From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 16 Dec 2018 21:15:05 +0000 (-0800)
Subject: Add config and data structure for protected header write support.
X-Git-Tag: mutt-1-12-rel~167
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=167bf96ef1ba39eadb7226acf44ac0d8ef599f0c;p=mutt

Add config and data structure for protected header write support.

Add config vars $crypt_protected_headers_write (unset by default),
and $crypt_protected_headers_subject.

Store the protected headers during mime_protect().
---

diff --git a/crypt.c b/crypt.c
index 203a6c94..f68d4f55 100644
--- a/crypt.c
+++ b/crypt.c
@@ -129,6 +129,7 @@ int mutt_protect (HEADER *msg, char *keylist)
   BODY *pbody = NULL, *tmp_pbody = NULL;
   BODY *tmp_smime_pbody = NULL;
   BODY *tmp_pgp_pbody = NULL;
+  ENVELOPE *protected_headers = NULL;
   int flags = (WithCrypto & APPLICATION_PGP)? msg->security: 0;
   int i;
 
@@ -204,13 +205,25 @@ int mutt_protect (HEADER *msg, char *keylist)
 	crypt_pgp_set_sender (msg->env->from->mailbox);
     }
 
+  if (option (OPTCRYPTPROTHDRSWRITE))
+  {
+    protected_headers = mutt_new_envelope ();
+    mutt_str_replace (&protected_headers->subject, msg->env->subject);
+    /* Note: if other headers get added, such as to, cc, then a call to
+     * mutt_env_to_intl() will need to be added here too. */
+    mutt_prepare_envelope (protected_headers, 0);
+
+    mutt_free_envelope (&msg->content->mime_headers);
+    msg->content->mime_headers = protected_headers;
+  }
+
   if (msg->security & SIGN)
   {
     if ((WithCrypto & APPLICATION_SMIME)
         && (msg->security & APPLICATION_SMIME))
     {
       if (!(tmp_pbody = crypt_smime_sign_message (msg->content)))
-	return -1;
+	goto bail;
       pbody = tmp_smime_pbody = tmp_pbody;
     }
 
@@ -219,7 +232,7 @@ int mutt_protect (HEADER *msg, char *keylist)
         && (!(flags & ENCRYPT) || option (OPTPGPRETAINABLESIG)))
     {
       if (!(tmp_pbody = crypt_pgp_sign_message (msg->content)))
-        return -1;
+        goto bail;
 
       flags &= ~SIGN;
       pbody = tmp_pgp_pbody = tmp_pbody;
@@ -243,7 +256,7 @@ int mutt_protect (HEADER *msg, char *keylist)
                                                         keylist)))
       {
 	/* signed ? free it! */
-	return (-1);
+	goto bail;
       }
       /* free tmp_body if messages was signed AND encrypted ... */
       if (tmp_smime_pbody != msg->content && tmp_smime_pbody != tmp_pbody)
@@ -273,7 +286,7 @@ int mutt_protect (HEADER *msg, char *keylist)
 	  mutt_free_body (&tmp_pgp_pbody->next);
 	}
 
-	return (-1);
+	goto bail;
       }
 
       /* destroy temporary signature envelope when doing retainable
@@ -288,10 +301,15 @@ int mutt_protect (HEADER *msg, char *keylist)
     }
   }
 
-  if(pbody)
-      msg->content = pbody;
+  if (pbody)
+  {
+    msg->content = pbody;
+    return 0;
+  }
 
-  return 0;
+bail:
+  mutt_free_envelope (&msg->content->mime_headers);
+  return -1;
 }
 
 
diff --git a/globals.h b/globals.h
index d71fc779..54da70cb 100644
--- a/globals.h
+++ b/globals.h
@@ -117,6 +117,7 @@ WHERE char *Postponed;
 WHERE char *PostponeEncryptAs;
 WHERE char *Prefix;
 WHERE char *PrintCmd;
+WHERE char *ProtHdrSubject;
 WHERE char *NewMailCmd;
 WHERE char *QueryCmd;
 WHERE char *QueryFormat;
diff --git a/init.h b/init.h
index f3656b5c..a3deea71 100644
--- a/init.h
+++ b/init.h
@@ -597,8 +597,38 @@ struct option_t MuttVars[] = {
   ** Protected headers are stored inside the encrypted or signed part of an
   ** an email, to prevent disclosure or tampering.
   ** For more information see https://github.com/autocrypt/memoryhole.
+  ** Currently Mutt only supports the Subject header.
+  ** .pp
+  ** Encrypted messages using protected headers often substitute the exposed
+  ** Subject header with a dummy value (see $$crypt_protected_headers_subject).
+  ** Mutt will update its concept of the correct subject \fBafter\fP the
+  ** message is opened, i.e. via the \fC<display-message>\fP function.
+  ** If you reply to a message before opening it, Mutt will end up using
+  ** the dummy Subject header, so be sure to open such a message first.
+  ** (Crypto only)
+   */
+  { "crypt_protected_headers_write", DT_BOOL, R_NONE, OPTCRYPTPROTHDRSWRITE, 0 },
+  /*
+  ** .pp
+  ** When set, Mutt will generate protected headers ("Memory Hole") for
+  ** signed and encrypted emails.
+  **
+  ** Protected headers are stored inside the encrypted or signed part of an
+  ** an email, to prevent disclosure or tampering.
+  ** For more information see https://github.com/autocrypt/memoryhole.
   **
   ** Currently Mutt only supports the Subject header.
+  ** (Crypto only)
+   */
+  { "crypt_protected_headers_subject", DT_STR, R_NONE, UL &ProtHdrSubject, UL "Encrypted subject" },
+  /*
+  ** .pp
+  ** When $$crypt_protected_headers_write is set, and the message is marked
+  ** for encryption, this will be substituted into the Subject field in the
+  ** message headers.
+  **
+  ** To prevent a subject from being substituted, unset this variable, or set it
+  ** to the empty string.
   ** (Crypto only)
    */
   { "pgp_replyencrypt",		DT_SYN,  R_NONE, UL "crypt_replyencrypt", 1  },
diff --git a/mutt.h b/mutt.h
index fba21491..d2a268c3 100644
--- a/mutt.h
+++ b/mutt.h
@@ -533,6 +533,7 @@ enum
   OPTCRYPTCONFIRMHOOK,
   OPTCRYPTOPPORTUNISTICENCRYPT,
   OPTCRYPTPROTHDRSREAD,
+  OPTCRYPTPROTHDRSWRITE,
   OPTCRYPTREPLYENCRYPT,
   OPTCRYPTREPLYSIGN,
   OPTCRYPTREPLYSIGNENCRYPTED,