From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 48EAB6DE0A42 for ; Thu, 10 May 2018 22:56:04 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.019 X-Spam-Level: X-Spam-Status: No, score=-0.019 tagged_above=-999 required=5 tests=[AWL=-0.019, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8VMjJE_bD_m for ; Thu, 10 May 2018 22:56:03 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 17AF36DE026E for ; Thu, 10 May 2018 22:56:01 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 45CC7F99B for ; Fri, 11 May 2018 01:55:58 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id ED988215D3; Fri, 11 May 2018 01:55:52 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 10/20] cli/show: add tests for viewing protected headers Date: Fri, 11 May 2018 01:55:34 -0400 Message-Id: <20180511055544.13676-11-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180511055544.13676-1-dkg@fifthhorseman.net> References: <20180511055544.13676-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2018 05:56:04 -0000 Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. --- test/T356-protected-headers.sh | 69 +++++++++++++++++++ ...le-wrapped-with-phony-protected-header.eml | 38 ++++++++++ .../misplaced-protected-header.eml | 35 ++++++++++ .../nested-rfc822-message.eml | 32 +++++++++ .../no-protected-header-attribute.eml | 29 ++++++++ .../phony-protected-header-bad-encryption.eml | 30 ++++++++ .../protected-headers/protected-header.eml | 30 ++++++++ .../wrapped-protected-header.eml | 39 +++++++++++ 8 files changed, 302 insertions(+) create mode 100755 test/T356-protected-headers.sh create mode 100644 test/corpora/protected-headers/double-wrapped-with-phony-protected-header.eml create mode 100644 test/corpora/protected-headers/misplaced-protected-header.eml create mode 100644 test/corpora/protected-headers/nested-rfc822-message.eml create mode 100644 test/corpora/protected-headers/no-protected-header-attribute.eml create mode 100644 test/corpora/protected-headers/phony-protected-header-bad-encryption.eml create mode 100644 test/corpora/protected-headers/protected-header.eml create mode 100644 test/corpora/protected-headers/wrapped-protected-header.eml diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh new file mode 100755 index 00000000..9c6fe467 --- /dev/null +++ b/test/T356-protected-headers.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash + +# TODO: +# * check S/MIME as well as PGP/MIME +# * process headers protected by signature + +test_description='Message decryption with protected headers' +. $(dirname "$0")/test-lib.sh || exit 1 + +################################################## + +add_gnupg_home +# Change this if we ship a new test key +FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381" + +add_email_corpus protected-headers + +test_begin_subtest "verify protected header is not visible without decryption" +output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'no_crypto:[0][0][0]!"crypto"' \ + 'subject:[0][0][0]["headers"]["Subject"]="encrypted message"' + +test_begin_subtest "verify protected header is visible with decryption" +output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org) +test_subtest_known_broken +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"' + + +test_begin_subtest "misplaced protected headers should not be made visible during decryption" +output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="encrypted message"' + +test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails" +output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="encrypted message"' + +test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails" +output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'no_crypto:[0][0][0]!"crypto"' \ + 'subject:[0][0][0]["headers"]["Subject"]="encrypted message"' + +test_begin_subtest "wrapped protected headers should not be made visible during decryption" +output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] encrypted message"' + +test_begin_subtest "internal headers without protected-header attribute should be skipped" +output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="encrypted message"' + +test_begin_subtest "verify nested message/rfc822 protected header is visible" +output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org) +test_subtest_known_broken +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"' + +test_done diff --git a/test/corpora/protected-headers/double-wrapped-with-phony-protected-header.eml b/test/corpora/protected-headers/double-wrapped-with-phony-protected-header.eml new file mode 100644 index 00000000..629637eb --- /dev/null +++ b/test/corpora/protected-headers/double-wrapped-with-phony-protected-header.eml @@ -0,0 +1,38 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBACkvfKZEkuRUQ2ujdel8U2ufplGxE2oNOK+CI5S1O8cS9vE +DIkVIXAtpZcCc31pYBTRl0TwCrLKFT/siYfshbxyWjMZjX/Jc38Yjg9pDFTIZ312 +LoM5uH22f1X8O8020HgH+CQk9T4s9bBuvxTvJ6GQvK/ssnoYsGr9TGcjjh3uMdLp +AXkkF76a2iimkq2163ee/8X0vgI+2fx6EjJJvlcSIlDcUvhYHIt8kjnlADSBMpho +gaMa90baGlE1RAK9nSBC+4ty0fIlfsgcecRtFEifFRj6foYPFIFzkgwhRkXovouG +FyXi8QrDVS8cz61I03PMVsFHo4FtJw9cAfvTh45QFGl+inW2pSvZyRnyu6uHDe61 +NqUTJOVN4B+dFPbKafUKuJ4YGXLsDoQoE8VF0lwznA7AOATmqPQpp+Anq40C/4Su +Zf1hGaBTuYjlChSTMxX+wV22+PQwJmK3tl1NQRFGlR1pQZWdNcu6/6RGooiVZSg+ +VsmtZjgpZa8aaEEnrsIEVPfvbIZ4OQhmgNi4CYNB306UOjIh3/8m+8JmlkxPiGXW +gnzNUTuwKytlZnIgT1o9a7PAkz+ZiHhMLmk5nPN+dlwsVN7Ff1FHqLIMbKaZbeKK +txvhw7/NdaCALnjamqtDJTc4kL50F44DC0im0U9hcoy8X/HBrYkTGfHgRttCp5V/ +XisGT6/rzyUzTi2usZpRtl3WhHrE0Uj0w2Bm/Qqe64vNd3F8xwuJ5qMZ3QLVxoX0 +MPTajY1pLgfMViqLaLV8fR8hLmattxaO92sbVuxHiaba8er3jzO2HfmRLqesio7u +8FXZQnBgeqBkoRlrHhvScuZLJVU1I4UHd9s3mcR+IY5VvjxdPMcnxTNqcRB/He4H +MrrH26P0uSFe6WJYQVXEDt4OO73ROyFZE0+rSw1z+VnjmHVIzUVvvFqwJZo6Y/0v +1+3ab4TGMPJSkfQYHY8/O1RF67BNlA== +=gizc +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/misplaced-protected-header.eml b/test/corpora/protected-headers/misplaced-protected-header.eml new file mode 100644 index 00000000..50e2922d --- /dev/null +++ b/test/corpora/protected-headers/misplaced-protected-header.eml @@ -0,0 +1,35 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBACwbgx3N72gYKIU63tNE6kf6UA5ed39VFXh3zdM6eDdA0bG +DWt5yROckkCeCvMoFaRswK8MiX8aGG0GdH6VKhyn7HjT/Dm84QLwoB0ccZs3MnwU +aJ9yTC9HbX3yfTVZYOu0w47NZho/LXX2Yd1pi8OUgrPg44fjgvx2kNRQ9EsNBdLA +/AGMhwwcTPHjyWQ4XYZoL6WeVJfq2C0m3hQ3bxrKuAzW53HrSa4tPCXzX3G8KEz5 +sSk3ZOmajSvLde0LG8bxwexgAHC/Wd07e2HgHtZ/H+Cw9oYLgwcgVyXg7sGVrMrs +IlwW0Njf93DJmJZuTD8P9XJc3h1VzKA+YhbtnofFZw4JexpHcC+R8Lcso16Mkp91 +7Ig0E8WTZ+K+judGS010b5ND2ETyc+TYY4/XJ2R90pbNrRLNTFG+P2HUob6PBCwE +rXot6TeBSgm+k4bvl9aMKyrBSplKktQey4WsdblbJnJUxSl/rMpW6xwglkyIgrCU +vbhffqgB8y1JLmK6Ow/A6Pzi3T6Zn95zu2GN8+yAOzDhGwlAfIV85TYnX6ybOkX/ +Amoh7qNS17pzc6ch/mif/RsSPYo+y2UQuVFhG+kOy9oGAQOOHeiCWZPa09o3R2Jn +myMg1FPgoDgsjE6QpD0mx9ORdPGC2e8jwrifS/W9eHJ2QG+mNkcKlAr5b8WiUTkq +hEZ+BaaVhbXN8EuHHTJT6YojusCIsXI0BMF1su1KupQw+dwQnys8wuy45Fr3H58x +zqHoU9KzdQGLbeJTgA== +=+EWE +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/nested-rfc822-message.eml b/test/corpora/protected-headers/nested-rfc822-message.eml new file mode 100644 index 00000000..e838e211 --- /dev/null +++ b/test/corpora/protected-headers/nested-rfc822-message.eml @@ -0,0 +1,32 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBADCWqobSSS78XdrxhBh5W01OZbUMdnrwrYJsiG9fQoVfFHN +eALvOfviTcSBD97/jO2IRL2W8hyF7k1BVAYMwSuxe4qLbLdsxK1i4KBRIFRkm990 +ipBddgFXV16WNO2cTK7boEJ7Xfjp/zjoS2z2YUXsdGx3OSJciyHBVJki2UfkL9LA +egHa7dsw6BxoNbAkrD+ijVbsFrKHeeJIlWkNbSYOk/YLmqLAEy1CYvSvC8ZSBtQT +fVYc37fc3RB0vQC+Vu5k5d/I5Z1/Yz+McBJDMNvcn4yoFiXemY8YVFvj7iC0sbuq +lwitvgMYaljhb8RUQAa3Dy08Jju09DIBcCgRsx32U+3aqZ0MhU6CRgt8kc9oK1g4 +yBVppqpX6hCXjtt9LUArY3DIchRb+IWTXsb+eDR700GXDyNMk1G5WUl0eLuw75uz +EqU5Tjh36fP0ceMESjaxuxyhhw1jjE3ON7vqFQRVcs7UtazbxznWQH3Z73mDmY3G +q9JGMOOqVnnFdnEq8vDFF7m+Cp3N1ieyXUXjn3aLtvSRMmVV20Q5QXSFg8nP6juT +Yn1xZjqOodSeig1ITZZF58Whv+LHGtzDHwV8 +=cNYF +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/no-protected-header-attribute.eml b/test/corpora/protected-headers/no-protected-header-attribute.eml new file mode 100644 index 00000000..cf08ba30 --- /dev/null +++ b/test/corpora/protected-headers/no-protected-header-attribute.eml @@ -0,0 +1,29 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBA/9GY8NN4NDwpNttr/hTXpS701Z8TDr3hC89obZNnNpYxSct +p+YkS+FsPMLimIDfU1meG8R+YgtQOJIhmKPHW8CLQ1heBsX0Dcv2oLxXodqNGD7M +/szVRR6duVnALPgmV66vkcBHKbsiuv8EO86C7G1hAnXfs0H47WoeUz9dQ6RaHdKw +AVbxw7KWVbiP+S4SO1rvNsAL1xiRPA0FFmDRMyoFRC/618dGS6HitkD0UR708oVt +PooD4Rk22c8b549wvZ88flGk+WBCLhyXAuWYPHwag1DLzLjWH5r+XmK2O7JoQZeq +k7JM/M8QM+xetFaPmsWs52IynhXyWpXBBanm9NEsNEiIB59480D7tJ0oivo8T24d +izSAMGATP26ReatoXltCl9x8uUfUSAjWt8iJ1+n/3ds= +=hGDA +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/phony-protected-header-bad-encryption.eml b/test/corpora/protected-headers/phony-protected-header-bad-encryption.eml new file mode 100644 index 00000000..d7a3db89 --- /dev/null +++ b/test/corpora/protected-headers/phony-protected-header-bad-encryption.eml @@ -0,0 +1,30 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream +Subject: this should not show up as a protected header + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBA/9ZaOuxGtLVWiA7KQfB+4td1AILd1uy039UDb+9YwlhmJTq +mNqVJu+ZkFniZPMliM0z1QRBkBeL2Q7MrHAdYxYBKrDHKVja4O7jwqeKjy5BzQCW +fnyT+sb2Mh+dz5P2voF3XJHgqzhFY1rtVEatXSZADwwIVU6oZqGZ8GOELNGSd9KX +ASNElH7WGZB/TQ5X+MktzOLExx5QWaRK9skogI2RRoOquS7KpMcjzb2FWaJDjr1s +hd8FCQVjWuUDrolMGH8cgeq9iUBlHMzfPY6/jeGHNrjk12wwhBNcq6O95uzXtIRS +BM2xnwCYec6wYJ46fHukTgv+286nSQcV0XT6a+qM5GMgV5DMHW2vSyl6kTszJ3EP +xvQBfPCItA== +=Gkxz +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/protected-header.eml b/test/corpora/protected-headers/protected-header.eml new file mode 100644 index 00000000..1a767bf9 --- /dev/null +++ b/test/corpora/protected-headers/protected-header.eml @@ -0,0 +1,30 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream +Subject: this should not show up as a protected header + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBA/9ZaOuxGtLVWiA7KQfB+4td1AILd1uy039UDb+9YwlhmJTq +mNqVJu+ZkFniZPMliM0z1QRBkBeL2Q7MrHAdYxYBKrDHKVja4O7jwqeKjy5BzQCW +fnyT+sb2Mh+dz5P2voF3XJHgqzhFY1rtVEatXSZADwwIVU6oZqGZ8GOELNGSd9KX +ASNElH7WGZB/TQ5X+MktzOLExx5QWaRK9skogI2RRoOquS7KpMcjzb2FWaJDjr1s +RGboX7NG3xCvNUV2ByFTvLOeo7eO1GfUsabTUbMMvh3AE1UvHgCu8VJiRrMdmPln +BM2xnwCYec6wYJ46fHukTgv+286nSQcV0XT6a+qM5GMgV5DMHW2vSyl6kTszJ3EP +xvQBfPCItA== +=Gkxz +-----END PGP MESSAGE----- +--=-=-=-- diff --git a/test/corpora/protected-headers/wrapped-protected-header.eml b/test/corpora/protected-headers/wrapped-protected-header.eml new file mode 100644 index 00000000..6e242ef0 --- /dev/null +++ b/test/corpora/protected-headers/wrapped-protected-header.eml @@ -0,0 +1,39 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: [mailing-list] encrypted message +Date: Sat, 01 Jan 2000 12:00:00 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="zzzz" + +--zzzz +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBA/9ZaOuxGtLVWiA7KQfB+4td1AILd1uy039UDb+9YwlhmJTq +mNqVJu+ZkFniZPMliM0z1QRBkBeL2Q7MrHAdYxYBKrDHKVja4O7jwqeKjy5BzQCW +fnyT+sb2Mh+dz5P2voF3XJHgqzhFY1rtVEatXSZADwwIVU6oZqGZ8GOELNGSd9KX +ASNElH7WGZB/TQ5X+MktzOLExx5QWaRK9skogI2RRoOquS7KpMcjzb2FWaJDjr1s +RGboX7NG3xCvNUV2ByFTvLOeo7eO1GfUsabTUbMMvh3AE1UvHgCu8VJiRrMdmPln +BM2xnwCYec6wYJ46fHukTgv+286nSQcV0XT6a+qM5GMgV5DMHW2vSyl6kTszJ3EP +xvQBfPCItA== +=Gkxz +-----END PGP MESSAGE----- +--=-=-=-- + +--zzzz +Content-Type: text/plain + +This message body was re-wrapped by a mailing list +which is why the protected headers no longer work. +--zzzz-- -- 2.17.0