projects / edward.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
proper email sending methodology
[edward.git] / edward
1 #! /usr/bin/env python3
2 # -*- coding: utf-8 -*-
3 """*********************************************************************
4 * Edward is free software: you can redistribute it and/or modify *
5 * it under the terms of the GNU Affero Public License as published by *
6 * the Free Software Foundation, either version 3 of the License, or *
7 * (at your option) any later version. *
8 * *
9 * Edward is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU Affero Public License for more details. *
13 * *
14 * You should have received a copy of the GNU Affero Public License *
15 * along with Edward. If not, see <http://www.gnu.org/licenses/>. *
16 * *
17 * Copyright (C) 2014-2015 Andrew Engelbrecht (AGPLv3+) *
18 * Copyright (C) 2014 Josh Drake (AGPLv3+) *
19 * Copyright (C) 2014 Lisa Marie Maginnis (AGPLv3+) *
20 * Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+) *
21 * Copyright (C) 2009 W. Trevor King <wking@drexel.edu> ( GPLv2+) *
22 * *
23 * Special thanks to Josh Drake for writing the original edward bot! :) *
24 * *
25 ************************************************************************
26
27 Code sourced from these projects:
28
29 * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/PREVIOUS-20150530/edward.tgz
30 * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
31 * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime
32 """
33
34 import re
35 import io
36 import os
37 import sys
38 import enum
39 import gpgme
40 import smtplib
41 import importlib
42
43 import email.parser
44 import email.message
45 import email.encoders
46
47 from email.mime.text import MIMEText
48 from email.mime.multipart import MIMEMultipart
49 from email.mime.application import MIMEApplication
50 from email.mime.nonmultipart import MIMENonMultipart
51
52 import edward_config
53
54 langs = ["de", "el", "en", "es", "fr", "it", "ja", "pt-br", "ro", "ru", "tr"]
55
56 """This list contains the abbreviated names of reply languages available to
57 edward."""
58
59 class TxtType (enum.Enum):
60 text = 0
61 message = 1
62 pubkey = 2
63 detachedsig = 3
64 signature = 4
65
66
67 match_pairs = [(TxtType.message,
68 '-----BEGIN PGP MESSAGE-----.*?-----END PGP MESSAGE-----'),
69 (TxtType.pubkey,
70 '-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----'),
71 (TxtType.detachedsig,
72 '-----BEGIN PGP SIGNATURE-----.*?-----END PGP SIGNATURE-----')]
73
74 """This list of tuples matches query names with re.search() queries used
75 to find GPG data for edward to process."""
76
77
78 class EddyMsg (object):
79 """
80 The EddyMsg class represents relevant parts of a mime message.
81
82 The represented message can be single-part or multi-part.
83
84 'multipart' is set to True if there are multiple mime parts.
85
86 'subparts' points to a list of mime sub-parts if it is a multi-part
87 message. Otherwise it points to an empty list.
88
89 'payload_bytes' is a binary representation of the mime part before header
90 removal and message decoding.
91
92 'payload_pieces' is a list of objects containing strings that when strung
93 together form the fully-decoded string representation of the mime part.
94
95 The 'filename', 'content_type' and 'description_list' come from the mime
96 part parameters.
97 """
98
99 multipart = False
100 subparts = []
101
102 payload_bytes = None
103 payload_pieces = []
104
105 filename = None
106 content_type = None
107 description_list = None
108
109
110 class PayloadPiece (object):
111 """
112 PayloadPiece represents a complte or sub-section of a mime part.
113
114 Instances of this class are often strung together within one or more arrays
115 pointed to by each instance of the EddyMsg class.
116
117 'piece_type' refers to an enum whose value describes the content of
118 'string'. Examples include TxtType.pubkey, for public keys, and
119 TxtType.message, for encrypted data (or armored signatures until they are
120 known to be such.) Some of the names derive from the header and footer of
121 each of these ascii-encoded gpg blocks.
122
123 'string' contains some string of text, such as non-GPG text, an encrypted
124 block of text, a signature, or a public key.
125
126 'gpg_data' points to any instances of GPGData that have been created based
127 on the contents of 'string'.
128 """
129
130 piece_type = None
131 string = None
132 gpg_data = None
133
134
135 class GPGData (object):
136 """
137 GPGData holds info from decryption, sig. verification, and/or pub. keys.
138
139 Instances of this class contain decrypted information, signature
140 fingerprints and/or fingerprints of processed and imported public keys.
141
142 'decrypted' is set to True if 'plainobj' was created from encrypted data.
143
144 'plainobj' points to any decrypted, or signed part of, a GPG signature. It
145 is intended to be an instance of the EddyMsg class.
146
147 'sigs' is a list of fingerprints of keys used to sign the data in plainobj.
148
149 'sigkey_missing' is set to True if edward doesn't have the key it needs to
150 verify the signature on a block of text.
151
152 'key_cannot_encrypt' is set to True if pubkeys or sigs' keys in the payload
153 piece are not capable of encryption, are revoked or expired, for instance.
154
155 'keys' is a list of fingerprints of keys obtained in public key blocks.
156 """
157
158 decrypted = False
159
160 plainobj = None
161 sigs = []
162 sigkey_missing = False
163 key_cannot_encrypt = False
164 keys = []
165
166
167 class ReplyInfo (object):
168 """
169 ReplyInfo contains details that edward uses in generating its reply.
170
171 Instances of this class contain information about whether a message was
172 successfully encrypted or signed, and whether a public key was attached, or
173 retrievable, from the local GPG store. It stores the fingerprints of
174 potential encryption key candidates and the message (if any at all) to
175 quote in edward's reply.
176
177 'replies' points one of the dictionaries of translated replies.
178
179 'target_key' refers to the fingerprint of a key used to sign encrypted
180 data. This is the preferred key, if it is set, and if is available.
181
182 'fallback_target_key' referst to the fingerprint of a key used to sign
183 unencrypted data; alternatively it may be a public key attached to the
184 message.
185
186 'encrypt_to_key' the key object to use when encrypting edward's reply
187
188 'msg_to_quote' refers to the part of a message which edward should quote in
189 his reply. This should remain as None if there was no encrypted and singed
190 part. This is to avoid making edward a service for decrypting other
191 people's messages to edward.
192
193 'decrypt_success' is set to True if edward could decrypt part of the
194 message.
195
196 'sig_success' is set to True if edward could to some extent verify the
197 signature of a signed part of the message to edward.
198
199 'key_can_encrypt' is set to True if a key which can be encrypted to has
200 been found.
201
202 'sig_failure' is set to True if edward could not verify a siganture.
203
204 'pubkey_success' is set to True if edward successfully imported a public
205 key.
206
207 'sigkey_missing' is set to True if edward doesn't have the public key
208 needed for signature verification.
209
210 'key_cannot_encrypt' is set to True if pubkeys or sig's keys in a payload
211 piece of the message are not capable of encryption.
212
213 'have_repy_key' is set to True if edward has a public key to encrypt its
214 reply to.
215 """
216
217 replies = None
218
219 target_key = None
220 fallback_target_key = None
221 encrypt_to_key = None
222 msg_to_quote = ""
223
224 decrypt_success = False
225 sig_success = False
226 pubkey_success = False
227 key_can_encrypt = False
228
229 decrypt_failure = False
230 sig_failure = False
231 sigkey_missing = False
232 key_cannot_encrypt = False
233
234 have_reply_key = False
235
236
237 def main ():
238
239 """
240 This is the main function for edward, a GPG reply bot.
241
242 Edward responds to GPG-encrypted and signed mail, encrypting and signing
243 the response if the user's public key is, or was, included in the message.
244
245 Args:
246 None
247
248 Returns:
249 Nothing
250
251 Pre:
252 Mime or plaintext email passing in through standard input. Portions of
253 the email may be encrypted. If the To: address contains the text
254 "edward-ja", then the reply will contain a reply written in the
255 Japanese language. There are other languages as well. The default
256 language is English.
257
258 Post:
259 A reply email will be printed to standard output. The contents of the
260 reply email depends on whether the original email was encrypted or not,
261 has or doesn't have a signature, whether a public key used in the
262 original message is provided or locally stored, and the language
263 implied by the To: address in the original email.
264 """
265
266 print_reply_only = handle_args()
267
268 gpgme_ctx = get_gpg_context(edward_config.gnupghome,
269 edward_config.sign_with_key)
270
271 email_bytes = sys.stdin.buffer.read()
272 email_struct = parse_pgp_mime(email_bytes, gpgme_ctx)
273
274 email_to, email_from, email_subject = email_to_from_subject(email_bytes)
275 lang, reply_from = import_lang_pick_address(email_to, edward_config.hostname)
276
277 replyinfo_obj = ReplyInfo()
278 replyinfo_obj.replies = lang.replies
279
280 prepare_for_reply(email_struct, replyinfo_obj)
281 get_key_from_fp(replyinfo_obj, gpgme_ctx)
282 reply_plaintext = write_reply(replyinfo_obj)
283
284 reply_mime = generate_encrypted_mime(reply_plaintext, email_from, \
285 email_subject, replyinfo_obj.encrypt_to_key,
286 gpgme_ctx)
287
288 if print_reply_only == True:
289 print(reply_mime)
290 else:
291 send_reply(reply_mime, email_subject, email_from, reply_from)
292
293
294 def get_gpg_context (gnupghome, sign_with_key_fp):
295 """
296 This function returns the GPG context needed for encryption and signing.
297
298 The context is needed by other functions which use GPG functionality.
299
300 Args:
301 gnupghome: The path to "~/.gnupg/" or its alternative.
302 sign_with_key: The fingerprint of the key to sign with
303
304 Returns:
305 A gpgme context to be used for GPG functions.
306
307 Post:
308 the 'armor' flag is set to True and the list of signing keys contains
309 the single specified key
310 """
311
312 os.environ['GNUPGHOME'] = gnupghome
313
314 gpgme_ctx = gpgme.Context()
315 gpgme_ctx.armor = True
316
317 try:
318 sign_with_key = gpgme_ctx.get_key(sign_with_key_fp)
319 except gpgme.GpgmeError:
320 error("unable to load signing key. is the gnupghome "
321 + "and signing key properly set in the edward_config.py?")
322 exit(1)
323
324 gpgme_ctx.signers = [sign_with_key]
325
326 return gpgme_ctx
327
328
329 def parse_pgp_mime (email_bytes, gpgme_ctx):
330 """Parses the email for mime payloads and decrypts/verfies signatures.
331
332 This function creates a representation of a mime or plaintext email with
333 the EddyMsg class. It then splits each mime payload into one or more pieces
334 which may be plain text or GPG data. It then decrypts encrypted parts and
335 does some very basic signature verification on those parts.
336
337 Args:
338 email_bytes: an email message in byte string format
339 gpgme_ctx: a gpgme context
340
341 Returns:
342 A message as an instance of EddyMsg
343
344 Post:
345 the returned EddyMsg instance has split, decrypted, verified and pubkey
346 imported payloads
347 """
348
349 email_struct = email.parser.BytesParser().parsebytes(email_bytes)
350
351 eddymsg_obj = parse_mime(email_struct)
352 split_payloads(eddymsg_obj)
353 gpg_on_payloads(eddymsg_obj, gpgme_ctx)
354
355 return eddymsg_obj
356
357
358 def parse_mime(msg_struct):
359 """Translates python's email.parser format into an EddyMsg format
360
361 If the message is multi-part, then a recursive object is created, where
362 each sub-part is also a EddyMsg instance.
363
364 Args:
365 msg_struct: an email parsed with email.parser.Parser(), which can be
366 multi-part
367
368 Returns:
369 an instance of EddyMsg, potentially a recursive one.
370 """
371
372 eddymsg_obj = get_subpart_data(msg_struct)
373
374 if msg_struct.is_multipart() == True:
375 payloads = msg_struct.get_payload()
376
377 eddymsg_obj.multipart = True
378 eddymsg_obj.subparts = list(map(parse_mime, payloads))
379
380 return eddymsg_obj
381
382
383 def scan_and_split (payload_piece, match_name, pattern):
384 """This splits the payloads of an EddyMsg object into GPG and text parts.
385
386 An EddyMsg object's payload_pieces starts off as a list containing a single
387 PayloadPiece object. This function returns a list of these objects which
388 have been split into GPG data and regular text, if such splits need to be/
389 can be made.
390
391 Args:
392 payload_piece: a single payload or a split part of a payload
393 match_name: the type of data to try to spit out from the payload piece
394 pattern: the search pattern to be used for finding that type of data
395
396 Returns:
397 a list of objects of the PayloadPiece class, in the order that the
398 string part of payload_piece originally was, broken up according to
399 matches specified by 'pattern'.
400 """
401
402 # don't try to re-split pieces containing gpg data
403 if payload_piece.piece_type != TxtType.text:
404 return [payload_piece]
405
406 flags = re.DOTALL | re.MULTILINE
407 matches = re.search("(?P<beginning>.*?)(?P<match>" + pattern +
408 ")(?P<rest>.*)", payload_piece.string, flags=flags)
409
410 if matches == None:
411 pieces = [payload_piece]
412
413 else:
414
415 beginning = PayloadPiece()
416 beginning.string = matches.group('beginning')
417 beginning.piece_type = payload_piece.piece_type
418
419 match = PayloadPiece()
420 match.string = matches.group('match')
421 match.piece_type = match_name
422
423 rest = PayloadPiece()
424 rest.string = matches.group('rest')
425 rest.piece_type = payload_piece.piece_type
426
427 more_pieces = scan_and_split(rest, match_name, pattern)
428 pieces = [beginning, match ] + more_pieces
429
430 return pieces
431
432
433 def get_subpart_data (part):
434 """This function grabs information from a mime part.
435
436 It copies needed data from a email.parser.Parser() object over to an
437 EddyMsg object.
438
439 Args:
440 part: a mime.parser.Parser() object
441
442 Returns:
443 an EddyMsg() object
444 """
445
446 obj = EddyMsg()
447
448 mime_decoded_bytes = part.get_payload(decode=True)
449 charset = part.get_content_charset()
450
451 # your guess is as good as a-myy-ee-ine...
452 if charset == None:
453 charset = 'utf-8'
454
455 payload_string = part.as_string()
456 if payload_string != None:
457 # convert each isolated carriage return or line feed to carriage return + line feed
458 payload_string_crlf = re.sub(r'\n', '\r\n', re.sub(r'\r', '\n', re.sub(r'\r\n', '\n', payload_string)))
459 obj.payload_bytes = payload_string_crlf.encode(charset)
460
461 obj.filename = part.get_filename()
462 obj.content_type = part.get_content_type()
463 obj.description_list = part['content-description']
464
465 if mime_decoded_bytes != None:
466 try:
467 payload = PayloadPiece()
468 payload.string = mime_decoded_bytes.decode(charset)
469 payload.piece_type = TxtType.text
470
471 obj.payload_pieces = [payload]
472 except UnicodeDecodeError:
473 pass
474
475 return obj
476
477
478 def do_to_eddys_pieces (function_to_do, eddymsg_obj, data):
479 """A function which maps another function onto a message's subparts.
480
481 This is a higer-order function which recursively performs a specified
482 function on each subpart of a multi-part message. Each single-part sub-part
483 has the function applied to it. This function also works if the part passed
484 in is single-part.
485
486 Args:
487 function_to_do: function to perform on sub-parts
488 eddymsg_obj: a single part or multi-part EddyMsg object
489 data: a second argument to pass to 'function_to_do'
490
491 Returns:
492 Nothing
493
494 Post:
495 The passed-in EddyMsg object is transformed recursively on its
496 sub-parts according to 'function_to_do'.
497 """
498
499 if eddymsg_obj.multipart == True:
500 for sub in eddymsg_obj.subparts:
501 do_to_eddys_pieces(function_to_do, sub, data)
502 else:
503 function_to_do(eddymsg_obj, data)
504
505
506 def split_payloads (eddymsg_obj):
507 """Splits all (sub-)payloads of a message into GPG data and regular text.
508
509 Recursively performs payload splitting on all sub-parts of an EddyMsg
510 object into the various GPG data types, such as GPG messages, public key
511 blocks and signed text.
512
513 Args:
514 eddymsg_obj: an instance of EddyMsg
515
516 Returns:
517 Nothing
518
519 Pre:
520 The EddyMsg object has payloads that are unsplit (by may be split)..
521
522 Post:
523 The EddyMsg object's payloads are all split into GPG and non-GPG parts.
524 """
525
526 for match_pair in match_pairs:
527 do_to_eddys_pieces(split_payload_pieces, eddymsg_obj, match_pair)
528
529
530 def split_payload_pieces (eddymsg_obj, match_pair):
531 """A helper function for split_payloads(); works on PayloadPiece objects.
532
533 This function splits up PayloadPiece objects into multipe PayloadPiece
534 objects and replaces the EddyMsg object's previous list of payload pieces
535 with the new split up one.
536
537 Args:
538 eddymsg_obj: a single-part EddyMsg object.
539 match_pair: a tuple from the match_pairs list, which specifies a match
540 name and a match pattern.
541
542 Returns:
543 Nothing
544
545 Pre:
546 The payload piece(s) of an EddyMsg object may be already split or
547 unsplit.
548
549 Post:
550 The EddyMsg object's payload piece(s) are split into a list of pieces
551 if matches of the match_pair are found.
552 """
553
554 (match_name, pattern) = match_pair
555
556 new_pieces_list = []
557 for piece in eddymsg_obj.payload_pieces:
558 new_pieces_list += scan_and_split(piece, match_name, pattern)
559
560 eddymsg_obj.payload_pieces = new_pieces_list
561
562
563 def gpg_on_payloads (eddymsg_obj, gpgme_ctx, prev_parts=[]):
564 """Performs GPG operations on the GPG parts of the message
565
566 This function decrypts text, verifies signatures, and imports public keys
567 included in an email.
568
569 Args:
570 eddymsg_obj: an EddyMsg object with its payload_pieces split into GPG
571 and non-GPG sections by split_payloads()
572 gpgme_ctx: a gpgme context
573
574 prev_parts: a list of mime parts that occur before the eddymsg_obj
575 part, under the same multi-part mime part. This is used for
576 verifying detached signatures. For the root mime part, this should
577 be an empty list, which is the default value if this paramater is
578 omitted.
579
580 Return:
581 Nothing
582
583 Pre:
584 eddymsg_obj should have its payloads split into gpg and non-gpg pieces.
585
586 Post:
587 Decryption, verification and key imports occur. the gpg_data members of
588 PayloadPiece objects get filled in with GPGData objects with some of
589 their attributes set.
590 """
591
592 if eddymsg_obj.multipart == True:
593 prev_parts=[]
594 for sub in eddymsg_obj.subparts:
595 gpg_on_payloads (sub, gpgme_ctx, prev_parts)
596 prev_parts += [sub]
597
598 return
599
600 for piece in eddymsg_obj.payload_pieces:
601
602 if piece.piece_type == TxtType.text:
603 # don't transform the plaintext.
604 pass
605
606 elif piece.piece_type == TxtType.message:
607 piece.gpg_data = GPGData()
608
609 (plaintext_b, sigs, sigkey_missing, key_cannot_encrypt) = decrypt_block(piece.string, gpgme_ctx)
610
611 piece.gpg_data.sigkey_missing = sigkey_missing
612 piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt
613
614 if plaintext_b:
615 piece.gpg_data.decrypted = True
616 piece.gpg_data.sigs = sigs
617 # recurse!
618 piece.gpg_data.plainobj = parse_pgp_mime(plaintext_b, gpgme_ctx)
619 continue
620
621 # if not encrypted, check to see if this is an armored signature.
622 (plaintext_b, sigs, sigkey_missing, key_cannot_encrypt) = verify_sig_message(piece.string, gpgme_ctx)
623
624 piece.gpg_data.sigkey_missing = sigkey_missing
625 piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt
626
627 if plaintext_b:
628 piece.piece_type = TxtType.signature
629 piece.gpg_data.sigs = sigs
630 # recurse!
631 piece.gpg_data.plainobj = parse_pgp_mime(plaintext_b, gpgme_ctx)
632
633 elif piece.piece_type == TxtType.pubkey:
634 piece.gpg_data = GPGData()
635
636 (key_fps, key_cannot_encrypt) = add_gpg_key(piece.string, gpgme_ctx)
637
638 piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt
639
640 if key_fps != []:
641 piece.gpg_data.keys = key_fps
642
643 elif piece.piece_type == TxtType.detachedsig:
644 piece.gpg_data = GPGData()
645
646 for prev in prev_parts:
647 (sig_fps, sigkey_missing, key_cannot_encrypt) = verify_detached_signature(piece.string, prev.payload_bytes, gpgme_ctx)
648
649 piece.gpg_data.sigkey_missing = sigkey_missing
650 piece.gpg_data.key_cannot_encrypt = key_cannot_encrypt
651
652 if sig_fps != []:
653 piece.gpg_data.sigs = sig_fps
654 piece.gpg_data.plainobj = prev
655 break
656
657 else:
658 pass
659
660
661 def prepare_for_reply (eddymsg_obj, replyinfo_obj):
662 """Updates replyinfo_obj with info on the message's GPG success/failures
663
664 This function marks replyinfo_obj with information about whether encrypted
665 text in eddymsg_obj was successfully decrypted, signatures were verified
666 and whether a public key was found or not.
667
668 Args:
669 eddymsg_obj: a message in the EddyMsg format
670 replyinfo_obj: an instance of ReplyInfo
671
672 Returns:
673 Nothing
674
675 Pre:
676 eddymsg_obj has had its gpg_data created by gpg_on_payloads
677
678 Post:
679 replyinfo_obj has been updated with info about decryption/sig
680 verififcation status, etc. However the desired key isn't imported until
681 later, so the success or failure of that updates the values set here.
682 """
683
684 do_to_eddys_pieces(prepare_for_reply_pieces, eddymsg_obj, replyinfo_obj)
685
686 def prepare_for_reply_pieces (eddymsg_obj, replyinfo_obj):
687 """A helper function for prepare_for_reply
688
689 It updates replyinfo_obj with GPG success/failure information, when
690 supplied a single-part EddyMsg object.
691
692 Args:
693 eddymsg_obj: a single-part message in the EddyMsg format
694 replyinfo_obj: an object which holds information about the message's
695 GPG status
696
697 Returns:
698 Nothing
699
700 Pre:
701 eddymsg_obj is a single-part message. (it may be a part of a multi-part
702 message.) It has had its gpg_data created by gpg_on_payloads if it has
703 gpg data.
704
705 Post:
706 replyinfo_obj has been updated with gpg success/failure information
707 """
708
709 for piece in eddymsg_obj.payload_pieces:
710 if piece.piece_type == TxtType.text:
711 # don't quote the plaintext part.
712 pass
713
714 elif piece.piece_type == TxtType.message:
715 prepare_for_reply_message(piece, replyinfo_obj)
716
717 elif piece.piece_type == TxtType.pubkey:
718 prepare_for_reply_pubkey(piece, replyinfo_obj)
719
720 elif (piece.piece_type == TxtType.detachedsig) \
721 or (piece.piece_type == TxtType.signature):
722 prepare_for_reply_sig(piece, replyinfo_obj)
723
724
725 def prepare_for_reply_message (piece, replyinfo_obj):
726 """Helper function for prepare_for_reply()
727
728 This function is called when the piece_type of a payload piece is
729 TxtType.message, or GPG Message block. This should be encrypted text. If
730 the encryted block is correclty signed, a sig will be attached to
731 .target_key unless there is already one there.
732
733 Args:
734 piece: a PayloadPiece object.
735 replyinfo_obj: object which gets updated with decryption status, etc.
736
737 Returns:
738 Nothing
739
740 Pre:
741 the piece.payload_piece value should be TxtType.message.
742
743 Post:
744 replyinfo_obj gets updated with decryption status, signing status, a
745 potential signing key, posession status of the public key for the
746 signature and encryption capability status if that key is missing.
747 """
748
749 if piece.gpg_data.plainobj == None:
750 replyinfo_obj.decrypt_failure = True
751 return
752
753 replyinfo_obj.decrypt_success = True
754
755 # we already have a key (and a message)
756 if replyinfo_obj.target_key != None:
757 return
758
759 if piece.gpg_data.sigs == []:
760 if piece.gpg_data.sigkey_missing == True:
761 replyinfo_obj.sigkey_missing = True
762
763 if piece.gpg_data.key_cannot_encrypt == True:
764 replyinfo_obj.key_cannot_encrypt = True
765
766 # only include a signed message in the reply.
767 get_signed_part = True
768
769 else:
770 replyinfo_obj.target_key = piece.gpg_data.sigs[0]
771 replyinfo_obj.sig_success = True
772 get_signed_part = False
773
774 flatten_decrypted_payloads(piece.gpg_data.plainobj, replyinfo_obj, get_signed_part)
775
776 # to catch public keys in encrypted blocks
777 prepare_for_reply(piece.gpg_data.plainobj, replyinfo_obj)
778
779
780 def prepare_for_reply_pubkey (piece, replyinfo_obj):
781 """Helper function for prepare_for_reply(). Marks pubkey import status.
782
783 Marks replyinfo_obj with pub key import status.
784
785 Args:
786 piece: a PayloadPiece object
787 replyinfo_obj: a ReplyInfo object
788
789 Pre:
790 piece.piece_type should be set to TxtType.pubkey .
791
792 Post:
793 replyinfo_obj has its fields updated.
794 """
795
796 if piece.gpg_data.keys == []:
797 if piece.gpg_data.key_cannot_encrypt == True:
798 replyinfo_obj.key_cannot_encrypt = True
799 else:
800 replyinfo_obj.pubkey_success = True
801
802 # prefer public key as a fallback for the encrypted reply
803 replyinfo_obj.fallback_target_key = piece.gpg_data.keys[0]
804
805
806 def prepare_for_reply_sig (piece, replyinfo_obj):
807 """Helper function for prepare_for_reply(). Marks sig verification status.
808
809 Marks replyinfo_obj with signature verification status.
810
811 Args:
812 piece: a PayloadPiece object
813 replyinfo_obj: a ReplyInfo object
814
815 Pre:
816 piece.piece_type should be set to TxtType.signature, or
817 TxtType.detachedsig .
818
819 Post:
820 replyinfo_obj has its fields updated.
821 """
822
823 if piece.gpg_data.sigs == []:
824 replyinfo_obj.sig_failure = True
825
826 if piece.gpg_data.sigkey_missing == True:
827 replyinfo_obj.sigkey_missing = True
828
829 if piece.gpg_data.key_cannot_encrypt == True:
830 replyinfo_obj.key_cannot_encrypt = True
831
832 else:
833 replyinfo_obj.sig_success = True
834
835 if replyinfo_obj.fallback_target_key == None:
836 replyinfo_obj.fallback_target_key = piece.gpg_data.sigs[0]
837
838 if (piece.piece_type == TxtType.signature):
839 # to catch public keys in signature blocks
840 prepare_for_reply(piece.gpg_data.plainobj, replyinfo_obj)
841
842
843 def flatten_decrypted_payloads (eddymsg_obj, replyinfo_obj, get_signed_part):
844 """For creating a string representation of a signed, encrypted part.
845
846 When given a decrypted payload, it will add either the plaintext or signed
847 plaintext to the reply message, depeding on 'get_signed_part'. This is
848 useful for ensuring that the reply message only comes from a signed and
849 ecrypted GPG message. It also sets the target_key for encrypting the reply
850 if it's told to get signed text only.
851
852 Args:
853 eddymsg_obj: the message in EddyMsg format created by decrypting GPG
854 text
855 replyinfo_obj: a ReplyInfo object for holding the message to quote and
856 the target_key to encrypt to.
857 get_signed_part: True if we should only include text that contains a
858 further signature. If False, then include plain text.
859
860 Returns:
861 Nothing
862
863 Pre:
864 The EddyMsg instance passed in should be a piece.gpg_data.plainobj
865 which represents decrypted text. It may or may not be signed on that
866 level.
867
868 Post:
869 the ReplyInfo instance may have a new 'target_key' set and its
870 'msg_to_quote' will be updated with (possibly signed) plaintext, if any
871 could be found.
872 """
873
874 if eddymsg_obj == None:
875 return
876
877 # recurse on multi-part mime
878 if eddymsg_obj.multipart == True:
879 for sub in eddymsg_obj.subparts:
880 flatten_decrypted_payloads(sub, replyinfo_obj, get_signed_part)
881
882 for piece in eddymsg_obj.payload_pieces:
883 if (get_signed_part):
884 if ((piece.piece_type == TxtType.detachedsig) \
885 or (piece.piece_type == TxtType.signature)) \
886 and (piece.gpg_data != None) \
887 and (piece.gpg_data.plainobj != None):
888 flatten_decrypted_payloads(piece.gpg_data.plainobj, replyinfo_obj, False)
889 replyinfo_obj.target_key = piece.gpg_data.sigs[0]
890 break
891 else:
892 if piece.piece_type == TxtType.text:
893 replyinfo_obj.msg_to_quote += piece.string
894
895
896 def get_key_from_fp (replyinfo_obj, gpgme_ctx):
897 """Obtains a public key object from a key fingerprint
898
899 If the .target_key is not set, then we use .fallback_target_key, if
900 available.
901
902 Args:
903 replyinfo_obj: ReplyInfo instance
904 gpgme_ctx: the gpgme context
905
906 Return:
907 Nothing
908
909 Pre:
910 Loading a key requires that we have the public key imported. This
911 requires that they email contains the pub key block, or that it was
912 previously sent to edward.
913
914 Post:
915 If the key can be loaded, then replyinfo_obj.reply_to_key points to the
916 public key object. If the key cannot be loaded, then the replyinfo_obj
917 is marked as having no public key available. If the key is not capable
918 of encryption, it will not be used, and replyinfo_obj will be marked
919 accordingly.
920 """
921
922 for key in (replyinfo_obj.target_key, replyinfo_obj.fallback_target_key):
923 if key != None:
924 try:
925 encrypt_to_key = gpgme_ctx.get_key(key)
926
927 except gpgme.GpgmeError:
928 continue
929
930 if is_key_usable(encrypt_to_key):
931 replyinfo_obj.encrypt_to_key = encrypt_to_key
932 replyinfo_obj.have_reply_key = True
933 replyinfo_obj.key_can_encrypt = True
934 return
935
936 else:
937 replyinfo_obj.key_cannot_encrypt = True
938
939
940
941 def write_reply (replyinfo_obj):
942 """Write the reply email body about the GPG successes/failures.
943
944 The reply is about whether decryption, sig verification and key
945 import/loading was successful or failed. If text was successfully decrypted
946 and verified, then the first instance of such text will be included in
947 quoted form.
948
949 Args:
950 replyinfo_obj: contains details of GPG processing status
951
952 Returns:
953 the plaintext message to be sent to the user
954
955 Pre:
956 replyinfo_obj should be populated with info about GPG processing status.
957 """
958
959 reply_plain = ""
960
961 if (replyinfo_obj.pubkey_success == True):
962 reply_plain += replyinfo_obj.replies['greeting']
963 reply_plain += "\n\n"
964
965
966 if replyinfo_obj.decrypt_success == True:
967 debug('decrypt success')
968 reply_plain += replyinfo_obj.replies['success_decrypt']
969
970 if (replyinfo_obj.sig_success == True) and (replyinfo_obj.have_reply_key == True):
971 debug('message quoted')
972 reply_plain += replyinfo_obj.replies['space']
973 reply_plain += replyinfo_obj.replies['quote_follows']
974 reply_plain += "\n\n"
975 quoted_text = email_quote_text(replyinfo_obj.msg_to_quote)
976 reply_plain += quoted_text
977
978 reply_plain += "\n\n"
979
980 elif replyinfo_obj.decrypt_failure == True:
981 debug('decrypt failure')
982 reply_plain += replyinfo_obj.replies['failed_decrypt']
983 reply_plain += "\n\n"
984
985
986 if replyinfo_obj.sig_success == True:
987 debug('signature success')
988 reply_plain += replyinfo_obj.replies['sig_success']
989 reply_plain += "\n\n"
990
991 elif replyinfo_obj.sig_failure == True:
992 debug('signature failure')
993 reply_plain += replyinfo_obj.replies['sig_failure']
994 reply_plain += "\n\n"
995
996
997 if (replyinfo_obj.pubkey_success == True):
998 debug('public key received')
999 reply_plain += replyinfo_obj.replies['public_key_received']
1000 reply_plain += "\n\n"
1001
1002 elif (replyinfo_obj.sigkey_missing == True):
1003 debug('no public key')
1004 reply_plain += replyinfo_obj.replies['no_public_key']
1005 reply_plain += "\n\n"
1006
1007 elif (replyinfo_obj.key_can_encrypt == False) \
1008 and (replyinfo_obj.key_cannot_encrypt == True):
1009 debug('bad public key')
1010 reply_plain += replyinfo_obj.replies['no_public_key']
1011 reply_plain += "\n\n"
1012
1013
1014 if (reply_plain == ""):
1015 debug('plaintext message')
1016 reply_plain += replyinfo_obj.replies['failed_decrypt']
1017 reply_plain += "\n\n"
1018
1019
1020 reply_plain += replyinfo_obj.replies['signature']
1021 reply_plain += "\n\n"
1022
1023 return reply_plain
1024
1025
1026 def add_gpg_key (key_block, gpgme_ctx):
1027 """Adds a GPG pubkey to the local keystore
1028
1029 This adds keys received through email into the key store so they can be
1030 used later.
1031
1032 Args:
1033 key_block: the string form of the ascii-armored public key block
1034 gpgme_ctx: the gpgme context
1035
1036 Returns:
1037 the fingerprint(s) of the imported key(s) which can be used for
1038 encryption, and a boolean marking whether none of the keys are capable
1039 of encryption.
1040 """
1041
1042 fp = io.BytesIO(key_block.encode('ascii'))
1043
1044 try:
1045 result = gpgme_ctx.import_(fp)
1046 imports = result.imports
1047 except gpgme.GpgmeError:
1048 imports = []
1049
1050 key_fingerprints = []
1051 key_cannot_encrypt = False
1052
1053 for import_res in imports:
1054 fingerprint = import_res[0]
1055
1056 try:
1057 key_obj = gpgme_ctx.get_key(fingerprint)
1058 except:
1059 pass
1060
1061 if is_key_usable(key_obj):
1062 key_fingerprints += [fingerprint]
1063 key_cannot_encrypt = False
1064
1065 debug("added gpg key: " + fingerprint)
1066
1067 elif key_fingerprints == []:
1068 key_cannot_encrypt = True
1069
1070 return (key_fingerprints, key_cannot_encrypt)
1071
1072
1073 def verify_sig_message (msg_block, gpgme_ctx):
1074 """Verifies the signature of a signed, ascii-armored block of text.
1075
1076 It encodes the string into ascii, since binary GPG files are currently
1077 unsupported, and alternative, the ascii-armored format is encodable into
1078 ascii.
1079
1080 Args:
1081 msg_block: a GPG Message block in string form. It may be encrypted or
1082 not. If it is encrypted, it will return empty results.
1083 gpgme_ctx: the gpgme context
1084
1085 Returns:
1086 A tuple containing the plaintext bytes of the signed part, the list of
1087 fingerprints of encryption-capable keys signing the data, a boolean
1088 marking whether edward is missing all public keys for validating any of
1089 the signatures, and a boolean marking whether all sigs' keys are
1090 incapable of encryption. If verification failed, perhaps because the
1091 message was also encrypted, sensible default values are returned.
1092 """
1093
1094 block_b = io.BytesIO(msg_block.encode('ascii'))
1095 plain_b = io.BytesIO()
1096
1097 try:
1098 sigs = gpgme_ctx.verify(block_b, None, plain_b)
1099 except gpgme.GpgmeError:
1100 return ("",[],False,False)
1101
1102 plaintext_b = plain_b.getvalue()
1103
1104 (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx)
1105
1106 return (plaintext_b, fingerprints, sigkey_missing, key_cannot_encrypt)
1107
1108
1109 def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx):
1110 """Verifies the signature of a detached signature.
1111
1112 This requires the signature part and the signed part as separate arguments.
1113
1114 Args:
1115 detached_sig: the signature part of the detached signature
1116 plaintext_bytes: the byte form of the message being signed.
1117 gpgme_ctx: the gpgme context
1118
1119 Returns:
1120 A tuple containging a list of encryption capable signing fingerprints
1121 if the signature verification was sucessful, a boolean marking whether
1122 edward is missing all public keys for validating any of the signatures,
1123 and a boolean marking whether all signing keys are incapable of
1124 encryption. Otherwise, a tuple containing an empty list and True are
1125 returned.
1126 """
1127
1128 detached_sig_fp = io.BytesIO(detached_sig.encode('ascii'))
1129 plaintext_fp = io.BytesIO(plaintext_bytes)
1130
1131 try:
1132 sigs = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None)
1133 except gpgme.GpgmeError:
1134 return ([],False,False)
1135
1136 (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx)
1137
1138 return (fingerprints, sigkey_missing, key_cannot_encrypt)
1139
1140
1141 def decrypt_block (msg_block, gpgme_ctx):
1142 """Decrypts a block of GPG text and verifies any included sigatures.
1143
1144 Some encypted messages have embeded signatures, so those are verified too.
1145
1146 Args:
1147 msg_block: the encrypted(/signed) text
1148 gpgme_ctx: the gpgme context
1149
1150 Returns:
1151 A tuple containing plaintext bytes, encryption-capable signatures (if
1152 decryption and signature verification were successful, respectively), a
1153 boolean marking whether edward is missing all public keys for
1154 validating any of the signatures, and a boolean marking whether all
1155 signature keys are incapable of encryption.
1156 """
1157
1158 block_b = io.BytesIO(msg_block.encode('ascii'))
1159 plain_b = io.BytesIO()
1160
1161 try:
1162 sigs = gpgme_ctx.decrypt_verify(block_b, plain_b)
1163 except gpgme.GpgmeError:
1164 return ("",[],False,False)
1165
1166 plaintext_b = plain_b.getvalue()
1167
1168 (fingerprints, sigkey_missing, key_cannot_encrypt) = get_signature_fp(sigs, gpgme_ctx)
1169
1170 return (plaintext_b, fingerprints, sigkey_missing, key_cannot_encrypt)
1171
1172
1173 def get_signature_fp (sigs, gpgme_ctx):
1174 """Selects valid signatures from output of gpgme signature verifying functions
1175
1176 get_signature_fp returns a list of valid signature fingerprints if those
1177 fingerprints are associated with available keys capable of encryption.
1178
1179 Args:
1180 sigs: a signature verification result object list
1181 gpgme_ctx: a gpgme context
1182
1183 Returns:
1184 fingerprints: a list of fingerprints
1185 sigkey_missing: a boolean marking whether public keys are missing for
1186 all available signatures.
1187 key_cannot_encrypt: a boolearn marking whether available public keys are
1188 incapable of encryption.
1189 """
1190
1191 sigkey_missing = False
1192 key_cannot_encrypt = False
1193 fingerprints = []
1194
1195 for sig in sigs:
1196 if (sig.summary == 0) or (sig.summary & gpgme.SIGSUM_VALID != 0) or (sig.summary & gpgme.SIGSUM_GREEN != 0):
1197 try:
1198 key_obj = gpgme_ctx.get_key(sig.fpr)
1199 except:
1200 if fingerprints == []:
1201 sigkey_missing = True
1202 continue
1203
1204 if is_key_usable(key_obj):
1205 fingerprints += [sig.fpr]
1206 key_cannot_encrypt = False
1207 sigkey_missing = False
1208
1209 elif fingerprints == []:
1210 key_cannot_encrypt = True
1211
1212 elif fingerprints == []:
1213 if (sig.summary & gpgme.SIGSUM_KEY_MISSING != 0):
1214 sigkey_missing = True
1215
1216 return (fingerprints, sigkey_missing, key_cannot_encrypt)
1217
1218
1219 def is_key_usable (key_obj):
1220 """Returns boolean representing key usability regarding encryption
1221
1222 Tests various feature of key and returns usability
1223
1224 Args:
1225 key_obj: a gpgme key object
1226
1227 Returns:
1228 A boolean representing key usability
1229 """
1230 if key_obj.can_encrypt and not key_obj.invalid and not key_obj.expired \
1231 and not key_obj.revoked and not key_obj.disabled:
1232 return True
1233 else:
1234 return False
1235
1236
1237 def email_to_from_subject (email_bytes):
1238 """Returns the values of the email's To:, From: and Subject: fields
1239
1240 Returns this information from an email.
1241
1242 Args:
1243 email_bytes: the byte string form of the email
1244
1245 Returns:
1246 the email To:, From:, and Subject: fields as strings
1247 """
1248
1249 email_struct = email.parser.BytesParser().parsebytes(email_bytes)
1250
1251 email_to = email_struct['To']
1252 email_from = email_struct['From']
1253 email_subject = email_struct['Subject']
1254
1255 return email_to, email_from, email_subject
1256
1257
1258 def import_lang_pick_address(email_to, hostname):
1259 """Imports language file for i18n support; makes reply from address
1260
1261 The language imported depends on the To: address of the email received by
1262 edward. an -en ending implies the English language, whereas a -ja ending
1263 implies Japanese. The list of supported languages is listed in the 'langs'
1264 list at the beginning of the program. This function also chooses the
1265 language-dependent address which can be used as the From address in the
1266 reply email.
1267
1268 Args:
1269 email_to: the string containing the email address that the mail was
1270 sent to.
1271 hostname: the hostname part of the reply email's from address
1272
1273 Returns:
1274 the reference to the imported language module. The only variable in
1275 this file is the 'replies' dictionary.
1276 """
1277
1278 # default
1279 use_lang = "en"
1280
1281 if email_to != None:
1282 for lang in langs:
1283 if "edward-" + lang in email_to:
1284 use_lang = lang
1285 break
1286
1287 lang_mod_name = "lang." + re.sub('-', '_', use_lang)
1288 lang_module = importlib.import_module(lang_mod_name)
1289
1290 reply_from = "edward-" + use_lang + "@" + hostname
1291
1292 return lang_module, reply_from
1293
1294
1295 def generate_encrypted_mime (plaintext, email_to, email_subject, encrypt_to_key,
1296 gpgme_ctx):
1297 """This function creates the mime email reply. It can encrypt the email.
1298
1299 If the encrypt_key is included, then the email is encrypted and signed.
1300 Otherwise it is unencrypted.
1301
1302 Args:
1303 plaintext: the plaintext body of the message to create.
1304 email_to: the email address to reply to
1305 email_subject: the subject to use in reply
1306 encrypt_to_key: the key object to use for encrypting the email. (or
1307 None)
1308 gpgme_ctx: the gpgme context
1309
1310 Returns
1311 A string version of the mime message, possibly encrypted and signed.
1312 """
1313
1314 plaintext_mime = MIMEText(plaintext)
1315 plaintext_mime.set_charset('utf-8')
1316
1317 if (encrypt_to_key != None):
1318
1319 encrypted_text = encrypt_sign_message(plaintext_mime.as_string(),
1320 encrypt_to_key,
1321 gpgme_ctx)
1322
1323 control_mime = MIMEApplication("Version: 1",
1324 _subtype='pgp-encrypted',
1325 _encoder=email.encoders.encode_7or8bit)
1326 control_mime['Content-Description'] = 'PGP/MIME version identification'
1327 control_mime.set_charset('us-ascii')
1328
1329 encoded_mime = MIMEApplication(encrypted_text,
1330 _subtype='octet-stream; name="encrypted.asc"',
1331 _encoder=email.encoders.encode_7or8bit)
1332 encoded_mime['Content-Description'] = 'OpenPGP encrypted message'
1333 encoded_mime['Content-Disposition'] = 'inline; filename="encrypted.asc"'
1334 encoded_mime.set_charset('us-ascii')
1335
1336 message_mime = MIMEMultipart(_subtype="encrypted", protocol="application/pgp-encrypted")
1337 message_mime.attach(control_mime)
1338 message_mime.attach(encoded_mime)
1339 message_mime['Content-Disposition'] = 'inline'
1340
1341 else:
1342 message_mime = plaintext_mime
1343
1344 message_mime['To'] = email_to
1345 message_mime['Subject'] = email_subject
1346
1347 reply = message_mime.as_string()
1348
1349 return reply
1350
1351
1352 def send_reply(email_txt, subject, reply_to, reply_from):
1353
1354 s = smtplib.SMTP('localhost')
1355 s.sendmail(reply_from, reply_to, email_txt)
1356 s.quit()
1357
1358
1359 def email_quote_text (text):
1360 """Quotes input text by inserting "> "s
1361
1362 This is useful for quoting a text for the reply message. It inserts "> "
1363 strings at the beginning of lines.
1364
1365 Args:
1366 text: plain text to quote
1367
1368 Returns:
1369 Quoted text
1370 """
1371
1372 quoted_message = re.sub(r'^', r'> ', text, flags=re.MULTILINE)
1373
1374 return quoted_message
1375
1376
1377 def encrypt_sign_message (plaintext, encrypt_to_key, gpgme_ctx):
1378 """Encrypts and signs plaintext
1379
1380 This encrypts and signs a message.
1381
1382 Args:
1383 plaintext: text to sign and ecrypt
1384 encrypt_to_key: the key object to encrypt to
1385 gpgme_ctx: the gpgme context
1386
1387 Returns:
1388 An encrypted and signed string of text
1389 """
1390
1391 # the plaintext should be mime encoded in an ascii-compatible form
1392 plaintext_bytes = io.BytesIO(plaintext.encode('ascii'))
1393 encrypted_bytes = io.BytesIO()
1394
1395 gpgme_ctx.encrypt_sign([encrypt_to_key], gpgme.ENCRYPT_ALWAYS_TRUST,
1396 plaintext_bytes, encrypted_bytes)
1397
1398 encrypted_txt = encrypted_bytes.getvalue().decode('ascii')
1399 return encrypted_txt
1400
1401
1402 def error (error_msg):
1403 """Write an error message to stdout
1404
1405 The error message includes the program name.
1406
1407 Args:
1408 error_msg: the message to print
1409
1410 Returns:
1411 Nothing
1412
1413 Post:
1414 An error message is printed to stdout
1415 """
1416
1417 sys.stderr.write(progname + ": " + str(error_msg) + "\n")
1418
1419
1420 def debug (debug_msg):
1421 """Writes a debug message to stdout if debug == True
1422
1423 If the debug option is set in edward_config.py, then the passed message
1424 gets printed to stdout.
1425
1426 Args:
1427 debug_msg: the message to print to stdout
1428
1429 Returns:
1430 Nothing
1431
1432 Post:
1433 A debug message is printed to stdout
1434 """
1435
1436 if edward_config.debug == True:
1437 error(debug_msg)
1438
1439
1440 def handle_args ():
1441 """Sets the progname variable and processes optional argument
1442
1443 If there are more than two arguments then edward complains and quits. An
1444 single "-p" argument sets the print_reply_only option, which makes edward
1445 print email replies instead of mailing them.
1446
1447 Args:
1448 None
1449
1450 Returns:
1451 True if edward should print arguments instead of mailing them,
1452 otherwise it returns False.
1453
1454 Post:
1455 Exits with error 1 if there are more than two arguments, otherwise
1456 returns the print_reply_only option.
1457 """
1458
1459 global progname
1460 progname = sys.argv[0]
1461
1462 print_reply_only = False
1463
1464 if len(sys.argv) > 2:
1465 print(progname + " usage: " + progname + " [-p]\n\n" \
1466 + " -p print reply message to stdout, do not mail it\n", \
1467 file=sys.stderr)
1468 exit(1)
1469
1470 elif (len(sys.argv) == 2) and (sys.argv[1] == "-p"):
1471 print_reply_only = True
1472
1473 return print_reply_only
1474
1475
1476 if __name__ == "__main__":
1477 """Executes main if this file is not loaded interactively"""
1478
1479 main()
1480