From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 19/20] test: protected headers should work when both encrypted and signed.
Date: Fri, 11 May 2018 01:55:43 -0400 [thread overview]
Message-ID: <20180511055544.13676-20-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20180511055544.13676-1-dkg@fifthhorseman.net>
Up to this point, we've tested protected headers on messages that have
either been encrypted or signed, but not both.
This adds a couple tests of signed+encrypted messages, one where the
subject line is masked (outside subject line is "encrypted message")
and another where it is not (outside Subject: matches inner Subject:)
See the discussion at
https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#protected-headers
for more details about the nuances between signed, stripped, and
stubbed headers.
---
| 16 +++++++++
.../encrypted-signed-not-masked.eml | 34 +++++++++++++++++++
| 34 +++++++++++++++++++
3 files changed, 84 insertions(+)
create mode 100644 test/corpora/protected-headers/encrypted-signed-not-masked.eml
create mode 100644 test/corpora/protected-headers/encrypted-signed.eml
--git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
index 035b3e01..ba1d8c29 100755
--- a/test/T356-protected-headers.sh
+++ b/test/T356-protected-headers.sh
@@ -112,4 +112,20 @@ notmuch reindex --decrypt=true id:protected-header@crypto.notmuchmail.org
output=$(notmuch search --output=messages 'subject:"This is a protected header"')
test_expect_equal "$output" 'id:protected-header@crypto.notmuchmail.org'
+test_begin_subtest "verify protected header is both signed and encrypted"
+output=$(notmuch show --decrypt=true --format=json id:encrypted-signed@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+ 'crypto:[0][0][0]["crypto"]={
+ "signed":{"status": [{"status": "good", "fingerprint": "5AEAB11F5E33DCE875DDB75B6D92612D94E46381", "created": 1525812676}],
+ "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full", "masked-headers": {"Subject": "encrypted message"}}}' \
+ 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"'
+
+test_begin_subtest "verify protected header is signed even when not masked"
+output=$(notmuch show --decrypt=true --format=json id:encrypted-signed-not-masked@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+ 'crypto:[0][0][0]["crypto"]={
+ "signed":{"status": [{"status": "good", "fingerprint": "5AEAB11F5E33DCE875DDB75B6D92612D94E46381", "created": 1525812676}],
+ "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full"}}' \
+ 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"'
+
test_done
diff --git a/test/corpora/protected-headers/encrypted-signed-not-masked.eml b/test/corpora/protected-headers/encrypted-signed-not-masked.eml
new file mode 100644
index 00000000..8dfd7c39
--- /dev/null
+++ b/test/corpora/protected-headers/encrypted-signed-not-masked.eml
@@ -0,0 +1,34 @@
+From: test_suite@notmuchmail.org
+To: test_suite@notmuchmail.org
+Subject: Rhinoceros dinner
+Date: Sat, 01 Jan 2000 12:00:00 +0000
+Message-ID: <encrypted-signed-not-masked@crypto.notmuchmail.org>
+MIME-Version: 1.0
+Content-Type: multipart/encrypted; boundary="=-=-=";
+ protocol="application/pgp-encrypted"
+
+--=-=-=
+Content-Type: application/pgp-encrypted
+
+Version: 1
+
+--=-=-=
+Content-Type: application/octet-stream
+
+-----BEGIN PGP MESSAGE-----
+
+hIwDxE023q1UqxYBBADAJ03D4w48sefkQsBWXUc1spTljROjVN+y5a2yCKtYMt3M
+wWMeQyem5hwLpLYRCfeIzXCrlBfpZffuOkA5okGGVEWFvJ5a1kZNZnH5Wg0ccBp7
+KBGnJY0gS/BlrKK2Sjmk9Z3ww7GAgDGPbc7mc3Csj9G38UvneBdrQgm6kZR3GNLA
+6AGLN3KJETruI3Js6++aG+7tSkJ8Vo4WCVUR7oQROwF601X0QF/XghCoJCrx8B/1
+cw6Yb2wQj2nv3gw1rqWVsPVpAKsMc1yHx/2Vsee/VPtt4f67fSAMuJF3EJ6JkcK7
+tM761v69GoJGgvsie45pb1N2l/GfVMuwWU0wZhEsF7eXxqPzoE/kIGX1XIqleLaw
+On2kPSM5RgqV6gLOcw4WaFPi0oMbDhltNs72SV9cV6ZhhuwEQRq+u/K76NKLwte2
+R1JutAiuPZVF0WanmmiN6RbIpWOB5XxQfWagfr4vcf/03TaLP4hJMnqUdFMk20HP
+eI8TMQxkfryZK2Z6VxEBVdXhK05VEdkolmc4j9U+76A96Gd5zbYPApirkebmZatS
+X3rKKAiBqwWrFXi/7LNDoCwhRRmqDuHXruh3vZEcz+xiPfJh0G31GJQgIpE15Sv6
+trf20u3CXAFjHg9zPpSFV7uAOsqv7bg+xtG9PgN4aLCiVbXHsT0z6PAz+6K+SiKw
+QW8ZOtLikj5HyLAz/TDcsIShFaM3QHk2qq9RY10kmxlQVrf9Oyh3Wmc=
+=om0O
+-----END PGP MESSAGE-----
+--=-=-=--
--git a/test/corpora/protected-headers/encrypted-signed.eml b/test/corpora/protected-headers/encrypted-signed.eml
new file mode 100644
index 00000000..d534e08a
--- /dev/null
+++ b/test/corpora/protected-headers/encrypted-signed.eml
@@ -0,0 +1,34 @@
+From: test_suite@notmuchmail.org
+To: test_suite@notmuchmail.org
+Subject: encrypted message
+Date: Sat, 01 Jan 2000 12:00:00 +0000
+Message-ID: <encrypted-signed@crypto.notmuchmail.org>
+MIME-Version: 1.0
+Content-Type: multipart/encrypted; boundary="=-=-=";
+ protocol="application/pgp-encrypted"
+
+--=-=-=
+Content-Type: application/pgp-encrypted
+
+Version: 1
+
+--=-=-=
+Content-Type: application/octet-stream
+
+-----BEGIN PGP MESSAGE-----
+
+hIwDxE023q1UqxYBBADAJ03D4w48sefkQsBWXUc1spTljROjVN+y5a2yCKtYMt3M
+wWMeQyem5hwLpLYRCfeIzXCrlBfpZffuOkA5okGGVEWFvJ5a1kZNZnH5Wg0ccBp7
+KBGnJY0gS/BlrKK2Sjmk9Z3ww7GAgDGPbc7mc3Csj9G38UvneBdrQgm6kZR3GNLA
+6AGLN3KJETruI3Js6++aG+7tSkJ8Vo4WCVUR7oQROwF601X0QF/XghCoJCrx8B/1
+cw6Yb2wQj2nv3gw1rqWVsPVpAKsMc1yHx/2Vsee/VPtt4f67fSAMuJF3EJ6JkcK7
+tM761v69GoJGgvsie45pb1N2l/GfVMuwWU0wZhEsF7eXxqPzoE/kIGX1XIqleLaw
+On2kPSM5RgqV6gLOcw4WaFPi0oMbDhltNs72SV9cV6ZhhuwEQRq+u/K76NKLwte2
+R1JutAiuPZVF0WanmmiN6RbIpWOB5XxQfWagfr4vcf/03TaLP4hJMnqUdFMk20HP
+eI8TMQxkfryZK2Z6VxEBVdXhK05VEdkolmc4j9U+76A96Gd5zbYPApirkebmZatS
+X3rKKAiBqwWrFXi/7LNDoCwhRRmqDuHXruh3vZEcz+xiPfJh0G31GJQgIpE15Sv6
+trf20u3CXAFjHg9zPpSFV7uAOsqv7bg+xtG9PgN4aLCiVbXHsT0z6PAz+6K+SiKw
+QW8ZOtLikj5HyLAz/TDcsIShFaM3QHk2qq9RY10kmxlQVrf9Oyh3Wmc=
+=om0O
+-----END PGP MESSAGE-----
+--=-=-=--
--
2.17.0
next prev parent reply other threads:[~2018-05-11 5:56 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-11 5:55 Protected headers in notmuch Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 01/20] test: new test framework to compare json parts Daniel Kahn Gillmor
2018-06-06 1:06 ` David Bremner
2018-06-06 14:49 ` Daniel Kahn Gillmor
2018-06-06 16:21 ` David Bremner
2018-06-06 20:18 ` Daniel Kahn Gillmor
2018-06-07 8:39 ` Tomi Ollila
2018-05-11 5:55 ` [PATCH 02/20] crypto: Avoid pretending to verify signatures on unsigned encrypted mail Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 03/20] cli/show: pass the siglist directly to the sigstatus sprinter Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 04/20] util/crypto: _notmuch_message_crypto: tracks message-wide crypto state Daniel Kahn Gillmor
2018-06-15 10:16 ` David Bremner
2018-06-28 21:15 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 05/20] cli: expose message-wide crypto status from mime-node Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 06/20] mime-node: track whole-message crypto state while walking the tree Daniel Kahn Gillmor
2018-06-15 10:52 ` David Bremner
2018-05-11 5:55 ` [PATCH 07/20] cli/show: emit new whole-message crypto status output Daniel Kahn Gillmor
2018-06-15 23:47 ` David Bremner
2018-06-29 15:41 ` Daniel Kahn Gillmor
2018-06-29 15:46 ` David Bremner
2018-05-11 5:55 ` [PATCH 08/20] cli/show: emit headers after emitting body Daniel Kahn Gillmor
2018-06-16 0:30 ` David Bremner
2018-05-11 5:55 ` [PATCH 09/20] util/crypto: add information about the payload part Daniel Kahn Gillmor
2018-06-25 1:15 ` David Bremner
2018-06-30 2:05 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 10/20] cli/show: add tests for viewing protected headers Daniel Kahn Gillmor
2018-06-25 1:31 ` David Bremner
2018-06-30 2:17 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 11/20] cli/show: emit payload subject instead of outside subject Daniel Kahn Gillmor
2018-06-29 0:40 ` David Bremner
2018-07-13 20:29 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 12/20] cli/show: add information about which headers were protected Daniel Kahn Gillmor
2018-06-29 0:58 ` David Bremner
2018-05-11 5:55 ` [PATCH 13/20] test: add test for missing external subject Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 14/20] test: show cryptographic envelope information for signed mails Daniel Kahn Gillmor
2018-06-29 11:38 ` David Bremner
2018-05-11 5:55 ` [PATCH 15/20] cli/reply: ensure encrypted Subject: line does not leak in the clear Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 16/20] cli: introduce flags for format_headers_sprinter Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 17/20] cli/reply: add --protected-subject boolean flag Daniel Kahn Gillmor
2018-06-29 11:51 ` David Bremner
2018-05-11 5:55 ` [PATCH 18/20] indexing: record protected subject when indexing cleartext Daniel Kahn Gillmor
2018-06-02 17:59 ` Jameson Graef Rollins
2018-05-11 5:55 ` Daniel Kahn Gillmor [this message]
2018-05-11 5:55 ` [PATCH 20/20] test: after reindexing, only legitimate protected subjects are searchable Daniel Kahn Gillmor
2018-06-02 18:25 ` Protected headers in notmuch Jameson Graef Rollins
2018-06-02 19:20 ` David Bremner
2018-06-03 13:44 ` Daniel Kahn Gillmor
2018-06-06 1:10 ` David Bremner
2018-06-03 18:14 ` Jameson Graef Rollins
2018-07-25 6:01 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180511055544.13676-20-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).