def UnwrapMimeCrypto(part, si=None, ei=None): """ This method will replace encrypted and signed parts with their contents and set part attributes describing the security properties instead. """ part.signature_info = si or SignatureInfo() part.encryption_info = ei or EncryptionInfo() mimetype = part.get_content_type() if part.is_multipart(): # FIXME: Check the protocol. PGP? Something else? # FIXME: This is where we add hooks for other MIME encryption # schemes, so route to callbacks by protocol. if mimetype == "multipart/signed": gpg = GnuPG() boundary = part.get_boundary() payload, signature = part.get_payload() # The Python get_payload() method likes to rewrite headers, # which breaks signature verification. So we manually parse # out the raw payload here. head, raw_payload, junk = part.as_string().replace("\r\n", "\n").split("\n--%s\n" % boundary, 2) part.signature_info = gpg.verify(gpg.pgpmime_normalize(raw_payload), signature.get_payload()) # Reparent the contents up, removing the signature wrapper part.set_payload(payload.get_payload()) for h in payload.keys(): del part[h] for h, v in payload.items(): part.add_header(h, v) elif mimetype == "multipart/encrypted": gpg = GnuPG() preamble, payload = part.get_payload() (part.signature_info, part.encryption_info, decrypted) = gpg.decrypt(payload.as_string()) if part.encryption_info["status"] == "decrypted": newpart = email.parser.Parser().parse(StringIO.StringIO(decrypted)) # Reparent the contents up, removing the encryption wrapper part.set_payload(newpart.get_payload()) for h in newpart.keys(): del part[h] for h, v in newpart.items(): part.add_header(h, v) # If we are still multipart after the above shenanigans, recurse # into our subparts and unwrap them too. if part.is_multipart(): for subpart in part.get_payload(): UnwrapMimeCrypto(subpart, si=part.signature_info, ei=part.encryption_info) else: # FIXME: This is where we would handle cryptoschemes that don't # appear as multipart/... pass
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False): if 'text_parts' not in tree: return tree pgpdata = [] for part in tree['text_parts']: if 'crypto' not in part: part['crypto'] = {} ei = si = None if check_sigs: if part['type'] == 'pgpbeginsigned': pgpdata = [part] elif part['type'] == 'pgpsignedtext': pgpdata.append(part) elif part['type'] == 'pgpsignature': pgpdata.append(part) try: gpg = GnuPG() message = ''.join([p['data'].encode(p['charset']) for p in pgpdata]) si = pgpdata[1]['crypto']['signature' ] = gpg.verify(message) pgpdata[0]['data'] = '' pgpdata[2]['data'] = '' except Exception, e: print e if decrypt: if part['type'] in ('pgpbegin', 'pgptext'): pgpdata.append(part) elif part['type'] == 'pgpend': pgpdata.append(part) gpg = GnuPG() (signature_info, encryption_info, text ) = gpg.decrypt(''.join([p['data'] for p in pgpdata])) ei = pgpdata[1]['crypto']['encryption'] = encryption_info si = pgpdata[1]['crypto']['signature'] = signature_info if encryption_info["status"] == "decrypted": pgpdata[1]['data'] = text pgpdata[0]['data'] = "" pgpdata[2]['data'] = "" # Bubbling up! if (si or ei) and 'crypto' not in tree: tree['crypto'] = {'signature': SignatureInfo(), 'encryption': EncryptionInfo()} if si: tree['crypto']['signature'].mix(si) if ei: tree['crypto']['encryption'].mix(ei)
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False): if 'text_parts' not in tree: return tree pgpdata = [] for part in tree['text_parts']: # Handle signed messages if 'signature_info' not in part: part['signature_info'] = SignatureInfo() if check_sigs: if part['type'] == 'pgpbeginsigned': pgpdata = [part] elif part['type'] == 'pgpsignedtext': pgpdata.append(part) elif part['type'] == 'pgpsignature': pgpdata.append(part) try: gpg = GnuPG() message = ''.join([p['data'].encode(p['charset']) for p in pgpdata]) pgpdata[1]['signature_info'] = gpg.verify(message) pgpdata[0]['data'] = '' pgpdata[2]['data'] = '' except Exception, e: print e if "encryption_info" not in part: part['encryption_info'] = EncryptionInfo() if decrypt: if part['type'] in ('pgpbegin', 'pgptext'): pgpdata.append(part) elif part['type'] == 'pgpend': pgpdata.append(part) message = ''.join([p['data'] for p in pgpdata]) gpg = GnuPG() encryption_info, text = gpg.decrypt(message) pgpdata[1]['encryption_info'] = encryption_info if encryption_info["status"] == "decrypted": pgpdata[1]['data'] = text pgpdata[0]['data'] = "" pgpdata[2]['data'] = ""
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False): if "text_parts" not in tree: return tree pgpdata = [] for part in tree["text_parts"]: # Handle signed messages if "signature_info" not in part: part["signature_info"] = SignatureInfo() if check_sigs: if part["type"] == "pgpbeginsigned": pgpdata = [part] elif part["type"] == "pgpsignedtext": pgpdata.append(part) elif part["type"] == "pgpsignature": pgpdata.append(part) try: gpg = GnuPG() message = "".join([p["data"].encode(p["charset"]) for p in pgpdata]) pgpdata[1]["signature_info"] = gpg.verify(message) pgpdata[0]["data"] = "" pgpdata[2]["data"] = "" except Exception, e: print e if "encryption_info" not in part: part["encryption_info"] = EncryptionInfo() if decrypt: if part["type"] in ("pgpbegin", "pgptext"): pgpdata.append(part) elif part["type"] == "pgpend": pgpdata.append(part) message = "".join([p["data"] for p in pgpdata]) gpg = GnuPG() si, encryption_info, text = gpg.decrypt(message) pgpdata[1]["encryption_info"] = encryption_info if encryption_info["status"] == "decrypted": pgpdata[1]["data"] = text pgpdata[0]["data"] = "" pgpdata[2]["data"] = ""