From 9f6c01df1403243cacdb765a27cb0125aa9371f2 Mon Sep 17 00:00:00 2001 From: David Bremner Date: Sat, 12 Dec 2015 09:54:45 +2000 Subject: [PATCH] [Patch v2 6/8] cli: crypto: S/MIME verification support --- d6/bad32bb4e0698e298162662e90c1790456dba0 | 164 ++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 d6/bad32bb4e0698e298162662e90c1790456dba0 diff --git a/d6/bad32bb4e0698e298162662e90c1790456dba0 b/d6/bad32bb4e0698e298162662e90c1790456dba0 new file mode 100644 index 000000000..1cf857bae --- /dev/null +++ b/d6/bad32bb4e0698e298162662e90c1790456dba0 @@ -0,0 +1,164 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 3101F6DE1603 + for ; Fri, 11 Dec 2015 05:55:06 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.316 +X-Spam-Level: +X-Spam-Status: No, score=-0.316 tagged_above=-999 required=5 tests=[AWL=0.235, + RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id BCN0fmvZ1n0c for ; + Fri, 11 Dec 2015 05:55:04 -0800 (PST) +Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) + by arlo.cworth.org (Postfix) with ESMTPS id A81616DE170E + for ; Fri, 11 Dec 2015 05:54:57 -0800 (PST) +Received: from remotemail by fethera.tethera.net with local (Exim 4.84) + (envelope-from ) + id 1a7O9s-0000RV-AA; Fri, 11 Dec 2015 08:54:52 -0500 +Received: (nullmailer pid 11214 invoked by uid 1000); + Fri, 11 Dec 2015 13:54:52 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: [Patch v2 6/8] cli: crypto: S/MIME verification support +Date: Fri, 11 Dec 2015 09:54:45 -0400 +Message-Id: <1449842087-10972-7-git-send-email-david@tethera.net> +X-Mailer: git-send-email 2.6.2 +In-Reply-To: <1449842087-10972-1-git-send-email-david@tethera.net> +References: <1449842087-10972-1-git-send-email-david@tethera.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Fri, 11 Dec 2015 13:55:06 -0000 + +From: Jani Nikula + +notmuch-show --verify will now also process S/MIME multiparts if +encountered. Requires gmime-2.6 and gpgsm. + +Based on work by Jameson Graef Rollins . +--- + crypto.c | 35 +++++++++++++++++++++++++++++++++++ + notmuch-client.h | 7 +++++-- + test/T355-smime.sh | 1 - + 3 files changed, 40 insertions(+), 3 deletions(-) + +diff --git a/crypto.c b/crypto.c +index feae949..3dabc97 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto) + return gpgctx; + } + ++/* Create a PKCS7 context (GMime 2.6) */ ++static notmuch_crypto_context_t * ++create_pkcs7_context (notmuch_crypto_t *crypto) ++{ ++ notmuch_crypto_context_t *pkcs7ctx; ++ ++ if (crypto->pkcs7ctx) ++ return crypto->pkcs7ctx; ++ ++ /* TODO: GMimePasswordRequestFunc */ ++ pkcs7ctx = g_mime_pkcs7_context_new (NULL); ++ if (! pkcs7ctx) { ++ fprintf (stderr, "Failed to construct pkcs7 context.\n"); ++ return NULL; ++ } ++ crypto->pkcs7ctx = pkcs7ctx; ++ ++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, ++ FALSE); ++ ++ return pkcs7ctx; ++} + static const struct { + const char *protocol; + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); +@@ -55,6 +77,14 @@ static const struct { + .protocol = "application/pgp-encrypted", + .get_context = create_gpg_context, + }, ++ { ++ .protocol = "application/pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, ++ { ++ .protocol = "application/x-pkcs7-signature", ++ .get_context = create_pkcs7_context, ++ }, + }; + + /* for the specified protocol return the context pointer (initializing +@@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) + crypto->gpgctx = NULL; + } + ++ if (crypto->pkcs7ctx) { ++ g_object_unref (crypto->pkcs7ctx); ++ crypto->pkcs7ctx = NULL; ++ } ++ + return 0; + } +diff --git a/notmuch-client.h b/notmuch-client.h +index 3bd2903..18e6c60 100644 +--- a/notmuch-client.h ++++ b/notmuch-client.h +@@ -31,6 +31,8 @@ + #include + + typedef GMimeCryptoContext notmuch_crypto_context_t; ++/* This is automatically included only since gmime 2.6.10 */ ++#include + + #include "notmuch.h" + +@@ -70,6 +72,7 @@ typedef struct notmuch_show_format { + + typedef struct notmuch_crypto { + notmuch_crypto_context_t* gpgctx; ++ notmuch_crypto_context_t* pkcs7ctx; + notmuch_bool_t verify; + notmuch_bool_t decrypt; + const char *gpgpath; +@@ -407,8 +410,8 @@ struct mime_node { + /* Construct a new MIME node pointing to the root message part of + * message. If crypto->verify is true, signed child parts will be + * verified. If crypto->decrypt is true, encrypted child parts will be +- * decrypted. If crypto->gpgctx is NULL, it will be lazily +- * initialized. ++ * decrypted. If the crypto contexts (crypto->gpgctx or ++ * crypto->pkcs7) are NULL, they will be lazily initialized. + * + * Return value: + * +diff --git a/test/T355-smime.sh b/test/T355-smime.sh +index b3cc76e..caedf5e 100755 +--- a/test/T355-smime.sh ++++ b/test/T355-smime.sh +@@ -56,7 +56,6 @@ EOF + test_expect_equal_file OUTPUT EXPECTED + + test_begin_subtest "signature verification (notmuch CLI)" +-test_subtest_known_broken + output=$(notmuch show --format=json --verify subject:"test signed message 001" \ + | notmuch_json_show_sanitize \ + | sed -e 's|"created": [1234567890]*|"created": 946728000|' \ +-- +2.6.2 + -- 2.26.2