Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id B2132431FD7 for ; Tue, 27 Jan 2015 23:37:54 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 2.438 X-Spam-Level: ** X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-s6PkguBvSK for ; Tue, 27 Jan 2015 23:37:08 -0800 (PST) Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net [87.98.215.224]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 41B3E431FAF for ; Tue, 27 Jan 2015 23:37:08 -0800 (PST) Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim 4.80) (envelope-from ) id 1YGNAw-0005LT-Eh; Wed, 28 Jan 2015 07:36:34 +0000 Received: (nullmailer pid 19171 invoked by uid 1000); Wed, 28 Jan 2015 07:36:21 -0000 From: David Bremner To: notmuch@notmuchmail.org Subject: Re: [Patch v4 5/5] test: add broken test for SMIME decryption with notmuch CLI In-Reply-To: <87h9vdup0j.fsf@maritornes.cs.unb.ca> References: <1421568167-18683-1-git-send-email-david@tethera.net> <1421568167-18683-6-git-send-email-david@tethera.net> <87h9vdup0j.fsf@maritornes.cs.unb.ca> User-Agent: Notmuch/0.19+48~gb74ed1c (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Wed, 28 Jan 2015 08:36:21 +0100 Message-ID: <87h9vbbbm2.fsf@maritornes.cs.unb.ca> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 07:37:56 -0000 --=-=-= Content-Type: text/plain David Bremner writes: > David Bremner writes: > >> The test JSON here is not correct, but the larger problem is thatit >> seems like no actual decryption is being done. > > I played with this some more, and it seems like Jamie's code (and the > gmime sample code [1] expects the top level part to be > multipart/encrypted. By repeated bludgeoning I convinced notmuch show to actually run the decryption code, but then I hit another problem: there isn't an obvious high level way to decrypt an application/(x)-pkcs7-mime part (and the current code only works for multipart/encrypted). It should be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but that seems like quite a bit more work than calling g_mime_multipart_encrypted_decrypt. --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=smime.diff diff --git a/mime-node.c b/mime-node.c index fd9e4a4..7019be7 100644 --- a/mime-node.c +++ b/mime-node.c @@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res) return 0; } +static +notmuch_bool_t +_is_smime_encrypted_part (GMimeObject *part) { + + GMimeContentType *content_type = g_mime_object_get_content_type(part); + if (content_type) { + return g_mime_content_type_is_type (content_type, "application", + "pkcs7-mime") || + g_mime_content_type_is_type (content_type, "application", + "x-pkcs7-mime"); + } + return FALSE; +} + notmuch_status_t mime_node_open (const void *ctx, notmuch_message_t *message, notmuch_crypto_t *crypto, mime_node_t **root_out) @@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) return NULL; } - if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) + if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part)) + && node->ctx->crypto->decrypt) || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { GMimeContentType *content_type = g_mime_object_get_content_type (part); const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); + if (!protocol) { + if (_is_smime_encrypted_part (part)) { + protocol = "application/pkcs7-encrypted"; + } + } cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol); } - /* Handle PGP/MIME parts */ - if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) { - if (node->nchildren != 2) { - /* this violates RFC 3156 section 4, so we won't bother with it. */ - fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " - "message (must be exactly 2)\n", - node->nchildren); - } else { + /* Are we ready and able to decrypt something ? */ + if (node->ctx->crypto->decrypt && cryptoctx) { + if (_is_smime_encrypted_part (part)) { node_decrypt_and_verify (node, part, cryptoctx); + } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) { + /* Handle PGP/MIME parts */ + if (node->nchildren != 2) { + /* this violates RFC 3156 section 4, so we won't bother with it. */ + fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " + "message (must be exactly 2)\n", + node->nchildren); + } else { + node_decrypt_and_verify (node, part, cryptoctx); + } } } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) { if (node->nchildren != 2) { --=-=-=--