diff options
-rw-r--r-- | camel/ChangeLog | 8 | ||||
-rw-r--r-- | camel/Makefile.am | 4 | ||||
-rw-r--r-- | camel/camel-pgp-mime.c | 28 | ||||
-rw-r--r-- | camel/camel-smime-context.c | 3 | ||||
-rw-r--r-- | camel/camel-smime.c | 476 | ||||
-rw-r--r-- | camel/camel-smime.h | 63 |
6 files changed, 568 insertions, 14 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 41e78c0129..d4a18f865b 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,11 @@ +2001-05-14 Jeffrey Stedfast <fejj@ximian.com> + + * Makefile.am: Add camel-smime-context.[c,h] and camel-smime.[c,h] + to the build. + + * camel-smime.[c,h]: New source files for manipulating S/MIME + message parts. + 2001-05-14 Jon Trowbridge <trow@ximian.com> * camel-search-private.c (utf8_get): Replicate the semantics of diff --git a/camel/Makefile.am b/camel/Makefile.am index dda2cb13f0..8e59e8b190 100644 --- a/camel/Makefile.am +++ b/camel/Makefile.am @@ -59,6 +59,8 @@ libcamel_la_SOURCES = \ camel-operation.c \ camel-pgp-context.c \ camel-pgp-mime.c \ + camel-smime-context.c \ + camel-smime.c \ camel-provider.c \ camel-remote-store.c \ camel-sasl.c \ @@ -138,6 +140,8 @@ libcamelinclude_HEADERS = \ camel-operation.h \ camel-pgp-context.h \ camel-pgp-mime.h \ + camel-smime-context.h \ + camel-smime.h \ camel-provider.h \ camel-remote-store.h \ camel-sasl.h \ diff --git a/camel/camel-pgp-mime.c b/camel/camel-pgp-mime.c index a9eef4e7cc..ba91804579 100644 --- a/camel/camel-pgp-mime.c +++ b/camel/camel-pgp-mime.c @@ -244,6 +244,20 @@ camel_pgp_mime_part_sign (CamelPgpContext *context, CamelMimePart **mime_part, c /* construct the signature stream */ sigstream = camel_stream_mem_new (); + switch (hash) { + case CAMEL_CIPHER_HASH_MD5: + hash_type = "pgp-md5"; + break; + case CAMEL_CIPHER_HASH_SHA1: + hash_type = "pgp-sha1"; + break; + default: + /* set a reasonable default */ + hash = CAMEL_CIPHER_HASH_SHA1; + hash_type = "pgp-sha1"; + break; + } + /* get the signature */ if (camel_pgp_sign (context, userid, hash, stream, sigstream, ex) == -1) { camel_object_unref (CAMEL_OBJECT (stream)); @@ -269,20 +283,6 @@ camel_pgp_mime_part_sign (CamelPgpContext *context, CamelMimePart **mime_part, c camel_object_unref (CAMEL_OBJECT (sigstream)); /* construct the container multipart/signed */ - switch (hash) { - case CAMEL_CIPHER_HASH_MD5: - hash_type = "pgp-md5"; - break; - case CAMEL_CIPHER_HASH_SHA1: - hash_type = "pgp-sha1"; - break; - default: - /* set a reasonable default */ - hash = CAMEL_CIPHER_HASH_SHA1; - hash_type = "pgp-sha1"; - break; - } - multipart = camel_multipart_new (); mime_type = header_content_type_new ("multipart", "signed"); diff --git a/camel/camel-smime-context.c b/camel/camel-smime-context.c index bbe311385b..76d0064a53 100644 --- a/camel/camel-smime-context.c +++ b/camel/camel-smime-context.c @@ -24,6 +24,7 @@ #include <config.h> #endif +#ifdef HAVE_NSS #include "camel-smime-context.h" #include "camel-stream-fs.h" @@ -642,3 +643,5 @@ smime_decrypt (CamelCipherContext *ctx, CamelStream *istream, return -1; } + +#endif /* HAVE_NSS */ diff --git a/camel/camel-smime.c b/camel/camel-smime.c new file mode 100644 index 0000000000..291329fb53 --- /dev/null +++ b/camel/camel-smime.c @@ -0,0 +1,476 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ +/* + * Authors: Jeffrey Stedfast <fejj@ximian.com> + * + * Copyright 2001 Ximian, Inc. (www.ximian.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. + * + */ + + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include "camel-smime.h" +#include "camel-mime-filter-from.h" +#include "camel-mime-filter-crlf.h" +#include "camel-stream-filter.h" +#include "camel-stream-mem.h" +#include "camel-multipart.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#define d(x) x + +/** rfc2633 stuff (aka S/MIME v3) ********************************/ + +gboolean +camel_smime_is_smime_v3_signed (CamelMimePart *mime_part) +{ + CamelDataWrapper *wrapper; + CamelMultipart *mp; + CamelMimePart *part; + CamelContentType *type; + const gchar *param, *micalg; + int nparts; + + /* check that we have a multipart/signed */ + type = camel_mime_part_get_content_type (mime_part); + if (!header_content_type_is (type, "multipart", "signed")) + return FALSE; + + /* check that we have a protocol param with the value: "application/pkcs7-signature" */ + param = header_content_type_param (type, "protocol"); + if (!param || g_strcasecmp (param, "application/pkcs7-signature")) + return FALSE; + + /* check that we have a micalg parameter */ + micalg = header_content_type_param (type, "micalg"); + if (!micalg) + return FALSE; + + /* check that we have exactly 2 subparts */ + wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part)); + mp = CAMEL_MULTIPART (wrapper); + nparts = camel_multipart_get_number (mp); + if (nparts != 2) + return FALSE; + + /* The first part may be of any type except for + * application/pkcs7-signature - check it. */ + part = camel_multipart_get_part (mp, 0); + type = camel_mime_part_get_content_type (part); + if (header_content_type_is (type, "application", "pkcs7-signature")) + return FALSE; + + /* The second part should be application/pkcs7-signature. */ + part = camel_multipart_get_part (mp, 1); + type = camel_mime_part_get_content_type (part); + if (!header_content_type_is (type, "application", "pkcs7-signature")) + return FALSE; + + return TRUE; +} + +gboolean +camel_smime_is_smime_v3_encrypted (CamelMimePart *mime_part) +{ + char *types[] = { "p7m", "p7c", "p7s", NULL }; + const gchar *param, *filename; + CamelContentType *type; + int i; + + /* check that we have a application/pkcs7-mime part */ + type = camel_mime_part_get_content_type (mime_part); + if (header_content_type_is (type, "application", "pkcs7-mime")) { + /* check to make sure it's an encrypted pkcs7-mime part? */ + return TRUE; + } + + if (header_content_type_is (type, "application", "octent-stream")) { + /* check to see if we have a paremeter called "smime-type" */ + param = header_content_type_param (type, "smime-type"); + if (param) + return TRUE; + + /* check to see if there is a name param and if it has a smime extension */ + param = header_content_type_param (type, "smime-type"); + if (param && *param && strlen (param) > 4) { + for (i = 0; types[i]; i++) + if (!g_strcasecmp (param + strlen (param)-4, types[i])) + return TRUE; + } + + /* check to see if there is a name param and if it has a smime extension */ + filename = camel_mime_part_get_filename (mime_part); + if (filename && *filename && strlen (filename) > 4) { + for (i = 0; types[i]; i++) + if (!g_strcasecmp (filename + strlen (filename)-4, types[i])) + return TRUE; + } + } + + return FALSE; +} + + +static void +smime_part_sign_restore_part (CamelMimePart *mime_part, GSList *encodings) +{ + CamelDataWrapper *wrapper; + + wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part)); + if (!wrapper) + return; + + if (CAMEL_IS_MULTIPART (wrapper)) { + int parts, i; + + parts = camel_multipart_get_number (CAMEL_MULTIPART (wrapper)); + for (i = 0; i < parts; i++) { + CamelMimePart *part = camel_multipart_get_part (CAMEL_MULTIPART (wrapper), i); + + smime_part_sign_restore_part (part, encodings); + encodings = encodings->next; + } + } else { + CamelMimePartEncodingType encoding; + + encoding = GPOINTER_TO_INT (encodings->data); + + camel_mime_part_set_encoding (mime_part, encoding); + } +} + +static void +smime_part_sign_prepare_part (CamelMimePart *mime_part, GSList **encodings) +{ + CamelDataWrapper *wrapper; + int parts, i; + + wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part)); + if (!wrapper) + return; + + if (CAMEL_IS_MULTIPART (wrapper)) { + parts = camel_multipart_get_number (CAMEL_MULTIPART (wrapper)); + for (i = 0; i < parts; i++) { + CamelMimePart *part = camel_multipart_get_part (CAMEL_MULTIPART (wrapper), i); + + smime_part_sign_prepare_part (part, encodings); + } + } else { + CamelMimePartEncodingType encoding; + + encoding = camel_mime_part_get_encoding (mime_part); + + /* FIXME: find the best encoding for this part and use that instead?? */ + /* the encoding should really be QP or Base64 */ + if (encoding != CAMEL_MIME_PART_ENCODING_BASE64) + camel_mime_part_set_encoding (mime_part, CAMEL_MIME_PART_ENCODING_QUOTEDPRINTABLE); + + *encodings = g_slist_append (*encodings, GINT_TO_POINTER (encoding)); + } +} + + +/** + * camel_smime_part_sign: + * @context: S/MIME Context + * @mime_part: a MIME part that will be replaced by an S/MIME signed part + * @userid: userid to sign with + * @hash: one of CAMEL_CIPHER_HASH_TYPE_MD5 or CAMEL_CIPHER_HASH_TYPE_SHA1 + * @ex: exception which will be set if there are any errors. + * + * Constructs a S/MIME multipart in compliance with rfc2015/rfc2633 and + * replaces @part with the generated multipart/signed. On failure, + * @ex will be set and #part will remain untouched. + **/ +void +camel_smime_part_sign (CamelSMimeContext *context, CamelMimePart **mime_part, const char *userid, + CamelCipherHash hash, CamelException *ex) +{ + CamelMimePart *part, *signed_part; + CamelMultipart *multipart; + CamelContentType *mime_type; + CamelStreamFilter *filtered_stream; + CamelMimeFilter *crlf_filter, *from_filter; + CamelStream *stream, *sigstream; + gchar *hash_type = NULL; + GSList *encodings = NULL; + + g_return_if_fail (*mime_part != NULL); + g_return_if_fail (CAMEL_IS_MIME_PART (*mime_part)); + g_return_if_fail (userid != NULL); + + part = *mime_part; + + /* Prepare all the parts for signing... */ + smime_part_sign_prepare_part (part, &encodings); + + /* get the cleartext */ + stream = camel_stream_mem_new (); + crlf_filter = camel_mime_filter_crlf_new (CAMEL_MIME_FILTER_CRLF_ENCODE, + CAMEL_MIME_FILTER_CRLF_MODE_CRLF_ONLY); + from_filter = CAMEL_MIME_FILTER (camel_mime_filter_from_new ()); + filtered_stream = camel_stream_filter_new_with_stream (stream); + camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (crlf_filter)); + camel_object_unref (CAMEL_OBJECT (crlf_filter)); + camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (from_filter)); + camel_object_unref (CAMEL_OBJECT (from_filter)); + camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), CAMEL_STREAM (filtered_stream)); + camel_object_unref (CAMEL_OBJECT (filtered_stream)); + + /* reset the stream */ + camel_stream_reset (stream); + + /* construct the signature stream */ + sigstream = camel_stream_mem_new (); + + switch (hash) { + case CAMEL_CIPHER_HASH_MD5: + hash_type = "md5"; + break; + case CAMEL_CIPHER_HASH_SHA1: + hash_type = "sha1"; + break; + default: + /* set a reasonable default */ + hash = CAMEL_CIPHER_HASH_SHA1; + hash_type = "sha1"; + break; + } + + /* get the signature */ + if (camel_smime_sign (context, userid, hash, stream, sigstream, ex) == -1) { + camel_object_unref (CAMEL_OBJECT (stream)); + camel_object_unref (CAMEL_OBJECT (sigstream)); + + /* restore the original encoding */ + smime_part_sign_restore_part (part, encodings); + g_slist_free (encodings); + return; + } + + camel_object_unref (CAMEL_OBJECT (stream)); + camel_stream_reset (sigstream); + + /* we don't need these anymore... */ + g_slist_free (encodings); + + /* construct the pkcs7-signature mime part */ + signed_part = camel_mime_part_new (); + camel_mime_part_set_content (signed_part, CAMEL_STREAM_MEM (sigstream)->buffer->data, + CAMEL_STREAM_MEM (sigstream)->buffer->len, + "application/pkcs7-signature"); + camel_object_unref (CAMEL_OBJECT (sigstream)); + camel_mime_part_set_encoding (signed_part, CAMEL_MIME_PART_ENCODING_BASE64); + camel_mime_part_set_filename (signed_part, "smime.p7s"); + + /* construct the container multipart/signed */ + multipart = camel_multipart_new (); + + mime_type = header_content_type_new ("multipart", "signed"); + header_content_type_set_param (mime_type, "micalg", hash_type); + header_content_type_set_param (mime_type, "protocol", "application/pkcs7-signature"); + camel_data_wrapper_set_mime_type_field (CAMEL_DATA_WRAPPER (multipart), mime_type); + header_content_type_unref (mime_type); + + camel_multipart_set_boundary (multipart, NULL); + + /* add the parts to the multipart */ + camel_multipart_add_part (multipart, part); + camel_object_unref (CAMEL_OBJECT (part)); + camel_multipart_add_part (multipart, signed_part); + camel_object_unref (CAMEL_OBJECT (signed_part)); + + /* replace the input part with the output part */ + *mime_part = camel_mime_part_new (); + camel_medium_set_content_object (CAMEL_MEDIUM (*mime_part), + CAMEL_DATA_WRAPPER (multipart)); + camel_object_unref (CAMEL_OBJECT (multipart)); +} + + +/** + * camel_smime_part_verify: + * @context: S/MIME Context + * @mime_part: a multipart/signed MIME Part + * @ex: exception + * + * Returns a CamelCipherValidity on success or NULL on fail. + **/ +CamelCipherValidity * +camel_smime_part_verify (CamelSMimeContext *context, CamelMimePart *mime_part, CamelException *ex) +{ + CamelDataWrapper *wrapper; + CamelMultipart *multipart; + CamelMimePart *part, *sigpart; + CamelStreamFilter *filtered_stream; + CamelMimeFilter *crlf_filter, *from_filter; + CamelStream *stream, *sigstream; + CamelCipherValidity *valid; + + g_return_val_if_fail (mime_part != NULL, NULL); + g_return_val_if_fail (CAMEL_IS_MIME_PART (mime_part), NULL); + + if (!camel_smime_is_smime_v3_signed (mime_part)) + return NULL; + + wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part)); + multipart = CAMEL_MULTIPART (wrapper); + + /* get the plain part */ + part = camel_multipart_get_part (multipart, 0); + stream = camel_stream_mem_new (); + crlf_filter = camel_mime_filter_crlf_new (CAMEL_MIME_FILTER_CRLF_ENCODE, + CAMEL_MIME_FILTER_CRLF_MODE_CRLF_ONLY); + from_filter = CAMEL_MIME_FILTER (camel_mime_filter_from_new ()); + filtered_stream = camel_stream_filter_new_with_stream (stream); + camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (crlf_filter)); + camel_object_unref (CAMEL_OBJECT (crlf_filter)); + camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (from_filter)); + camel_object_unref (CAMEL_OBJECT (from_filter)); + camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), CAMEL_STREAM (filtered_stream)); + camel_object_unref (CAMEL_OBJECT (filtered_stream)); + camel_stream_reset (stream); + + /* get the signed part */ + sigpart = camel_multipart_get_part (multipart, 1); + sigstream = camel_stream_mem_new (); + camel_data_wrapper_write_to_stream (camel_medium_get_content_object (CAMEL_MEDIUM (sigpart)), + sigstream); + camel_stream_reset (sigstream); + + /* verify */ + valid = camel_smime_verify (context, stream, sigstream, ex); + + camel_object_unref (CAMEL_OBJECT (sigstream)); + camel_object_unref (CAMEL_OBJECT (stream)); + + return valid; +} + + +/** + * camel_smime_part_encrypt: + * @context: S/MIME Context + * @mime_part: a MIME part that will be replaced by a pgp encrypted part + * @recipients: list of recipient PGP Key IDs + * @ex: exception which will be set if there are any errors. + * + * Constructs a PGP/MIME multipart in compliance with rfc2015 and + * replaces #mime_part with the generated multipart/signed. On failure, + * #ex will be set and #part will remain untouched. + **/ +void +camel_smime_part_encrypt (CamelSMimeContext *context, CamelMimePart **mime_part, + GPtrArray *recipients, CamelException *ex) +{ + CamelMimePart *part, *encrypted_part; + CamelStreamFilter *filtered_stream; + CamelMimeFilter *crlf_filter; + CamelStream *stream, *ciphertext; + + g_return_if_fail (*mime_part != NULL); + g_return_if_fail (CAMEL_IS_MIME_PART (*mime_part)); + g_return_if_fail (recipients != NULL); + + part = *mime_part; + + /* get the contents */ + stream = camel_stream_mem_new (); + crlf_filter = camel_mime_filter_crlf_new (CAMEL_MIME_FILTER_CRLF_ENCODE, + CAMEL_MIME_FILTER_CRLF_MODE_CRLF_ONLY); + filtered_stream = camel_stream_filter_new_with_stream (stream); + camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (crlf_filter)); + camel_object_unref (CAMEL_OBJECT (crlf_filter)); + camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), CAMEL_STREAM (filtered_stream)); + camel_object_unref (CAMEL_OBJECT (filtered_stream)); + camel_stream_reset (stream); + + /* smime encrypt */ + ciphertext = camel_stream_mem_new (); + if (camel_smime_encrypt (context, FALSE, NULL, recipients, stream, ciphertext, ex) == -1) { + camel_object_unref (CAMEL_OBJECT (stream)); + camel_object_unref (CAMEL_OBJECT (ciphertext)); + return; + } + + camel_object_unref (CAMEL_OBJECT (stream)); + camel_stream_reset (ciphertext); + + /* construct the encrypted mime part */ + encrypted_part = camel_mime_part_new (); + camel_mime_part_set_content (encrypted_part, CAMEL_STREAM_MEM (ciphertext)->buffer->data, + CAMEL_STREAM_MEM (ciphertext)->buffer->len, + "application/pkcs7-mime; smime-type=enveloped-data"); + camel_mime_part_set_encoding (encrypted_part, CAMEL_MIME_PART_ENCODING_BASE64); + camel_object_unref (CAMEL_OBJECT (ciphertext)); + + /* replace the input part with the output part */ + camel_object_unref (CAMEL_OBJECT (*mime_part)); + *mime_part = encrypted_part; +} + + +/** + * camel_smime_part_decrypt: + * @context: S/MIME Context + * @mime_part: a S/MIME encrypted MIME Part + * @ex: exception + * + * Returns the decrypted MIME Part on success or NULL on fail. + **/ +CamelMimePart * +camel_smime_part_decrypt (CamelSMimeContext *context, CamelMimePart *mime_part, CamelException *ex) +{ + CamelMimePart *part; + CamelStream *stream, *ciphertext; + + g_return_val_if_fail (mime_part != NULL, NULL); + g_return_val_if_fail (CAMEL_IS_MIME_PART (mime_part), NULL); + + /* make sure the mime part is a S/MIME encrypted */ + if (!camel_smime_is_smime_v3_encrypted (mime_part)) + return NULL; + + /* get the ciphertext */ + ciphertext = camel_stream_mem_new (); + camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (mime_part), ciphertext); + camel_stream_reset (ciphertext); + + /* get the cleartext */ + stream = camel_stream_mem_new (); + if (camel_smime_decrypt (context, ciphertext, stream, ex) == -1) { + camel_object_unref (CAMEL_OBJECT (ciphertext)); + camel_object_unref (CAMEL_OBJECT (stream)); + return NULL; + } + + camel_object_unref (CAMEL_OBJECT (ciphertext)); + camel_stream_reset (stream); + + /* construct the new decrypted mime part from the stream */ + part = camel_mime_part_new (); + camel_data_wrapper_construct_from_stream (CAMEL_DATA_WRAPPER (part), stream); + camel_object_unref (CAMEL_OBJECT (stream)); + + return part; +} diff --git a/camel/camel-smime.h b/camel/camel-smime.h new file mode 100644 index 0000000000..67cb027588 --- /dev/null +++ b/camel/camel-smime.h @@ -0,0 +1,63 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ +/* + * Authors: Jeffrey Stedfast <fejj@ximian.com> + * + * Copyright 2001 Ximain, Inc. (www.ximian.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. + * + */ + + +#ifndef CAMEL_SMIME_H +#define CAMEL_SMIME_H + +#include <glib.h> +#include <camel/camel-mime-part.h> +#include <camel/camel-smime-context.h> +#include <camel/camel-exception.h> + +#ifdef __cplusplus +extern "C" { +#pragma } +#endif /* __cplusplus */ + +gboolean camel_smime_is_smime_v3_signed (CamelMimePart *part); +gboolean camel_smime_is_smime_v3_encrypted (CamelMimePart *part); + +void camel_smime_part_sign (CamelSMimeContext *context, + CamelMimePart **mime_part, + const char *userid, + CamelCipherHash hash, + CamelException *ex); + +CamelCipherValidity *camel_smime_part_verify (CamelSMimeContext *context, + CamelMimePart *mime_part, + CamelException *ex); + +void camel_smime_part_encrypt (CamelSMimeContext *context, + CamelMimePart **mime_part, + GPtrArray *recipients, + CamelException *ex); + +CamelMimePart *camel_smime_part_decrypt (CamelSMimeContext *context, + CamelMimePart *mime_part, + CamelException *ex); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* ! CAMEL_SMIME_H */ |