diff options
| author | Tim Culverhouse <tim@timculverhouse.com> | 2022-04-25 08:30:44 -0500 |
|---|---|---|
| committer | Robin Jarry <robin@jarry.cc> | 2022-04-27 09:46:25 +0200 |
| commit | 57699b1fa6367a42d5877afcfdb1504e52835ed9 (patch) | |
| tree | b5000bfad3d62f01127f5831d64d27aac07872e1 /lib/crypto/gpg/writer.go | |
| parent | d09636ee0b9957ed60fc01224ddfbb03c4f4b7fa (diff) | |
| download | aerc-57699b1fa6367a42d5877afcfdb1504e52835ed9.tar.gz | |
feat: add gpg integration
This commit adds gpg system integration. This is done through two new
packages: gpgbin, which handles the system calls and parsing; and gpg
which is mostly a copy of emersion/go-pgpmail with modifications to
interface with package gpgbin. gpg includes tests for many cases, and
by it's nature also tests package gpgbin. I separated these in case an
external dependency is ever used for the gpg sys-calls/parsing (IE we
mirror how go-pgpmail+openpgp currently are dependencies)
Two new config options are introduced:
* pgp-provider. If it is not explicitly set to "gpg", aerc will default to
it's internal pgp provider
* pgp-key-id: (Optionally) specify a key by short or long keyId
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Diffstat (limited to 'lib/crypto/gpg/writer.go')
| -rw-r--r-- | lib/crypto/gpg/writer.go | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/lib/crypto/gpg/writer.go b/lib/crypto/gpg/writer.go new file mode 100644 index 00000000..269b4907 --- /dev/null +++ b/lib/crypto/gpg/writer.go @@ -0,0 +1,179 @@ +// writer.go largerly mimics github.com/emersion/go-pgpmail, with changes made +// to interface with the gpg package in aerc + +package gpg + +import ( + "bytes" + "fmt" + "io" + "mime" + + "git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin" + "github.com/emersion/go-message/textproto" +) + +type EncrypterSigner struct { + msgBuf bytes.Buffer + encryptedWriter io.Writer + to []string + from string +} + +func (es *EncrypterSigner) Write(p []byte) (int, error) { + return es.msgBuf.Write(p) +} + +func (es *EncrypterSigner) Close() (err error) { + r := bytes.NewReader(es.msgBuf.Bytes()) + enc, err := gpgbin.Encrypt(r, es.to, es.from) + if err != nil { + return err + } + es.encryptedWriter.Write(enc) + return nil +} + +type Signer struct { + mw *textproto.MultipartWriter + signedMsg bytes.Buffer + w io.Writer + from string + header textproto.Header +} + +func (s *Signer) Write(p []byte) (int, error) { + return s.signedMsg.Write(p) +} + +func (s *Signer) Close() (err error) { + // TODO should write the whole message up here so we can get the proper micalg from the signature packet + + sig, micalg, err := gpgbin.Sign(bytes.NewReader(s.signedMsg.Bytes()), s.from) + if err != nil { + return err + } + params := map[string]string{ + "boundary": s.mw.Boundary(), + "protocol": "application/pgp-signature", + "micalg": micalg, + } + s.header.Set("Content-Type", mime.FormatMediaType("multipart/signed", params)) + + if err = textproto.WriteHeader(s.w, s.header); err != nil { + return err + } + boundary := s.mw.Boundary() + fmt.Fprintf(s.w, "--%s\r\n", boundary) + s.w.Write(s.signedMsg.Bytes()) + s.w.Write([]byte("\r\n")) + + var signedHeader textproto.Header + signedHeader.Set("Content-Type", "application/pgp-signature") + signatureWriter, err := s.mw.CreatePart(signedHeader) + if err != nil { + return err + } + + _, err = signatureWriter.Write(sig) + if err != nil { + return err + } + return nil +} + +// for tests +var forceBoundary = "" + +type multiCloser []io.Closer + +func (mc multiCloser) Close() error { + for _, c := range mc { + if err := c.Close(); err != nil { + return err + } + } + return nil +} + +func Encrypt(w io.Writer, h textproto.Header, rcpts []string, from string) (io.WriteCloser, error) { + mw := textproto.NewMultipartWriter(w) + + if forceBoundary != "" { + mw.SetBoundary(forceBoundary) + } + + params := map[string]string{ + "boundary": mw.Boundary(), + "protocol": "application/pgp-encrypted", + } + h.Set("Content-Type", mime.FormatMediaType("multipart/encrypted", params)) + + if err := textproto.WriteHeader(w, h); err != nil { + return nil, err + } + + var controlHeader textproto.Header + controlHeader.Set("Content-Type", "application/pgp-encrypted") + controlWriter, err := mw.CreatePart(controlHeader) + if err != nil { + return nil, err + } + if _, err = controlWriter.Write([]byte("Version: 1\r\n")); err != nil { + return nil, err + } + + var encryptedHeader textproto.Header + encryptedHeader.Set("Content-Type", "application/octet-stream") + encryptedWriter, err := mw.CreatePart(encryptedHeader) + if err != nil { + return nil, err + } + + var buf bytes.Buffer + plaintext := &EncrypterSigner{ + msgBuf: buf, + encryptedWriter: encryptedWriter, + to: rcpts, + from: from, + } + + return struct { + io.Writer + io.Closer + }{ + plaintext, + multiCloser{ + plaintext, + mw, + }, + }, nil +} + +func Sign(w io.Writer, h textproto.Header, from string) (io.WriteCloser, error) { + mw := textproto.NewMultipartWriter(w) + + if forceBoundary != "" { + mw.SetBoundary(forceBoundary) + } + + var msg bytes.Buffer + plaintext := &Signer{ + mw: mw, + signedMsg: msg, + w: w, + from: from, + header: h, + } + + return struct { + io.Writer + io.Closer + }{ + plaintext, + multiCloser{ + plaintext, + mw, + }, + }, nil +} |