crypto: handle PKCS#7 envelopedData in _notmuch_crypto_decrypt

In the two places where _notmuch_crypto_decrypt handles
multipart/encrypted messages (PGP/MIME), we should also handle PKCS#7
envelopedData (S/MIME).

This is insufficient for fully handling S/MIME encrypted data because
_notmuch_crypto_decrypt isn't yet actually invoked for envelopedData
parts, but that will happen in the following changes.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2020-05-12 18:29:37 -04:00 committed by David Bremner
parent 2b108728c4
commit 1a34f68a58

View file

@ -55,10 +55,21 @@ _notmuch_crypto_decrypt (bool *attempted,
} }
if (attempted) if (attempted)
*attempted = true; *attempted = true;
if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part),
GMIME_DECRYPT_NONE, GMIME_DECRYPT_NONE,
notmuch_message_properties_value (list), notmuch_message_properties_value (list),
decrypt_result, err); decrypt_result, err);
} else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
GMimeSecureMimeType type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
if (type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
ret = g_mime_application_pkcs7_mime_decrypt (pkcs7,
GMIME_DECRYPT_NONE,
notmuch_message_properties_value (list),
decrypt_result, err);
}
}
if (ret) if (ret)
break; break;
} }
@ -81,8 +92,17 @@ _notmuch_crypto_decrypt (bool *attempted,
GMimeDecryptFlags flags = GMIME_DECRYPT_NONE; GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result) if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY; flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL, ret = g_mime_multipart_encrypted_decrypt (GMIME_MULTIPART_ENCRYPTED (part), flags, NULL,
decrypt_result, err); decrypt_result, err);
} else if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
GMimeApplicationPkcs7Mime *pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
GMimeSecureMimeType p7type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
if (p7type == GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA) {
ret = g_mime_application_pkcs7_mime_decrypt (pkcs7, flags, NULL,
decrypt_result, err);
}
}
return ret; return ret;
} }