Aug 2015 10:43:24 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: 0.126 +X-Spam-Level: +X-Spam-Status: No, score=0.126 tagged_above=-999 required=5 tests=[AWL=0.116, + T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id aDsRWghoG00M for ; + Sun, 16 Aug 2015 10:43:22 -0700 (PDT) +Received: from gitolite.debian.net (gitolite.debian.net [87.98.215.224]) + by arlo.cworth.org (Postfix) with ESMTPS id 5DEC06DE17FE + for ; Sun, 16 Aug 2015 10:43:20 -0700 (PDT) +Received: from remotemail by gitolite.debian.net with local (Exim 4.80) + (envelope-from ) + id 1ZR1wK-0003by-IW; Sun, 16 Aug 2015 17:41:48 +0000 +Received: (nullmailer pid 26317 invoked by uid 1000); Sun, 16 Aug 2015 + 17:41:28 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: [PATCH 6/8] cli: crypto: S/MIME verification support +Date: Sun, 16 Aug 2015 19:41:14 +0200 +Message-Id: <1439746876-23654-7-git-send-email-david@tethera.net> +X-Mailer: git-send-email 2.5.0 +In-Reply-To: <1439746876-23654-1-git-send-email-david@tethera.net> +References: <54CA467B.30408@gnome.org> + <1439746876-23654-1-git-send-email-david@tethera.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 16 Aug 2015 17:43:24 -0000 + +From: Jani Nikula + +notmuch-show --verify will now also process S/MIME multiparts if +encountered. Requires gmime-2.6 and gpgsm. + +Based on work by Jameson Graef Rollins . +--- + crypto.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ + notmuch-client.h | 7 +++++-- + test/T355-smime.sh | 1 - + 3 files changed, 55 insertions(+), 3 deletions(-) + +diff --git a/crypto.c b/crypto.c +index 11c167e..ce683d2 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto) + return gpgctx; + } + ++/* Create a PKCS7 context (GMime 2.6) */ ++static notmuch_crypto_context_t * ++create_pkcs7_context (notmuch_crypto_t *crypto) ++{ ++ notmuch_crypto_context_t *pkcs7ctx; ++ ++ if (crypto->pkcs7ctx) ++ return crypto->pkcs7ctx; ++ ++ /* TODO: GMimePasswordRequestFunc */ ++ pkcs7ctx = g_mime_pkcs7_context_new (NULL); ++ if (! pkcs7ctx) { ++ fprintf (stderr, "Failed to construct pkcs7 context.\n"); ++ return NULL; ++ } ++ crypto->pkcs7ctx = pkcs7ctx; ++ ++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, ++ FALSE); ++ ++ return pkcs7ctx; ++} ++ ++static const struct { ++ const char *protocol; ++ notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); ++} protocols[] = { ++ { ++ .protocol = "application/pgp-signature", ++ .get_context = create_gpg_context, ++ }, ++ { ++ .protocol = "application/pgp-encrypted", ++ .get_context = create_gpg_context, ++ }, ++ { ++ .protocol = "application/pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, ++ { ++ .protocol = "application/x-pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, ++}; ++ + /* for the specified protocol return the context pointer (initializing + * if needed) */ + notmuch_crypto_context_t * +@@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) + crypto->gpgctx = NULL; + } + ++ if (crypto->pkcs7ctx) { ++ g_object_unref (crypto->pkcs7ctx); ++ crypto->pkcs7ctx = NULL; ++ } ++ + return 0; + } +diff --git a/notmuch-client.h b/notmuch-client.h +index 1f82656..774b620 100644 +--- a/notmuch-client.h ++++ b/notmuch-client.h +@@ -31,6 +31,8 @@ + #include + + typedef GMimeCryptoContext notmuch_crypto_context_t; ++/* This is automatically included only since gmime 2.6.10 */ ++#include + + #include "notmuch.h" + +@@ -69,6 +71,7 @@ typedef struct notmuch_show_format { + + typedef struct notmuch_crypto { + notmuch_crypto_context_t* gpgctx; ++ notmuch_crypto_context_t* pkcs7ctx; + notmuch_bool_t verify; + notmuch_bool_t decrypt; + const char *gpgpath; +@@ -406,8 +409,8 @@ struct mime_node { + /* Construct a new MIME node pointing to the root message part of + * message. If crypto->verify is true, signed child parts will be + * verified. If crypto->decrypt is true, encrypted child parts will be +- * decrypted. If crypto->gpgctx is NULL, it will be lazily +- * initialized. ++ * decrypted. If the crypto contexts (crypto->gpgctx or ++ * crypto->pkcs7) are NULL, they will be lazily initialized. + * + * Return value: + * +diff --git a/test/T355-smime.sh b/test/T355-smime.sh +index b3cc76e..caedf5e 100755 +--- a/test/T355-smime.sh ++++ b/test/T355-smime.sh +@@ -56,7 +56,6 @@ EOF + test_expect_equal_file OUTPUT EXPECTED + + test_begin_subtest "signature verification (notmuch CLI)" +-test_subtest_known_broken + output=$(notmuch show --format=json --verify subject:"test signed message 001" \ + | notmuch_json_show_sanitize \ + | sed -e 's|"created": [1234567890]*|"created": 946728000|' \ +-- +2.5.0 + -- 2.26.2