mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-28 21:54:10 +01:00
ab0ae8b1c0
Our _notmuch_message_crypto_potential_payload implementation could only return a failure if bad arguments were passed to it. It is an internal function, so if that happens it's an entirely internal bug for notmuch. It will be more useful for this function to return whether or not the part is in fact a cryptographic payload, so we dispense with the status return. If some future change suggests adding a status return back, there are only a handful of call sites, and no pressure to retain a stable API, so it could be changed easily. But for now, go with the simpler function. We will use this return value in future patches, to make different decisions based on whether a part is the cryptographic payload or not. But for now, we just leave the places where it gets invoked marked with (void) to show that the result is ignored. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
104 lines
3.5 KiB
C
104 lines
3.5 KiB
C
#ifndef _CRYPTO_H
|
|
#define _CRYPTO_H
|
|
|
|
#include <stdbool.h>
|
|
#include "gmime-extra.h"
|
|
#include "notmuch.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
typedef struct _notmuch_crypto {
|
|
bool verify;
|
|
notmuch_decryption_policy_t decrypt;
|
|
} _notmuch_crypto_t;
|
|
|
|
GMimeObject *
|
|
_notmuch_crypto_decrypt (bool *attempted,
|
|
notmuch_decryption_policy_t decrypt,
|
|
notmuch_message_t *message,
|
|
GMimeMultipartEncrypted *part,
|
|
GMimeDecryptResult **decrypt_result,
|
|
GError **err);
|
|
|
|
void
|
|
_notmuch_crypto_cleanup (_notmuch_crypto_t *crypto);
|
|
|
|
/* The user probably wants to know if the entire message was in the
|
|
* clear. When replying, the MUA probably wants to know whether there
|
|
* was any part decrypted in the message. And when displaying to the
|
|
* user, we probably only want to display "encrypted message" if the
|
|
* entire message was covered by encryption. */
|
|
typedef enum {
|
|
NOTMUCH_MESSAGE_DECRYPTED_NONE = 0,
|
|
NOTMUCH_MESSAGE_DECRYPTED_PARTIAL,
|
|
NOTMUCH_MESSAGE_DECRYPTED_FULL,
|
|
} _notmuch_message_decryption_status_t;
|
|
|
|
/* description of the cryptographic state of a given message overall;
|
|
* for use by simple user agents.
|
|
*/
|
|
typedef struct _notmuch_message_crypto {
|
|
/* encryption status: partial, full, none */
|
|
_notmuch_message_decryption_status_t decryption_status;
|
|
/* FIXME: can we show what key(s) a fully-encrypted message was
|
|
* encrypted to? This data is not necessarily cryptographically
|
|
* reliable; even when we decrypt, we might not know which public
|
|
* key was used (e.g. if we're using a session key). */
|
|
|
|
/* signature status of the whole message (either the whole message
|
|
* is signed, or it is not) -- this means that partially-signed
|
|
* messages will get no signature status. */
|
|
GMimeSignatureList *sig_list;
|
|
/* if part of the message was signed, and the MUA is clever, it
|
|
* can determine on its own exactly which part and try to make
|
|
* more sense of it. */
|
|
|
|
/* mark this flag once we encounter a payload (i.e. something that
|
|
* is not part of the cryptographic envelope) */
|
|
bool payload_encountered;
|
|
|
|
/* the value of any "Subject:" header in the cryptographic payload
|
|
* (the top level part within the crypto envelope), converted to
|
|
* UTF-8 */
|
|
char *payload_subject;
|
|
|
|
/* if both signed and encrypted, was the signature encrypted? */
|
|
bool signature_encrypted;
|
|
} _notmuch_message_crypto_t;
|
|
|
|
|
|
/* _notmuch_message_crypto_t objects should be released with
|
|
* talloc_free (), or they will be released along with their parent
|
|
* context.
|
|
*/
|
|
_notmuch_message_crypto_t *
|
|
_notmuch_message_crypto_new (void *ctx);
|
|
|
|
/* call potential_sig_list during a depth-first-search on a message to
|
|
* consider a particular signature as relevant for the message.
|
|
*/
|
|
notmuch_status_t
|
|
_notmuch_message_crypto_potential_sig_list (_notmuch_message_crypto_t *msg_crypto, GMimeSignatureList *sigs);
|
|
|
|
/* call successful_decryption during a depth-first-search on a message
|
|
* to indicate that a part was successfully decrypted.
|
|
*/
|
|
notmuch_status_t
|
|
_notmuch_message_crypto_successful_decryption (_notmuch_message_crypto_t *msg_crypto);
|
|
|
|
/* call potential_payload during a depth-first-search on a message
|
|
* when encountering a message part that is not part of the envelope.
|
|
*
|
|
* Returns true if part is the root of the cryptographic payload of
|
|
* this message.
|
|
*/
|
|
bool
|
|
_notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto, GMimeObject *part, GMimeObject *parent, int childnum);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
#endif
|