bb90a934d5
2003-11-10 Not Zed <NotZed@Ximian.com> * camel-smime-context.c (sm_verify_cmsg): split out the CMSMessage verification code so it can be used from enveloped or externally signed data. * camel-cipher-context.c (camel_cipher_verify): only take a mimepart, internally handle multiparts and the hash. 2003-11-07 Not Zed <NotZed@Ximian.com> * camel-cipher-context.c: make ciphervalidity a public structure, added encrypt status. (camel_cipher_decrypt): changed to return a ciphervalidity. fixed implementations. (camel_cipher_validity_*): Fixed implementations to match new structure, some of this is now redundant. 2003-11-06 Not Zed <NotZed@Ximian.com> * camel-smime-context.c (camel_smime_context_describe_part): implement. svn path=/trunk/; revision=23242
566 lines
15 KiB
C
566 lines
15 KiB
C
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
|
|
/*
|
|
* Authors: Jeffrey Stedfast <fejj@ximian.com>
|
|
*
|
|
* Copyright 2001-2003 Ximian, Inc. (www.ximian.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
* License as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public
|
|
* License along with this program; if not, write to the
|
|
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
* Boston, MA 02111-1307, USA.
|
|
*
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <pthread.h>
|
|
#include <string.h>
|
|
|
|
#include <glib.h>
|
|
|
|
#include "camel-cipher-context.h"
|
|
#include "camel-stream.h"
|
|
|
|
#include "camel-mime-utils.h"
|
|
#include "camel-medium.h"
|
|
#include "camel-multipart.h"
|
|
#include "camel-mime-message.h"
|
|
#include "camel-mime-filter-canon.h"
|
|
#include "camel-stream-filter.h"
|
|
|
|
#define CIPHER_LOCK(ctx) g_mutex_lock (((CamelCipherContext *) ctx)->priv->lock)
|
|
#define CIPHER_UNLOCK(ctx) g_mutex_unlock (((CamelCipherContext *) ctx)->priv->lock);
|
|
|
|
#define d(x)
|
|
|
|
#define CCC_CLASS(o) CAMEL_CIPHER_CONTEXT_CLASS(CAMEL_OBJECT_GET_CLASS(o))
|
|
|
|
struct _CamelCipherContextPrivate {
|
|
GMutex *lock;
|
|
};
|
|
|
|
static CamelObjectClass *parent_class = NULL;
|
|
|
|
/**
|
|
* camel_cipher_context_new:
|
|
* @session: CamelSession
|
|
*
|
|
* This creates a new CamelCipherContext object which is used to sign,
|
|
* verify, encrypt and decrypt streams.
|
|
*
|
|
* Return value: the new CamelCipherContext
|
|
**/
|
|
CamelCipherContext *
|
|
camel_cipher_context_new (CamelSession *session)
|
|
{
|
|
CamelCipherContext *context;
|
|
|
|
g_return_val_if_fail (session != NULL, NULL);
|
|
|
|
context = CAMEL_CIPHER_CONTEXT (camel_object_new (CAMEL_CIPHER_CONTEXT_TYPE));
|
|
|
|
camel_object_ref (session);
|
|
context->session = session;
|
|
|
|
return context;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_context_construct:
|
|
* @context: CamelCipherContext
|
|
* @session: CamelSession
|
|
*
|
|
* Constucts the CamelCipherContext
|
|
**/
|
|
void
|
|
camel_cipher_context_construct (CamelCipherContext *context, CamelSession *session)
|
|
{
|
|
g_return_if_fail (CAMEL_IS_CIPHER_CONTEXT (context));
|
|
g_return_if_fail (CAMEL_IS_SESSION (session));
|
|
|
|
camel_object_ref (session);
|
|
context->session = session;
|
|
}
|
|
|
|
static int
|
|
cipher_sign (CamelCipherContext *ctx, const char *userid, CamelCipherHash hash,
|
|
struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("Signing is not supported by this cipher"));
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_sign:
|
|
* @context: Cipher Context
|
|
* @userid: private key to use to sign the stream
|
|
* @hash: preferred Message-Integrity-Check hash algorithm
|
|
* @ipart: Input part.
|
|
* @opart: output part.
|
|
* @ex: exception
|
|
*
|
|
* Converts the (unsigned) part @ipart into a new self-contained mime part @opart.
|
|
* This may be a multipart/signed part, or a simple part for enveloped types.
|
|
*
|
|
* Return value: 0 for success or -1 for failure.
|
|
**/
|
|
int
|
|
camel_cipher_sign (CamelCipherContext *context, const char *userid, CamelCipherHash hash,
|
|
struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
int retval;
|
|
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
|
|
|
|
CIPHER_LOCK(context);
|
|
|
|
retval = CCC_CLASS (context)->sign (context, userid, hash, ipart, opart, ex);
|
|
|
|
CIPHER_UNLOCK(context);
|
|
|
|
return retval;
|
|
}
|
|
|
|
static CamelCipherValidity *
|
|
cipher_verify (CamelCipherContext *context, struct _CamelMimePart *sigpart, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("Verifying is not supported by this cipher"));
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_verify:
|
|
* @context: Cipher Context
|
|
* @ipart: part to verify
|
|
* @ex: exception
|
|
*
|
|
* Verifies the signature. If @istream is a clearsigned stream,
|
|
* you should pass %NULL as the sigstream parameter. Otherwise
|
|
* @sigstream is assumed to be the signature stream and is used to
|
|
* verify the integirity of the @istream.
|
|
*
|
|
* Return value: a CamelCipherValidity structure containing information
|
|
* about the integrity of the input stream or %NULL on failure to
|
|
* execute at all.
|
|
**/
|
|
CamelCipherValidity *
|
|
camel_cipher_verify (CamelCipherContext *context, struct _CamelMimePart *ipart, CamelException *ex)
|
|
{
|
|
CamelCipherValidity *valid;
|
|
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL);
|
|
|
|
CIPHER_LOCK(context);
|
|
|
|
valid = CCC_CLASS (context)->verify (context, ipart, ex);
|
|
|
|
CIPHER_UNLOCK(context);
|
|
|
|
return valid;
|
|
}
|
|
|
|
static int
|
|
cipher_encrypt (CamelCipherContext *context, const char *userid, GPtrArray *recipients,
|
|
struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("Encryption is not supported by this cipher"));
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_encrypt:
|
|
* @context: Cipher Context
|
|
* @userid: key id (or email address) to use when signing, or NULL to not sign.
|
|
* @recipients: an array of recipient key ids and/or email addresses
|
|
* @istream: cleartext input stream
|
|
* @ostream: ciphertext output stream
|
|
* @ex: exception
|
|
*
|
|
* Encrypts (and optionally signs) the cleartext input stream and
|
|
* writes the resulting ciphertext to the output stream.
|
|
*
|
|
* Return value: 0 for success or -1 for failure.
|
|
**/
|
|
int
|
|
camel_cipher_encrypt (CamelCipherContext *context, const char *userid, GPtrArray *recipients,
|
|
struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
int retval;
|
|
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
|
|
|
|
CIPHER_LOCK(context);
|
|
|
|
retval = CCC_CLASS (context)->encrypt (context, userid, recipients, ipart, opart, ex);
|
|
|
|
CIPHER_UNLOCK(context);
|
|
|
|
return retval;
|
|
}
|
|
|
|
static CamelCipherValidity *
|
|
cipher_decrypt(CamelCipherContext *context, struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("Decryption is not supported by this cipher"));
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_decrypt:
|
|
* @context:
|
|
* @ipart:
|
|
* @opart:
|
|
* @ex:
|
|
*
|
|
* Decrypts @ipart into @opart.
|
|
*
|
|
* Return value: A validity/encryption status.
|
|
**/
|
|
CamelCipherValidity *
|
|
camel_cipher_decrypt(CamelCipherContext *context, struct _CamelMimePart *ipart, struct _CamelMimePart *opart, CamelException *ex)
|
|
{
|
|
CamelCipherValidity *valid;
|
|
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL);
|
|
|
|
CIPHER_LOCK(context);
|
|
|
|
valid = CCC_CLASS (context)->decrypt (context, ipart, opart, ex);
|
|
|
|
CIPHER_UNLOCK(context);
|
|
|
|
return valid;
|
|
}
|
|
|
|
static int
|
|
cipher_import_keys (CamelCipherContext *context, struct _CamelStream *istream, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("You may not import keys with this cipher"));
|
|
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_import_keys:
|
|
* @ctx: Cipher Context
|
|
* @istream: input stream (containing keys)
|
|
* @ex: exception
|
|
*
|
|
* Imports a stream of keys/certificates contained within @istream
|
|
* into the key/certificate database controlled by @ctx.
|
|
*
|
|
* Returns 0 on success or -1 on fail.
|
|
**/
|
|
int
|
|
camel_cipher_import_keys (CamelCipherContext *context, struct _CamelStream *istream, CamelException *ex)
|
|
{
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
|
|
g_return_val_if_fail (CAMEL_IS_STREAM (istream), -1);
|
|
|
|
return CCC_CLASS (context)->import_keys (context, istream, ex);
|
|
}
|
|
|
|
static int
|
|
cipher_export_keys (CamelCipherContext *context, GPtrArray *keys,
|
|
struct _CamelStream *ostream, CamelException *ex)
|
|
{
|
|
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
|
|
_("You may not export keys with this cipher"));
|
|
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_export_keys:
|
|
* @ctx: Cipher Context
|
|
* @keys: an array of key ids
|
|
* @ostream: output stream
|
|
* @ex: exception
|
|
*
|
|
* Exports the keys/certificates in @keys to the stream @ostream from
|
|
* the key/certificate database controlled by @ctx.
|
|
*
|
|
* Returns 0 on success or -1 on fail.
|
|
**/
|
|
int
|
|
camel_cipher_export_keys (CamelCipherContext *context, GPtrArray *keys,
|
|
struct _CamelStream *ostream, CamelException *ex)
|
|
{
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
|
|
g_return_val_if_fail (CAMEL_IS_STREAM (ostream), -1);
|
|
g_return_val_if_fail (keys != NULL, -1);
|
|
|
|
return CCC_CLASS (context)->export_keys (context, keys, ostream, ex);
|
|
}
|
|
|
|
static CamelCipherHash
|
|
cipher_id_to_hash(CamelCipherContext *context, const char *id)
|
|
{
|
|
return CAMEL_CIPHER_HASH_DEFAULT;
|
|
}
|
|
|
|
/* a couple of util functions */
|
|
CamelCipherHash
|
|
camel_cipher_id_to_hash(CamelCipherContext *context, const char *id)
|
|
{
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), CAMEL_CIPHER_HASH_DEFAULT);
|
|
|
|
return CCC_CLASS (context)->id_to_hash (context, id);
|
|
}
|
|
|
|
static const char *
|
|
cipher_hash_to_id(CamelCipherContext *context, CamelCipherHash hash)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
const char *
|
|
camel_cipher_hash_to_id(CamelCipherContext *context, CamelCipherHash hash)
|
|
{
|
|
g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL);
|
|
|
|
return CCC_CLASS (context)->hash_to_id (context, hash);
|
|
}
|
|
|
|
/* Cipher Validity stuff */
|
|
|
|
CamelCipherValidity *
|
|
camel_cipher_validity_new (void)
|
|
{
|
|
CamelCipherValidity *validity;
|
|
|
|
validity = g_malloc(sizeof(*validity));
|
|
camel_cipher_validity_init(validity);
|
|
|
|
return validity;
|
|
}
|
|
|
|
void
|
|
camel_cipher_validity_init (CamelCipherValidity *validity)
|
|
{
|
|
g_assert (validity != NULL);
|
|
|
|
memset(validity, 0, sizeof(*validity));
|
|
}
|
|
|
|
gboolean
|
|
camel_cipher_validity_get_valid (CamelCipherValidity *validity)
|
|
{
|
|
return validity != NULL
|
|
&& validity->sign.status == CAMEL_CIPHER_VALIDITY_SIGN_GOOD;
|
|
}
|
|
|
|
void
|
|
camel_cipher_validity_set_valid (CamelCipherValidity *validity, gboolean valid)
|
|
{
|
|
g_assert (validity != NULL);
|
|
|
|
validity->sign.status = CAMEL_CIPHER_VALIDITY_SIGN_GOOD;
|
|
}
|
|
|
|
gchar *
|
|
camel_cipher_validity_get_description (CamelCipherValidity *validity)
|
|
{
|
|
if (validity == NULL)
|
|
return NULL;
|
|
|
|
return validity->sign.description;
|
|
}
|
|
|
|
void
|
|
camel_cipher_validity_set_description (CamelCipherValidity *validity, const gchar *description)
|
|
{
|
|
g_assert (validity != NULL);
|
|
|
|
g_free(validity->sign.description);
|
|
validity->sign.description = g_strdup(description);
|
|
}
|
|
|
|
void
|
|
camel_cipher_validity_clear (CamelCipherValidity *validity)
|
|
{
|
|
g_assert (validity != NULL);
|
|
|
|
g_free(validity->sign.description);
|
|
g_free(validity->encrypt.description);
|
|
camel_cipher_validity_init(validity);
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_validity_envelope:
|
|
* @validity:
|
|
* @outer:
|
|
*
|
|
* Calculate a conglomerate validity based on wrapping one secure part inside
|
|
* another one.
|
|
**/
|
|
void
|
|
camel_cipher_validity_envelope(CamelCipherValidity *valid, CamelCipherValidity *outer)
|
|
{
|
|
if (valid->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE
|
|
&& valid->encrypt.status == CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE
|
|
&& outer->sign.status == CAMEL_CIPHER_VALIDITY_SIGN_NONE
|
|
&& outer->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE) {
|
|
/* case 1: only signed inside only encrypted -> merge both */
|
|
valid->encrypt.status = outer->encrypt.status;
|
|
valid->encrypt.description = g_strdup(outer->encrypt.description);
|
|
} else if (valid->sign.status == CAMEL_CIPHER_VALIDITY_SIGN_NONE
|
|
&& valid->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE
|
|
&& outer->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE
|
|
&& outer->encrypt.status == CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE) {
|
|
/* case 2: only encrypted inside only signed */
|
|
valid->sign.status = outer->sign.status;
|
|
valid->sign.description = g_strdup(outer->sign.description);
|
|
}
|
|
/* Otherwise, I dunno - what do you do? */
|
|
}
|
|
|
|
void
|
|
camel_cipher_validity_free (CamelCipherValidity *validity)
|
|
{
|
|
if (validity == NULL)
|
|
return;
|
|
|
|
camel_cipher_validity_clear(validity);
|
|
g_free(validity);
|
|
}
|
|
|
|
/* ********************************************************************** */
|
|
|
|
static void
|
|
camel_cipher_context_init (CamelCipherContext *context)
|
|
{
|
|
context->priv = g_new0 (struct _CamelCipherContextPrivate, 1);
|
|
context->priv->lock = g_mutex_new ();
|
|
}
|
|
|
|
static void
|
|
camel_cipher_context_finalise (CamelObject *o)
|
|
{
|
|
CamelCipherContext *context = (CamelCipherContext *)o;
|
|
|
|
camel_object_unref (CAMEL_OBJECT (context->session));
|
|
|
|
g_mutex_free (context->priv->lock);
|
|
|
|
g_free (context->priv);
|
|
}
|
|
|
|
static void
|
|
camel_cipher_context_class_init (CamelCipherContextClass *camel_cipher_context_class)
|
|
{
|
|
parent_class = camel_type_get_global_classfuncs (camel_object_get_type ());
|
|
|
|
camel_cipher_context_class->hash_to_id = cipher_hash_to_id;
|
|
camel_cipher_context_class->id_to_hash = cipher_id_to_hash;
|
|
camel_cipher_context_class->sign = cipher_sign;
|
|
camel_cipher_context_class->verify = cipher_verify;
|
|
camel_cipher_context_class->encrypt = cipher_encrypt;
|
|
camel_cipher_context_class->decrypt = cipher_decrypt;
|
|
camel_cipher_context_class->import_keys = cipher_import_keys;
|
|
camel_cipher_context_class->export_keys = cipher_export_keys;
|
|
}
|
|
|
|
CamelType
|
|
camel_cipher_context_get_type (void)
|
|
{
|
|
static CamelType type = CAMEL_INVALID_TYPE;
|
|
|
|
if (type == CAMEL_INVALID_TYPE) {
|
|
type = camel_type_register (camel_object_get_type (),
|
|
"CamelCipherContext",
|
|
sizeof (CamelCipherContext),
|
|
sizeof (CamelCipherContextClass),
|
|
(CamelObjectClassInitFunc) camel_cipher_context_class_init,
|
|
NULL,
|
|
(CamelObjectInitFunc) camel_cipher_context_init,
|
|
(CamelObjectFinalizeFunc) camel_cipher_context_finalise);
|
|
}
|
|
|
|
return type;
|
|
}
|
|
|
|
/* See rfc3156, section 2 and others */
|
|
/* We do this simply: Anything not base64 must be qp
|
|
This is so that we can safely translate any occurance of "From "
|
|
into the quoted-printable escaped version safely. */
|
|
static void
|
|
cc_prepare_sign(CamelMimePart *part)
|
|
{
|
|
CamelDataWrapper *dw;
|
|
CamelTransferEncoding encoding;
|
|
int parts, i;
|
|
|
|
dw = camel_medium_get_content_object((CamelMedium *)part);
|
|
if (!dw)
|
|
return;
|
|
|
|
if (CAMEL_IS_MULTIPART (dw)) {
|
|
parts = camel_multipart_get_number((CamelMultipart *)dw);
|
|
for (i = 0; i < parts; i++)
|
|
cc_prepare_sign(camel_multipart_get_part((CamelMultipart *)dw, i));
|
|
} else if (CAMEL_IS_MIME_MESSAGE (dw)) {
|
|
cc_prepare_sign((CamelMimePart *)dw);
|
|
} else {
|
|
encoding = camel_mime_part_get_encoding(part);
|
|
|
|
if (encoding != CAMEL_TRANSFER_ENCODING_BASE64
|
|
&& encoding != CAMEL_TRANSFER_ENCODING_QUOTEDPRINTABLE) {
|
|
camel_mime_part_set_encoding(part, CAMEL_TRANSFER_ENCODING_QUOTEDPRINTABLE);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* camel_cipher_canonical_to_stream:
|
|
* @part: Part to write.
|
|
* @flags: flags for the canonicalisation filter (CamelMimeFilterCanon)
|
|
* @ostream: stream to write canonicalised output to.
|
|
*
|
|
* Writes a part to a stream in a canonicalised format, suitable for signing/encrypting.
|
|
*
|
|
* The transfer encoding paramaters for the part may be changed by this function.
|
|
*
|
|
* Return value: -1 on error;
|
|
**/
|
|
int
|
|
camel_cipher_canonical_to_stream(CamelMimePart *part, guint32 flags, CamelStream *ostream)
|
|
{
|
|
CamelStreamFilter *filter;
|
|
CamelMimeFilter *canon;
|
|
int res = -1;
|
|
|
|
if (flags & (CAMEL_MIME_FILTER_CANON_FROM|CAMEL_MIME_FILTER_CANON_STRIP))
|
|
cc_prepare_sign(part);
|
|
|
|
filter = camel_stream_filter_new_with_stream(ostream);
|
|
canon = camel_mime_filter_canon_new(flags);
|
|
camel_stream_filter_add(filter, canon);
|
|
camel_object_unref(canon);
|
|
|
|
if (camel_data_wrapper_write_to_stream((CamelDataWrapper *)part, (CamelStream *)filter) != -1
|
|
&& camel_stream_flush((CamelStream *)filter) != -1)
|
|
res = 0;
|
|
|
|
camel_object_unref(filter);
|
|
camel_stream_reset(ostream);
|
|
|
|
return res;
|
|
}
|