* gnus.el (gnus-update-message-archive-method): New variable.

[gnus] / lisp / mml2015.el

;;; mml2015.el --- MIME Security with Pretty Good Privacy (PGP)

;; Copyright (C) 2000, 2001, 2002, 2003, 2004,
;;   2005, 2006, 2007 Free Software Foundation, Inc.

;; Author: Shenghuo Zhu <zsh@cs.rochester.edu>
;; Keywords: PGP MIME MML

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published
;; by the Free Software Foundation; either version 2, or (at your
;; option) any later version.

;; GNU Emacs is distributed in the hope that it will be useful, but
;; WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
;; General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Commentary:

;; RFC 2015 is updated by RFC 3156, this file should be compatible
;; with both.

;;; Code:

(eval-when-compile (require 'cl))
(require 'mm-decode)
(require 'mm-util)
(require 'mml)
(require 'mml-sec)

(defvar mc-pgp-always-sign)

(defvar mml2015-use (or
                     (condition-case nil
                         (progn
                           (require 'epg-config)
                           (epg-check-configuration (epg-configuration))
                           'epg)
                       (error))
                     (progn
                       (ignore-errors
                        ;; Avoid the "Recursive load suspected" error
                        ;; in Emacs 21.1.
                        (let ((recursive-load-depth-limit 100))
                          (require 'pgg)))
                       (and (fboundp 'pgg-sign-region)
                            'pgg))
                     (progn
                       (ignore-errors
                         (require 'gpg))
                       (and (fboundp 'gpg-sign-detached)
                            'gpg))
                     (progn (ignore-errors
                              (load "mc-toplev"))
                            (and (fboundp 'mc-encrypt-generic)
                                 (fboundp 'mc-sign-generic)
                                 (fboundp 'mc-cleanup-recipient-headers)
                                 'mailcrypt)))
  "The package used for PGP/MIME.
Valid packages include `epg', `pgg', `gpg' and `mailcrypt'.")

;; Something is not RFC2015.
(defvar mml2015-function-alist
  '((mailcrypt mml2015-mailcrypt-sign
               mml2015-mailcrypt-encrypt
               mml2015-mailcrypt-verify
               mml2015-mailcrypt-decrypt
               mml2015-mailcrypt-clear-verify
               mml2015-mailcrypt-clear-decrypt)
    (gpg mml2015-gpg-sign
         mml2015-gpg-encrypt
         mml2015-gpg-verify
         mml2015-gpg-decrypt
         mml2015-gpg-clear-verify
         mml2015-gpg-clear-decrypt)
  (pgg mml2015-pgg-sign
       mml2015-pgg-encrypt
       mml2015-pgg-verify
       mml2015-pgg-decrypt
       mml2015-pgg-clear-verify
       mml2015-pgg-clear-decrypt)
  (epg mml2015-epg-sign
       mml2015-epg-encrypt
       mml2015-epg-verify
       mml2015-epg-decrypt
       mml2015-epg-clear-verify
       mml2015-epg-clear-decrypt))
  "Alist of PGP/MIME functions.")

(defvar mml2015-result-buffer nil)

(defcustom mml2015-unabbrev-trust-alist
  '(("TRUST_UNDEFINED" . nil)
    ("TRUST_NEVER"     . nil)
    ("TRUST_MARGINAL"  . t)
    ("TRUST_FULLY"     . t)
    ("TRUST_ULTIMATE"  . t))
  "Map GnuPG trust output values to a boolean saying if you trust the key."
  :version "22.1"
  :group 'mime-security
  :type '(repeat (cons (regexp :tag "GnuPG output regexp")
                       (boolean :tag "Trust key"))))

(defcustom mml2015-verbose mml-secure-verbose
  "If non-nil, ask the user about the current operation more verbosely."
  :group 'mime-security
  :type 'boolean)

(defcustom mml2015-cache-passphrase mml-secure-cache-passphrase
  "If t, cache passphrase."
  :group 'mime-security
  :type 'boolean)

(defcustom mml2015-passphrase-cache-expiry mml-secure-passphrase-cache-expiry
  "How many seconds the passphrase is cached.
Whether the passphrase is cached at all is controlled by
`mml2015-cache-passphrase'."
  :group 'mime-security
  :type 'integer)

(defcustom mml2015-signers nil
  "A list of your own key ID which will be used to sign a message."
  :group 'mime-security
  :type '(repeat (string :tag "Key ID")))

(defcustom mml2015-encrypt-to-self nil
  "If t, add your own key ID to recipient list when encryption."
  :group 'mime-security
  :type 'boolean)

(defcustom mml2015-always-trust t
  "If t, GnuPG skip key validation on encryption."
  :group 'mime-security
  :type 'boolean)

;;; mailcrypt wrapper

(eval-and-compile
  (autoload 'mailcrypt-decrypt "mailcrypt")
  (autoload 'mailcrypt-verify "mailcrypt")
  (autoload 'mc-pgp-always-sign "mailcrypt")
  (autoload 'mc-encrypt-generic "mc-toplev")
  (autoload 'mc-cleanup-recipient-headers "mc-toplev")
  (autoload 'mc-sign-generic "mc-toplev"))

(eval-when-compile
  (defvar mc-default-scheme)
  (defvar mc-schemes))

(defvar mml2015-decrypt-function 'mailcrypt-decrypt)
(defvar mml2015-verify-function 'mailcrypt-verify)

(defun mml2015-format-error (err)
  (if (stringp (cadr err))
      (cadr err)
    (format "%S" (cdr err))))

(defun mml2015-mailcrypt-decrypt (handle ctl)
  (catch 'error
    (let (child handles result)
      (unless (setq child (mm-find-part-by-type
                           (cdr handle)
                           "application/octet-stream" nil t))
        (mm-set-handle-multipart-parameter
         mm-security-handle 'gnus-info "Corrupted")
        (throw 'error handle))
      (with-temp-buffer
        (mm-insert-part child)
        (setq result
              (condition-case err
                  (funcall mml2015-decrypt-function)
                (error
                 (mm-set-handle-multipart-parameter
                  mm-security-handle 'gnus-details (mml2015-format-error err))
                 nil)
                (quit
                 (mm-set-handle-multipart-parameter
                  mm-security-handle 'gnus-details "Quit.")
                 nil)))
        (unless (car result)
          (mm-set-handle-multipart-parameter
           mm-security-handle 'gnus-info "Failed")
          (throw 'error handle))
        (setq handles (mm-dissect-buffer t)))
      (mm-destroy-parts handle)
      (mm-set-handle-multipart-parameter
       mm-security-handle 'gnus-info
       (concat "OK"
               (let ((sig (with-current-buffer mml2015-result-buffer
                            (mml2015-gpg-extract-signature-details))))
                 (concat ", Signer: " sig))))
      (if (listp (car handles))
          handles
        (list handles)))))

(defun mml2015-mailcrypt-clear-decrypt ()
  (let (result)
    (setq result
          (condition-case err
              (funcall mml2015-decrypt-function)
            (error
             (mm-set-handle-multipart-parameter
              mm-security-handle 'gnus-details (mml2015-format-error err))
             nil)
            (quit
             (mm-set-handle-multipart-parameter
              mm-security-handle 'gnus-details "Quit.")
             nil)))
    (if (car result)
        (mm-set-handle-multipart-parameter
         mm-security-handle 'gnus-info "OK")
      (mm-set-handle-multipart-parameter
       mm-security-handle 'gnus-info "Failed"))))

(defun mml2015-fix-micalg (alg)
  (and alg
       ;; Mutt/1.2.5i has seen sending micalg=php-sha1
       (upcase (if (string-match "^p[gh]p-" alg)
                   (substring alg (match-end 0))
                 alg))))

(defun mml2015-mailcrypt-verify (handle ctl)
  (catch 'error
    (let (part)
      (unless (setq part (mm-find-raw-part-by-type
                          ctl (or (mm-handle-multipart-ctl-parameter
                                   ctl 'protocol)
                                  "application/pgp-signature")
                          t))
        (mm-set-handle-multipart-parameter
         mm-security-handle 'gnus-info "Corrupted")
        (throw 'error handle))
      (with-temp-buffer
        (insert "-----BEGIN PGP SIGNED MESSAGE-----\n")
        (insert (format "Hash: %s\n\n"
                        (or (mml2015-fix-micalg
                             (mm-handle-multipart-ctl-parameter
                              ctl 'micalg))
                            "SHA1")))
        (save-restriction
          (narrow-to-region (point) (point))
          (insert part "\n")
          (goto-char (point-min))
          (while (not (eobp))
            (if (looking-at "^-")
                (insert "- "))
            (forward-line)))
        (unless (setq part (mm-find-part-by-type
                            (cdr handle) "application/pgp-signature" nil t))
          (mm-set-handle-multipart-parameter
           mm-security-handle 'gnus-info "Corrupted")
          (throw 'error handle))
        (save-restriction
          (narrow-to-region (point) (point))
          (mm-insert-part part)
          (goto-char (point-min))
          (if (re-search-forward "^-----BEGIN PGP [^-]+-----\r?$" nil t)
              (replace-match "-----BEGIN PGP SIGNATURE-----" t t))
          (if (re-search-forward "^-----END PGP [^-]+-----\r?$" nil t)
              (replace-match "-----END PGP SIGNATURE-----" t t)))
        (let ((mc-gpg-debug-buffer (get-buffer-create " *gnus gpg debug*")))
          (unless (condition-case err
                      (prog1
                          (funcall mml2015-verify-function)
                        (if (get-buffer " *mailcrypt stderr temp")
                            (mm-set-handle-multipart-parameter
                             mm-security-handle 'gnus-details
                             (with-current-buffer " *mailcrypt stderr temp"
                               (buffer-string))))
                        (if (get-buffer " *mailcrypt stdout temp")
                            (kill-buffer " *mailcrypt stdout temp"))
                        (if (get-buffer " *mailcrypt stderr temp")
                            (kill-buffer " *mailcrypt stderr temp"))
                        (if (get-buffer " *mailcrypt status temp")
                            (kill-buffer " *mailcrypt status temp"))
                        (if (get-buffer mc-gpg-debug-buffer)
                            (kill-buffer mc-gpg-debug-buffer)))
                    (error
                     (mm-set-handle-multipart-parameter
                      mm-security-handle 'gnus-details (mml2015-format-error err))
                     nil)
                    (quit
                     (mm-set-handle-multipart-parameter
                      mm-security-handle 'gnus-details "Quit.")
                     nil))
            (mm-set-handle-multipart-parameter
             mm-security-handle 'gnus-info "Failed")
            (throw 'error handle))))
      (mm-set-handle-multipart-parameter
       mm-security-handle 'gnus-info "OK")
      handle)))

(defun mml2015-mailcrypt-clear-verify ()
  (let ((mc-gpg-debug-buffer (get-buffer-create " *gnus gpg debug*")))
    (if (condition-case err
            (prog1
                (funcall mml2015-verify-function)
              (if (get-buffer " *mailcrypt stderr temp")
                  (mm-set-handle-multipart-parameter
                   mm-security-handle 'gnus-details
                   (with-current-buffer " *mailcrypt stderr temp"
                     (buffer-string))))
              (if (get-buffer " *mailcrypt stdout temp")
                  (kill-buffer " *mailcrypt stdout temp"))
              (if (get-buffer " *mailcrypt stderr temp")
                  (kill-buffer " *mailcrypt stderr temp"))
              (if (get-buffer " *mailcrypt status temp")
                  (kill-buffer " *mailcrypt status temp"))
              (if (get-buffer mc-gpg-debug-buffer)
                  (kill-buffer mc-gpg-debug-buffer)))
          (error
           (mm-set-handle-multipart-parameter
            mm-security-handle 'gnus-details (mml2015-format-error err))
           nil)
          (quit
           (mm-set-handle-multipart-parameter
            mm-security-handle 'gnus-details "Quit.")
           nil))
        (mm-set-handle-multipart-parameter
         mm-security-handle 'gnus-info "OK")
      (mm-set-handle-multipart-parameter
       mm-security-handle 'gnus-info "Failed"))))

(defun mml2015-mailcrypt-sign (cont)
  (mc-sign-generic (message-options-get 'message-sender)
                   nil nil nil nil)
  (let ((boundary (mml-compute-boundary cont))
        hash point)
    (goto-char (point-min))
    (unless (re-search-forward "^-----BEGIN PGP SIGNED MESSAGE-----\r?$" nil t)
      (error "Cannot find signed begin line"))
    (goto-char (match-beginning 0))
    (forward-line 1)
    (unless (looking-at "Hash:[ \t]*\\([a-zA-Z0-9]+\\)")
      (error "Cannot not find PGP hash"))
    (setq hash (match-string 1))
    (unless (re-search-forward "^$" nil t)
      (error "Cannot not find PGP message"))
    (forward-line 1)
    (delete-region (point-min) (point))
    (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n"
                    boundary))
    (insert (format "\tmicalg=pgp-%s; protocol=\"application/pgp-signature\"\n"
                    (downcase hash)))
    (insert (format "\n--%s\n" boundary))
    (setq point (point))
    (goto-char (point-max))
    (unless (re-search-backward "^-----END PGP SIGNATURE-----\r?$" nil t)
      (error "Cannot find signature part"))
    (replace-match "-----END PGP MESSAGE-----" t t)
    (goto-char (match-beginning 0))
    (unless (re-search-backward "^-----BEGIN PGP SIGNATURE-----\r?$"
                                nil t)