mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-21 18:38:08 +01:00
test: signature verification during decryption (session keys)
When the user knows the signer's key, we want "notmuch show" to be able to verify the signature of an encrypted and signed message regardless of whether we are using a stashed session key or not. I wrote this test because I was surprised to see signature verification failing when viewing some encrypted messages after upgrading to GPGME 1.13.0-1 in debian experimental. The added tests here all pass with GPGME 1.12.0, but the final test fails with 1.13.0, due to some buggy updates to GPGME upstream: see https://dev.gnupg.org/T3464 for more details. While the bug needs to be fixed in GPGME, notmuch's test suite needs to make sure that GMime is doing what we expect it to do; i was a bit surprised that it hadn't caught the problem, hence this patch. I've fixed this bug in debian experimental with gpgme 1.13.0-2, so the tests should pass on any debian system. I've also fixed it in the gpgme packages (1.13.0-2~ppa1) in the ubuntu xenial PPA (ppa:notmuch/notmuch) that notmuch uses for Travis CI. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
5f22d16273
commit
bc396c967c
2 changed files with 54 additions and 0 deletions
|
@ -226,6 +226,7 @@ output=$(notmuch dump | LC_ALL=C sort)
|
||||||
expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure
|
expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure
|
||||||
#notmuch-dump batch-tag:3 config,properties,tags
|
#notmuch-dump batch-tag:3 config,properties,tags
|
||||||
+encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org
|
+encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org
|
||||||
|
+encrypted +inbox +unread -- id:encrypted-signed@crypto.notmuchmail.org
|
||||||
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org'
|
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org'
|
||||||
test_expect_equal \
|
test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
|
@ -288,6 +289,24 @@ test_expect_equal \
|
||||||
"$output" \
|
"$output" \
|
||||||
"$expected"
|
"$expected"
|
||||||
|
|
||||||
|
goodsig='good_sig:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"'
|
||||||
|
nosig='no_sig:[0][0][0]["crypto"]!"signed"'
|
||||||
|
|
||||||
|
test_begin_subtest "verify signature without a session key stashed when --decrypt=true"
|
||||||
|
output=$(notmuch show --format=json --decrypt=true id:encrypted-signed@crypto.notmuchmail.org)
|
||||||
|
test_json_nodes <<<"$output" "$goodsig"
|
||||||
|
|
||||||
|
test_begin_subtest "do not verify sig without a session key stashed if --decrypt=auto"
|
||||||
|
output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
|
||||||
|
test_json_nodes <<<"$output" "$nosig"
|
||||||
|
|
||||||
|
test_begin_subtest "verify signature when --decrypt=stash"
|
||||||
|
output=$(notmuch show --format=json --decrypt=stash id:encrypted-signed@crypto.notmuchmail.org)
|
||||||
|
test_json_nodes <<<"$output" "$goodsig"
|
||||||
|
|
||||||
|
test_begin_subtest "verify signature with stashed session key"
|
||||||
|
output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
|
||||||
|
test_json_nodes <<<"$output" "$goodsig"
|
||||||
|
|
||||||
# TODO: test removal of a message from the message store between
|
# TODO: test removal of a message from the message store between
|
||||||
# indexing and reindexing.
|
# indexing and reindexing.
|
||||||
|
|
35
test/corpora/crypto/encrypted-signed.eml
Normal file
35
test/corpora/crypto/encrypted-signed.eml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
From: test_suite@notmuchmail.org
|
||||||
|
To: test_suite@notmuchmail.org
|
||||||
|
Subject: Lyrics
|
||||||
|
Date: Wed 29 May 2019 06:09:22 PM EDT
|
||||||
|
Message-ID: <encrypted-signed@crypto.notmuchmail.org>
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/encrypted; boundary="=-=-=";
|
||||||
|
protocol="application/pgp-encrypted"
|
||||||
|
|
||||||
|
--=-=-=
|
||||||
|
Content-Type: application/pgp-encrypted
|
||||||
|
|
||||||
|
Version: 1
|
||||||
|
|
||||||
|
--=-=-=
|
||||||
|
Content-Type: application/octet-stream
|
||||||
|
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hIwDxE023q1UqxYBBAC9z781zV7QAInGMKHX6TKU5Xw/OkoWXahpDL88F6Ocm5R9
|
||||||
|
7M9z2ocvlyrbgRhqE+nvFeGH/K7rVkBBT6TAcdIe/C8Qzbd3stPPcx1PlunGROj7
|
||||||
|
H/WAcmDksK3HkXpHwmInUtzNw1pkhOoLy/sFSbPvtyg8GCUzXbafHAIIo0rB2tLB
|
||||||
|
DwGWD3l4WdcyQWuYD9QJKuDIqdWo8E3TTcKkiOAt/6liwPNZ0jGzDeCuSTnWFj6Z
|
||||||
|
AiXGeNtD3I1tCN/8T3NjEKOCQ+bdT5Y06dDaL61FpQ23eIuSUgksVxjnkEAb6iPe
|
||||||
|
07gjzcyNuGP3WPI/0qu0wtZwpAQxvaNygDsQj/OjR5kn9luBd/VqodM3TWWS8miV
|
||||||
|
m0z1tYbqYAQWW6TS7fXlsyXoOxTLW5MCfe3D36VSErL/NJItETklVKzNfKjMmRKx
|
||||||
|
CI2ZUzugxPWSLQzOp5yl7iICk8e+vS9TkQw2j0nXAQYLYgmqZMhf4av5GlFv3tQu
|
||||||
|
heO4XLT6NBDTHMFTDbgW42kE0N4MDPc29AqVFGImcTHvflF4Vp0qIbSJdIcHwKkU
|
||||||
|
5LKqvicAa0lsIoJbsW3lHrzowyjov2vLH/VGd/wIX+MS3KT7cySdyp8HVMcwwyZu
|
||||||
|
Y9nrTN/7G1FwKWlcGa4uJNcFFkYlcEymZj1EX2cyrdezPtX7K5vhwBYddptFD+Bn
|
||||||
|
IVkghRut3UDeXe83F8OutWiZfK5EVYABq/aP3//hIbQl2o4Dkd3z9m+8LobrIV5s
|
||||||
|
NXjAjU5WQOjRLoHBebG2HkMpFsWhXD/Fb/Bb58VOpdI=
|
||||||
|
=x12v
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
--=-=-=--
|
Loading…
Reference in a new issue