diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2017-11-30 03:59:29 -0500 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2017-12-04 21:48:31 -0400 |
| commit | a99058540823cd520cf2a5333e8ffe99799aa285 (patch) | |
| tree | 7377688a29dd6268240efab76b08b904a1a17ad8 /util | |
| parent | 0ff13f862cd817fc1971900a433856a2a6146e24 (diff) | |
crypto: use stashed session-key properties for decryption, if available
When doing any decryption, if the notmuch database knows of any
session keys associated with the message in question, try them before
defaulting to using default symmetric crypto.
This changeset does the primary work in _notmuch_crypto_decrypt, which
grows some new parameters to handle it.
The primary advantage this patch offers is a significant speedup when
rendering large encrypted threads ("notmuch show") if session keys
happen to be cached.
Additionally, it permits message composition without access to
asymmetric secret keys ("notmuch reply"); and it permits recovering a
cleartext index when reindexing after a "notmuch restore" for those
messages that already have a session key stored.
Note that we may try multiple decryptions here (e.g. if there are
multiple session keys in the database), but we will ignore and throw
away all the GMime errors except for those that come from last
decryption attempt. Since we don't necessarily know at the time of
the decryption that this *is* the last decryption attempt, we'll ask
for the errors each time anyway.
This does nothing if no session keys are stashed in the database,
which is fine. Actually stashing session keys in the database will
come as a subsequent patch.
Diffstat (limited to 'util')
| -rw-r--r-- | util/crypto.c | 39 | ||||
| -rw-r--r-- | util/crypto.h | 3 |
2 files changed, 40 insertions, 2 deletions
diff --git a/util/crypto.c b/util/crypto.c index 087536ec..476f1879 100644 --- a/util/crypto.c +++ b/util/crypto.c @@ -140,13 +140,50 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypto_t *crypto)) #endif GMimeObject * -_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx), +_notmuch_crypto_decrypt (notmuch_message_t *message, + g_mime_3_unused(GMimeCryptoContext* crypto_ctx), GMimeMultipartEncrypted *part, GMimeDecryptResult **decrypt_result, GError **err) { GMimeObject *ret = NULL; + /* the versions of notmuch that can support session key decryption */ +#if HAVE_GMIME_SESSION_KEYS + if (message) { + notmuch_message_properties_t *list = NULL; + + for (list = notmuch_message_get_properties (message, "session-key", TRUE); + notmuch_message_properties_valid (list); notmuch_message_properties_move_to_next (list)) { + if (err && *err) { + g_error_free (*err); + *err = NULL; + } +#if (GMIME_MAJOR_VERSION < 3) + ret = g_mime_multipart_encrypted_decrypt_session (part, + crypto_ctx, + notmuch_message_properties_value (list), + decrypt_result, err); +#else + ret = g_mime_multipart_encrypted_decrypt (part, + GMIME_DECRYPT_NONE, + notmuch_message_properties_value (list), + decrypt_result, err); +#endif + if (ret) + break; + } + if (list) + notmuch_message_properties_destroy (list); + if (ret) + return ret; + } +#endif + + if (err && *err) { + g_error_free (*err); + *err = NULL; + } #if (GMIME_MAJOR_VERSION < 3) ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx, decrypt_result, err); diff --git a/util/crypto.h b/util/crypto.h index d68634f3..0c62ac70 100644 --- a/util/crypto.h +++ b/util/crypto.h @@ -16,7 +16,8 @@ typedef struct _notmuch_crypto { } _notmuch_crypto_t; GMimeObject * -_notmuch_crypto_decrypt (GMimeCryptoContext* crypto_ctx, +_notmuch_crypto_decrypt (notmuch_message_t *message, + GMimeCryptoContext* crypto_ctx, GMimeMultipartEncrypted *part, GMimeDecryptResult **decrypt_result, GError **err); |