projects / edward.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
added detached sig verification
[edward.git] / edward
1 #! /usr/bin/env python3
2 # -*- coding: utf-8 -*-
3 """*********************************************************************
4 * Edward is free software: you can redistribute it and/or modify *
5 * it under the terms of the GNU Affero Public License as published by *
6 * the Free Software Foundation, either version 3 of the License, or *
7 * (at your option) any later version. *
8 * *
9 * Edward is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU Affero Public License for more details. *
13 * *
14 * You should have received a copy of the GNU Affero Public License *
15 * along with Edward. If not, see <http://www.gnu.org/licenses/>. *
16 * *
17 * Copyright (C) 2014-2015 Andrew Engelbrecht (AGPLv3+) *
18 * Copyright (C) 2014 Josh Drake (AGPLv3+) *
19 * Copyright (C) 2014 Lisa Marie Maginnis (AGPLv3+) *
20 * Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+) *
21 * Copyright (C) 2009 W. Trevor King <wking@drexel.edu> ( GPLv2+) *
22 * *
23 * Special thanks to Josh Drake for writing the original edward bot! :) *
24 * *
25 ************************************************************************
26
27 Code sourced from these projects:
28
29 * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz
30 * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
31 * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime
32 """
33
34 import sys
35 import gpgme
36 import re
37 import io
38 import os
39 import importlib
40
41 import email.parser
42 import email.message
43 import email.encoders
44
45 from email.mime.multipart import MIMEMultipart
46 from email.mime.application import MIMEApplication
47 from email.mime.nonmultipart import MIMENonMultipart
48
49 import edward_config
50
51 langs = ["an", "de", "el", "en", "fr", "ja", "pt-br", "ro", "ru", "tr"]
52
53 match_types = [('clearsign',
54 '-----BEGIN PGP SIGNED MESSAGE-----.*?-----BEGIN PGP SIGNATURE-----.*?-----END PGP SIGNATURE-----'),
55 ('message',
56 '-----BEGIN PGP MESSAGE-----.*?-----END PGP MESSAGE-----'),
57 ('pubkey',
58 '-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----'),
59 ('detachedsig',
60 '-----BEGIN PGP SIGNATURE-----.*?-----END PGP SIGNATURE-----')]
61
62
63 class EddyMsg (object):
64 def __init__(self):
65 self.multipart = False
66 self.subparts = []
67
68 self.charset = None
69 self.payload_bytes = None
70 self.payload_pieces = []
71
72 self.filename = None
73 self.content_type = None
74 self.description_list = None
75
76
77 class PayloadPiece (object):
78 def __init__(self):
79 self.piece_type = None
80 self.string = None
81 self.gpg_data = None
82
83
84 class GPGData (object):
85 def __init__(self):
86 self.decrypted = False
87
88 self.plainobj = None
89 self.sigs = []
90 self.keys = []
91
92
93 def main ():
94
95 handle_args()
96
97 gpgme_ctx = get_gpg_context(edward_config.gnupghome,
98 edward_config.sign_with_key)
99
100 email_text = sys.stdin.read()
101 email_struct = parse_pgp_mime(email_text, gpgme_ctx)
102
103 email_to, email_from, email_subject = email_to_from_subject(email_text)
104 lang = import_lang(email_to)
105
106 reply_plaintext = build_reply(email_struct)
107
108 debug(lang.replies['success_decrypt'])
109 print(reply_plaintext)
110
111 # encrypt_to_key = choose_reply_encryption_key(gpgme_ctx, fingerprints)
112 #
113 # reply_mime = generate_encrypted_mime(plaintext, email_from, \
114 # email_subject, encrypt_to_key,
115 # gpgme_ctx)
116
117
118 def get_gpg_context (gnupghome, sign_with_key_fp):
119
120 os.environ['GNUPGHOME'] = gnupghome
121
122 gpgme_ctx = gpgme.Context()
123 gpgme_ctx.armor = True
124
125 try:
126 sign_with_key = gpgme_ctx.get_key(sign_with_key_fp)
127 except:
128 error("unable to load signing key. is the gnupghome "
129 + "and signing key properly set in the edward_config.py?")
130 exit(1)
131
132 gpgme_ctx.signers = [sign_with_key]
133
134 return gpgme_ctx
135
136
137 def parse_pgp_mime (email_text, gpgme_ctx):
138
139 email_struct = email.parser.Parser().parsestr(email_text)
140
141 eddy_obj = parse_mime(email_struct)
142 split_payloads(eddy_obj)
143 gpg_on_payloads(eddy_obj, gpgme_ctx)
144
145 return eddy_obj
146
147
148 def parse_mime(msg_struct):
149
150 eddy_obj = EddyMsg()
151
152 if msg_struct.is_multipart() == True:
153 payloads = msg_struct.get_payload()
154
155 eddy_obj.multipart = True
156 eddy_obj.subparts = list(map(parse_mime, payloads))
157
158 else:
159 eddy_obj = get_subpart_data(msg_struct)
160
161 return eddy_obj
162
163
164 def scan_and_split (payload_piece, match_type, pattern):
165
166 # don't try to re-split pieces containing gpg data
167 if payload_piece.piece_type != "text":
168 return [payload_piece]
169
170 flags = re.DOTALL | re.MULTILINE
171 matches = re.search("(?P<beginning>.*?)(?P<match>" + pattern +
172 ")(?P<rest>.*)", payload_piece.string, flags=flags)
173
174 if matches == None:
175 pieces = [payload_piece]
176
177 else:
178
179 beginning = PayloadPiece()
180 beginning.string = matches.group('beginning')
181 beginning.piece_type = payload_piece.piece_type
182
183 match = PayloadPiece()
184 match.string = matches.group('match')
185 match.piece_type = match_type
186
187 rest = PayloadPiece()
188 rest.string = matches.group('rest')
189 rest.piece_type = payload_piece.piece_type
190
191 more_pieces = scan_and_split(rest, match_type, pattern)
192 pieces = [beginning, match ] + more_pieces
193
194 return pieces
195
196
197 def get_subpart_data (part):
198
199 obj = EddyMsg()
200
201 obj.charset = part.get_content_charset()
202 obj.payload_bytes = part.get_payload(decode=True)
203
204 obj.filename = part.get_filename()
205 obj.content_type = part.get_content_type()
206 obj.description_list = part['content-description']
207
208 # your guess is as good as a-myy-ee-ine...
209 if obj.charset == None:
210 obj.charset = 'utf-8'
211
212 if obj.payload_bytes != None:
213 try:
214 payload = PayloadPiece()
215 payload.string = obj.payload_bytes.decode(obj.charset)
216 payload.piece_type = 'text'
217
218 obj.payload_pieces = [payload]
219 except UnicodeDecodeError:
220 pass
221
222 return obj
223
224
225 def do_to_eddys_pieces (function_to_do, eddy_obj, data):
226
227 if eddy_obj.multipart == True:
228 result_list = []
229 for sub in eddy_obj.subparts:
230 result_list += do_to_eddys_pieces(function_to_do, sub, data)
231 else:
232 result_list = [function_to_do(eddy_obj, data)]
233
234 return result_list
235
236
237 def split_payloads (eddy_obj):
238
239 for match_type in match_types:
240 do_to_eddys_pieces(split_payload_pieces, eddy_obj, match_type)
241
242
243 def split_payload_pieces (eddy_obj, match_type):
244
245 (match_name, pattern) = match_type
246
247 new_pieces_list = []
248 for piece in eddy_obj.payload_pieces:
249 new_pieces_list += scan_and_split(piece, match_name, pattern)
250
251 eddy_obj.payload_pieces = new_pieces_list
252
253
254 def gpg_on_payloads (eddy_obj, gpgme_ctx, prev_parts=[]):
255
256 if eddy_obj.multipart == True:
257 prev_parts=[]
258 for sub in eddy_obj.subparts:
259 gpg_on_payloads (sub, gpgme_ctx, prev_parts)
260 prev_parts += [sub]
261
262
263 for piece in eddy_obj.payload_pieces:
264
265 if piece.piece_type == "text":
266 # don't transform the plaintext.
267 pass
268
269 elif piece.piece_type == "message":
270 (plaintext, sigs) = decrypt_block (piece.string, gpgme_ctx)
271
272 if plaintext:
273 piece.gpg_data = GPGData()
274 piece.gpg_data.sigs = sigs
275 # recurse!
276 piece.gpg_data.plainobj = parse_pgp_mime(plaintext, gpgme_ctx)
277
278 elif piece.piece_type == "pubkey":
279 fingerprints = add_gpg_key(piece.string, gpgme_ctx)
280
281 if fingerprints != []:
282 piece.gpg_data = GPGData()
283 piece.gpg_data.keys = fingerprints
284
285 elif piece.piece_type == "clearsign":
286 (plaintext, fingerprints) = verify_clear_signature(piece.string, gpgme_ctx)
287
288 if fingerprints != []:
289 piece.gpg_data = GPGData()
290 piece.gpg_data.sigs = fingerprints
291 piece.gpg_data.plainobj = parse_pgp_mime(plaintext, gpgme_ctx)
292
293 elif piece.piece_type == "detachedsig":
294 for prev in prev_parts:
295 payload_bytes = prev.payload_bytes
296 sigs_fps = verify_detached_signature(piece.string, payload_bytes, gpgme_ctx)
297
298 if sigs_fps != []:
299 piece.gpg_data = GPGData()
300 piece.gpg_data.sigs = sigs_fps
301 piece.gpg_data.plainobj = prev
302 else:
303 pass
304
305
306 def build_reply (eddy_obj):
307
308 string = "\n".join(do_to_eddys_pieces(build_reply_pieces, eddy_obj, None))
309
310 return string
311
312
313 def build_reply_pieces (eddy_obj, _ignore):
314
315 string = ""
316 for piece in eddy_obj.payload_pieces:
317 if piece.piece_type == "text":
318 string += piece.string
319 elif piece.gpg_data == None:
320 string += "Hmmm... I wasn't able to get that part.\n"
321 elif piece.piece_type == "message":
322 # recursive!
323 string += build_reply(piece.gpg_data.plainobj)
324 elif piece.piece_type == "pubkey":
325 string += "thanks for your public key:"
326 for key in piece.gpg_data.keys:
327 string += "\n" + key
328 elif piece.piece_type == "clearsign":
329 string += "*** Begin signed part ***\n"
330 string += build_reply(piece.gpg_data.plainobj)
331 string += "\n*** End signed part ***"
332 elif piece.piece_type == "detachedsig":
333 string += "*** Begin detached signed part ***\n"
334 string += build_reply(piece.gpg_data.plainobj)
335 string += "*** End detached signed part ***\n"
336
337 return string
338
339
340 def add_gpg_key (key_block, gpgme_ctx):
341
342 fp = io.BytesIO(key_block.encode('ascii'))
343
344 result = gpgme_ctx.import_(fp)
345 imports = result.imports
346
347 fingerprints = []
348
349 if imports != []:
350 for import_ in imports:
351 fingerprint = import_[0]
352 fingerprints += [fingerprint]
353
354 debug("added gpg key: " + fingerprint)
355
356 return fingerprints
357
358
359 def verify_clear_signature (sig_block, gpgme_ctx):
360
361 # FIXME: this might require the un-decoded bytes
362 # or the correct re-encoding with the carset of the mime part.
363 msg_fp = io.BytesIO(sig_block.encode('utf-8'))
364 ptxt_fp = io.BytesIO()
365
366 result = gpgme_ctx.verify(msg_fp, None, ptxt_fp)
367
368 # FIXME: this might require using the charset of the mime part.
369 plaintext = ptxt_fp.getvalue().decode('utf-8')
370
371 fingerprints = []
372 for res_ in result:
373 fingerprints += [res_.fpr]
374
375 return plaintext, fingerprints
376
377
378 def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx):
379
380 detached_sig_fp = io.BytesIO(detached_sig.encode('ascii'))
381 plaintext_fp = io.BytesIO(plaintext_bytes)
382 ptxt_fp = io.BytesIO()
383
384 result = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None)
385
386 sig_fingerprints = []
387 for res_ in result:
388 sig_fingerprints += [res_.fpr]
389
390 return sig_fingerprints
391
392
393 def decrypt_block (msg_block, gpgme_ctx):
394
395 block_b = io.BytesIO(msg_block.encode('ascii'))
396 plain_b = io.BytesIO()
397
398 try:
399 sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)
400 except:
401 return ("",[])
402
403 plaintext = plain_b.getvalue().decode('utf-8')
404 return (plaintext, sigs)
405
406
407 def choose_reply_encryption_key (gpgme_ctx, fingerprints):
408
409 reply_key = None
410 for fp in fingerprints:
411 try:
412 key = gpgme_ctx.get_key(fp)
413
414 if (key.can_encrypt == True):
415 reply_key = key
416 break
417 except:
418 continue
419
420
421 return reply_key
422
423
424 def email_to_from_subject (email_text):
425
426 email_struct = email.parser.Parser().parsestr(email_text)
427
428 email_to = email_struct['To']
429 email_from = email_struct['From']
430 email_subject = email_struct['Subject']
431
432 return email_to, email_from, email_subject
433
434
435 def import_lang(email_to):
436
437 if email_to != None:
438 for lang in langs:
439 if "edward-" + lang in email_to:
440 lang = "lang." + re.sub('-', '_', lang)
441 language = importlib.import_module(lang)
442
443 return language
444
445 return importlib.import_module("lang.en")
446
447
448 def generate_encrypted_mime (plaintext, email_from, email_subject, encrypt_to_key,
449 gpgme_ctx):
450
451
452 reply = "To: " + email_from + "\n"
453 reply += "Subject: " + email_subject + "\n"
454
455 if (encrypt_to_key != None):
456 plaintext_reply = "thanks for the message!\n\n\n"
457 plaintext_reply += email_quote_text(plaintext)
458
459 # quoted printable encoding lets most ascii characters look normal
460 # before the decrypted mime message is decoded.
461 char_set = email.charset.Charset("utf-8")
462 char_set.body_encoding = email.charset.QP
463
464 # MIMEText doesn't allow setting the text encoding
465 # so we use MIMENonMultipart.
466 plaintext_mime = MIMENonMultipart('text', 'plain')
467 plaintext_mime.set_payload(plaintext_reply, charset=char_set)
468
469 encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
470 encrypt_to_key,
471 gpgme_ctx)
472
473 control_mime = MIMEApplication("Version: 1",
474 _subtype='pgp-encrypted',
475 _encoder=email.encoders.encode_7or8bit)
476 control_mime['Content-Description'] = 'PGP/MIME version identification'
477 control_mime.set_charset('us-ascii')
478
479 encoded_mime = MIMEApplication(encrypted_text,
480 _subtype='octet-stream; name="encrypted.asc"',
481 _encoder=email.encoders.encode_7or8bit)
482 encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
483 encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
484 encoded_mime.set_charset('us-ascii')
485
486 message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
487 message_mime.attach(control_mime)
488 message_mime.attach(encoded_mime)
489 message_mime['Content-Disposition'] = 'inline'
490
491 reply += message_mime.as_string()
492
493 else:
494 reply += "\n"
495 reply += "Sorry, i couldn't find your key.\n"
496 reply += "I'll need that to encrypt a message to you."
497
498 return reply
499
500
501 def email_quote_text (text):
502
503 quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)
504
505 return quoted_message
506
507
508 def encrypt_sign_message (plaintext, encrypt_to_key, gpgme_ctx):
509
510 plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
511 encrypted_bytes = io.BytesIO()
512
513 gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
514 plaintext_bytes, encrypted_bytes)
515
516 encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
517 return encrypted_txt
518
519
520 def error (error_msg):
521
522 sys.stderr.write(progname + ": " + str(error_msg) + "\n")
523
524
525 def debug (debug_msg):
526
527 if edward_config.debug == True:
528 error(debug_msg)
529
530
531 def handle_args ():
532 if __name__ == "__main__":
533
534 global progname
535 progname = sys.argv[0]
536
537 if len(sys.argv) > 1:
538 print(progname + ": error, this program doesn't " \
539 "need any arguments.", file=sys.stderr)
540 exit(1)
541
542
543 main()
544