Commit Graph

12 Commits

Author SHA1 Message Date
Moritz Poldrack 80f90c0d41 gpg: fix panic when signing an unparsable message
Fix the following error:

panic()
	runtime/panic.go:838
bytes.(*Buffer).ReadFrom()
	bytes/buffer.go:204
io.copyBuffer()
	io/io.go:412
io.Copy()
	io/io.go:385
git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin.Sign()
	git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin/sign.go:25
git.sr.ht/~rjarry/aerc/lib/crypto/gpg.(*Signer).Close()
	git.sr.ht/~rjarry/aerc/lib/crypto/gpg/writer.go:52
git.sr.ht/~rjarry/aerc/lib/crypto/gpg.multiCloser.Close()
	git.sr.ht/~rjarry/aerc/lib/crypto/gpg/writer.go:92
git.sr.ht/~rjarry/aerc/widgets.(*Composer).WriteMessage()
	git.sr.ht/~rjarry/aerc/widgets/compose.go:601
git.sr.ht/~rjarry/aerc/commands/compose.Send.Execute.func1()
	git.sr.ht/~rjarry/aerc/commands/compose/send.go:127

Fixes: https://todo.sr.ht/~rjarry/aerc/53
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
2022-07-02 18:36:40 +02:00
Tim Culverhouse ccd76e6494 gpg: fix error handling during decryption
An non-zero exit code from the execution of gpg during decryption would
prevent aerc from parsing the output of gpg. The output should always be
parsed. Gpg can exit with an error due to not being able to validate a
signature. Aerc handles this error with the UI, and therefore all output
should be parsed regardless of exit state of gpg. The parsing of stdout
will find the errors and report back to aerc properly.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
2022-06-28 22:00:04 +02:00
Tim Culverhouse 6a10123f4a gpg: don't send messages that failed encryption
Add error handling for messages that were unable to be encrypted.
Previously, messages that failed encryption would be sent with no
content. This patch adds error handling - when encryption fails, the
user is returned to the Review screen and instructed to check the public
keys for their recipients.

Reported-by: Moritz Poldrack <moritz@poldrack.dev>
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
2022-06-26 12:07:44 +02:00
Tim Culverhouse 0cc992b4e3 gpg: refactor tests for macos compatibility
Refactor lib/crypto/gpg tests to facilitate unit test runs on macos.
Macos creates temporary directories with names too long to call
gpg-agent (108 characters). Additionally, too many concurrent test calls
created IPC errors to gpg-agent. To get around this, tests were given
shorter names and refactored into subtests to create fewer concurrent
tests

Tested on Linux and MacOS.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
2022-05-25 10:09:04 +02:00
Robin Jarry 321593d138 gpg: do not mask errors
Report errors as they are printed by gpg.

Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
2022-05-10 14:50:55 +02:00
Robin Jarry b65f5649c8 gpg: make tests more robust
Skip the tests if gpg is not installed.
Avoid interference with the global ~/.gnupg.
Automatically delete GNUPGHOME at the end of tests.

Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
2022-05-10 14:50:49 +02:00
Tim Culverhouse b57fceaad4 pgp: add attach key command
Add compose command ("attach-key") to attach the public key associated
with the sending account. Public key is attached in ascii armor format,
with the mimetype set according to RFC 3156 ("application/pgp-keys").

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
2022-05-06 11:02:55 +02:00
Tim Culverhouse 32a16dcd8d pgp: check encryption keys before sending message
Add check for public keys of all message recipients (to, cc, and bcc)
before sending the message. Adds an OnFocusLost callback to header
editors to facilitate a callback for checking keys whenever a new
recipient is added (OnChange results in too many keyring checks).

Once encryption is initially set, the callbacks are registered. If a
public key is not available for any recipient, encryption is turned off.
However, notably, the callbacks are still registered meaning as s soon
as the user removes the recipients with missing keys, encryption is
turned back on.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
2022-05-06 11:02:50 +02:00
Tim Culverhouse 21fca56292 pgp: fix crash on gpg decrypt fail
The gpg decrypt function was catching errors but not returning them.
This patch returns errors that are caught instead of aerc panicking.

Reported-by: ReK2 <rek2@hispagatos.org>
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: ReK2 <rek2@hispagatos.org>
Acked-by: Robin Jarry <robin@jarry.cc>
2022-05-04 14:10:32 +02:00
Tim Culverhouse dbf52bb4b4 pgp: check for signing key before signing time
Check that the signing key exists when the user issues the :sign
command. The signing key ID will be displayed in the security status
also, allowing the user to see what key will be used to sign the
message.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Jens Grassel <jens@wegtam.com>
2022-05-04 14:07:15 +02:00
Tim Culverhouse 57699b1fa6 feat: add gpg integration
This commit adds gpg system integration. This is done through two new
packages: gpgbin, which handles the system calls and parsing; and gpg
which is mostly a copy of emersion/go-pgpmail with modifications to
interface with package gpgbin. gpg includes tests for many cases, and
by it's nature also tests package gpgbin. I separated these in case an
external dependency is ever used for the gpg sys-calls/parsing (IE we
mirror how go-pgpmail+openpgp currently are dependencies)

Two new config options are introduced:
* pgp-provider. If it is not explicitly set to "gpg", aerc will default to
it's internal pgp provider
* pgp-key-id: (Optionally) specify a key by short or long keyId

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
2022-04-27 09:46:25 +02:00
Tim Culverhouse d09636ee0b refactor: refactor pgp implementation
This commit refactors the internal PGP implementation to make way for
GPG integration.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
2022-04-27 09:46:11 +02:00