X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=lib%2Fsup%2Fcrypto.rb;h=772b8b696c4f4f41682fe2e51f4656bc66603254;hb=2388e4a48a6d3ea5e626fccf9588a6a177e7065e;hp=456241208e5901ee0b5f224b4c9f0b624cd0bd0f;hpb=534d85c189215862abca271ec2434ae7385ae016;p=sup diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb index 4562412..772b8b6 100644 --- a/lib/sup/crypto.rb +++ b/lib/sup/crypto.rb @@ -3,45 +3,158 @@ module Redwood class CryptoManager include Singleton + class Error < StandardError; end + + OUTGOING_MESSAGE_OPERATIONS = OrderedHash.new( + [:sign, "Sign"], + [:sign_and_encrypt, "Sign and encrypt"], + [:encrypt, "Encrypt only"] + ) + def initialize @mutex = Mutex.new - self.class.i_am_the_instance self - @cmd = `which gpg`.chomp - @cmd = `which pgp`.chomp unless @cmd =~ /\S/ - @cmd = nil unless @cmd =~ /\S/ + bin = `which gpg`.chomp + @cmd = + case bin + when /\S/ + debug "crypto: detected gpg binary in #{bin}" + "#{bin} --quiet --batch --no-verbose --logger-fd 1 --use-agent" + else + debug "crypto: no gpg binary detected" + nil + end end - def verify payload, signature # both RubyMail::Message objects - return unknown unless @cmd + def have_crypto?; !@cmd.nil? end + + def sign from, to, payload + payload_fn = Tempfile.new "redwood.payload" + payload_fn.write format_payload(payload) + payload_fn.close + + output = run_gpg "--output - --armor --detach-sign --textmode --local-user '#{from}' #{payload_fn.path}" + + raise Error, (output || "gpg command failed: #{cmd}") unless $?.success? + + envelope = RMail::Message.new + envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha1' + + envelope.add_part payload + signature = RMail::Message.make_attachment output, "application/pgp-signature", nil, "signature.asc" + envelope.add_part signature + envelope + end + + def encrypt from, to, payload, sign=false + payload_fn = Tempfile.new "redwood.payload" + payload_fn.write format_payload(payload) + payload_fn.close + + recipient_opts = (to + [ from ] ).map { |r| "--recipient '<#{r}>'" }.join(" ") + sign_opts = sign ? "--sign --local-user '#{from}'" : "" + gpg_output = run_gpg "--output - --armor --encrypt --textmode #{sign_opts} #{recipient_opts} #{payload_fn.path}" + raise Error, (gpg_output || "gpg command failed: #{cmd}") unless $?.success? + + encrypted_payload = RMail::Message.new + encrypted_payload.header["Content-Type"] = "application/octet-stream" + encrypted_payload.header["Content-Disposition"] = 'inline; filename="msg.asc"' + encrypted_payload.body = gpg_output + + control = RMail::Message.new + control.header["Content-Type"] = "application/pgp-encrypted" + control.header["Content-Disposition"] = "attachment" + control.body = "Version: 1\n" + + envelope = RMail::Message.new + envelope.header["Content-Type"] = 'multipart/encrypted; protocol="application/pgp-encrypted"' + + envelope.add_part control + envelope.add_part encrypted_payload + envelope + end - payload_fn = File.open("payload", "w") # Tempfile.new "redwood.payload" - signature_fn = File.open("signature", "w") #Tempfile.new "redwood.signature" + def sign_and_encrypt from, to, payload + encrypt from, to, payload, true + end + + def verify payload, signature # both RubyMail::Message objects + return unknown_status(cant_find_binary) unless @cmd - payload_fn.write payload.to_s.gsub(/(^|[^\r])\n/, "\\1\r\n").gsub(/^MIME-Version: .*\r\n/, "") + payload_fn = Tempfile.new "redwood.payload" + payload_fn.write format_payload(payload) payload_fn.close + signature_fn = Tempfile.new "redwood.signature" signature_fn.write signature.decode signature_fn.close - cmd = "#{@cmd} --quiet --batch --no-verbose --verify --logger-fd 1 #{signature_fn.path} #{payload_fn.path} 2> /dev/null" + output = run_gpg "--verify #{signature_fn.path} #{payload_fn.path}" + output_lines = output.split(/\n/) + + if output =~ /^gpg: (.* signature from .*$)/ + if $? == 0 + Chunk::CryptoNotice.new :valid, $1, output_lines + else + Chunk::CryptoNotice.new :invalid, $1, output_lines + end + else + unknown_status output_lines + end + end + + ## returns decrypted_message, status, desc, lines + def decrypt payload # a RubyMail::Message object + return unknown_status(cant_find_binary) unless @cmd + + payload_fn = Tempfile.new "redwood.payload" + payload_fn.write payload.to_s + payload_fn.close + + output = run_gpg "--decrypt #{payload_fn.path}" + + if $?.success? + decrypted_payload, sig_lines = if output =~ /\A(.*?)((^gpg: .*$)+)\Z/m + [$1, $2] + else + [output, nil] + end - #Redwood::log "gpg: running: #{cmd}" - gpg_output = `#{cmd}` - #Redwood::log "got output: #{gpg_output.inspect}" - lines = gpg_output.split(/\n/) + sig = if sig_lines # encrypted & signed + if sig_lines =~ /^gpg: (Good signature from .*$)/ + Chunk::CryptoNotice.new :valid, $1, sig_lines.split("\n") + else + Chunk::CryptoNotice.new :invalid, $1, sig_lines.split("\n") + end + end - if gpg_output =~ /^gpg: (.* signature from .*$)/ - $? == 0 ? [:valid, $1, lines] : [:invalid, $1, lines] + notice = Chunk::CryptoNotice.new :valid, "This message has been decrypted for display" + [notice, sig, RMail::Parser.read(decrypted_payload)] else - unknown + Chunk::CryptoNotice.new :invalid, "This message could not be decrypted", output.split("\n") end end private - def unknown - [:unknown, "Unable to determine validity of cryptographic signature", []] + def unknown_status lines=[] + Chunk::CryptoNotice.new :unknown, "Unable to determine validity of cryptographic signature", lines + end + + def cant_find_binary + ["Can't find gpg binary in path."] + end + + ## here's where we munge rmail output into the format that signed/encrypted + ## PGP/GPG messages should be + def format_payload payload + payload.to_s.gsub(/(^|[^\r])\n/, "\\1\r\n").gsub(/^MIME-Version: .*\r\n/, "") + end + + def run_gpg args + cmd = "#{@cmd} #{args} 2> /dev/null" + output = `#{cmd}` + output end end end