X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=blobdiff_plain;f=util%2Fcrypto.c;h=066dea6e1a0380fa8b3844380269669c987e90ab;hp=087536ec7ed97156459339eb6f2b3b09cc5409d8;hb=29648a137c5807135ab168917b4a51d5e19e51c2;hpb=5f2832ae2171714dfef6d0d3302f473526480157

diff --git a/util/crypto.c b/util/crypto.c
index 087536ec..066dea6e 100644
--- a/util/crypto.c
+++ b/util/crypto.c
@@ -140,18 +140,81 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypto_t *crypto))
 #endif
 
 GMimeObject *
-_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
+_notmuch_crypto_decrypt (bool *attempted,
+			 notmuch_decryption_policy_t decrypt,
+			 notmuch_message_t *message,
+			 g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
 			 GMimeMultipartEncrypted *part,
 			 GMimeDecryptResult **decrypt_result,
 			 GError **err)
 {
     GMimeObject *ret = NULL;
+    if (decrypt == NOTMUCH_DECRYPT_FALSE)
+	return NULL;
+
+    /* the versions of notmuch that can support session key decryption */
+#if HAVE_GMIME_SESSION_KEYS
+    if (message) {
+	notmuch_message_properties_t *list = NULL;
+
+	for (list = notmuch_message_get_properties (message, "session-key", TRUE);
+	     notmuch_message_properties_valid (list); notmuch_message_properties_move_to_next (list)) {
+	    if (err && *err) {
+		g_error_free (*err);
+		*err = NULL;
+	    }
+	    if (attempted)
+		*attempted = true;
+#if (GMIME_MAJOR_VERSION < 3)
+	    ret = g_mime_multipart_encrypted_decrypt_session (part,
+							      crypto_ctx,
+							      notmuch_message_properties_value (list),
+							      decrypt_result, err);
+#else
+	    ret = g_mime_multipart_encrypted_decrypt (part,
+						      GMIME_DECRYPT_NONE,
+						      notmuch_message_properties_value (list),
+						      decrypt_result, err);
+#endif
+	    if (ret)
+		break;
+	}
+	if (list)
+	    notmuch_message_properties_destroy (list);
+	if (ret)
+	    return ret;
+    }
+#endif
 
+    if (err && *err) {
+	g_error_free (*err);
+	*err = NULL;
+    }
+
+    if (decrypt == NOTMUCH_DECRYPT_AUTO)
+	return ret;
+
+    if (attempted)
+	*attempted = true;
 #if (GMIME_MAJOR_VERSION < 3)
+#if HAVE_GMIME_SESSION_KEYS
+    gboolean oldgetsk = g_mime_crypto_context_get_retrieve_session_key (crypto_ctx);
+    gboolean newgetsk = (decrypt_result);
+    if (newgetsk != oldgetsk)
+	/* This could return an error, but we can't do anything about it, so ignore it */
+	g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, newgetsk, NULL);
+#endif
     ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
 					     decrypt_result, err);
+#if HAVE_GMIME_SESSION_KEYS
+    if (newgetsk != oldgetsk)
+	g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, oldgetsk, NULL);
+#endif
 #else
-    ret = g_mime_multipart_encrypted_decrypt(part, GMIME_DECRYPT_NONE, NULL,
+    GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
+    if (decrypt_result)
+	flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
+    ret = g_mime_multipart_encrypted_decrypt(part, flags, NULL,
 					     decrypt_result, err);
 #endif
     return ret;