mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-24 20:08:10 +01:00
gmime-cleanup: always support session keys
Our minimum version of GMime 3.0 always supports good session key handling. signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
096d45a878
commit
bb0b119358
7 changed files with 2 additions and 53 deletions
9
configure
vendored
9
configure
vendored
|
@ -498,10 +498,8 @@ if pkg-config --exists "gmime-3.0 > $GMIME_MINVER"; then
|
||||||
gmime_cflags=$(pkg-config --cflags gmime-3.0)
|
gmime_cflags=$(pkg-config --cflags gmime-3.0)
|
||||||
gmime_ldflags=$(pkg-config --libs gmime-3.0)
|
gmime_ldflags=$(pkg-config --libs gmime-3.0)
|
||||||
gmime_major=3
|
gmime_major=3
|
||||||
have_gmime_session_keys=1
|
|
||||||
else
|
else
|
||||||
have_gmime=0
|
have_gmime=0
|
||||||
have_gmime_session_keys=0
|
|
||||||
printf "No.\n"
|
printf "No.\n"
|
||||||
errors=$((errors + 1))
|
errors=$((errors + 1))
|
||||||
fi
|
fi
|
||||||
|
@ -1160,9 +1158,6 @@ HAVE_TIMEGM = ${have_timegm}
|
||||||
# Whether struct dirent has d_type (if not, then notmuch will use stat)
|
# Whether struct dirent has d_type (if not, then notmuch will use stat)
|
||||||
HAVE_D_TYPE = ${have_d_type}
|
HAVE_D_TYPE = ${have_d_type}
|
||||||
|
|
||||||
# Whether the GMime version can handle extraction and reuse of session keys
|
|
||||||
HAVE_GMIME_SESSION_KEYS = ${have_gmime_session_keys}
|
|
||||||
|
|
||||||
# Whether the Xapian version in use supports compaction
|
# Whether the Xapian version in use supports compaction
|
||||||
HAVE_XAPIAN_COMPACT = ${have_xapian_compact}
|
HAVE_XAPIAN_COMPACT = ${have_xapian_compact}
|
||||||
|
|
||||||
|
@ -1249,7 +1244,6 @@ COMMON_CONFIGURE_CFLAGS = \\
|
||||||
-DHAVE_D_TYPE=\$(HAVE_D_TYPE) \\
|
-DHAVE_D_TYPE=\$(HAVE_D_TYPE) \\
|
||||||
-DSTD_GETPWUID=\$(STD_GETPWUID) \\
|
-DSTD_GETPWUID=\$(STD_GETPWUID) \\
|
||||||
-DSTD_ASCTIME=\$(STD_ASCTIME) \\
|
-DSTD_ASCTIME=\$(STD_ASCTIME) \\
|
||||||
-DHAVE_GMIME_SESSION_KEYS=\$(HAVE_GMIME_SESSION_KEYS) \\
|
|
||||||
-DHAVE_XAPIAN_COMPACT=\$(HAVE_XAPIAN_COMPACT) \\
|
-DHAVE_XAPIAN_COMPACT=\$(HAVE_XAPIAN_COMPACT) \\
|
||||||
-DSILENCE_XAPIAN_DEPRECATION_WARNINGS \\
|
-DSILENCE_XAPIAN_DEPRECATION_WARNINGS \\
|
||||||
-DHAVE_XAPIAN_FIELD_PROCESSOR=\$(HAVE_XAPIAN_FIELD_PROCESSOR) \\
|
-DHAVE_XAPIAN_FIELD_PROCESSOR=\$(HAVE_XAPIAN_FIELD_PROCESSOR) \\
|
||||||
|
@ -1278,9 +1272,6 @@ NOTMUCH_HAVE_XAPIAN_FIELD_PROCESSOR=${have_xapian_field_processor}
|
||||||
# Whether the Xapian version in use supports lock retry
|
# Whether the Xapian version in use supports lock retry
|
||||||
NOTMUCH_HAVE_XAPIAN_DB_RETRY_LOCK=${have_xapian_db_retry_lock}
|
NOTMUCH_HAVE_XAPIAN_DB_RETRY_LOCK=${have_xapian_db_retry_lock}
|
||||||
|
|
||||||
# Whether the GMime version can handle extraction and reuse of session keys
|
|
||||||
NOTMUCH_HAVE_GMIME_SESSION_KEYS=${have_gmime_session_keys}
|
|
||||||
|
|
||||||
# Which backend will Xapian use by default?
|
# Which backend will Xapian use by default?
|
||||||
NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
|
NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ notmuch_built_with (const char *name)
|
||||||
} else if (STRNCMP_LITERAL (name, "retry_lock") == 0) {
|
} else if (STRNCMP_LITERAL (name, "retry_lock") == 0) {
|
||||||
return HAVE_XAPIAN_DB_RETRY_LOCK;
|
return HAVE_XAPIAN_DB_RETRY_LOCK;
|
||||||
} else if (STRNCMP_LITERAL (name, "session_key") == 0) {
|
} else if (STRNCMP_LITERAL (name, "session_key") == 0) {
|
||||||
return HAVE_GMIME_SESSION_KEYS;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -531,7 +531,7 @@ _index_encrypted_mime_part (notmuch_message_t *message,
|
||||||
GMimeCryptoContext* crypto_ctx = NULL;
|
GMimeCryptoContext* crypto_ctx = NULL;
|
||||||
bool attempted = false;
|
bool attempted = false;
|
||||||
GMimeDecryptResult *decrypt_result = NULL;
|
GMimeDecryptResult *decrypt_result = NULL;
|
||||||
bool get_sk = (HAVE_GMIME_SESSION_KEYS && notmuch_indexopts_get_decrypt_policy (indexopts) == NOTMUCH_DECRYPT_TRUE);
|
bool get_sk = (notmuch_indexopts_get_decrypt_policy (indexopts) == NOTMUCH_DECRYPT_TRUE);
|
||||||
clear = _notmuch_crypto_decrypt (&attempted, notmuch_indexopts_get_decrypt_policy (indexopts),
|
clear = _notmuch_crypto_decrypt (&attempted, notmuch_indexopts_get_decrypt_policy (indexopts),
|
||||||
message, crypto_ctx, encrypted_data, get_sk ? &decrypt_result : NULL, &err);
|
message, crypto_ctx, encrypted_data, get_sk ? &decrypt_result : NULL, &err);
|
||||||
if (!attempted)
|
if (!attempted)
|
||||||
|
@ -554,7 +554,6 @@ _index_encrypted_mime_part (notmuch_message_t *message,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (decrypt_result) {
|
if (decrypt_result) {
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
if (get_sk) {
|
if (get_sk) {
|
||||||
status = notmuch_message_add_property (message, "session-key",
|
status = notmuch_message_add_property (message, "session-key",
|
||||||
g_mime_decrypt_result_get_session_key (decrypt_result));
|
g_mime_decrypt_result_get_session_key (decrypt_result));
|
||||||
|
@ -562,7 +561,6 @@ _index_encrypted_mime_part (notmuch_message_t *message,
|
||||||
_notmuch_database_log (notmuch, "failed to add session-key "
|
_notmuch_database_log (notmuch, "failed to add session-key "
|
||||||
"property (%d)\n", status);
|
"property (%d)\n", status);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
g_object_unref (decrypt_result);
|
g_object_unref (decrypt_result);
|
||||||
}
|
}
|
||||||
_index_mime_part (message, indexopts, clear);
|
_index_mime_part (message, indexopts, clear);
|
||||||
|
|
|
@ -228,7 +228,6 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
|
||||||
set_signature_list_destructor (node);
|
set_signature_list_destructor (node);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
|
if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
|
||||||
notmuch_database_t *db = notmuch_message_get_database (message);
|
notmuch_database_t *db = notmuch_message_get_database (message);
|
||||||
const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
|
const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
|
||||||
|
@ -238,7 +237,6 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
|
||||||
notmuch_message_add_property (message, "session-key",
|
notmuch_message_add_property (message, "session-key",
|
||||||
session_key));
|
session_key));
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
g_object_unref (decrypt_result);
|
g_object_unref (decrypt_result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -894,7 +894,6 @@ show_message (void *ctx,
|
||||||
part = mime_node_seek_dfs (root, (params->part < 0 ? 0 : params->part));
|
part = mime_node_seek_dfs (root, (params->part < 0 ? 0 : params->part));
|
||||||
if (part)
|
if (part)
|
||||||
status = format->part (local, sp, part, indent, params);
|
status = format->part (local, sp, part, indent, params);
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
if (params->crypto.decrypt == NOTMUCH_DECRYPT_TRUE && session_key_count_error == NOTMUCH_STATUS_SUCCESS) {
|
if (params->crypto.decrypt == NOTMUCH_DECRYPT_TRUE && session_key_count_error == NOTMUCH_STATUS_SUCCESS) {
|
||||||
unsigned int new_session_keys = 0;
|
unsigned int new_session_keys = 0;
|
||||||
if (notmuch_message_count_properties (message, "session-key", &new_session_keys) == NOTMUCH_STATUS_SUCCESS &&
|
if (notmuch_message_count_properties (message, "session-key", &new_session_keys) == NOTMUCH_STATUS_SUCCESS &&
|
||||||
|
@ -908,7 +907,6 @@ show_message (void *ctx,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
DONE:
|
DONE:
|
||||||
talloc_free (local);
|
talloc_free (local);
|
||||||
return status;
|
return status;
|
||||||
|
|
|
@ -52,9 +52,6 @@ test_begin_subtest "show the message body of the encrypted message"
|
||||||
notmuch dump wumpus
|
notmuch dump wumpus
|
||||||
output=$(notmuch show wumpus | notmuch_show_part 3)
|
output=$(notmuch show wumpus | notmuch_show_part 3)
|
||||||
expected='This is a test encrypted message with a wumpus.'
|
expected='This is a test encrypted message with a wumpus.'
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
@ -91,9 +88,6 @@ test_expect_equal \
|
||||||
test_begin_subtest "search should now find the contents"
|
test_begin_subtest "search should now find the contents"
|
||||||
output=$(notmuch search wumpus)
|
output=$(notmuch search wumpus)
|
||||||
expected='thread:0000000000000003 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
|
expected='thread:0000000000000003 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
@ -163,9 +157,6 @@ test_begin_subtest 'reindex in auto mode'
|
||||||
test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
|
test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
|
||||||
test_begin_subtest "reindexed encrypted messages, should not have changed"
|
test_begin_subtest "reindexed encrypted messages, should not have changed"
|
||||||
output=$(notmuch search wumpus)
|
output=$(notmuch search wumpus)
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
@ -256,9 +247,6 @@ EOF
|
||||||
notmuch reindex id:simple-encrypted@crypto.notmuchmail.org
|
notmuch reindex id:simple-encrypted@crypto.notmuchmail.org
|
||||||
output=$(notmuch search sekrit)
|
output=$(notmuch search sekrit)
|
||||||
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
|
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
@ -266,9 +254,6 @@ test_expect_equal \
|
||||||
test_begin_subtest "notmuch reply should show cleartext if session key is present"
|
test_begin_subtest "notmuch reply should show cleartext if session key is present"
|
||||||
output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>')
|
output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>')
|
||||||
expected='> This is a top sekrit message.'
|
expected='> This is a top sekrit message.'
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
@ -276,9 +261,6 @@ test_expect_equal \
|
||||||
test_begin_subtest "notmuch show should show cleartext if session key is present"
|
test_begin_subtest "notmuch show should show cleartext if session key is present"
|
||||||
output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | notmuch_show_part 3)
|
output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | notmuch_show_part 3)
|
||||||
expected='This is a top sekrit message.'
|
expected='This is a top sekrit message.'
|
||||||
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
|
|
||||||
test_subtest_known_broken
|
|
||||||
fi
|
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
|
|
@ -42,7 +42,6 @@ _notmuch_crypto_decrypt (bool *attempted,
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
/* the versions of notmuch that can support session key decryption */
|
/* the versions of notmuch that can support session key decryption */
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
if (message) {
|
if (message) {
|
||||||
notmuch_message_properties_t *list = NULL;
|
notmuch_message_properties_t *list = NULL;
|
||||||
|
|
||||||
|
@ -66,7 +65,6 @@ _notmuch_crypto_decrypt (bool *attempted,
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
if (err && *err) {
|
if (err && *err) {
|
||||||
g_error_free (*err);
|
g_error_free (*err);
|
||||||
|
@ -78,26 +76,10 @@ _notmuch_crypto_decrypt (bool *attempted,
|
||||||
|
|
||||||
if (attempted)
|
if (attempted)
|
||||||
*attempted = true;
|
*attempted = true;
|
||||||
#if (GMIME_MAJOR_VERSION < 3)
|
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
gboolean oldgetsk = g_mime_crypto_context_get_retrieve_session_key (crypto_ctx);
|
|
||||||
gboolean newgetsk = (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result);
|
|
||||||
if (newgetsk != oldgetsk)
|
|
||||||
/* This could return an error, but we can't do anything about it, so ignore it */
|
|
||||||
g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, newgetsk, NULL);
|
|
||||||
#endif
|
|
||||||
ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
|
|
||||||
decrypt_result, err);
|
|
||||||
#if HAVE_GMIME_SESSION_KEYS
|
|
||||||
if (newgetsk != oldgetsk)
|
|
||||||
g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, oldgetsk, NULL);
|
|
||||||
#endif
|
|
||||||
#else
|
|
||||||
GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
|
GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
|
||||||
if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
|
if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
|
||||||
flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
|
flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
|
||||||
ret = g_mime_multipart_encrypted_decrypt(part, flags, NULL,
|
ret = g_mime_multipart_encrypted_decrypt(part, flags, NULL,
|
||||||
decrypt_result, err);
|
decrypt_result, err);
|
||||||
#endif
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue