* (no subject)
@ 2015-12-14 13:38 David Bremner
2015-12-14 13:38 ` [Patch v3 1/8] crypto: refactor context creation to facilitate further work David Bremner
` (7 more replies)
0 siblings, 8 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
This obsoletes
id:1449842087-10972-1-git-send-email-david@tethera.net
I reworked the tests to use gpgsm to generate the certificate. This
leaves less room for me to screw things up. Since this requires gpgsm
2.1, I'm including the certs in the patches, rather then having the
test suite generate them. This is probably more robust in any case,
since we are all then working with the same certificate when
debugging. I'm not sure whether to hardcode the fingerprint, leave the
previous code with computes it on the fly. So far I left the code, but
it could be simplified a bit.
One bizarro thing is that we show the expiry as a (very) negative
number. I think this because we call
sp->integer (sp, expires)
where expires is a time_t
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Patch v3 1/8] crypto: refactor context creation to facilitate further work
2015-12-14 13:38 David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 13:38 ` [Patch v3 2/8] crypto: make crypto ctx initialization an array David Bremner
` (6 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
From: Jani Nikula <jani@nikula.org>
Let the context creation functions decide how to handle multiple calls
and cache the crypto context. No functional changes.
---
crypto.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/crypto.c b/crypto.c
index a6eb27d..1187ad7 100644
--- a/crypto.c
+++ b/crypto.c
@@ -22,14 +22,20 @@
/* Create a GPG context (GMime 2.6) */
static notmuch_crypto_context_t *
-create_gpg_context (const char *gpgpath)
+create_gpg_context (notmuch_crypto_t *crypto)
{
notmuch_crypto_context_t *gpgctx;
+ if (crypto->gpgctx)
+ return crypto->gpgctx;
+
/* TODO: GMimePasswordRequestFunc */
- gpgctx = g_mime_gpg_context_new (NULL, gpgpath ? gpgpath : "gpg");
- if (! gpgctx)
+ gpgctx = g_mime_gpg_context_new (NULL, crypto->gpgpath ? crypto->gpgpath : "gpg");
+ if (! gpgctx) {
+ fprintf (stderr, "Failed to construct gpg context.\n");
return NULL;
+ }
+ crypto->gpgctx = gpgctx;
g_mime_gpg_context_set_use_agent ((GMimeGpgContext *) gpgctx, TRUE);
g_mime_gpg_context_set_always_trust ((GMimeGpgContext *) gpgctx, FALSE);
@@ -57,12 +63,7 @@ notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
*/
if (strcasecmp (protocol, "application/pgp-signature") == 0 ||
strcasecmp (protocol, "application/pgp-encrypted") == 0) {
- if (! crypto->gpgctx) {
- crypto->gpgctx = create_gpg_context (crypto->gpgpath);
- if (! crypto->gpgctx)
- fprintf (stderr, "Failed to construct gpg context.\n");
- }
- cryptoctx = crypto->gpgctx;
+ cryptoctx = create_gpg_context (crypto);
} else {
fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
}
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 2/8] crypto: make crypto ctx initialization an array
2015-12-14 13:38 David Bremner
2015-12-14 13:38 ` [Patch v3 1/8] crypto: refactor context creation to facilitate further work David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 13:38 ` [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported David Bremner
` (5 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
From: Jani Nikula <jani@nikula.org>
Make it trivial to add handlers for new protocols without duplicating
code. No functional changes.
---
crypto.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/crypto.c b/crypto.c
index 1187ad7..da0289d 100644
--- a/crypto.c
+++ b/crypto.c
@@ -43,12 +43,27 @@ create_gpg_context (notmuch_crypto_t *crypto)
return gpgctx;
}
+static const struct {
+ const char *protocol;
+ notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
+} protocols[] = {
+ {
+ .protocol = "application/pgp-signature",
+ .get_context = create_gpg_context,
+ },
+ {
+ .protocol = "application/pgp-encrypted",
+ .get_context = create_gpg_context,
+ },
+};
+
/* for the specified protocol return the context pointer (initializing
* if needed) */
notmuch_crypto_context_t *
notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
{
notmuch_crypto_context_t *cryptoctx = NULL;
+ size_t i;
if (! protocol) {
fprintf (stderr, "Cryptographic protocol is empty.\n");
@@ -61,14 +76,14 @@ notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
* parameter names as defined in this document are
* case-insensitive." Thus, we use strcasecmp for the protocol.
*/
- if (strcasecmp (protocol, "application/pgp-signature") == 0 ||
- strcasecmp (protocol, "application/pgp-encrypted") == 0) {
- cryptoctx = create_gpg_context (crypto);
- } else {
- fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
+ for (i = 0; i < ARRAY_SIZE (protocols); i++) {
+ if (strcasecmp (protocol, protocols[i].protocol) == 0)
+ return protocols[i].get_context (crypto);
}
- return cryptoctx;
+ fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
+
+ return NULL;
}
int
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported
2015-12-14 13:38 David Bremner
2015-12-14 13:38 ` [Patch v3 1/8] crypto: refactor context creation to facilitate further work David Bremner
2015-12-14 13:38 ` [Patch v3 2/8] crypto: make crypto ctx initialization an array David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-30 15:30 ` David Bremner
2015-12-14 13:38 ` [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs David Bremner
` (4 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
From: Jani Nikula <jani@nikula.org>
The current error message is not helpful.
---
crypto.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto.c b/crypto.c
index da0289d..feae949 100644
--- a/crypto.c
+++ b/crypto.c
@@ -81,7 +81,8 @@ notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
return protocols[i].get_context (crypto);
}
- fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
+ fprintf (stderr, "Unknown or unsupported cryptographic protocol %s.\n",
+ protocol);
return NULL;
}
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs
2015-12-14 13:38 David Bremner
` (2 preceding siblings ...)
2015-12-14 13:38 ` [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 20:03 ` David Bremner
2015-12-14 13:38 ` [Patch v3 5/8] test: add broken S/MIME signature verification test for notmuch CLI David Bremner
` (3 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
Test the ability of notmuch-mua-mail to send S/MIME signed (and
encrypted) messages; this really relies on existing functionality in
message-mode.
The generated keys and messages will later be useful for testing the
notmuch CLI.
---
test/T355-smime.sh | 42 +++++++++++++++++++++++++++++++++++++
test/smime/README | 7 +++++++
test/smime/key+cert.pem | 56 +++++++++++++++++++++++++++++++++++++++++++++++++
test/smime/test.crt | 19 +++++++++++++++++
test/test-lib.el | 10 +++++++++
test/test-lib.sh | 1 +
6 files changed, 135 insertions(+)
create mode 100755 test/T355-smime.sh
create mode 100644 test/smime/README
create mode 100644 test/smime/key+cert.pem
create mode 100644 test/smime/test.crt
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
new file mode 100755
index 0000000..e3419d6
--- /dev/null
+++ b/test/T355-smime.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+test_description='S/MIME signature verification and decryption'
+. ./test-lib.sh
+
+test_require_external_prereq openssl
+test_require_external_prereq gpgsm
+
+cp $TEST_DIRECTORY/smime/key+cert.pem test_suite.pem
+
+FINGERPRINT=$(openssl x509 -fingerprint -in test_suite.pem -noout | sed -e 's/^.*=//' -e s/://g)
+
+test_expect_success 'emacs delivery of S/MIME signed message' \
+ 'emacs_fcc_message \
+ "test signed message 001" \
+ "This is a test signed message." \
+ "(mml-secure-message-sign \"smime\")"'
+
+# Hard code the MML to avoid several interactive questions
+test_expect_success 'emacs delivery of S/MIME encrypted + signed message' \
+'emacs_fcc_message \
+ "test encrypted message 001" \
+ "<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'
+
+test_begin_subtest "Signature verification (openssl)"
+notmuch show --format=raw subject:"test signed message 001" |\
+ openssl smime -verify -CAfile $TEST_DIRECTORY/smime/test.crt 2>OUTPUT
+cat <<EOF > EXPECTED
+Verification successful
+EOF
+test_expect_equal_file EXPECTED OUTPUT
+
+test_begin_subtest "Decryption and signature verification (openssl)"
+notmuch show --format=raw subject:"test encrypted message 001" |\
+ openssl smime -decrypt -recip test_suite.pem |\
+ openssl smime -verify -CAfile $TEST_DIRECTORY/smime/test.crt 2>OUTPUT
+cat <<EOF > EXPECTED
+Verification successful
+EOF
+test_expect_equal_file EXPECTED OUTPUT
+
+test_done
diff --git a/test/smime/README b/test/smime/README
new file mode 100644
index 0000000..92803c7
--- /dev/null
+++ b/test/smime/README
@@ -0,0 +1,7 @@
+test.crt: self signed certificated
+ % gpgsm --gen-key # needs gpgsm 2.1
+
+key+cert.pem: cert + unencryped private
+ % gpsm --import test.crt
+ % gpgsm --export-private-key-p12 -out foo.p12 (no passphrase)
+ % openssl pkcs12 -in ns.p12 -clcerts -nodes > key+cert.pem
diff --git a/test/smime/key+cert.pem b/test/smime/key+cert.pem
new file mode 100644
index 0000000..6ee30cf
--- /dev/null
+++ b/test/smime/key+cert.pem
@@ -0,0 +1,56 @@
+Bag Attributes
+ friendlyName: GnuPG exported certificate e0972a47
+ localKeyID: 61 6F 46 CD 73 83 4C 63 84 77 56 AF 0D FB 64 A6 E0 97 2A 47
+subject=/CN=Notmuch Test Suite
+issuer=/CN=Notmuch Test Suite
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfOgAwIBAgIIb3SMlL0MZ6kwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UE
+AxMSTm90bXVjaCBUZXN0IFN1aXRlMCAXDTE1MTIxNDAyMDgxMFoYDzIwNjMwNDA1
+MTcwMDAwWjAdMRswGQYDVQQDExJOb3RtdWNoIFRlc3QgU3VpdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7vH1/lkENTAJRbyq2036K7Pw+imSIhB5T
+U0WnAgVGWOemY1Eppi9Dk6rjDxuuUKOCQ5el2wmFZN57Fi/4leBH7x217BnnqWNU
+QV88DxEfV+sk8dSb4a5FOOyfhFJmZso/0lK8x0fBcCNjmRFIjB1afSSXWnCvRpAR
+v+O9trLJuIjbbmXg1gltjuB5yDw8/OLEI7G7YSIop9FxopWJL5rW/o2WEfRPGpYe
+HNRLObCRIvbyDd6XjaCrKBuIrhN7R7mmIa9PUyl8TiY+pCMWs9dHmOsiC73/+P6E
+AhsTOY1bfbGQXBAGZ/FL+SgC5wEcPr2u3+y8y5gw2bpaVhQnu6YLAgMBAAGjTTBL
+MCUGA1UdEQQeMByBGnRlc3Rfc3VpdGVAbm90bXVjaG1haWwub3JnMBEGCisGAQQB
+2kcCAgEEAwEB/zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBb
+XP5OnRVplrEdlnivx3CbCLWO13fcMWXfvKxLGsKFwKuxtpvINFUKM+jDr0kVdQ3d
+u3DJe2hNFQMILK/KrGyN5qEz2YBdHNvdkkvWA+3WHr/tiNr6Rly6QuxBzouxzmRu
+MmnUhsOzZaHT3GmLSVJlwie8KqSfKVGwyBmCyHbUQkMrSEV6QDESN6KyWt85gokB
+56Bc/wVq073xS1nFbfF1M3Z5q5BlLZK4IOerKTQx/oSfR4EX6B7rW2pttWsUCyEj
+LljaA8ehxR9B29m08IGGl43pHEpC1WnOHvsEGs99mPpjWbUgVv5KY7OuS/8iVw6v
+/Yy5Z+JBwlMzTBaUXXl3
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: GnuPG exported certificate e0972a47
+ localKeyID: 61 6F 46 CD 73 83 4C 63 84 77 56 AF 0D FB 64 A6 E0 97 2A 47
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7vH1/lkENTAJR
+byq2036K7Pw+imSIhB5TU0WnAgVGWOemY1Eppi9Dk6rjDxuuUKOCQ5el2wmFZN57
+Fi/4leBH7x217BnnqWNUQV88DxEfV+sk8dSb4a5FOOyfhFJmZso/0lK8x0fBcCNj
+mRFIjB1afSSXWnCvRpARv+O9trLJuIjbbmXg1gltjuB5yDw8/OLEI7G7YSIop9Fx
+opWJL5rW/o2WEfRPGpYeHNRLObCRIvbyDd6XjaCrKBuIrhN7R7mmIa9PUyl8TiY+
+pCMWs9dHmOsiC73/+P6EAhsTOY1bfbGQXBAGZ/FL+SgC5wEcPr2u3+y8y5gw2bpa
+VhQnu6YLAgMBAAECggEAVhtHCHz3C01Ahu9RDRgGI1w8+cZqA/9tFVTNTqNrne9r
+GHLXKB4z8W/KYmhsjtAnnri31neXb1prfNMZX5AGlZfD7cwDubCEgYGWV6qldNXT
+YVeV54VkdBV+2k9Lp/Ifc5RZJILWk4+Ge8kaF0dEs1tQrCbsJkhcDfgQUdR5PnGe
+6cKv/8HJo0ep6u5cJloIluit8yF3z4+aHixMQBvQKm/8tug+EsrQZ3IVXbh1hONO
+AZ68z9CrU2pJ/0w/jwwcM5feRfTMC7bZ3vkQb1mQKYFJrvN77TGroUtAZFWqJw7M
+r0f2MShdVjfEdJ1ySnCyKF24cSSPSQsLZUe4UlFyQQKBgQDlqr9ajaUzc6Lyma2e
+Q1IJapbX2OZQtf5tlKVCVtZOlu5r97YMOK96XsQFKtdxhAhrGvvTJwPmwhj+fqfR
+XltNrmUBpHCMsm9nloADvBS83KTP5tw9TMT0VZpt+m5XmvutdyQbSKwy+KMy+GZz
+/XBQCfTEoiDS4grGFftvZuRB4QKBgQDRQvsVFMh2NOnVGqczHJNGjvbDueUJmPUN
+3VxZc/FpBGLRSoN7uxQ4dGNnwyvXHs+pLAAC6xZpFCos9c3R8EPvoMyUehoDSAKW
+CMD4C+K8z7n4ducE5a0NrGIgQvnXtteKr3ZwK8V7cscyTCyjXdrQmQ5XHeue8asR
+758g+dG9awKBgEWuZJho2XKe5xWMIu0dp8pLmLCsklRyo1tD+lACYMs/Z99CLO3Q
+VQ1fq0GWGf/K+3LjoPwTnk9pHIQ6kVgotLMA8oxpA+zsRni7ZOO9MN2MZETf2nqO
+zEMFpfEwRkI2N54Nw9qzVeuxHHLegtc2Udk27BisyCCzjGlFSiAmq6KBAoGAFGfE
+RXjcvT65HX8Gaya+wtugFB8BRx0JX7dI6OLk5ZKLmq0ykH2bQepgnWermmU4we77
+0Dvtfa3u0YjZ/24XXg2YbSpWiWps0Y2/C7AyAAzq12/1OGcX5qk4Tbd0f+QkIset
+qxzmt4XcAKw50J+Vf3DmbYQ1M/BftCZcTm0ShHcCgYEAxp8mjE8iIHxFrm7nHMS0
+2/iWxO8DYaAZ0OLfjaZELHchVvTwa+DynbkwvOc3l4cbNTVaf9O6nmHTkLyBLBNr
+2htPKm1vi9TzNdvGqobFO3ijfvdGvq1rjQl86ns0cf395REmEaVX3zcw2v+GyC5n
+qE6Aa5bvdZ9Yykg6aoFo1mY=
+-----END PRIVATE KEY-----
diff --git a/test/smime/test.crt b/test/smime/test.crt
new file mode 100644
index 0000000..e5d1e82
--- /dev/null
+++ b/test/smime/test.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfOgAwIBAgIIb3SMlL0MZ6kwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UE
+AxMSTm90bXVjaCBUZXN0IFN1aXRlMCAXDTE1MTIxNDAyMDgxMFoYDzIwNjMwNDA1
+MTcwMDAwWjAdMRswGQYDVQQDExJOb3RtdWNoIFRlc3QgU3VpdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7vH1/lkENTAJRbyq2036K7Pw+imSIhB5T
+U0WnAgVGWOemY1Eppi9Dk6rjDxuuUKOCQ5el2wmFZN57Fi/4leBH7x217BnnqWNU
+QV88DxEfV+sk8dSb4a5FOOyfhFJmZso/0lK8x0fBcCNjmRFIjB1afSSXWnCvRpAR
+v+O9trLJuIjbbmXg1gltjuB5yDw8/OLEI7G7YSIop9FxopWJL5rW/o2WEfRPGpYe
+HNRLObCRIvbyDd6XjaCrKBuIrhN7R7mmIa9PUyl8TiY+pCMWs9dHmOsiC73/+P6E
+AhsTOY1bfbGQXBAGZ/FL+SgC5wEcPr2u3+y8y5gw2bpaVhQnu6YLAgMBAAGjTTBL
+MCUGA1UdEQQeMByBGnRlc3Rfc3VpdGVAbm90bXVjaG1haWwub3JnMBEGCisGAQQB
+2kcCAgEEAwEB/zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBb
+XP5OnRVplrEdlnivx3CbCLWO13fcMWXfvKxLGsKFwKuxtpvINFUKM+jDr0kVdQ3d
+u3DJe2hNFQMILK/KrGyN5qEz2YBdHNvdkkvWA+3WHr/tiNr6Rly6QuxBzouxzmRu
+MmnUhsOzZaHT3GmLSVJlwie8KqSfKVGwyBmCyHbUQkMrSEV6QDESN6KyWt85gokB
+56Bc/wVq073xS1nFbfF1M3Z5q5BlLZK4IOerKTQx/oSfR4EX6B7rW2pttWsUCyEj
+LljaA8ehxR9B29m08IGGl43pHEpC1WnOHvsEGs99mPpjWbUgVv5KY7OuS/8iVw6v
+/Yy5Z+JBwlMzTBaUXXl3
+-----END CERTIFICATE-----
diff --git a/test/test-lib.el b/test/test-lib.el
index 04c8d63..596a705 100644
--- a/test/test-lib.el
+++ b/test/test-lib.el
@@ -188,3 +188,13 @@ nothing."
;; environments
(setq mm-text-html-renderer 'html2text)
+
+;; Set some variables for S/MIME tests.
+
+(setq smime-keys '(("" "test_suite.pem" nil)))
+
+(setq mml-smime-use 'openssl)
+
+;; all test keys are without passphrase
+(eval-after-load 'smime
+ '(defun smime-ask-passphrase (cache) nil))
diff --git a/test/test-lib.sh b/test/test-lib.sh
index 126911f..2e9a499 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -1325,4 +1325,5 @@ test_declare_external_prereq emacs
test_declare_external_prereq ${TEST_EMACSCLIENT}
test_declare_external_prereq gdb
test_declare_external_prereq gpg
+test_declare_external_prereq openssl
test_declare_external_prereq ${NOTMUCH_PYTHON}
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 5/8] test: add broken S/MIME signature verification test for notmuch CLI
2015-12-14 13:38 David Bremner
` (3 preceding siblings ...)
2015-12-14 13:38 ` [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 13:38 ` [Patch v3 6/8] cli: crypto: S/MIME verification support David Bremner
` (2 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
The test is pretty much cut and paste from the PGP/MIME version, with
obvious updates taken from notmuch output. This also requires setting
up gpgsm infrastucture.
---
test/T355-smime.sh | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
test/test-lib.sh | 1 +
2 files changed, 50 insertions(+)
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index e3419d6..70a8287 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -3,6 +3,17 @@
test_description='S/MIME signature verification and decryption'
. ./test-lib.sh
+add_gpgsm_home ()
+{
+ local fpr
+ [ -d ${GNUPGHOME} ] && return
+ mkdir -m 0700 "$GNUPGHOME"
+ gpgsm --no-tty --no-common-certs-import --disable-dirmngr --import < $TEST_DIRECTORY/smime/test.crt >"$GNUPGHOME"/import.log 2>&1
+ fpr=$(gpgsm --list-key test_suite@notmuchmail.org | sed -n 's/.*fingerprint: //p')
+ echo "$fpr S relax" >> $GNUPGHOME/trustlist.txt
+ test_debug "cat $GNUPGHOME/import.log"
+}
+
test_require_external_prereq openssl
test_require_external_prereq gpgsm
@@ -10,6 +21,8 @@ cp $TEST_DIRECTORY/smime/key+cert.pem test_suite.pem
FINGERPRINT=$(openssl x509 -fingerprint -in test_suite.pem -noout | sed -e 's/^.*=//' -e s/://g)
+add_gpgsm_home
+
test_expect_success 'emacs delivery of S/MIME signed message' \
'emacs_fcc_message \
"test signed message 001" \
@@ -30,6 +43,42 @@ Verification successful
EOF
test_expect_equal_file EXPECTED OUTPUT
+test_begin_subtest "signature verification (notmuch CLI)"
+test_subtest_known_broken
+output=$(notmuch show --format=json --verify subject:"test signed message 001" \
+ | notmuch_json_show_sanitize \
+ | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
+ -e 's|"expires": [-1234567890]*|"expires": 424242424|' )
+expected='[[[{"id": "XXXXX",
+ "match": true,
+ "excluded": false,
+ "filename": "YYYYY",
+ "timestamp": 946728000,
+ "date_relative": "2000-01-01",
+ "tags": ["inbox","signed"],
+ "headers": {"Subject": "test signed message 001",
+ "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
+ "To": "test_suite@notmuchmail.org",
+ "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
+ "body": [{"id": 1,
+ "sigstatus": [{"status": "good",
+ "fingerprint": "'$FINGERPRINT'",
+ "expires": 424242424,
+ "created": 946728000}],
+ "content-type": "multipart/signed",
+ "content": [{"id": 2,
+ "content-type": "text/plain",
+ "content": "This is a test signed message.\n"},
+ {"id": 3,
+ "content-length": 1922,
+ "content-transfer-encoding": "base64",
+ "content-type": "application/x-pkcs7-signature",
+ "filename": "smime.p7s"}]}]},
+ []]]]'
+test_expect_equal_json \
+ "$output" \
+ "$expected"
+
test_begin_subtest "Decryption and signature verification (openssl)"
notmuch show --format=raw subject:"test encrypted message 001" |\
openssl smime -decrypt -recip test_suite.pem |\
diff --git a/test/test-lib.sh b/test/test-lib.sh
index 2e9a499..0790698 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -1326,4 +1326,5 @@ test_declare_external_prereq ${TEST_EMACSCLIENT}
test_declare_external_prereq gdb
test_declare_external_prereq gpg
test_declare_external_prereq openssl
+test_declare_external_prereq gpgsm
test_declare_external_prereq ${NOTMUCH_PYTHON}
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 6/8] cli: crypto: S/MIME verification support
2015-12-14 13:38 David Bremner
` (4 preceding siblings ...)
2015-12-14 13:38 ` [Patch v3 5/8] test: add broken S/MIME signature verification test for notmuch CLI David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 13:38 ` [Patch v3 7/8] debian: Recommend gpgsm for S/MIME support David Bremner
2015-12-14 13:38 ` [Patch v3 8/8] debian: add gpgsm as build dependency David Bremner
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
From: Jani Nikula <jani@nikula.org>
notmuch-show --verify will now also process S/MIME multiparts if
encountered. Requires gmime-2.6 and gpgsm.
Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
---
crypto.c | 35 +++++++++++++++++++++++++++++++++++
notmuch-client.h | 7 +++++--
test/T355-smime.sh | 1 -
3 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/crypto.c b/crypto.c
index feae949..3dabc97 100644
--- a/crypto.c
+++ b/crypto.c
@@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto)
return gpgctx;
}
+/* Create a PKCS7 context (GMime 2.6) */
+static notmuch_crypto_context_t *
+create_pkcs7_context (notmuch_crypto_t *crypto)
+{
+ notmuch_crypto_context_t *pkcs7ctx;
+
+ if (crypto->pkcs7ctx)
+ return crypto->pkcs7ctx;
+
+ /* TODO: GMimePasswordRequestFunc */
+ pkcs7ctx = g_mime_pkcs7_context_new (NULL);
+ if (! pkcs7ctx) {
+ fprintf (stderr, "Failed to construct pkcs7 context.\n");
+ return NULL;
+ }
+ crypto->pkcs7ctx = pkcs7ctx;
+
+ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
+ FALSE);
+
+ return pkcs7ctx;
+}
static const struct {
const char *protocol;
notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
@@ -55,6 +77,14 @@ static const struct {
.protocol = "application/pgp-encrypted",
.get_context = create_gpg_context,
},
+ {
+ .protocol = "application/pkcs7-signature",
+ .get_context = create_pkcs7_context,
+ },
+ {
+ .protocol = "application/x-pkcs7-signature",
+ .get_context = create_pkcs7_context,
+ },
};
/* for the specified protocol return the context pointer (initializing
@@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
crypto->gpgctx = NULL;
}
+ if (crypto->pkcs7ctx) {
+ g_object_unref (crypto->pkcs7ctx);
+ crypto->pkcs7ctx = NULL;
+ }
+
return 0;
}
diff --git a/notmuch-client.h b/notmuch-client.h
index 3bd2903..18e6c60 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -31,6 +31,8 @@
#include <gmime/gmime.h>
typedef GMimeCryptoContext notmuch_crypto_context_t;
+/* This is automatically included only since gmime 2.6.10 */
+#include <gmime/gmime-pkcs7-context.h>
#include "notmuch.h"
@@ -70,6 +72,7 @@ typedef struct notmuch_show_format {
typedef struct notmuch_crypto {
notmuch_crypto_context_t* gpgctx;
+ notmuch_crypto_context_t* pkcs7ctx;
notmuch_bool_t verify;
notmuch_bool_t decrypt;
const char *gpgpath;
@@ -407,8 +410,8 @@ struct mime_node {
/* Construct a new MIME node pointing to the root message part of
* message. If crypto->verify is true, signed child parts will be
* verified. If crypto->decrypt is true, encrypted child parts will be
- * decrypted. If crypto->gpgctx is NULL, it will be lazily
- * initialized.
+ * decrypted. If the crypto contexts (crypto->gpgctx or
+ * crypto->pkcs7) are NULL, they will be lazily initialized.
*
* Return value:
*
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index 70a8287..47e3e94 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -44,7 +44,6 @@ EOF
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)"
-test_subtest_known_broken
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 7/8] debian: Recommend gpgsm for S/MIME support
2015-12-14 13:38 David Bremner
` (5 preceding siblings ...)
2015-12-14 13:38 ` [Patch v3 6/8] cli: crypto: S/MIME verification support David Bremner
@ 2015-12-14 13:38 ` David Bremner
2015-12-14 13:38 ` [Patch v3 8/8] debian: add gpgsm as build dependency David Bremner
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
From: Jameson Graef Rollins <jrollins@finestructure.net>
---
debian/control | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 7e6a548..3e71ee4 100644
--- a/debian/control
+++ b/debian/control
@@ -31,7 +31,7 @@ Vcs-Browser: http://git.notmuchmail.org/git/notmuch
Package: notmuch
Architecture: any
Depends: libnotmuch4 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
-Recommends: notmuch-emacs | notmuch-vim | notmuch-mutt | alot, gnupg-agent
+Recommends: notmuch-emacs | notmuch-vim | notmuch-mutt | alot, gnupg-agent, gpgsm
Description: thread-based email index, search and tagging
Notmuch is a system for indexing, searching, reading, and tagging
large collections of email messages in maildir or mh format. It uses
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Patch v3 8/8] debian: add gpgsm as build dependency
2015-12-14 13:38 David Bremner
` (6 preceding siblings ...)
2015-12-14 13:38 ` [Patch v3 7/8] debian: Recommend gpgsm for S/MIME support David Bremner
@ 2015-12-14 13:38 ` David Bremner
7 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 13:38 UTC (permalink / raw)
To: notmuch
It's not needed for the actual build, but it is needed to run the
SMIME tests; <!nocheck> means it can be omitted if the tests are not
going to be run.
---
debian/control | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/control b/debian/control
index 3e71ee4..d08951c 100644
--- a/debian/control
+++ b/debian/control
@@ -22,6 +22,7 @@ Build-Depends:
emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~),
gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el],
dtach (>= 0.8),
+ gpgsm <!nocheck>,
bash-completion (>=1.9.0~)
Standards-Version: 3.9.6
Homepage: http://notmuchmail.org/
--
2.6.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs
2015-12-14 13:38 ` [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs David Bremner
@ 2015-12-14 20:03 ` David Bremner
2015-12-14 21:27 ` Tomi Ollila
0 siblings, 1 reply; 13+ messages in thread
From: David Bremner @ 2015-12-14 20:03 UTC (permalink / raw)
To: notmuch
David Bremner <david@tethera.net> writes:
> Test the ability of notmuch-mua-mail to send S/MIME signed (and
> encrypted) messages; this really relies on existing functionality in
> message-mode.
>
> The generated keys and messages will later be useful for testing the
> notmuch CLI.
> ---
> test/T355-smime.sh | 42 +++++++++++++++++++++++++++++++++++++
> test/smime/README | 7 +++++++
> test/smime/key+cert.pem | 56 +++++++++++++++++++++++++++++++++++++++++++++++++
> test/smime/test.crt | 19 +++++++++++++++++
> test/test-lib.el | 10 +++++++++
> test/test-lib.sh | 1 +
> 6 files changed, 135 insertions(+)
> create mode 100755 test/T355-smime.sh
> create mode 100644 test/smime/README
> create mode 100644 test/smime/key+cert.pem
> create mode 100644 test/smime/test.crt
>
> diff --git a/test/T355-smime.sh b/test/T355-smime.sh
> new file mode 100755
> index 0000000..e3419d6
> --- /dev/null
> +++ b/test/T355-smime.sh
> @@ -0,0 +1,42 @@
> +#!/usr/bin/env bash
> +
> +test_description='S/MIME signature verification and decryption'
> +. ./test-lib.sh
Apparently this needs
unset GPG_AGENT_INFO
at the beginning to avoid getting confused by a potential pre-2.1
gpg-agent.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs
2015-12-14 20:03 ` David Bremner
@ 2015-12-14 21:27 ` Tomi Ollila
2015-12-14 23:37 ` David Bremner
0 siblings, 1 reply; 13+ messages in thread
From: Tomi Ollila @ 2015-12-14 21:27 UTC (permalink / raw)
To: David Bremner, notmuch
On Mon, Dec 14 2015, David Bremner <david@tethera.net> wrote:
> David Bremner <david@tethera.net> writes:
>
>> Test the ability of notmuch-mua-mail to send S/MIME signed (and
>> encrypted) messages; this really relies on existing functionality in
>> message-mode.
>>
>> The generated keys and messages will later be useful for testing the
>> notmuch CLI.
>> ---
>> test/T355-smime.sh | 42 +++++++++++++++++++++++++++++++++++++
>> test/smime/README | 7 +++++++
>> test/smime/key+cert.pem | 56 +++++++++++++++++++++++++++++++++++++++++++++++++
>> test/smime/test.crt | 19 +++++++++++++++++
>> test/test-lib.el | 10 +++++++++
>> test/test-lib.sh | 1 +
>> 6 files changed, 135 insertions(+)
>> create mode 100755 test/T355-smime.sh
>> create mode 100644 test/smime/README
>> create mode 100644 test/smime/key+cert.pem
>> create mode 100644 test/smime/test.crt
>>
>> diff --git a/test/T355-smime.sh b/test/T355-smime.sh
>> new file mode 100755
>> index 0000000..e3419d6
>> --- /dev/null
>> +++ b/test/T355-smime.sh
>> @@ -0,0 +1,42 @@
>> +#!/usr/bin/env bash
>> +
>> +test_description='S/MIME signature verification and decryption'
>> +. ./test-lib.sh
>
> Apparently this needs
>
> unset GPG_AGENT_INFO
>
> at the beginning to avoid getting confused by a potential pre-2.1
> gpg-agent.
And, as the first patch series was very old it did not have this:
. ./test-lib.sh || exit 1
Tomi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs
2015-12-14 21:27 ` Tomi Ollila
@ 2015-12-14 23:37 ` David Bremner
0 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-14 23:37 UTC (permalink / raw)
To: Tomi Ollila, notmuch
Tomi Ollila <tomi.ollila@iki.fi> writes:
>> Apparently this needs
>>
>> unset GPG_AGENT_INFO
>>
>> at the beginning to avoid getting confused by a potential pre-2.1
>> gpg-agent.
>
> And, as the first patch series was very old it did not have this:
>
> . ./test-lib.sh || exit 1
Fixed in git.
Thanks,
d
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported
2015-12-14 13:38 ` [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported David Bremner
@ 2015-12-30 15:30 ` David Bremner
0 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2015-12-30 15:30 UTC (permalink / raw)
To: notmuch
David Bremner <david@tethera.net> writes:
> From: Jani Nikula <jani@nikula.org>
>
> The current error message is not helpful.
pushed the first 3 patches in this series
d
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2015-12-30 15:30 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-14 13:38 David Bremner
2015-12-14 13:38 ` [Patch v3 1/8] crypto: refactor context creation to facilitate further work David Bremner
2015-12-14 13:38 ` [Patch v3 2/8] crypto: make crypto ctx initialization an array David Bremner
2015-12-14 13:38 ` [Patch v3 3/8] cli: let the user know which protocol is unknown or unsupported David Bremner
2015-12-30 15:30 ` David Bremner
2015-12-14 13:38 ` [Patch v3 4/8] test: initial tests for S/MIME and notmuch-emacs David Bremner
2015-12-14 20:03 ` David Bremner
2015-12-14 21:27 ` Tomi Ollila
2015-12-14 23:37 ` David Bremner
2015-12-14 13:38 ` [Patch v3 5/8] test: add broken S/MIME signature verification test for notmuch CLI David Bremner
2015-12-14 13:38 ` [Patch v3 6/8] cli: crypto: S/MIME verification support David Bremner
2015-12-14 13:38 ` [Patch v3 7/8] debian: Recommend gpgsm for S/MIME support David Bremner
2015-12-14 13:38 ` [Patch v3 8/8] debian: add gpgsm as build dependency David Bremner
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).