From 8b18efe171ef80cbb238a9446137c39908755d2d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 25 May 2011 18:01:17 -0700 Subject: Add signature verification of PGP/MIME-signed parts with --verify. This is primarily for notmuch-show, although the functionality is added to show-message. Once signatures are processed a new part_sigstatus formatter is emitted, and the entire multipart/signed part is replaced with the contents of the signed part. At the moment only a json part_sigstatus formatting function is available. Emacs support to follow. The original work for this patch was done by Daniel Kahn Gillmor whose help with this functionality I greatly appreciate. --- show-message.c | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'show-message.c') diff --git a/show-message.c b/show-message.c index fbae5301..c90f310c 100644 --- a/show-message.c +++ b/show-message.c @@ -51,9 +51,48 @@ show_message_part (GMimeObject *part, if (format->part_start) format->part_start (part, &(state->part_count)); - format->part_content (part); } + /* handle PGP/MIME parts */ + if (GMIME_IS_MULTIPART (part) && params->cryptoctx) { + GMimeMultipart *multipart = GMIME_MULTIPART (part); + GError* err = NULL; + + if (GMIME_IS_MULTIPART_SIGNED (part)) + { + if ( g_mime_multipart_get_count (multipart) != 2 ) { + /* this violates RFC 3156 section 5, so we won't bother with it. */ + fprintf (stderr, + "Error: %d part(s) for a multipart/signed message (should be exactly 2)\n", + g_mime_multipart_get_count (multipart)); + } else { + /* For some reason the GMimeSignatureValidity returned + * here is not a const (inconsistent with that + * returned by + * g_mime_multipart_encrypted_get_signature_validity, + * and therefore needs to be properly disposed of. + * Hopefully the API will become more consistent. */ + GMimeSignatureValidity *sigvalidity = g_mime_multipart_signed_verify (GMIME_MULTIPART_SIGNED (part), params->cryptoctx, &err); + if (!sigvalidity) { + fprintf (stderr, "Failed to verify signed part: %s\n", (err ? err->message : "no error explanation given")); + } + if ((selected || state->in_zone) && format->part_sigstatus) + format->part_sigstatus (sigvalidity); + /* extract only data part, and ignore signature part */ + part = g_mime_multipart_get_part (multipart, 0); + if (sigvalidity) + g_mime_signature_validity_free (sigvalidity); + } + } + + if (err) + g_error_free (err); + } + /* end handle PGP/MIME parts */ + + if (selected || state->in_zone) + format->part_content (part); + if (GMIME_IS_MULTIPART (part)) { GMimeMultipart *multipart = GMIME_MULTIPART (part); int i; -- cgit v1.2.3