Prepared crypto

author: Christian Mollekopf <chrigi_1@fastmail.fm> 2017-11-23 00:22:39 +0100
committer: Christian Mollekopf <chrigi_1@fastmail.fm> 2017-11-23 00:22:39 +0100
commit: 2f702b74ee8c5cf8f4b02355e226d04d5758f53b (patch)
tree: 3394287ed76027c2f83a634a19441ec69bbe2c3c
parent: 9fa148794db7a91d56631cfadffda380a9d4c103 (diff)
download: kube-2f702b74ee8c5cf8f4b02355e226d04d5758f53b.tar.gz
kube-2f702b74ee8c5cf8f4b02355e226d04d5758f53b.zip
2 files changed, 68 insertions, 56 deletions
diff --git a/framework/src/domain/mime/mailcrypto.cpp b/framework/src/domain/mime/mailcrypto.cpp
index 19e81b4f..bdfa2a74 100644
--- a/framework/src/domain/mime/mailcrypto.cpp
+++ b/framework/src/domain/mime/mailcrypto.cpp
@@ -22,9 +22,12 @@
 #include "mailcrypto.h"
 #include <QGpgME/Protocol>
 #include <QGpgME/SignJob>
+#include <QGpgME/EncryptJob>
+#include <QGpgME/SignEncryptJob>
 #include <QGpgME/KeyListJob>
 #include <gpgme++/global.h>
 #include <gpgme++/signingresult.h>
+#include <gpgme++/encryptionresult.h>
 #include <gpgme++/keylistresult.h>
 #include <QDebug>
@@ -335,44 +338,12 @@ KMime::Content *composeHeadersAndBody(KMime::Content *orig, QByteArray encodedBo
    //     }
    // }
-//Hardcoded OpenPGPGMIMEFormat for now
+// replace simple LFs by CRLFs for all MIME supporting CryptPlugs
-KMime::Content *MailCrypto::sign(KMime::Content *content, const std::vector<GpgME::Key> &signers)
+// according to RfC 2633, 3.1.1 Canonicalization
+static QByteArray canonicalizeContent(KMime::Content *content)
 {
-    // if setContent hasn't been called, we assume that a subjob was added
-    // and we want to use that
-    // if (!d->content) {
-    //     Q_ASSERT(d->subjobContents.size() == 1);
-    //     d->content = d->subjobContents.first();
-    // }
-    //d->resultContent = new KMime::Content;
-    // const QGpgME::Protocol *proto = nullptr;
-    // if (d->format & Kleo::AnyOpenPGP) {
-        // proto = QGpgME::openpgp();
-    // } else if (d->format & Kleo::AnySMIME) {
-    //     proto = QGpgME::smime();
-    // }
-    const QGpgME::Protocol *proto = QGpgME::openpgp();
-    Q_ASSERT(proto);
-    qDebug() << "creating signJob from:" << proto->name() << proto->displayName();
-    // std::unique_ptr<QGpgME::SignJob> job(proto->signJob(!d->binaryHint(d->format), d->format == Kleo::InlineOpenPGPFormat));
-    bool armor = true;
-    bool textMode = false;
-    std::unique_ptr<QGpgME::SignJob> job(proto->signJob(armor, textMode));
-    // for now just do the main recipients
-    QByteArray signature;
-    content->assemble();
-    // replace simple LFs by CRLFs for all MIME supporting CryptPlugs
-    // according to RfC 2633, 3.1.1 Canonicalization
-    QByteArray contentData;
    // if (d->format & Kleo::InlineOpenPGPFormat) {
-    //     content = d->content->body();
+    //     return d->content->body();
    // } else if (!(d->format & Kleo::SMIMEOpaqueFormat)) {
        // replace "From " and "--" at the beginning of lines
@@ -425,33 +396,73 @@ KMime::Content *MailCrypto::sign(KMime::Content *content, const std::vector<GpgM
            }
        }
-        contentData = KMime::LFtoCRLF(content->encodedContent());
+        return KMime::LFtoCRLF(content->encodedContent());
    // } else {                    // SMimeOpaque doesn't need LFtoCRLF, else it gets munged
-    //     contentData = content->encodedContent();
+    //     return content->encodedContent();
    // }
-    auto signingMode = GpgME::Detached;
+}
-    // FIXME: Make this async
+KMime::Content *MailCrypto::processCrypto(KMime::Content *content, const std::vector<GpgME::Key> &signingKeys, const std::vector<GpgME::Key> &encryptionKeys, MailCrypto::Protocol protocol)
-    GpgME::SigningResult res = job->exec(signers,
+{
-                                         contentData,
+    const QGpgME::Protocol *const proto = protocol == MailCrypto::SMIME ? QGpgME::smime() : QGpgME::openpgp();
-                                         signingMode,
+    Q_ASSERT(proto);
-                                         signature);
-    // exec'ed jobs don't delete themselves
+    qDebug() << "creating signJob from:" << proto->name() << proto->displayName();
-    job->deleteLater();
+    // for now just do the main recipients
+    content->assemble();
-    if (res.error().code()) {
+    auto signingMode = GpgME::Detached;
-        qWarning() << "signing failed:" << res.error().asString();
+    bool armor = true;
-        //        job->showErrorDialog( globalPart()->parentWidgetForGui() );
+    bool textMode = false;
-        // setError(res.error().code());
+    const bool sign = !signingKeys.empty();
-        // setErrorText(QString::fromLocal8Bit(res.error().asString()));
+    const bool encrypt = !encryptionKeys.empty();
+    QByteArray resultContent;
+    QByteArray hashAlgo;
+    //Trust provided keys and don't check them for validity
+    bool alwaysTrust = true;
+    if (sign && encrypt) {
+        std::unique_ptr<QGpgME::SignEncryptJob> job(proto->signEncryptJob(armor, textMode));
+        const auto res = job->exec(signingKeys, encryptionKeys, canonicalizeContent(content), alwaysTrust, resultContent);
+        if (res.first.error().code()) {
+            qWarning() << "Signing failed:" << res.first.error().asString();
+            return nullptr;
+        } else {
+            hashAlgo = res.first.createdSignature(0).hashAlgorithmAsString();
+        }
+        if (res.second.error().code()) {
+            qWarning() << "Encryption failed:" << res.second.error().asString();
+            return nullptr;
+        }
+    } else if (sign) {
+        std::unique_ptr<QGpgME::SignJob> job(proto->signJob(armor, textMode));
+        auto result = job->exec(signingKeys, canonicalizeContent(content), signingMode, resultContent);
+        if (result.error().code()) {
+            qWarning() << "Signing failed:" << result.error().asString();
+            return nullptr;
+        }
+        hashAlgo = result.createdSignature(0).hashAlgorithmAsString();
+    } else if (encrypt) {
+        std::unique_ptr<QGpgME::EncryptJob> job(proto->encryptJob(armor, textMode));
+        const auto result = job->exec(encryptionKeys, canonicalizeContent(content), alwaysTrust, resultContent);
+        if (result.error().code()) {
+            qWarning() << "Encryption failed:" << result.error().asString();
+            return nullptr;
+        }
+        hashAlgo = "pgp-sha1";
    } else {
-        QByteArray signatureHashAlgo =  res.createdSignature(0).hashAlgorithmAsString();
+        qWarning() << "Not signing or encrypting";
-        bool sign = true;
+        return nullptr;
-        return composeHeadersAndBody(content, signature, sign, signatureHashAlgo);
    }
-    return nullptr;
+    return composeHeadersAndBody(content, resultContent, sign, hashAlgo);
+}
+KMime::Content *MailCrypto::sign(KMime::Content *content, const std::vector<GpgME::Key> &signers)
+{
+    return processCrypto(content, signers, {}, OPENPGP);
 }
 std::vector<GpgME::Key> MailCrypto::findKeys(const QStringList &filter, bool findPrivate, Protocol protocol)
diff --git a/framework/src/domain/mime/mailcrypto.h b/framework/src/domain/mime/mailcrypto.h
index badf1005..ed362ddc 100644
--- a/framework/src/domain/mime/mailcrypto.h
+++ b/framework/src/domain/mime/mailcrypto.h
@@ -30,6 +30,7 @@ namespace MailCrypto
        OPENPGP,
        SMIME
    };
+    KMime::Content *processCrypto(KMime::Content *content, const std::vector<GpgME::Key> &signingKeys, const std::vector<GpgME::Key> &encryptionKeys, MailCrypto::Protocol protocol);
    KMime::Content *sign(KMime::Content *content, const std::vector<GpgME::Key> &signers);
-    std::vector<GpgME::Key> findKeys(const QStringList &filter, bool findPrivate = false, Protocol  protocol = OPENPGP);
+    std::vector<GpgME::Key> findKeys(const QStringList &filter, bool findPrivate = false, Protocol protocol = OPENPGP);
 };
author	Christian Mollekopf <chrigi_1@fastmail.fm>	2017-11-23 00:22:39 +0100
committer	Christian Mollekopf <chrigi_1@fastmail.fm>	2017-11-23 00:22:39 +0100
commit	2f702b74ee8c5cf8f4b02355e226d04d5758f53b (patch)
tree	3394287ed76027c2f83a634a19441ec69bbe2c3c
parent	9fa148794db7a91d56631cfadffda380a9d4c103 (diff)
download	kube-2f702b74ee8c5cf8f4b02355e226d04d5758f53b.tar.gz kube-2f702b74ee8c5cf8f4b02355e226d04d5758f53b.zip

diff --git a/framework/src/domain/mime/mailcrypto.cpp b/framework/src/domain/mime/mailcrypto.cpp index 19e81b4f..bdfa2a74 100644 --- a/framework/src/domain/mime/mailcrypto.cpp +++ b/framework/src/domain/mime/mailcrypto.cpp
@@ -22,9 +22,12 @@
22	#include "mailcrypto.h"	22	#include "mailcrypto.h"
23	#include <QGpgME/Protocol>	23	#include <QGpgME/Protocol>
24	#include <QGpgME/SignJob>	24	#include <QGpgME/SignJob>
		25	#include <QGpgME/EncryptJob>
		26	#include <QGpgME/SignEncryptJob>
25	#include <QGpgME/KeyListJob>	27	#include <QGpgME/KeyListJob>
26	#include <gpgme++/global.h>	28	#include <gpgme++/global.h>
27	#include <gpgme++/signingresult.h>	29	#include <gpgme++/signingresult.h>
		30	#include <gpgme++/encryptionresult.h>
28	#include <gpgme++/keylistresult.h>	31	#include <gpgme++/keylistresult.h>
29	#include <QDebug>	32	#include <QDebug>
30		33
@@ -335,44 +338,12 @@ KMime::Content composeHeadersAndBody(KMime::Content orig, QByteArray encodedBo
335	// }	338	// }
336	// }	339	// }
337		340
338	//Hardcoded OpenPGPGMIMEFormat for now	341	// replace simple LFs by CRLFs for all MIME supporting CryptPlugs
339	KMime::Content MailCrypto::sign(KMime::Content content, const std::vector<GpgME::Key> &signers)	342	// according to RfC 2633, 3.1.1 Canonicalization
		343	static QByteArray canonicalizeContent(KMime::Content *content)
340	{	344	{
341
342	// if setContent hasn't been called, we assume that a subjob was added
343	// and we want to use that
344	// if (!d->content) {
345	// Q_ASSERT(d->subjobContents.size() == 1);
346	// d->content = d->subjobContents.first();
347	// }
348
349	//d->resultContent = new KMime::Content;
350
351	// const QGpgME::Protocol *proto = nullptr;
352	// if (d->format & Kleo::AnyOpenPGP) {
353	// proto = QGpgME::openpgp();
354	// } else if (d->format & Kleo::AnySMIME) {
355	// proto = QGpgME::smime();
356	// }
357
358	const QGpgME::Protocol *proto = QGpgME::openpgp();
359	Q_ASSERT(proto);
360
361	qDebug() << "creating signJob from:" << proto->name() << proto->displayName();
362	// std::unique_ptr<QGpgME::SignJob> job(proto->signJob(!d->binaryHint(d->format), d->format == Kleo::InlineOpenPGPFormat));
363	bool armor = true;
364	bool textMode = false;
365	std::unique_ptr<QGpgME::SignJob> job(proto->signJob(armor, textMode));
366	// for now just do the main recipients
367	QByteArray signature;
368
369	content->assemble();
370
371	// replace simple LFs by CRLFs for all MIME supporting CryptPlugs
372	// according to RfC 2633, 3.1.1 Canonicalization
373	QByteArray contentData;
374	// if (d->format & Kleo::InlineOpenPGPFormat) {	345	// if (d->format & Kleo::InlineOpenPGPFormat) {
375	// content = d->content->body();	346	// return d->content->body();
376	// } else if (!(d->format & Kleo::SMIMEOpaqueFormat)) {	347	// } else if (!(d->format & Kleo::SMIMEOpaqueFormat)) {
377		348
378	// replace "From " and "--" at the beginning of lines	349	// replace "From " and "--" at the beginning of lines
@@ -425,33 +396,73 @@ KMime::Content MailCrypto::sign(KMime::Content content, const std::vector<GpgM
425	}	396	}
426	}	397	}
427		398
428	contentData = KMime::LFtoCRLF(content->encodedContent());	399	return KMime::LFtoCRLF(content->encodedContent());
429	// } else { // SMimeOpaque doesn't need LFtoCRLF, else it gets munged	400	// } else { // SMimeOpaque doesn't need LFtoCRLF, else it gets munged
430	// contentData = content->encodedContent();	401	// return content->encodedContent();
431	// }	402	// }
432		403
433	auto signingMode = GpgME::Detached;	404	}
434		405
435	// FIXME: Make this async	406	KMime::Content MailCrypto::processCrypto(KMime::Content content, const std::vector<GpgME::Key> &signingKeys, const std::vector<GpgME::Key> &encryptionKeys, MailCrypto::Protocol protocol)
436	GpgME::SigningResult res = job->exec(signers,	407	{
437	contentData,	408	const QGpgME::Protocol *const proto = protocol == MailCrypto::SMIME ? QGpgME::smime() : QGpgME::openpgp();
438	signingMode,	409	Q_ASSERT(proto);
439	signature);
440		410
441	// exec'ed jobs don't delete themselves	411	qDebug() << "creating signJob from:" << proto->name() << proto->displayName();
442	job->deleteLater();	412	// for now just do the main recipients
		413
		414	content->assemble();
443		415
444	if (res.error().code()) {	416	auto signingMode = GpgME::Detached;
445	qWarning() << "signing failed:" << res.error().asString();	417	bool armor = true;
446	// job->showErrorDialog( globalPart()->parentWidgetForGui() );	418	bool textMode = false;
447	// setError(res.error().code());	419	const bool sign = !signingKeys.empty();
448	// setErrorText(QString::fromLocal8Bit(res.error().asString()));	420	const bool encrypt = !encryptionKeys.empty();
		421
		422	QByteArray resultContent;
		423	QByteArray hashAlgo;
		424	//Trust provided keys and don't check them for validity
		425	bool alwaysTrust = true;
		426	if (sign && encrypt) {
		427	std::unique_ptr<QGpgME::SignEncryptJob> job(proto->signEncryptJob(armor, textMode));
		428	const auto res = job->exec(signingKeys, encryptionKeys, canonicalizeContent(content), alwaysTrust, resultContent);
		429	if (res.first.error().code()) {
		430	qWarning() << "Signing failed:" << res.first.error().asString();
		431	return nullptr;
		432	} else {
		433	hashAlgo = res.first.createdSignature(0).hashAlgorithmAsString();
		434	}
		435	if (res.second.error().code()) {
		436	qWarning() << "Encryption failed:" << res.second.error().asString();
		437	return nullptr;
		438	}
		439	} else if (sign) {
		440	std::unique_ptr<QGpgME::SignJob> job(proto->signJob(armor, textMode));
		441	auto result = job->exec(signingKeys, canonicalizeContent(content), signingMode, resultContent);
		442	if (result.error().code()) {
		443	qWarning() << "Signing failed:" << result.error().asString();
		444	return nullptr;
		445	}
		446	hashAlgo = result.createdSignature(0).hashAlgorithmAsString();
		447	} else if (encrypt) {
		448	std::unique_ptr<QGpgME::EncryptJob> job(proto->encryptJob(armor, textMode));
		449	const auto result = job->exec(encryptionKeys, canonicalizeContent(content), alwaysTrust, resultContent);
		450	if (result.error().code()) {
		451	qWarning() << "Encryption failed:" << result.error().asString();
		452	return nullptr;
		453	}
		454	hashAlgo = "pgp-sha1";
449	} else {	455	} else {
450	QByteArray signatureHashAlgo = res.createdSignature(0).hashAlgorithmAsString();	456	qWarning() << "Not signing or encrypting";
451	bool sign = true;	457	return nullptr;
452	return composeHeadersAndBody(content, signature, sign, signatureHashAlgo);
453	}	458	}
454	return nullptr;	459
		460	return composeHeadersAndBody(content, resultContent, sign, hashAlgo);
		461	}
		462
		463	KMime::Content MailCrypto::sign(KMime::Content content, const std::vector<GpgME::Key> &signers)
		464	{
		465	return processCrypto(content, signers, {}, OPENPGP);
455	}	466	}
456		467
457	std::vector<GpgME::Key> MailCrypto::findKeys(const QStringList &filter, bool findPrivate, Protocol protocol)	468	std::vector<GpgME::Key> MailCrypto::findKeys(const QStringList &filter, bool findPrivate, Protocol protocol)


diff --git a/framework/src/domain/mime/mailcrypto.h b/framework/src/domain/mime/mailcrypto.h index badf1005..ed362ddc 100644 --- a/framework/src/domain/mime/mailcrypto.h +++ b/framework/src/domain/mime/mailcrypto.h
@@ -30,6 +30,7 @@ namespace MailCrypto
30	OPENPGP,	30	OPENPGP,
31	SMIME	31	SMIME
32	};	32	};
		33	KMime::Content processCrypto(KMime::Content content, const std::vector<GpgME::Key> &signingKeys, const std::vector<GpgME::Key> &encryptionKeys, MailCrypto::Protocol protocol);
33	KMime::Content sign(KMime::Content content, const std::vector<GpgME::Key> &signers);	34	KMime::Content sign(KMime::Content content, const std::vector<GpgME::Key> &signers);
34	std::vector<GpgME::Key> findKeys(const QStringList &filter, bool findPrivate = false, Protocol protocol = OPENPGP);	35	std::vector<GpgME::Key> findKeys(const QStringList &filter, bool findPrivate = false, Protocol protocol = OPENPGP);
35	};	36	};