From b36248a26eb54fe8c162c7f54d34c343a94265f1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 May 2019 18:16:04 -0400 Subject: [PATCH] test: protected headers should work when both encrypted and signed. Up to this point, we've tested protected headers on messages that have either been encrypted or signed, but not both. This adds a couple tests of signed+encrypted messages, one where the subject line is masked (outside subject line is "Subject Unavailable") and another where it is not (outside Subject: matches inner Subject:) See the discussion at https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#protected-headers for more details about the nuances between signed, stripped, and stubbed headers. Signed-off-by: Daniel Kahn Gillmor --- test/T356-protected-headers.sh | 16 +++++++++ .../encrypted-signed-not-masked.eml | 34 +++++++++++++++++++ .../protected-headers/encrypted-signed.eml | 34 +++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 test/corpora/protected-headers/encrypted-signed-not-masked.eml create mode 100644 test/corpora/protected-headers/encrypted-signed.eml diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh index fee3b043..0a8d4bfa 100755 --- a/test/T356-protected-headers.sh +++ b/test/T356-protected-headers.sh @@ -99,4 +99,20 @@ output=$(notmuch search --format=json 'id:protected-header@crypto.notmuchmail.or test_json_nodes <<<"$output" \ 'subject:[0]["subject"]="This is a protected header"' +test_begin_subtest "verify protected header is both signed and encrypted" +output=$(notmuch show --decrypt=true --format=json id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={ + "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}], + "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"' + +test_begin_subtest "verify protected header is signed even when not masked" +output=$(notmuch show --decrypt=true --format=json id:encrypted-signed-not-masked@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={ + "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}], + "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"' + test_done diff --git a/test/corpora/protected-headers/encrypted-signed-not-masked.eml b/test/corpora/protected-headers/encrypted-signed-not-masked.eml new file mode 100644 index 00000000..8dfd7c39 --- /dev/null +++ b/test/corpora/protected-headers/encrypted-signed-not-masked.eml @@ -0,0 +1,34 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: Rhinoceros dinner +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBADAJ03D4w48sefkQsBWXUc1spTljROjVN+y5a2yCKtYMt3M +wWMeQyem5hwLpLYRCfeIzXCrlBfpZffuOkA5okGGVEWFvJ5a1kZNZnH5Wg0ccBp7 +KBGnJY0gS/BlrKK2Sjmk9Z3ww7GAgDGPbc7mc3Csj9G38UvneBdrQgm6kZR3GNLA +6AGLN3KJETruI3Js6++aG+7tSkJ8Vo4WCVUR7oQROwF601X0QF/XghCoJCrx8B/1 +cw6Yb2wQj2nv3gw1rqWVsPVpAKsMc1yHx/2Vsee/VPtt4f67fSAMuJF3EJ6JkcK7 +tM761v69GoJGgvsie45pb1N2l/GfVMuwWU0wZhEsF7eXxqPzoE/kIGX1XIqleLaw +On2kPSM5RgqV6gLOcw4WaFPi0oMbDhltNs72SV9cV6ZhhuwEQRq+u/K76NKLwte2 +R1JutAiuPZVF0WanmmiN6RbIpWOB5XxQfWagfr4vcf/03TaLP4hJMnqUdFMk20HP +eI8TMQxkfryZK2Z6VxEBVdXhK05VEdkolmc4j9U+76A96Gd5zbYPApirkebmZatS +X3rKKAiBqwWrFXi/7LNDoCwhRRmqDuHXruh3vZEcz+xiPfJh0G31GJQgIpE15Sv6 +trf20u3CXAFjHg9zPpSFV7uAOsqv7bg+xtG9PgN4aLCiVbXHsT0z6PAz+6K+SiKw +QW8ZOtLikj5HyLAz/TDcsIShFaM3QHk2qq9RY10kmxlQVrf9Oyh3Wmc= +=om0O +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/encrypted-signed.eml b/test/corpora/protected-headers/encrypted-signed.eml new file mode 100644 index 00000000..c97d8c3c --- /dev/null +++ b/test/corpora/protected-headers/encrypted-signed.eml @@ -0,0 +1,34 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: Subject Unavailable +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBADAJ03D4w48sefkQsBWXUc1spTljROjVN+y5a2yCKtYMt3M +wWMeQyem5hwLpLYRCfeIzXCrlBfpZffuOkA5okGGVEWFvJ5a1kZNZnH5Wg0ccBp7 +KBGnJY0gS/BlrKK2Sjmk9Z3ww7GAgDGPbc7mc3Csj9G38UvneBdrQgm6kZR3GNLA +6AGLN3KJETruI3Js6++aG+7tSkJ8Vo4WCVUR7oQROwF601X0QF/XghCoJCrx8B/1 +cw6Yb2wQj2nv3gw1rqWVsPVpAKsMc1yHx/2Vsee/VPtt4f67fSAMuJF3EJ6JkcK7 +tM761v69GoJGgvsie45pb1N2l/GfVMuwWU0wZhEsF7eXxqPzoE/kIGX1XIqleLaw +On2kPSM5RgqV6gLOcw4WaFPi0oMbDhltNs72SV9cV6ZhhuwEQRq+u/K76NKLwte2 +R1JutAiuPZVF0WanmmiN6RbIpWOB5XxQfWagfr4vcf/03TaLP4hJMnqUdFMk20HP +eI8TMQxkfryZK2Z6VxEBVdXhK05VEdkolmc4j9U+76A96Gd5zbYPApirkebmZatS +X3rKKAiBqwWrFXi/7LNDoCwhRRmqDuHXruh3vZEcz+xiPfJh0G31GJQgIpE15Sv6 +trf20u3CXAFjHg9zPpSFV7uAOsqv7bg+xtG9PgN4aLCiVbXHsT0z6PAz+6K+SiKw +QW8ZOtLikj5HyLAz/TDcsIShFaM3QHk2qq9RY10kmxlQVrf9Oyh3Wmc= +=om0O +-----END PGP MESSAGE----- +--=-=-=--