From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 3/4] mime-node: track whole-message crypto state while walking the tree
Date: Wed, 24 Apr 2019 14:31:12 -0400 [thread overview]
Message-ID: <20190424183113.29242-4-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20190424183113.29242-1-dkg@fifthhorseman.net>
Deliberately populate the message's cryptographic status while walking
the MIME tree from the CLI.
Note that the additional numchild argument added to _mime_node_create
is a passthrough needed to be able to adequately populate the crypto
state object.
---
mime-node.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/mime-node.c b/mime-node.c
index 272d23fb..6a6d3c8d 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -135,6 +135,8 @@ mime_node_open (const void *ctx, notmuch_message_t *message,
goto DONE;
}
+ mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
+
mctx->crypto = crypto;
/* Create the root node */
@@ -181,6 +183,7 @@ node_verify (mime_node_t *node, GMimeObject *part,
g_mime_3_unused(GMimeCryptoContext *cryptoctx))
{
GError *err = NULL;
+ notmuch_status_t status;
node->verify_attempted = true;
node->sig_list = g_mime_multipart_signed_verify
@@ -194,6 +197,10 @@ node_verify (mime_node_t *node, GMimeObject *part,
if (err)
g_error_free (err);
+
+ status = _notmuch_message_crypto_potential_sig_list(node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
/* Decrypt and optionally verify an encrypted mime node (GMime 2.6) */
@@ -203,6 +210,7 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
{
GError *err = NULL;
GMimeDecryptResult *decrypt_result = NULL;
+ notmuch_status_t status;
GMimeMultipartEncrypted *encrypteddata = GMIME_MULTIPART_ENCRYPTED (part);
notmuch_message_t *message = NULL;
@@ -225,6 +233,9 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
}
node->decrypt_success = true;
+ status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
if (decrypt_result) {
/* This may be NULL if the part is not signed. */
@@ -233,6 +244,9 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
node->verify_attempted = true;
g_object_ref (node->sig_list);
set_signature_list_destructor (node);
+ status = _notmuch_message_crypto_potential_sig_list(node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
#if HAVE_GMIME_SESSION_KEYS
@@ -255,10 +269,11 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
}
static mime_node_t *
-_mime_node_create (mime_node_t *parent, GMimeObject *part)
+_mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
{
mime_node_t *node = talloc_zero (parent, mime_node_t);
GMimeCryptoContext *cryptoctx = NULL;
+ notmuch_status_t status;
/* Set basic node properties */
node->part = part;
@@ -296,7 +311,6 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
|| (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
GMimeContentType *content_type = g_mime_object_get_content_type (part);
const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
- notmuch_status_t status;
status = _notmuch_crypto_get_gmime_ctx_for_protocol (node->ctx->crypto,
protocol, &cryptoctx);
if (status) /* this is a warning, not an error */
@@ -326,6 +340,10 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
} else {
node_verify (node, part, cryptoctx);
}
+ } else {
+ status = _notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, parent ? parent->part : NULL, numchild);
+ if (status)
+ fprintf (stderr, "Warning: failed to record potential crypto payload (%s).\n", notmuch_status_to_string (status));
}
return node;
@@ -353,7 +371,7 @@ mime_node_child (mime_node_t *parent, int child)
INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
g_type_name (G_OBJECT_TYPE (parent->part)));
}
- node = _mime_node_create (parent, sub);
+ node = _mime_node_create (parent, sub, child);
if (child == parent->next_child && parent->next_part_num != -1) {
/* We're traversing in depth-first order. Record the child's
--
2.20.1
next prev parent reply other threads:[~2019-04-24 18:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-24 18:31 Easing access to the cryptographic envelope Daniel Kahn Gillmor
2019-04-24 18:31 ` [PATCH 1/4] util/crypto: _notmuch_message_crypto: tracks message-wide crypto state Daniel Kahn Gillmor
2019-04-24 18:31 ` [PATCH 2/4] cli: expose message-wide crypto status from mime-node Daniel Kahn Gillmor
2019-04-24 18:31 ` Daniel Kahn Gillmor [this message]
2019-04-24 18:31 ` [PATCH 4/4] cli/show: emit new whole-message crypto status output Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190424183113.29242-4-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).