gmime_cflags=$(pkg-config --cflags gmime-3.0)
gmime_ldflags=$(pkg-config --libs gmime-3.0)
gmime_major=3
- have_gmime_session_keys=1
else
have_gmime=0
- have_gmime_session_keys=0
printf "No.\n"
errors=$((errors + 1))
fi
# Whether struct dirent has d_type (if not, then notmuch will use stat)
HAVE_D_TYPE = ${have_d_type}
-# Whether the GMime version can handle extraction and reuse of session keys
-HAVE_GMIME_SESSION_KEYS = ${have_gmime_session_keys}
-
# Whether the Xapian version in use supports compaction
HAVE_XAPIAN_COMPACT = ${have_xapian_compact}
-DHAVE_D_TYPE=\$(HAVE_D_TYPE) \\
-DSTD_GETPWUID=\$(STD_GETPWUID) \\
-DSTD_ASCTIME=\$(STD_ASCTIME) \\
- -DHAVE_GMIME_SESSION_KEYS=\$(HAVE_GMIME_SESSION_KEYS) \\
-DHAVE_XAPIAN_COMPACT=\$(HAVE_XAPIAN_COMPACT) \\
-DSILENCE_XAPIAN_DEPRECATION_WARNINGS \\
-DHAVE_XAPIAN_FIELD_PROCESSOR=\$(HAVE_XAPIAN_FIELD_PROCESSOR) \\
# Whether the Xapian version in use supports lock retry
NOTMUCH_HAVE_XAPIAN_DB_RETRY_LOCK=${have_xapian_db_retry_lock}
-# Whether the GMime version can handle extraction and reuse of session keys
-NOTMUCH_HAVE_GMIME_SESSION_KEYS=${have_gmime_session_keys}
-
# Which backend will Xapian use by default?
NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
} else if (STRNCMP_LITERAL (name, "retry_lock") == 0) {
return HAVE_XAPIAN_DB_RETRY_LOCK;
} else if (STRNCMP_LITERAL (name, "session_key") == 0) {
- return HAVE_GMIME_SESSION_KEYS;
+ return true;
} else {
return false;
}
GMimeCryptoContext* crypto_ctx = NULL;
bool attempted = false;
GMimeDecryptResult *decrypt_result = NULL;
- bool get_sk = (HAVE_GMIME_SESSION_KEYS && notmuch_indexopts_get_decrypt_policy (indexopts) == NOTMUCH_DECRYPT_TRUE);
+ bool get_sk = (notmuch_indexopts_get_decrypt_policy (indexopts) == NOTMUCH_DECRYPT_TRUE);
clear = _notmuch_crypto_decrypt (&attempted, notmuch_indexopts_get_decrypt_policy (indexopts),
message, crypto_ctx, encrypted_data, get_sk ? &decrypt_result : NULL, &err);
if (!attempted)
return;
}
if (decrypt_result) {
-#if HAVE_GMIME_SESSION_KEYS
if (get_sk) {
status = notmuch_message_add_property (message, "session-key",
g_mime_decrypt_result_get_session_key (decrypt_result));
_notmuch_database_log (notmuch, "failed to add session-key "
"property (%d)\n", status);
}
-#endif
g_object_unref (decrypt_result);
}
_index_mime_part (message, indexopts, clear);
set_signature_list_destructor (node);
}
-#if HAVE_GMIME_SESSION_KEYS
if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
notmuch_database_t *db = notmuch_message_get_database (message);
const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
notmuch_message_add_property (message, "session-key",
session_key));
}
-#endif
g_object_unref (decrypt_result);
}
part = mime_node_seek_dfs (root, (params->part < 0 ? 0 : params->part));
if (part)
status = format->part (local, sp, part, indent, params);
-#if HAVE_GMIME_SESSION_KEYS
if (params->crypto.decrypt == NOTMUCH_DECRYPT_TRUE && session_key_count_error == NOTMUCH_STATUS_SUCCESS) {
unsigned int new_session_keys = 0;
if (notmuch_message_count_properties (message, "session-key", &new_session_keys) == NOTMUCH_STATUS_SUCCESS &&
}
}
}
-#endif
DONE:
talloc_free (local);
return status;
notmuch dump wumpus
output=$(notmuch show wumpus | notmuch_show_part 3)
expected='This is a test encrypted message with a wumpus.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
test_begin_subtest "search should now find the contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
test_begin_subtest "reindexed encrypted messages, should not have changed"
output=$(notmuch search wumpus)
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
notmuch reindex id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
test_begin_subtest "notmuch reply should show cleartext if session key is present"
output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>')
expected='> This is a top sekrit message.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
test_begin_subtest "notmuch show should show cleartext if session key is present"
output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | notmuch_show_part 3)
expected='This is a top sekrit message.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
- test_subtest_known_broken
-fi
test_expect_equal \
"$output" \
"$expected"
return NULL;
/* the versions of notmuch that can support session key decryption */
-#if HAVE_GMIME_SESSION_KEYS
if (message) {
notmuch_message_properties_t *list = NULL;
if (ret)
return ret;
}
-#endif
if (err && *err) {
g_error_free (*err);
if (attempted)
*attempted = true;
-#if (GMIME_MAJOR_VERSION < 3)
-#if HAVE_GMIME_SESSION_KEYS
- gboolean oldgetsk = g_mime_crypto_context_get_retrieve_session_key (crypto_ctx);
- gboolean newgetsk = (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result);
- if (newgetsk != oldgetsk)
- /* This could return an error, but we can't do anything about it, so ignore it */
- g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, newgetsk, NULL);
-#endif
- ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
- decrypt_result, err);
-#if HAVE_GMIME_SESSION_KEYS
- if (newgetsk != oldgetsk)
- g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, oldgetsk, NULL);
-#endif
-#else
GMimeDecryptFlags flags = GMIME_DECRYPT_NONE;
if (decrypt == NOTMUCH_DECRYPT_TRUE && decrypt_result)
flags |= GMIME_DECRYPT_EXPORT_SESSION_KEY;
ret = g_mime_multipart_encrypted_decrypt(part, flags, NULL,
decrypt_result, err);
-#endif
return ret;
}