X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=edward;h=d7443927cabc24fa373c66b8019015be5d981dd2;hb=cbe017bc9637a97c6275a1e3992760ee70f3860e;hp=9c829d60c1d1ca1623ab227a34adffc27ae1598c;hpb=9af26cb82b9f1586ea7031992ceeadadc72a7c64;p=edward.git diff --git a/edward b/edward index 9c829d6..d744392 100755 --- a/edward +++ b/edward @@ -26,7 +26,7 @@ Code sourced from these projects: - * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz + * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/PREVIOUS-20150530/edward.tar.gz * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3 * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime """ @@ -37,8 +37,8 @@ import os import sys import enum import gpgme +import smtplib import importlib -import subprocess import email.parser import email.message @@ -51,7 +51,7 @@ from email.mime.nonmultipart import MIMENonMultipart import edward_config -langs = ["de", "el", "en", "fr", "ja", "pt-br", "ro", "ru", "tr"] +langs = ["de", "el", "en", "es", "fr", "it", "ja", "pt-br", "ro", "ru", "tr", "zh"] """This list contains the abbreviated names of reply languages available to edward.""" @@ -92,8 +92,9 @@ class EddyMsg (object): 'payload_pieces' is a list of objects containing strings that when strung together form the fully-decoded string representation of the mime part. - The 'filename', 'content_type' and 'description_list' come from the mime - part parameters. + The 'filename', 'content_type', 'content_disposition' and + 'description_list' come from the mime part parameters. + """ multipart = False @@ -104,6 +105,7 @@ class EddyMsg (object): filename = None content_type = None + content_disposition = None description_list = None @@ -146,7 +148,11 @@ class GPGData (object): 'sigs' is a list of fingerprints of keys used to sign the data in plainobj. - 'sig_failure' is a boolean noting whether any signatures failed to verify. + 'sigkey_missing' is set to True if edward doesn't have the key it needs to + verify the signature on a block of text. + + 'key_cannot_encrypt' is set to True if pubkeys or sigs' keys in the payload + piece are not capable of encryption, are revoked or expired, for instance. 'keys' is a list of fingerprints of keys obtained in public key blocks. """ @@ -155,7 +161,8 @@ class GPGData (object): plainobj = None sigs = [] - sig_failure = False + sigkey_missing = False + key_cannot_encrypt = False keys = [] @@ -178,42 +185,55 @@ class ReplyInfo (object): unencrypted data; alternatively it may be a public key attached to the message. + 'encrypt_to_key' the key object to use when encrypting edward's reply + 'msg_to_quote' refers to the part of a message which edward should quote in his reply. This should remain as None if there was no encrypted and singed part. This is to avoid making edward a service for decrypting other people's messages to edward. - 'success_decrypt' is set to True if edward could decrypt part of the + 'decrypt_success' is set to True if edward could decrypt part of the message. - 'failed_decrypt' is set to True if edward failed to decrypt part of the - message. + 'sig_success' is set to True if edward could to some extent verify the + signature of a signed part of the message to edward. - 'publick_key_received' is set to True if edward successfully imported a - public key. + 'key_can_encrypt' is set to True if a key which can be encrypted to has + been found. - 'no_public_key' is set to True if edward doesn't have a key to encrypt to - when replying to the user. + 'sig_failure' is set to True if edward could not verify a siganture. - 'sig_success' is set to True if edward could to some extent verify the - signature of a signed part of the message to edward. + 'pubkey_success' is set to True if edward successfully imported a public + key. - 'sig_failure' is set to True if edward failed to some extent verify the - signature of a signed part of the message to edward. + 'sigkey_missing' is set to True if edward doesn't have the public key + needed for signature verification. + + 'key_cannot_encrypt' is set to True if pubkeys or sig's keys in a payload + piece of the message are not capable of encryption. + + 'have_repy_key' is set to True if edward has a public key to encrypt its + reply to. """ replies = None target_key = None fallback_target_key = None + encrypt_to_key = None msg_to_quote = "" - success_decrypt = False - failed_decrypt = False - public_key_received = False - no_public_key = False + decrypt_success = False sig_success = False + pubkey_success = False + key_can_encrypt = False + + decrypt_failure = False sig_failure = False + sigkey_missing = False + key_cannot_encrypt = False + + have_reply_key = False def main (): @@ -247,30 +267,35 @@ def main (): print_reply_only = handle_args() + email_bytes = sys.stdin.buffer.read() + + test_auto_reply(email_bytes) + gpgme_ctx = get_gpg_context(edward_config.gnupghome, edward_config.sign_with_key) - email_text = sys.stdin.read() - email_struct = parse_pgp_mime(email_text, gpgme_ctx) + # do this twice so sigs can be verified with newly imported keys + parse_pgp_mime(email_bytes, gpgme_ctx) + email_struct = parse_pgp_mime(email_bytes, gpgme_ctx) - email_to, email_from, email_subject = email_to_from_subject(email_text) + email_to, email_reply_to, email_subject = email_to_reply_to_subject(email_bytes) lang, reply_from = import_lang_pick_address(email_to, edward_config.hostname) replyinfo_obj = ReplyInfo() replyinfo_obj.replies = lang.replies prepare_for_reply(email_struct, replyinfo_obj) - encrypt_to_key = get_key_from_fp(replyinfo_obj, gpgme_ctx) + get_key_from_fp(replyinfo_obj, gpgme_ctx) reply_plaintext = write_reply(replyinfo_obj) - reply_mime = generate_encrypted_mime(reply_plaintext, email_from, \ - email_subject, encrypt_to_key, + reply_mime = generate_encrypted_mime(reply_plaintext, email_reply_to, reply_from, \ + email_subject, replyinfo_obj.encrypt_to_key, gpgme_ctx) if print_reply_only == True: print(reply_mime) else: - send_reply(reply_mime, email_subject, email_from, reply_from) + send_reply(reply_mime, email_reply_to, reply_from) def get_gpg_context (gnupghome, sign_with_key_fp): @@ -308,7 +333,7 @@ def get_gpg_context (gnupghome, sign_with_key_fp): return gpgme_ctx -def parse_pgp_mime (email_text, gpgme_ctx): +def parse_pgp_mime (email_bytes, gpgme_ctx): """Parses the email for mime payloads and decrypts/verfies signatures. This function creates a representation of a mime or plaintext email with @@ -317,7 +342,7 @@ def parse_pgp_mime (email_text, gpgme_ctx): does some very basic signature verification on those parts. Args: - email_text: an email message in string format + email_bytes: an email message in byte string format gpgme_ctx: a gpgme context Returns: @@ -328,7 +353,7 @@ def parse_pgp_mime (email_text, gpgme_ctx): imported payloads """ - email_struct = email.parser.Parser().parsestr(email_text) + email_struct = email.parser.BytesParser().parsebytes(email_bytes) eddymsg_obj = parse_mime(email_struct) split_payloads(eddymsg_obj) @@ -344,14 +369,14 @@ def parse_mime(msg_struct): each sub-part is also a EddyMsg instance. Args: - msg_struct: an email parsed with email.parser.Parser(), which can be + msg_struct: an email parsed with email.parser.BytesParser(), which can be multi-part Returns: an instance of EddyMsg, potentially a recursive one. """ - eddymsg_obj = EddyMsg() + eddymsg_obj = get_subpart_data(msg_struct) if msg_struct.is_multipart() == True: payloads = msg_struct.get_payload() @@ -359,9 +384,6 @@ def parse_mime(msg_struct): eddymsg_obj.multipart = True eddymsg_obj.subparts = list(map(parse_mime, payloads)) - else: - eddymsg_obj = get_subpart_data(msg_struct) - return eddymsg_obj @@ -389,8 +411,7 @@ def scan_and_split (payload_piece, match_name, pattern): return [payload_piece] flags = re.DOTALL | re.MULTILINE - matches = re.search("(?P.*?)(?P" + pattern + - ")(?P.*)", payload_piece.string, flags=flags) + matches = re.search(pattern, payload_piece.string, flags=flags) if matches == None: pieces = [payload_piece] @@ -398,15 +419,15 @@ def scan_and_split (payload_piece, match_name, pattern): else: beginning = PayloadPiece() - beginning.string = matches.group('beginning') + beginning.string = payload_piece.string[:matches.start()] beginning.piece_type = payload_piece.piece_type match = PayloadPiece() - match.string = matches.group('match') + match.string = payload_piece.string[matches.start():matches.end()] match.piece_type = match_name rest = PayloadPiece() - rest.string = matches.group('rest') + rest.string = payload_piece.string[matches.end():] rest.piece_type = payload_piece.piece_type more_pieces = scan_and_split(rest, match_name, pattern) @@ -416,32 +437,38 @@ def scan_and_split (payload_piece, match_name, pattern): def get_subpart_data (part): - """This function grabs information from a single part mime object. + """This function grabs information from a mime part. - It copies needed data from a single part email.parser.Parser() object over - to an EddyMsg object. + It copies needed data from an email.parser.BytesParser() object over to an + EddyMsg object. Args: - part: a non-multi-part mime.parser.Parser() object + part: an email.parser.BytesParser() object Returns: - a single-part EddyMsg() object + an EddyMsg() object """ - charset = part.get_content_charset() - mime_decoded_bytes = part.get_payload(decode=True) - obj = EddyMsg() - obj.payload_bytes = part.as_bytes() - obj.filename = part.get_filename() - obj.content_type = part.get_content_type() - obj.description_list = part['content-description'] + mime_decoded_bytes = part.get_payload(decode=True) + charset = part.get_content_charset() # your guess is as good as a-myy-ee-ine... if charset == None: charset = 'utf-8' + payload_string = part.as_string() + if payload_string != None: + # convert each isolated carriage return or line feed to carriage return + line feed + payload_string_crlf = re.sub(r'\n', '\r\n', re.sub(r'\r', '\n', re.sub(r'\r\n', '\n', payload_string))) + obj.payload_bytes = payload_string_crlf.encode(charset) + + obj.filename = part.get_filename() + obj.content_type = part.get_content_type() + obj.content_disposition = part['content-disposition'] + obj.description_list = part['content-description'] + if mime_decoded_bytes != None: try: payload = PayloadPiece() @@ -564,8 +591,9 @@ def gpg_on_payloads (eddymsg_obj, gpgme_ctx, prev_parts=[]): eddymsg_obj should have its payloads split into gpg and non-gpg pieces. Post: - Decryption, verification and key imports occur. the gpg_data member of - PayloadPiece objects get filled in with GPGData objects. + Decryption, verification and key imports occur. the gpg_data members of + PayloadPiece objects get filled in with GPGData objects with some of + their attributes set. """ if eddymsg_obj.multipart == True: @@ -583,43 +611,53 @@ def gpg_on_payloads (eddymsg_obj, gpgme_ctx, prev_parts=[]): pass elif piece.piece_type == TxtType.message: - (plaintext, sigs, sig_failure) = decrypt_block(piece.string, gpgme_ctx) + piece.gpg_data = GPGData() + + (plaintext_b, sigs, sigkey_missing, key_cannot_encrypt) = decrypt_block(piece.string, gpgme_ctx) - if plaintext: - piece.gpg_data = GPGData() + piece.gpg_data.sigkey_missing = sigkey_missing + piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt + + if plaintext_b: piece.gpg_data.decrypted = True piece.gpg_data.sigs = sigs - piece.gpg_data.sig_failure = sig_failure # recurse! - piece.gpg_data.plainobj = parse_pgp_mime(plaintext, gpgme_ctx) + piece.gpg_data.plainobj = parse_pgp_mime(plaintext_b, gpgme_ctx) continue # if not encrypted, check to see if this is an armored signature. - (plaintext, sigs, sig_failure) = verify_sig_message(piece.string, gpgme_ctx) + (plaintext_b, sigs, sigkey_missing, key_cannot_encrypt) = verify_sig_message(piece.string, gpgme_ctx) + + piece.gpg_data.sigkey_missing = sigkey_missing + piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt - if plaintext: + if plaintext_b: piece.piece_type = TxtType.signature - piece.gpg_data = GPGData() piece.gpg_data.sigs = sigs - piece.gpg_data.sig_failure = sig_failure # recurse! - piece.gpg_data.plainobj = parse_pgp_mime(plaintext, gpgme_ctx) + piece.gpg_data.plainobj = parse_pgp_mime(plaintext_b, gpgme_ctx) elif piece.piece_type == TxtType.pubkey: - key_fps = add_gpg_key(piece.string, gpgme_ctx) + piece.gpg_data = GPGData() + + (key_fps, key_cannot_encrypt) = add_gpg_key(piece.string, gpgme_ctx) + + piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt if key_fps != []: - piece.gpg_data = GPGData() piece.gpg_data.keys = key_fps elif piece.piece_type == TxtType.detachedsig: + piece.gpg_data = GPGData() + for prev in prev_parts: - (sig_fps, sig_failure) = verify_detached_signature(piece.string, prev.payload_bytes, gpgme_ctx) + (sig_fps, sigkey_missing, key_cannot_encrypt) = verify_detached_signature(piece.string, prev.payload_bytes, gpgme_ctx) + + piece.gpg_data.sigkey_missing = sigkey_missing + piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt if sig_fps != []: - piece.gpg_data = GPGData() piece.gpg_data.sigs = sig_fps - piece.gpg_data.sig_failure = sig_failure piece.gpg_data.plainobj = prev break @@ -703,7 +741,6 @@ def prepare_for_reply_message (piece, replyinfo_obj): piece: a PayloadPiece object. replyinfo_obj: object which gets updated with decryption status, etc. - Returns: Nothing @@ -711,31 +748,36 @@ def prepare_for_reply_message (piece, replyinfo_obj): the piece.payload_piece value should be TxtType.message. Post: - replyinfo_obj gets updated with decryption status, signing status and a - potential signing key. + replyinfo_obj gets updated with decryption status, signing status, a + potential signing key, posession status of the public key for the + signature and encryption capability status if that key is missing. """ - if piece.gpg_data == None: - replyinfo_obj.failed_decrypt = True + if piece.gpg_data.plainobj == None: + replyinfo_obj.decrypt_failure = True return - replyinfo_obj.success_decrypt = True + replyinfo_obj.decrypt_success = True # we already have a key (and a message) if replyinfo_obj.target_key != None: return - if piece.gpg_data.sigs != []: - replyinfo_obj.target_key = piece.gpg_data.sigs[0] - replyinfo_obj.sig_success = True - get_signed_part = False - else: - if piece.gpg_data.sig_failure == True: - replyinfo_obj.sig_failure = True + if piece.gpg_data.sigs == []: + if piece.gpg_data.sigkey_missing == True: + replyinfo_obj.sigkey_missing = True + + if piece.gpg_data.key_cannot_encrypt == True: + replyinfo_obj.key_cannot_encrypt = True # only include a signed message in the reply. get_signed_part = True + else: + replyinfo_obj.target_key = piece.gpg_data.sigs[0] + replyinfo_obj.sig_success = True + get_signed_part = False + flatten_decrypted_payloads(piece.gpg_data.plainobj, replyinfo_obj, get_signed_part) # to catch public keys in encrypted blocks @@ -758,10 +800,11 @@ def prepare_for_reply_pubkey (piece, replyinfo_obj): replyinfo_obj has its fields updated. """ - if piece.gpg_data == None or piece.gpg_data.keys == []: - replyinfo_obj.no_public_key = True + if piece.gpg_data.keys == []: + if piece.gpg_data.key_cannot_encrypt == True: + replyinfo_obj.key_cannot_encrypt = True else: - replyinfo_obj.public_key_received = True + replyinfo_obj.pubkey_success = True # prefer public key as a fallback for the encrypted reply replyinfo_obj.fallback_target_key = piece.gpg_data.keys[0] @@ -784,17 +827,25 @@ def prepare_for_reply_sig (piece, replyinfo_obj): replyinfo_obj has its fields updated. """ - if piece.gpg_data == None or piece.gpg_data.sigs == []: + if piece.gpg_data.sigs == []: replyinfo_obj.sig_failure = True + + if piece.gpg_data.sigkey_missing == True: + replyinfo_obj.sigkey_missing = True + + if piece.gpg_data.key_cannot_encrypt == True: + replyinfo_obj.key_cannot_encrypt = True + else: replyinfo_obj.sig_success = True - if piece.gpg_data.sig_failure == True: - replyinfo_obj.sig_failure = True - if replyinfo_obj.fallback_target_key == None: replyinfo_obj.fallback_target_key = piece.gpg_data.sigs[0] + if (piece.piece_type == TxtType.signature): + # to catch public keys in signature blocks + prepare_for_reply(piece.gpg_data.plainobj, replyinfo_obj) + def flatten_decrypted_payloads (eddymsg_obj, replyinfo_obj, get_signed_part): """For creating a string representation of a signed, encrypted part. @@ -839,28 +890,30 @@ def flatten_decrypted_payloads (eddymsg_obj, replyinfo_obj, get_signed_part): if (get_signed_part): if ((piece.piece_type == TxtType.detachedsig) \ or (piece.piece_type == TxtType.signature)) \ - and (piece.gpg_data != None): + and (piece.gpg_data != None) \ + and (piece.gpg_data.plainobj != None): flatten_decrypted_payloads(piece.gpg_data.plainobj, replyinfo_obj, False) replyinfo_obj.target_key = piece.gpg_data.sigs[0] break else: - if piece.piece_type == TxtType.text: + if (eddymsg_obj.content_disposition == None \ + or not eddymsg_obj.content_disposition.startswith("attachment")) \ + and piece.piece_type == TxtType.text: replyinfo_obj.msg_to_quote += piece.string def get_key_from_fp (replyinfo_obj, gpgme_ctx): """Obtains a public key object from a key fingerprint - If the .target_key is not set, then we use .fallback_target_key. + If the .target_key is not set, then we use .fallback_target_key, if + available. Args: replyinfo_obj: ReplyInfo instance gpgme_ctx: the gpgme context Return: - The key object of the key of either the target_key or the fallback one - if .target_key is not set. If the key cannot be loaded, then return - None. + Nothing Pre: Loading a key requires that we have the public key imported. This @@ -868,29 +921,30 @@ def get_key_from_fp (replyinfo_obj, gpgme_ctx): previously sent to edward. Post: - If the key cannot be loaded, then the replyinfo_obj is marked for - having no public key available. + If the key can be loaded, then replyinfo_obj.reply_to_key points to the + public key object. If the key cannot be loaded, then the replyinfo_obj + is marked as having no public key available. If the key is not capable + of encryption, it will not be used, and replyinfo_obj will be marked + accordingly. """ - if replyinfo_obj.target_key == None: - replyinfo_obj.target_key = replyinfo_obj.fallback_target_key + for key in (replyinfo_obj.target_key, replyinfo_obj.fallback_target_key): + if key != None: + try: + encrypt_to_key = gpgme_ctx.get_key(key) - if replyinfo_obj.target_key != None: - try: - encrypt_to_key = gpgme_ctx.get_key(replyinfo_obj.target_key) - return encrypt_to_key - - except gpgme.GpgmeError: - pass + except gpgme.GpgmeError: + continue - # no available key to use - replyinfo_obj.target_key = None - replyinfo_obj.fallback_target_key = None + if is_key_usable(encrypt_to_key): + replyinfo_obj.encrypt_to_key = encrypt_to_key + replyinfo_obj.have_reply_key = True + replyinfo_obj.key_can_encrypt = True + return - replyinfo_obj.no_public_key = True - replyinfo_obj.public_key_received = False + else: + replyinfo_obj.key_cannot_encrypt = True - return None def write_reply (replyinfo_obj): @@ -913,38 +967,69 @@ def write_reply (replyinfo_obj): reply_plain = "" - if replyinfo_obj.success_decrypt == True: - reply_plain += replyinfo_obj.replies['success_decrypt'] + if (replyinfo_obj.pubkey_success == True): + reply_plain += replyinfo_obj.replies['greeting'] + reply_plain += "\n\n" + - if replyinfo_obj.no_public_key == False: - quoted_text = email_quote_text(replyinfo_obj.msg_to_quote) - reply_plain += quoted_text + if replyinfo_obj.decrypt_success == True: + debug('decrypt success') + reply_plain += replyinfo_obj.replies['success_decrypt'] + reply_plain += "\n\n" - elif replyinfo_obj.failed_decrypt == True: + elif replyinfo_obj.decrypt_failure == True: + debug('decrypt failure') reply_plain += replyinfo_obj.replies['failed_decrypt'] + reply_plain += "\n\n" if replyinfo_obj.sig_success == True: - reply_plain += "\n\n" + debug('signature success') reply_plain += replyinfo_obj.replies['sig_success'] + reply_plain += "\n\n" elif replyinfo_obj.sig_failure == True: - reply_plain += "\n\n" + debug('signature failure') reply_plain += replyinfo_obj.replies['sig_failure'] + reply_plain += "\n\n" - if replyinfo_obj.public_key_received == True: - reply_plain += "\n\n" + if (replyinfo_obj.pubkey_success == True): + debug('public key received') reply_plain += replyinfo_obj.replies['public_key_received'] + reply_plain += "\n\n" - elif replyinfo_obj.no_public_key == True: + elif (replyinfo_obj.sigkey_missing == True): + debug('no public key') + reply_plain += replyinfo_obj.replies['no_public_key'] reply_plain += "\n\n" + + elif (replyinfo_obj.key_can_encrypt == False) \ + and (replyinfo_obj.key_cannot_encrypt == True): + debug('bad public key') reply_plain += replyinfo_obj.replies['no_public_key'] + reply_plain += "\n\n" + + + if (replyinfo_obj.decrypt_success == True) \ + and (replyinfo_obj.sig_success == True) \ + and (replyinfo_obj.have_reply_key == True): + debug('message quoted') + reply_plain += replyinfo_obj.replies['quote_follows'] + reply_plain += "\n\n" + quoted_text = email_quote_text(replyinfo_obj.msg_to_quote) + reply_plain += quoted_text + reply_plain += "\n\n" + + + if (reply_plain == ""): + debug('plaintext message') + reply_plain += replyinfo_obj.replies['failed_decrypt'] + reply_plain += "\n\n" - reply_plain += "\n\n" reply_plain += replyinfo_obj.replies['signature'] - reply_plain += "\n" + reply_plain += "\n\n" return reply_plain @@ -960,7 +1045,9 @@ def add_gpg_key (key_block, gpgme_ctx): gpgme_ctx: the gpgme context Returns: - the fingerprint(s) of the imported key(s) + the fingerprint(s) of the imported key(s) which can be used for + encryption, and a boolean marking whether none of the keys are capable + of encryption. """ fp = io.BytesIO(key_block.encode('ascii')) @@ -972,15 +1059,26 @@ def add_gpg_key (key_block, gpgme_ctx): imports = [] key_fingerprints = [] + key_cannot_encrypt = False + + for import_res in imports: + fingerprint = import_res[0] - if imports != []: - for import_ in imports: - fingerprint = import_[0] + try: + key_obj = gpgme_ctx.get_key(fingerprint) + except: + key_obj = None + + if key_obj != None and is_key_usable(key_obj): key_fingerprints += [fingerprint] + key_cannot_encrypt = False debug("added gpg key: " + fingerprint) - return key_fingerprints + elif key_fingerprints == []: + key_cannot_encrypt = True + + return (key_fingerprints, key_cannot_encrypt) def verify_sig_message (msg_block, gpgme_ctx): @@ -996,11 +1094,12 @@ def verify_sig_message (msg_block, gpgme_ctx): gpgme_ctx: the gpgme context Returns: - A tuple containing the plaintext of the signed part, the list of - fingerprints of keys signing the data, and a boolean marking whether - there were any invalid signatures. If verification failed, perhaps - because the message was also encrypted, then empty results are - returned. + A tuple containing the plaintext bytes of the signed part, the list of + fingerprints of encryption-capable keys signing the data, a boolean + marking whether edward is missing all public keys for validating any of + the signatures, and a boolean marking whether all sigs' keys are + incapable of encryption. If verification failed, perhaps because the + message was also encrypted, sensible default values are returned. """ block_b = io.BytesIO(msg_block.encode('ascii')) @@ -1009,19 +1108,13 @@ def verify_sig_message (msg_block, gpgme_ctx): try: sigs = gpgme_ctx.verify(block_b, None, plain_b) except gpgme.GpgmeError: - return ("",[],True) + return ("",[],False,False) - plaintext = plain_b.getvalue().decode('utf-8') + plaintext_b = plain_b.getvalue() - sig_failure = False - fingerprints = [] - for sig in sigs: - if (sig.summary & gpgme.SIGSUM_VALID != 0) or (sig.summary & gpgme.SIGSUM_GREEN != 0): - fingerprints += [sig.fpr] - else: - sig_failure = True + (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx) - return (plaintext, fingerprints, sig_failure) + return (plaintext_b, fingerprints, sigkey_missing, key_cannot_encrypt) def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx): @@ -1035,29 +1128,25 @@ def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx): gpgme_ctx: the gpgme context Returns: - A tuple containging a list of signing fingerprints if the signature - verification was sucessful, and a boolean noting whether there were any - failed signature validations. Otherwise, a tuple containing an empty - list and True are returned. + A tuple containging a list of encryption capable signing fingerprints + if the signature verification was sucessful, a boolean marking whether + edward is missing all public keys for validating any of the signatures, + and a boolean marking whether all signing keys are incapable of + encryption. Otherwise, a tuple containing an empty list and True are + returned. """ detached_sig_fp = io.BytesIO(detached_sig.encode('ascii')) plaintext_fp = io.BytesIO(plaintext_bytes) try: - result = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None) + sigs = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None) except gpgme.GpgmeError: - return ([],True) + return ([],False,False) - sig_failure = False - sig_fingerprints = [] - for res_ in result: - if (res_.summary & gpgme.SIGSUM_VALID != 0) or (res_.summary & gpgme.SIGSUM_GREEN != 0): - sig_fingerprints += [res_.fpr] - else: - sig_failure = True + (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx) - return (sig_fingerprints, sig_failure) + return (fingerprints, sigkey_missing, key_cannot_encrypt) def decrypt_block (msg_block, gpgme_ctx): @@ -1070,9 +1159,11 @@ def decrypt_block (msg_block, gpgme_ctx): gpgme_ctx: the gpgme context Returns: - A tuple containing plaintext, signatures (if the decryption and - signature verification were successful, respectively), and a boolean - noting whether there were signatures that could not be validated. + A tuple containing plaintext bytes, encryption-capable signatures (if + decryption and signature verification were successful, respectively), a + boolean marking whether edward is missing all public keys for + validating any of the signatures, and a boolean marking whether all + signature keys are incapable of encryption. """ block_b = io.BytesIO(msg_block.encode('ascii')) @@ -1081,40 +1172,129 @@ def decrypt_block (msg_block, gpgme_ctx): try: sigs = gpgme_ctx.decrypt_verify(block_b, plain_b) except gpgme.GpgmeError: - return ("",[],True) + return ("",[],False,False) + + plaintext_b = plain_b.getvalue() + + (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx) + + return (plaintext_b, fingerprints, sigkey_missing, key_cannot_encrypt) + - plaintext = plain_b.getvalue().decode('utf-8') +def get_signature_fp (sigs, gpgme_ctx): + """Selects valid signatures from output of gpgme signature verifying functions - sig_failure = False + get_signature_fp returns a list of valid signature fingerprints if those + fingerprints are associated with available keys capable of encryption. + + Args: + sigs: a signature verification result object list + gpgme_ctx: a gpgme context + + Returns: + fingerprints: a list of fingerprints + sigkey_missing: a boolean marking whether public keys are missing for + all available signatures. + key_cannot_encrypt: a boolearn marking whether available public keys are + incapable of encryption. + """ + + sigkey_missing = False + key_cannot_encrypt = False fingerprints = [] + for sig in sigs: - if (sig.summary & gpgme.SIGSUM_VALID != 0) or (sig.summary & gpgme.SIGSUM_GREEN != 0): - fingerprints += [sig.fpr] - else: - sig_failure = True + if (sig.summary == 0) or (sig.summary & gpgme.SIGSUM_VALID != 0) or (sig.summary & gpgme.SIGSUM_GREEN != 0): + try: + key_obj = gpgme_ctx.get_key(sig.fpr) + except: + if fingerprints == []: + sigkey_missing = True + continue - return (plaintext, fingerprints, sig_failure) + if is_key_usable(key_obj): + fingerprints += [sig.fpr] + key_cannot_encrypt = False + sigkey_missing = False + elif fingerprints == []: + key_cannot_encrypt = True -def email_to_from_subject (email_text): - """Returns the values of the email's To:, From: and Subject: fields + elif fingerprints == []: + if (sig.summary & gpgme.SIGSUM_KEY_MISSING != 0): + sigkey_missing = True + + return (fingerprints, sigkey_missing, key_cannot_encrypt) + + +def is_key_usable (key_obj): + """Returns boolean representing key usability regarding encryption + + Tests various feature of key and returns usability + + Args: + key_obj: a gpgme key object + + Returns: + A boolean representing key usability + """ + if key_obj.can_encrypt and not key_obj.invalid and not key_obj.expired \ + and not key_obj.revoked and not key_obj.disabled: + return True + else: + return False + + +def test_auto_reply (email_bytes): + """Test whether email is auto-generated + + If the email is autogenerated, edward quits without sending a response. + This is not a perfect test. Some auto-responses will go undetected. + + Args: + email_bytes: the byte string from of the email + + Returns: + Nothing, or exits the program + """ + + email_struct = email.parser.BytesHeaderParser().parsebytes(email_bytes) + + auto_submitted = email_struct['Auto-Submitted'] + + if auto_submitted == None or auto_submitted == "no" \ + or auto_submitted == "No": + + return + + debug("autoreply") + exit(0) + + +def email_to_reply_to_subject (email_bytes): + """Returns the email's To:, Reply-To: (or From:), and Subject: fields Returns this information from an email. Args: - email_text: the string form of the email + email_bytes: the byte string form of the email Returns: - the email To:, From:, and Subject: fields as strings + the email To:, Reply-To: (or From:), and Subject: fields as strings """ - email_struct = email.parser.Parser().parsestr(email_text) + email_struct = email.parser.BytesHeaderParser().parsebytes(email_bytes) email_to = email_struct['To'] email_from = email_struct['From'] + email_reply_to = email_struct['Reply-To'] + email_subject = email_struct['Subject'] - return email_to, email_from, email_subject + if email_reply_to == None: + email_reply_to = email_from + + return email_to, email_reply_to, email_subject def import_lang_pick_address(email_to, hostname): @@ -1154,8 +1334,8 @@ def import_lang_pick_address(email_to, hostname): return lang_module, reply_from -def generate_encrypted_mime (plaintext, email_to, email_subject, encrypt_to_key, - gpgme_ctx): +def generate_encrypted_mime (plaintext, email_to, email_from, email_subject, + encrypt_to_key, gpgme_ctx): """This function creates the mime email reply. It can encrypt the email. If the encrypt_key is included, then the email is encrypted and signed. @@ -1173,10 +1353,10 @@ def generate_encrypted_mime (plaintext, email_to, email_subject, encrypt_to_key, A string version of the mime message, possibly encrypted and signed. """ - if (encrypt_to_key != None): + plaintext_mime = MIMEText(plaintext) + plaintext_mime.set_charset('utf-8') - plaintext_mime = MIMEText(plaintext) - plaintext_mime.set_charset('utf-8') + if (encrypt_to_key != None): encrypted_text = encrypt_sign_message(plaintext_mime.as_string(), encrypt_to_key, @@ -1201,10 +1381,12 @@ def generate_encrypted_mime (plaintext, email_to, email_subject, encrypt_to_key, message_mime['Content-Disposition'] = 'inline' else: - message_mime = MIMEText(plaintext) - message_mime.set_charset('utf-8') + message_mime = plaintext_mime + + message_mime['Auto-Submitted'] = 'auto-replied' message_mime['To'] = email_to + message_mime['From'] = email_from message_mime['Subject'] = email_subject reply = message_mime.as_string() @@ -1212,18 +1394,27 @@ def generate_encrypted_mime (plaintext, email_to, email_subject, encrypt_to_key, return reply -def send_reply(email_txt, subject, reply_to, reply_from): +def send_reply(email_txt, reply_to, reply_from): + """Sends reply email - email_bytes = email_txt.encode('ascii') + Sent to original sender - p = subprocess.Popen(["/usr/sbin/sendmail", "-f", reply_from, "-F", "Edward, GPG Bot", "-i", reply_to], stdin=subprocess.PIPE) + Args: + email_txt: message as a string + reply_to: recipient of reply + reply_from: edward's specific email address - (stdout, stderr) = p.communicate(email_bytes) + Post: + Email is sent + """ + + if reply_to == None: + error("*** ERROR: No one to send email to.") + exit(1) - if stdout != None: - debug("sendmail stdout: " + str(stdout)) - if stderr != None: - error("sendmail stderr: " + str(stderr)) + s = smtplib.SMTP('localhost') + s.sendmail(reply_from, reply_to, email_txt) + s.quit() def email_quote_text (text):