notmuch/test/T356-protected-headers.sh

#!/usr/bin/env bash

# TODO:
#  * check S/MIME as well as PGP/MIME

test_description='Message decryption with protected headers'
. $(dirname "$0")/test-lib.sh || exit 1

##################################################

add_gnupg_home

add_email_corpus protected-headers

test_begin_subtest "verify protected header is not visible without decryption"
output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'no_crypto_info:[0][0][0]["crypto"]={}' \
                'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'

test_begin_subtest "verify protected header is visible with decryption"
output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
                'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'

test_begin_subtest "when no external header is present, show masked subject as null"
output=$(notmuch show --decrypt=true --format=json id:subjectless-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": null}}}' \
                'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'

test_begin_subtest "misplaced protected headers should not be made visible during decryption"
output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
                'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'

test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"
output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
                'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'

test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"
output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'no_crypto_info:[0][0][0]["crypto"]={}' \
                'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'

test_begin_subtest "wrapped protected headers should not be made visible during decryption"
output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \
                'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] Subject Unavailable"'

test_begin_subtest "internal headers without protected-header attribute should be skipped"
output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
                'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'

test_begin_subtest "verify nested message/rfc822 protected header is visible"
output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
                'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'

test_begin_subtest "show cryptographic envelope on signed mail"
output=$(notmuch show --verify --format=json id:simple-signed-mail@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525609971, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}]}}'

test_begin_subtest "verify signed protected header"
output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
                'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'

test_done
cli/show: add tests for viewing protected headers Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:15:57 +02:00			`#!/usr/bin/env bash`

			`# TODO:`
			`# * check S/MIME as well as PGP/MIME`

			`test_description='Message decryption with protected headers'`
			`. $(dirname "$0")/test-lib.sh \|\| exit 1`

			`##################################################`

			`add_gnupg_home`

			`add_email_corpus protected-headers`

			`test_begin_subtest "verify protected header is not visible without decryption"`
			`output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'no_crypto_info:[0][0][0]["crypto"]={}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'`

			`test_begin_subtest "verify protected header is visible with decryption"`
			`output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
cli/show: add information about which headers were protected The header-mask member of the per-message crypto object allows a clever UI frontend to mark whether a header was protected (or not). And if it was protected, it contains enough information to show useful detail to an interested user. For example, an MUA could offer a "show what this message's Subject looked like on the wire" feature in expert mode. As before, we only handle Subject for now, but we might be able to handle other headers in the future. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Amended by db: tweaked schemata notation. 2019-05-28 00:14:16 +02:00			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \`
cli/show: add tests for viewing protected headers Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:15:57 +02:00			`'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'`

test: add test for missing external subject Adding another test to ensure that we handle protected headers gracefully when no external subject is present. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:16:00 +02:00			`test_begin_subtest "when no external header is present, show masked subject as null"`
			`output=$(notmuch show --decrypt=true --format=json id:subjectless-protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": null}}}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'`

cli/show: add tests for viewing protected headers Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:15:57 +02:00			`test_begin_subtest "misplaced protected headers should not be made visible during decryption"`
			`output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'`

			`test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"`
			`output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'`

			`test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"`
			`output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'no_crypto_info:[0][0][0]["crypto"]={}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'`

			`test_begin_subtest "wrapped protected headers should not be made visible during decryption"`
			`output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] Subject Unavailable"'`

			`test_begin_subtest "internal headers without protected-header attribute should be skipped"`
			`output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \`
			`'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'`

			`test_begin_subtest "verify nested message/rfc822 protected header is visible"`
			`output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
cli/show: add information about which headers were protected The header-mask member of the per-message crypto object allows a clever UI frontend to mark whether a header was protected (or not). And if it was protected, it contains enough information to show useful detail to an interested user. For example, an MUA could offer a "show what this message's Subject looked like on the wire" feature in expert mode. As before, we only handle Subject for now, but we might be able to handle other headers in the future. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Amended by db: tweaked schemata notation. 2019-05-28 00:14:16 +02:00			`'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \`
cli/show: add tests for viewing protected headers Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:15:57 +02:00			`'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'`

test: show cryptographic envelope information for signed mails Make sure that we emit the correct cryptographic envelope status for cleartext signed messages. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:16:01 +02:00			`test_begin_subtest "show cryptographic envelope on signed mail"`
			`output=$(notmuch show --verify --format=json id:simple-signed-mail@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525609971, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}]}}'`

			`test_begin_subtest "verify signed protected header"`
			`output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.notmuchmail.org)`
			`test_json_nodes <<<"$output" \`
			`'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'`

cli/show: add tests for viewing protected headers Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-05-27 00:15:57 +02:00			`test_done`