From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 233C16DE0282 for ; Thu, 10 May 2018 22:56:05 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.019 X-Spam-Level: X-Spam-Status: No, score=-0.019 tagged_above=-999 required=5 tests=[AWL=-0.019, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hiKV_KBoPTz for ; Thu, 10 May 2018 22:56:02 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 189276DE0271 for ; Thu, 10 May 2018 22:56:01 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 52C09F99D for ; Fri, 11 May 2018 01:55:58 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id E653E21356; Fri, 11 May 2018 01:55:52 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 09/20] util/crypto: add information about the payload part Date: Fri, 11 May 2018 01:55:33 -0400 Message-Id: <20180511055544.13676-10-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180511055544.13676-1-dkg@fifthhorseman.net> References: <20180511055544.13676-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2018 05:56:05 -0000 When walking the MIME tree, if we discover that we are at the cryptographic payload, then we would like to record at least the Subject header. In the future, we might want to record many other headers as well, but for now we will stick with just the Subject. See https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope for more description of the Cryptographic Payload vs. the Cryptographic Envelope. --- util/crypto.c | 39 ++++++++++++++++++++++++++++++++++++++- util/crypto.h | 5 +++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/util/crypto.c b/util/crypto.c index b040cc56..2135f677 100644 --- a/util/crypto.c +++ b/util/crypto.c @@ -256,6 +256,10 @@ _notmuch_message_crypto_set_sig_list (_notmuch_message_crypto_t *msg_crypto, GMi notmuch_status_t _notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto, GMimeObject *payload, GMimeObject *parent, int childnum) { + const char *protected_headers = NULL; + const char *forwarded = NULL; + const char *subject = NULL; + if (!msg_crypto || !payload) return NOTMUCH_STATUS_NULL_POINTER; @@ -270,7 +274,7 @@ _notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto if (parent && GMIME_IS_MULTIPART_ENCRYPTED (parent) && childnum == GMIME_MULTIPART_ENCRYPTED_VERSION) { const char *enc_type = g_mime_object_get_content_type_parameter (parent, "protocol"); GMimeContentType *ct = g_mime_object_get_content_type (payload); - if (ct) { + if (ct && enc_type) { const char *part_type = g_mime_content_type_get_mime_type (ct); if (part_type && strcmp (part_type, enc_type) == 0) return NOTMUCH_STATUS_SUCCESS; @@ -279,6 +283,37 @@ _notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto msg_crypto->payload_encountered = true; + /* don't bother recording anything if there is no cryptographic + * envelope: */ + if ((msg_crypto->decryption_status != NOTMUCH_MESSAGE_DECRYPTED_FULL) && + (msg_crypto->sig_list == NULL)) + return NOTMUCH_STATUS_SUCCESS; + + /* Verify that this payload has headers that are intended to be + * exported to the larger message: */ + + /* Consider a payload that uses Alexei Melinkov's forwarded="no" for + * message/global or message/rfc822: + * https://tools.ietf.org/html/draft-melnikov-smime-header-signing-05#section-4 */ + forwarded = g_mime_object_get_content_type_parameter (payload, "forwarded"); + if (GMIME_IS_MESSAGE_PART (payload) && forwarded && strcmp (forwarded, "no") == 0) { + GMimeMessage *message = g_mime_message_part_get_message (GMIME_MESSAGE_PART (payload)); + subject = g_mime_message_get_subject (message); + /* FIXME: handle more than just Subject: at some point */ + } else { + /* Consider "memoryhole"-style protected headers as practiced by Enigmail and K-9 */ + protected_headers = g_mime_object_get_content_type_parameter (payload, "protected-headers"); + if (protected_headers && strcasecmp("v1", protected_headers) == 0) + subject = g_mime_object_get_header (payload, "Subject"); + /* FIXME: handle more than just Subject: at some point */ + } + + if (subject) { + if (msg_crypto->payload_subject) + talloc_free (msg_crypto->payload_subject); + msg_crypto->payload_subject = talloc_strdup (msg_crypto, subject); + } + return NOTMUCH_STATUS_SUCCESS; } @@ -305,4 +340,6 @@ _notmuch_message_crypto_cleanup (_notmuch_message_crypto_t *msg_crypto) return; if (msg_crypto->sig_list) g_object_unref (msg_crypto->sig_list); + if (msg_crypto->payload_subject) + talloc_free (msg_crypto->payload_subject); } diff --git a/util/crypto.h b/util/crypto.h index 02c8793a..0cea927c 100644 --- a/util/crypto.h +++ b/util/crypto.h @@ -70,6 +70,11 @@ typedef struct _notmuch_message_crypto { * is not part of the cryptographic envelope) */ bool payload_encountered; + /* the value of any "Subject:" header in the cryptographic payload + * (the top level part within the crypto envelope), converted to + * UTF-8 */ + char * payload_subject; + /* if both signed and encrypted, was the signature encrypted? */ bool signature_encrypted; } _notmuch_message_crypto_t; -- 2.17.0