;;; mml-sec.el --- A package with security functions for MML documents
-;; Copyright (C) 2000 Free Software Foundation, Inc.
+
+;; Copyright (C) 2000-2015 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
-;; This file is not part of GNU Emacs, but the same permissions apply.
-;; GNU Emacs is free software; you can redistribute it and/or modify
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
-;; the Free Software Foundation; either version 2, or (at your option)
-;; any later version.
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;; You should have received a copy of the GNU General Public License
-;; along with GNU Emacs; see the file COPYING. If not, write to the
-;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-;; Boston, MA 02111-1307, USA.
+;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
;;; Commentary:
;;; Code:
-(require 'smime)
-(require 'mml2015)
(eval-when-compile (require 'cl))
+(autoload 'gnus-subsetp "gnus-util")
+(autoload 'mail-strip-quoted-names "mail-utils")
+(autoload 'mml2015-sign "mml2015")
+(autoload 'mml2015-encrypt "mml2015")
+(autoload 'mml1991-sign "mml1991")
+(autoload 'mml1991-encrypt "mml1991")
+(autoload 'message-fetch-field "message")
+(autoload 'message-goto-body "message")
+(autoload 'mml-insert-tag "mml")
+(autoload 'mml-smime-sign "mml-smime")
+(autoload 'mml-smime-encrypt "mml-smime")
+(autoload 'mml-smime-sign-query "mml-smime")
+(autoload 'mml-smime-encrypt-query "mml-smime")
+(autoload 'mml-smime-verify "mml-smime")
+(autoload 'mml-smime-verify-test "mml-smime")
+
(defvar mml-sign-alist
- '(("smime" mml-smime-sign-buffer mml-secure-part-smime-sign)
+ '(("smime" mml-smime-sign-buffer mml-smime-sign-query)
+ ("pgp" mml-pgp-sign-buffer list)
+ ("pgpauto" mml-pgpauto-sign-buffer list)
("pgpmime" mml-pgpmime-sign-buffer list))
"Alist of MIME signer functions.")
-(defvar mml-default-sign-method (caar mml-sign-alist)
- "Default sign method.")
+(defcustom mml-default-sign-method "pgpmime"
+ "Default sign method.
+The string must have an entry in `mml-sign-alist'."
+ :version "22.1"
+ :type '(choice (const "smime")
+ (const "pgp")
+ (const "pgpauto")
+ (const "pgpmime")
+ string)
+ :group 'message)
(defvar mml-encrypt-alist
- '(("smime" mml-smime-encrypt-buffer mml-secure-part-smime-encrypt)
+ '(("smime" mml-smime-encrypt-buffer mml-smime-encrypt-query)
+ ("pgp" mml-pgp-encrypt-buffer list)
+ ("pgpauto" mml-pgpauto-sign-buffer list)
("pgpmime" mml-pgpmime-encrypt-buffer list))
"Alist of MIME encryption functions.")
-(defvar mml-default-encrypt-method (caar mml-encrypt-alist)
- "Default encryption method.")
+(defcustom mml-default-encrypt-method "pgpmime"
+ "Default encryption method.
+The string must have an entry in `mml-encrypt-alist'."
+ :version "22.1"
+ :type '(choice (const "smime")
+ (const "pgp")
+ (const "pgpauto")
+ (const "pgpmime")
+ string)
+ :group 'message)
+
+(defcustom mml-signencrypt-style-alist
+ '(("smime" separate)
+ ("pgp" combined)
+ ("pgpauto" combined)
+ ("pgpmime" combined))
+ "Alist specifying if `signencrypt' results in two separate operations or not.
+The first entry indicates the MML security type, valid entries include
+the strings \"smime\", \"pgp\", and \"pgpmime\". The second entry is
+a symbol `separate' or `combined' where `separate' means that MML signs
+and encrypt messages in a two step process, and `combined' means that MML
+signs and encrypt the message in one step.
+
+Note that the output generated by using a `combined' mode is NOT
+understood by all PGP implementations, in particular PGP version
+2 does not support it! See Info node `(message)Security' for
+details."
+ :version "22.1"
+ :group 'message
+ :type '(repeat (list (choice (const :tag "S/MIME" "smime")
+ (const :tag "PGP" "pgp")
+ (const :tag "PGP/MIME" "pgpmime")
+ (string :tag "User defined"))
+ (choice (const :tag "Separate" separate)
+ (const :tag "Combined" combined)))))
+
+(defcustom mml-secure-verbose nil
+ "If non-nil, ask the user about the current operation more verbosely."
+ :group 'message
+ :type 'boolean)
+
+(defcustom mml-secure-cache-passphrase
+ (if (boundp 'password-cache)
+ password-cache
+ t)
+ "If t, cache passphrase."
+ :group 'message
+ :type 'boolean)
+
+(defcustom mml-secure-passphrase-cache-expiry
+ (if (boundp 'password-cache-expiry)
+ password-cache-expiry
+ 16)
+ "How many seconds the passphrase is cached.
+Whether the passphrase is cached at all is controlled by
+`mml-secure-cache-passphrase'."
+ :group 'message
+ :type 'integer)
+
+(defcustom mml-secure-safe-bcc-list nil
+ "List of e-mail addresses that are safe to use in Bcc headers.
+EasyPG encrypts e-mails to Bcc addresses, and the encrypted e-mail
+by default identifies the used encryption keys, giving away the
+Bcc'ed identities. Clearly, this contradicts the original goal of
+*blind* copies.
+For an academic paper explaining the problem, see URL
+`http://crypto.stanford.edu/portia/papers/bb-bcc.pdf'.
+Use this variable to specify e-mail addresses whose owners do not
+mind if they are identifiable as recipients. This may be useful if
+you use Bcc headers to encrypt e-mails to yourself."
+ :version "25.1"
+ :group 'message
+ :type '(repeat string))
+
+;;; Configuration/helper functions
+
+(defun mml-signencrypt-style (method &optional style)
+ "Function for setting/getting the signencrypt-style used. Takes two
+arguments, the method (e.g. \"pgp\") and optionally the mode
+\(e.g. combined). If the mode is omitted, the current value is returned.
+
+For example, if you prefer to use combined sign & encrypt with
+smime, putting the following in your Gnus startup file will
+enable that behavior:
+
+\(mml-set-signencrypt-style \"smime\" combined)
+
+You can also customize or set `mml-signencrypt-style-alist' instead."
+ (let ((style-item (assoc method mml-signencrypt-style-alist)))
+ (if style-item
+ (if (or (eq style 'separate)
+ (eq style 'combined))
+ ;; valid style setting?
+ (setf (second style-item) style)
+ ;; otherwise, just return the current value
+ (second style-item))
+ (message "Warning, attempt to set invalid signencrypt style"))))
;;; Security functions
(defun mml-smime-sign-buffer (cont)
- (or (smime-sign-buffer (cdr (assq 'keyfile cont)))
+ (or (mml-smime-sign cont)
+ (error "Signing failed... inspect message logs for errors")))
+
+(defun mml-smime-encrypt-buffer (cont &optional sign)
+ (when sign
+ (message "Combined sign and encrypt S/MIME not support yet")
+ (sit-for 1))
+ (or (mml-smime-encrypt cont)
+ (error "Encryption failed... inspect message logs for errors")))
+
+(defun mml-pgp-sign-buffer (cont)
+ (or (mml1991-sign cont)
(error "Signing failed... inspect message logs for errors")))
-(defun mml-smime-encrypt-buffer (cont)
- (let (certnames certfiles tmp file tmpfiles)
- (while (setq tmp (pop cont))
- (if (and (consp tmp) (eq (car tmp) 'certfile))
- (push (cdr tmp) certnames)))
- (while (setq tmp (pop certnames))
- (if (not (and (not (file-exists-p tmp))
- (get-buffer tmp)))
- (push tmp certfiles)
- (setq file (make-temp-name mm-tmp-directory))
- (with-current-buffer tmp
- (write-region (point-min) (point-max) file))
- (push file certfiles)
- (push file tmpfiles)))
- (if (smime-encrypt-buffer certfiles)
- (while (setq tmp (pop tmpfiles))
- (delete-file tmp))
- (while (setq tmp (pop tmpfiles))
- (delete-file tmp))
- (error "Encryption failed... inspect message logs for errors"))))
+(defun mml-pgp-encrypt-buffer (cont &optional sign)
+ (or (mml1991-encrypt cont sign)
+ (error "Encryption failed... inspect message logs for errors")))
(defun mml-pgpmime-sign-buffer (cont)
- (or (mml2015-mailcrypt-sign cont)
+ (or (mml2015-sign cont)
(error "Signing failed... inspect message logs for errors")))
-(defun mml-pgpmime-encrypt-buffer (cont)
- (or (mml2015-mailcrypt-encrypt cont)
+(defun mml-pgpmime-encrypt-buffer (cont &optional sign)
+ (or (mml2015-encrypt cont sign)
(error "Encryption failed... inspect message logs for errors")))
-(defun mml-secure-part-smime-sign ()
- (when (null smime-keys)
- (customize-variable 'smime-keys)
- (error "No S/MIME keys configured, use customize to add your key"))
- (list 'keyfile
- (if (= (length smime-keys) 1)
- (cadar smime-keys)
- (or (let ((from (cadr (funcall gnus-extract-address-components
- (or (save-excursion
- (save-restriction
- (message-narrow-to-headers)
- (message-fetch-field "from")))
- "")))))
- (and from (smime-get-key-by-email from)))
- (smime-get-key-by-email
- (completing-read "Sign this part with what signature? "
- smime-keys nil nil
- (and (listp (car-safe smime-keys))
- (caar smime-keys))))))))
-
-(defun mml-secure-part-smime-encrypt-by-file ()
- (ignore-errors
- (list 'certfile (read-file-name
- "File with recipient's S/MIME certificate: "
- smime-certificate-directory nil t ""))))
-
-
-(defun mml-secure-part-smime-encrypt-by-dns ()
- ;; todo: deal with comma separated multiple recipients
- (let (result who bad cert)
- (condition-case ()
- (while (not result)
- (setq who (read-from-minibuffer
- (format "%sLookup certificate for: " (or bad ""))
- (cadr (funcall gnus-extract-address-components
- (or (save-excursion
- (save-restriction
- (message-narrow-to-headers)
- (message-fetch-field "to")))
- "")))))
- (if (setq cert (smime-cert-by-dns who))
- (setq result (list 'certfile (buffer-name cert)))
- (setq bad (format "`%s' not found. " who))))
- (quit))
- result))
-
-(defun mml-secure-part-smime-encrypt ()
- ;; todo: add ldap support (xemacs ldap api?)
- ;; todo: try dns/ldap automatically first, before prompting user
- (let (certs done)
- (while (not done)
- (ecase (read (gnus-completing-read "dns" "Fetch certificate from"
- '(("dns") ("file")) nil t))
- (dns (setq certs (append certs
- (mml-secure-part-smime-encrypt-by-dns))))
- (file (setq certs (append certs
- (mml-secure-part-smime-encrypt-by-file)))))
- (setq done (not (y-or-n-p "Add more recipients? "))))
- certs))
+(defun mml-pgpauto-sign-buffer (cont)
+ (message-goto-body)
+ (or (if (re-search-backward "Content-Type: *multipart/.*" nil t) ; there must be a better way...
+ (mml2015-sign cont)
+ (mml1991-sign cont))
+ (error "Encryption failed... inspect message logs for errors")))
+
+(defun mml-pgpauto-encrypt-buffer (cont &optional sign)
+ (message-goto-body)
+ (or (if (re-search-backward "Content-Type: *multipart/.*" nil t) ; there must be a better way...
+ (mml2015-encrypt cont sign)
+ (mml1991-encrypt cont sign))
+ (error "Encryption failed... inspect message logs for errors")))
(defun mml-secure-part (method &optional sign)
(save-excursion
(when (string-match "[\"'\\~/*;() \t\n]" value)
(setq value (prin1-to-string value)))
(insert (format " %s=%s" key value))))))
- ((or (re-search-backward
+ ((or (re-search-backward
(concat "^" (regexp-quote mail-header-separator) "\n") nil t)
(re-search-forward
(concat "^" (regexp-quote mail-header-separator) "\n") nil t))
(goto-char (match-end 0))
(apply 'mml-insert-tag 'part (cons (if sign 'sign 'encrypt)
(cons method tags))))
- (t (error "Can't find where this part begin"))))))
+ (t (error "The message is corrupted. No mail header separator"))))))
+
+(defvar mml-secure-method
+ (if (equal mml-default-encrypt-method mml-default-sign-method)
+ mml-default-sign-method
+ "pgpmime")
+ "Current security method. Internal variable.")
+
+(defun mml-secure-sign (&optional method)
+ "Add MML tags to sign this MML part.
+Use METHOD if given. Else use `mml-secure-method' or
+`mml-default-sign-method'."
+ (interactive)
+ (mml-secure-part
+ (or method mml-secure-method mml-default-sign-method)
+ 'sign))
+
+(defun mml-secure-encrypt (&optional method)
+ "Add MML tags to encrypt this MML part.
+Use METHOD if given. Else use `mml-secure-method' or
+`mml-default-sign-method'."
+ (interactive)
+ (mml-secure-part
+ (or method mml-secure-method mml-default-sign-method)))
+
+(defun mml-secure-sign-pgp ()
+ "Add MML tags to PGP sign this MML part."
+ (interactive)
+ (mml-secure-part "pgp" 'sign))
+
+(defun mml-secure-sign-pgpauto ()
+ "Add MML tags to PGP-auto sign this MML part."
+ (interactive)
+ (mml-secure-part "pgpauto" 'sign))
(defun mml-secure-sign-pgpmime ()
"Add MML tags to PGP/MIME sign this MML part."
(interactive)
(mml-secure-part "smime" 'sign))
+(defun mml-secure-encrypt-pgp ()
+ "Add MML tags to PGP encrypt this MML part."
+ (interactive)
+ (mml-secure-part "pgp"))
+
(defun mml-secure-encrypt-pgpmime ()
"Add MML tags to PGP/MIME encrypt this MML part."
(interactive)
(interactive)
(mml-secure-part "smime"))
+(defun mml-secure-is-encrypted-p ()
+ "Check whether secure encrypt tag is present."
+ (save-excursion
+ (goto-char (point-min))
+ (re-search-forward
+ (concat "^" (regexp-quote mail-header-separator) "\n"
+ "<#secure[^>]+encrypt")
+ nil t)))
+
+(defun mml-secure-bcc-is-safe ()
+ "Check whether usage of Bcc is safe (or absent).
+Bcc usage is safe in two cases: first, if the current message does
+not contain an MML secure encrypt tag;
+second, if the Bcc addresses are a subset of `mml-secure-safe-bcc-list'.
+In all other cases, ask the user whether Bcc usage is safe.
+Raise error if user answers no.
+Note that this function does not produce a meaningful return value:
+either an error is raised or not."
+ (when (mml-secure-is-encrypted-p)
+ (let ((bcc (mail-strip-quoted-names (message-fetch-field "bcc"))))
+ (when bcc
+ (let ((bcc-list (mapcar #'cadr
+ (mail-extract-address-components bcc t))))
+ (unless (gnus-subsetp bcc-list mml-secure-safe-bcc-list)
+ (unless (yes-or-no-p "Message for encryption contains Bcc header.\
+ This may give away all Bcc'ed identities to all recipients.\
+ Are you sure that this is safe?\
+ (Customize `mml-secure-safe-bcc-list' to avoid this warning.) ")
+ (error "Aborted"))))))))
+
+;; defuns that add the proper <#secure ...> tag to the top of the message body
+(defun mml-secure-message (method &optional modesym)
+ (let ((mode (prin1-to-string modesym))
+ (tags (append
+ (if (or (eq modesym 'sign)
+ (eq modesym 'signencrypt))
+ (funcall (nth 2 (assoc method mml-sign-alist))))
+ (if (or (eq modesym 'encrypt)
+ (eq modesym 'signencrypt))
+ (funcall (nth 2 (assoc method mml-encrypt-alist))))))
+ insert-loc)
+ (mml-unsecure-message)
+ (save-excursion
+ (goto-char (point-min))
+ (cond ((re-search-forward
+ (concat "^" (regexp-quote mail-header-separator) "\n") nil t)
+ (goto-char (setq insert-loc (match-end 0)))
+ (unless (looking-at "<#secure")
+ (apply 'mml-insert-tag
+ 'secure 'method method 'mode mode tags)))
+ (t (error
+ "The message is corrupted. No mail header separator"))))
+ (when (eql insert-loc (point))
+ (forward-line 1))))
+
+(defun mml-unsecure-message ()
+ "Remove security related MML tags from message."
+ (interactive)
+ (save-excursion
+ (goto-char (point-max))
+ (when (re-search-backward "^<#secure.*>\n" nil t)
+ (delete-region (match-beginning 0) (match-end 0)))))
+
+
+(defun mml-secure-message-sign (&optional method)
+ "Add MML tags to sign the entire message.
+Use METHOD if given. Else use `mml-secure-method' or
+`mml-default-sign-method'."
+ (interactive)
+ (mml-secure-message
+ (or method mml-secure-method mml-default-sign-method)
+ 'sign))
+
+(defun mml-secure-message-sign-encrypt (&optional method)
+ "Add MML tag to sign and encrypt the entire message.
+Use METHOD if given. Else use `mml-secure-method' or
+`mml-default-sign-method'."
+ (interactive)
+ (mml-secure-message
+ (or method mml-secure-method mml-default-sign-method)
+ 'signencrypt))
+
+(defun mml-secure-message-encrypt (&optional method)
+ "Add MML tag to encrypt the entire message.
+Use METHOD if given. Else use `mml-secure-method' or
+`mml-default-sign-method'."
+ (interactive)
+ (mml-secure-message
+ (or method mml-secure-method mml-default-sign-method)
+ 'encrypt))
+
+(defun mml-secure-message-sign-smime ()
+ "Add MML tag to encrypt/sign the entire message."
+ (interactive)
+ (mml-secure-message "smime" 'sign))
+
+(defun mml-secure-message-sign-pgp ()
+ "Add MML tag to encrypt/sign the entire message."
+ (interactive)
+ (mml-secure-message "pgp" 'sign))
+
+(defun mml-secure-message-sign-pgpmime ()
+ "Add MML tag to encrypt/sign the entire message."
+ (interactive)
+ (mml-secure-message "pgpmime" 'sign))
+
+(defun mml-secure-message-sign-pgpauto ()
+ "Add MML tag to encrypt/sign the entire message."
+ (interactive)
+ (mml-secure-message "pgpauto" 'sign))
+
+(defun mml-secure-message-encrypt-smime (&optional dontsign)
+ "Add MML tag to encrypt and sign the entire message.
+If called with a prefix argument, only encrypt (do NOT sign)."
+ (interactive "P")
+ (mml-secure-message "smime" (if dontsign 'encrypt 'signencrypt)))
+
+(defun mml-secure-message-encrypt-pgp (&optional dontsign)
+ "Add MML tag to encrypt and sign the entire message.
+If called with a prefix argument, only encrypt (do NOT sign)."
+ (interactive "P")
+ (mml-secure-message "pgp" (if dontsign 'encrypt 'signencrypt)))
+
+(defun mml-secure-message-encrypt-pgpmime (&optional dontsign)
+ "Add MML tag to encrypt and sign the entire message.
+If called with a prefix argument, only encrypt (do NOT sign)."
+ (interactive "P")
+ (mml-secure-message "pgpmime" (if dontsign 'encrypt 'signencrypt)))
+
+(defun mml-secure-message-encrypt-pgpauto (&optional dontsign)
+ "Add MML tag to encrypt and sign the entire message.
+If called with a prefix argument, only encrypt (do NOT sign)."
+ (interactive "P")
+ (mml-secure-message "pgpauto" (if dontsign 'encrypt 'signencrypt)))
+
(provide 'mml-sec)
;;; mml-sec.el ends here
projects / gnus / blobdiff