Пример #1
0
    def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
        if 'text_parts' not in tree:
            return tree

        pgpdata = []
        for part in tree['text_parts']:
            if 'crypto' not in part:
                part['crypto'] = {}

            ei = si = None
            if check_sigs:
                if part['type'] == 'pgpbeginsigned':
                    pgpdata = [part]
                elif part['type'] == 'pgpsignedtext':
                    pgpdata.append(part)
                elif part['type'] == 'pgpsignature':
                    pgpdata.append(part)
                    try:
                        gpg = GnuPG()
                        message = ''.join([p['data'].encode(p['charset'])
                                           for p in pgpdata])
                        si = pgpdata[1]['crypto']['signature'
                                                  ] = gpg.verify(message)
                        pgpdata[0]['data'] = ''
                        pgpdata[2]['data'] = ''

                    except Exception, e:
                        print e

            if decrypt:
                if part['type'] in ('pgpbegin', 'pgptext'):
                    pgpdata.append(part)
                elif part['type'] == 'pgpend':
                    pgpdata.append(part)

                    gpg = GnuPG()
                    (signature_info, encryption_info, text
                     ) = gpg.decrypt(''.join([p['data'] for p in pgpdata]))

                    # FIXME: If the data is binary, we should provide some
                    #        sort of download link or maybe leave the PGP
                    #        blob entirely intact, undecoded.
                    text, charset = self.decode_text(text, binary=False)

                    ei = pgpdata[1]['crypto']['encryption'] = encryption_info
                    si = pgpdata[1]['crypto']['signature'] = signature_info
                    if encryption_info["status"] == "decrypted":
                        pgpdata[1]['data'] = text
                        pgpdata[0]['data'] = ""
                        pgpdata[2]['data'] = ""

            # Bubbling up!
            if (si or ei) and 'crypto' not in tree:
                tree['crypto'] = {'signature': SignatureInfo(),
                                  'encryption': EncryptionInfo()}
            if si:
                tree['crypto']['signature'].mix(si)
            if ei:
                tree['crypto']['encryption'].mix(ei)
Пример #2
0
    def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
        if 'text_parts' not in tree:
            return tree

        pgpdata = []
        for part in tree['text_parts']:
            if 'crypto' not in part:
                part['crypto'] = {}

            ei = si = None
            if check_sigs:
                if part['type'] == 'pgpbeginsigned':
                    pgpdata = [part]
                elif part['type'] == 'pgpsignedtext':
                    pgpdata.append(part)
                elif part['type'] == 'pgpsignature':
                    pgpdata.append(part)
                    try:
                        gpg = GnuPG()
                        message = ''.join([p['data'].encode(p['charset'])
                                           for p in pgpdata])
                        si = pgpdata[1]['crypto']['signature'
                                                  ] = gpg.verify(message)
                        pgpdata[0]['data'] = ''
                        pgpdata[2]['data'] = ''

                    except Exception, e:
                        print e

            if decrypt:
                if part['type'] in ('pgpbegin', 'pgptext'):
                    pgpdata.append(part)
                elif part['type'] == 'pgpend':
                    pgpdata.append(part)

                    gpg = GnuPG()
                    (signature_info, encryption_info, text
                     ) = gpg.decrypt(''.join([p['data'] for p in pgpdata]))

                    # FIXME: If the data is binary, we should provide some
                    #        sort of download link or maybe leave the PGP
                    #        blob entirely intact, undecoded.
                    text, charset = self.decode_text(text, binary=False)

                    ei = pgpdata[1]['crypto']['encryption'] = encryption_info
                    si = pgpdata[1]['crypto']['signature'] = signature_info
                    if encryption_info["status"] == "decrypted":
                        pgpdata[1]['data'] = text
                        pgpdata[0]['data'] = ""
                        pgpdata[2]['data'] = ""

            # Bubbling up!
            if (si or ei) and 'crypto' not in tree:
                tree['crypto'] = {'signature': SignatureInfo(),
                                  'encryption': EncryptionInfo()}
            if si:
                tree['crypto']['signature'].mix(si)
            if ei:
                tree['crypto']['encryption'].mix(ei)
Пример #3
0
    def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
        if "text_parts" not in tree:
            return tree

        pgpdata = []
        for part in tree["text_parts"]:
            if "crypto" not in part:
                part["crypto"] = {}

            ei = si = None
            if check_sigs:
                if part["type"] == "pgpbeginsigned":
                    pgpdata = [part]
                elif part["type"] == "pgpsignedtext":
                    pgpdata.append(part)
                elif part["type"] == "pgpsignature":
                    pgpdata.append(part)
                    try:
                        gpg = GnuPG()
                        message = "".join([p["data"].encode(p["charset"]) for p in pgpdata])
                        si = pgpdata[1]["crypto"]["signature"] = gpg.verify(message)
                        pgpdata[0]["data"] = ""
                        pgpdata[2]["data"] = ""

                    except Exception, e:
                        print e

            if decrypt:
                if part["type"] in ("pgpbegin", "pgptext"):
                    pgpdata.append(part)
                elif part["type"] == "pgpend":
                    pgpdata.append(part)

                    gpg = GnuPG()
                    (signature_info, encryption_info, text) = gpg.decrypt("".join([p["data"] for p in pgpdata]))

                    # FIXME: If the data is binary, we should provide some
                    #        sort of download link or maybe leave the PGP
                    #        blob entirely intact, undecoded.
                    text, charset = self.decode_text(text, binary=False)

                    ei = pgpdata[1]["crypto"]["encryption"] = encryption_info
                    si = pgpdata[1]["crypto"]["signature"] = signature_info
                    if encryption_info["status"] == "decrypted":
                        pgpdata[1]["data"] = text
                        pgpdata[0]["data"] = ""
                        pgpdata[2]["data"] = ""

            # Bubbling up!
            if (si or ei) and "crypto" not in tree:
                tree["crypto"] = {"signature": SignatureInfo(), "encryption": EncryptionInfo()}
            if si:
                tree["crypto"]["signature"].mix(si)
            if ei:
                tree["crypto"]["encryption"].mix(ei)
Пример #4
0
def decrypt_gpg(lines, fd):
    for line in fd:
        lines.append(line)
        if line.startswith(GPG_END_MESSAGE):
            break

    gpg = GnuPG()
    _, encryption_info, plaintext = gpg.decrypt(''.join(lines))

    if encryption_info['status'] != 'decrypted':
        gpg_exec = distutils.spawn.find_executable('gpg')
        gpg_version = gpg.version()
        raise AccessError("GPG (version: %s, location: %s) was unable to decrypt the data: %s" % (gpg_version, gpg_exec, encryption_info['status']))

    return plaintext.splitlines(True)
Пример #5
0
def UnwrapMimeCrypto(part, si=None, ei=None):
    """
    This method will replace encrypted and signed parts with their
    contents and set part attributes describing the security properties
    instead.
    """
    part.signature_info = si or SignatureInfo()
    part.encryption_info = ei or EncryptionInfo()
    mimetype = part.get_content_type()
    if part.is_multipart():

        # FIXME: Check the protocol. PGP? Something else?
        # FIXME: This is where we add hooks for other MIME encryption
        #        schemes, so route to callbacks by protocol.

        if mimetype == 'multipart/signed':
            gpg = GnuPG()
            boundary = part.get_boundary()
            payload, signature = part.get_payload()

            # The Python get_payload() method likes to rewrite headers,
            # which breaks signature verification. So we manually parse
            # out the raw payload here.
            head, raw_payload, junk = part.as_string(
                ).replace('\r\n', '\n').split('\n--%s\n' % boundary, 2)

            part.signature_info = gpg.verify(
                gpg.pgpmime_normalize(raw_payload),
                signature.get_payload())

            # Reparent the contents up, removing the signature wrapper
            part.set_payload(payload.get_payload())
            for h in payload.keys():
                del part[h]
            for h, v in payload.items():
                part.add_header(h, v)

            # Try again, in case we just unwrapped another layer
            # of multipart/something.
            return UnwrapMimeCrypto(part,
                                    si=part.signature_info,
                                    ei=part.encryption_info)

        elif mimetype == 'multipart/encrypted':
            gpg = GnuPG()
            preamble, payload = part.get_payload()
            (part.signature_info, part.encryption_info, decrypted
             ) = gpg.decrypt(payload.as_string())

            if part.encryption_info['status'] == 'decrypted':
                newpart = email.parser.Parser().parse(
                    StringIO.StringIO(decrypted))

                # Reparent the contents up, removing the encryption wrapper
                part.set_payload(newpart.get_payload())
                for h in newpart.keys():
                    del part[h]
                for h, v in newpart.items():
                    part.add_header(h, v)

                # Try again, in case we just unwrapped another layer
                # of multipart/something.
                return UnwrapMimeCrypto(part,
                                        si=part.signature_info,
                                        ei=part.encryption_info)

        # If we are still multipart after the above shenanigans, recurse
        # into our subparts and unwrap them too.
        if part.is_multipart():
            for subpart in part.get_payload():
                UnwrapMimeCrypto(subpart,
                                 si=part.signature_info,
                                 ei=part.encryption_info)

    else:
        # FIXME: This is where we would handle cryptoschemes that don't
        #        appear as multipart/...
        pass