From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH v2] crypto: signature verification reports valid User IDs
Date: Fri, 8 Dec 2017 13:55:29 -0500 [thread overview]
Message-ID: <20171208185529.4178-1-dkg@fifthhorseman.net> (raw)
In-Reply-To: <87r2s5dq3v.fsf@tesseract.cs.unb.ca>
When i'm trying to understand a message signature, i care that i know
who it came from (the "validity" of the identity associated with the
key), *not* whether i'm willing to accept the keyholder's other
identity assertions (the "trust" associated with the certificate).
We've been reporting User ID information based on the "trust"
associated with the certificate, because GMime didn't clearly expose
the validity of the User IDs.
This change relies on fixes made in GMime 3.0.3 and later which
include https://github.com/jstedfast/gmime/pull/18.
---
configure | 3 ++-
notmuch-show.c | 10 +++-------
test/T355-smime.sh | 8 +++++++-
| 26 ++++++++++++++++++++++++++
| 17 ++++++-----------
5 files changed, 44 insertions(+), 20 deletions(-)
diff --git a/configure b/configure
index fc70031b..b177b141 100755
--- a/configure
+++ b/configure
@@ -478,9 +478,10 @@ fi
# we need to have a version >= 2.6.5 to avoid a crypto bug. We need
# 2.6.7 for permissive "From " header handling.
GMIME_MINVER=2.6.7
+GMIME3_MINVER=3.0.3
printf "Checking for GMime development files... "
-if pkg-config --exists "gmime-3.0"; then
+if pkg-config --exists "gmime-3.0 > $GMIME3_MINVER"; then
printf "Yes (3.0).\n"
have_gmime=1
gmime_cflags=$(pkg-config --cflags gmime-3.0)
diff --git a/notmuch-show.c b/notmuch-show.c
index 7afd3947..7d2c3813 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -446,15 +446,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, mime_node_t *node)
sp->map_key (sp, "expires");
sp->integer (sp, expires);
}
- /* output user id only if validity is FULL or ULTIMATE. */
- /* note that gmime is using the term "trust" here, which
- * is WRONG. It's actually user id "validity". */
if (certificate) {
- const char *name = g_mime_certificate_get_uid (certificate);
- GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
- if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) {
+ const char *uid = g_mime_get_certificate_valid_userid (certificate);
+ if (uid) {
sp->map_key (sp, "userid");
- sp->string (sp, name);
+ sp->string (sp, uid);
}
}
} else if (certificate) {
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index 1523f17b..be45e3b1 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -48,6 +48,12 @@ EOF
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)"
+if [ "${NOTMUCH_GMIME_MAJOR}" -lt 3 ]; then
+ # gmime 2 can't report User IDs properly for S/MIME
+ USERID=''
+else
+ USERID='"userid": "CN=Notmuch Test Suite",'
+fi
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
@@ -65,7 +71,7 @@ expected='[[[{"id": "XXXXX",
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1,
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
- "status": "good",
+ "status": "good",'$USERID'
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",
--git a/util/gmime-extra.c b/util/gmime-extra.c
index 901d4d56..2d0f7443 100644
--- a/util/gmime-extra.c
+++ b/util/gmime-extra.c
@@ -196,4 +196,30 @@ g_mime_utils_header_decode_date_unix (const char *date) {
return ret;
}
+const char *
+g_mime_get_certificate_valid_userid (GMimeCertificate *cert)
+{
+ /* output user id only if validity is FULL or ULTIMATE. */
+#if (GMIME_MAJOR_VERSION < 3)
+ /* note that gmime 2.6 is using the term "trust" here, which
+ * is WRONG. It's actually user id "validity". */
+ const char *name = g_mime_certificate_get_name (cert);
+ if (name == NULL)
+ return name;
+ GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert);
+ if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)
+ return name;
+ return NULL;
+#else
+ const char *uid = g_mime_certificate_get_user_id (cert);
+ if (uid == NULL)
+ return uid;
+ GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
+ if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
+ return uid;
+ return NULL;
+#endif
+}
+
+
#endif
--git a/util/gmime-extra.h b/util/gmime-extra.h
index 40bf1454..389cf38f 100644
--- a/util/gmime-extra.h
+++ b/util/gmime-extra.h
@@ -16,11 +16,9 @@ GMimeStream *g_mime_stream_stdout_new(void);
#define g_mime_2_6_unref(obj) g_object_unref (obj)
#define g_mime_3_unused(arg) arg
#define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert)
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_name (cert);
#else /* GMime >= 3.0 */
#define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_key_id (cert);
#define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c)
#define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE)
#define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new ()
@@ -45,15 +43,6 @@ typedef GMimeAddressType GMimeRecipientType;
typedef GMimeSignatureStatus GMimeSignatureError;
-typedef GMimeTrust GMimeCertificateTrust;
-
-#define GMIME_CERTIFICATE_TRUST_UNKNOWN GMIME_TRUST_UNKNOWN
-#define GMIME_CERTIFICATE_TRUST_UNDEFINED GMIME_TRUST_UNDEFINED
-#define GMIME_CERTIFICATE_TRUST_NEVER GMIME_TRUST_NEVER
-#define GMIME_CERTIFICATE_TRUST_MARGINAL GMIME_TRUST_MARGINAL
-#define GMIME_CERTIFICATE_TRUST_FULLY GMIME_TRUST_FULL
-#define GMIME_CERTIFICATE_TRUST_ULTIMATE GMIME_TRUST_ULTIMATE
-
#define g_mime_2_6_unref(obj) /*ignore*/
#define g_mime_3_unused(arg) unused(arg)
#endif
@@ -105,4 +94,10 @@ gboolean g_mime_signature_status_bad (GMimeSignatureStatus status);
gboolean g_mime_signature_status_error (GMimeSignatureError status);
gint64 g_mime_utils_header_decode_date_unix (const char *date);
+
+/**
+ * Return string for valid User ID (or NULL if no valid User ID exists)
+ */
+const char * g_mime_get_certificate_valid_userid (GMimeCertificate *cert);
+
#endif
--
2.15.0
next prev parent reply other threads:[~2017-12-08 18:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-30 4:20 [PATCH] crypto: signature verification reports valid User IDs Daniel Kahn Gillmor
2017-12-08 6:38 ` Daniel Kahn Gillmor
2017-12-08 18:36 ` David Bremner
2017-12-08 18:55 ` Daniel Kahn Gillmor
2017-12-08 18:55 ` Daniel Kahn Gillmor [this message]
2017-12-08 20:09 ` v3 of fixing signature verification Daniel Kahn Gillmor
2017-12-08 20:09 ` [PATCH v3] crypto: signature verification reports valid User IDs Daniel Kahn Gillmor
2017-12-09 2:26 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171208185529.4178-1-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).