lib.h File Reference

API for encryption/signing of emails. More...

#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>

Include dependency graph for lib.h:

Go to the source code of this file.

Macros
#define	SEC_NO_FLAGS   0
	No flags are set. More...
#define	SEC_ENCRYPT   (1 << 0)
	Email is encrypted. More...
#define	SEC_SIGN   (1 << 1)
	Email is signed. More...
#define	SEC_GOODSIGN   (1 << 2)
	Email has a valid signature. More...
#define	SEC_BADSIGN   (1 << 3)
	Email has a bad signature. More...
#define	SEC_PARTSIGN   (1 << 4)
	Not all parts of the email is signed. More...
#define	SEC_SIGNOPAQUE   (1 << 5)
	Email has an opaque signature (encrypted) More...
#define	SEC_KEYBLOCK   (1 << 6)
	Email has a key attached. More...
#define	SEC_INLINE   (1 << 7)
	Email has an inline signature. More...
#define	SEC_OPPENCRYPT   (1 << 8)
	Opportunistic encrypt mode. More...
#define	SEC_AUTOCRYPT   (1 << 9)
	(Autocrypt) Message will be, or was Autocrypt encrypt+signed More...
#define	SEC_AUTOCRYPT_OVERRIDE   (1 << 10)
	(Autocrypt) Indicates manual set/unset of encryption More...
#define	APPLICATION_PGP   (1 << 11)
	Use PGP to encrypt/sign. More...
#define	APPLICATION_SMIME   (1 << 12)
	Use SMIME to encrypt/sign. More...
#define	PGP_TRADITIONAL_CHECKED   (1 << 13)
	Email has a traditional (inline) signature. More...
#define	SEC_ALL_FLAGS   ((1 << 14) - 1)
#define	PGP_ENCRYPT   (APPLICATION_PGP | SEC_ENCRYPT)
#define	PGP_SIGN   (APPLICATION_PGP | SEC_SIGN)
#define	PGP_GOODSIGN   (APPLICATION_PGP | SEC_GOODSIGN)
#define	PGP_KEY   (APPLICATION_PGP | SEC_KEYBLOCK)
#define	PGP_INLINE   (APPLICATION_PGP | SEC_INLINE)
#define	SMIME_ENCRYPT   (APPLICATION_SMIME | SEC_ENCRYPT)
#define	SMIME_SIGN   (APPLICATION_SMIME | SEC_SIGN)
#define	SMIME_GOODSIGN   (APPLICATION_SMIME | SEC_GOODSIGN)
#define	SMIME_BADSIGN   (APPLICATION_SMIME | SEC_BADSIGN)
#define	SMIME_OPAQUE   (APPLICATION_SMIME | SEC_SIGNOPAQUE)
#define	WithCrypto   (APPLICATION_PGP | APPLICATION_SMIME)
#define	KEYFLAG_NO_FLAGS   0
	No flags are set. More...
#define	KEYFLAG_CANSIGN   (1 << 0)
	Key is suitable for signing. More...
#define	KEYFLAG_CANENCRYPT   (1 << 1)
	Key is suitable for encryption. More...
#define	KEYFLAG_ISX509   (1 << 2)
	Key is an X.509 key. More...
#define	KEYFLAG_SECRET   (1 << 7)
	Key is a secret key. More...
#define	KEYFLAG_EXPIRED   (1 << 8)
	Key is expired. More...
#define	KEYFLAG_REVOKED   (1 << 9)
	Key is revoked. More...
#define	KEYFLAG_DISABLED   (1 << 10)
	Key is marked disabled. More...
#define	KEYFLAG_SUBKEY   (1 << 11)
	Key is a subkey. More...
#define	KEYFLAG_CRITICAL   (1 << 12)
	Key is marked critical. More...
#define	KEYFLAG_PREFER_ENCRYPTION   (1 << 13)
	Key's owner prefers encryption. More...
#define	KEYFLAG_PREFER_SIGNING   (1 << 14)
	Key's owner prefers signing. More...
#define	KEYFLAG_CANTUSE   (KEYFLAG_DISABLED | KEYFLAG_REVOKED | KEYFLAG_EXPIRED)
#define	KEYFLAG_RESTRICTIONS   (KEYFLAG_CANTUSE | KEYFLAG_CRITICAL)
#define	KEYFLAG_ABILITIES   (KEYFLAG_CANSIGN | KEYFLAG_CANENCRYPT | KEYFLAG_PREFER_ENCRYPTION | KEYFLAG_PREFER_SIGNING)

Typedefs
typedef uint16_t	SecurityFlags
	Flags, e.g. SEC_ENCRYPT. More...
typedef uint16_t	KeyFlags
	Flags describing PGP/SMIME keys, e.g. KEYFLAG_CANSIGN. More...

Functions
void	crypt_extract_keys_from_messages (struct Mailbox *m, struct EmailList *el)
	Extract keys from a message. More...
void	crypt_forget_passphrase (void)
	Forget a passphrase and display a message. More...
int	crypt_get_keys (struct Email *e, char **keylist, bool oppenc_mode)
	Check we have all the keys we need. More...
void	crypt_opportunistic_encrypt (struct Email *e)
	Can all recipients be determined. More...
SecurityFlags	crypt_query (struct Body *m)
	Check out the type of encryption used. More...
bool	crypt_valid_passphrase (SecurityFlags flags)
	Check that we have a usable passphrase, ask if not. More...
SecurityFlags	mutt_is_application_pgp (struct Body *m)
	Does the message use PGP? More...
SecurityFlags	mutt_is_application_smime (struct Body *m)
	Does the message use S/MIME? More...
SecurityFlags	mutt_is_malformed_multipart_pgp_encrypted (struct Body *b)
	Check for malformed layout. More...
SecurityFlags	mutt_is_multipart_encrypted (struct Body *b)
	Does the message have encrypted parts? More...
SecurityFlags	mutt_is_multipart_signed (struct Body *b)
	Is a message signed? More...
int	mutt_is_valid_multipart_pgp_encrypted (struct Body *b)
	Is this a valid multi-part encrypted message? More...
int	mutt_protect (struct Email *e, char *keylist, bool postpone)
	Encrypt and/or sign a message. More...
int	mutt_protected_headers_handler (struct Body *m, struct State *s)
	Process a protected header - Implements handler_t. More...
bool	mutt_should_hide_protected_subject (struct Email *e)
	Should NeoMutt hide the protected subject? More...
int	mutt_signed_handler (struct Body *a, struct State *s)
	Verify a "multipart/signed" body - Implements handler_t. More...
void	crypt_cleanup (void)
	Clean up backend. More...
bool	crypt_has_module_backend (SecurityFlags type)
	Is there a crypto backend for a given type? More...
void	crypt_init (void)
	Initialise the crypto backends. More...
void	crypt_invoke_message (SecurityFlags type)
	Display an informative message. More...
int	crypt_pgp_application_handler (struct Body *m, struct State *s)
	Wrapper for CryptModuleSpecs::application_handler() More...
int	crypt_pgp_check_traditional (FILE *fp, struct Body *b, bool just_one)
	Wrapper for CryptModuleSpecs::pgp_check_traditional() More...
int	crypt_pgp_decrypt_mime (FILE *fp_in, FILE **fp_out, struct Body *b, struct Body **cur)
	Wrapper for CryptModuleSpecs::decrypt_mime() More...
int	crypt_pgp_encrypted_handler (struct Body *a, struct State *s)
	Wrapper for CryptModuleSpecs::encrypted_handler() More...
void	crypt_pgp_extract_key_from_attachment (FILE *fp, struct Body *top)
	Wrapper for CryptModuleSpecs::pgp_extract_key_from_attachment() More...
void	crypt_pgp_invoke_getkeys (struct Address *addr)
	Wrapper for CryptModuleSpecs::pgp_invoke_getkeys() More...
struct Body *	crypt_pgp_make_key_attachment (void)
	Wrapper for CryptModuleSpecs::pgp_make_key_attachment() More...
int	crypt_pgp_send_menu (struct Email *e)
	Wrapper for CryptModuleSpecs::send_menu() More...
int	crypt_smime_application_handler (struct Body *m, struct State *s)
	Wrapper for CryptModuleSpecs::application_handler() More...
int	crypt_smime_decrypt_mime (FILE *fp_in, FILE **fp_out, struct Body *b, struct Body **cur)
	Wrapper for CryptModuleSpecs::decrypt_mime() More...
void	crypt_smime_getkeys (struct Envelope *env)
	Wrapper for CryptModuleSpecs::smime_getkeys() More...
int	crypt_smime_send_menu (struct Email *e)
	Wrapper for CryptModuleSpecs::send_menu() More...
int	crypt_smime_verify_sender (struct Mailbox *m, struct Email *e)
	Wrapper for CryptModuleSpecs::smime_verify_sender() More...
void	crypto_module_free (void)
	Clean up the crypto modules. More...
void	pgp_gpgme_init (void)
	Implements CryptModuleSpecs::init() More...
int	mutt_gpgme_select_secret_key (struct Buffer *keyid)
	Select a private Autocrypt key for a new account. More...
const char *	mutt_gpgme_print_version (void)
	Get version of GPGME. More...

Variables
bool	C_CryptOpportunisticEncrypt
	Config: Enable encryption when the recipient's key is available. More...
bool	C_CryptProtectedHeadersRead
	Config: Display protected headers (Memory Hole) in the pager. More...
bool	C_CryptProtectedHeadersSave
	Config: Save the cleartext Subject with the headers. More...
unsigned char	C_CryptVerifySig
	Config: Verify PGP or SMIME signatures. More...
bool	C_PgpAutoDecode
	Config: Automatically decrypt PGP messages. More...
char *	C_PgpSignAs
	Config: Use this alternative key for signing messages. More...
char *	C_SmimeEncryptWith
	Config: Algorithm for encryption. More...
bool	C_SmimeIsDefault
	Config: Use SMIME rather than PGP by default. More...
char *	C_SmimeSignAs
	Config: Use this alternative key for signing messages. More...

Detailed Description

API for encryption/signing of emails.

Authors

• Werner Koch
• g10code GmbH
• Pietro Cerutti

Copyright

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file lib.h.

Macro Definition Documentation

SEC_NO_FLAGS

#define SEC_NO_FLAGS   0

No flags are set.

Definition at line 84 of file lib.h.

SEC_ENCRYPT

#define SEC_ENCRYPT   (1 << 0)

Email is encrypted.

Definition at line 85 of file lib.h.

SEC_SIGN

#define SEC_SIGN   (1 << 1)

Email is signed.

Definition at line 86 of file lib.h.

SEC_GOODSIGN

#define SEC_GOODSIGN   (1 << 2)

Email has a valid signature.

Definition at line 87 of file lib.h.

SEC_BADSIGN

#define SEC_BADSIGN   (1 << 3)

Email has a bad signature.

Definition at line 88 of file lib.h.

SEC_PARTSIGN

#define SEC_PARTSIGN   (1 << 4)

Not all parts of the email is signed.

Definition at line 89 of file lib.h.

SEC_SIGNOPAQUE

#define SEC_SIGNOPAQUE   (1 << 5)

Email has an opaque signature (encrypted)

Definition at line 90 of file lib.h.

SEC_KEYBLOCK

#define SEC_KEYBLOCK   (1 << 6)

Email has a key attached.

Definition at line 91 of file lib.h.

SEC_INLINE

#define SEC_INLINE   (1 << 7)

Email has an inline signature.

Definition at line 92 of file lib.h.

SEC_OPPENCRYPT

#define SEC_OPPENCRYPT   (1 << 8)

Opportunistic encrypt mode.

Definition at line 93 of file lib.h.

SEC_AUTOCRYPT

#define SEC_AUTOCRYPT   (1 << 9)

(Autocrypt) Message will be, or was Autocrypt encrypt+signed

Definition at line 94 of file lib.h.

SEC_AUTOCRYPT_OVERRIDE

#define SEC_AUTOCRYPT_OVERRIDE   (1 << 10)

(Autocrypt) Indicates manual set/unset of encryption

Definition at line 95 of file lib.h.

APPLICATION_PGP

#define APPLICATION_PGP   (1 << 11)

Use PGP to encrypt/sign.

Definition at line 97 of file lib.h.

APPLICATION_SMIME

#define APPLICATION_SMIME   (1 << 12)

Use SMIME to encrypt/sign.

Definition at line 98 of file lib.h.

PGP_TRADITIONAL_CHECKED

#define PGP_TRADITIONAL_CHECKED   (1 << 13)

Email has a traditional (inline) signature.

Definition at line 99 of file lib.h.

SEC_ALL_FLAGS

#define SEC_ALL_FLAGS   ((1 << 14) - 1)

Definition at line 101 of file lib.h.

PGP_ENCRYPT

#define PGP_ENCRYPT   (APPLICATION_PGP | SEC_ENCRYPT)

Definition at line 103 of file lib.h.

PGP_SIGN

#define PGP_SIGN   (APPLICATION_PGP | SEC_SIGN)

Definition at line 104 of file lib.h.

PGP_GOODSIGN

#define PGP_GOODSIGN   (APPLICATION_PGP | SEC_GOODSIGN)

Definition at line 105 of file lib.h.

PGP_KEY

#define PGP_KEY   (APPLICATION_PGP | SEC_KEYBLOCK)

Definition at line 106 of file lib.h.

PGP_INLINE

#define PGP_INLINE   (APPLICATION_PGP | SEC_INLINE)

Definition at line 107 of file lib.h.

SMIME_ENCRYPT

#define SMIME_ENCRYPT   (APPLICATION_SMIME | SEC_ENCRYPT)

Definition at line 109 of file lib.h.

SMIME_SIGN

#define SMIME_SIGN   (APPLICATION_SMIME | SEC_SIGN)

Definition at line 110 of file lib.h.

SMIME_GOODSIGN

#define SMIME_GOODSIGN   (APPLICATION_SMIME | SEC_GOODSIGN)

Definition at line 111 of file lib.h.

SMIME_BADSIGN

#define SMIME_BADSIGN   (APPLICATION_SMIME | SEC_BADSIGN)

Definition at line 112 of file lib.h.

SMIME_OPAQUE

#define SMIME_OPAQUE   (APPLICATION_SMIME | SEC_SIGNOPAQUE)

Definition at line 113 of file lib.h.

WithCrypto

#define WithCrypto   (APPLICATION_PGP | APPLICATION_SMIME)

Definition at line 123 of file lib.h.

KEYFLAG_NO_FLAGS

#define KEYFLAG_NO_FLAGS   0

No flags are set.

Definition at line 133 of file lib.h.

KEYFLAG_CANSIGN

#define KEYFLAG_CANSIGN   (1 << 0)

Key is suitable for signing.

Definition at line 134 of file lib.h.

KEYFLAG_CANENCRYPT

#define KEYFLAG_CANENCRYPT   (1 << 1)

Key is suitable for encryption.

Definition at line 135 of file lib.h.

KEYFLAG_ISX509

#define KEYFLAG_ISX509   (1 << 2)

Key is an X.509 key.

Definition at line 136 of file lib.h.

KEYFLAG_SECRET

#define KEYFLAG_SECRET   (1 << 7)

Key is a secret key.

Definition at line 137 of file lib.h.

KEYFLAG_EXPIRED

#define KEYFLAG_EXPIRED   (1 << 8)

Key is expired.

Definition at line 138 of file lib.h.

KEYFLAG_REVOKED

#define KEYFLAG_REVOKED   (1 << 9)

Key is revoked.

Definition at line 139 of file lib.h.

KEYFLAG_DISABLED

#define KEYFLAG_DISABLED   (1 << 10)

Key is marked disabled.

Definition at line 140 of file lib.h.

KEYFLAG_SUBKEY

#define KEYFLAG_SUBKEY   (1 << 11)

Key is a subkey.

Definition at line 141 of file lib.h.

KEYFLAG_CRITICAL

#define KEYFLAG_CRITICAL   (1 << 12)

Key is marked critical.

Definition at line 142 of file lib.h.

KEYFLAG_PREFER_ENCRYPTION

#define KEYFLAG_PREFER_ENCRYPTION   (1 << 13)

Key's owner prefers encryption.

Definition at line 143 of file lib.h.

KEYFLAG_PREFER_SIGNING

#define KEYFLAG_PREFER_SIGNING   (1 << 14)

Key's owner prefers signing.

Definition at line 144 of file lib.h.

KEYFLAG_CANTUSE

#define KEYFLAG_CANTUSE   (KEYFLAG_DISABLED | KEYFLAG_REVOKED | KEYFLAG_EXPIRED)

Definition at line 146 of file lib.h.

KEYFLAG_RESTRICTIONS

#define KEYFLAG_RESTRICTIONS   (KEYFLAG_CANTUSE | KEYFLAG_CRITICAL)

Definition at line 147 of file lib.h.

KEYFLAG_ABILITIES

#define KEYFLAG_ABILITIES   (KEYFLAG_CANSIGN | KEYFLAG_CANENCRYPT | KEYFLAG_PREFER_ENCRYPTION | KEYFLAG_PREFER_SIGNING)

Definition at line 149 of file lib.h.

Typedef Documentation

SecurityFlags

typedef uint16_t SecurityFlags

Flags, e.g. SEC_ENCRYPT.

Definition at line 83 of file lib.h.

KeyFlags

typedef uint16_t KeyFlags

Flags describing PGP/SMIME keys, e.g. KEYFLAG_CANSIGN.

Definition at line 132 of file lib.h.

Function Documentation

crypt_extract_keys_from_messages()

void crypt_extract_keys_from_messages	(	struct Mailbox *	m,
		struct EmailList *	el
	)

Extract keys from a message.

Parameters

m	Mailbox
el	List of Emails to process

The extracted keys will be added to the user's keyring.

Definition at line 844 of file crypt.c.

{
  if (!WithCrypto)
    return;

  struct Buffer *tempfname = mutt_buffer_pool_get();
  mutt_buffer_mktemp(tempfname);
  FILE *fp_out = mutt_file_fopen(mutt_b2s(tempfname), "w");
  if (!fp_out)
  {
    mutt_perror(mutt_b2s(tempfname));
    goto cleanup;
  }

  if (WithCrypto & APPLICATION_PGP)
    OptDontHandlePgpKeys = true;

  struct EmailNode *en = NULL;
  STAILQ_FOREACH(en, el, entries)
  {
    struct Email *e = en->email;

    mutt_parse_mime_message(m, e);
    if (e->security & SEC_ENCRYPT && !crypt_valid_passphrase(e->security))
    {
      mutt_file_fclose(&fp_out);
      break;
    }

    if (((WithCrypto & APPLICATION_PGP) != 0) && (e->security & APPLICATION_PGP))
    {
      mutt_copy_message(fp_out, m, e, MUTT_CM_DECODE | MUTT_CM_CHARCONV, CH_NO_FLAGS, 0);
      fflush(fp_out);

      mutt_endwin();
      puts(_("Trying to extract PGP keys...\n"));
      crypt_pgp_invoke_import(mutt_b2s(tempfname));
    }

    if (((WithCrypto & APPLICATION_SMIME) != 0) && (e->security & APPLICATION_SMIME))
    {
      if (e->security & SEC_ENCRYPT)
      {
        mutt_copy_message(fp_out, m, e, MUTT_CM_NOHEADER | MUTT_CM_DECODE_CRYPT | MUTT_CM_DECODE_SMIME,
                          CH_NO_FLAGS, 0);
      }
      else
        mutt_copy_message(fp_out, m, e, MUTT_CM_NO_FLAGS, CH_NO_FLAGS, 0);
      fflush(fp_out);

      char *mbox = NULL;
      if (!TAILQ_EMPTY(&e->env->from))
      {
        mutt_expand_aliases(&e->env->from);
        mbox = TAILQ_FIRST(&e->env->from)->mailbox;
      }
      else if (!TAILQ_EMPTY(&e->env->sender))
      {
        mutt_expand_aliases(&e->env->sender);
        mbox = TAILQ_FIRST(&e->env->sender)->mailbox;
      }
      if (mbox)
      {
        mutt_endwin();
        puts(_("Trying to extract S/MIME certificates..."));
        crypt_smime_invoke_import(mutt_b2s(tempfname), mbox);
      }
    }

    rewind(fp_out);
  }

  mutt_file_fclose(&fp_out);
  if (isendwin())
    mutt_any_key_to_continue(NULL);

  mutt_file_unlink(mutt_b2s(tempfname));

  if (WithCrypto & APPLICATION_PGP)
    OptDontHandlePgpKeys = false;

cleanup:
  mutt_buffer_pool_release(&tempfname);
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_forget_passphrase()

void crypt_forget_passphrase

(

void

)

Forget a passphrase and display a message.

Definition at line 92 of file crypt.c.

{
  if (WithCrypto & APPLICATION_PGP)
    crypt_pgp_void_passphrase();

  if (WithCrypto & APPLICATION_SMIME)
    crypt_smime_void_passphrase();

  if (WithCrypto)
  {
    /* L10N: Due to the implementation details (e.g. some passwords are managed
       by gpg-agent) we can't know whether we forgot zero, 1, 12, ...
       passwords. So in English we use "Passphrases". Your language might
       have other means to express this. */
    mutt_message(_("Passphrases forgotten"));
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_get_keys()

int crypt_get_keys	(	struct Email *	e,
		char **	keylist,
		bool	oppenc_mode
	)

Check we have all the keys we need.

Parameters

[in]	e	Email with addresses to match
[out]	keylist	Keys needed
[in]	oppenc_mode	If true, use opportunistic encryption

Return values

0	Success
-1	Error

Do a quick check to make sure that we can find all of the encryption keys if the user has requested this service. Return the list of keys in KEYLIST. If oppenc_mode is true, only keys that can be determined without prompting will be used.

Definition at line 943 of file crypt.c.

{
  if (!WithCrypto)
    return 0;

  struct AddressList addrlist = TAILQ_HEAD_INITIALIZER(addrlist);
  const char *fqdn = mutt_fqdn(true, NeoMutt->sub);
  char *self_encrypt = NULL;

  /* Do a quick check to make sure that we can find all of the encryption
   * keys if the user has requested this service.  */

  *keylist = NULL;

#ifdef USE_AUTOCRYPT
  if (!oppenc_mode && (e->security & SEC_AUTOCRYPT))
  {
    if (mutt_autocrypt_ui_recommendation(e, keylist) <= AUTOCRYPT_REC_NO)
      return -1;
    return 0;
  }
#endif

  if (WithCrypto & APPLICATION_PGP)
    OptPgpCheckTrust = true;

  mutt_addrlist_copy(&addrlist, &e->env->to, false);
  mutt_addrlist_copy(&addrlist, &e->env->cc, false);
  mutt_addrlist_copy(&addrlist, &e->env->bcc, false);
  mutt_addrlist_qualify(&addrlist, fqdn);
  mutt_addrlist_dedupe(&addrlist);

  if (oppenc_mode || (e->security & SEC_ENCRYPT))
  {
    if (((WithCrypto & APPLICATION_PGP) != 0) && (e->security & APPLICATION_PGP))
    {
      *keylist = crypt_pgp_find_keys(&addrlist, oppenc_mode);
      if (!*keylist)
      {
        mutt_addrlist_clear(&addrlist);
        return -1;
      }
      OptPgpCheckTrust = false;
      if (C_PgpSelfEncrypt || (C_PgpEncryptSelf == MUTT_YES))
        self_encrypt = C_PgpDefaultKey;
    }
    if (((WithCrypto & APPLICATION_SMIME) != 0) && (e->security & APPLICATION_SMIME))
    {
      *keylist = crypt_smime_find_keys(&addrlist, oppenc_mode);
      if (!*keylist)
      {
        mutt_addrlist_clear(&addrlist);
        return -1;
      }
      if (C_SmimeSelfEncrypt || (C_SmimeEncryptSelf == MUTT_YES))
        self_encrypt = C_SmimeDefaultKey;
    }
  }

  if (!oppenc_mode && self_encrypt)
  {
    const size_t keylist_size = mutt_str_len(*keylist);
    mutt_mem_realloc(keylist, keylist_size + mutt_str_len(self_encrypt) + 2);
    sprintf(*keylist + keylist_size, " %s", self_encrypt);
  }

  mutt_addrlist_clear(&addrlist);

  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_opportunistic_encrypt()

void crypt_opportunistic_encrypt

(

struct Email *

e

)

Can all recipients be determined.

Parameters

e

Email

Check if all recipients keys can be automatically determined. Enable encryption if they can, otherwise disable encryption.

Definition at line 1021 of file crypt.c.

{
  if (!WithCrypto)
    return;

  if (!(C_CryptOpportunisticEncrypt && (e->security & SEC_OPPENCRYPT)))
    return;

  char *pgpkeylist = NULL;

  crypt_get_keys(e, &pgpkeylist, 1);
  if (pgpkeylist)
  {
    e->security |= SEC_ENCRYPT;
    FREE(&pgpkeylist);
  }
  else
  {
    e->security &= ~SEC_ENCRYPT;
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_query()

SecurityFlags crypt_query

(

struct Body *

m

)

Check out the type of encryption used.

Parameters

m	Body of email

Return values

num	Flags, see SecurityFlags
0	Error (SEC_NO_FLAGS)

Set the cached status values if there are any.

Definition at line 685 of file crypt.c.

{
  if (!WithCrypto || !m)
    return SEC_NO_FLAGS;

  SecurityFlags rc = SEC_NO_FLAGS;

  if (m->type == TYPE_APPLICATION)
  {
    if (WithCrypto & APPLICATION_PGP)
      rc |= mutt_is_application_pgp(m);

    if (WithCrypto & APPLICATION_SMIME)
    {
      rc |= mutt_is_application_smime(m);
      if (rc && m->goodsig)
        rc |= SEC_GOODSIGN;
      if (rc && m->badsig)
        rc |= SEC_BADSIGN;
    }
  }
  else if (((WithCrypto & APPLICATION_PGP) != 0) && (m->type == TYPE_TEXT))
  {
    rc |= mutt_is_application_pgp(m);
    if (rc && m->goodsig)
      rc |= SEC_GOODSIGN;
  }

  if (m->type == TYPE_MULTIPART)
  {
    rc |= mutt_is_multipart_encrypted(m);
    rc |= mutt_is_multipart_signed(m);
    rc |= mutt_is_malformed_multipart_pgp_encrypted(m);

    if (rc && m->goodsig)
      rc |= SEC_GOODSIGN;
#ifdef USE_AUTOCRYPT
    if (rc && m->is_autocrypt)
      rc |= SEC_AUTOCRYPT;
#endif
  }

  if ((m->type == TYPE_MULTIPART) || (m->type == TYPE_MESSAGE))
  {
    SecurityFlags u = m->parts ? SEC_ALL_FLAGS : SEC_NO_FLAGS; /* Bits set in all parts */
    SecurityFlags w = SEC_NO_FLAGS; /* Bits set in any part  */

    for (struct Body *b = m->parts; b; b = b->next)
    {
      const SecurityFlags v = crypt_query(b);
      u &= v;
      w |= v;
    }
    rc |= u | (w & ~SEC_GOODSIGN);

    if ((w & SEC_GOODSIGN) && !(u & SEC_GOODSIGN))
      rc |= SEC_PARTSIGN;
  }

  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_valid_passphrase()

bool crypt_valid_passphrase

(

SecurityFlags

flags

)

Check that we have a usable passphrase, ask if not.

Parameters

flags

Flags, see SecurityFlags

Return values

true	Success
false	Failed

Definition at line 134 of file crypt.c.

{
  bool rc = false;

#ifndef DEBUG
  disable_coredumps();
#endif

  if (((WithCrypto & APPLICATION_PGP) != 0) && (flags & APPLICATION_PGP))
    rc = crypt_pgp_valid_passphrase();

  if (((WithCrypto & APPLICATION_SMIME) != 0) && (flags & APPLICATION_SMIME))
    rc = crypt_smime_valid_passphrase();

  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_application_pgp()

SecurityFlags mutt_is_application_pgp

(

struct Body *

m

)

Does the message use PGP?

Parameters

m	Body of email

Return values

>0	Message uses PGP, e.g. PGP_ENCRYPT
0	Message doesn't use PGP, (SEC_NO_FLAGS)

Definition at line 552 of file crypt.c.

{
  SecurityFlags t = SEC_NO_FLAGS;
  char *p = NULL;

  if (m->type == TYPE_APPLICATION)
  {
    if (mutt_istr_equal(m->subtype, "pgp") ||
        mutt_istr_equal(m->subtype, "x-pgp-message"))
    {
      p = mutt_param_get(&m->parameter, "x-action");
      if (p && (mutt_istr_equal(p, "sign") || mutt_istr_equal(p, "signclear")))
      {
        t |= PGP_SIGN;
      }

      p = mutt_param_get(&m->parameter, "format");
      if (p && mutt_istr_equal(p, "keys-only"))
      {
        t |= PGP_KEY;
      }

      if (t == SEC_NO_FLAGS)
        t |= PGP_ENCRYPT; /* not necessarily correct, but... */
    }

    if (mutt_istr_equal(m->subtype, "pgp-signed"))
      t |= PGP_SIGN;

    if (mutt_istr_equal(m->subtype, "pgp-keys"))
      t |= PGP_KEY;
  }
  else if ((m->type == TYPE_TEXT) && mutt_istr_equal("plain", m->subtype))
  {
    if (((p = mutt_param_get(&m->parameter, "x-mutt-action")) ||
         (p = mutt_param_get(&m->parameter, "x-action")) ||
         (p = mutt_param_get(&m->parameter, "action"))) &&
        mutt_istr_startswith(p, "pgp-sign"))
    {
      t |= PGP_SIGN;
    }
    else if (p && mutt_istr_startswith(p, "pgp-encrypt"))
      t |= PGP_ENCRYPT;
    else if (p && mutt_istr_startswith(p, "pgp-keys"))
      t |= PGP_KEY;
  }
  if (t)
    t |= PGP_INLINE;

  return t;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_application_smime()

SecurityFlags mutt_is_application_smime

(

struct Body *

m

)

Does the message use S/MIME?

Parameters

m	Body of email

Return values

>0	Message uses S/MIME, e.g. SMIME_ENCRYPT
0	Message doesn't use S/MIME, (SEC_NO_FLAGS)

Definition at line 610 of file crypt.c.

{
  if (!m)
    return SEC_NO_FLAGS;

  if (((m->type & TYPE_APPLICATION) == 0) || !m->subtype)
    return SEC_NO_FLAGS;

  char *t = NULL;
  bool complain = false;
  /* S/MIME MIME types don't need x- anymore, see RFC2311 */
  if (mutt_istr_equal(m->subtype, "x-pkcs7-mime") || mutt_istr_equal(m->subtype, "pkcs7-mime"))
  {
    t = mutt_param_get(&m->parameter, "smime-type");
    if (t)
    {
      if (mutt_istr_equal(t, "enveloped-data"))
        return SMIME_ENCRYPT;
      if (mutt_istr_equal(t, "signed-data"))
        return SMIME_SIGN | SMIME_OPAQUE;
      return SEC_NO_FLAGS;
    }
    /* Netscape 4.7 uses
     * Content-Description: S/MIME Encrypted Message
     * instead of Content-Type parameter */
    if (mutt_istr_equal(m->description, "S/MIME Encrypted Message"))
      return SMIME_ENCRYPT;
    complain = true;
  }
  else if (!mutt_istr_equal(m->subtype, "octet-stream"))
    return SEC_NO_FLAGS;

  t = mutt_param_get(&m->parameter, "name");

  if (!t)
    t = m->d_filename;
  if (!t)
    t = m->filename;
  if (!t)
  {
    if (complain)
    {
      mutt_message(
          _("S/MIME messages with no hints on content are unsupported"));
    }
    return SEC_NO_FLAGS;
  }

  /* no .p7c, .p10 support yet. */

  int len = mutt_str_len(t) - 4;
  if ((len > 0) && (*(t + len) == '.'))
  {
    len++;
    if (mutt_istr_equal((t + len), "p7m"))
    {
      /* Not sure if this is the correct thing to do, but
       * it's required for compatibility with Outlook */
      return SMIME_SIGN | SMIME_OPAQUE;
    }
    else if (mutt_istr_equal((t + len), "p7s"))
      return SMIME_SIGN | SMIME_OPAQUE;
  }

  return SEC_NO_FLAGS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_malformed_multipart_pgp_encrypted()

SecurityFlags mutt_is_malformed_multipart_pgp_encrypted

(

struct Body *

b

)

Check for malformed layout.

Parameters

b	Body of email

Return values

num	Success, see SecurityFlags
0	Error, (SEC_NO_FLAGS)

This checks for the malformed layout caused by MS Exchange in some cases:

<multipart/mixed>
   <text/plain>
   <application/pgp-encrypted> [BASE64-encoded]
   <application/octet-stream> [BASE64-encoded]

Definition at line 508 of file crypt.c.

{
  if (!(WithCrypto & APPLICATION_PGP))
    return SEC_NO_FLAGS;

  if (!b || (b->type != TYPE_MULTIPART) || !b->subtype || !mutt_istr_equal(b->subtype, "mixed"))
  {
    return SEC_NO_FLAGS;
  }

  b = b->parts;
  if (!b || (b->type != TYPE_TEXT) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "plain") || (b->length != 0))
  {
    return SEC_NO_FLAGS;
  }

  b = b->next;
  if (!b || (b->type != TYPE_APPLICATION) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "pgp-encrypted"))
  {
    return SEC_NO_FLAGS;
  }

  b = b->next;
  if (!b || (b->type != TYPE_APPLICATION) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "octet-stream"))
  {
    return SEC_NO_FLAGS;
  }

  b = b->next;
  if (b)
    return SEC_NO_FLAGS;

  return PGP_ENCRYPT;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_multipart_encrypted()

SecurityFlags mutt_is_multipart_encrypted

(

struct Body *

b

)

Does the message have encrypted parts?

Parameters

b	Body of email

Return values

num	Message has got encrypted parts, see SecurityFlags
0	Message hasn't got encrypted parts (SEC_NO_FLAGS)

Definition at line 447 of file crypt.c.

{
  if ((WithCrypto & APPLICATION_PGP) == 0)
    return SEC_NO_FLAGS;

  char *p = NULL;

  if (!b || (b->type != TYPE_MULTIPART) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "encrypted") ||
      !(p = mutt_param_get(&b->parameter, "protocol")) ||
      !mutt_istr_equal(p, "application/pgp-encrypted"))
  {
    return SEC_NO_FLAGS;
  }

  return PGP_ENCRYPT;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_multipart_signed()

SecurityFlags mutt_is_multipart_signed

(

struct Body *

b

)

Is a message signed?

Parameters

b	Body of email

Return values

num	Message is signed, see SecurityFlags
0	Message is not signed (SEC_NO_FLAGS)

Definition at line 407 of file crypt.c.

{
  if (!b || (b->type != TYPE_MULTIPART) || !b->subtype || !mutt_istr_equal(b->subtype, "signed"))
  {
    return SEC_NO_FLAGS;
  }

  char *p = mutt_param_get(&b->parameter, "protocol");
  if (!p)
    return SEC_NO_FLAGS;

  if (mutt_istr_equal(p, "multipart/mixed"))
    return SEC_SIGN;

  if (((WithCrypto & APPLICATION_PGP) != 0) &&
      mutt_istr_equal(p, "application/pgp-signature"))
  {
    return PGP_SIGN;
  }

  if (((WithCrypto & APPLICATION_SMIME) != 0) &&
      mutt_istr_equal(p, "application/x-pkcs7-signature"))
  {
    return SMIME_SIGN;
  }
  if (((WithCrypto & APPLICATION_SMIME) != 0) &&
      mutt_istr_equal(p, "application/pkcs7-signature"))
  {
    return SMIME_SIGN;
  }

  return SEC_NO_FLAGS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_is_valid_multipart_pgp_encrypted()

int mutt_is_valid_multipart_pgp_encrypted

(

struct Body *

b

)

Is this a valid multi-part encrypted message?

Parameters

b	Body of email

Return values

>0	Message is valid, with encrypted parts, e.g. PGP_ENCRYPT
0	Message hasn't got encrypted parts

Definition at line 471 of file crypt.c.

{
  if (mutt_is_multipart_encrypted(b) == SEC_NO_FLAGS)
    return 0;

  b = b->parts;
  if (!b || (b->type != TYPE_APPLICATION) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "pgp-encrypted"))
  {
    return 0;
  }

  b = b->next;
  if (!b || (b->type != TYPE_APPLICATION) || !b->subtype ||
      !mutt_istr_equal(b->subtype, "octet-stream"))
  {
    return 0;
  }

  return PGP_ENCRYPT;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_protect()

int mutt_protect	(	struct Email *	e,
		char *	keylist,
		bool	postpone
	)

Encrypt and/or sign a message.

Parameters

e	Email
keylist	List of keys to encrypt to (space-separated)
postpone	When true, signing is automatically disabled

Return values

0	Success
-1	Error

Definition at line 159 of file crypt.c.

{
  struct Body *pbody = NULL, *tmp_pbody = NULL;
  struct Body *tmp_smime_pbody = NULL;
  struct Body *tmp_pgp_pbody = NULL;
  bool has_retainable_sig = false;

  if (!WithCrypto)
    return -1;

  int security = e->security;
  int sign = security & (SEC_AUTOCRYPT | SEC_SIGN);
  if (postpone)
  {
    sign = SEC_NO_FLAGS;
    security &= ~SEC_SIGN;
  }

  if (!(security & (SEC_ENCRYPT | SEC_AUTOCRYPT)) && !sign)
    return 0;

  if (sign && !(security & SEC_AUTOCRYPT) && !crypt_valid_passphrase(security))
    return -1;

  if (((WithCrypto & APPLICATION_PGP) != 0) && !(security & SEC_AUTOCRYPT) &&
      ((security & PGP_INLINE) == PGP_INLINE))
  {
    if ((e->body->type != TYPE_TEXT) ||
        !mutt_istr_equal(e->body->subtype, "plain"))
    {
      if (query_quadoption(C_PgpMimeAuto,
                           _("Inline PGP can't be used with attachments.  "
                             "Revert to PGP/MIME?")) != MUTT_YES)
      {
        mutt_error(
            _("Mail not sent: inline PGP can't be used with attachments"));
        return -1;
      }
    }
    else if (mutt_istr_equal("flowed",
                             mutt_param_get(&e->body->parameter, "format")))
    {
      if ((query_quadoption(C_PgpMimeAuto,
                            _("Inline PGP can't be used with format=flowed.  "
                              "Revert to PGP/MIME?"))) != MUTT_YES)
      {
        mutt_error(
            _("Mail not sent: inline PGP can't be used with format=flowed"));
        return -1;
      }
    }
    else
    {
      /* they really want to send it inline... go for it */
      if (!isendwin())
      {
        mutt_endwin();
        puts(_("Invoking PGP..."));
      }
      pbody = crypt_pgp_traditional_encryptsign(e->body, security, keylist);
      if (pbody)
      {
        e->body = pbody;
        return 0;
      }

      /* otherwise inline won't work...ask for revert */
      if (query_quadoption(
              C_PgpMimeAuto,
              _("Message can't be sent inline.  Revert to using PGP/MIME?")) != MUTT_YES)
      {
        mutt_error(_("Mail not sent"));
        return -1;
      }
    }

    /* go ahead with PGP/MIME */
  }

  if (!isendwin())
    mutt_endwin();

  if (WithCrypto & APPLICATION_SMIME)
    tmp_smime_pbody = e->body;
  if (WithCrypto & APPLICATION_PGP)
    tmp_pgp_pbody = e->body;

#ifdef CRYPT_BACKEND_GPGME
  if (sign && C_CryptUsePka)
#else
  if (sign)
#endif
  {
    /* Set sender (necessary for e.g. PKA).  */
    const char *mailbox = NULL;
    struct Address *from = TAILQ_FIRST(&e->env->from);
    bool free_from = false;

    if (!from)
    {
      free_from = true;
      from = mutt_default_from(NeoMutt->sub);
    }

    mailbox = from->mailbox;
    if (!mailbox && C_EnvelopeFromAddress)
      mailbox = C_EnvelopeFromAddress->mailbox;

    if (((WithCrypto & APPLICATION_SMIME) != 0) && (security & APPLICATION_SMIME))
      crypt_smime_set_sender(mailbox);
    else if (((WithCrypto & APPLICATION_PGP) != 0) && (security & APPLICATION_PGP))
      crypt_pgp_set_sender(mailbox);

    if (free_from)
      mutt_addr_free(&from);
  }

  if (C_CryptProtectedHeadersWrite)
  {
    struct Envelope *protected_headers = mutt_env_new();
    mutt_str_replace(&protected_headers->subject, e->env->subject);
    /* Note: if other headers get added, such as to, cc, then a call to
     * mutt_env_to_intl() will need to be added here too. */
    mutt_prepare_envelope(protected_headers, 0, NeoMutt->sub);

    mutt_env_free(&e->body->mime_headers);
    e->body->mime_headers = protected_headers;
    /* Optional part of the draft RFC, but required by Enigmail */
    mutt_param_set(&e->body->parameter, "protected-headers", "v1");
  }
  else
  {
    mutt_param_delete(&e->body->parameter, "protected-headers");
  }

#ifdef USE_AUTOCRYPT
  /* A note about e->body->mime_headers.  If postpone or send
   * fails, the mime_headers is cleared out before returning to the
   * compose menu.  So despite the "robustness" code above and in the
   * gen_gossip_list function below, mime_headers will not be set when
   * entering mutt_protect().
   *
   * This is important to note because the user could toggle
   * $crypt_protected_headers_write or $autocrypt off back in the
   * compose menu.  We don't want mutt_write_rfc822_header() to write
   * stale data from one option if the other is set.
   */
  if (C_Autocrypt && !postpone && (security & SEC_AUTOCRYPT))
  {
    mutt_autocrypt_generate_gossip_list(e);
  }
#endif

  if (sign)
  {
    if (((WithCrypto & APPLICATION_SMIME) != 0) && (security & APPLICATION_SMIME))
    {
      tmp_pbody = crypt_smime_sign_message(e->body, &e->env->from);
      if (!tmp_pbody)
        goto bail;
      pbody = tmp_pbody;
      tmp_smime_pbody = tmp_pbody;
    }

    if (((WithCrypto & APPLICATION_PGP) != 0) && (security & APPLICATION_PGP) &&
        (!(security & (SEC_ENCRYPT | SEC_AUTOCRYPT)) || C_PgpRetainableSigs))
    {
      tmp_pbody = crypt_pgp_sign_message(e->body, &e->env->from);
      if (!tmp_pbody)
        goto bail;

      has_retainable_sig = true;
      sign = SEC_NO_FLAGS;
      pbody = tmp_pbody;
      tmp_pgp_pbody = tmp_pbody;
    }

    if ((WithCrypto != 0) && (security & APPLICATION_SMIME) && (security & APPLICATION_PGP))
    {
      /* here comes the draft ;-) */
    }
  }

  if (security & (SEC_ENCRYPT | SEC_AUTOCRYPT))
  {
    if (((WithCrypto & APPLICATION_SMIME) != 0) && (security & APPLICATION_SMIME))
    {
      tmp_pbody = crypt_smime_build_smime_entity(tmp_smime_pbody, keylist);
      if (!tmp_pbody)
      {
        /* signed ? free it! */
        goto bail;
      }
      /* free tmp_body if messages was signed AND encrypted ... */
      if ((tmp_smime_pbody != e->body) && (tmp_smime_pbody != tmp_pbody))
      {
        /* detach and don't delete e->body,
         * which tmp_smime_pbody->parts after signing. */
        tmp_smime_pbody->parts = tmp_smime_pbody->parts->next;
        e->body->next = NULL;
        mutt_body_free(&tmp_smime_pbody);
      }
      pbody = tmp_pbody;
    }

    if (((WithCrypto & APPLICATION_PGP) != 0) && (security & APPLICATION_PGP))
    {
      pbody = crypt_pgp_encrypt_message(e, tmp_pgp_pbody, keylist, sign, &e->env->from);
      if (!pbody)
      {
        /* did we perform a retainable signature? */
        if (has_retainable_sig)
        {
          /* remove the outer multipart layer */
          tmp_pgp_pbody = mutt_remove_multipart(tmp_pgp_pbody);
          /* get rid of the signature */
          mutt_body_free(&tmp_pgp_pbody->next);
        }

        goto bail;
      }

      // destroy temporary signature envelope when doing retainable signatures.
      if (has_retainable_sig)
      {
        tmp_pgp_pbody = mutt_remove_multipart(tmp_pgp_pbody);
        mutt_body_free(&tmp_pgp_pbody->next);
      }
    }
  }

  if (pbody)
  {
    e->body = pbody;
    return 0;
  }

bail:
  mutt_env_free(&e->body->mime_headers);
  return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_protected_headers_handler()

int mutt_protected_headers_handler	(	struct Body *	m,
		struct State *	s
	)

Process a protected header - Implements handler_t.

Definition at line 1087 of file crypt.c.

{
  if (C_CryptProtectedHeadersRead && a->mime_headers)
  {
    if (a->mime_headers->subject)
    {
      const bool display = (s->flags & MUTT_DISPLAY);

      if (display && C_Weed && mutt_matches_ignore("subject"))
        return 0;

      state_mark_protected_header(s);
      int wraplen = display ? mutt_window_wrap_cols(s->wraplen, C_Wrap) : 0;

      mutt_write_one_header(s->fp_out, "Subject", a->mime_headers->subject, s->prefix,
                            wraplen, display ? CH_DISPLAY : CH_NO_FLAGS, NeoMutt->sub);
      state_puts(s, "\n");
    }
  }

  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_should_hide_protected_subject()

bool mutt_should_hide_protected_subject

(

struct Email *

e

)

Should NeoMutt hide the protected subject?

Parameters

e	Email to test

Return values

bool	True if the subject should be protected

Definition at line 1073 of file crypt.c.

{
  if (C_CryptProtectedHeadersWrite && (e->security & (SEC_ENCRYPT | SEC_AUTOCRYPT)) &&
      !(e->security & SEC_INLINE) && C_CryptProtectedHeadersSubject)
  {
    return true;
  }

  return false;
}

Here is the caller graph for this function:

mutt_signed_handler()

int mutt_signed_handler	(	struct Body *	a,
		struct State *	s
	)

Verify a "multipart/signed" body - Implements handler_t.

Definition at line 1113 of file crypt.c.

{
  if (!WithCrypto)
    return -1;

  bool inconsistent = false;
  struct Body *b = a;
  struct Body **signatures = NULL;
  int sigcnt = 0;
  int rc = 0;
  struct Buffer *tempfile = NULL;

  a = a->parts;
  SecurityFlags signed_type = mutt_is_multipart_signed(b);
  if (signed_type == SEC_NO_FLAGS)
  {
    /* A null protocol value is already checked for in mutt_body_handler() */
    state_printf(s,
                 _("[-- Error: "
                   "Unknown multipart/signed protocol %s --]\n\n"),
                 mutt_param_get(&b->parameter, "protocol"));
    return mutt_body_handler(a, s);
  }

  if (!(a && a->next))
    inconsistent = true;
  else
  {
    switch (signed_type)
    {
      case SEC_SIGN:
        if ((a->next->type != TYPE_MULTIPART) || !mutt_istr_equal(a->next->subtype, "mixed"))
        {
          inconsistent = true;
        }
        break;
      case PGP_SIGN:
        if ((a->next->type != TYPE_APPLICATION) ||
            !mutt_istr_equal(a->next->subtype, "pgp-signature"))
        {
          inconsistent = true;
        }
        break;
      case SMIME_SIGN:
        if ((a->next->type != TYPE_APPLICATION) ||
            (!mutt_istr_equal(a->next->subtype, "x-pkcs7-signature") &&
             !mutt_istr_equal(a->next->subtype, "pkcs7-signature")))
        {
          inconsistent = true;
        }
        break;
      default:
        inconsistent = true;
    }
  }
  if (inconsistent)
  {
    state_attach_puts(s, _("[-- Error: Missing or bad-format multipart/signed "
                           "signature --]\n\n"));
    return mutt_body_handler(a, s);
  }

  if (s->flags & MUTT_DISPLAY)
  {
    crypt_fetch_signatures(&signatures, a->next, &sigcnt);

    if (sigcnt != 0)
    {
      tempfile = mutt_buffer_pool_get();
      mutt_buffer_mktemp(tempfile);
      bool goodsig = true;
      if (crypt_write_signed(a, s, mutt_b2s(tempfile)) == 0)
      {
        for (int i = 0; i < sigcnt; i++)
        {
          if (((WithCrypto & APPLICATION_PGP) != 0) &&
              (signatures[i]->type == TYPE_APPLICATION) &&
              mutt_istr_equal(signatures[i]->subtype, "pgp-signature"))
          {
            if (crypt_pgp_verify_one(signatures[i], s, mutt_b2s(tempfile)) != 0)
              goodsig = false;

            continue;
          }

          if (((WithCrypto & APPLICATION_SMIME) != 0) &&
              (signatures[i]->type == TYPE_APPLICATION) &&
              (mutt_istr_equal(signatures[i]->subtype, "x-pkcs7-signature") ||
               mutt_istr_equal(signatures[i]->subtype, "pkcs7-signature")))
          {
            if (crypt_smime_verify_one(signatures[i], s, mutt_b2s(tempfile)) != 0)
              goodsig = false;

            continue;
          }

          state_printf(s,
                       _("[-- Warning: "
                         "We can't verify %s/%s signatures. --]\n\n"),
                       TYPE(signatures[i]), signatures[i]->subtype);
        }
      }

      mutt_file_unlink(mutt_b2s(tempfile));
      mutt_buffer_pool_release(&tempfile);

      b->goodsig = goodsig;
      b->badsig = !goodsig;

      /* Now display the signed body */
      state_attach_puts(s, _("[-- The following data is signed --]\n\n"));

      mutt_protected_headers_handler(a, s);

      FREE(&signatures);
    }
    else
    {
      state_attach_puts(s,
                        _("[-- Warning: Can't find any signatures. --]\n\n"));
    }
  }

  rc = mutt_body_handler(a, s);

  if ((s->flags & MUTT_DISPLAY) && (sigcnt != 0))
    state_attach_puts(s, _("\n[-- End of signed data --]\n"));

  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_cleanup()

void crypt_cleanup

(

void

)

Clean up backend.

Definition at line 138 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, cleanup))
    (CRYPT_MOD_CALL(PGP, cleanup))();

  if (CRYPT_MOD_CALL_CHECK(SMIME, cleanup))
    (CRYPT_MOD_CALL(SMIME, cleanup))();
}

Here is the caller graph for this function:

crypt_has_module_backend()

bool crypt_has_module_backend

(

SecurityFlags

type

)

Is there a crypto backend for a given type?

Parameters

type	Crypto type, see SecurityFlags

Return values

true	Backend is present
false	Backend is not present

Definition at line 167 of file cryptglue.c.

{
  if (((WithCrypto & APPLICATION_PGP) != 0) && (type & APPLICATION_PGP) &&
      crypto_module_lookup(APPLICATION_PGP))
  {
    return true;
  }

  if (((WithCrypto & APPLICATION_SMIME) != 0) && (type & APPLICATION_SMIME) &&
      crypto_module_lookup(APPLICATION_SMIME))
  {
    return true;
  }

  return false;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_init()

void crypt_init

(

void

)

Initialise the crypto backends.

This calls CryptModuleSpecs::init()

Definition at line 93 of file cryptglue.c.

{
#ifdef CRYPT_BACKEND_CLASSIC_PGP
  if (
#ifdef CRYPT_BACKEND_GPGME
      (!C_CryptUseGpgme)
#else
      1
#endif
  )
    crypto_module_register(&CryptModPgpClassic);
#endif

#ifdef CRYPT_BACKEND_CLASSIC_SMIME
  if (
#ifdef CRYPT_BACKEND_GPGME
      (!C_CryptUseGpgme)
#else
      1
#endif
  )
    crypto_module_register(&CryptModSmimeClassic);
#endif

#ifdef CRYPT_BACKEND_GPGME
  if (C_CryptUseGpgme)
  {
    crypto_module_register(&CryptModPgpGpgme);
    crypto_module_register(&CryptModSmimeGpgme);
  }
#endif

#if defined(CRYPT_BACKEND_CLASSIC_PGP) ||                                      \
    defined(CRYPT_BACKEND_CLASSIC_SMIME) || defined(CRYPT_BACKEND_GPGME)
  if (CRYPT_MOD_CALL_CHECK(PGP, init))
    CRYPT_MOD_CALL(PGP, init)();

  if (CRYPT_MOD_CALL_CHECK(SMIME, init))
    CRYPT_MOD_CALL(SMIME, init)();
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_invoke_message()

void crypt_invoke_message

(

SecurityFlags

type

)

Display an informative message.

Parameters

type	Crypto type, see SecurityFlags

Show a message that a backend will be invoked.

Definition at line 153 of file cryptglue.c.

{
  if (((WithCrypto & APPLICATION_PGP) != 0) && (type & APPLICATION_PGP))
    mutt_message(_("Invoking PGP..."));
  else if (((WithCrypto & APPLICATION_SMIME) != 0) && (type & APPLICATION_SMIME))
    mutt_message(_("Invoking S/MIME..."));
}

Here is the caller graph for this function:

crypt_pgp_application_handler()

int crypt_pgp_application_handler	(	struct Body *	m,
		struct State *	s
	)

Wrapper for CryptModuleSpecs::application_handler()

Implements handler_t

Definition at line 234 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, application_handler))
    return CRYPT_MOD_CALL(PGP, application_handler)(m, s);

  return -1;
}

Here is the caller graph for this function:

crypt_pgp_check_traditional()

int crypt_pgp_check_traditional	(	FILE *	fp,
		struct Body *	b,
		bool	just_one
	)

Wrapper for CryptModuleSpecs::pgp_check_traditional()

Definition at line 281 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, pgp_check_traditional))
    return CRYPT_MOD_CALL(PGP, pgp_check_traditional)(fp, b, just_one);

  return 0;
}

Here is the caller graph for this function:

crypt_pgp_decrypt_mime()

int crypt_pgp_decrypt_mime	(	FILE *	fp_in,
		FILE **	fp_out,
		struct Body *	b,
		struct Body **	cur
	)

Wrapper for CryptModuleSpecs::decrypt_mime()

Definition at line 207 of file cryptglue.c.

{
#ifdef USE_AUTOCRYPT
  if (C_Autocrypt)
  {
    OptAutocryptGpgme = true;
    int result = pgp_gpgme_decrypt_mime(fp_in, fp_out, b, cur);
    OptAutocryptGpgme = false;
    if (result == 0)
    {
      b->is_autocrypt = true;
      return result;
    }
  }
#endif

  if (CRYPT_MOD_CALL_CHECK(PGP, decrypt_mime))
    return CRYPT_MOD_CALL(PGP, decrypt_mime)(fp_in, fp_out, b, cur);

  return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_pgp_encrypted_handler()

int crypt_pgp_encrypted_handler	(	struct Body *	a,
		struct State *	s
	)

Wrapper for CryptModuleSpecs::encrypted_handler()

Implements handler_t

Definition at line 247 of file cryptglue.c.

{
#ifdef USE_AUTOCRYPT
  if (C_Autocrypt)
  {
    OptAutocryptGpgme = true;
    int result = pgp_gpgme_encrypted_handler(a, s);
    OptAutocryptGpgme = false;
    if (result == 0)
    {
      a->is_autocrypt = true;
      return result;
    }
  }
#endif

  if (CRYPT_MOD_CALL_CHECK(PGP, encrypted_handler))
    return CRYPT_MOD_CALL(PGP, encrypted_handler)(a, s);

  return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

crypt_pgp_extract_key_from_attachment()

void crypt_pgp_extract_key_from_attachment	(	FILE *	fp,
		struct Body *	top
	)

Wrapper for CryptModuleSpecs::pgp_extract_key_from_attachment()

Definition at line 393 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, pgp_extract_key_from_attachment))
    CRYPT_MOD_CALL(PGP, pgp_extract_key_from_attachment)(fp, top);
}

Here is the caller graph for this function:

crypt_pgp_invoke_getkeys()

void crypt_pgp_invoke_getkeys

(

struct Address *

addr

)

Wrapper for CryptModuleSpecs::pgp_invoke_getkeys()

Definition at line 272 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, pgp_invoke_getkeys))
    CRYPT_MOD_CALL(PGP, pgp_invoke_getkeys)(addr);
}

Here is the caller graph for this function:

crypt_pgp_make_key_attachment()

struct Body* crypt_pgp_make_key_attachment

(

void

)

Wrapper for CryptModuleSpecs::pgp_make_key_attachment()

Definition at line 303 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, pgp_make_key_attachment))
    return CRYPT_MOD_CALL(PGP, pgp_make_key_attachment)();

  return NULL;
}

Here is the caller graph for this function:

crypt_pgp_send_menu()

int crypt_pgp_send_menu

(

struct Email *

e

)

Wrapper for CryptModuleSpecs::send_menu()

Definition at line 382 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(PGP, send_menu))
    return CRYPT_MOD_CALL(PGP, send_menu)(e);

  return 0;
}

Here is the caller graph for this function:

crypt_smime_application_handler()

int crypt_smime_application_handler	(	struct Body *	m,
		struct State *	s
	)

Wrapper for CryptModuleSpecs::application_handler()

Implements handler_t

Definition at line 444 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(SMIME, application_handler))
    return CRYPT_MOD_CALL(SMIME, application_handler)(m, s);

  return -1;
}

Here is the caller graph for this function:

crypt_smime_decrypt_mime()

int crypt_smime_decrypt_mime	(	FILE *	fp_in,
		FILE **	fp_out,
		struct Body *	b,
		struct Body **	cur
	)

Wrapper for CryptModuleSpecs::decrypt_mime()

Definition at line 431 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(SMIME, decrypt_mime))
    return CRYPT_MOD_CALL(SMIME, decrypt_mime)(fp_in, fp_out, b, cur);

  return -1;
}

Here is the caller graph for this function:

crypt_smime_getkeys()

void crypt_smime_getkeys

(

struct Envelope *

env

)

Wrapper for CryptModuleSpecs::smime_getkeys()

Definition at line 455 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(SMIME, smime_getkeys))
    CRYPT_MOD_CALL(SMIME, smime_getkeys)(env);
}

Here is the caller graph for this function:

crypt_smime_send_menu()

int crypt_smime_send_menu

(

struct Email *

e

)

Wrapper for CryptModuleSpecs::send_menu()

Definition at line 528 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(SMIME, send_menu))
    return CRYPT_MOD_CALL(SMIME, send_menu)(e);

  return 0;
}

Here is the caller graph for this function:

crypt_smime_verify_sender()

int crypt_smime_verify_sender	(	struct Mailbox *	m,
		struct Email *	e
	)

Wrapper for CryptModuleSpecs::smime_verify_sender()

Definition at line 464 of file cryptglue.c.

{
  if (CRYPT_MOD_CALL_CHECK(SMIME, smime_verify_sender))
    return CRYPT_MOD_CALL(SMIME, smime_verify_sender)(m, e);

  return 1;
}

Here is the caller graph for this function:

crypto_module_free()

void crypto_module_free

(

void

)

Clean up the crypto modules.

Definition at line 81 of file crypt_mod.c.

{
  struct CryptModule *np = NULL, *tmp = NULL;
  STAILQ_FOREACH_SAFE(np, &CryptModules, entries, tmp)
  {
    STAILQ_REMOVE(&CryptModules, np, CryptModule, entries);
    FREE(&np);
  }
}

Here is the caller graph for this function:

pgp_gpgme_init()

void pgp_gpgme_init

(

void

)

Implements CryptModuleSpecs::init()

Definition at line 4130 of file crypt_gpgme.c.

{
  init_common();
  init_pgp();
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_gpgme_select_secret_key()

int mutt_gpgme_select_secret_key

(

struct Buffer *

keyid

)

Select a private Autocrypt key for a new account.

Parameters

keyid

Autocrypt Key id

Return values

0	Success
-1	Error

Unfortunately, the internal ncrypt/crypt_gpgme.c functions use CryptKeyInfo, and so aren't exportable.

This function queries all private keys, provides the crypt_select_keys() menu, and returns the selected key fingerprint in keyid.

Definition at line 3942 of file crypt_gpgme.c.

{
  int rc = -1, junk;
  gpgme_error_t err;
  gpgme_key_t key = NULL;
  gpgme_user_id_t uid = NULL;
  struct CryptKeyInfo *results = NULL, *k = NULL;
  struct CryptKeyInfo **kend = NULL;
  struct CryptKeyInfo *choice = NULL;

  gpgme_ctx_t ctx = create_gpgme_context(false);

  /* list all secret keys */
  if (gpgme_op_keylist_start(ctx, NULL, 1))
    goto cleanup;

  kend = &results;

  while (!(err = gpgme_op_keylist_next(ctx, &key)))
  {
    KeyFlags flags = KEYFLAG_NO_FLAGS;

    if (key_check_cap(key, KEY_CAP_CAN_ENCRYPT))
      flags |= KEYFLAG_CANENCRYPT;
    if (key_check_cap(key, KEY_CAP_CAN_SIGN))
      flags |= KEYFLAG_CANSIGN;

    if (key->revoked)
      flags |= KEYFLAG_REVOKED;
    if (key->expired)
      flags |= KEYFLAG_EXPIRED;
    if (key->disabled)
      flags |= KEYFLAG_DISABLED;

    int idx;
    for (idx = 0, uid = key->uids; uid; idx++, uid = uid->next)
    {
      k = mutt_mem_calloc(1, sizeof(*k));
      k->kobj = key;
      gpgme_key_ref(k->kobj);
      k->idx = idx;
      k->uid = uid->uid;
      k->flags = flags;
      if (uid->revoked)
        k->flags |= KEYFLAG_REVOKED;
      k->validity = uid->validity;
      *kend = k;
      kend = &k->next;
    }
    gpgme_key_unref(key);
  }
  if (gpg_err_code(err) != GPG_ERR_EOF)
    mutt_error(_("gpgme_op_keylist_next failed: %s"), gpgme_strerror(err));
  gpgme_op_keylist_end(ctx);

  if (!results)
  {
    /* L10N: mutt_gpgme_select_secret_key() tries to list all secret keys to choose
       from.  This error is displayed if no results were found.  */
    mutt_error(_("No secret keys found"));
    goto cleanup;
  }

  choice = dlg_select_gpgme_key(results, NULL, "*", APPLICATION_PGP, &junk);
  if (!(choice && choice->kobj && choice->kobj->subkeys && choice->kobj->subkeys->fpr))
    goto cleanup;
  mutt_buffer_strcpy(keyid, choice->kobj->subkeys->fpr);

  rc = 0;

cleanup:
  crypt_key_free(&choice);
  crypt_key_free(&results);
  gpgme_release(ctx);
  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_gpgme_print_version()

const char* mutt_gpgme_print_version

(

void

)

Get version of GPGME.

Return values

ptr	GPGME version string

Definition at line 4425 of file crypt_gpgme.c.

{
  return GPGME_VERSION;
}

Here is the caller graph for this function:

Variable Documentation

C_CryptOpportunisticEncrypt

bool C_CryptOpportunisticEncrypt

Config: Enable encryption when the recipient's key is available.

Definition at line 41 of file config.c.

C_CryptProtectedHeadersRead

bool C_CryptProtectedHeadersRead

Config: Display protected headers (Memory Hole) in the pager.

Definition at line 43 of file config.c.

C_CryptProtectedHeadersSave

bool C_CryptProtectedHeadersSave

Config: Save the cleartext Subject with the headers.

Definition at line 44 of file config.c.

C_CryptVerifySig

unsigned char C_CryptVerifySig

Config: Verify PGP or SMIME signatures.

Definition at line 108 of file config.c.

C_PgpAutoDecode

bool C_PgpAutoDecode

Config: Automatically decrypt PGP messages.

Definition at line 107 of file config.c.

C_PgpSignAs

char* C_PgpSignAs

Config: Use this alternative key for signing messages.

Definition at line 52 of file config.c.

C_SmimeEncryptWith

char* C_SmimeEncryptWith

Config: Algorithm for encryption.

Definition at line 56 of file config.c.

C_SmimeIsDefault

bool C_SmimeIsDefault

Config: Use SMIME rather than PGP by default.

Definition at line 46 of file config.c.

C_SmimeSignAs

char* C_SmimeSignAs

Config: Use this alternative key for signing messages.

Definition at line 55 of file config.c.