Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Autocrypt Implementation #652

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Autocrypt Implementation #652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e819d25
Autocrypt working with DeltaChat
henrique-borba Nov 5, 2022
374c471
Merge branch 'master' into feat/autocrypt
henrique-borba Nov 5, 2022
d028e1b
Automatic import and encryption for autocrypt level 1
henrique-borba Nov 11, 2022
cdfdc9b
Merge remote-tracking branch 'origin/feat/autocrypt' into feat/autocrypt
henrique-borba Nov 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions modules/imap/handler_modules.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1792,7 +1792,75 @@ public function process() {
if ($part == 0 || (isset($msg_struct_current['type']) && strtolower($msg_struct_current['type'] == 'text'))) {
$save_reply_text = true;
}

$msg_headers = $imap->get_message_headers($form['imap_msg_uid']);

// AUTOCRYPT
if ($this->module_is_supported('pgp')) {
if (strstr($msg_headers['Content-Type'], 'pgp-encrypted') && array_key_exists('Autocrypt', $msg_headers)
&& ($this->request->post['imap_msg_part'] == "" || $this->request->post['imap_msg_part'] == "false")) {
$tmp_dir = ini_get('keyring_dir') ? ini_get('keyring_dir') : '/keyring';
putenv(sprintf('GNUPGHOME=%s/.gnupg', $tmp_dir));
$gpg = gnupg_init();

//Import autocrypt key automatically
$exploded_autocrypt_header = explode('keydata=', $msg_headers['Autocrypt']);
$exploded_autocrypt_email_header = explode('addr=', $msg_headers['Autocrypt']);
$exploded_email_header = explode(';', end($exploded_autocrypt_email_header));
if (count($exploded_autocrypt_header) >= 1) {
$pgp_key = end($exploded_autocrypt_header);
$key_email = reset($exploded_email_header);
$keys = $this->user_config->get('pgp_public_keys', array());
$found = false;
foreach ($keys as $id => $key) {
if ($key['email'] == $key_email & !$found) {
$data = base64_decode($pgp_key);
$info = gnupg_import($gpg, $data);
$keys[$id] = array('fingerprint' => $info['fingerprint'], 'key' => $data, 'email' => $key_email);
$found = true;
}
}
if (!$found) {
$data = base64_decode($pgp_key);
$info = gnupg_import($gpg, $data);
$keys[] = array('fingerprint' => $info['fingerprint'], 'key' => $data, 'email' => $key_email);
}
$this->session->record_unsaved('Public key imported');
$this->session->set('pgp_public_keys', $keys, true);
}

//Autocrypt
foreach ($imap->get_message_structure($form['imap_msg_uid'])[0]['subs'] as $key => $sub) {
if ($sub['subtype'] == 'octet-stream') {
$encrypted_message = $imap->get_message_content($form['imap_msg_uid'], explode('.', $key)[1]);
}
}

//Autocrypt Decrypt
gnupg_setarmor($gpg, 1);
gnupg_cleardecryptkeys($gpg);
$current_user_key = null;
$saved_keys = gnupg_keyinfo($gpg, '');
foreach ($this->user_config->get('autocrypt_keys', array()) as $key) {
if (strstr($msg_headers['Delivered-To'], $key['email'])) {
$current_user_key = $key;
}
}
try {
gnupg_seterrormode($gpg, gnupg::ERROR_EXCEPTION);
gnupg_adddecryptkey($gpg, $current_user_key['key_fingerprint'], '');
$decrypted_message = gnupg_decrypt($gpg, $encrypted_message);
} catch (Exception $e) {

}

$msg_text = $decrypted_message;
preg_match('/^Subject: .*$/m', $decrypted_message, $matches);
$subject = str_replace('Subject:', '', $matches[0]);
$msg_headers['Subject'] = mb_decode_mimeheader($subject);
}
}

$this->out('list_headers', get_list_headers($msg_headers));
$this->out('msg_headers', $msg_headers);
$this->out('imap_prefecth', $prefetch);
Expand Down
2 changes: 2 additions & 0 deletions modules/imap/output_modules.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,8 @@ protected function output() {
$txt .= '<input type="hidden" class="move_to_string2" value="'.$this->trans('Copy to ...').'" />';
$txt .= '<input type="hidden" class="move_to_string3" value="'.$this->trans('Removed non-IMAP messages from selection. They cannot be moved or copied').'" />';
$txt .= '</th></tr>';
$txt .= '</th></tr>';

$txt .= '</table>';

$this->out('msg_headers', $txt, false);
Expand Down
6 changes: 5 additions & 1 deletion modules/imap/site.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,8 @@
#archive_val { padding-left: 20px; }

.attached_image { margin-right: 20px; margin-bottom: 20px; height: 200px; }
.attached_image_box { display: flex; flex-wrap: wrap; border-top: solid 1px #ddd; padding-top: 20px; padding-left: 20px; width: 100%; padding-bottom: 40px; }
.attached_image_box { display: flex; flex-wrap: wrap; border-top: solid 1px #ddd; padding-top: 20px; padding-left: 20px; width: 100%; padding-bottom: 40px; }

.autocrypt_key_header_import_warning { font-size: 12px; color: black; }
.autocrypt_key_header_import_warning > td { padding-left: 35px;}
.autocrypt_key_header_import_warning > td > span { background-color: #aaa; }
144 changes: 143 additions & 1 deletion modules/pgp/modules.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,87 @@

if (!defined('DEBUG_MODE')) { die(); }

require_once APP_PATH.'modules/profiles/hm-profiles.php';

/**
* @subpackage pgp/handler
*/
class Hm_Handler_load_pgp_data extends Hm_Handler_Module {
public function process() {
$this->out('pgp_public_keys', $this->user_config->get('pgp_public_keys', array()));
$this->out('autocrypt_keys', $this->user_config->get('autocrypt_keys', array()));
}
}

/**
* @subpackage pgp/handler
*/
class Hm_Handler_ajax_encrypt_by_fingerprint extends Hm_Handler_Module
{
public function process()
{
list($success, $form) = $this->process_form(array('body', 'fingerprint', 'from'));
$tmp_dir = ini_get('keyring_dir') ? ini_get('keyring_dir') : '/keyring';
putenv(sprintf('GNUPGHOME=%s/.gnupg', $tmp_dir));
$gpg = gnupg_init();
gnupg_setarmor($gpg,1);
gnupg_addencryptkey($gpg ,$form['fingerprint']);
$from_exploded = explode('.', $form['from']);
$from = reset($from_exploded);
$info = gnupg_keyinfo($gpg, '');
foreach ($this->user_config->get('autocrypt_keys', array()) as $key) {
if ($key['email'] == $this->user_config->get('smtp_servers')[$from]['user']) {
gnupg_addsignkey($gpg, $key['key_fingerprint']);
gnupg_addencryptkey($gpg ,$key['key_fingerprint']);
$encrypted_msg = gnupg_sign($gpg, $form['body']);
$encrypted_msg = gnupg_encrypt($gpg, $encrypted_msg);
}
}
$this->out('encrypted_message', $encrypted_msg);
}
}

/**
* @subpackage pgp/handler
*/
class Hm_Handler_ajax_public_key_import_string extends Hm_Handler_Module {
public function process() {
list($success, $form) = $this->process_form(array('public_key', 'public_key_email', 'autocrypt'));

$gpg = new gnupg();
$data = base64_decode($form['public_key']);

$tmp_dir = ini_get('upload_tmp_dir') ? ini_get('upload_tmp_dir') : '/keyring';
putenv(sprintf('GNUPGHOME=%s/.gnupg', $tmp_dir));

$info = $gpg->import($data);

if (is_array($info) && array_key_exists('fingerprint', $info)) {
$fingerprint = $info['fingerprint'];
}

if (!$info) {
Hm_Msgs::add('ERRUnable to import public key');
return;
}

$keys = $this->user_config->get('pgp_public_keys', array());

$key_exists = false;
$new_key = array('fingerprint' => $fingerprint, 'key' => $data, 'autocrypt' => $form['autocrypt'], 'email' => $form['public_key_email']);
foreach ($keys as $key => $values) {
if ($values['email'] == $form['public_key_email']) {
$key_exists = true;
$keys[$key] = $new_key;
}
}

if ($key_exists == false) {
$keys[] = $new_key;
}
$this->session->set('pgp_public_keys', $keys, true);
$this->session->record_unsaved('Public key imported');
Hm_Msgs::add('Public key imported');
}
}

Expand All @@ -39,6 +113,51 @@ public function process() {
}
}

class Hm_Handler_ajax_generate_autocrypt_keys extends Hm_Handler_Module {
public function process() {
$tmp_dir = ini_get('keyring_dir') ? ini_get('keyring_dir') : '/keyring';
putenv(sprintf('GNUPGHOME=%s/.gnupg', $tmp_dir));
$profiles = new Hm_Profiles($this);
$autocrypt_keys = [];
$gpg = gnupg_init();
$saved_keys = gnupg_keyinfo($gpg, '');
foreach ($profiles->list_all() as $profile) {
$key_exists = false;
foreach ($saved_keys as $saved_key) {
if($saved_key['uids'][0]['email'] == $profile['user']) {
$key_exists = $saved_key['subkeys'][0]['fingerprint'];
}
}

if ($key_exists) {
$autocrypt_keys[] = [
'email' => $profile['address'],
'key_fingerprint' => $key_exists
];
continue;
}

$contents = "%no-protection\nKey-Type: 1\nKey-Length: 3072\nSubkey-Type: 1\nSubkey-Length: 2048\nName-Real: Autocrypt\nName-Email: ". $profile['address'] ."\nExpire-Date: 0\n";
file_put_contents('.temp_key_info', $contents);
system("gpg --batch --gen-key .temp_key_info");
$saved_keys = gnupg_keyinfo($gpg, '');

foreach ($saved_keys as $saved_key) {
if($saved_key['uids'][0]['email'] == $profile['user']) {
$autocrypt_keys[] = [
'email' => $profile['address'],
'key_fingerprint' => $saved_key['subkeys'][0]['fingerprint']
];
}
}
}

$this->session->set('autocrypt_keys', $autocrypt_keys, true);
$this->session->record_unsaved('Autocrypt keys generated');
Hm_Msgs::add('Keys Generated');
}
}

/**
* @subpackage pgp/handler
*/
Expand Down Expand Up @@ -117,7 +236,7 @@ protected function output() {
$res .= '<label for="pgp_encrypt">'.$this->trans('PGP Encrypt for').
'</label><select id="pgp_encrypt" size="1"><option disabled selected value=""></option>';
foreach ($pub_keys as $vals) {
$res .= '<option value="'.$vals['key'].'">'.$vals['email'].'</option>';
$res .= '<option value="'.$vals['fingerprint'].'">'.$vals['email'].'</option>';
}
$res .= '</select>';
}
Expand Down Expand Up @@ -185,6 +304,29 @@ protected function output() {
}
}

/**
* @subpackage pgp/output
*/
class Hm_Output_pgp_settings_autocrypt_private_keys extends Hm_Output_Module
{
protected function output()
{
$res = '<div class="priv_ac_title settings_subtitle">' . $this->trans('Autocrypt Private Keys');
$res .= '<span class="private_key_count">' . sprintf($this->trans('%s created'), 0) . '</span></div>';
$res .= '<div class="priv_ac_keys pgp_block"><div class="pgp_subblock">';
$res .= $this->trans('Private keys never leave your browser, and are deleted when you logout');
$res .= '<br /><br /><button class="generate_ac_keys_button"><span>Generate Keys</span></button>';
$res .= '</div>' . $this->trans('Existing Keys') . '<table class="pgp_keys autocrypt_key_list"><thead><tr><th>' . $this->trans('Identity') . '</th><th></th></tr>';
$res .= '</thead><tbody>';
foreach($this->get('autocrypt_keys') as $key) {
$res .= '<tr><td>'.$key['email'].'</td><td></td></tr>';
}
$res .= '</tbody></table>';
$res .= '</div>';
return $res;
}
}

/**
* @subpackage pgp/output
*/
Expand Down
27 changes: 25 additions & 2 deletions modules/pgp/setup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
add_output('pgp', 'pgp_settings_start', true, 'pgp', 'content_section_start', 'after');
add_output('pgp', 'pgp_settings_public_keys', true, 'pgp', 'pgp_settings_start', 'after');
add_output('pgp', 'pgp_settings_private_key', true, 'pgp', 'pgp_settings_public_keys', 'after');
add_output('pgp', 'pgp_settings_autocrypt_private_keys', true, 'pgp', 'pgp_settings_private_key', 'after');
add_output('pgp', 'pgp_settings_end', true, 'pgp', 'pgp_settings_private_key', 'after');
add_output('message', 'pgp_msg_controls', true, 'pgp', 'message_start', 'before');

Expand All @@ -21,16 +22,38 @@
add_handler('compose', 'pgp_compose_data', true, 'pgp', 'load_user_data', 'after');
add_output('compose', 'pgp_compose_controls', true, 'pgp', 'compose_form_end', 'after');

add_handler('ajax_public_key_import_string', 'load_imap_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_public_key_import_string', 'load_smtp_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_public_key_import_string', 'login', false, 'core');
add_handler('ajax_public_key_import_string', 'load_user_data', true, 'core');
add_handler('ajax_public_key_import_string', 'ajax_public_key_import_string', true);

add_handler('ajax_generate_autocrypt_keys', 'load_imap_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_generate_autocrypt_keys', 'load_smtp_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_generate_autocrypt_keys', 'login', false, 'core');
add_handler('ajax_generate_autocrypt_keys', 'load_user_data', true, 'core');
add_handler('ajax_generate_autocrypt_keys', 'ajax_generate_autocrypt_keys', true);

add_handler('ajax_encrypt_by_fingerprint', 'load_imap_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_encrypt_by_fingerprint', 'load_smtp_servers_from_config', true, 'imap', 'load_user_data', 'after');
add_handler('ajax_encrypt_by_fingerprint', 'login', false, 'core');
add_handler('ajax_encrypt_by_fingerprint', 'load_user_data', true, 'core');
add_handler('ajax_encrypt_by_fingerprint', 'ajax_encrypt_by_fingerprint', true);

return array(
'allowed_pages' => array('pgp'),
'allowed_pages' => array('pgp', 'ajax_public_key_import_string', 'ajax_generate_autocrypt_keys', 'ajax_encrypt_by_fingerprint'),
'allowed_output' => array(
'pgp_msg_part' => array(FILTER_VALIDATE_BOOLEAN, false),
'encrypted_message' => array(FILTER_SANITIZE_STRING, false),
),
'allowed_get' => array(),
'allowed_post' => array(
'public_key' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
'public_key_email' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
'delete_public_key_id' => FILTER_VALIDATE_INT
'delete_public_key_id' => FILTER_VALIDATE_INT,
'body' => FILTER_UNSAFE_RAW,
'from' => FILTER_UNSAFE_RAW,
'fingerprint' => FILTER_UNSAFE_RAW
)
);

Expand Down
Loading