From 86c15192764cefc8448fbc8d98037e7a235883fd Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 1 Feb 2016 15:39:48 +1900 Subject: [PATCH] [PATCH v3 03/16] make shared crypto code behave library-like --- b2/1e31cd9f0250785c23c79e1022862bebf057fe | 280 ++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 b2/1e31cd9f0250785c23c79e1022862bebf057fe diff --git a/b2/1e31cd9f0250785c23c79e1022862bebf057fe b/b2/1e31cd9f0250785c23c79e1022862bebf057fe new file mode 100644 index 000000000..ba214d224 --- /dev/null +++ b/b2/1e31cd9f0250785c23c79e1022862bebf057fe @@ -0,0 +1,280 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 6CB4E6DE1B67 + for ; Sun, 31 Jan 2016 12:40:20 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id zh_feztt_HxH for ; + Sun, 31 Jan 2016 12:40:18 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id 870286DE1AC9 + for ; Sun, 31 Jan 2016 12:40:09 -0800 (PST) +Received: from fifthhorseman.net (ip-64-134-185-108.public.wayport.net + [64.134.185.108]) + by che.mayfirst.org (Postfix) with ESMTPSA id 84ABBF99F + for ; Sun, 31 Jan 2016 15:40:06 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id 34F7A204F6; Sun, 31 Jan 2016 15:40:06 -0500 (EST) +From: Daniel Kahn Gillmor +To: Notmuch Mail +Subject: [PATCH v3 03/16] make shared crypto code behave library-like +Date: Sun, 31 Jan 2016 15:39:48 -0500 +Message-Id: <1454272801-23623-4-git-send-email-dkg@fifthhorseman.net> +X-Mailer: git-send-email 2.7.0.rc3 +In-Reply-To: <1454272801-23623-1-git-send-email-dkg@fifthhorseman.net> +References: <1454272801-23623-1-git-send-email-dkg@fifthhorseman.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 31 Jan 2016 20:40:20 -0000 + +If we're going to reuse the crypto code across both the library and +the client, then it needs to report error states properly and not +write to stderr. +--- + lib/database.cc | 6 +++++ + lib/notmuch.h | 17 ++++++++++++ + mime-node.c | 7 ++++- + util/crypto.c | 81 +++++++++++++++++++++++++++------------------------------ + util/crypto.h | 6 +++-- + 5 files changed, 72 insertions(+), 45 deletions(-) + +diff --git a/lib/database.cc b/lib/database.cc +index 3b342f1..0d4dc9b 100644 +--- a/lib/database.cc ++++ b/lib/database.cc +@@ -349,6 +349,12 @@ notmuch_status_to_string (notmuch_status_t status) + return "Operation requires a database upgrade"; + case NOTMUCH_STATUS_PATH_ERROR: + return "Path supplied is illegal for this function"; ++ case NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL: ++ return "Crypto protocol missing, malformed, or unintelligible"; ++ case NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION: ++ return "Crypto engine initialization failure"; ++ case NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL: ++ return "Unknown crypto protocol"; + default: + case NOTMUCH_STATUS_LAST_STATUS: + return "Unknown error status value"; +diff --git a/lib/notmuch.h b/lib/notmuch.h +index 310a8b8..00002f1 100644 +--- a/lib/notmuch.h ++++ b/lib/notmuch.h +@@ -171,6 +171,23 @@ typedef enum _notmuch_status { + */ + NOTMUCH_STATUS_PATH_ERROR, + /** ++ * A MIME object claimed to have cryptographic protection which ++ * notmuch tried to handle, but the protocol was not specified in ++ * an intelligible way. ++ */ ++ NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL, ++ /** ++ * Notmuch attempted to do crypto processing, but could not ++ * initialize the engine needed to do so. ++ */ ++ NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION, ++ /** ++ * A MIME object claimed to have cryptographic protection, and ++ * notmuch attempted to process it, but the specific protocol was ++ * something that notmuch doesn't know how to handle. ++ */ ++ NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL, ++ /** + * Not an actual status value. Just a way to find out how many + * valid status values there are. + */ +diff --git a/mime-node.c b/mime-node.c +index a8f5670..59c0da2 100644 +--- a/mime-node.c ++++ b/mime-node.c +@@ -244,7 +244,12 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) + || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { + GMimeContentType *content_type = g_mime_object_get_content_type (part); + const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); +- cryptoctx = _notmuch_crypto_get_gmime_context (node->ctx->crypto, protocol); ++ notmuch_status_t status; ++ status = _notmuch_crypto_get_gmime_ctx_for_protocol (node->ctx->crypto, ++ protocol, &cryptoctx); ++ if (status) /* this is a warning, not an error */ ++ fprintf (stderr, "Warning: %s (%s).\n", notmuch_status_to_string (status), ++ protocol ? protocol : "(NULL)"); + } + + /* Handle PGP/MIME parts */ +diff --git a/util/crypto.c b/util/crypto.c +index eab12a3..151a352 100644 +--- a/util/crypto.c ++++ b/util/crypto.c +@@ -26,62 +26,65 @@ + #define ARRAY_SIZE(arr) (sizeof (arr) / sizeof (arr[0])) + + /* Create a GPG context (GMime 2.6) */ +-static GMimeCryptoContext* +-create_gpg_context (_notmuch_crypto_t *crypto) ++static notmuch_status_t ++get_gpg_context (_notmuch_crypto_t *crypto, GMimeCryptoContext **ctx) + { +- GMimeCryptoContext *gpgctx; ++ if (ctx == NULL || crypto == NULL) ++ return NOTMUCH_STATUS_NULL_POINTER; + + if (crypto->gpgctx) { +- return crypto->gpgctx; ++ *ctx = crypto->gpgctx; ++ return NOTMUCH_STATUS_SUCCESS; + } + + /* TODO: GMimePasswordRequestFunc */ +- gpgctx = g_mime_gpg_context_new (NULL, crypto->gpgpath ? crypto->gpgpath : "gpg"); +- if (! gpgctx) { +- fprintf (stderr, "Failed to construct gpg context.\n"); +- return NULL; ++ crypto->gpgctx = g_mime_gpg_context_new (NULL, crypto->gpgpath ? crypto->gpgpath : "gpg"); ++ if (! crypto->gpgctx) { ++ return NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION; + } +- crypto->gpgctx = gpgctx; + +- g_mime_gpg_context_set_use_agent ((GMimeGpgContext *) gpgctx, TRUE); +- g_mime_gpg_context_set_always_trust ((GMimeGpgContext *) gpgctx, FALSE); ++ g_mime_gpg_context_set_use_agent ((GMimeGpgContext *) crypto->gpgctx, TRUE); ++ g_mime_gpg_context_set_always_trust ((GMimeGpgContext *) crypto->gpgctx, FALSE); + +- return crypto->gpgctx; ++ *ctx = crypto->gpgctx; ++ return NOTMUCH_STATUS_SUCCESS; + } + + /* Create a PKCS7 context (GMime 2.6) */ +-static notmuch_crypto_context_t * +-create_pkcs7_context (notmuch_crypto_t *crypto) ++static notmuch_status_t ++create_pkcs7_context (_notmuch_crypto_t *crypto, GMimeCryptoContext **ctx) + { +- notmuch_crypto_context_t *pkcs7ctx; ++ if (ctx == NULL || crypto == NULL) ++ return NOTMUCH_STATUS_NULL_POINTER; + +- if (crypto->pkcs7ctx) +- return crypto->pkcs7ctx; ++ if (crypto->pkcs7ctx) { ++ *ctx = crypto->pkcs7ctx; ++ return NOTMUCH_STATUS_SUCCESS; ++ } + + /* TODO: GMimePasswordRequestFunc */ +- pkcs7ctx = g_mime_pkcs7_context_new (NULL); +- if (! pkcs7ctx) { +- fprintf (stderr, "Failed to construct pkcs7 context.\n"); +- return NULL; ++ crypto->pkcs7ctx = g_mime_pkcs7_context_new (NULL); ++ if (! crypto->pkcs7ctx) { ++ return NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION; + } +- crypto->pkcs7ctx = pkcs7ctx; + +- g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, ++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) crypto->pkcs7ctx, + FALSE); + +- return crypto->pkcs7ctx; ++ *ctx = crypto->pkcs7ctx; ++ return NOTMUCH_STATUS_SUCCESS; + } + static const struct { + const char *protocol; +- GMimeCryptoContext *(*get_context) (_notmuch_crypto_t *crypto); ++ notmuch_status_t (*get_context) (_notmuch_crypto_t *crypto, GMimeCryptoContext **ctx); + } protocols[] = { + { + .protocol = "application/pgp-signature", +- .get_context = create_gpg_context, ++ .get_context = get_gpg_context, + }, + { + .protocol = "application/pgp-encrypted", +- .get_context = create_gpg_context, ++ .get_context = get_gpg_context, + }, + { + .protocol = "application/pkcs7-signature", +@@ -95,16 +98,13 @@ static const struct { + + /* for the specified protocol return the context pointer (initializing + * if needed) */ +-GMimeCryptoContext * +-_notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protocol) ++notmuch_status_t ++_notmuch_crypto_get_gmime_ctx_for_protocol (_notmuch_crypto_t *crypto, ++ const char *protocol, ++ GMimeCryptoContext **ctx) + { +- GMimeCryptoContext *cryptoctx = NULL; +- size_t i; +- +- if (! protocol) { +- fprintf (stderr, "Cryptographic protocol is empty.\n"); +- return cryptoctx; +- } ++ if (! protocol) ++ return NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL; + + /* As per RFC 1847 section 2.1: "the [protocol] value token is + * comprised of the type and sub-type tokens of the Content-Type". +@@ -112,15 +112,12 @@ _notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protoc + * parameter names as defined in this document are + * case-insensitive." Thus, we use strcasecmp for the protocol. + */ +- for (i = 0; i < ARRAY_SIZE (protocols); i++) { ++ for (size_t i = 0; i < ARRAY_SIZE (protocols); i++) { + if (strcasecmp (protocol, protocols[i].protocol) == 0) +- return protocols[i].get_context (crypto); ++ return protocols[i].get_context (crypto, ctx); + } + +- fprintf (stderr, "Unknown or unsupported cryptographic protocol %s.\n", +- protocol); +- +- return NULL; ++ return NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL; + } + + void +diff --git a/util/crypto.h b/util/crypto.h +index d4a51e8..7cb0a39 100644 +--- a/util/crypto.h ++++ b/util/crypto.h +@@ -15,8 +15,10 @@ typedef struct _notmuch_crypto { + } _notmuch_crypto_t; + + +-GMimeCryptoContext * +-_notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protocol); ++notmuch_status_t ++_notmuch_crypto_get_gmime_ctx_for_protocol (_notmuch_crypto_t *crypto, ++ const char *protocol, ++ GMimeCryptoContext **ctx); + + void + _notmuch_crypto_cleanup (_notmuch_crypto_t *crypto); +-- +2.7.0.rc3 + -- 2.26.2