search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix error creation and warning
[claws.git] / src / plugins / smime / smime.c
blobd7221cad7fbf04c3bf9c1aa4f5d805d8c263da7f
1 /*
2 * Claws Mail -- a GTK based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2021 Colin Leroy and the Claws Mail team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #ifdef HAVE_CONFIG_H
20 # include "config.h"
21 #include "claws-features.h"
22 #endif
23
24 #ifdef USE_GPGME
25
26 #include "defs.h"
27 #include <glib.h>
28 #include <gpgme.h>
29 #include <ctype.h>
30 #include <glib/gi18n.h>
31
32 #include "utils.h"
33 #include "privacy.h"
34 #include "procmime.h"
35
36 #include "smime.h"
37 #include <plugins/pgpcore/sgpgme.h>
38 #include <plugins/pgpcore/prefs_gpg.h>
39 #include <plugins/pgpcore/pgp_utils.h>
40 #include <plugins/pgpcore/passphrase.h>
41
42 #include "alertpanel.h"
43 #include "prefs_common.h"
44 #include "plugin.h"
45 #include "file-utils.h"
46
47 typedef struct _PrivacyDataPGP PrivacyDataPGP;
48
49 struct _PrivacyDataPGP
50 {
51 PrivacyData data;
52
53 gboolean done_sigtest;
54 gboolean is_signed;
55 gboolean inserted_mimeinfo;
56 };
57
58 typedef struct _PKCS7MimeTaskData {
59 gchar *textstr;
60 EncodingType encoding;
61 gboolean create_mimeinfo;
62 } PKCS7MimeTaskData;
63
64 static PrivacySystem smime_system;
65
66 static PrivacyDataPGP *smime_new_privacydata()
67 {
68 PrivacyDataPGP *data;
69
70 data = g_new0(PrivacyDataPGP, 1);
71 data->data.system = &smime_system;
72
73 return data;
74 }
75
76 static void smime_free_privacydata(PrivacyData *data)
77 {
78 g_free(data);
79 }
80
81 static gint check_pkcs7_mime_sig(MimeInfo *, GCancellable *, GAsyncReadyCallback, gpointer);
82
83 static gboolean smime_is_signed(MimeInfo *mimeinfo)
84 {
85 MimeInfo *parent;
86 MimeInfo *signature;
87 const gchar *protocol, *tmpstr;
88 PrivacyDataPGP *data = NULL;
89
90 cm_return_val_if_fail(mimeinfo != NULL, FALSE);
91 if (mimeinfo->privacy != NULL) {
92 data = (PrivacyDataPGP *) mimeinfo->privacy;
93 if (data->done_sigtest)
94 return data->is_signed;
95 }
96
97 if (!g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") ||
98 !g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime")) {
99 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
100 if (tmpstr && !g_ascii_strcasecmp(tmpstr, "signed-data")) {
101 if (data == NULL) {
102 data = smime_new_privacydata();
103 if (!data)
104 return FALSE;
105 mimeinfo->privacy = (PrivacyData *) data;
106 }
107
108 data->done_sigtest = TRUE;
109 data->is_signed = TRUE;
110 check_pkcs7_mime_sig(mimeinfo, NULL, NULL, NULL);
111 return TRUE;
112 }
113 }
114
115 /* check parent */
116 parent = procmime_mimeinfo_parent(mimeinfo);
117 if (parent == NULL)
118 return FALSE;
119
120 if ((parent->type != MIMETYPE_MULTIPART) ||
121 g_ascii_strcasecmp(parent->subtype, "signed"))
122 return FALSE;
123 protocol = procmime_mimeinfo_get_parameter(parent, "protocol");
124 if ((protocol == NULL) ||
125 (g_ascii_strcasecmp(protocol, "application/pkcs7-signature") &&
126 g_ascii_strcasecmp(protocol, "application/x-pkcs7-signature")))
127 return FALSE;
128
129 /* check if mimeinfo is the first child */
130 if (parent->node->children->data != mimeinfo)
131 return FALSE;
132
133
134 /* check signature */
135 signature = parent->node->children->next != NULL ?
136 (MimeInfo *) parent->node->children->next->data : NULL;
137 if (signature == NULL)
138 return FALSE;
139 if ((signature->type != MIMETYPE_APPLICATION) ||
140 (g_ascii_strcasecmp(signature->subtype, "pkcs7-signature") &&
141 g_ascii_strcasecmp(signature->subtype, "x-pkcs7-signature")))
142 return FALSE;
143
144 if (data == NULL) {
145 data = smime_new_privacydata();
146 if (!data)
147 return FALSE;
148 mimeinfo->privacy = (PrivacyData *) data;
149 }
150
151 data->done_sigtest = TRUE;
152 data->is_signed = TRUE;
153
154 return TRUE;
155 }
156
157 static gchar *get_canonical_content(FILE *fp, const gchar *boundary)
158 {
159 GString *textbuffer;
160 guint boundary_len = 0;
161 gchar buf[BUFFSIZE];
162
163 if (boundary) {
164 boundary_len = strlen(boundary);
165 while (claws_fgets(buf, sizeof(buf), fp) != NULL)
166 if (IS_BOUNDARY(buf, boundary, boundary_len))
167 break;
168 }
169
170 textbuffer = g_string_new("");
171 while (claws_fgets(buf, sizeof(buf), fp) != NULL) {
172 gchar *buf2;
173
174 if (boundary && IS_BOUNDARY(buf, boundary, boundary_len))
175 break;
176
177 buf2 = canonicalize_str(buf);
178 g_string_append(textbuffer, buf2);
179 g_free(buf2);
180 }
181 g_string_truncate(textbuffer, textbuffer->len - 2);
182
183 return g_string_free(textbuffer, FALSE);
184 }
185
186 static void free_pkcs7_mime_task_data(gpointer data)
187 {
188 PKCS7MimeTaskData *task_data = (PKCS7MimeTaskData *)data;
189
190 g_free(task_data->textstr);
191 g_free(task_data);
192 }
193
194 static gboolean create_mimeinfo_for_plaintext(const GString *verified, MimeInfo **created)
195 {
196 gchar *tmpfile;
197 MimeInfo *newinfo = NULL;
198 MimeInfo *decinfo = NULL;
199
200 tmpfile = get_tmp_file();
201
202 str_write_to_file(verified->str, tmpfile, TRUE);
203 newinfo = procmime_scan_file(tmpfile);
204 g_free(tmpfile);
205 decinfo = g_node_first_child(newinfo->node) != NULL ?
206 g_node_first_child(newinfo->node)->data : NULL;
207
208 if (decinfo == NULL)
209 return FALSE;
210
211 g_node_unlink(decinfo->node);
212 procmime_mimeinfo_free_all(&newinfo);
213 decinfo->tmp = TRUE;
214
215 *created = decinfo;
216 return TRUE;
217 }
218
219 static void check_pkcs7_mime_sig_task(GTask *task,
220 gpointer source_object,
221 gpointer _task_data,
222 GCancellable *cancellable)
223 {
224 PKCS7MimeTaskData *task_data = (PKCS7MimeTaskData *)_task_data;
225 GQuark domain;
226 gpgme_ctx_t ctx;
227 gpgme_error_t err;
228 gpgme_data_t sigdata = NULL;
229 gpgme_data_t plain;
230 gpgme_verify_result_t gpgme_res;
231 size_t len;
232 gboolean return_err = TRUE;
233 gboolean cancelled = FALSE;
234 SigCheckTaskResult *task_result = NULL;
235 MimeInfo *created = NULL;
236 GString *verified;
237 gchar *tmp;
238 char err_str[GPGERR_BUFSIZE] = "";
239
240 domain = g_quark_from_static_string("claws_smime");
241
242 err = gpgme_new(&ctx);
243 if (err != GPG_ERR_NO_ERROR) {
244 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
245 g_warning("couldn't initialize GPG context: %s", err_str);
246 goto out;
247 }
248
249 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
250 if (err != GPG_ERR_NO_ERROR) {
251 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
252 g_warning("couldn't set GPG protocol: %s", err_str);
253 goto out_ctx;
254 }
255
256 err = gpgme_data_new_from_mem(&sigdata,
257 task_data->textstr,
258 task_data->textstr ? strlen(task_data->textstr) : 0,
259 0);
260 if (err != GPG_ERR_NO_ERROR) {
261 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
262 g_warning("gpgme_data_new_from_mem failed: %s", err_str);
263 goto out_ctx;
264 }
265
266 if (task_data->encoding == ENC_BASE64) {
267 err = gpgme_data_set_encoding (sigdata, GPGME_DATA_ENCODING_BASE64);
268 if (err != GPG_ERR_NO_ERROR) {
269 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
270 g_warning("gpgme_data_set_encoding failed: %s\n", err_str);
271 goto out_sigdata;
272 }
273 }
274
275 err = gpgme_data_new(&plain);
276 if (err != GPG_ERR_NO_ERROR) {
277 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
278 g_warning("gpgme_data_new failed: %s", err_str);
279 goto out_sigdata;
280 }
281
282 if (g_task_return_error_if_cancelled(task)) {
283 debug_print("task was cancelled, aborting task:%p\n", task);
284 cancelled = TRUE;
285 goto out_sigdata;
286 }
287
288 err = gpgme_op_verify(ctx, sigdata, NULL, plain);
289 if (err != GPG_ERR_NO_ERROR) {
290 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
291 g_warning("gpgme_op_verify failed: %s\n", err_str);
292 goto out_plain;
293 }
294
295 if (g_task_return_error_if_cancelled(task)) {
296 debug_print("task was cancelled, aborting task:%p\n", task);
297 cancelled = TRUE;
298 goto out_sigdata;
299 }
300
301 gpgme_res = gpgme_op_verify_result(ctx);
302 if (gpgme_res && gpgme_res->signatures == NULL) {
303 err = GPG_ERR_SYSTEM_ERROR;
304 g_warning("no signature found");
305 g_snprintf(err_str, GPGERR_BUFSIZE, "No signature found");
306 goto out_plain;
307 }
308
309 if (task_data->create_mimeinfo) {
310 tmp = gpgme_data_release_and_get_mem(plain, &len);
311 if (!tmp) {
312 debug_print("S/MIME signed message had no plaintext\n");
313 goto out_sigdata;
314 }
315
316 verified = g_string_new_len(tmp, len);
317 gpgme_free(tmp);
318
319 if (!create_mimeinfo_for_plaintext(verified, &created)) {
320 g_warning("Failed to create new mimeinfo from plaintext");
321 g_string_free(verified, TRUE);
322 goto out_sigdata;
323 }
324
325 g_string_free(verified, TRUE);
326 } else {
327 gpgme_data_release(plain);
328 }
329
330 task_result = g_new0(SigCheckTaskResult, 1);
331 task_result->sig_data = g_new0(SignatureData, 1);
332
333 task_result->sig_data->status = sgpgme_sigstat_gpgme_to_privacy(ctx, gpgme_res);
334 task_result->sig_data->info_short = sgpgme_sigstat_info_short(ctx, gpgme_res);
335 task_result->sig_data->info_full = sgpgme_sigstat_info_full(ctx, gpgme_res);
336
337 task_result->newinfo = created;
338 return_err = FALSE;
339
340 goto out_sigdata;
341
342 out_plain:
343 gpgme_data_release(plain);
344 out_sigdata:
345 gpgme_data_release(sigdata);
346 out_ctx:
347 gpgme_release(ctx);
348 out:
349 if (cancelled)
350 return;
351
352 if (return_err)
353 g_task_return_new_error(task, domain, err, "%s", err_str);
354 else
355 g_task_return_pointer(task, task_result, privacy_free_sig_check_task_result);
356 }
357
358 /* Check PKCS7-MIME signed-data type signature either synchronously or asynchronously.
359 * Check it asynchronously if the caller provides a callback.
360 * If the caller does not provide a callback, and we have not already done so, create
361 * and insert a new MimeInfo for the plaintext data returned by the sig verification.
362 */
363 static gint check_pkcs7_mime_sig(MimeInfo *mimeinfo,
364 GCancellable *_cancellable,
365 GAsyncReadyCallback callback,
366 gpointer user_data)
367 {
368 MimeInfo *parent;
369 const gchar *tmp;
370 EncodingType real_enc;
371 gchar *textstr = NULL;
372 PrivacyDataPGP *privacy_data;
373 GCancellable *cancellable;
374 GTask *task;
375 PKCS7MimeTaskData *task_data;
376 SigCheckTaskResult *task_result;
377 GError *error = NULL;
378 gboolean unref_cancellable = FALSE;
379
380 debug_print("Checking pkcs7-mime signature\n");
381
382 parent = procmime_mimeinfo_parent(mimeinfo);
383 tmp = g_hash_table_lookup(parent->typeparameters, "boundary");
384 if (tmp) {
385 g_warning("Unexpected S/MIME message format subtype:%s boundary:%s",
386 mimeinfo->subtype, tmp);
387 return -1;
388 }
389
390 if (g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") &&
391 g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime"))
392 {
393 g_warning("Unexpected S/MIME subtype:%s", mimeinfo->subtype);
394 return -1;
395 }
396
397 tmp = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
398 if (!tmp || g_ascii_strcasecmp(tmp, "signed-data")) {
399 g_warning("Unexpected S/MIME smime-type parameter:%s", tmp);
400 return -1;
401 }
402
403 real_enc = mimeinfo->encoding_type;
404 mimeinfo->encoding_type = ENC_BINARY;
405 textstr = procmime_get_part_as_string(mimeinfo, TRUE);
406 mimeinfo->encoding_type = real_enc;
407 if (!textstr) {
408 g_warning("Failed to get PKCS7-Mime signature data");
409 return -1;
410 }
411
412 privacy_data = (PrivacyDataPGP *)mimeinfo->privacy;
413
414 task_data = g_new0(PKCS7MimeTaskData, 1);
415 task_data->textstr = textstr;
416 task_data->encoding = mimeinfo->encoding_type;
417
418 if (!callback && !privacy_data->inserted_mimeinfo)
419 task_data->create_mimeinfo = TRUE;
420
421 if (_cancellable != NULL) {
422 cancellable = _cancellable;
423 } else {
424 cancellable = g_cancellable_new();
425 unref_cancellable = TRUE;
426 }
427
428 task = g_task_new(NULL, cancellable, callback, user_data);
429 mimeinfo->last_sig_check_task = task;
430
431 g_task_set_task_data(task, task_data, free_pkcs7_mime_task_data);
432 g_task_set_return_on_cancel(task, TRUE);
433
434 if (callback) {
435 debug_print("creating check sig async task:%p task_data:%p\n", task, task_data);
436 g_task_run_in_thread(task, check_pkcs7_mime_sig_task);
437 g_object_unref(task);
438 return 0;
439 }
440
441 debug_print("creating check sig sync task:%p task_data:%p\n", task, task_data);
442 g_task_run_in_thread_sync(task, check_pkcs7_mime_sig_task);
443 mimeinfo->last_sig_check_task = NULL;
444
445 task_result = g_task_propagate_pointer(task, &error);
446 if (unref_cancellable)
447 g_object_unref(cancellable);
448
449 if (mimeinfo->sig_data) {
450 privacy_free_signature_data(mimeinfo->sig_data);
451 mimeinfo->sig_data = NULL;
452 }
453
454 if (task_result == NULL) {
455 debug_print("sig check task propagated NULL task: %p GError: domain: %s code: %d message: \"%s\"\n",
456 task, g_quark_to_string(error->domain), error->code, error->message);
457 g_object_unref(task);
458 g_error_free(error);
459 return -1;
460 }
461 g_object_unref(task);
462
463 mimeinfo->sig_data = task_result->sig_data;
464
465 if (task_result->newinfo) {
466 if (parent->type == MIMETYPE_MESSAGE && !strcmp(parent->subtype, "rfc822")) {
467 if (parent->content == MIMECONTENT_MEM) {
468 gint newlen = (gint)(strstr(parent->data.mem, "\n\n") - parent->data.mem);
469 if (newlen > 0)
470 parent->length = newlen;
471 }
472 }
473
474 g_node_prepend(parent->node, task_result->newinfo->node);
475 privacy_data->inserted_mimeinfo = TRUE;
476 }
477
478 /* Only free the task result struct, not the SigData and MimeInfo */
479 g_free(task_result);
480
481 return 1;
482 }
483
484 static gint smime_check_sig_async(MimeInfo *mimeinfo,
485 GCancellable *cancellable,
486 GAsyncReadyCallback callback,
487 gpointer user_data)
488 {
489 MimeInfo *parent;
490 gchar *boundary;
491
492 /* Detached signature with a boundary */
493 if (g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") &&
494 g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime"))
495 {
496 parent = procmime_mimeinfo_parent(mimeinfo);
497 boundary = g_hash_table_lookup(parent->typeparameters, "boundary");
498
499 if (boundary == NULL) {
500 g_warning("Unexpected S/MIME format subtype:%s without a boundary",
501 mimeinfo->subtype);
502 return -1;
503 }
504
505 return cm_check_detached_sig_async(mimeinfo,
506 cancellable,
507 callback,
508 user_data,
509 GPGME_PROTOCOL_CMS,
510 get_canonical_content);
511
512 /* Opaque pkcs7-mime blob with smime-type=signed-data */
513 } else {
514 return check_pkcs7_mime_sig(mimeinfo, cancellable, callback, user_data);
515 }
516 }
517
518 static gboolean smime_is_encrypted(MimeInfo *mimeinfo)
519 {
520 const gchar *tmpstr;
521
522 if (mimeinfo->type != MIMETYPE_APPLICATION)
523 return FALSE;
524 if (!g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime")) {
525 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
526 if (tmpstr && g_ascii_strcasecmp(tmpstr, "enveloped-data"))
527 return FALSE;
528 else
529 return TRUE;
530
531 } else if (!g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime")) {
532 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
533 if (tmpstr && g_ascii_strcasecmp(tmpstr, "enveloped-data"))
534 return FALSE;
535 else
536 return TRUE;
537 }
538 return FALSE;
539 }
540
541 static MimeInfo *smime_decrypt(MimeInfo *mimeinfo)
542 {
543 MimeInfo *encinfo, *decinfo, *parseinfo;
544 gpgme_data_t cipher = NULL, plain = NULL;
545 static gint id = 0;
546 FILE *dstfp;
547 gchar *fname;
548 gpgme_verify_result_t sigstat = NULL;
549 PrivacyDataPGP *data = NULL;
550 gpgme_ctx_t ctx;
551 gpgme_error_t err;
552 gchar *chars;
553 size_t len;
554 SignatureData *sig_data = NULL;
555
556 cm_return_val_if_fail(smime_is_encrypted(mimeinfo), NULL);
557
558 if ((err = gpgme_new(&ctx)) != GPG_ERR_NO_ERROR) {
559 privacy_set_error(_("Couldn't initialize GPG context, %s"), gpgme_strerror(err));
560 return NULL;
561 }
562
563 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
564 if (err) {
565 debug_print ("gpgme_set_protocol failed: %s\n",
566 gpgme_strerror (err));
567 privacy_set_error(_("Couldn't set GPG protocol, %s"), gpgme_strerror(err));
568 gpgme_release(ctx);
569 return NULL;
570 }
571 gpgme_set_armor(ctx, TRUE);
572
573 encinfo = mimeinfo;
574
575 cipher = sgpgme_data_from_mimeinfo(encinfo);
576
577 plain = sgpgme_decrypt_verify(cipher, &sigstat, ctx);
578
579 if (sigstat != NULL && sigstat->signatures != NULL) {
580 sig_data = g_new0(SignatureData, 1);
581 sig_data->status = sgpgme_sigstat_gpgme_to_privacy(ctx, sigstat);
582 sig_data->info_short = sgpgme_sigstat_info_short(ctx, sigstat);
583 sig_data->info_full = sgpgme_sigstat_info_full(ctx, sigstat);
584 }
585
586 gpgme_release(ctx);
587 gpgme_data_release(cipher);
588 if (plain == NULL) {
589 debug_print("plain is null!\n");
590 if (sig_data)
591 privacy_free_signature_data(sig_data);
592 return NULL;
593 }
594
595 fname = g_strdup_printf("%s%cplaintext.%08x",
596 get_mime_tmp_dir(), G_DIR_SEPARATOR, ++id);
597
598 if ((dstfp = claws_fopen(fname, "wb")) == NULL) {
599 FILE_OP_ERROR(fname, "claws_fopen");
600 g_free(fname);
601 gpgme_data_release(plain);
602 debug_print("can't open!\n");
603 privacy_set_error(_("Couldn't open temporary file"));
604 if (sig_data)
605 privacy_free_signature_data(sig_data);
606 return NULL;
607 }
608
609 if (fprintf(dstfp, "MIME-Version: 1.0\n") < 0) {
610 FILE_OP_ERROR(fname, "fprintf");
611 g_free(fname);
612 claws_fclose(dstfp);
613 gpgme_data_release(plain);
614 debug_print("can't close!\n");
615 privacy_set_error(_("Couldn't write to temporary file"));
616 if (sig_data)
617 privacy_free_signature_data(sig_data);
618 return NULL;
619 }
620
621 chars = sgpgme_data_release_and_get_mem(plain, &len);
622
623 if (len > 0) {
624 if (claws_fwrite(chars, 1, len, dstfp) < len) {
625 FILE_OP_ERROR(fname, "claws_fwrite");
626 claws_fclose(dstfp);
627 g_free(fname);
628 g_free(chars);
629 gpgme_data_release(plain);
630 debug_print("can't write!\n");
631 privacy_set_error(_("Couldn't write to temporary file"));
632 if (sig_data)
633 privacy_free_signature_data(sig_data);
634 return NULL;
635 }
636 }
637 if (claws_safe_fclose(dstfp) == EOF) {
638 FILE_OP_ERROR(fname, "claws_fclose");
639 g_free(fname);
640 g_free(chars);
641 gpgme_data_release(plain);
642 debug_print("can't close!\n");
643 privacy_set_error(_("Couldn't close temporary file"));
644 if (sig_data)
645 privacy_free_signature_data(sig_data);
646 return NULL;
647 }
648 g_free(chars);
649
650 parseinfo = procmime_scan_file(fname);
651 g_free(fname);
652 if (parseinfo == NULL) {
653 privacy_set_error(_("Couldn't parse decrypted file."));
654 if (sig_data)
655 privacy_free_signature_data(sig_data);
656 return NULL;
657 }
658 decinfo = g_node_first_child(parseinfo->node) != NULL ?
659 g_node_first_child(parseinfo->node)->data : NULL;
660 if (decinfo == NULL) {
661 privacy_set_error(_("Couldn't parse decrypted file parts."));
662 if (sig_data)
663 privacy_free_signature_data(sig_data);
664 return NULL;
665 }
666
667 g_node_unlink(decinfo->node);
668 procmime_mimeinfo_free_all(&parseinfo);
669
670 decinfo->tmp = TRUE;
671
672 if (sig_data != NULL) {
673 if (decinfo->privacy != NULL) {
674 data = (PrivacyDataPGP *) decinfo->privacy;
675 } else {
676 data = smime_new_privacydata();
677 if (!data) {
678 return NULL;
679 }
680 decinfo->privacy = (PrivacyData *) data;
681 }
682
683 if (data != NULL) {
684 data->done_sigtest = TRUE;
685 data->is_signed = TRUE;
686 decinfo->sig_data = sig_data;
687 }
688 }
689
690 return decinfo;
691 }
692
693 gboolean smime_sign(MimeInfo *mimeinfo, PrefsAccount *account, const gchar *from_addr)
694 {
695 MimeInfo *msgcontent, *sigmultipart, *newinfo;
696 gchar *textstr, *micalg = NULL;
697 FILE *fp;
698 gchar *boundary = NULL;
699 gchar *sigcontent;
700 gpgme_ctx_t ctx;
701 gpgme_data_t gpgtext, gpgsig;
702 gpgme_error_t err;
703 size_t len;
704 struct passphrase_cb_info_s info;
705 gpgme_sign_result_t result = NULL;
706 gchar *test_msg;
707 gchar *real_content = NULL;
708
709 fp = my_tmpfile();
710 if (fp == NULL) {
711 perror("my_tmpfile");
712 return FALSE;
713 }
714 procmime_write_mimeinfo(mimeinfo, fp);
715 rewind(fp);
716
717 /* read temporary file into memory */
718 test_msg = file_read_stream_to_str(fp);
719 claws_fclose(fp);
720
721 memset (&info, 0, sizeof info);
722
723 /* remove content node from message */
724 msgcontent = (MimeInfo *) mimeinfo->node->children->data;
725 g_node_unlink(msgcontent->node);
726
727 /* create temporary multipart for content */
728 sigmultipart = procmime_mimeinfo_new();
729 sigmultipart->type = MIMETYPE_MULTIPART;
730 sigmultipart->subtype = g_strdup("signed");
731
732 do {
733 if (boundary)
734 g_free(boundary);
735 boundary = generate_mime_boundary("Sig");
736 } while (strstr(test_msg, boundary) != NULL);
737
738 g_free(test_msg);
739
740 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("boundary"),
741 g_strdup(boundary));
742 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("protocol"),
743 g_strdup("application/pkcs7-signature"));
744 g_node_append(sigmultipart->node, msgcontent->node);
745 g_node_append(mimeinfo->node, sigmultipart->node);
746
747 /* write message content to temporary file */
748 fp = my_tmpfile();
749 if (fp == NULL) {
750 perror("my_tmpfile");
751 g_free(boundary);
752 return FALSE;
753 }
754 procmime_write_mimeinfo(sigmultipart, fp);
755 rewind(fp);
756
757 /* read temporary file into memory */
758 textstr = get_canonical_content(fp, boundary);
759
760 g_free(boundary);
761
762 claws_fclose(fp);
763
764 gpgme_data_new_from_mem(&gpgtext, textstr, textstr?strlen(textstr):0, 0);
765 gpgme_data_new(&gpgsig);
766 gpgme_new(&ctx);
767 gpgme_set_armor(ctx, TRUE);
768 gpgme_signers_clear (ctx);
769
770 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
771
772 if (err) {
773 debug_print ("gpgme_set_protocol failed: %s\n",
774 gpgme_strerror (err));
775 gpgme_data_release(gpgtext);
776 gpgme_release(ctx);
777 return FALSE;
778 }
779
780 if (!sgpgme_setup_signers(ctx, account, from_addr)) {
781 debug_print("setup_signers failed\n");
782 gpgme_data_release(gpgtext);
783 gpgme_release(ctx);
784 return FALSE;
785 }
786
787 info.c = ctx;
788 prefs_gpg_enable_agent(TRUE);
789 gpgme_set_passphrase_cb (ctx, NULL, &info);
790
791 err = gpgme_op_sign(ctx, gpgtext, gpgsig, GPGME_SIG_MODE_DETACH);
792 if (err != GPG_ERR_NO_ERROR) {
793 alertpanel_error("S/MIME : Cannot sign, %s (%d)", gpg_strerror(err), gpg_err_code(err));
794 gpgme_data_release(gpgtext);
795 gpgme_release(ctx);
796 return FALSE;
797 }
798 result = gpgme_op_sign_result(ctx);
799 if (result && result->signatures) {
800 if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
801 gchar *down_algo = g_ascii_strdown(gpgme_hash_algo_name(
802 result->signatures->hash_algo), -1);
803 micalg = g_strdup_printf("pgp-%s", down_algo);
804 g_free(down_algo);
805 } else {
806 micalg = g_strdup(gpgme_hash_algo_name(
807 result->signatures->hash_algo));
808 }
809 } else {
810 /* can't get result (maybe no signing key?) */
811 debug_print("gpgme_op_sign_result error\n");
812 return FALSE;
813 }
814
815 gpgme_release(ctx);
816 sigcontent = sgpgme_data_release_and_get_mem(gpgsig, &len);
817 gpgme_data_release(gpgtext);
818 g_free(textstr);
819
820 if (!sigcontent) {
821 gpgme_release(ctx);
822 g_free(micalg);
823 return FALSE;
824 }
825 real_content = sigcontent+strlen("-----BEGIN SIGNED MESSAGE-----\n");
826 if (!strstr(real_content, "-----END SIGNED MESSAGE-----")) {
827 debug_print("missing end\n");
828 gpgme_release(ctx);
829 g_free(micalg);
830 return FALSE;
831 }
832 *strstr(real_content, "-----END SIGNED MESSAGE-----") = '\0';
833 /* add signature */
834 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("micalg"),
835 micalg);
836
837 newinfo = procmime_mimeinfo_new();
838 newinfo->type = MIMETYPE_APPLICATION;
839 newinfo->subtype = g_strdup("pkcs7-signature");
840 g_hash_table_insert(newinfo->typeparameters, g_strdup("name"),
841 g_strdup("smime.p7s"));
842 newinfo->content = MIMECONTENT_MEM;
843 newinfo->disposition = DISPOSITIONTYPE_ATTACHMENT;
844 g_hash_table_insert(newinfo->dispositionparameters, g_strdup("filename"),
845 g_strdup("smime.p7s"));
846 newinfo->data.mem = g_malloc(len + 1);
847 newinfo->tmp = TRUE;
848 memmove(newinfo->data.mem, real_content, len);
849 newinfo->data.mem[len] = '\0';
850 newinfo->encoding_type = ENC_BASE64;
851 g_node_append(sigmultipart->node, newinfo->node);
852
853 g_free(sigcontent);
854
855 return TRUE;
856 }
857 gchar *smime_get_encrypt_data(GSList *recp_names)
858 {
859 return sgpgme_get_encrypt_data(recp_names, GPGME_PROTOCOL_CMS);
860 }
861
862 static const gchar *smime_get_encrypt_warning(void)
863 {
864 if (prefs_gpg_should_skip_encryption_warning(smime_system.id))
865 return NULL;
866 else
867 return _("Please note that email headers, like Subject, "
868 "are not encrypted by the S/MIME system.");
869 }
870
871 static void smime_inhibit_encrypt_warning(gboolean inhibit)
872 {
873 if (inhibit)
874 prefs_gpg_add_skip_encryption_warning(smime_system.id);
875 else
876 prefs_gpg_remove_skip_encryption_warning(smime_system.id);
877 }
878
879 gboolean smime_encrypt(MimeInfo *mimeinfo, const gchar *encrypt_data)
880 {
881 MimeInfo *msgcontent, *encmultipart;
882 FILE *fp;
883 gchar *enccontent;
884 size_t len;
885 gchar *textstr = NULL;
886 gpgme_data_t gpgtext = NULL, gpgenc = NULL;
887 gpgme_ctx_t ctx = NULL;
888 gpgme_key_t *kset = NULL;
889 gchar **fprs = g_strsplit(encrypt_data, " ", -1);
890 gint i = 0;
891 gpgme_error_t err;
892 gchar *tmpfile = NULL;
893
894 while (fprs[i] && strlen(fprs[i])) {
895 i++;
896 }
897
898 if ((err = gpgme_new(&ctx)) != GPG_ERR_NO_ERROR) {
899 debug_print ("gpgme_new failed: %s\n", gpgme_strerror(err));
900 g_free(fprs);
901 return FALSE;
902 }
903
904 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
905
906 if (err) {
907 debug_print ("gpgme_set_protocol failed: %s\n",
908 gpgme_strerror (err));
909 g_free(fprs);
910 return FALSE;
911 }
912
913 kset = g_malloc(sizeof(gpgme_key_t)*(i+1));
914 memset(kset, 0, sizeof(gpgme_key_t)*(i+1));
915 i = 0;
916
917 while (fprs[i] && strlen(fprs[i])) {
918 gpgme_key_t key;
919 gpgme_error_t err;
920 err = gpgme_get_key(ctx, fprs[i], &key, 0);
921 if (err) {
922 debug_print("can't add key '%s'[%d] (%s)\n", fprs[i],i, gpgme_strerror(err));
923 break;
924 }
925 debug_print("found %s at %d\n", fprs[i], i);
926 kset[i] = key;
927 i++;
928 }
929 g_free(fprs);
930
931 debug_print("Encrypting message content\n");
932
933 /* remove content node from message */
934 msgcontent = (MimeInfo *) mimeinfo->node->children->data;
935 g_node_unlink(msgcontent->node);
936
937
938 /* create temporary multipart for content */
939 encmultipart = procmime_mimeinfo_new();
940 encmultipart->type = MIMETYPE_APPLICATION;
941 encmultipart->subtype = g_strdup("x-pkcs7-mime");
942 g_hash_table_insert(encmultipart->typeparameters, g_strdup("name"),
943 g_strdup("smime.p7m"));
944 g_hash_table_insert(encmultipart->typeparameters,
945 g_strdup("smime-type"),
946 g_strdup("enveloped-data"));
947
948 encmultipart->disposition = DISPOSITIONTYPE_ATTACHMENT;
949 g_hash_table_insert(encmultipart->dispositionparameters, g_strdup("filename"),
950 g_strdup("smime.p7m"));
951
952 g_node_append(encmultipart->node, msgcontent->node);
953
954 /* write message content to temporary file */
955 tmpfile = get_tmp_file();
956 fp = claws_fopen(tmpfile, "wb");
957 if (fp == NULL) {
958 FILE_OP_ERROR(tmpfile, "create");
959 for (gint x = 0; x < i; x++)
960 gpgme_key_unref(kset[x]);
961 g_free(kset);
962 g_free(tmpfile);
963 return FALSE;
964 }
965 procmime_decode_content(msgcontent);
966 procmime_write_mime_header(msgcontent, fp);
967 procmime_write_mimeinfo(msgcontent, fp);
968 claws_safe_fclose(fp);
969 canonicalize_file_replace(tmpfile);
970 fp = claws_fopen(tmpfile, "rb");
971 if (fp == NULL) {
972 FILE_OP_ERROR(tmpfile, "open");
973 for (gint x = 0; x < i; x++)
974 gpgme_key_unref(kset[x]);
975 g_free(kset);
976 g_free(tmpfile);
977 return FALSE;
978 }
979 g_free(tmpfile);
980
981 /* read temporary file into memory */
982 textstr = file_read_stream_to_str_no_recode(fp);
983
984 claws_fclose(fp);
985
986 /* encrypt data */
987 gpgme_data_new_from_mem(&gpgtext, textstr, textstr?strlen(textstr):0, 0);
988 gpgme_data_new(&gpgenc);
989 cm_gpgme_data_rewind(gpgtext);
990
991 gpgme_op_encrypt(ctx, kset, GPGME_ENCRYPT_ALWAYS_TRUST, gpgtext, gpgenc);
992
993 gpgme_release(ctx);
994 for (gint x = 0; x < i; x++)
995 gpgme_key_unref(kset[x]);
996 g_free(kset);
997 enccontent = sgpgme_data_release_and_get_mem(gpgenc, &len);
998
999 if (!enccontent) {
1000 g_warning("no enccontent");
1001 return FALSE;
1002 }
1003
1004 tmpfile = get_tmp_file();
1005 fp = claws_fopen(tmpfile, "wb");
1006 if (fp) {
1007 if (claws_fwrite(enccontent, 1, len, fp) < len) {
1008 FILE_OP_ERROR(tmpfile, "claws_fwrite");
1009 claws_fclose(fp);
1010 claws_unlink(tmpfile);
1011 }
1012 if (claws_safe_fclose(fp) == EOF) {
1013 FILE_OP_ERROR(tmpfile, "claws_fclose");
1014 claws_unlink(tmpfile);
1015 g_free(tmpfile);
1016 g_free(enccontent);
1017 return FALSE;
1018 }
1019 } else {
1020 FILE_OP_ERROR(tmpfile, "create");
1021 g_free(tmpfile);
1022 g_free(enccontent);
1023 return FALSE;
1024 }
1025 gpgme_data_release(gpgtext);
1026 g_free(textstr);
1027
1028 /* create encrypted multipart */
1029 procmime_mimeinfo_free_all(&msgcontent);
1030 g_node_append(mimeinfo->node, encmultipart->node);
1031
1032 encmultipart->content = MIMECONTENT_FILE;
1033 encmultipart->data.filename = tmpfile;
1034 encmultipart->tmp = TRUE;
1035 procmime_encode_content(encmultipart, ENC_BASE64);
1036
1037 g_free(enccontent);
1038
1039 return TRUE;
1040 }
1041
1042 static PrivacySystem smime_system = {
1043 "smime", /* id */
1044 "S-MIME", /* name */
1045
1046 smime_free_privacydata, /* free_privacydata */
1047
1048 smime_is_signed, /* is_signed(MimeInfo *) */
1049 smime_check_sig_async,
1050
1051 smime_is_encrypted, /* is_encrypted(MimeInfo *) */
1052 smime_decrypt, /* decrypt(MimeInfo *) */
1053
1054 TRUE,
1055 smime_sign,
1056
1057 TRUE,
1058 smime_get_encrypt_data,
1059 smime_encrypt,
1060 smime_get_encrypt_warning,
1061 smime_inhibit_encrypt_warning,
1062 prefs_gpg_auto_check_signatures,
1063 };
1064
1065 void smime_init()
1066 {
1067 privacy_register_system(&smime_system);
1068 }
1069
1070 void smime_done()
1071 {
1072 privacy_unregister_system(&smime_system);
1073 }
1074
1075 struct PluginFeature *plugin_provides(void)
1076 {
1077 static struct PluginFeature features[] =
1078 { {PLUGIN_PRIVACY, N_("S/MIME")},
1079 {PLUGIN_NOTHING, NULL}};
1080 return features;
1081 }
1082 #endif /* USE_GPGME */