/**
* crypt_current_time - Print the current time
* @param s State to use
* @param app_name App name, e.g. "PGP"
*
* print the current time to avoid spoofing of the signature output
*/
void crypt_current_time(struct State *s, const char *app_name)
{
char p[256], tmp[256];
if (!WithCrypto)
return;
if (C_CryptTimestamp)
{
mutt_date_localtime_format(p, sizeof(p), _(" (current time: %c)"), MUTT_DATE_NOW);
}
else
*p = '\0';
snprintf(tmp, sizeof(tmp), _("[-- %s output follows%s --]\n"), NONULL(app_name), p);
state_attach_puts(tmp, s);
}
/* print the current time to avoid spoofing of the signature output */
void crypt_current_time(STATE *s, char *app_name)
{
time_t t;
char p[STRING], tmp[STRING];
if (!WithCrypto)
return;
if (option (OPTCRYPTTIMESTAMP))
{
t = time(NULL);
setlocale (LC_TIME, "");
strftime (p, sizeof (p), _(" (current time: %c)"), localtime (&t));
setlocale (LC_TIME, "C");
}
else
*p = '\0';
snprintf (tmp, sizeof (tmp), _("[-- %s output follows%s --]\n"), NONULL(app_name), p);
state_attach_puts (tmp, s);
}
/**
* mutt_signed_handler - Verify a "multipart/signed" body - Implements ::handler_t
*/
int mutt_signed_handler(struct Body *a, struct State *s)
{
bool inconsistent = false;
struct Body *b = a;
struct Body **signatures = NULL;
int sigcnt = 0;
int rc = 0;
if (!WithCrypto)
return -1;
a = a->parts;
SecurityFlags signed_type = mutt_is_multipart_signed(b);
if (signed_type == SEC_NO_FLAGS)
{
/* A null protocol value is already checked for in mutt_body_handler() */
state_printf(s,
_("[-- Error: "
"Unknown multipart/signed protocol %s --]\n\n"),
mutt_param_get(&b->parameter, "protocol"));
return mutt_body_handler(a, s);
}
if (!(a && a->next))
inconsistent = true;
else
{
switch (signed_type)
{
case SEC_SIGN:
if ((a->next->type != TYPE_MULTIPART) ||
(mutt_str_strcasecmp(a->next->subtype, "mixed") != 0))
{
inconsistent = true;
}
break;
case PGP_SIGN:
if ((a->next->type != TYPE_APPLICATION) ||
(mutt_str_strcasecmp(a->next->subtype, "pgp-signature") != 0))
{
inconsistent = true;
}
break;
case SMIME_SIGN:
if ((a->next->type != TYPE_APPLICATION) ||
((mutt_str_strcasecmp(a->next->subtype, "x-pkcs7-signature") != 0) &&
(mutt_str_strcasecmp(a->next->subtype, "pkcs7-signature") != 0)))
{
inconsistent = true;
}
break;
default:
inconsistent = true;
}
}
if (inconsistent)
{
state_attach_puts(_("[-- Error: "
"Missing or bad-format multipart/signed signature"
" --]\n\n"),
s);
return mutt_body_handler(a, s);
}
if (s->flags & MUTT_DISPLAY)
{
crypt_fetch_signatures(&signatures, a->next, &sigcnt);
if (sigcnt)
{
char tempfile[PATH_MAX];
mutt_mktemp(tempfile, sizeof(tempfile));
bool goodsig = true;
if (crypt_write_signed(a, s, tempfile) == 0)
{
for (int i = 0; i < sigcnt; i++)
{
if (((WithCrypto & APPLICATION_PGP) != 0) &&
(signatures[i]->type == TYPE_APPLICATION) &&
(mutt_str_strcasecmp(signatures[i]->subtype, "pgp-signature") == 0))
{
if (crypt_pgp_verify_one(signatures[i], s, tempfile) != 0)
goodsig = false;
continue;
}
if (((WithCrypto & APPLICATION_SMIME) != 0) &&
(signatures[i]->type == TYPE_APPLICATION) &&
((mutt_str_strcasecmp(signatures[i]->subtype,
"x-pkcs7-signature") == 0) ||
(mutt_str_strcasecmp(signatures[i]->subtype,
"pkcs7-signature") == 0)))
{
if (crypt_smime_verify_one(signatures[i], s, tempfile) != 0)
goodsig = false;
continue;
}
state_printf(s,
_("[-- Warning: "
"We can't verify %s/%s signatures. --]\n\n"),
TYPE(signatures[i]), signatures[i]->subtype);
}
}
mutt_file_unlink(tempfile);
b->goodsig = goodsig;
b->badsig = !goodsig;
/* Now display the signed body */
state_attach_puts(_("[-- The following data is signed --]\n\n"), s);
mutt_protected_headers_handler(a, s);
FREE(&signatures);
}
else
state_attach_puts(_("[-- Warning: Can't find any signatures. --]\n\n"), s);
}
rc = mutt_body_handler(a, s);
if (s->flags & MUTT_DISPLAY && sigcnt)
state_attach_puts(_("\n[-- End of signed data --]\n"), s);
return rc;
}