From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 61C156DE15A1 for ; Mon, 14 Dec 2015 05:39:13 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.314 X-Spam-Level: X-Spam-Status: No, score=-0.314 tagged_above=-999 required=5 tests=[AWL=0.237, RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AyJOZUz0r1il for ; Mon, 14 Dec 2015 05:39:11 -0800 (PST) Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) by arlo.cworth.org (Postfix) with ESMTPS id 315BF6DE0A4A for ; Mon, 14 Dec 2015 05:39:10 -0800 (PST) Received: from remotemail by fethera.tethera.net with local (Exim 4.84) (envelope-from ) id 1a8TLF-0008Ed-Eq; Mon, 14 Dec 2015 08:39:05 -0500 Received: (nullmailer pid 31806 invoked by uid 1000); Mon, 14 Dec 2015 13:39:05 -0000 From: David Bremner To: notmuch@notmuchmail.org Subject: [Patch v3 6/8] cli: crypto: S/MIME verification support Date: Mon, 14 Dec 2015 09:38:55 -0400 Message-Id: <1450100337-31655-7-git-send-email-david@tethera.net> X-Mailer: git-send-email 2.6.2 In-Reply-To: <1450100337-31655-1-git-send-email-david@tethera.net> References: <1450100337-31655-1-git-send-email-david@tethera.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2015 13:39:13 -0000 From: Jani Nikula notmuch-show --verify will now also process S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm. Based on work by Jameson Graef Rollins . --- crypto.c | 35 +++++++++++++++++++++++++++++++++++ notmuch-client.h | 7 +++++-- test/T355-smime.sh | 1 - 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/crypto.c b/crypto.c index feae949..3dabc97 100644 --- a/crypto.c +++ b/crypto.c @@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto) return gpgctx; } +/* Create a PKCS7 context (GMime 2.6) */ +static notmuch_crypto_context_t * +create_pkcs7_context (notmuch_crypto_t *crypto) +{ + notmuch_crypto_context_t *pkcs7ctx; + + if (crypto->pkcs7ctx) + return crypto->pkcs7ctx; + + /* TODO: GMimePasswordRequestFunc */ + pkcs7ctx = g_mime_pkcs7_context_new (NULL); + if (! pkcs7ctx) { + fprintf (stderr, "Failed to construct pkcs7 context.\n"); + return NULL; + } + crypto->pkcs7ctx = pkcs7ctx; + + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, + FALSE); + + return pkcs7ctx; +} static const struct { const char *protocol; notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); @@ -55,6 +77,14 @@ static const struct { .protocol = "application/pgp-encrypted", .get_context = create_gpg_context, }, + { + .protocol = "application/pkcs7-signature", + .get_context = create_pkcs7_context, + }, + { + .protocol = "application/x-pkcs7-signature", + .get_context = create_pkcs7_context, + }, }; /* for the specified protocol return the context pointer (initializing @@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) crypto->gpgctx = NULL; } + if (crypto->pkcs7ctx) { + g_object_unref (crypto->pkcs7ctx); + crypto->pkcs7ctx = NULL; + } + return 0; } diff --git a/notmuch-client.h b/notmuch-client.h index 3bd2903..18e6c60 100644 --- a/notmuch-client.h +++ b/notmuch-client.h @@ -31,6 +31,8 @@ #include typedef GMimeCryptoContext notmuch_crypto_context_t; +/* This is automatically included only since gmime 2.6.10 */ +#include #include "notmuch.h" @@ -70,6 +72,7 @@ typedef struct notmuch_show_format { typedef struct notmuch_crypto { notmuch_crypto_context_t* gpgctx; + notmuch_crypto_context_t* pkcs7ctx; notmuch_bool_t verify; notmuch_bool_t decrypt; const char *gpgpath; @@ -407,8 +410,8 @@ struct mime_node { /* Construct a new MIME node pointing to the root message part of * message. If crypto->verify is true, signed child parts will be * verified. If crypto->decrypt is true, encrypted child parts will be - * decrypted. If crypto->gpgctx is NULL, it will be lazily - * initialized. + * decrypted. If the crypto contexts (crypto->gpgctx or + * crypto->pkcs7) are NULL, they will be lazily initialized. * * Return value: * diff --git a/test/T355-smime.sh b/test/T355-smime.sh index 70a8287..47e3e94 100755 --- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -44,7 +44,6 @@ EOF test_expect_equal_file EXPECTED OUTPUT test_begin_subtest "signature verification (notmuch CLI)" -test_subtest_known_broken output=$(notmuch show --format=json --verify subject:"test signed message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \ -- 2.6.2