WIP: Allow creating S/MIME e-mails

Author: wiktor-k

extension/chrome/elements/add_pubkey.ts

@@ -8,13 +8,13 @@ import { Assert } from '../../js/common/assert.js';
 import { AttUI } from '../../js/common/ui/att-ui.js';
 import { BrowserMsg } from '../../js/common/browser/browser-msg.js';
 import { Catch } from '../../js/common/platform/catch.js';
+import { ContactStore } from '../../js/common/platform/store/contact-store.js';
 import { FetchKeyUI } from '../../js/common/ui/fetch-key-ui.js';
 import { PgpKey } from '../../js/common/core/pgp-key.js';
 import { Ui } from '../../js/common/browser/ui.js';
 import { Url } from '../../js/common/core/common.js';
 import { View } from '../../js/common/view.js';
 import { Xss } from '../../js/common/platform/xss.js';
-import { ContactStore } from '../../js/common/platform/store/contact-store.js';
 
 View.run(class AddPubkeyView extends View {
   private readonly acctEmail: string;
@@ -85,7 +85,8 @@ View.run(class AddPubkeyView extends View {
   private submitHandler = async () => {
     try {
       const keyImportUi = new KeyImportUi({ checkEncryption: true });
-      const normalized = await keyImportUi.checkPub(String($('.pubkey').val()));
+      console.log(keyImportUi);
+      const normalized = /*await keyImportUi.checkPub*/(String($('.pubkey').val()));
       await ContactStore.save(undefined, await ContactStore.obj({
         email: String($('select.email').val()),
         client: 'pgp',

extension/chrome/elements/compose-modules/formatters/encrypted-mail-msg-formatter.ts

@@ -3,15 +3,18 @@
 'use strict';
 
 import { Backend, FcUuidAuth } from '../../../../js/common/api/backend.js';
-import { BaseMailFormatter } from './base-mail-formatter.js';
-import { ComposerResetBtnTrigger } from '../compose-err-module.js';
 import { Mime, SendableMsgBody } from '../../../../js/common/core/mime.js';
 import { NewMsgData, PubkeyResult } from '../compose-types.js';
 import { Str, Value } from '../../../../js/common/core/common.js';
+
+import { AcctStore } from '../../../../js/common/platform/store/acct-store.js';
 import { ApiErr } from '../../../../js/common/api/error/api-error.js';
 import { Att } from '../../../../js/common/core/att.js';
+import { BaseMailFormatter } from './base-mail-formatter.js';
 import { Buf } from '../../../../js/common/core/buf.js';
 import { Catch } from '../../../../js/common/platform/catch.js';
+import { ComposerResetBtnTrigger } from '../compose-err-module.js';
+import { ContactStore } from '../../../../js/common/platform/store/contact-store.js';
 import { Lang } from '../../../../js/common/lang.js';
 import { PgpKey } from '../../../../js/common/core/pgp-key.js';
 import { PgpMsg } from '../../../../js/common/core/pgp-msg.js';
@@ -20,8 +23,6 @@ import { Settings } from '../../../../js/common/settings.js';
 import { Ui } from '../../../../js/common/browser/ui.js';
 import { Xss } from '../../../../js/common/platform/xss.js';
 import { opgp } from '../../../../js/common/core/pgp.js';
-import { ContactStore } from '../../../../js/common/platform/store/contact-store.js';
-import { AcctStore } from '../../../../js/common/platform/store/acct-store.js';
 
 export class EncryptedMsgMailFormatter extends BaseMailFormatter {
 
@@ -43,7 +44,7 @@ export class EncryptedMsgMailFormatter extends BaseMailFormatter {
     const authInfo = await AcctStore.authInfo(this.acctEmail);
     const msgBodyWithReplyToken = await this.getPwdMsgSendableBodyWithOnlineReplyMsgToken(authInfo, newMsg);
     const pgpMimeWithAtts = await Mime.encode(msgBodyWithReplyToken, { Subject: newMsg.subject }, await this.view.attsModule.attach.collectAtts());
-    const pwdEncryptedWithAtts = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeWithAtts), newMsg.pwd, []); // encrypted only for pwd, not signed
+    const { buffer: pwdEncryptedWithAtts } = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeWithAtts), newMsg.pwd, []); // encrypted only for pwd, not signed
     const { short, admin_code } = await Backend.messageUpload(
       authInfo.uuid ? authInfo : undefined,
       pwdEncryptedWithAtts,
@@ -57,23 +58,24 @@ export class EncryptedMsgMailFormatter extends BaseMailFormatter {
     // encoded as: PGP/MIME-like structure but with attachments as external files due to email size limit (encrypted for pubkeys only)
     const msgBody = this.richtext ? { 'text/plain': newMsg.plaintext, 'text/html': newMsg.plainhtml } : { 'text/plain': newMsg.plaintext };
     const pgpMimeNoAtts = await Mime.encode(msgBody, { Subject: newMsg.subject }, []); // no atts, attached to email separately
-    const pubEncryptedNoAtts = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeNoAtts), undefined, pubs, signingPrv); // encrypted only for pubs
+    const { buffer: pubEncryptedNoAtts } = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeNoAtts), undefined, pubs, signingPrv); // encrypted only for pubs
     const atts = this.createPgpMimeAtts(pubEncryptedNoAtts).concat(await this.view.attsModule.attach.collectEncryptAtts(pubs.map(p => p.pubkey))); // encrypted only for pubs
     const emailIntroAndLinkBody = await this.formatPwdEncryptedMsgBodyLink(short);
     return await SendableMsg.create(this.acctEmail, { ...this.headers(newMsg), body: emailIntroAndLinkBody, atts, isDraft: this.isDraft });
   }
 
   private sendableSimpleTextMsg = async (newMsg: NewMsgData, pubs: PubkeyResult[], signingPrv?: OpenPGP.key.Key) => {
     const atts = this.isDraft ? [] : await this.view.attsModule.attach.collectEncryptAtts(pubs.map(p => p.pubkey));
-    const encrypted = await this.encryptDataArmor(Buf.fromUtfStr(newMsg.plaintext), undefined, pubs, signingPrv);
+    const { buffer: encrypted, rawHeaders } = await this.encryptDataArmor(Buf.fromUtfStr(newMsg.plaintext), undefined, pubs, signingPrv);
+    console.log(rawHeaders);
     const encryptedBody = { 'text/plain': encrypted.toString() };
-    return await SendableMsg.create(this.acctEmail, { ...this.headers(newMsg), body: encryptedBody, atts, isDraft: this.isDraft });
+    return await SendableMsg.create(this.acctEmail, { ...this.headers(newMsg), body: encryptedBody, atts, isDraft: this.isDraft, rawHeaders });
   }
 
   private sendableRichTextMsg = async (newMsg: NewMsgData, pubs: PubkeyResult[], signingPrv?: OpenPGP.key.Key) => {
     const plainAtts = this.isDraft ? [] : await this.view.attsModule.attach.collectAtts();
     const pgpMimeToEncrypt = await Mime.encode({ 'text/plain': newMsg.plaintext, 'text/html': newMsg.plainhtml }, { Subject: newMsg.subject }, plainAtts);
-    const encrypted = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeToEncrypt), undefined, pubs, signingPrv);
+    const { buffer: encrypted } = await this.encryptDataArmor(Buf.fromUtfStr(pgpMimeToEncrypt), undefined, pubs, signingPrv);
     const atts = this.createPgpMimeAtts(encrypted);
     return await SendableMsg.create(this.acctEmail, { ...this.headers(newMsg), body: {}, atts, type: 'pgpMimeEncrypted', isDraft: this.isDraft });
   }
@@ -85,10 +87,11 @@ export class EncryptedMsgMailFormatter extends BaseMailFormatter {
     return atts;
   }
 
-  private encryptDataArmor = async (data: Buf, pwd: string | undefined, pubs: PubkeyResult[], signingPrv?: OpenPGP.key.Key): Promise<Uint8Array> => {
-    const encryptAsOfDate = await this.encryptMsgAsOfDateIfSomeAreExpiredAndUserConfirmedModal(pubs);
+  private encryptDataArmor = async (data: Buf, pwd: string | undefined, pubs: PubkeyResult[], signingPrv?: OpenPGP.key.Key): Promise<{ buffer: Uint8Array, rawHeaders: { [key: string]: string } }> => {
+    // IMPORTANT
+    const encryptAsOfDate = await this.encryptMsgAsOfDateIfSomeAreExpiredAndUserConfirmedModal([]);
     const r = await PgpMsg.encrypt({ pubkeys: pubs.map(p => p.pubkey), signingPrv, pwd, data, armor: true, date: encryptAsOfDate }) as OpenPGP.EncryptArmorResult;
-    return Buf.fromUtfStr(r.data);
+    return { buffer: Buf.fromUtfStr(r.data), rawHeaders: r.headers || {} };
   }
 
   private getPwdMsgSendableBodyWithOnlineReplyMsgToken = async (authInfo: FcUuidAuth, newMsgData: NewMsgData): Promise<SendableMsgBody> => {

extension/chrome/elements/compose.htm

@@ -185,6 +185,7 @@ <h1 id="header_title" data-test="header-title">New Secure Message</h1>
   <script src="/lib/fine-uploader.js"></script>
   <script src="/lib/zxcvbn.js"></script>
   <script src="/lib/iso-8859-2.js"></script>
+  <script src="/lib/forge.js"></script>
   <script src="compose.js" type="module"></script>
 
 </body>

extension/js/common/api/email-provider/sendable-msg.ts

@@ -4,9 +4,10 @@
 
 import { Dict, Str } from '../../core/common.js';
 import { Mime, MimeEncodeType, SendableMsgBody } from '../../core/mime.js';
+
 import { Att } from '../../core/att.js';
-import { RecipientType } from '../api.js';
 import { KeyStore } from '../../platform/store/key-store.js';
+import { RecipientType } from '../api.js';
 
 export type Recipients = { to?: string[], cc?: string[], bcc?: string[] };
 export type ProviderContactsQuery = { substring: string };
@@ -20,19 +21,21 @@ type SendableMsgDefinition = {
   atts: Att[];
   thread?: string;
   type?: MimeEncodeType,
-  isDraft?: boolean
+  isDraft?: boolean,
+  rawHeaders?: Dict<string>;
 };
 
 export class SendableMsg {
 
   public sign?: (signable: string) => Promise<string>;
 
-  public static create = async (acctEmail: string, { from, recipients, subject, body, atts, thread, type, isDraft }: SendableMsgDefinition): Promise<SendableMsg> => {
+  public static create = async (acctEmail: string, { from, recipients, subject, body, atts, thread, type, isDraft, rawHeaders }: SendableMsgDefinition): Promise<SendableMsg> => {
     const [primaryKi] = await KeyStore.get(acctEmail, ['primary']);
     const headers: Dict<string> = primaryKi ? { OpenPGP: `id=${primaryKi.longid}` } : {}; // todo - use autocrypt format
     return new SendableMsg(
       acctEmail,
       headers,
+      rawHeaders,
       isDraft === true,
       from,
       recipients,
@@ -47,6 +50,7 @@ export class SendableMsg {
   private constructor(
     public acctEmail: string,
     public headers: Dict<string>,
+    public rawHeaders: Dict<string> | undefined,
     isDraft: boolean,
     public from: string,
     public recipients: Recipients,
@@ -83,11 +87,23 @@ export class SendableMsg {
       }
     }
     this.headers.Subject = this.subject;
+
+    if (this.rawHeaders) {
+      for (const key in this.rawHeaders) {
+        if (this.rawHeaders.hasOwnProperty(key)) {
+          this.headers[key] = this.rawHeaders[key];
+        }
+      }
+    }
+
+    let msg;
     if (this.type === 'pgpMimeSigned' && this.sign) {
-      return await Mime.encodePgpMimeSigned(this.body, this.headers, this.atts, this.sign);
+      msg = await Mime.encodePgpMimeSigned(this.body, this.headers, this.atts, this.sign);
     } else {
-      return await Mime.encode(this.body, this.headers, this.atts, this.type);
+      msg = await Mime.encode(this.body, this.headers, this.atts, this.type);
     }
+
+    return msg;
   }
 
 }

extension/js/common/core/mime.ts

@@ -211,6 +211,7 @@ export class Mime {
     for (const att of atts) {
       rootNode.appendChild(Mime.createAttNode(att)); // tslint:disable-line:no-unsafe-any
     }
+    // FIXME: this doesn't build correct message ;(
     return rootNode.build(); // tslint:disable-line:no-unsafe-any
   }
 

extension/js/common/core/pgp-key.ts

@@ -4,10 +4,10 @@
 
 import { Buf } from './buf.js';
 import { Catch } from '../platform/catch.js';
+import { KeyCache } from '../platform/key-cache.js';
 import { MsgBlockParser } from './msg-block-parser.js';
 import { PgpArmor } from './pgp-armor.js';
 import { opgp } from './pgp.js';
-import { KeyCache } from '../platform/key-cache.js';
 
 export type Contact = {
   email: string;
@@ -352,12 +352,14 @@ export class PgpKey {
    * This is used to figure out how recently was key updated, and if one key is newer than other.
    */
   public static lastSig = async (key: OpenPGP.key.Key): Promise<number> => {
+    return Date.now();
+    /*
     await key.getExpirationTime(); // will force all sigs to be verified
     const allSignatures: OpenPGP.packet.Signature[] = [];
     for (const user of key.users) {
       allSignatures.push(...user.selfCertifications);
     }
-    for (const subKey of key.subKeys) {
+  for (const subKey of key.subKeys) {enc
       allSignatures.push(...subKey.bindingSignatures);
     }
     allSignatures.sort((a, b) => b.created.getTime() - a.created.getTime());
@@ -366,6 +368,7 @@ export class PgpKey {
       return newestSig.created.getTime();
     }
     throw new Error('No valid signature found in key');
+    */
   }
 
   public static revoke = async (key: OpenPGP.key.Key): Promise<string | undefined> => {

extension/js/common/core/pgp-msg.ts

@@ -2,16 +2,20 @@
 
 'use strict';
 
+import * as forge from 'node-forge';
+
 import { Contact, KeyInfo, PgpKey, PrvKeyInfo } from './pgp-key.js';
 import { MsgBlockType, ReplaceableMsgBlockType } from './msg-block.js';
-import { Value } from './common.js';
+import { PgpArmor, PreparedForDecrypt } from './pgp-armor.js';
+
+import { BrowserWindow } from '../../../js/common/browser/browser-window.js';
 import { Buf } from './buf.js';
 import { Catch } from '../platform/catch.js';
-import { PgpArmor, PreparedForDecrypt } from './pgp-armor.js';
+import { ContactStore } from '../platform/store/contact-store.js';
+import { KeyCache } from '../platform/key-cache.js';
 import { PgpHash } from './pgp-hash.js';
+import { Value } from './common.js';
 import { opgp } from './pgp.js';
-import { KeyCache } from '../platform/key-cache.js';
-import { ContactStore } from '../platform/store/contact-store.js';
 
 export namespace PgpMsgMethod {
   export namespace Arg {
@@ -211,12 +215,47 @@ export class PgpMsg {
   }
 
   public static encrypt: PgpMsgMethod.Encrypt = async ({ pubkeys, signingPrv, pwd, data, filename, armor, date }) => {
+    pubkeys.splice(0, 1);
+    const keyTypes = new Set(pubkeys.map(PgpMsg.getKeyType));
+    if (keyTypes.size > 1) {
+      throw new Error('Mixed key types are not allowed: ' + [...keyTypes]);
+    }
+    const keyType = keyTypes.keys().next().value;
+    if (keyType === 'x509') {
+      const wrap = (text: string) => (window as unknown as BrowserWindow)['emailjs-mime-codec'].foldLines(text, 76, true);
+      const p7 = forge.pkcs7.createEnvelopedData();
+
+      for (const pubkey of pubkeys) {
+        p7.addRecipient(forge.pki.certificateFromPem(pubkey));
+      }
+
+      const headers = `To: wiktor@metacode.biz
+Subject: test
+Date: Mon, 23 Mar 2020 15:57:20 +0100`;
+
+      p7.content = forge.util.createBuffer(headers + '\r\n\r\n' + data);
+
+      p7.encrypt();
+
+      const derBuffer = forge.asn1.toDer(p7.toAsn1()).getBytes();
+
+      return {
+        data: wrap(btoa(derBuffer)),
+        headers: {
+          'Content-Type': 'application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data',
+          'Content-Transfer-Encoding': 'base64',
+          'Content-Disposition': 'attachment; filename="smime.p7m"',
+          'Content-Description': 'S/MIME Encrypted Message'
+        }
+      };
+    }
     const message = opgp.message.fromBinary(data, filename, date);
     const options: OpenPGP.EncryptOptions = { armor, message, date };
     let usedChallenge = false;
     if (pubkeys) {
       options.publicKeys = [];
       for (const armoredPubkey of pubkeys) {
+        // HERE
         const { keys: publicKeys } = await opgp.key.readArmored(armoredPubkey);
         options.publicKeys.push(...publicKeys);
       }
@@ -253,6 +292,16 @@ export class PgpMsg {
     return diagnosis;
   }
 
+  private static getKeyType(pubkey: string): 'openpgp' | 'x509' {
+    if (pubkey.startsWith('-----BEGIN CERTIFICATE-----')) {
+      return 'x509';
+    } else if (pubkey.startsWith('-----BEGIN PGP PUBLIC KEY BLOCK-----')) {
+      return 'openpgp';
+    } else {
+      throw new Error('Unknown key type: ' + pubkey);
+    }
+  }
+
   private static cryptoMsgGetSignedBy = async (msg: OpenpgpMsgOrCleartext, keys: SortedKeysForDecrypt) => {
     keys.signedBy = Value.arr.unique(await PgpKey.longids(msg.getSigningKeyIds ? msg.getSigningKeyIds() : []));
     if (keys.signedBy.length && typeof ContactStore.get === 'function') {

extension/js/common/core/types/openpgp.d.ts

@@ -267,6 +267,9 @@ declare namespace OpenPGP {
   export interface EncryptArmorResult {
     data: string;
     signature?: string;
+    headers?: {
+      [key: string]: string;
+    }
   }
 
   export interface EncryptBinaryResult {

extension/js/common/platform/store/contact-store.ts

@@ -1,13 +1,14 @@
 /* ©️ 2016 - present FlowCrypt a.s. Limitations apply. Contact human@flowcrypt.com */
 
-import { PgpClient } from '../../api/pub-lookup.js';
+import { Contact, PgpKey } from '../../core/pgp-key.js';
+
 import { AbstractStore } from './abstract-store.js';
-import { Catch } from '../catch.js';
-import { opgp } from '../../core/pgp.js';
 import { BrowserMsg } from '../../browser/browser-msg.js';
-import { Str } from '../../core/common.js';
-import { PgpKey, Contact } from '../../core/pgp-key.js';
+import { Catch } from '../catch.js';
 import { PgpArmor } from '../../core/pgp-armor.js';
+import { PgpClient } from '../../api/pub-lookup.js';
+import { Str } from '../../core/common.js';
+import { opgp } from '../../core/pgp.js';
 
 // tslint:disable:no-null-keyword
 
@@ -102,7 +103,7 @@ export class ContactStore extends AbstractStore {
           pubkey_last_check: null,
           expiresOn: null
         };
-      }
+      }/*
       const k = await PgpKey.read(pubkey);
       if (!k) {
         throw new Error(`Could not read pubkey as valid OpenPGP key for: ${validEmail}`);
@@ -111,7 +112,12 @@ export class ContactStore extends AbstractStore {
       if (!lastSig) {
         lastSig = await PgpKey.lastSig(k);
       }
-      const expiresOnMs = Number(await PgpKey.dateBeforeExpirationIfAlreadyExpired(k)) || undefined;
+      const expiresOnMs = Number(await PgpKey.dateBeforeExpirationIfAlreadyExpired(k)) || undefined;*/
+      const keyDetails = {
+        ids: [{ fingerprint: '1234', longid: '1' }],
+        public: pubkey,
+      }; // tslint:disable-line:oneliner-object-literal
+      const expiresOnMs = undefined;
       return {
         email: validEmail,
         name: name || null,