sign_message()

Cryptographically sign the Body of a message. More...

Collaboration diagram for sign_message():

Functions
struct Body *	pgp_gpgme_sign_message (struct Body *a, const struct AddressList *from)
	Implements CryptModuleSpecs::sign_message() -. More...
struct Body *	smime_gpgme_sign_message (struct Body *a, const struct AddressList *from)
	Implements CryptModuleSpecs::sign_message() -. More...
struct Body *	pgp_class_sign_message (struct Body *a, const struct AddressList *from)
	Implements CryptModuleSpecs::sign_message() -. More...
struct Body *	smime_class_sign_message (struct Body *a, const struct AddressList *from)
	Implements CryptModuleSpecs::sign_message() -. More...

Detailed Description

Cryptographically sign the Body of a message.

Parameters

a	Body of the message
from	From line

Return values

ptr	New encrypted Body
NULL	Error

Function Documentation

pgp_gpgme_sign_message()

struct Body * pgp_gpgme_sign_message	(	struct Body *	a,
		const struct AddressList *	from
	)

Implements CryptModuleSpecs::sign_message() -.

Definition at line 1015 of file crypt_gpgme.c.

{
  return sign_message(a, from, false);
}

Here is the call graph for this function:

smime_gpgme_sign_message()

struct Body * smime_gpgme_sign_message	(	struct Body *	a,
		const struct AddressList *	from
	)

Implements CryptModuleSpecs::sign_message() -.

Definition at line 1023 of file crypt_gpgme.c.

{
  return sign_message(a, from, true);
}

Here is the call graph for this function:

pgp_class_sign_message()

struct Body * pgp_class_sign_message	(	struct Body *	a,
		const struct AddressList *	from
	)

Implements CryptModuleSpecs::sign_message() -.

Definition at line 1315 of file pgp.c.

{
  struct Body *t = NULL, *rv = NULL;
  char buf[1024] = { 0 };
  FILE *fp_pgp_in = NULL, *fp_pgp_out = NULL, *fp_pgp_err = NULL, *fp_signed = NULL;
  bool err = false;
  bool empty = true;
  pid_t pid;
  struct Buffer *sigfile = mutt_buffer_pool_get();
  struct Buffer *signedfile = mutt_buffer_pool_get();
 
  crypt_convert_to_7bit(a); /* Signed data _must_ be in 7-bit format. */
 
  mutt_buffer_mktemp(sigfile);
  FILE *fp_sig = mutt_file_fopen(mutt_buffer_string(sigfile), "w");
  if (!fp_sig)
  {
    goto cleanup;
  }
 
  mutt_buffer_mktemp(signedfile);
  fp_signed = mutt_file_fopen(mutt_buffer_string(signedfile), "w");
  if (!fp_signed)
  {
    mutt_perror(mutt_buffer_string(signedfile));
    mutt_file_fclose(&fp_sig);
    unlink(mutt_buffer_string(sigfile));
    goto cleanup;
  }
 
  mutt_write_mime_header(a, fp_signed, NeoMutt->sub);
  fputc('\n', fp_signed);
  mutt_write_mime_body(a, fp_signed, NeoMutt->sub);
  mutt_file_fclose(&fp_signed);
 
  pid = pgp_invoke_sign(&fp_pgp_in, &fp_pgp_out, &fp_pgp_err, -1, -1, -1,
                        mutt_buffer_string(signedfile));
  if (pid == -1)
  {
    mutt_perror(_("Can't open PGP subprocess"));
    mutt_file_fclose(&fp_sig);
    unlink(mutt_buffer_string(sigfile));
    unlink(mutt_buffer_string(signedfile));
    goto cleanup;
  }
 
  if (!pgp_use_gpg_agent())
    fputs(PgpPass, fp_pgp_in);
  fputc('\n', fp_pgp_in);
  mutt_file_fclose(&fp_pgp_in);
 
  /* Read back the PGP signature.  Also, change MESSAGE=>SIGNATURE as
   * recommended for future releases of PGP.  */
  while (fgets(buf, sizeof(buf) - 1, fp_pgp_out))
  {
    if (mutt_str_equal("-----BEGIN PGP MESSAGE-----\n", buf))
      fputs("-----BEGIN PGP SIGNATURE-----\n", fp_sig);
    else if (mutt_str_equal("-----END PGP MESSAGE-----\n", buf))
      fputs("-----END PGP SIGNATURE-----\n", fp_sig);
    else
      fputs(buf, fp_sig);
    empty = false; /* got some output, so we're ok */
  }
 
  /* check for errors from PGP */
  err = false;
  while (fgets(buf, sizeof(buf) - 1, fp_pgp_err))
  {
    err = true;
    fputs(buf, stdout);
  }
 
  const bool c_pgp_check_exit = cs_subset_bool(NeoMutt->sub, "pgp_check_exit");
  if (filter_wait(pid) && c_pgp_check_exit)
    empty = true;
 
  mutt_file_fclose(&fp_pgp_err);
  mutt_file_fclose(&fp_pgp_out);
  unlink(mutt_buffer_string(signedfile));
 
  if (mutt_file_fclose(&fp_sig) != 0)
  {
    mutt_perror("fclose");
    unlink(mutt_buffer_string(sigfile));
    goto cleanup;
  }
 
  if (err)
    mutt_any_key_to_continue(NULL);
  if (empty)
  {
    unlink(mutt_buffer_string(sigfile));
    /* most likely error is a bad passphrase, so automatically forget it */
    pgp_class_void_passphrase();
    goto cleanup; /* fatal error while signing */
  }
 
  t = mutt_body_new();
  t->type = TYPE_MULTIPART;
  t->subtype = mutt_str_dup("signed");
  t->encoding = ENC_7BIT;
  t->use_disp = false;
  t->disposition = DISP_INLINE;
  rv = t;
 
  mutt_generate_boundary(&t->parameter);
  mutt_param_set(&t->parameter, "protocol", "application/pgp-signature");
  mutt_param_set(&t->parameter, "micalg", pgp_micalg(mutt_buffer_string(sigfile)));
 
  t->parts = a;
 
  t->parts->next = mutt_body_new();
  t = t->parts->next;
  t->type = TYPE_APPLICATION;
  t->subtype = mutt_str_dup("pgp-signature");
  t->filename = mutt_buffer_strdup(sigfile);
  t->use_disp = false;
  t->disposition = DISP_NONE;
  t->encoding = ENC_7BIT;
  t->unlink = true; /* ok to remove this file after sending. */
  mutt_param_set(&t->parameter, "name", "signature.asc");
 
cleanup:
  mutt_buffer_pool_release(&sigfile);
  mutt_buffer_pool_release(&signedfile);
  return rv;
}

Here is the call graph for this function:

smime_class_sign_message()

struct Body * smime_class_sign_message	(	struct Body *	a,
		const struct AddressList *	from
	)

Implements CryptModuleSpecs::sign_message() -.

Definition at line 1519 of file smime.c.

{
  struct Body *t = NULL;
  struct Body *retval = NULL;
  char buf[1024] = { 0 };
  struct Buffer *filetosign = NULL, *signedfile = NULL;
  FILE *fp_smime_in = NULL, *fp_smime_out = NULL, *fp_smime_err = NULL, *fp_sign = NULL;
  int err = 0;
  int empty = 0;
  pid_t pid;
  const char *intermediates = NULL;
 
  const char *const c_smime_sign_as = cs_subset_string(NeoMutt->sub, "smime_sign_as");
  const char *const c_smime_default_key = cs_subset_string(NeoMutt->sub, "smime_default_key");
  const char *signas = c_smime_sign_as ? c_smime_sign_as : c_smime_default_key;
  if (!signas || (*signas == '\0'))
  {
    mutt_error(_("Can't sign: No key specified. Use Sign As."));
    return NULL;
  }
 
  crypt_convert_to_7bit(a); /* Signed data _must_ be in 7-bit format. */
 
  filetosign = mutt_buffer_pool_get();
  signedfile = mutt_buffer_pool_get();
 
  mutt_buffer_mktemp(filetosign);
  fp_sign = mutt_file_fopen(mutt_buffer_string(filetosign), "w+");
  if (!fp_sign)
  {
    mutt_perror(mutt_buffer_string(filetosign));
    goto cleanup;
  }
 
  mutt_buffer_mktemp(signedfile);
  fp_smime_out = mutt_file_fopen(mutt_buffer_string(signedfile), "w+");
  if (!fp_smime_out)
  {
    mutt_perror(mutt_buffer_string(signedfile));
    goto cleanup;
  }
 
  mutt_write_mime_header(a, fp_sign, NeoMutt->sub);
  fputc('\n', fp_sign);
  mutt_write_mime_body(a, fp_sign, NeoMutt->sub);
  mutt_file_fclose(&fp_sign);
 
  const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
  const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
  mutt_buffer_printf(&SmimeKeyToUse, "%s/%s", NONULL(c_smime_keys), signas);
  mutt_buffer_printf(&SmimeCertToUse, "%s/%s", NONULL(c_smime_certificates), signas);
 
  struct SmimeKey *signas_key = smime_get_key_by_hash(signas, 1);
  if (!signas_key || mutt_str_equal("?", signas_key->issuer))
    intermediates = signas; /* so openssl won't complain in any case */
  else
    intermediates = signas_key->issuer;
 
  mutt_buffer_printf(&SmimeIntermediateToUse, "%s/%s",
                     NONULL(c_smime_certificates), intermediates);
 
  smime_key_free(&signas_key);
 
  pid = smime_invoke_sign(&fp_smime_in, NULL, &fp_smime_err, -1,
                          fileno(fp_smime_out), -1, mutt_buffer_string(filetosign));
  if (pid == -1)
  {
    mutt_perror(_("Can't open OpenSSL subprocess"));
    mutt_file_unlink(mutt_buffer_string(filetosign));
    goto cleanup;
  }
  fputs(SmimePass, fp_smime_in);
  fputc('\n', fp_smime_in);
  mutt_file_fclose(&fp_smime_in);
 
  filter_wait(pid);
 
  /* check for errors from OpenSSL */
  err = 0;
  fflush(fp_smime_err);
  rewind(fp_smime_err);
  while (fgets(buf, sizeof(buf) - 1, fp_smime_err))
  {
    err = 1;
    fputs(buf, stdout);
  }
  mutt_file_fclose(&fp_smime_err);
 
  fflush(fp_smime_out);
  rewind(fp_smime_out);
  empty = (fgetc(fp_smime_out) == EOF);
  mutt_file_fclose(&fp_smime_out);
 
  mutt_file_unlink(mutt_buffer_string(filetosign));
 
  if (err)
    mutt_any_key_to_continue(NULL);
 
  if (empty)
  {
    mutt_any_key_to_continue(_("No output from OpenSSL..."));
    mutt_file_unlink(mutt_buffer_string(signedfile));
    goto cleanup; /* fatal error while signing */
  }
 
  t = mutt_body_new();
  t->type = TYPE_MULTIPART;
  t->subtype = mutt_str_dup("signed");
  t->encoding = ENC_7BIT;
  t->use_disp = false;
  t->disposition = DISP_INLINE;
 
  mutt_generate_boundary(&t->parameter);
 
  const char *const c_smime_sign_digest_alg = cs_subset_string(NeoMutt->sub, "smime_sign_digest_alg");
  char *micalg = openssl_md_to_smime_micalg(c_smime_sign_digest_alg);
  mutt_param_set(&t->parameter, "micalg", micalg);
  FREE(&micalg);
 
  mutt_param_set(&t->parameter, "protocol", "application/pkcs7-signature");
 
  t->parts = a;
  retval = t;
 
  t->parts->next = mutt_body_new();
  t = t->parts->next;
  t->type = TYPE_APPLICATION;
  t->subtype = mutt_str_dup("pkcs7-signature");
  t->filename = mutt_buffer_strdup(signedfile);
  t->d_filename = mutt_str_dup("smime.p7s");
  t->use_disp = true;
  t->disposition = DISP_ATTACH;
  t->encoding = ENC_BASE64;
  t->unlink = true; /* ok to remove this file after sending. */
 
cleanup:
  if (fp_sign)
  {
    mutt_file_fclose(&fp_sign);
    mutt_file_unlink(mutt_buffer_string(filetosign));
  }
  if (fp_smime_out)
  {
    mutt_file_fclose(&fp_smime_out);
    mutt_file_unlink(mutt_buffer_string(signedfile));
  }
  mutt_buffer_pool_release(&filetosign);
  mutt_buffer_pool_release(&signedfile);
  return retval;
}

Here is the call graph for this function: