diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2020-05-12 18:29:37 -0400 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2020-05-22 22:11:40 -0300 |
| commit | 1a34f68a584c2731d33cd5d2a4ee4e6d7faf6a83 (patch) | |
| tree | ed5ef32f941e215bec4c8436c1ab2c42886735ab /util | |
| parent | 2b108728c429408c5bf86f1852a205588821286e (diff) | |
crypto: handle PKCS#7 envelopedData in _notmuch_crypto_decrypt
In the two places where _notmuch_crypto_decrypt handles
multipart/encrypted messages (PGP/MIME), we should also handle PKCS#7
envelopedData (S/MIME).
This is insufficient for fully handling S/MIME encrypted data because
_notmuch_crypto_decrypt isn't yet actually invoked for envelopedData
parts, but that will happen in the following changes.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'util')
| -rw-r--r-- | util/crypto.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/util/crypto.c b/util/crypto.c index fbd5f011..c09f467b 100644 --- a/util/crypto.c +++ b/util/crypto.c @@ -55,10 +55,21 @@ _notmuch_crypto_decrypt (bool *attempted, } if (attempted) *attempted = true; - ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), - GMIME_DECRYPT_NONE, - notmuch_message_properties_value (list), - decrypt_result, err); + if (GMIME_IS_MULTIPART_ENCRYPTED (part)) { + ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), + GMIME_DECRYPT_NONE, + notmuch_message_properties_value (list), + decrypt_result, err); + } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) { + GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part); + GMimeSecureMimeType type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7); + if (type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) { + ret = g_mime_application_pkcs7_mime_decrypt (pkcs7, + GMIME_DECRYPT_NONE, + notmuch_message_properties_value (list), + decrypt_result, err); + } + } if (ret) break; } @@ -81,8 +92,17 @@ _notmuch_crypto_decrypt (bool *attempted, GMimeDecryptFlags flags = GMIME_DECRYPT_NONE; if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result) flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY; - ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL, - decrypt_result, err); + if (GMIME_IS_MULTIPART_ENCRYPTED (part)) { + ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL, + decrypt_result, err); + } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) { + GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part); + GMimeSecureMimeType p7type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7); + if (p7type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) { + ret = g_mime_application_pkcs7_mime_decrypt (pkcs7, flags, NULL, + decrypt_result, err); + } + } return ret; } |