/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/*
* mail-crypto.c: OpenPGP en/decryption & signature code
*
* FIXME FIXME FIXME: This should be in its own library or component
*/
/*
* Authors:
* Nathan Thompson-Amato <ndt@jps.net>
* Dan Winship <danw@helixcode.com>
* Jeffrey Stedfast <fejj@helixcode.com>
*
* Copyright 2000, Helix Code, Inc. (http://www.helixcode.com)
* Copyright 2000, Nathan Thompson-Amato
* Copyright 1999, 2000, Anthony Mulcahy
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
*
*/
#include <config.h>
#ifdef PGP_PROGRAM
#include <stdlib.h>
#include <string.h>
#include "mail-crypto.h"
#include "mail-session.h"
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <signal.h>
#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <termios.h>
#include <unistd.h>
#include <signal.h>
#include <camel/camel-mime-filter-from.h>
static int
cleanup_child (pid_t child)
{
int status;
pid_t wait_result;
sigset_t mask, omask;
/* PGP5 closes fds before exiting, meaning this might be called
* too early. So wait a bit for the result.
*/
sigemptyset (&mask);
sigaddset (&mask, SIGALRM);
sigprocmask (SIG_BLOCK, &mask, &omask);
alarm (1);
wait_result = waitpid (child, &status, 0);
alarm (0);
sigprocmask (SIG_SETMASK, &omask, NULL);
if (wait_result == -1 && errno == EINTR) {
/* The child is hanging: send a friendly reminder. */
kill (child, SIGTERM);
sleep (1);
wait_result = waitpid (child, &status, WNOHANG);
if (wait_result == 0) {
/* Still hanging; use brute force. */
kill (child, SIGKILL);
sleep (1);
wait_result = waitpid (child, &status, WNOHANG);
}
}
if (wait_result != -1 && WIFEXITED (status))
return WEXITSTATUS (status);
else
return -1;
}
static void
cleanup_before_exec (int fd)
{
int maxfd, i;
maxfd = sysconf (_SC_OPEN_MAX);
if (maxfd < 0)
return;
/* Loop over all fds. */
for (i = 0; i < maxfd; i++) {
if ((STDIN_FILENO != i) &&
(STDOUT_FILENO != i) &&
(STDERR_FILENO != i) &&
(fd != i))
close (i);
}
}
static int
crypto_exec_with_passwd (const char *path, char *argv[], const char *input, int inlen,
int passwd_fds[], const char *passphrase,
char **output, int *outlen, char **diagnostics)
{
fd_set fdset, write_fdset;
int ip_fds[2], op_fds[2], diag_fds[2];
int select_result, read_len, write_len;
size_t tmp_len;
pid_t child;
char *buf, *diag_buf;
const char *passwd_next, *input_next;
size_t size, alloc_size, diag_size, diag_alloc_size;
gboolean eof_seen, diag_eof_seen, passwd_eof_seen, input_eof_seen;
size_t passwd_remaining, passwd_incr, input_remaining, input_incr;
struct timeval timeout;
if ((pipe (ip_fds) < 0 ) ||
(pipe (op_fds) < 0 ) ||
(pipe (diag_fds) < 0 )) {
*diagnostics = g_strdup_printf ("Couldn't create pipe to %s: "
"%s", PGP_PROGRAM,
g_strerror (errno));
return 0;
}
if (!(child = fork ())) {
/* In child */
if ((dup2 (ip_fds[0], STDIN_FILENO) < 0 ) ||
(dup2 (op_fds[1], STDOUT_FILENO) < 0 ) ||
(dup2 (diag_fds[1], STDERR_FILENO) < 0 )) {
_exit (255);
}
/* Dissociate from evolution-mail's controlling
* terminal so that pgp/gpg won't be able to read from
* it: PGP 2 will fall back to asking for the password
* on /dev/tty if the passed-in password is incorrect.
* This will make that fail rather than hanging.
*/
setsid ();
/* Close excess fds */
cleanup_before_exec (passwd_fds[0]);
execvp (path, argv);
fprintf (stderr, "Could not execute %s: %s\n", argv[0],
g_strerror (errno));
_exit (255);
} else if (child < 0) {
*diagnostics = g_strdup_printf ("Cannot fork %s: %s",
argv[0], g_strerror (errno));
return 0;
}
/* Parent */
close (ip_fds[0]);
close (op_fds[1]);
close (diag_fds[1]);
close (passwd_fds[0]);
timeout.tv_sec = 10; /* timeout in seconds */
timeout.tv_usec = 0;
size = diag_size = 0;
alloc_size = 4096;
diag_alloc_size = 1024;
eof_seen = diag_eof_seen = FALSE;
buf = g_malloc (alloc_size);
diag_buf = g_malloc (diag_alloc_size);
passwd_next = passphrase;
passwd_remaining = passphrase ? strlen (passphrase) : 0;
passwd_incr = fpathconf (passwd_fds[1], _PC_PIPE_BUF);
/* Use a reasonable default value on error. */
if (passwd_incr <= 0)
passwd_incr = 1024;
passwd_eof_seen = FALSE;
input_next = input;
input_remaining = inlen;
input_incr = fpathconf (ip_fds[1], _PC_PIPE_BUF);
if (input_incr <= 0)
input_incr = 1024;
input_eof_seen = FALSE;
while (!(eof_seen && diag_eof_seen)) {
FD_ZERO (&fdset);
if (!eof_seen)
FD_SET (op_fds[0], &fdset);
if (!diag_eof_seen)
FD_SET (diag_fds[0], &fdset);
FD_ZERO (&write_fdset);
if (!passwd_eof_seen)
FD_SET (passwd_fds[1], &write_fdset);
if (!input_eof_seen)
FD_SET (ip_fds[1], &write_fdset);
select_result = select (FD_SETSIZE, &fdset, &write_fdset,
NULL, &timeout);
if (select_result < 0) {
if (errno == EINTR)
continue;
break;
}
if (select_result == 0) {
/* timeout */
break;
}
if (FD_ISSET (op_fds[0], &fdset)) {
/* More output is available. */
if (size + 4096 > alloc_size) {
alloc_size += 4096;
buf = g_realloc (buf , alloc_size);
}
read_len = read (op_fds[0], &buf[size],
alloc_size - size - 1);
if (read_len < 0) {
if (errno == EINTR)
continue;
break;
}
if (read_len == 0)
eof_seen = TRUE;
size += read_len;
}
if (FD_ISSET(diag_fds[0], &fdset) ) {
/* More stderr is available. */
if (diag_size + 1024 > diag_alloc_size) {
diag_alloc_size += 1024;
diag_buf = g_realloc (diag_buf,
diag_alloc_size);
}
read_len = read (diag_fds[0], &diag_buf[diag_size],
diag_alloc_size - diag_size - 1);
if (read_len < 0) {
if (errno == EINTR)
continue;
break;
}
if (read_len == 0)
diag_eof_seen = TRUE;
diag_size += read_len;
}
if (FD_ISSET(passwd_fds[1], &write_fdset)) {
/* Ready for more password input. */
tmp_len = passwd_incr;
if (tmp_len > passwd_remaining)
tmp_len = passwd_remaining;
write_len = write (passwd_fds[1], passwd_next,
tmp_len);
if (write_len < 0) {
if (errno == EINTR)
continue;
break;
}
passwd_next += write_len;
passwd_remaining -= write_len;
if (passwd_remaining == 0) {
close (passwd_fds[1]);
passwd_eof_seen = TRUE;
}
}
if (FD_ISSET(ip_fds[1], &write_fdset)) {
/* Ready for more ciphertext input. */
tmp_len = input_incr;
if (tmp_len > input_remaining)
tmp_len = input_remaining;
write_len = write (ip_fds[1], input_next, tmp_len);
if (write_len < 0) {
if (errno == EINTR)
continue;
break;
}
input_next += write_len;
input_remaining -= write_len;
if (input_remaining == 0 ) {
close (ip_fds[1]);
input_eof_seen = TRUE;
}
}
}
buf[size] = 0;
diag_buf[diag_size] = 0;
close (op_fds[0]);
close (diag_fds[0]);
*output = buf;
if (outlen)
*outlen = size;
*diagnostics = diag_buf;
return cleanup_child (child);
}
/*----------------------------------------------------------------------*
* Public crypto functions
*----------------------------------------------------------------------*/
/**
* mail_crypto_openpgp_decrypt: pgp decrypt ciphertext
* @ciphertext: ciphertext to decrypt
* @outlen: output length of the decrypted data (to be set by #mail_crypto_openpgp_decrypt)
* @ex: a CamelException
*
* Returns an allocated buffer containing the decrypted ciphertext. If
* the cleartext is plain text then you may treat it like a normal
* string as it will be NUL terminated, however #outlen is also set in
* the case that the cleartext is a binary stream.
**/
char *
mail_crypto_openpgp_decrypt (const char *ciphertext, int cipherlen,
int *outlen, CamelException *ex)
{
int retval, i;
char *path, *argv[12];
char *passphrase, *plaintext = NULL, *diagnostics = NULL;
int passwd_fds[2];
char passwd_fd[32];
passphrase = mail_session_request_dialog (
_("Please enter your PGP/GPG passphrase."),
TRUE, "pgp", FALSE);
if (!passphrase) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
_("No password provided."));
return NULL;
}
if (pipe (passwd_fds) < 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create pipe to GPG/PGP: %s"),
g_strerror (errno));
return NULL;
}
i = 0;
#if defined(GPG_PATH)
path = GPG_PATH;
argv[i++] = "gpg";
argv[i++] = "--verbose";
argv[i++] = "--yes";
argv[i++] = "--batch";
argv[i++] = "--output";
argv[i++] = "-"; /* output to stdout */
argv[i++] = "--decrypt";
argv[i++] = "--passphrase-fd";
sprintf (passwd_fd, "%d", passwd_fds[0]);
argv[i++] = passwd_fd;
#elif defined(PGP5_PATH)
path = PGP5_PATH;
argv[i++] = "pgpv";
argv[i++] = "-f";
argv[i++] = "+batchmode=1";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#else
path = PGP_PATH;
argv[i++] = "pgp";
argv[i++] = "-f";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#endif
argv[i++] = NULL;
/* initialize outlen */
*outlen = 0;
retval = crypto_exec_with_passwd (path, argv,
ciphertext, cipherlen,
passwd_fds, passphrase,
&plaintext, outlen,
&diagnostics);
if (retval != 0 || *outlen == 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
"%s", diagnostics);
g_free (plaintext);
g_free (diagnostics);
return NULL;
}
g_free (diagnostics);
return plaintext;
}
/**
* mail_crypto_openpgp_encrypt: pgp encrypt data
* @in: data to encrypt
* @inlen: input length of the input data (which may be a binary stream)
* @recipients: an array of recipients to encrypt to (preferably each
* element should be a pgp keyring ID however sometimes email
* addresses will work assuming that your pgp keyring has an
* entry for that address)
* @sign: TRUE if you wish to sign the encrypted text as well, FALSE otherwise
* @userid: userid to sign with assuming #sign is TRUE
* @ex: a CamelException
*
* Encrypts the plaintext to the list of recipients and optionally signs
**/
char *
mail_crypto_openpgp_encrypt (const char *in, int inlen,
const GPtrArray *recipients,
gboolean sign, const char *userid,
CamelException *ex)
{
GPtrArray *recipient_list = NULL;
GPtrArray *argv;
int retval, r;
char *path;
char *passphrase = NULL, *ciphertext = NULL, *diagnostics = NULL;
int passwd_fds[2];
char passwd_fd[32];
if (sign) {
/* we only need the passphrase if we plan to sign */
passphrase = mail_session_request_dialog (
_("Please enter your PGP/GPG passphrase."),
TRUE, "pgp", FALSE);
if (!passphrase) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
_("No password provided."));
return NULL;
}
}
if (pipe (passwd_fds) < 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create pipe to GPG/PGP: %s"),
g_strerror (errno));
return NULL;
}
argv = g_ptr_array_new ();
#if defined(GPG_PATH)
path = GPG_PATH;
recipient_list = g_ptr_array_new ();
for (r = 0; r < recipients->len; r++) {
char *buf, *recipient;
recipient = recipients->pdata[r];
buf = g_strdup_printf ("-r %s", recipient);
g_ptr_array_add (recipient_list, buf);
}
g_ptr_array_add (argv, "gpg");
g_ptr_array_add (argv, "--verbose");
g_ptr_array_add (argv, "--yes");
g_ptr_array_add (argv, "--batch");
g_ptr_array_add (argv, "--armor");
for (r = 0; r < recipient_list->len; r++)
g_ptr_array_add (argv, recipient_list->pdata[r]);
g_ptr_array_add (argv, "--output");
g_ptr_array_add (argv, "-"); /* output to stdout */
g_ptr_array_add (argv, "--encrypt");
if (sign) {
g_ptr_array_add (argv, "--sign");
g_ptr_array_add (argv, "-u");
g_ptr_array_add (argv, (gchar *) userid);
g_ptr_array_add (argv, "--passphrase-fd");
sprintf (passwd_fd, "%d", passwd_fds[0]);
g_ptr_array_add (argv, passwd_fd);
}
#elif defined(PGP5_PATH)
path = PGP5_PATH;
recipient_list = g_ptr_array_new ();
for (r = 0; r < recipients->len; r++) {
char *buf, *recipient;
recipient = recipients->pdata[r];
buf = g_strdup_printf ("-r %s", recipient);
g_ptr_array_add (recipient_list, buf);
}
g_ptr_array_add (argv, "pgpe");
for (r = 0; r < recipient_list->len; r++)
g_ptr_array_add (argv, recipient_list->pdata[r]);
g_ptr_array_add (argv, "-f");
g_ptr_array_add (argv, "-z");
g_ptr_array_add (argv, "-a");
g_ptr_array_add (argv, "-o");
g_ptr_array_add (argv, "-"); /* output to stdout */
if (sign) {
g_ptr_array_add (argv, "-s");
g_ptr_array_add (argv, "-u");
g_ptr_array_add (argv, (gchar *) userid);
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
}
#else
path = PGP_PATH;
recipient_list = g_ptr_array_new ();
for (r = 0; r < recipients->len; r++) {
char *buf, *recipient;
recipient = recipients->pdata[r];
buf = g_strdup_printf ("-r %s", recipient);
g_ptr_array_add (recipient_list, buf);
}
g_ptr_array_add (argv, "pgp");
g_ptr_array_add (argv, "-f");
g_ptr_array_add (argv, "-e");
g_ptr_array_add (argv, "-a");
g_ptr_array_add (argv, "-o");
g_ptr_array_add (argv, "-");
for (r = 0; r < recipient_list->len; r++)
g_ptr_array_add (argv, recipient_list->pdata[r]);
if (sign) {
g_ptr_array_add (argv, "-s");
g_ptr_array_add (argv, "-u");
g_ptr_array_add (argv, (gchar *) userid);
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
}
#endif
g_ptr_array_add (argv, NULL);
retval = crypto_exec_with_passwd (path, (char **) argv->pdata,
in, inlen, passwd_fds,
passphrase, &ciphertext, NULL,
&diagnostics);
if (retval != 0 || !*ciphertext) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
"%s", diagnostics);
g_free (ciphertext);
ciphertext = NULL;
}
if (recipient_list) {
for (r = 0; r < recipient_list->len; r++)
g_free (recipient_list->pdata[r]);
g_ptr_array_free (recipient_list, TRUE);
}
g_ptr_array_free (argv, TRUE);
g_free (diagnostics);
return ciphertext;
}
/**
* mail_crypto_openpgp_clearsign: pgp clearsign plaintext
* @plaintext: text to sign
* @userid: user id to sign with
* @hash: Preferred hash function (md5 or sha1)
* @ex: a CamelException
*
* Clearsigns the plaintext using the user id
**/
char *
mail_crypto_openpgp_clearsign (const char *plaintext,
const char *userid,
PgpHashType hash,
CamelException *ex)
{
int retval;
char *path, *argv[20];
int i;
char *passphrase;
char *ciphertext = NULL;
char *diagnostics = NULL;
int passwd_fds[2];
char passwd_fd[32];
char *hash_str = NULL;
#ifndef PGP_PROGRAM
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("No GPG/PGP program available."));
return NULL;
#endif
passphrase = mail_session_request_dialog (_("Please enter your PGP/GPG passphrase."),
TRUE, "pgp", FALSE);
if (!passphrase) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
_("No password provided."));
return NULL;
}
if (pipe (passwd_fds) < 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create pipe to GPG/PGP: %s"),
g_strerror (errno));
return NULL;
}
switch (hash) {
case PGP_HASH_TYPE_MD5:
hash_str = "MD5";
break;
case PGP_HASH_TYPE_SHA1:
hash_str = "SHA1";
break;
default:
hash_str = NULL;
}
i = 0;
#if defined(GPG_PATH)
path = GPG_PATH;
argv[i++] = "gpg";
argv[i++] = "--clearsign";
if (hash_str) {
argv[i++] = "--digest-algo";
argv[i++] = hash_str;
}
if (userid) {
argv[i++] = "-u";
argv[i++] = (char *) userid;
}
argv[i++] = "--verbose";
argv[i++] = "--yes";
argv[i++] = "--batch";
argv[i++] = "--armor";
argv[i++] = "--output";
argv[i++] = "-"; /* output to stdout */
argv[i++] = "--passphrase-fd";
sprintf (passwd_fd, "%d", passwd_fds[0]);
argv[i++] = passwd_fd;
#elif defined(PGP5_PATH)
/* FIXME: modify to respect hash */
path = PGP5_PATH;
argv[i++] = "pgps";
if (userid) {
argv[i++] = "-u";
argv[i++] = (char *) userid;
}
argv[i++] = "-f";
argv[i++] = "-z";
argv[i++] = "-a";
argv[i++] = "-o";
argv[i++] = "-"; /* output to stdout */
argv[i++] = "-s";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#else
/* FIXME: modify to respect hash */
path = PGP_PATH;
argv[i++] = "pgp";
argv[i++] = "-f";
argv[i++] = "-e";
argv[i++] = "-a";
argv[i++] = "-o";
argv[i++] = "-";
argv[i++] = "-s";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#endif
argv[i++] = NULL;
retval = crypto_exec_with_passwd (path, argv,
plaintext, strlen (plaintext),
passwd_fds, passphrase,
&ciphertext, NULL,
&diagnostics);
if (retval != 0 || !*ciphertext) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
"%s", diagnostics);
g_free (ciphertext);
ciphertext = NULL;
}
g_free (diagnostics);
return ciphertext;
}
/**
* mail_crypto_openpgp_sign:
* @in: input data to sign
* @inlen: length of input data
* @userid: userid to sign with
* @hash: preferred hash type (md5 or sha1)
* @ex: exception
*
* Returns an allocated string containing the detached signature using
* the preferred hash.
**/
char *
mail_crypto_openpgp_sign (const char *in, int inlen, const char *userid,
PgpHashType hash, CamelException *ex)
{
char *argv[20];
char *cyphertext = NULL;
char *diagnostics = NULL;
char *passphrase = NULL;
char *hash_str = NULL;
char *path;
int passwd_fds[2];
char passwd_fd[32];
int retval, i;
#ifndef PGP_PROGRAM
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("No GPG/PGP program available."));
return NULL;
#endif
passphrase = mail_session_request_dialog (_("Please enter your PGP/GPG passphrase."),
TRUE, "pgp", FALSE);
if (!passphrase) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
_("No password provided."));
return NULL;
}
if (pipe (passwd_fds) < 0) {
g_free (passphrase);
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create pipe to GPG/PGP: %s"),
g_strerror (errno));
return NULL;
}
switch (hash) {
case PGP_HASH_TYPE_MD5:
hash_str = "MD5";
break;
case PGP_HASH_TYPE_SHA1:
hash_str = "SHA1";
break;
default:
hash_str = NULL;
}
i = 0;
#if defined(GPG_PATH)
path = GPG_PATH;
argv[i++] = "gpg";
argv[i++] = "--sign";
argv[i++] = "-b";
if (hash_str) {
argv[i++] = "--digest-algo";
argv[i++] = hash_str;
}
if (userid) {
argv[i++] = "-u";
argv[i++] = (char *) userid;
}
argv[i++] = "--verbose";
argv[i++] = "--yes";
argv[i++] = "--batch";
argv[i++] = "--armor";
argv[i++] = "--output";
argv[i++] = "-"; /* output to stdout */
argv[i++] = "--passphrase-fd";
sprintf (passwd_fd, "%d", passwd_fds[0]);
argv[i++] = passwd_fd;
#elif defined(PGP5_PATH)
path = PGP5_PATH;
/* FIXME: respect hash */
argv[i++] = "pgps";
if (userid) {
argv[i++] = "-u";
argv[i++] = (char *) userid;
}
argv[i++] = "-b";
argv[i++] = "-f";
argv[i++] = "-z";
argv[i++] = "-a";
argv[i++] = "-o";
argv[i++] = "-"; /* output to stdout */
argv[i++] = "-s";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#else
path = PGP_PATH;
/* FIXME: needs to respect hash and also return only the detached sig */
argv[i++] = "pgp";
if (userid) {
argv[i++] = "-u";
argv[i++] = (char *) userid;
}
argv[i++] = "-f";
argv[i++] = "-a";
argv[i++] = "-o";
argv[i++] = "-";
argv[i++] = "-s";
sprintf (passwd_fd, "PGPPASSFD=%d", passwd_fds[0]);
putenv (passwd_fd);
#endif
argv[i++] = NULL;
retval = crypto_exec_with_passwd (path, argv,
in, inlen,
passwd_fds, passphrase,
&cyphertext, NULL,
&diagnostics);
g_free (passphrase);
if (retval != 0 || !*cyphertext) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
"%s", diagnostics);
g_free (cyphertext);
cyphertext = NULL;
}
g_free (diagnostics);
return cyphertext;
}
static char *
swrite (const char *data, int len)
{
char *template;
int fd;
template = g_strdup ("/tmp/mail-crypto-XXXXXX");
fd = mkstemp (template);
if (fd == -1) {
g_free (template);
return NULL;
}
write (fd, data, len);
close (fd);
return template;
}
gboolean
mail_crypto_openpgp_verify (const char *in, int inlen, const char *sigin, int siglen, CamelException *ex)
{
char *argv[20];
char *cleartext = NULL;
char *diagnostics = NULL;
char *path;
int passwd_fds[2];
char passwd_fd[32];
char *sigfile;
int retval, i, clearlen;
gboolean valid = TRUE;
#ifndef PGP_PROGRAM
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("No GPG/PGP program available."));
return FALSE;
#endif
if (pipe (passwd_fds) < 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create pipe to GPG/PGP: %s"),
g_strerror (errno));
return FALSE;
}
if (sigin != NULL && siglen) {
/* We are going to verify a detached signature so save
the signature to a temp file. */
sigfile = swrite (sigin, siglen);
if (!sigfile) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
_("Couldn't create temp file: %s"),
g_strerror (errno));
return FALSE;
}
}
i = 0;
#if defined(GPG_PATH)
path = GPG_PATH;
argv[i++] = "gpg";
argv[i++] = "--verify";
if (sigin != NULL && siglen)
argv[i++] = sigfile;
/* We are going to verify using stdin */
argv[i++] = "-";
/*argv[i++] = "--verbose";
argv[i++] = "--yes";
argv[i++] = "--batch";*/
#elif defined (PGP5_PATH)
path = PGP5_PATH;
argv[i++] = "pgpv";
argv[i++] = "-z";
if (sigin != NULL && siglen)
argv[i++] = sigfile;
argv[i++] = "-f";
#else
path = PGP_PATH;
argv[i++] = "pgp";
if (sigin != NULL && siglen)
argv[i++] = sigfile;
argv[i++] = "-f";
#endif
argv[i++] = NULL;
clearlen = 0;
retval = crypto_exec_with_passwd (path, argv,
in, inlen,
passwd_fds, NULL,
&cleartext, &clearlen,
&diagnostics);
/* cleanup */
if (sigfile) {
unlink (sigfile);
g_free (sigfile);
}
/* FIXME: maybe we should always set an exception? */
if (retval != 0) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
"%s", diagnostics);
valid = FALSE;
}
g_free (diagnostics);
g_free (cleartext);
return valid;
}
/** rfc2015 stuff *******************************/
gboolean
is_rfc2015_signed (CamelMimePart *mime_part)
{
CamelDataWrapper *wrapper;
CamelMultipart *mp;
CamelMimePart *part;
CamelContentType *type;
const gchar *param;
int nparts;
/* check that we have a multipart/signed */
type = camel_mime_part_get_content_type (mime_part);
if (!header_content_type_is (type, "multipart", "signed"))
return FALSE;
/* check that we have a protocol param with the value: "application/pgp-signed" */
param = header_content_type_param (type, "protocol");
if (!param || g_strcasecmp (param, "\"application/pgp-signed\""))
return FALSE;
/* check that we have exactly 2 subparts */
wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part));
mp = CAMEL_MULTIPART (wrapper);
nparts = camel_multipart_get_number (mp);
if (nparts != 2)
return FALSE;
/* The first part may be of any type except for
* application/pgp-signature - check it. */
part = camel_multipart_get_part (mp, 0);
type = camel_mime_part_get_content_type (part);
if (header_content_type_is (type, "application", "pgp-signature"))
return FALSE;
/* The second part should be application/pgp-signature. */
part = camel_multipart_get_part (mp, 1);
type = camel_mime_part_get_content_type (part);
if (!header_content_type_is (type, "application", "pgp-siganture"))
return FALSE;
/* FIXME: Implement multisig stuff */
return TRUE;
}
gboolean
is_rfc2015_encrypted (CamelMimePart *mime_part)
{
CamelDataWrapper *wrapper;
CamelMultipart *mp;
CamelMimePart *part;
CamelContentType *type;
const gchar *param;
int nparts;
/* check that we have a multipart/encrypted */
type = camel_mime_part_get_content_type (mime_part);
if (!header_content_type_is (type, "multipart", "encrypted"))
return FALSE;
/* check that we have a protocol param with the value: "application/pgp-encrypted" */
param = header_content_type_param (type, "protocol");
if (!param || g_strcasecmp (param, "\"application/pgp-encrypted\""))
return FALSE;
/* check that we have at least 2 subparts */
wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part));
mp = CAMEL_MULTIPART (wrapper);
nparts = camel_multipart_get_number (mp);
if (nparts < 2)
return FALSE;
/* The first part should be application/pgp-encrypted */
part = camel_multipart_get_part (mp, 0);
type = camel_mime_part_get_content_type (part);
if (!header_content_type_is (type, "application","pgp-encrypted"))
return FALSE;
/* The second part should be application/octet-stream - this
is the one we care most about */
part = camel_multipart_get_part (mp, 1);
type = camel_mime_part_get_content_type (part);
if (!header_content_type_is (type, "application","octet-stream"))
return FALSE;
return TRUE;
}
/**
* pgp_mime_part_sign:
* @mime_part: a MIME part that will be replaced by a pgp signed part
* @userid: userid to sign with
* @hash: one of PGP_HASH_TYPE_MD5 or PGP_HASH_TYPE_SHA1
* @ex: exception which will be set if there are any errors.
*
* Constructs a PGP/MIME multipart in compliance with rfc2015 and
* replaces #part with the generated multipart/signed. On failure,
* #ex will be set and #part will remain untouched.
**/
void
pgp_mime_part_sign (CamelMimePart **mime_part, const gchar *userid, PgpHashType hash, CamelException *ex)
{
CamelMimePart *part, *signed_part;
CamelMultipart *multipart;
CamelMimePartEncodingType encoding;
CamelContentType *mime_type;
CamelStreamFilter *filtered_stream;
CamelMimeFilter *crlf_filter, *from_filter;
CamelStream *stream;
GByteArray *array;
gchar *cleartext, *signature;
gchar *hash_type;
gint clearlen;
g_return_if_fail (*mime_part != NULL);
g_return_if_fail (userid != NULL);
g_return_if_fail (hash != PGP_HASH_TYPE_NONE);
part = *mime_part;
encoding = camel_mime_part_get_encoding (part);
/* the encoding should really be QP or Base64 */
if (encoding != CAMEL_MIME_PART_ENCODING_BASE64)
camel_mime_part_set_encoding (part, CAMEL_MIME_PART_ENCODING_QUOTEDPRINTABLE);
/* get the cleartext */
array = g_byte_array_new ();
stream = camel_stream_mem_new_with_byte_array (array);
crlf_filter = camel_mime_filter_crlf_new (CAMEL_MIME_FILTER_CRLF_ENCODE,
CAMEL_MIME_FILTER_CRLF_MODE_CRLF_ONLY);
from_filter = CAMEL_MIME_FILTER (camel_mime_filter_from_new ());
filtered_stream = camel_stream_filter_new_with_stream (stream);
camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (crlf_filter));
camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (from_filter));
camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), CAMEL_STREAM (filtered_stream));
camel_object_unref (CAMEL_OBJECT (filtered_stream));
camel_object_unref (CAMEL_OBJECT (stream));
cleartext = array->data;
clearlen = array->len;
/* get the signature */
signature = mail_crypto_openpgp_sign (cleartext, clearlen, userid, hash, ex);
g_byte_array_free (array, TRUE);
if (camel_exception_is_set (ex)) {
/* restore the original encoding */
camel_mime_part_set_encoding (part, encoding);
return;
}
/* construct the pgp-signature mime part */
fprintf (stderr, "signature:\n%s\n", signature);
signed_part = camel_mime_part_new ();
camel_mime_part_set_content (signed_part, signature, strlen (signature),
"application/pgp-signature");
g_free (signature);
camel_mime_part_set_encoding (signed_part, CAMEL_MIME_PART_ENCODING_DEFAULT);
/* construct the container multipart/signed */
multipart = camel_multipart_new ();
camel_data_wrapper_set_mime_type (CAMEL_DATA_WRAPPER (multipart),
"multipart/signed");
switch (hash) {
case PGP_HASH_TYPE_MD5:
hash_type = "pgp-md5";
break;
case PGP_HASH_TYPE_SHA1:
hash_type = "pgp-sha1";
break;
default:
hash_type = NULL;
}
mime_type = camel_data_wrapper_get_mime_type_field (CAMEL_DATA_WRAPPER (multipart));
header_content_type_set_param (mime_type, "micalg", hash_type);
header_content_type_set_param (mime_type, "protocol", "application/pgp-signature");
camel_multipart_set_boundary (multipart, NULL);
/* add the parts to the multipart */
camel_multipart_add_part (multipart, part);
camel_object_unref (CAMEL_OBJECT (part));
camel_multipart_add_part (multipart, signed_part);
camel_object_unref (CAMEL_OBJECT (signed_part));
/* replace the input part with the output part */
*mime_part = camel_mime_part_new ();
camel_medium_set_content_object (CAMEL_MEDIUM (*mime_part),
CAMEL_DATA_WRAPPER (multipart));
camel_object_unref (CAMEL_OBJECT (multipart));
}
/**
* pgp_mime_part_verify:
* @mime_part: a multipart/signed MIME Part
* @ex: exception
*
* Returns TRUE if the signature is valid otherwise returns
* FALSE. Note: you may want to check the exception if it fails as
* there may be useful information to give to the user; example:
* verification may have failed merely because the user doesn't have
* the sender's key on her system.
**/
gboolean
pgp_mime_part_verify (CamelMimePart *mime_part, CamelException *ex)
{
CamelDataWrapper *wrapper;
CamelMultipart *multipart;
CamelMimePart *part, *sigpart;
GByteArray *content, *sig;
CamelStreamFilter *filtered_stream;
CamelMimeFilter *crlf_filter;
CamelStream *stream;
gboolean valid = FALSE;
g_return_val_if_fail (mime_part != NULL, FALSE);
if (!is_rfc2015_signed (mime_part))
return FALSE;
wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part));
multipart = CAMEL_MULTIPART (wrapper);
/* get the plain part */
part = camel_multipart_get_part (multipart, 0);
content = g_byte_array_new ();
stream = camel_stream_mem_new_with_byte_array (content);
crlf_filter = camel_mime_filter_crlf_new (CAMEL_MIME_FILTER_CRLF_ENCODE,
CAMEL_MIME_FILTER_CRLF_MODE_CRLF_ONLY);
filtered_stream = camel_stream_filter_new_with_stream (stream);
camel_stream_filter_add (filtered_stream, CAMEL_MIME_FILTER (crlf_filter));
camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), CAMEL_STREAM (filtered_stream));
camel_object_unref (CAMEL_OBJECT (filtered_stream));
camel_object_unref (CAMEL_OBJECT (stream));
/* get the signed part */
sigpart = camel_multipart_get_part (multipart, 1);
sig = g_byte_array_new ();
stream = camel_stream_mem_new_with_byte_array (sig);
camel_data_wrapper_write_to_stream (camel_medium_get_content_object (CAMEL_MEDIUM (sigpart)), stream);
camel_object_unref (CAMEL_OBJECT (stream));
/* verify */
valid = mail_crypto_openpgp_verify (content->data, content->len,
sig->data, sig->len, ex);
g_byte_array_free (content, TRUE);
g_byte_array_free (sig, TRUE);
return valid;
}
/**
* pgp_mime_part_encrypt:
* @mime_part: a MIME part that will be replaced by a pgp encrypted part
* @recipients: list of recipient PGP Key IDs
* @ex: exception which will be set if there are any errors.
*
* Constructs a PGP/MIME multipart in compliance with rfc2015 and
* replaces #mime_part with the generated multipart/signed. On failure,
* #ex will be set and #part will remain untouched.
**/
void
pgp_mime_part_encrypt (CamelMimePart **mime_part, const GPtrArray *recipients, CamelException *ex)
{
CamelMultipart *multipart;
CamelMimePart *part, *version_part, *encrypted_part;
CamelContentType *mime_type;
CamelStream *stream;
GByteArray *contents;
gchar *ciphertext;
g_return_if_fail (*mime_part != NULL);
g_return_if_fail (recipients != NULL);
part = *mime_part;
/* get the contents */
contents = g_byte_array_new ();
stream = camel_stream_mem_new_with_byte_array (contents);
camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (part), stream);
camel_object_unref (CAMEL_OBJECT (stream));
/* pgp encrypt */
ciphertext = mail_crypto_openpgp_encrypt (contents->data,
contents->len,
recipients, FALSE, NULL, ex);
if (camel_exception_is_set (ex))
return;
/* construct the version part */
version_part = camel_mime_part_new ();
camel_mime_part_set_encoding (version_part, CAMEL_MIME_PART_ENCODING_7BIT);
camel_mime_part_set_content (version_part, "Version: 1", strlen ("Version: 1"),
"application/pgp-encrypted");
/* construct the pgp-encrypted mime part */
encrypted_part = camel_mime_part_new ();
camel_mime_part_set_encoding (encrypted_part, CAMEL_MIME_PART_ENCODING_7BIT);
camel_mime_part_set_content (encrypted_part, ciphertext, strlen (ciphertext),
"application/octet-stream");
g_free (ciphertext);
/* construct the container multipart/signed */
multipart = camel_multipart_new ();
camel_data_wrapper_set_mime_type (CAMEL_DATA_WRAPPER (multipart),
"multipart/encrypted");
camel_multipart_set_boundary (multipart, NULL);
mime_type = camel_data_wrapper_get_mime_type_field (CAMEL_DATA_WRAPPER (multipart));
header_content_type_set_param (mime_type, "protocol", "application/pgp-encrypted");
/* add the parts to the multipart */
camel_multipart_add_part (multipart, version_part);
camel_object_unref (CAMEL_OBJECT (version_part));
camel_multipart_add_part (multipart, encrypted_part);
camel_object_unref (CAMEL_OBJECT (encrypted_part));
/* replace the input part with the output part */
*mime_part = camel_mime_part_new ();
camel_medium_set_content_object (CAMEL_MEDIUM (*mime_part),
CAMEL_DATA_WRAPPER (multipart));
camel_object_unref (CAMEL_OBJECT (multipart));
/* destroy the original part */
camel_object_unref (CAMEL_OBJECT (part));
}
/**
* pgp_mime_part_decrypt:
* @mime_part: a multipart/encrypted MIME Part
* @ex: exception
*
* Returns the decrypted MIME Part on success or NULL on fail.
**/
CamelMimePart *
pgp_mime_part_decrypt (CamelMimePart *mime_part, CamelException *ex)
{
CamelDataWrapper *wrapper;
CamelMultipart *multipart;
CamelMimeParser *parser;
CamelMimePart *encrypted_part, *part;
CamelContentType *mime_type;
CamelStream *stream;
GByteArray *content;
gchar *cleartext, *ciphertext = NULL;
int cipherlen, clearlen;
g_return_val_if_fail (mime_part != NULL, NULL);
/* make sure the mime part is a multipart/encrypted */
if (!is_rfc2015_encrypted (mime_part))
return NULL;
wrapper = camel_medium_get_content_object (CAMEL_MEDIUM (mime_part));
multipart = CAMEL_MULTIPART (wrapper);
/* get the encrypted part (second part) */
encrypted_part = camel_multipart_get_part (multipart, 1 /* second part starting at 0 */);
mime_type = camel_mime_part_get_content_type (encrypted_part);
if (!header_content_type_is (mime_type, "application", "octet-stream"))
return NULL;
/* get the ciphertext */
content = g_byte_array_new ();
stream = camel_stream_mem_new_with_byte_array (content);
camel_data_wrapper_write_to_stream (CAMEL_DATA_WRAPPER (encrypted_part), stream);
camel_object_unref (CAMEL_OBJECT (stream));
ciphertext = content->data;
cipherlen = content->len;
/* get the cleartext */
cleartext = mail_crypto_openpgp_decrypt (ciphertext, cipherlen, &clearlen, ex);
g_byte_array_free (content, TRUE);
if (camel_exception_is_set (ex))
return NULL;
/* create a stream based on the returned cleartext */
stream = camel_stream_mem_new ();
camel_stream_write (stream, cleartext, clearlen);
camel_stream_reset (stream);
g_free (cleartext);
/* construct the new decrypted mime part from the stream */
part = camel_mime_part_new ();
parser = camel_mime_parser_new ();
camel_mime_parser_init_with_stream (parser, stream);
camel_mime_part_construct_from_parser (part, parser);
camel_object_unref (CAMEL_OBJECT (parser));
camel_object_unref (CAMEL_OBJECT (stream));
return part;
}
#endif /* PGP_PROGRAM */