crypto: handle PKCS#7 envelopedData in _notmuch_crypto_decrypt
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 12 May 2020 22:29:37 +0000 (18:29 -0400)
committerDavid Bremner <david@tethera.net>
Sat, 23 May 2020 01:11:40 +0000 (22:11 -0300)
In the two places where _notmuch_crypto_decrypt handles
multipart/encrypted messages (PGP/MIME), we should also handle PKCS#7
envelopedData (S/MIME).

This is insufficient for fully handling S/MIME encrypted data because
_notmuch_crypto_decrypt isn't yet actually invoked for envelopedData
parts, but that will happen in the following changes.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
util/crypto.c

index fbd5f011eae63fb570cf2a84a2b0c03e6493cd5f..c09f467b350b5d453e799d5b7941463544b411a0 100644 (file)
@@ -55,10 +55,21 @@ _notmuch_crypto_decrypt (bool *attempted,
            }
            if (attempted)
                *attempted = true;
-           ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part),
-                                                     GMIME_DECRYPT_NONE,
-                                                     notmuch_message_properties_value (list),
-                                                     decrypt_result, err);
+           if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
+               ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part),
+                                                         GMIME_DECRYPT_NONE,
+                                                         notmuch_message_properties_value (list),
+                                                         decrypt_result, err);
+           } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
+               GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
+               GMimeSecureMimeType type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
+               if (type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
+                   ret = g_mime_application_pkcs7_mime_decrypt (pkcs7,
+                                                                GMIME_DECRYPT_NONE,
+                                                                notmuch_message_properties_value (list),
+                                                                decrypt_result, err);
+               }
+           }
            if (ret)
                break;
        }
@@ -81,8 +92,17 @@ _notmuch_crypto_decrypt (bool *attempted,
     GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
     if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
        flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
-    ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL,
-                                             decrypt_result, err);
+    if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
+       ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL,
+                                                 decrypt_result, err);
+    } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
+       GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
+       GMimeSecureMimeType p7type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
+       if (p7type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
+           ret = g_mime_application_pkcs7_mime_decrypt (pkcs7, flags, NULL,
+                                                        decrypt_result, err);
+       }
+    }
     return ret;
 }