From 579b176e686d1b30cc8ecde55c5a8a31310c5938 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 25 Nov 2019 16:45:51 -0500 Subject: email-print-mime-structure: handle one-part PKCS#7 signature objects PKCS#7 offers a signed-only mode which is distinct from multipart/signed. This mode is more robust to breakage by transforming MTAs, but it is also unreadable *unless* the receiver knows how to cope with S/MIME. See https://tools.ietf.org/html/rfc8551#section-3.5 for more details about the different formats. email-print-mime-structure should now be able to handle these messages and display the structure of their content as well. Signed-off-by: Daniel Kahn Gillmor Acked-by: Sean Whitton --- debian/control | 2 ++ email-print-mime-structure | 13 +++++++ tests/email-print-mime-structure/smime-signed.eml | 41 +++++++++++++++++++++++ tests/email-print-mime-structure/smime-signed.out | 7 ++++ 4 files changed, 63 insertions(+) create mode 100644 tests/email-print-mime-structure/smime-signed.eml create mode 100644 tests/email-print-mime-structure/smime-signed.out diff --git a/debian/control b/debian/control index d2e07da..73c5919 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Build-Depends: debhelper (>= 10), dh-elpa, diffutils , + gnutls-bin , gpg , gpg-agent , gpgsm , @@ -52,6 +53,7 @@ Recommends: python3-argcomplete, python3-pgpy, Suggests: + gnutls-bin, gpg, gpg-agent, gpgsm, diff --git a/email-print-mime-structure b/email-print-mime-structure index 6d7b0af..b7646e0 100755 --- a/email-print-mime-structure +++ b/email-print-mime-structure @@ -103,6 +103,19 @@ class MimePrinter(object): newprefix = prefix[:-3] + ' ' print(f'{newprefix}↧ (decrypts to)') self.print_tree(cryptopayload, newprefix + '└', z, 0) + else: + if z.get_content_type().lower() == 'application/pkcs7-mime' and \ + str(z.get_param('smime-type')).lower() == 'signed-data': + bodypart:Union[List[Message],str,bytes,None] = z.get_payload(decode=True) + if isinstance(bodypart, bytes): + unwrapped = self.pipe_transform(bodypart, ['certtool', '--p7-show-data', '--p7-info', '--inder']) + if unwrapped: + newprefix = prefix[:-3] + ' ' + print(f'{newprefix}⇩ (unwraps to)') + self.print_tree(unwrapped, newprefix + '└', z, 0) + else: + logging.warning(f'Unable to unwrap one-part PKCS#7 signed message (maybe try "apt install gnutls-bin")') + def decrypt_part(self, msg:Message, flavor:EncType) -> Optional[Message]: ciphertext:Union[List[Message],str,bytes,None] = msg.get_payload(decode=True) diff --git a/tests/email-print-mime-structure/smime-signed.eml b/tests/email-print-mime-structure/smime-signed.eml new file mode 100644 index 0000000..3929d6b --- /dev/null +++ b/tests/email-print-mime-structure/smime-signed.eml @@ -0,0 +1,41 @@ +Date: Sun, 24 Nov 2019 21:13:45 -0500 +Subject: test message +Message-ID: +From: Alice +To: Bob +Content-Type: application/pkcs7-mime; smime-type="signed-data" +Content-Transfer-Encoding: base64 + +MIIHOgYJKoZIhvcNAQcCoIIHKzCCBycCAQExDTALBglghkgBZQMEAgEwggG+BgkqhkiG9w0BBwGg +ggGvBIIBq0NvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0ieHl6Ig0KDQot +LXh5eg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJhYmMx +MjMiDQoNCi0tYWJjMTIzDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCg0KVGhpcyBpcyBhIHNp +bXBsZSBtZXNzYWdlDQoNCi0tYWJjMTIzDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KDQo8aHRt +bD48aGVhZD48L2hlYWQ+PGJvZHk+PHA+VGhpcyBpcyBhIHNpbXBsZSBtZXNzYWdlPC9wPjwvYm9k +eT48L2h0bWw+DQoNCi0tYWJjMTIzLS0NCi0teHl6DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4N +CkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJ0ZXN0LnR4dCINCg0K +VGhpcyBpcyBhIHNpbXBsZSBhdHRhY2htZW50IGZpbGUuDQqgggNyMIIDbjCCAlagAwIBAgIUZ4K0 +WXNSS8H0cUcZavD9EYqqTAswDQYJKoZIhvcNAQENBQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBT +IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFow +GTEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDD7q35ZdG2JAzzJGNZDZ9sV7AKh0hlRfoFjTZN5m4RegQAYSyag43ouWi1xRN0avf0UTYrwjK0 +4qRdV7GzCACoEKq/xiNUOsjfJXzbCublN3fZMOXDshKKBqThlK75SjA9Czxg7ejGoiY/iidk0e91 +neK30SCCaBTJlfR2ZDrPk73IPMeksxoTatfF9hw9dDA+/Hi1yptN/aG0Q/s9icFrxr6y2zQXsjuQ +PmjMZgj10aD9cazWVgRYCgflhmA0V1uQl1wobYU8DAVxVn+GgabqyjGQMoythIK0Gn5+ofwxXXUM +/zbU+g6+1ISdoXxRRFtq2GzbIqkAHZZQm+BbnFrhAgMBAAGjgZcwgZQwDAYDVR0TAQH/BAIwADAe +BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8GA1Ud +DwEB/wQFAwMHoAAwHQYDVR0OBBYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MB8GA1UdIwQYMBaAFLdS +TXPAiD2yw3paDPOU9/eAonfbMA0GCSqGSIb3DQEBDQUAA4IBAQB76o4Yz7yrVSFcpXqLrcGtdI4q +93aKCXECCCzNQLp4yesh6brqaZHNJtwYcJ5TqbUym9hJ70iJE4jGNN+yAZR1ltte0HFKYIBKM4EJ +umG++2hqbUaLz4tl06BHaQPCv/9NiNY7q9R9c/B6s1YzHhwqkWht2a+AtgJ4BkpG+g+MmZMQV/Ao +7RwLFKJ9OlMWLBmEXFcpIJN0HpPasT0nEl/MmotSu+8RnClAi3yFfyTKb+8rD7VxuyXetqDZ6dU/ +9/iqD/SZS7OQIjywtd343mACz3B1RlFxMHSA6dQAf2btGumqR0KiAp3KkYRAePoaJqYkB7Zad06n +gFl0G0FHON+7MYIB2TCCAdUCAQEwRTAtMSswKQYDVQQDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNh +dGUgQXV0aG9yaXR5AhRngrRZc1JLwfRxRxlq8P0RiqpMCzALBglghkgBZQMEAgGgaTAYBgkqhkiG +9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTExMjUyMDQ0MDZaMC8GCSqGSIb3 +DQEJBDEiBCCFhxQumT0jWdiOeuN21xClT1cnZAuhs2YCQjJWBu5fDjANBgkqhkiG9w0BAQEFAASC +AQCau7ahdSrX99SsKrAVpTgL9ifxt5DgVywQQGOaKjsEHCRq8SH0BMuU+ByJryzkmsNFSUOo/Okg +GZ5ZUlw+3W9Lnb9HM9Ad9WYZVT0LY7cqXDTV1ElQG7fnP6ugg/mOIw6UfqMc2SznGZX9ZGlOAwvk +G7v/20xsw99ZQddcr4zSJ7V+bKxBmeysaMlGRKfwrEmu+/bDKGXRLstjsJmzvOK+LYqNKCFPhehf +EjOJQyQq5sEHYc63gnziWTEcwoCQJcFGVZhh/x+KEdXtTb/jXpQzoX/IAs3ED/ggOzEyPbuMTrQD +c9LA8e8NbwhGhKvNi0sZYccDsFMQLpo3rZttA4mo diff --git a/tests/email-print-mime-structure/smime-signed.out b/tests/email-print-mime-structure/smime-signed.out new file mode 100644 index 0000000..293a271 --- /dev/null +++ b/tests/email-print-mime-structure/smime-signed.out @@ -0,0 +1,7 @@ +└─╴application/pkcs7-mime 2538 bytes + ⇩ (unwraps to) + └┬╴multipart/mixed 415 bytes + ├┬╴multipart/alternative 234 bytes + │├─╴text/plain 26 bytes + │└─╴text/html 72 bytes + └─╴text/plain attachment [test.txt] 33 bytes -- cgit v1.2.3