[PATCH 6/8] cli: crypto: S/MIME verification support

Jani Nikula jani at nikula.org
Sat Sep 26 04:58:41 PDT 2015


On Sun, 16 Aug 2015, David Bremner <david at tethera.net> wrote:
> From: Jani Nikula <jani at nikula.org>
>
> notmuch-show --verify will now also process S/MIME multiparts if
> encountered. Requires gmime-2.6 and gpgsm.
>
> Based on work by Jameson Graef Rollins <jrollins at finestructure.net>.
> ---
>  crypto.c           | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  notmuch-client.h   |  7 +++++--
>  test/T355-smime.sh |  1 -
>  3 files changed, 55 insertions(+), 3 deletions(-)
>
> diff --git a/crypto.c b/crypto.c
> index 11c167e..ce683d2 100644
> --- a/crypto.c
> +++ b/crypto.c
> @@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto)
>      return gpgctx;
>  }
>  
> +/* Create a PKCS7 context (GMime 2.6) */
> +static notmuch_crypto_context_t *
> +create_pkcs7_context (notmuch_crypto_t *crypto)
> +{
> +    notmuch_crypto_context_t *pkcs7ctx;
> +
> +    if (crypto->pkcs7ctx)
> +	return crypto->pkcs7ctx;
> +
> +    /* TODO: GMimePasswordRequestFunc */
> +    pkcs7ctx = g_mime_pkcs7_context_new (NULL);
> +    if (! pkcs7ctx) {
> +	fprintf (stderr, "Failed to construct pkcs7 context.\n");
> +	return NULL;
> +    }
> +    crypto->pkcs7ctx = pkcs7ctx;
> +
> +    g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
> +					   FALSE);
> +
> +    return pkcs7ctx;
> +}
> +
> +static const struct {
> +    const char *protocol;
> +    notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
> +} protocols[] = {
> +    {
> +	.protocol = "application/pgp-signature",
> +	.get_context = create_gpg_context,
> +    },
> +    {
> +	.protocol = "application/pgp-encrypted",
> +	.get_context = create_gpg_context,
> +    },
> +    {
> +	.protocol = "application/pkcs7-signature",
> +	.get_context = create_pkcs7_context,
> +    },
> +    {
> +	.protocol = "application/x-pkcs7-signature",
> +	.get_context = create_pkcs7_context,
> +    },
> +};

The array itself should be added in patch 2 as it depends on it, and
this patch should only add the pkcs7 ones. I guess this got broken at
some rebase.

BR,
Jani.


> +
>  /* for the specified protocol return the context pointer (initializing
>   * if needed) */
>  notmuch_crypto_context_t *
> @@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
>  	crypto->gpgctx = NULL;
>      }
>  
> +    if (crypto->pkcs7ctx) {
> +	g_object_unref (crypto->pkcs7ctx);
> +	crypto->pkcs7ctx = NULL;
> +    }
> +
>      return 0;
>  }
> diff --git a/notmuch-client.h b/notmuch-client.h
> index 1f82656..774b620 100644
> --- a/notmuch-client.h
> +++ b/notmuch-client.h
> @@ -31,6 +31,8 @@
>  #include <gmime/gmime.h>
>  
>  typedef GMimeCryptoContext notmuch_crypto_context_t;
> +/* This is automatically included only since gmime 2.6.10 */
> +#include <gmime/gmime-pkcs7-context.h>
>  
>  #include "notmuch.h"
>  
> @@ -69,6 +71,7 @@ typedef struct notmuch_show_format {
>  
>  typedef struct notmuch_crypto {
>      notmuch_crypto_context_t* gpgctx;
> +    notmuch_crypto_context_t* pkcs7ctx;
>      notmuch_bool_t verify;
>      notmuch_bool_t decrypt;
>      const char *gpgpath;
> @@ -406,8 +409,8 @@ struct mime_node {
>  /* Construct a new MIME node pointing to the root message part of
>   * message. If crypto->verify is true, signed child parts will be
>   * verified. If crypto->decrypt is true, encrypted child parts will be
> - * decrypted.  If crypto->gpgctx is NULL, it will be lazily
> - * initialized.
> + * decrypted.  If the crypto contexts (crypto->gpgctx or
> + * crypto->pkcs7) are NULL, they will be lazily initialized.
>   *
>   * Return value:
>   *
> diff --git a/test/T355-smime.sh b/test/T355-smime.sh
> index b3cc76e..caedf5e 100755
> --- a/test/T355-smime.sh
> +++ b/test/T355-smime.sh
> @@ -56,7 +56,6 @@ EOF
>  test_expect_equal_file OUTPUT EXPECTED
>  
>  test_begin_subtest "signature verification (notmuch CLI)"
> -test_subtest_known_broken
>  output=$(notmuch show --format=json --verify subject:"test signed message 001" \
>      | notmuch_json_show_sanitize \
>      | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
> -- 
> 2.5.0


More information about the notmuch mailing list