[PATCH 15/18] crypto: actually stash session keys when try-decrypt=true
David Bremner
david at tethera.net
Thu Nov 16 04:53:14 PST 2017
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> + Be aware that the index is likely sufficient to reconstruct
> + the cleartext of the message itself, so please ensure that the
> + notmuch message index is adequately protected. DO NOT USE
> + ``--try-decrypt=true`` without considering the security of
> + your index.
>
This is probably just my ignorance, but doesn't stashing session keys
change this from likely to certain? Is it possible we decrypt thing and
don't get session keys.
> +test_begin_subtest "show the message body of the encrypted message"
> +notmuch dump wumpus
> +output=$(notmuch show wumpus | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }')
> +expected='This is a test encrypted message with a wumpus.'
> +test_expect_equal \
> + "$output" \
> + "$expected"
I'd be happier if we didn't further entrench the text format in the test
suite. How hard would it be to use json output (+maybe python?) here?
> *attempted = true;
> #if (GMIME_MAJOR_VERSION < 3)
> +#if (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21)
> + gboolean oldgetsk = g_mime_crypto_context_get_retrieve_session_key (crypto_ctx);
> + gboolean newgetsk = (decrypt_result);
> + if (newgetsk != oldgetsk)
> + /* This could return an error, but we can't do anything about it, so ignore it */
> + g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, newgetsk, NULL);
> +#endif
> ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
> decrypt_result, err);
> +#if (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21)
> + if (newgetsk != oldgetsk)
> + g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, oldgetsk, NULL);
I lost track a bit, but now there's at least 2 (maybe 3) repetitions of
this somewhat complicated test, and one more needed for
built_with.session_keys. HAVE_GMIME_SESSION_KEYS is looking better and
better.
More information about the notmuch
mailing list