From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 861096DE0941 for ; Mon, 11 Dec 2017 23:18:22 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.027 X-Spam-Level: X-Spam-Status: No, score=-0.027 tagged_above=-999 required=5 tests=[AWL=-0.027] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZImMRKDc0bJ for ; Mon, 11 Dec 2017 23:18:22 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id DB8926DE0B64 for ; Mon, 11 Dec 2017 23:18:16 -0800 (PST) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 7161EF99D for ; Tue, 12 Dec 2017 02:18:16 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 4D9F720B78; Tue, 12 Dec 2017 02:18:13 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 2/5] cli/{show, reply}: try to decrypt inline PGP encrypted messages Date: Tue, 12 Dec 2017 02:15:50 -0500 Message-Id: <20171212071553.6440-3-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20171212071553.6440-1-dkg@fifthhorseman.net> References: <20171212071553.6440-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 07:18:22 -0000 We try this only for leaf parts that are explicitly marked as Content-Type: text/*, since we don't want to accidentally match on any other weird part that happens to contain the magic string, or on the payload child of a multipart/encrypted part. Of course, this only works for GMime 3.0 and later, because of how we're detecting the presence of the OpenPGP inline encrypted blob. --- mime-node.c | 4 ++ test/T359-inline-pgp-decryption.sh | 97 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100755 test/T359-inline-pgp-decryption.sh diff --git a/mime-node.c b/mime-node.c index 973133d9..3c94bb62 100644 --- a/mime-node.c +++ b/mime-node.c @@ -325,6 +325,10 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) } else { node_verify (node, part, cryptoctx); } +#if (GMIME_MAJOR_VERSION >= 3) + } else if (GMIME_IS_TEXT_PART (part) && g_mime_part_get_openpgp_data (GMIME_PART (part)) == GMIME_OPENPGP_DATA_ENCRYPTED) { + node_decrypt_and_verify (node, part, cryptoctx); +#endif } return node; diff --git a/test/T359-inline-pgp-decryption.sh b/test/T359-inline-pgp-decryption.sh new file mode 100755 index 00000000..c0db8eaf --- /dev/null +++ b/test/T359-inline-pgp-decryption.sh @@ -0,0 +1,97 @@ +#!/usr/bin/env bash + +test_description='Decryption of inline PGP messages' +. $(dirname "$0")/test-lib.sh || exit 1 + +################################################## + +add_gnupg_home + +test_begin_subtest "Adding inline PGP encrypted message" +mkdir -p "$MAIL_DIR/cur" +cat < "$MAIL_DIR/cur/inline-pgp-encrypted.eml" +Message-Id: inline-pgp-encrypted@testsuite.notmuchmail.org +Content-Type: text/plain +Subject: inline PGP encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org + +$(echo "this is the sekrit message" | gpg --no-tty --batch --quiet --trust-model=always --encrypt --armor --recipient test_suite@notmuchmail.org) +EOF +test_expect_success 'notmuch new' + +test_begin_subtest "inline PGP decryption, --format=json" +test_subtest_broken_gmime_2 +output=$(notmuch show --format=json --decrypt=true id:inline-pgp-encrypted@testsuite.notmuchmail.org \ + | notmuch_json_show_sanitize) +expected=' + [[[{"body": [{ + "content": "this is the sekrit message\n", + "content-type": "text/plain", + "encstatus": [{"status": "good" }], + "id": 1 + }], + "date_relative": "2000-01-01", + "excluded": false, + "filename": ["YYYYY"], + "headers": { + "Date": "Sat, 01 Jan 2000 12:00:00 +0000", + "From": "test_suite@notmuchmail.org", + "Subject": "inline PGP encrypted message", + "To": "test_suite@notmuchmail.org" + }, + "id": "XXXXX", + "match": true, + "tags": ["inbox", "unread"], + "timestamp": 946728000 + }, + []]]]' + +test_expect_equal_json \ + "$output" \ + "$expected" + +test_begin_subtest "inline PGP decryption for reply" +test_subtest_broken_gmime_2 +output=$(notmuch reply --format=json --decrypt=true id:inline-pgp-encrypted@testsuite.notmuchmail.org \ + | notmuch_json_show_sanitize) +expected=' + {"original": {"body": [{ + "content": "this is the sekrit message\n", + "content-type": "text/plain", + "encstatus": [{"status": "good" }], + "id": 1 + }], + "date_relative": "2000-01-01", + "excluded": false, + "filename": ["YYYYY"], + "headers": { + "Date": "Sat, 01 Jan 2000 12:00:00 +0000", + "From": "test_suite@notmuchmail.org", + "Subject": "inline PGP encrypted message", + "To": "test_suite@notmuchmail.org" + }, + "id": "XXXXX", + "match": false, + "tags": ["inbox", "unread"], + "timestamp": 946728000 + }, + "reply-headers": { + "From": "Notmuch Test Suite ", + "In-reply-to": "", + "References": "", + "Subject": "Re: inline PGP encrypted message" + } +}' + +test_expect_equal_json \ + "$output" \ + "$expected" + +test_begin_subtest "searching for cleartext of inline PGP encrypted message should fail" +output=$(notmuch search 'sekrit') +expected='' +test_expect_equal "$output" "$expected" + +test_done -- 2.15.1