From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <notmuch-bounces@notmuchmail.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id 2PLJOOkg/l6/QwAA0tVLHw
	(envelope-from <notmuch-bounces@notmuchmail.org>)
	for <larch@yhetil.org>; Thu, 02 Jul 2020 18:01:13 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id gA+vNOkg/l7LPwAA1q6Kng
	(envelope-from <notmuch-bounces@notmuchmail.org>)
	for <larch@yhetil.org>; Thu, 02 Jul 2020 18:01:13 +0000
Received: from mail.notmuchmail.org (nmbug.tethera.net [IPv6:2607:5300:201:3100::1657])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 71AAC940655
	for <larch@yhetil.org>; Thu,  2 Jul 2020 18:01:13 +0000 (UTC)
Received: from [144.217.243.247] (localhost [127.0.0.1])
	by mail.notmuchmail.org (Postfix) with ESMTP id 9E4591F9AF;
	Thu,  2 Jul 2020 14:01:03 -0400 (EDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7])
	by mail.notmuchmail.org (Postfix) with ESMTPS id 567801F705
	for <notmuch@notmuchmail.org>; Thu,  2 Jul 2020 14:00:58 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple;
 d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019;
 t=1593712855; h=from : to : subject : date : message-id : in-reply-to
 : references : mime-version : content-transfer-encoding : from;
 bh=3owHxXc/aJFBC0a0QWoqNTeMxfAy5sUHAaqOn2fYSF0=;
 b=qs7BzeDyL4GQacVczDC3JPBbtU5dxYFQB1dSL+vJNpvKaQ5LOiIQ9lSGw0vXkv/uvHIJv
 Izv3TOgGaPJOD+DDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net;
 i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1593712855; h=from : to
 : subject : date : message-id : in-reply-to : references :
 mime-version : content-transfer-encoding : from;
 bh=3owHxXc/aJFBC0a0QWoqNTeMxfAy5sUHAaqOn2fYSF0=;
 b=KMj/JHEVNDr+Sm8/FWwYfrKfjF04N0DBtop3Ap3372KgrtT2+Q1retTRWuiMNWNfvUQOO
 TAgFn6PrioCbNqjIF0GlVlr6/CvJDRNVe7Ovbsc2PEe61jo4T9cEu1GnDaHINTXpagQ/mkU
 hOSjRy6imwvHU/ZtUbRmlphBFQ7FHGGkwgrjq7SH3G0VdGvuVmGEZtxKlzPoQqO6567FLnQ
 NVBDcLQipnNivpUCG9trLzqXntegm6rYe7vTPeWj5ITYqoQXtgNpeltuimJ0YD7NxDM8ZGq
 I0BMR0aBlLcH6QbO0s/2deYcMWPzypp4ECNgzzqVypeotNlxjQ9aGB9ARYCg==
Received: from fifthhorseman.net (tachanka.org [108.58.6.98])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by che.mayfirst.org (Postfix) with ESMTPSA id E390FF9A5
	for <notmuch@notmuchmail.org>; Thu,  2 Jul 2020 14:00:54 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
	id F0CA520297; Thu,  2 Jul 2020 14:00:49 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 1/2] configure: can gpgme can verify signatures when decrypting with a session key?
Date: Thu,  2 Jul 2020 14:00:48 -0400
Message-Id: <20200702180049.1705713-1-dkg@fifthhorseman.net>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <87366av72u.fsf@fifthhorseman.net>
References: <87366av72u.fsf@fifthhorseman.net>
MIME-Version: 1.0
Message-ID-Hash: JTIOYEGKP26QKCSWQLZVO2UOZGY2TM3Z
X-Message-ID-Hash: JTIOYEGKP26QKCSWQLZVO2UOZGY2TM3Z
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.2.1
Precedence: list
List-Id: "Use and development of the notmuch mail system." <notmuch.notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Subscribe: <mailto:notmuch-join@notmuchmail.org>
List-Unsubscribe: <mailto:notmuch-leave@notmuchmail.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (body hash did not verify) header.d=fifthhorseman.net header.s=2019 header.b=qs7BzeDy;
	dkim=fail (body hash did not verify) header.d=fifthhorseman.net header.s=2019rsa header.b=KMj/JHEV;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=fifthhorseman.net (policy=none);
	spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2607:5300:201:3100::1657 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org
X-Spam-Score: 2.13
X-TUID: FgDfG0uBB1f/

If https://dev.gnupg.org/T3464 is unresolved in the version of gpgme
we are testing against, then we should know about it, because it
affects the behavior of notmuch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 configure | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 77 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 2e01034b..2caa08c8 100755
--- a/configure
+++ b/configure
@@ -620,6 +620,78 @@ EOF
     if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
         rm -rf "$TEMP_GPG"
     fi
+
+    # see https://dev.gnupg.org/T3464
+    # there are problems verifying signatures when decrypting with session keys with GPGME 1.13.0 and 1.13.1
+    printf "Checking signature verification when decrypting using session keys... "
+
+    cat > _verify_sig_with_session_key.c <<EOF
+#include <stdio.h>
+#include <gmime/gmime.h>
+
+int main () {
+    GError *error = NULL;
+    GMimeParser *parser = NULL;
+    GMimeMultipartEncrypted *body = NULL;
+    GMimeDecryptResult *result = NULL;
+    GMimeSignatureList *sig_list = NULL;
+    GMimeSignature *sig = NULL;
+    GMimeObject *output = NULL;
+    GMimeSignatureStatus status;
+    int len;
+
+    g_mime_init ();
+    parser = g_mime_parser_new ();
+    g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/encrypted-signed.eml", "r", &error));
+    if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
+
+    body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
+    if (body == NULL) return !!	fprintf (stderr, "did not find a multipart/encrypted message\n");
+
+    output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_NONE, "9:13607E4217515A70EC8DF9DBC16C5327B94577561D98AD1246FA8756659C7899", &result, &error);
+    if (error || output == NULL) return !! fprintf (stderr, "decrypt failed\n");
+
+    sig_list = g_mime_decrypt_result_get_signatures (result);
+    if (sig_list == NULL) return !! fprintf (stderr, "sig_list is NULL\n");
+
+    if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
+    len = g_mime_signature_list_length (sig_list);
+    if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
+    sig = g_mime_signature_list_get_signature (sig_list, 0);
+    if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
+    status = g_mime_signature_get_status (sig);
+    if (status & GMIME_SIGNATURE_STATUS_KEY_MISSING) return !! fprintf (stderr, "signature status contains KEY_MISSING (see https://dev.gnupg.org/T3464)\n");
+
+    return 0;
+}
+EOF
+    if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
+        printf 'No.\nCould not make tempdir for testing signature verification when decrypting with session keys.\n'
+        errors=$((errors + 1))
+    elif ${CC} ${CFLAGS} ${gmime_cflags} _verify_sig_with_session_key.c ${gmime_ldflags} -o _verify_sig_with_session_key \
+            && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
+            && rm -f ${TEMP_GPG}/private-keys-v1.d/*.key
+    then
+        if GNUPGHOME=${TEMP_GPG} ./_verify_sig_with_session_key; then
+            gmime_verify_with_session_key=1
+            printf "Yes.\n"
+        else
+            gmime_verify_with_session_key=0
+            printf "No.\n"
+            cat <<EOF
+*** Error: GMime fails to verify signatures when decrypting with a session key.
+
+This is most likely due to a buggy version of GPGME, which should be fixed in 1.13.2 or later.
+See https://dev.gnupg.org/T3464 for more details.
+EOF
+        fi
+    else
+        printf 'No.\nFailed to set up gpg for testing signature verification while decrypting with a session key.\n'
+        errors=$((errors + 1))
+    fi
+    if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
+        rm -rf "$TEMP_GPG"
+    fi
 else
     have_gmime=0
     printf "No.\n"
@@ -1144,7 +1216,8 @@ for flag in -Wmissing-declarations; do
 done
 printf "\n\t%s\n" "${WARN_CFLAGS}"
 
-rm -f minimal minimal.c _time_t.c _libversion.c _libversion _libversion.sh _check_session_keys.c _check_session_keys _check_x509_validity.c _check_x509_validity
+rm -f minimal minimal.c _time_t.c _libversion.c _libversion _libversion.sh _check_session_keys.c _check_session_keys _check_x509_validity.c _check_x509_validity \
+   _verify_sig_with_session_key.c _verify_sig_with_session_key
 
 # construct the Makefile.config
 cat > Makefile.config <<EOF
@@ -1438,6 +1511,9 @@ NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
 # Whether GMime can verify X.509 certificate validity
 NOTMUCH_GMIME_X509_CERT_VALIDITY=${gmime_x509_cert_validity}
 
+# Whether GMime can verify signatures when decrypting with a session key:
+NOTMUCH_GMIME_VERIFY_WITH_SESSION_KEY=${gmime_verify_with_session_key}
+
 # do we have man pages?
 NOTMUCH_HAVE_MAN=$((have_sphinx))
 
-- 
2.27.0
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org