[edward.git] / edward

#! /usr/bin/env python3
# -*- coding: utf-8 -*-
"""*********************************************************************
* Edward is free software: you can redistribute it and/or modify       *
* it under the terms of the GNU Affero Public License as published by  *
* the Free Software Foundation, either version 3 of the License, or    *
* (at your option) any later version.                                  *
*                                                                      *
* Edward is distributed in the hope that it will be useful,            *
* but WITHOUT ANY WARRANTY; without even the implied warranty of       *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
* GNU Affero Public License for more details.                          *
*                                                                      *
* You should have received a copy of the GNU Affero Public License     *
* along with Edward.  If not, see <http://www.gnu.org/licenses/>.      *
*                                                                      *
* Copyright (C) 2014-2015 Andrew Engelbrecht                (AGPLv3+)  *
* Copyright (C) 2014      Josh Drake                        (AGPLv3+)  *
* Copyright (C) 2014      Lisa Marie Maginnis               (AGPLv3+)  *
* Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+)  *
* Copyright (C) 2009      W. Trevor King <wking@drexel.edu> ( GPLv2+)  *
*                                                                      *
* Special thanks to Josh Drake for writing the original edward bot! :) *
*                                                                      *
************************************************************************

Code sourced from these projects:

  * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz
  * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
  * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime

"""

import sys
import gpgme
import re
import io
import os

import email.parser
import email.message
import email.encoders

from email.mime.multipart       import MIMEMultipart
from email.mime.application     import MIMEApplication
from email.mime.nonmultipart    import MIMENonMultipart

import edward_config

def main ():

    handle_args()

    email_text = sys.stdin.read()
    email_from, email_subject = email_from_subject(email_text)

    os.environ['GNUPGHOME'] = edward_config.gnupghome
    gpgme_ctx = gpgme.Context()
    gpgme_ctx.armor = True

    add_gpg_keys(email_text, gpgme_ctx)

    plaintext, keys = email_decode_flatten(email_text, gpgme_ctx)
    encrypt_to_key = choose_reply_encryption_key(keys)

    reply_message = generate_reply(plaintext, email_from, \
                                   email_subject, encrypt_to_key,
                                   edward_config.sign_with_key,
                                   gpgme_ctx)

    print(reply_message)


def email_decode_flatten (email_text, gpgme_ctx):

    body = ""
    keys = []

    email_struct = email.parser.Parser().parsestr(email_text)

    for subpart in email_struct.walk():

        payload, description, filename, content_type \
                = get_email_subpart_info(subpart)

        if payload == "":
            continue

        if content_type == "multipart":
            continue

        if content_type == "application/pgp-encrypted":
            if description == "PGP/MIME version identification":
                if payload.strip() != "Version: 1":
                    print(progname + ": Warning: unknown " \
                            + description + ": " \
                            + payload.strip(), file=sys.stderr)
            continue


        if (filename == "encrypted.asc") or (content_type == "pgp/mime"):
            plaintext, more_keys = decrypt_text(payload, gpgme_ctx)

            body += plaintext
            keys += more_keys

        elif content_type == "application/pgp-keys":
            keys += add_gpg_keys(payload, gpgme_ctx)

        elif content_type == "text/plain":
            body += payload + "\n"

        else:
            body += payload + "\n"

    return body, keys


def email_from_subject (email_text):

    email_struct = email.parser.Parser().parsestr(email_text)

    email_from      = email_struct['From']
    email_subject   = email_struct['Subject']

    return email_from, email_subject


def get_email_subpart_info (part):

    charset             = part.get_content_charset()
    payload_bytes       = part.get_payload(decode=True)

    filename            = part.get_filename()
    content_type        = part.get_content_type()
    description_list    = part.get_params(header='content-description')

    if charset == None:
        charset = 'utf-8'

    if payload_bytes != None:
        payload = payload_bytes.decode(charset)
    else:
        payload = ""

    if description_list != None:
        description = description_list[0][0]
    else:
        description = ""

    return payload, description, filename, content_type


def add_gpg_keys (text, gpgme_ctx):

    key_blocks = scan_and_grab(text,
                               '-----BEGIN PGP PUBLIC KEY BLOCK-----',
                               '-----END PGP PUBLIC KEY BLOCK-----')

    keys = []
    for key_block in key_blocks:
        fp = io.BytesIO(key_block.encode('ascii'))

        result = gpgme_ctx.import_(fp)

        fingerprint = result.imports[0][0]
        debug("added gpg key: " + fingerprint)

        keys += [gpgme_ctx.get_key(fingerprint)]

    return keys


def decrypt_text (gpg_text, gpgme_ctx):

    body = ""
    keys = []

    msg_blocks = scan_and_grab(gpg_text,
                               '-----BEGIN PGP MESSAGE-----',
                               '-----END PGP MESSAGE-----')

    plaintexts_and_sigs = decrypt_blocks(msg_blocks, gpgme_ctx)

    for pair in plaintexts_and_sigs:
        plaintext   = pair[0]
        sigs        = pair[1]

        for sig in sigs:
            keys += [gpgme_ctx.get_key(sig.fpr)]

        # recursive for nested layers of mime and/or gpg
        plaintext, more_keys = email_decode_flatten(plaintext, gpgme_ctx)

        body += plaintext
        keys += more_keys

    return body, keys


def scan_and_grab (text, start_text, end_text):

    matches = re.search('(' + start_text + '.*' + end_text + ')',
                        text, flags=re.DOTALL)

    if matches != None:
        match_tuple = matches.groups()
    else:
        match_tuple = ()

    return match_tuple


def decrypt_blocks (msg_blocks, gpgme_ctx):

    return [decrypt_block(block, gpgme_ctx) for block in msg_blocks]


def decrypt_block (msg_block, gpgme_ctx):

    block_b = io.BytesIO(msg_block.encode('ascii'))
    plain_b = io.BytesIO()

    try:
        sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)
    except:
        return ("",[])

    plaintext = plain_b.getvalue().decode('utf-8')
    return (plaintext, sigs)


def choose_reply_encryption_key (keys):

    reply_key = None
    for key in keys:
        if (key.can_encrypt == True):
            reply_key = key
            break

    return reply_key


def generate_reply (plaintext, email_from, email_subject, encrypt_to_key,
                    sign_with_fingerprint, gpgme_ctx):


    reply  = "To: " + email_from + "\n"
    reply += "Subject: " + email_subject + "\n"

    if (encrypt_to_key != None):
        plaintext_reply  = "thanks for the message!\n\n\n"
        plaintext_reply += email_quote_text(plaintext)

        # quoted printable encoding lets most ascii characters look normal
        # before the decrypted mime message is decoded.
        char_set = email.charset.Charset("utf-8")
        char_set.body_encoding = email.charset.QP

        # MIMEText doesn't allow setting the text encoding
        # so we use MIMENonMultipart.
        plaintext_mime = MIMENonMultipart('text', 'plain')
        plaintext_mime.set_payload(plaintext_reply, charset=char_set)

        encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
                                              encrypt_to_key,
                                              sign_with_fingerprint,
                                              gpgme_ctx)

        control_mime = MIMEApplication("Version: 1",
                                       _subtype='pgp-encrypted',
                                       _encoder=email.encoders.encode_7or8bit)
        control_mime['Content-Description'] = 'PGP/MIME version identification'
        control_mime.set_charset('us-ascii')

        encoded_mime = MIMEApplication(encrypted_text,
                                       _subtype='octet-stream; name="encrypted.asc"',
                                       _encoder=email.encoders.encode_7or8bit)
        encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
        encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
        encoded_mime.set_charset('us-ascii')

        message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
        message_mime.attach(control_mime)
        message_mime.attach(encoded_mime)
        message_mime['Content-Disposition'] = 'inline'

        reply += message_mime.as_string()

    else:
        reply += "\n"
        reply += "Sorry, i couldn't find your key.\n"
        reply += "I'll need that to encrypt a message to you."

    return reply


def email_quote_text (text):

    quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)

    return quoted_message


def encrypt_sign_message (plaintext, encrypt_to_key, sign_with_fingerprint, gpgme_ctx):

    sign_with_key = gpgme_ctx.get_key(sign_with_fingerprint)
    gpgme_ctx.signers = [sign_with_key]

    plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
    encrypted_bytes = io.BytesIO()

    gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
            plaintext_bytes, encrypted_bytes)

    encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
    return encrypted_txt


def debug (debug_msg):

    if edward_config.debug == True:
        sys.stderr.write(debug_msg + "\n")


def handle_args ():
    if __name__ == "__main__":

        global progname
        progname = sys.argv[0]

        if len(sys.argv) > 1:
            print(progname + ": error, this program doesn't " \
                    "need any arguments.", file=sys.stderr)
            exit(1)


main()
Commit	Line	Data
0bec96d6	1	#! /usr/bin/env python3
ff4136c7	2	# -- coding: utf-8 --
0bec96d6 AE	3	"""*********************************************************************
	4	* Edward is free software: you can redistribute it and/or modify *
	5	* it under the terms of the GNU Affero Public License as published by *
	6	* the Free Software Foundation, either version 3 of the License, or *
	7	* (at your option) any later version. *
	8	* *
	9	* Edward is distributed in the hope that it will be useful, *
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	12	* GNU Affero Public License for more details. *
	13	* *
	14	* You should have received a copy of the GNU Affero Public License *
	15	* along with Edward. If not, see <http://www.gnu.org/licenses/>. *
	16	* *
	17	* Copyright (C) 2014-2015 Andrew Engelbrecht (AGPLv3+) *
	18	* Copyright (C) 2014 Josh Drake (AGPLv3+) *
	19	* Copyright (C) 2014 Lisa Marie Maginnis (AGPLv3+) *
8bdfb6d4 AE	20	* Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+) *
8bdfb6d4 AE	21	* Copyright (C) 2009 W. Trevor King <wking@drexel.edu> ( GPLv2+) *
0bec96d6 AE	22	* *
	23	* Special thanks to Josh Drake for writing the original edward bot! :) *
	24	* *
	25	************************************************************************
	26
a5385c04	27	Code sourced from these projects:
0bec96d6	28
8bdfb6d4 AE	29	* http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz
	30	* https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
	31	* http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime
0bec96d6 AE	32
	33	"""
	34
	35	import sys
0bec96d6 AE	36	import gpgme
	37	import re
	38	import io
40c37ab3	39	import os
0bec96d6	40
8bdfb6d4 AE	41	import email.parser
	42	import email.message
	43	import email.encoders
	44
	45	from email.mime.multipart import MIMEMultipart
	46	from email.mime.application import MIMEApplication
	47	from email.mime.nonmultipart import MIMENonMultipart
	48
40c37ab3	49	import edward_config
c96f3837	50
0bec96d6 AE	51	def main ():
0bec96d6 AE	52
20f6e7c5	53	handle_args()
0bec96d6	54
c96f3837	55	email_text = sys.stdin.read()
65ed3800 AE	56	email_from, email_subject = email_from_subject(email_text)
65ed3800 AE	57
40c37ab3 AE	58	os.environ['GNUPGHOME'] = edward_config.gnupghome
	59	gpgme_ctx = gpgme.Context()
	60	gpgme_ctx.armor = True
	61
c267c233 AE	62	add_gpg_keys(email_text, gpgme_ctx)
c267c233 AE	63
40c37ab3	64	plaintext, keys = email_decode_flatten(email_text, gpgme_ctx)
1da9b527	65	encrypt_to_key = choose_reply_encryption_key(keys)
fafa21c3	66
1da9b527	67	reply_message = generate_reply(plaintext, email_from, \
897cbaf6	68	email_subject, encrypt_to_key,
40c37ab3 AE	69	edward_config.sign_with_key,
40c37ab3 AE	70	gpgme_ctx)
c96f3837	71
1da9b527	72	print(reply_message)
c96f3837	73
0bec96d6	74
40c37ab3	75	def email_decode_flatten (email_text, gpgme_ctx):
0bec96d6	76
86663388	77	body = ""
394a1476 AE	78	keys = []
	79
	80	email_struct = email.parser.Parser().parsestr(email_text)
	81
	82	for subpart in email_struct.walk():
8bb4b0d5	83
394a1476 AE	84	payload, description, filename, content_type \
394a1476 AE	85	= get_email_subpart_info(subpart)
0bec96d6	86
394a1476	87	if payload == "":
8bb4b0d5	88	continue
0bec96d6	89
394a1476	90	if content_type == "multipart":
d437f8b2	91	continue
0bec96d6	92
394a1476 AE	93	if content_type == "application/pgp-encrypted":
394a1476 AE	94	if description == "PGP/MIME version identification":
8bb4b0d5	95	if payload.strip() != "Version: 1":
394a1476 AE	96	print(progname + ": Warning: unknown " \
394a1476 AE	97	+ description + ": " \
20f6e7c5	98	+ payload.strip(), file=sys.stderr)
8bb4b0d5 AE	99	continue
8bb4b0d5 AE	100
d437f8b2	101
394a1476	102	if (filename == "encrypted.asc") or (content_type == "pgp/mime"):
40c37ab3	103	plaintext, more_keys = decrypt_text(payload, gpgme_ctx)
0bec96d6	104
394a1476 AE	105	body += plaintext
	106	keys += more_keys
	107
c267c233	108	elif content_type == "application/pgp-keys":
ec1e779a	109	keys += add_gpg_keys(payload, gpgme_ctx)
c267c233	110
394a1476	111	elif content_type == "text/plain":
86663388	112	body += payload + "\n"
0bec96d6	113
8bb4b0d5	114	else:
86663388 AE	115	body += payload + "\n"
86663388 AE	116
394a1476	117	return body, keys
86663388	118
c96f3837	119
65ed3800	120	def email_from_subject (email_text):
d437f8b2	121
394a1476	122	email_struct = email.parser.Parser().parsestr(email_text)
d437f8b2	123
394a1476 AE	124	email_from = email_struct['From']
394a1476 AE	125	email_subject = email_struct['Subject']
d437f8b2	126
394a1476	127	return email_from, email_subject
d437f8b2	128
d437f8b2	129
394a1476	130	def get_email_subpart_info (part):
d437f8b2	131
394a1476 AE	132	charset = part.get_content_charset()
394a1476 AE	133	payload_bytes = part.get_payload(decode=True)
d437f8b2	134
394a1476 AE	135	filename = part.get_filename()
	136	content_type = part.get_content_type()
	137	description_list = part.get_params(header='content-description')
d437f8b2	138
394a1476 AE	139	if charset == None:
394a1476 AE	140	charset = 'utf-8'
0bec96d6	141
394a1476 AE	142	if payload_bytes != None:
	143	payload = payload_bytes.decode(charset)
	144	else:
	145	payload = ""
0bec96d6	146
394a1476 AE	147	if description_list != None:
	148	description = description_list[0][0]
	149	else:
	150	description = ""
0bec96d6	151
394a1476	152	return payload, description, filename, content_type
0bec96d6	153
0bec96d6	154
c267c233 AE	155	def add_gpg_keys (text, gpgme_ctx):
c267c233 AE	156
83210634 AE	157	key_blocks = scan_and_grab(text,
	158	'-----BEGIN PGP PUBLIC KEY BLOCK-----',
	159	'-----END PGP PUBLIC KEY BLOCK-----')
c267c233	160
83210634 AE	161	keys = []
	162	for key_block in key_blocks:
	163	fp = io.BytesIO(key_block.encode('ascii'))
c267c233 AE	164
c267c233 AE	165	result = gpgme_ctx.import_(fp)
c267c233	166
ec1e779a	167	fingerprint = result.imports[0][0]
c267c233 AE	168	debug("added gpg key: " + fingerprint)
c267c233 AE	169
83210634	170	keys += [gpgme_ctx.get_key(fingerprint)]
ec1e779a	171
83210634	172	return keys
ec1e779a AE	173
ec1e779a AE	174
40c37ab3	175	def decrypt_text (gpg_text, gpgme_ctx):
86663388	176
394a1476 AE	177	body = ""
394a1476 AE	178	keys = []
0bec96d6	179
5b3053c1	180	msg_blocks = scan_and_grab(gpg_text,
c267c233 AE	181	'-----BEGIN PGP MESSAGE-----',
c267c233 AE	182	'-----END PGP MESSAGE-----')
86663388	183
5b3053c1	184	plaintexts_and_sigs = decrypt_blocks(msg_blocks, gpgme_ctx)
0bec96d6	185
5b3053c1 AE	186	for pair in plaintexts_and_sigs:
	187	plaintext = pair[0]
	188	sigs = pair[1]
9eb78301	189
394a1476	190	for sig in sigs:
5b3053c1	191	keys += [gpgme_ctx.get_key(sig.fpr)]
0bec96d6	192
394a1476	193	# recursive for nested layers of mime and/or gpg
40c37ab3	194	plaintext, more_keys = email_decode_flatten(plaintext, gpgme_ctx)
8bb4b0d5	195
394a1476 AE	196	body += plaintext
394a1476 AE	197	keys += more_keys
8bb4b0d5	198
394a1476	199	return body, keys
8bb4b0d5	200
8bb4b0d5	201
c267c233	202	def scan_and_grab (text, start_text, end_text):
0bec96d6	203
c267c233 AE	204	matches = re.search('(' + start_text + '.*' + end_text + ')',
c267c233 AE	205	text, flags=re.DOTALL)
0bec96d6	206
c267c233 AE	207	if matches != None:
c267c233 AE	208	match_tuple = matches.groups()
0bec96d6	209	else:
c267c233	210	match_tuple = ()
7b06b980	211
c267c233	212	return match_tuple
0bec96d6 AE	213
0bec96d6 AE	214
5b3053c1	215	def decrypt_blocks (msg_blocks, gpgme_ctx):
0bec96d6	216
5b3053c1	217	return [decrypt_block(block, gpgme_ctx) for block in msg_blocks]
0bec96d6	218
0bec96d6	219
5b3053c1	220	def decrypt_block (msg_block, gpgme_ctx):
0bec96d6	221
5b3053c1	222	block_b = io.BytesIO(msg_block.encode('ascii'))
0bec96d6 AE	223	plain_b = io.BytesIO()
0bec96d6 AE	224
afc1f64c AE	225	try:
	226	sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)
	227	except:
	228	return ("",[])
0bec96d6	229
6aa41372	230	plaintext = plain_b.getvalue().decode('utf-8')
394a1476	231	return (plaintext, sigs)
0bec96d6 AE	232
0bec96d6 AE	233
fafa21c3 AE	234	def choose_reply_encryption_key (keys):
	235
	236	reply_key = None
	237	for key in keys:
	238	if (key.can_encrypt == True):
	239	reply_key = key
	240	break
	241
216708e9	242	return reply_key
fafa21c3 AE	243
fafa21c3 AE	244
897cbaf6	245	def generate_reply (plaintext, email_from, email_subject, encrypt_to_key,
40c37ab3	246	sign_with_fingerprint, gpgme_ctx):
1da9b527	247
8bdfb6d4	248
1da9b527 AE	249	reply = "To: " + email_from + "\n"
1da9b527 AE	250	reply += "Subject: " + email_subject + "\n"
216708e9 AE	251
	252	if (encrypt_to_key != None):
	253	plaintext_reply = "thanks for the message!\n\n\n"
	254	plaintext_reply += email_quote_text(plaintext)
	255
8bdfb6d4 AE	256	# quoted printable encoding lets most ascii characters look normal
	257	# before the decrypted mime message is decoded.
	258	char_set = email.charset.Charset("utf-8")
	259	char_set.body_encoding = email.charset.QP
	260
	261	# MIMEText doesn't allow setting the text encoding
	262	# so we use MIMENonMultipart.
	263	plaintext_mime = MIMENonMultipart('text', 'plain')
	264	plaintext_mime.set_payload(plaintext_reply, charset=char_set)
	265
	266	encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
	267	encrypt_to_key,
40c37ab3 AE	268	sign_with_fingerprint,
40c37ab3 AE	269	gpgme_ctx)
8bdfb6d4 AE	270
	271	control_mime = MIMEApplication("Version: 1",
	272	_subtype='pgp-encrypted',
	273	_encoder=email.encoders.encode_7or8bit)
	274	control_mime['Content-Description'] = 'PGP/MIME version identification'
	275	control_mime.set_charset('us-ascii')
	276
	277	encoded_mime = MIMEApplication(encrypted_text,
	278	_subtype='octet-stream; name="encrypted.asc"',
	279	_encoder=email.encoders.encode_7or8bit)
	280	encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
	281	encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
	282	encoded_mime.set_charset('us-ascii')
	283
	284	message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
	285	message_mime.attach(control_mime)
	286	message_mime.attach(encoded_mime)
	287	message_mime['Content-Disposition'] = 'inline'
216708e9	288
8bdfb6d4	289	reply += message_mime.as_string()
216708e9 AE	290
216708e9 AE	291	else:
8bdfb6d4	292	reply += "\n"
216708e9 AE	293	reply += "Sorry, i couldn't find your key.\n"
216708e9 AE	294	reply += "I'll need that to encrypt a message to you."
1da9b527 AE	295
	296	return reply
	297
	298
f87041f8 AE	299	def email_quote_text (text):
	300
	301	quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)
	302
	303	return quoted_message
	304
	305
40c37ab3	306	def encrypt_sign_message (plaintext, encrypt_to_key, sign_with_fingerprint, gpgme_ctx):
1da9b527	307
897cbaf6 AE	308	sign_with_key = gpgme_ctx.get_key(sign_with_fingerprint)
	309	gpgme_ctx.signers = [sign_with_key]
	310
6aa41372	311	plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
1da9b527 AE	312	encrypted_bytes = io.BytesIO()
1da9b527 AE	313
897cbaf6	314	gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
1da9b527 AE	315	plaintext_bytes, encrypted_bytes)
1da9b527 AE	316
6aa41372	317	encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
1da9b527 AE	318	return encrypted_txt
	319
	320
5e8f9094 AE	321	def debug (debug_msg):
	322
	323	if edward_config.debug == True:
	324	sys.stderr.write(debug_msg + "\n")
	325
	326
20f6e7c5 AE	327	def handle_args ():
	328	if __name__ == "__main__":
	329
	330	global progname
	331	progname = sys.argv[0]
	332
	333	if len(sys.argv) > 1:
	334	print(progname + ": error, this program doesn't " \
	335	"need any arguments.", file=sys.stderr)
	336	exit(1)
	337
	338
0bec96d6 AE	339	main()
0bec96d6 AE	340