[edward.git] / edward

#! /usr/bin/env python3
# -*- coding: utf-8 -*-
"""*********************************************************************
* Edward is free software: you can redistribute it and/or modify       *
* it under the terms of the GNU Affero Public License as published by  *
* the Free Software Foundation, either version 3 of the License, or    *
* (at your option) any later version.                                  *
*                                                                      *
* Edward is distributed in the hope that it will be useful,            *
* but WITHOUT ANY WARRANTY; without even the implied warranty of       *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
* GNU Affero Public License for more details.                          *
*                                                                      *
* You should have received a copy of the GNU Affero Public License     *
* along with Edward.  If not, see <http://www.gnu.org/licenses/>.      *
*                                                                      *
* Copyright (C) 2014-2015 Andrew Engelbrecht                (AGPLv3+)  *
* Copyright (C) 2014      Josh Drake                        (AGPLv3+)  *
* Copyright (C) 2014      Lisa Marie Maginnis               (AGPLv3+)  *
* Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+)  *
* Copyright (C) 2009      W. Trevor King <wking@drexel.edu> ( GPLv2+)  *
*                                                                      *
* Special thanks to Josh Drake for writing the original edward bot! :) *
*                                                                      *
************************************************************************

Code sourced from these projects:

  * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz
  * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
  * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime

"""

import sys
import gpgme
import re
import io
import os

import email.parser
import email.message
import email.encoders

from email.mime.multipart       import MIMEMultipart
from email.mime.application     import MIMEApplication
from email.mime.nonmultipart    import MIMENonMultipart

import edward_config

def main ():

    handle_args()

    email_text = sys.stdin.read()
    email_from, email_subject = email_from_subject(email_text)

    os.environ['GNUPGHOME'] = edward_config.gnupghome
    gpgme_ctx = gpgme.Context()
    gpgme_ctx.armor = True

    add_gpg_keys(email_text, gpgme_ctx)

    plaintext, keys = email_decode_flatten(email_text, gpgme_ctx)
    encrypt_to_key = choose_reply_encryption_key(keys)

    reply_message = generate_reply(plaintext, email_from, \
                                   email_subject, encrypt_to_key,
                                   edward_config.sign_with_key,
                                   gpgme_ctx)

    print(reply_message)


def email_decode_flatten (email_text, gpgme_ctx):

    body = ""
    keys = []

    email_struct = email.parser.Parser().parsestr(email_text)

    for subpart in email_struct.walk():

        payload, description, filename, content_type \
                = get_email_subpart_info(subpart)

        if payload == "":
            continue

        if content_type == "multipart":
            continue

        if content_type == "application/pgp-encrypted":
            if description == "PGP/MIME version identification":
                if payload.strip() != "Version: 1":
                    print(progname + ": Warning: unknown " \
                            + description + ": " \
                            + payload.strip(), file=sys.stderr)
            continue


        if (filename == "encrypted.asc") or (content_type == "pgp/mime"):
            plaintext, more_keys = decrypt_text(payload, gpgme_ctx)

            body += plaintext
            keys += more_keys

        elif content_type == "application/pgp-keys":
            keys += add_gpg_keys(payload, gpgme_ctx)

        elif content_type == "text/plain":
            body += payload + "\n"

        else:
            body += payload + "\n"

    return body, keys


def email_from_subject (email_text):

    email_struct = email.parser.Parser().parsestr(email_text)

    email_from      = email_struct['From']
    email_subject   = email_struct['Subject']

    return email_from, email_subject


def get_email_subpart_info (part):

    charset             = part.get_content_charset()
    payload_bytes       = part.get_payload(decode=True)

    filename            = part.get_filename()
    content_type        = part.get_content_type()
    description_list    = part.get_params(header='content-description')

    if charset == None:
        charset = 'utf-8'

    if payload_bytes != None:
        payload = payload_bytes.decode(charset)
    else:
        payload = ""

    if description_list != None:
        description = description_list[0][0]
    else:
        description = ""

    return payload, description, filename, content_type


def add_gpg_keys (text, gpgme_ctx):

    key_blocks = scan_and_grab(text,
                               '-----BEGIN PGP PUBLIC KEY BLOCK-----',
                               '-----END PGP PUBLIC KEY BLOCK-----')

    keys = []
    for key_block in key_blocks:
        fp = io.BytesIO(key_block.encode('ascii'))

        result = gpgme_ctx.import_(fp)

        fingerprint = result.imports[0][0]
        debug("added gpg key: " + fingerprint)

        keys += [gpgme_ctx.get_key(fingerprint)]

    return keys


def decrypt_text (gpg_text, gpgme_ctx):

    body = ""
    keys = []

    msg_blocks = scan_and_grab(gpg_text,
                               '-----BEGIN PGP MESSAGE-----',
                               '-----END PGP MESSAGE-----')

    plaintexts_and_sigs = decrypt_blocks(msg_blocks, gpgme_ctx)

    for pair in plaintexts_and_sigs:
        plaintext   = pair[0]
        sigs        = pair[1]

        for sig in sigs:
            keys += [gpgme_ctx.get_key(sig.fpr)]

        # recursive for nested layers of mime and/or gpg
        plaintext, more_keys = email_decode_flatten(plaintext, gpgme_ctx)

        body += plaintext
        keys += more_keys

    return body, keys


def scan_and_grab (text, start_text, end_text):

    matches = re.search('(' + start_text + '.*' + end_text + ')',
                        text, flags=re.DOTALL)

    if matches != None:
        match_tuple = matches.groups()
    else:
        match_tuple = ()

    return match_tuple


def decrypt_blocks (msg_blocks, gpgme_ctx):

    return [decrypt_block(block, gpgme_ctx) for block in msg_blocks]


def decrypt_block (msg_block, gpgme_ctx):

    block_b = io.BytesIO(msg_block.encode('ascii'))
    plain_b = io.BytesIO()

    sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)

    plaintext = plain_b.getvalue().decode('utf-8')
    return (plaintext, sigs)


def choose_reply_encryption_key (keys):

    reply_key = None
    for key in keys:
        if (key.can_encrypt == True):
            reply_key = key
            break

    return reply_key


def generate_reply (plaintext, email_from, email_subject, encrypt_to_key,
                    sign_with_fingerprint, gpgme_ctx):


    reply  = "To: " + email_from + "\n"
    reply += "Subject: " + email_subject + "\n"

    if (encrypt_to_key != None):
        plaintext_reply  = "thanks for the message!\n\n\n"
        plaintext_reply += email_quote_text(plaintext)

        # quoted printable encoding lets most ascii characters look normal
        # before the decrypted mime message is decoded.
        char_set = email.charset.Charset("utf-8")
        char_set.body_encoding = email.charset.QP

        # MIMEText doesn't allow setting the text encoding
        # so we use MIMENonMultipart.
        plaintext_mime = MIMENonMultipart('text', 'plain')
        plaintext_mime.set_payload(plaintext_reply, charset=char_set)

        encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
                                              encrypt_to_key,
                                              sign_with_fingerprint,
                                              gpgme_ctx)

        control_mime = MIMEApplication("Version: 1",
                                       _subtype='pgp-encrypted',
                                       _encoder=email.encoders.encode_7or8bit)
        control_mime['Content-Description'] = 'PGP/MIME version identification'
        control_mime.set_charset('us-ascii')

        encoded_mime = MIMEApplication(encrypted_text,
                                       _subtype='octet-stream; name="encrypted.asc"',
                                       _encoder=email.encoders.encode_7or8bit)
        encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
        encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
        encoded_mime.set_charset('us-ascii')

        message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
        message_mime.attach(control_mime)
        message_mime.attach(encoded_mime)
        message_mime['Content-Disposition'] = 'inline'

        reply += message_mime.as_string()

    else:
        reply += "\n"
        reply += "Sorry, i couldn't find your key.\n"
        reply += "I'll need that to encrypt a message to you."

    return reply


def email_quote_text (text):

    quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)

    return quoted_message


def encrypt_sign_message (plaintext, encrypt_to_key, sign_with_fingerprint, gpgme_ctx):

    sign_with_key = gpgme_ctx.get_key(sign_with_fingerprint)
    gpgme_ctx.signers = [sign_with_key]

    plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
    encrypted_bytes = io.BytesIO()

    gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
            plaintext_bytes, encrypted_bytes)

    encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
    return encrypted_txt


def debug (debug_msg):

    if edward_config.debug == True:
        sys.stderr.write(debug_msg + "\n")


def handle_args ():
    if __name__ == "__main__":

        global progname
        progname = sys.argv[0]

        if len(sys.argv) > 1:
            print(progname + ": error, this program doesn't " \
                    "need any arguments.", file=sys.stderr)
            exit(1)


main()
Commit	Line	Data
0bec96d6	1	#! /usr/bin/env python3
ff4136c7	2	# -- coding: utf-8 --
0bec96d6 AE	3	"""*********************************************************************
	4	* Edward is free software: you can redistribute it and/or modify *
	5	* it under the terms of the GNU Affero Public License as published by *
	6	* the Free Software Foundation, either version 3 of the License, or *
	7	* (at your option) any later version. *
	8	* *
	9	* Edward is distributed in the hope that it will be useful, *
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	12	* GNU Affero Public License for more details. *
	13	* *
	14	* You should have received a copy of the GNU Affero Public License *
	15	* along with Edward. If not, see <http://www.gnu.org/licenses/>. *
	16	* *
	17	* Copyright (C) 2014-2015 Andrew Engelbrecht (AGPLv3+) *
	18	* Copyright (C) 2014 Josh Drake (AGPLv3+) *
	19	* Copyright (C) 2014 Lisa Marie Maginnis (AGPLv3+) *
8bdfb6d4 AE	20	* Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+) *
8bdfb6d4 AE	21	* Copyright (C) 2009 W. Trevor King <wking@drexel.edu> ( GPLv2+) *
0bec96d6 AE	22	* *
	23	* Special thanks to Josh Drake for writing the original edward bot! :) *
	24	* *
	25	************************************************************************
	26
a5385c04	27	Code sourced from these projects:
0bec96d6	28
8bdfb6d4 AE	29	* http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz
	30	* https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
	31	* http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime
0bec96d6 AE	32
	33	"""
	34
	35	import sys
0bec96d6 AE	36	import gpgme
	37	import re
	38	import io
40c37ab3	39	import os
0bec96d6	40
8bdfb6d4 AE	41	import email.parser
	42	import email.message
	43	import email.encoders
	44
	45	from email.mime.multipart import MIMEMultipart
	46	from email.mime.application import MIMEApplication
	47	from email.mime.nonmultipart import MIMENonMultipart
	48
40c37ab3	49	import edward_config
c96f3837	50
0bec96d6 AE	51	def main ():
0bec96d6 AE	52
20f6e7c5	53	handle_args()
0bec96d6	54
c96f3837	55	email_text = sys.stdin.read()
65ed3800 AE	56	email_from, email_subject = email_from_subject(email_text)
65ed3800 AE	57
40c37ab3 AE	58	os.environ['GNUPGHOME'] = edward_config.gnupghome
	59	gpgme_ctx = gpgme.Context()
	60	gpgme_ctx.armor = True
	61
c267c233 AE	62	add_gpg_keys(email_text, gpgme_ctx)
c267c233 AE	63
40c37ab3	64	plaintext, keys = email_decode_flatten(email_text, gpgme_ctx)
1da9b527	65	encrypt_to_key = choose_reply_encryption_key(keys)
fafa21c3	66
1da9b527	67	reply_message = generate_reply(plaintext, email_from, \
897cbaf6	68	email_subject, encrypt_to_key,
40c37ab3 AE	69	edward_config.sign_with_key,
40c37ab3 AE	70	gpgme_ctx)
c96f3837	71
1da9b527	72	print(reply_message)
c96f3837	73
0bec96d6	74
40c37ab3	75	def email_decode_flatten (email_text, gpgme_ctx):
0bec96d6	76
86663388	77	body = ""
394a1476 AE	78	keys = []
	79
	80	email_struct = email.parser.Parser().parsestr(email_text)
	81
	82	for subpart in email_struct.walk():
8bb4b0d5	83
394a1476 AE	84	payload, description, filename, content_type \
394a1476 AE	85	= get_email_subpart_info(subpart)
0bec96d6	86
394a1476	87	if payload == "":
8bb4b0d5	88	continue
0bec96d6	89
394a1476	90	if content_type == "multipart":
d437f8b2	91	continue
0bec96d6	92
394a1476 AE	93	if content_type == "application/pgp-encrypted":
394a1476 AE	94	if description == "PGP/MIME version identification":
8bb4b0d5	95	if payload.strip() != "Version: 1":
394a1476 AE	96	print(progname + ": Warning: unknown " \
394a1476 AE	97	+ description + ": " \
20f6e7c5	98	+ payload.strip(), file=sys.stderr)
8bb4b0d5 AE	99	continue
8bb4b0d5 AE	100
d437f8b2	101
394a1476	102	if (filename == "encrypted.asc") or (content_type == "pgp/mime"):
40c37ab3	103	plaintext, more_keys = decrypt_text(payload, gpgme_ctx)
0bec96d6	104
394a1476 AE	105	body += plaintext
	106	keys += more_keys
	107
c267c233	108	elif content_type == "application/pgp-keys":
ec1e779a	109	keys += add_gpg_keys(payload, gpgme_ctx)
c267c233	110
394a1476	111	elif content_type == "text/plain":
86663388	112	body += payload + "\n"
0bec96d6	113
8bb4b0d5	114	else:
86663388 AE	115	body += payload + "\n"
86663388 AE	116
394a1476	117	return body, keys
86663388	118
c96f3837	119
65ed3800	120	def email_from_subject (email_text):
d437f8b2	121
394a1476	122	email_struct = email.parser.Parser().parsestr(email_text)
d437f8b2	123
394a1476 AE	124	email_from = email_struct['From']
394a1476 AE	125	email_subject = email_struct['Subject']
d437f8b2	126
394a1476	127	return email_from, email_subject
d437f8b2	128
d437f8b2	129
394a1476	130	def get_email_subpart_info (part):
d437f8b2	131
394a1476 AE	132	charset = part.get_content_charset()
394a1476 AE	133	payload_bytes = part.get_payload(decode=True)
d437f8b2	134
394a1476 AE	135	filename = part.get_filename()
	136	content_type = part.get_content_type()
	137	description_list = part.get_params(header='content-description')
d437f8b2	138
394a1476 AE	139	if charset == None:
394a1476 AE	140	charset = 'utf-8'
0bec96d6	141
394a1476 AE	142	if payload_bytes != None:
	143	payload = payload_bytes.decode(charset)
	144	else:
	145	payload = ""
0bec96d6	146
394a1476 AE	147	if description_list != None:
	148	description = description_list[0][0]
	149	else:
	150	description = ""
0bec96d6	151
394a1476	152	return payload, description, filename, content_type
0bec96d6	153
0bec96d6	154
c267c233 AE	155	def add_gpg_keys (text, gpgme_ctx):
c267c233 AE	156
83210634 AE	157	key_blocks = scan_and_grab(text,
	158	'-----BEGIN PGP PUBLIC KEY BLOCK-----',
	159	'-----END PGP PUBLIC KEY BLOCK-----')
c267c233	160
83210634 AE	161	keys = []
	162	for key_block in key_blocks:
	163	fp = io.BytesIO(key_block.encode('ascii'))
c267c233 AE	164
c267c233 AE	165	result = gpgme_ctx.import_(fp)
c267c233	166
ec1e779a	167	fingerprint = result.imports[0][0]
c267c233 AE	168	debug("added gpg key: " + fingerprint)
c267c233 AE	169
83210634	170	keys += [gpgme_ctx.get_key(fingerprint)]
ec1e779a	171
83210634	172	return keys
ec1e779a AE	173
ec1e779a AE	174
40c37ab3	175	def decrypt_text (gpg_text, gpgme_ctx):
86663388	176
394a1476 AE	177	body = ""
394a1476 AE	178	keys = []
0bec96d6	179
5b3053c1	180	msg_blocks = scan_and_grab(gpg_text,
c267c233 AE	181	'-----BEGIN PGP MESSAGE-----',
c267c233 AE	182	'-----END PGP MESSAGE-----')
86663388	183
5b3053c1	184	plaintexts_and_sigs = decrypt_blocks(msg_blocks, gpgme_ctx)
0bec96d6	185
5b3053c1 AE	186	for pair in plaintexts_and_sigs:
	187	plaintext = pair[0]
	188	sigs = pair[1]
9eb78301	189
394a1476	190	for sig in sigs:
5b3053c1	191	keys += [gpgme_ctx.get_key(sig.fpr)]
0bec96d6	192
394a1476	193	# recursive for nested layers of mime and/or gpg
40c37ab3	194	plaintext, more_keys = email_decode_flatten(plaintext, gpgme_ctx)
8bb4b0d5	195
394a1476 AE	196	body += plaintext
394a1476 AE	197	keys += more_keys
8bb4b0d5	198
394a1476	199	return body, keys
8bb4b0d5	200
8bb4b0d5	201
c267c233	202	def scan_and_grab (text, start_text, end_text):
0bec96d6	203
c267c233 AE	204	matches = re.search('(' + start_text + '.*' + end_text + ')',
c267c233 AE	205	text, flags=re.DOTALL)
0bec96d6	206
c267c233 AE	207	if matches != None:
c267c233 AE	208	match_tuple = matches.groups()
0bec96d6	209	else:
c267c233	210	match_tuple = ()
7b06b980	211
c267c233	212	return match_tuple
0bec96d6 AE	213
0bec96d6 AE	214
5b3053c1	215	def decrypt_blocks (msg_blocks, gpgme_ctx):
0bec96d6	216
5b3053c1	217	return [decrypt_block(block, gpgme_ctx) for block in msg_blocks]
0bec96d6	218
0bec96d6	219
5b3053c1	220	def decrypt_block (msg_block, gpgme_ctx):
0bec96d6	221
5b3053c1	222	block_b = io.BytesIO(msg_block.encode('ascii'))
0bec96d6 AE	223	plain_b = io.BytesIO()
0bec96d6 AE	224
5b3053c1	225	sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)
0bec96d6	226
6aa41372	227	plaintext = plain_b.getvalue().decode('utf-8')
394a1476	228	return (plaintext, sigs)
0bec96d6 AE	229
0bec96d6 AE	230
fafa21c3 AE	231	def choose_reply_encryption_key (keys):
	232
	233	reply_key = None
	234	for key in keys:
	235	if (key.can_encrypt == True):
	236	reply_key = key
	237	break
	238
216708e9	239	return reply_key
fafa21c3 AE	240
fafa21c3 AE	241
897cbaf6	242	def generate_reply (plaintext, email_from, email_subject, encrypt_to_key,
40c37ab3	243	sign_with_fingerprint, gpgme_ctx):
1da9b527	244
8bdfb6d4	245
1da9b527 AE	246	reply = "To: " + email_from + "\n"
1da9b527 AE	247	reply += "Subject: " + email_subject + "\n"
216708e9 AE	248
	249	if (encrypt_to_key != None):
	250	plaintext_reply = "thanks for the message!\n\n\n"
	251	plaintext_reply += email_quote_text(plaintext)
	252
8bdfb6d4 AE	253	# quoted printable encoding lets most ascii characters look normal
	254	# before the decrypted mime message is decoded.
	255	char_set = email.charset.Charset("utf-8")
	256	char_set.body_encoding = email.charset.QP
	257
	258	# MIMEText doesn't allow setting the text encoding
	259	# so we use MIMENonMultipart.
	260	plaintext_mime = MIMENonMultipart('text', 'plain')
	261	plaintext_mime.set_payload(plaintext_reply, charset=char_set)
	262
	263	encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
	264	encrypt_to_key,
40c37ab3 AE	265	sign_with_fingerprint,
40c37ab3 AE	266	gpgme_ctx)
8bdfb6d4 AE	267
	268	control_mime = MIMEApplication("Version: 1",
	269	_subtype='pgp-encrypted',
	270	_encoder=email.encoders.encode_7or8bit)
	271	control_mime['Content-Description'] = 'PGP/MIME version identification'
	272	control_mime.set_charset('us-ascii')
	273
	274	encoded_mime = MIMEApplication(encrypted_text,
	275	_subtype='octet-stream; name="encrypted.asc"',
	276	_encoder=email.encoders.encode_7or8bit)
	277	encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
	278	encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
	279	encoded_mime.set_charset('us-ascii')
	280
	281	message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
	282	message_mime.attach(control_mime)
	283	message_mime.attach(encoded_mime)
	284	message_mime['Content-Disposition'] = 'inline'
216708e9	285
8bdfb6d4	286	reply += message_mime.as_string()
216708e9 AE	287
216708e9 AE	288	else:
8bdfb6d4	289	reply += "\n"
216708e9 AE	290	reply += "Sorry, i couldn't find your key.\n"
216708e9 AE	291	reply += "I'll need that to encrypt a message to you."
1da9b527 AE	292
	293	return reply
	294
	295
f87041f8 AE	296	def email_quote_text (text):
	297
	298	quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)
	299
	300	return quoted_message
	301
	302
40c37ab3	303	def encrypt_sign_message (plaintext, encrypt_to_key, sign_with_fingerprint, gpgme_ctx):
1da9b527	304
897cbaf6 AE	305	sign_with_key = gpgme_ctx.get_key(sign_with_fingerprint)
	306	gpgme_ctx.signers = [sign_with_key]
	307
6aa41372	308	plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
1da9b527 AE	309	encrypted_bytes = io.BytesIO()
1da9b527 AE	310
897cbaf6	311	gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
1da9b527 AE	312	plaintext_bytes, encrypted_bytes)
1da9b527 AE	313
6aa41372	314	encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
1da9b527 AE	315	return encrypted_txt
	316
	317
5e8f9094 AE	318	def debug (debug_msg):
	319
	320	if edward_config.debug == True:
	321	sys.stderr.write(debug_msg + "\n")
	322
	323
20f6e7c5 AE	324	def handle_args ():
	325	if __name__ == "__main__":
	326
	327	global progname
	328	progname = sys.argv[0]
	329
	330	if len(sys.argv) > 1:
	331	print(progname + ": error, this program doesn't " \
	332	"need any arguments.", file=sys.stderr)
	333	exit(1)
	334
	335
0bec96d6 AE	336	main()
0bec96d6 AE	337