From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 6DF006DE1430
 for <notmuch@notmuchmail.org>; Sun, 26 May 2019 15:16:26 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: -0.177
X-Spam-Level: 
X-Spam-Status: No, score=-0.177 tagged_above=-999 required=5 tests=[AWL=0.024, 
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
 autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jzNnOdzvVnq3 for <notmuch@notmuchmail.org>;
 Sun, 26 May 2019 15:16:25 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])
 by arlo.cworth.org (Postfix) with ESMTPS id 4F7B66DE13C8
 for <notmuch@notmuchmail.org>; Sun, 26 May 2019 15:16:20 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; 
 d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; 
 s=2019; t=1558908979; h=from : to : subject : date : 
 message-id : in-reply-to : references : mime-version : 
 content-transfer-encoding : from; 
 bh=yikmaowMjjU0qSI8rX+XroZ7NthnGJUeduyeFqDH5MI=; 
 b=JkURwOo3Mtv2e4KZSHJhxO7OOr+Tea3piRoe2R+oWzhumGQMmOCucA+9
 Ns7dS0rvhc6vddupEbC0pbb8Kn5fBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; 
 i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1558908978; 
 h=from : to : subject : date : message-id : in-reply-to : 
 references : mime-version : content-transfer-encoding : 
 from; bh=yikmaowMjjU0qSI8rX+XroZ7NthnGJUeduyeFqDH5MI=; 
 b=Pq6HtBtgTR78CBCflfq8UpqR0wRqj8KDWgSOtVx8nPa/H01hWOZqQeEl
 IB8X4dX4p+JcqiVLnqeXAH0YczpjcRL2cgcdLwPbWV8MsVNQ6Ss6ZgX5xl
 7KOokdfm6nPBj8IcMll/z05nEqmcK+aJ22C6TjmoSYD+HqfPxXEzJle/fJ
 xZA8GntoJjwTWgIp0R25OrO3ScUL/D1gchsFy4NUGtZk9A228L2fR6DrGl
 /pj7nNKWAR2n4loAIfRDwtBc8roXpcro27fsszu/rFuoIBoiJf3OV0v1Ix
 IdWg0t3J1fq1b924JuQ4HLkFFVpq3Z/QpjCcg7QryWOT9mxHHbqfnQ==
Received: from fifthhorseman.net (cpe-74-71-53-242.nyc.res.rr.com
 [74.71.53.242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by che.mayfirst.org (Postfix) with ESMTPSA id D40BDF9AC
 for <notmuch@notmuchmail.org>; Sun, 26 May 2019 18:16:18 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
 id 464AF20609; Sun, 26 May 2019 18:16:14 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH v2 02/17] util/crypto: add information about the payload part
Date: Sun, 26 May 2019 18:15:55 -0400
Message-Id: <20190526221610.2833-3-dkg@fifthhorseman.net>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190526221610.2833-1-dkg@fifthhorseman.net>
References: <20190526221610.2833-1-dkg@fifthhorseman.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 26 May 2019 22:16:26 -0000

When walking the MIME tree, if we discover that we are at the
cryptographic payload, then we would like to record at least the
Subject header of the current MIME part.

In the future, we might want to record many other headers as well, but
for now we will stick with just the Subject.

See
https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope
for more description of the Cryptographic Payload vs. the
Cryptographic Envelope.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 util/crypto.c | 37 +++++++++++++++++++++++++++++++++++++
 util/crypto.h |  5 +++++
 2 files changed, 42 insertions(+)

diff --git a/util/crypto.c b/util/crypto.c
index 3f8ac25a..9e185e03 100644
--- a/util/crypto.c
+++ b/util/crypto.c
@@ -90,6 +90,8 @@ _notmuch_message_crypto_destructor (_notmuch_message_crypto_t *msg_crypto)
 	return 0;
     if (msg_crypto->sig_list)
 	g_object_unref (msg_crypto->sig_list);
+    if (msg_crypto->payload_subject)
+	talloc_free (msg_crypto->payload_subject);
     return 0;
 }
 
@@ -133,6 +135,10 @@ _notmuch_message_crypto_potential_sig_list (_notmuch_message_crypto_t *msg_crypt
 notmuch_status_t
 _notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto, GMimeObject *payload, GMimeObject *parent, int childnum)
 {
+    const char *protected_headers = NULL;
+    const char *forwarded = NULL;
+    const char *subject = NULL;
+
     if (!msg_crypto || !payload)
 	return NOTMUCH_STATUS_NULL_POINTER;
 
@@ -156,6 +162,37 @@ _notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto
 
     msg_crypto->payload_encountered = true;
 
+    /* don't bother recording anything if there is no cryptographic
+     * envelope: */
+    if ((msg_crypto->decryption_status != NOTMUCH_MESSAGE_DECRYPTED_FULL) &&
+	(msg_crypto->sig_list == NULL))
+	return NOTMUCH_STATUS_SUCCESS;
+
+    /* Verify that this payload has headers that are intended to be
+     * exported to the larger message: */
+
+    /* Consider a payload that uses Alexei Melinkov's forwarded="no" for
+     * message/global or message/rfc822:
+     * https://tools.ietf.org/html/draft-melnikov-smime-header-signing-05#section-4 */
+    forwarded = g_mime_object_get_content_type_parameter (payload, "forwarded");
+    if (GMIME_IS_MESSAGE_PART (payload) && forwarded && strcmp (forwarded, "no") == 0) {
+	GMimeMessage *message = g_mime_message_part_get_message (GMIME_MESSAGE_PART (payload));
+	subject = g_mime_message_get_subject (message);
+	/* FIXME: handle more than just Subject: at some point */
+    } else {
+	/* Consider "memoryhole"-style protected headers as practiced by Enigmail and K-9 */
+	protected_headers = g_mime_object_get_content_type_parameter (payload, "protected-headers");
+	if (protected_headers && strcasecmp("v1", protected_headers) == 0)
+	    subject = g_mime_object_get_header (payload, "Subject");
+	/* FIXME: handle more than just Subject: at some point */
+    }
+
+    if (subject) {
+	if (msg_crypto->payload_subject)
+	    talloc_free (msg_crypto->payload_subject);
+	msg_crypto->payload_subject = talloc_strdup (msg_crypto, subject);
+    }
+
     return NOTMUCH_STATUS_SUCCESS;
 }
 
diff --git a/util/crypto.h b/util/crypto.h
index c6fa7f4b..fdbb5da5 100644
--- a/util/crypto.h
+++ b/util/crypto.h
@@ -59,6 +59,11 @@ typedef struct _notmuch_message_crypto {
      * is not part of the cryptographic envelope) */
     bool payload_encountered;
 
+    /* the value of any "Subject:" header in the cryptographic payload
+     * (the top level part within the crypto envelope), converted to
+     * UTF-8 */
+    char * payload_subject;
+
     /* if both signed and encrypted, was the signature encrypted? */
     bool signature_encrypted;
 } _notmuch_message_crypto_t;
-- 
2.20.1