From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 14/15] test/protected-headers: Add tests for S/MIME protected headers
Date: Tue, 28 Apr 2020 14:57:22 -0400 [thread overview]
Message-ID: <20200428185723.660184-15-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20200428185723.660184-1-dkg@fifthhorseman.net>
Recognize the protected subject for S/MIME example protected header
messages.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
| 38 +++++++++++++++++++++++++++++++---
1 file changed, 35 insertions(+), 3 deletions(-)
--git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
index 925805df..b7a83715 100755
--- a/test/T356-protected-headers.sh
+++ b/test/T356-protected-headers.sh
@@ -1,14 +1,14 @@
#!/usr/bin/env bash
-# TODO:
-# * check S/MIME as well as PGP/MIME
-
test_description='Message decryption with protected headers'
. $(dirname "$0")/test-lib.sh || exit 1
##################################################
+test_require_external_prereq gpgsm
+
add_gnupg_home
+add_gpgsm_home
add_email_corpus protected-headers
@@ -155,6 +155,38 @@ test_begin_subtest "identify message that had a legacy display part skipped duri
output=$(notmuch search --output=messages property:index.repaired=skip-protected-headers-legacy-display)
test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail.org
+for variant in multipart-signed onepart-signed; do
+ test_begin_subtest "verify signed PKCS#7 subject ($variant)"
+ test_subtest_known_broken
+ output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example")
+ test_json_nodes <<<"$output" \
+ 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \
+ 'sig_good:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' \
+ 'sig_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \
+ 'sig_uid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"' \
+ 'not_encrypted:[0][0][0]["crypto"]!"decrypted"'
+done
+
+for variant in sign+enc sign+enc+legacy-disp; do
+ test_begin_subtest "confirm signed and encrypted PKCS#7 subject ($variant)"
+ test_subtest_known_broken
+ output=$(notmuch show --decrypt=true --format=json "id:smime-${variant}@protected-headers.example")
+ test_json_nodes <<<"$output" \
+ 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \
+ 'sig_good:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' \
+ 'sig_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \
+ 'sig_uid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"' \
+ 'encrypted:[0][0][0]["crypto"]["decrypted"]={"status":"full","header-mask":{"Subject":"..."}}'
+done
+
+test_begin_subtest "confirm encryption-protected PKCS#7 subject (enc+legacy-disp)"
+test_subtest_known_broken
+output=$(notmuch show --decrypt=true --format=json "id:smime-enc+legacy-disp@protected-headers.example")
+test_json_nodes <<<"$output" \
+ 'encrypted:[0][0][0]["crypto"]["decrypted"]={"status":"full","header-mask":{"Subject":"..."}}' \
+ 'no_sig:[0][0][0]["crypto"]!"signed"'
+
+
# TODO: test that a part that looks like a legacy-display in
# multipart/signed, but not encrypted, is indexed and not stripped.
--
2.26.2
next prev parent reply other threads:[~2020-04-28 19:00 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-28 18:57 Add tests for S/MIME PKCS#7 messages Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 01/15] tests: move add_gpgsm_home to test-lib.sh Daniel Kahn Gillmor
2020-04-30 21:29 ` David Bremner
2020-04-28 18:57 ` [PATCH 02/15] tests/smime: Always use --batch with gpgsm Daniel Kahn Gillmor
2020-04-30 19:33 ` [PATCH 03/15 v2] tests/smime: Include the Sample LAMPS Certificate Authority Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 03/15] " Daniel Kahn Gillmor
2020-04-29 1:43 ` David Bremner
2020-04-30 16:51 ` Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 04/15] tests/smime: consistently quote $GNUPGHOME Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 05/15] tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 06/15] tests/smime: avoid copying the key+cert.pem around Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 07/15] test: Allow tests to have both gpg and gpgsm active at once Daniel Kahn Gillmor
2020-04-29 20:02 ` Tomi Ollila
2020-04-30 16:53 ` Daniel Kahn Gillmor
2020-04-30 19:34 ` [PATCH 07/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 08/15] tests/smime: include secret key material for Bob Daniel Kahn Gillmor
2020-04-29 20:05 ` Tomi Ollila
2020-04-30 16:56 ` Daniel Kahn Gillmor
2020-04-30 19:35 ` [PATCH 08/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 09/15] tests: Add S/MIME messages to protected-headers corpus Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 10/15] tests/smime: Verify cryptographic message status Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 11/15] tests/smime: Test indexing cleartext of envelopedData Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 12/15] test-lib.sh: add test_valid_json Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 13/15] tests/smime: add tests for S/MIME SignedData Daniel Kahn Gillmor
2020-04-28 18:57 ` Daniel Kahn Gillmor [this message]
2020-04-28 18:57 ` [PATCH 15/15] tests: disable CRL checks from gpgsm Daniel Kahn Gillmor
2020-04-29 20:12 ` Tomi Ollila
2020-04-30 19:00 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428185723.660184-15-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).