Commit graph

28 commits

Author SHA1 Message Date
Daniel Kahn Gillmor
1b9f4a9863 cli/reply: Ignore PKCS#7 wrapper parts when replying
When composing a reply, no one wants to see this line in the proposed
message:

    Non-text part: application/pkcs7-mime

So we hide it, the same way we hide PGP/MIME cruft.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:25 -03:00
Daniel Kahn Gillmor
f12fb4d819 cli/show: If a leaf part has children, show them instead of omitting
Until we did PKCS#7 unwrapping, no leaf MIME part could have a child.

Now, we treat the unwrapped MIME part as the child of the PKCS#7
SignedData object.  So in that case, we want to show it instead of
deliberately omitting the content.

This fixes the test of the protected subject in
id:smime-onepart-signed@protected-headers.example.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:17 -03:00
Daniel Kahn Gillmor
5f4aceee26 cli: include wrapped part of PKCS#7 SignedData in the MIME tree
Unwrap a PKCS#7 SignedData part unconditionally when the cli is
traversing the MIME tree, and return it as a "child" of what would
otherwise be a leaf in the tree.

Unfortunately, this also breaks the JSON output.  We will fix that
next.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:07 -03:00
Daniel Kahn Gillmor
ad60e5d4e8 smime: Identify encrypted S/MIME parts during indexing
We don't handle them correctly yet, but we can at least mark them as
being encrypted.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:10:55 -03:00
Daniel Kahn Gillmor
38bd0df922 lib: index PKCS7 SignedData parts
When we are indexing, we should treat SignedData parts the same way
that we treat a multipart object, indexing the wrapped part as a
distinct MIME object.

Unfortunately, this means doing some sort of cryptographic
verification whose results we throw away, because GMime doesn't offer
us any way to unwrap without doing signature verification.

I've opened https://github.com/jstedfast/gmime/issues/67 to request
the capability from GMime but for now, we'll just accept the
additional performance hit.

As we do this indexing, we also apply the "signed" tag, by analogy
with how we handle multipart/signed messages.  These days, that kind
of change should probably be done with a property instead, but that's
a different set of changes.  This one is just for consistency.

Note that we are currently *only* handling signedData parts, which are
basically clearsigned messages.  PKCS#7 parts can also be
envelopedData and authEnvelopedData (which are effectively encryption
layers), and compressedData (which afaict isn't implemented anywhere,
i've never encountered it).  We're laying the groundwork for indexing
these other S/MIME types here, but we're only dealing with signedData
for now.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:10:46 -03:00
Daniel Kahn Gillmor
b14d9ae204 smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7
When checking cryptographic signatures, Notmuch relies on GMime to
tell it whether the certificate that signs a message has a valid User
ID or not.

If the User ID is not valid, then notmuch does not report the signer's
User ID to the user.  This means that the consumer of notmuch's
cryptographic summary of a message (or of its protected headers) can
be confident in relaying the reported identity to the user.

However, some versions of GMime before 3.2.7 cannot report Certificate
validity for X.509 certificates.  This is resolved upstream in GMime
at https://github.com/jstedfast/gmime/pull/90.

We adapt to this by marking tests of reported User IDs for
S/MIME-signed messages as known-broken if GMime is older than 3.2.7
and has not been patched.

If GMime >= 3.2.7 and certificate validity still doesn't work for
X.509 certs, then there has likely been a regression in GMime and we
should fail early, during ./configure.

To break out these specific User ID checks from other checks, i had to
split some tests into two parts, and reuse $output across the two
subtests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:04:57 -03:00
Daniel Kahn Gillmor
b1a04bddc2 tests/smime: add tests for S/MIME SignedData
Add a simple S/MIME SignedData message, taken from an upcoming draft
of
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/

RFC 8551 describes a SignedData, a one-part clearsigned object that is
more resistant to common patterns of MTA message munging than
multipart/signed (but has the downside that it is only readable by
clients that implement S/MIME).

To make sure sure notmuch can handle this kind of object, we want to
know a few things:

Already working:

 - Is the content of the SignedData object indexed?  It actually is
   right now because of dumb luck -- i think we're indexing the raw
   CMS object and it happens to contain the cleartext of the message
   in a way that we can consume it before passing it on to Xapian.
 - Are we accidentally indexing the embedded PKCS#7 certificates? We
   don't want to, and for some reason I don't understand, our indexing
   is actually skipping the embedded certificates already.  That's
   good!

Still need fixing:
 - do we know the MIME type of the embedded part?
 - do we know that the message is signed?
 - can notmuch-show read its content?
 - can notmuch-show indicate the signature validity?
 - can notmuch-reply properly quote and attribute content?

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:57:26 -03:00
Daniel Kahn Gillmor
92149485cb tests/smime: Test indexing cleartext of envelopedData
These tests describe some simple behavior we would expect to work if
we were to correctly index the cleartext of encrypted S/MIME messages
(PKCS#7 envelopedData).

Of course, they don't currently pass, so we mark them known-broken.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:56:13 -03:00
Daniel Kahn Gillmor
a8bf94af44 tests/smime: Verify cryptographic message status
When consuming a signed+encrypted S/MIME message generated by emacs,
we expect to see the same cryptographic properties for the message as
a whole.  This is not done correctly yet, so the test is marked as
known broken.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:56:02 -03:00
Daniel Kahn Gillmor
7eaac52ddb tests/smime: avoid copying the key+cert.pem around
No functional change.

We no longer need to identify the key and cert to mml-mode when
sending an S/MIME message, so making a copy of key+cert.pem to
test_suite.pem is superfluous.  Get rid of the extra file.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:48 -03:00
Daniel Kahn Gillmor
2e351d10c2 tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs
The documentation for message mode clearly states that EasyPG (which
uses GnuPG) is the default and recommended way to use S/MIME with
mml-secure:

[0] https://www.gnu.org/software/emacs/manual/html_node/message/Using-S_002fMIME.html

To ensure that this mode works, we just need to import the secret key
in question into gpgsm in addition to the public key.  gpgsm should be
able pick the right keys+certificates to use based on To/From headers,
so we don't have to specify anything manually in the #secure mml tag.

The import process from the OpenSSL-preferred form (cert+secretkey) is
rather ugly, because gpgsm wants to see a PKCS#12 object when
importing secret keys.

Note that EasyPG generates the more modern Content-Type:
application/pkcs7-signature instead of application/x-pkcs7-signature
for the detached signature.

We are also obliged to manually set gpgsm's include-certs setting to 1
because gpgsm defaults to send "everything but the root cert".  In our
weird test case, the certificate we're using is self-signed, so it
*is* the root cert, which means that gpgsm doesn't include it by
default.  Setting it to 1 forces inclusion of the signer's cert, which
satisfies openssl's smime subcommand. See https://dev.gnupg.org/T4878
for more details.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:37 -03:00
Daniel Kahn Gillmor
055e0917d7 tests: move add_gpgsm_home to test-lib.sh
This allows us to test S/MIME messages in other tests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:53:34 -03:00
David Bremner
6cd47227de test: add a known broken test for S/MIME decryption
This should serve to clarify this feature is not implimented in
notmuch yet.
2019-12-14 07:25:06 -04:00
Daniel Kahn Gillmor
4cb789aa09 cli/show: emit new whole-message crypto status output
This allows MUAs that don't want to think about per-mime-part
cryptographic status to have a simple high-level overview of the
message's cryptographic state.

Sensibly structured encrypted and/or signed messages will work fine
with this.  The only requirement for the simplest encryption + signing
is that the message have all of its encryption and signing protection
(the "cryptographic envelope") in a contiguous set of MIME layers at
the very outside of the message itself.

This is because messages with some subparts signed or encrypted, but
with other subparts with no cryptographic protection is very difficult
to reason about, and even harder for the user to make sense of or work
with.

For further characterization of the Cryptographic Envelope and some of
the usability tradeoffs, see here:

   https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope
2019-05-26 08:20:23 -03:00
Daniel Kahn Gillmor
7e6f55b268 gmime-cleanup: simplify T355-smime.sh
GMime 3.0 and later can handle User ID as expected.

signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:55:52 -03:00
David Bremner
040c3236af Merge branch 'release'
Conflicts:
        NEWS

Add in NEWS from point release
2017-12-08 22:19:06 -04:00
Daniel Kahn Gillmor
cb855d8a9d crypto: signature verification reports valid User IDs
When i'm trying to understand a message signature, i care that i know
who it came from (the "validity" of the identity associated with the
key), *not* whether i'm willing to accept the keyholder's other
identity assertions (the "trust" associated with the certificate).

We've been reporting User ID information based on the "trust"
associated with the certificate, because GMime didn't clearly expose
the validity of the User IDs.

This change relies on fixes made in GMime 3.0.3 and later which
include https://github.com/jstedfast/gmime/pull/18.
2017-12-08 20:35:18 -04:00
Jani Nikula
bc349ad316 test: use source and build paths in T355-smime.sh
Make a distinction between source and build directories.
2017-10-20 20:49:18 -03:00
Jani Nikula
a863de1e43 test: use $(dirname "$0") for sourcing test-lib.sh
Don't assume the tests are always run from within the source tree.
2017-10-20 19:52:49 -03:00
David Bremner
e1b7d32db0 cli: implement structured output version 4
Since the error field is unused by the emacs front end, no changes are
needed other than bumping the format version number.

As it is, this is a bit overengineered, but it will reduce duplication
when we support gmime 3.0
2017-07-04 08:32:44 -03:00
Tomi Ollila
5f71a4d3e1 exit lingering gpg agents at the end of relevant tests
Since gnupg 2.1.20, gpg-agent no longer shut itself down when
$GNUPGHOME directory is removed.

Add exit hooks to the test modules which execute `gpgconf --kill all`

Add exit hooks to execute `gpgconf --kill all` in the modules that
create $GNUPGHOME for gpg to work with.
2017-05-26 07:26:06 -03:00
Jani Nikula
d0cd253b37 test: require test_begin_subtest before test_expect_success
Unify the subtests by requiring test_begin_subtest before
test_expect_success. (Similar change for test_expect_code will
follow.)

This increases clarity in the test scripts by having a separate line
for the start of the subtest with the heading, and makes it possible
to simplify the test infrastructure by making all subtests similar.
2017-03-09 09:01:21 -04:00
Jani Nikula
ea20a932f1 cli/show: add content-disposition to structured output message parts
Help the clients decide how to display parts.

Test updates by Mark Walters <markwalters1009@gmail.com>.
One more test fix by db
2017-02-28 08:03:00 -04:00
Jani Nikula
14c60cf168 cli/show: list all filenames of a message in the formatted output
Instead of just having the first filename for the message, list all
duplicate filenames of the message as a list in the formatted
outputs. This bumps the format version to 3.
2017-02-26 07:41:33 -04:00
Daniel Kahn Gillmor
d31161c212 tests: account for varying-size cryptographic signatures
GnuPG 2.1.16 is now injecting the full issuer fingerprint in its
signatures, which makes them about 32 octets larger when
ascii-armored.

This change in size means that the size of the MIME parts will vary
depending on the version of gpg that the user has installed.  at any
rate, the signature part should be non-zero (this is true for
basically any MIME part), so we just test for that instead of an exact
size.
2016-11-24 20:22:12 -04:00
Jani Nikula
2355f1522a cli: crypto: S/MIME verification support
notmuch-show --verify will now also process S/MIME multiparts if
encountered. Requires gmime-2.6 and gpgsm.

Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
2016-01-29 17:45:46 -04:00
David Bremner
a530a1706a test: add broken S/MIME signature verification test for notmuch CLI
The test is pretty much cut and paste from the PGP/MIME version, with
obvious updates taken from notmuch output.  This also requires setting
up gpgsm infrastucture.
2016-01-29 17:45:46 -04:00
David Bremner
ef30770dfa test: initial tests for S/MIME and notmuch-emacs
Test the ability of notmuch-mua-mail to send S/MIME signed (and
encrypted) messages; this really relies on existing functionality in
message-mode.

The generated keys and messages will later be useful for testing the
notmuch CLI.
2016-01-29 17:45:46 -04:00