diff options
author | Giovane <giovaneliberato@gmail.com> | 2016-01-19 17:45:52 -0200 |
---|---|---|
committer | Giovane <giovaneliberato@gmail.com> | 2016-01-21 16:28:13 -0200 |
commit | 2dbee22c0772ca1c4de12bf63175833b89d5219c (patch) | |
tree | 0c83131be9f0337a2c58fb150ebf59127d8e0d62 /mail | |
parent | 2d8a1080af9ac717ee33311c88a9608cb5c48369 (diff) |
[feat] Verify plain text signed email
- Extract message serialization to a method
- Add new condition to verify signature on plain text mail
- Return InvalidSignature if cannot verify
Diffstat (limited to 'mail')
-rw-r--r-- | mail/src/leap/mail/incoming/service.py | 43 |
1 files changed, 36 insertions, 7 deletions
diff --git a/mail/src/leap/mail/incoming/service.py b/mail/src/leap/mail/incoming/service.py index 3896c17d..17168163 100644 --- a/mail/src/leap/mail/incoming/service.py +++ b/mail/src/leap/mail/incoming/service.py @@ -440,6 +440,7 @@ class IncomingMail(Service): fromHeader = msg.get('from', None) senderAddress = None + if (fromHeader is not None and (msg.get_content_type() == MULTIPART_ENCRYPTED or msg.get_content_type() == MULTIPART_SIGNED)): @@ -466,6 +467,8 @@ class IncomingMail(Service): if msg.get_content_type() == MULTIPART_ENCRYPTED: d = self._decrypt_multipart_encrypted_msg( msg, encoding, senderAddress) + elif msg.get_content_type() == MULTIPART_SIGNED: + d = self._verify_signature_not_encrypted_msg(msg, senderAddress) else: d = self._maybe_decrypt_inline_encrypted_msg( msg, encoding, senderAddress) @@ -522,8 +525,8 @@ class IncomingMail(Service): return (msg, signkey) d = self._keymanager.decrypt( - encdata, self._userid, OpenPGPKey, - verify=senderAddress) + encdata, self._userid, OpenPGPKey, + verify=senderAddress) d.addCallbacks(build_msg, self._decryption_error, errbackArgs=(msg,)) return d @@ -545,11 +548,8 @@ class IncomingMail(Service): :rtype: Deferred """ log.msg('maybe decrypting inline encrypted msg') - # serialize the original message - buf = StringIO() - g = Generator(buf) - g.flatten(origmsg) - data = buf.getvalue() + + data = self._serialize_msg(origmsg) def decrypted_data(res): decrdata, signkey = res @@ -578,6 +578,35 @@ class IncomingMail(Service): d.addCallback(encode_and_return) return d + def _verify_signature_not_encrypted_msg(self, origmsg, sender_address): + """ + Possibly decrypt an inline OpenPGP encrypted message. + + :param origmsg: The original, possibly encrypted message. + :type origmsg: Message + :param sender_address: The email address of the sender of the message. + :type sender_address: str + + :return: A Deferred that will be fired with a tuple containing a + signed Message and the signing OpenPGPKey if the signature + is valid or InvalidSignature. + :rtype: Deferred + """ + msg = copy.deepcopy(origmsg) + data = msg.get_payload()[0].as_string() + detached_sig = msg.get_payload()[1].get_payload() + d = self._keymanager.verify(data, sender_address, OpenPGPKey, detached_sig) + + d.addCallback(lambda sign_key: (msg, sign_key)) + d.addErrback(lambda _: (msg, keymanager_errors.InvalidSignature())) + return d + + def _serialize_msg(self, origmsg): + buf = StringIO() + g = Generator(buf) + g.flatten(origmsg) + return buf.getvalue() + def _decryption_error(self, failure, msg): """ Check for known decryption errors |