[PATCH v2 7/9] crypto: handle PKCS#7 envelopedData in _notmuch_crypto_decrypt

Tue, 12 May 2020 15:31:19 -0700 

In the two places where _notmuch_crypto_decrypt handles
multipart/encrypted messages (PGP/MIME), we should also handle PKCS#7
envelopedData (S/MIME).

This is insufficient for fully handling S/MIME encrypted data because
_notmuch_crypto_decrypt isn't yet actually invoked for envelopedData
parts, but that will happen in the following changes.

Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net>
---
 util/crypto.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/util/crypto.c b/util/crypto.c
index fbd5f011..c09f467b 100644
--- a/util/crypto.c
+++ b/util/crypto.c
@@ -55,10 +55,21 @@ _notmuch_crypto_decrypt (bool *attempted,
            }
            if (attempted)
                *attempted = true;
-           ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED 
(part),
-                                                     GMIME_DECRYPT_NONE,
-                                                     
notmuch_message_properties_value (list),
-                                                     decrypt_result, err);
+           if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
+               ret = g_mime_multipart_encrypted_decrypt 
(GMIME_MULTIPART_ENCRYPTED (part),
+                                                         GMIME_DECRYPT_NONE,
+                                                         
notmuch_message_properties_value (list),
+                                                         decrypt_result, err);
+           } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
+               GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME 
(part);
+               GMimeSecureMimeType type = 
g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
+               if (type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
+                   ret = g_mime_application_pkcs7_mime_decrypt (pkcs7,
+                                                                
GMIME_DECRYPT_NONE,
+                                                                
notmuch_message_properties_value (list),
+                                                                
decrypt_result, err);
+               }
+           }
            if (ret)
                break;
        }
@@ -81,8 +92,17 @@ _notmuch_crypto_decrypt (bool *attempted,
     GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
     if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
        flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
-    ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED 
(part), flags, NULL,
-                                             decrypt_result, err);
+    if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
+       ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED 
(part), flags, NULL,
+                                                 decrypt_result, err);
+    } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
+       GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
+       GMimeSecureMimeType p7type = 
g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
+       if (p7type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
+           ret = g_mime_application_pkcs7_mime_decrypt (pkcs7, flags, NULL,
+                                                        decrypt_result, err);
+       }
+    }
     return ret;
 }
 
-- 
2.26.2

_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Reply via email to