test: signature verification during decryption (session keys)

When the user knows the signer's key, we want "notmuch show" to be
able to verify the signature of an encrypted and signed message
regardless of whether we are using a stashed session key or not.

I wrote this test because I was surprised to see signature
verification failing when viewing some encrypted messages after
upgrading to GPGME 1.13.0-1 in debian experimental.

The added tests here all pass with GPGME 1.12.0, but the final test
fails with 1.13.0, due to some buggy updates to GPGME upstream: see
https://dev.gnupg.org/T3464 for more details.

While the bug needs to be fixed in GPGME, notmuch's test suite needs
to make sure that GMime is doing what we expect it to do; i was a bit
surprised that it hadn't caught the problem, hence this patch.

I've fixed this bug in debian experimental with gpgme 1.13.0-2, so the
tests should pass on any debian system.  I've also fixed it in the
gpgme packages (1.13.0-2~ppa1) in the ubuntu xenial PPA
(ppa:notmuch/notmuch) that notmuch uses for Travis CI.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2019-05-29 20:09:44 -04:00 committed by David Bremner
parent 5f22d16273
commit bc396c967c
2 changed files with 54 additions and 0 deletions

View file

@ -226,6 +226,7 @@ output=$(notmuch dump | LC_ALL=C sort)
expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure
#notmuch-dump batch-tag:3 config,properties,tags #notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org +encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org
+encrypted +inbox +unread -- id:encrypted-signed@crypto.notmuchmail.org
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org' +encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org'
test_expect_equal \ test_expect_equal \
"$output" \ "$output" \
@ -288,6 +289,24 @@ test_expect_equal \
"$output" \ "$output" \
"$expected" "$expected"
goodsig='good_sig:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"'
nosig='no_sig:[0][0][0]["crypto"]!"signed"'
test_begin_subtest "verify signature without a session key stashed when --decrypt=true"
output=$(notmuch show --format=json --decrypt=true id:encrypted-signed@crypto.notmuchmail.org)
test_json_nodes <<<"$output" "$goodsig"
test_begin_subtest "do not verify sig without a session key stashed if --decrypt=auto"
output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
test_json_nodes <<<"$output" "$nosig"
test_begin_subtest "verify signature when --decrypt=stash"
output=$(notmuch show --format=json --decrypt=stash id:encrypted-signed@crypto.notmuchmail.org)
test_json_nodes <<<"$output" "$goodsig"
test_begin_subtest "verify signature with stashed session key"
output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
test_json_nodes <<<"$output" "$goodsig"
# TODO: test removal of a message from the message store between # TODO: test removal of a message from the message store between
# indexing and reindexing. # indexing and reindexing.

View file

@ -0,0 +1,35 @@
From: test_suite@notmuchmail.org
To: test_suite@notmuchmail.org
Subject: Lyrics
Date: Wed 29 May 2019 06:09:22 PM EDT
Message-ID: <encrypted-signed@crypto.notmuchmail.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; boundary="=-=-=";
protocol="application/pgp-encrypted"
--=-=-=
Content-Type: application/pgp-encrypted
Version: 1
--=-=-=
Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE-----
hIwDxE023q1UqxYBBAC9z781zV7QAInGMKHX6TKU5Xw/OkoWXahpDL88F6Ocm5R9
7M9z2ocvlyrbgRhqE+nvFeGH/K7rVkBBT6TAcdIe/C8Qzbd3stPPcx1PlunGROj7
H/WAcmDksK3HkXpHwmInUtzNw1pkhOoLy/sFSbPvtyg8GCUzXbafHAIIo0rB2tLB
DwGWD3l4WdcyQWuYD9QJKuDIqdWo8E3TTcKkiOAt/6liwPNZ0jGzDeCuSTnWFj6Z
AiXGeNtD3I1tCN/8T3NjEKOCQ+bdT5Y06dDaL61FpQ23eIuSUgksVxjnkEAb6iPe
07gjzcyNuGP3WPI/0qu0wtZwpAQxvaNygDsQj/OjR5kn9luBd/VqodM3TWWS8miV
m0z1tYbqYAQWW6TS7fXlsyXoOxTLW5MCfe3D36VSErL/NJItETklVKzNfKjMmRKx
CI2ZUzugxPWSLQzOp5yl7iICk8e+vS9TkQw2j0nXAQYLYgmqZMhf4av5GlFv3tQu
heO4XLT6NBDTHMFTDbgW42kE0N4MDPc29AqVFGImcTHvflF4Vp0qIbSJdIcHwKkU
5LKqvicAa0lsIoJbsW3lHrzowyjov2vLH/VGd/wIX+MS3KT7cySdyp8HVMcwwyZu
Y9nrTN/7G1FwKWlcGa4uJNcFFkYlcEymZj1EX2cyrdezPtX7K5vhwBYddptFD+Bn
IVkghRut3UDeXe83F8OutWiZfK5EVYABq/aP3//hIbQl2o4Dkd3z9m+8LobrIV5s
NXjAjU5WQOjRLoHBebG2HkMpFsWhXD/Fb/Bb58VOpdI=
=x12v
-----END PGP MESSAGE-----
--=-=-=--