When the user knows the signer's key, we want "notmuch show" to be able to verify the signature of an encrypted and signed message regardless of whether we are using a stashed session key or not. I wrote this test because I was surprised to see signature verification failing when viewing some encrypted messages after upgrading to GPGME 1.13.0-1 in debian experimental. The added tests here all pass with GPGME 1.12.0, but the final test fails with 1.13.0, due to some buggy updates to GPGME upstream: see https://dev.gnupg.org/T3464 for more details. While the bug needs to be fixed in GPGME, notmuch's test suite needs to make sure that GMime is doing what we expect it to do; i was a bit surprised that it hadn't caught the problem, hence this patch. I've fixed this bug in debian experimental with gpgme 1.13.0-2, so the tests should pass on any debian system. I've also fixed it in the gpgme packages (1.13.0-2~ppa1) in the ubuntu xenial PPA (ppa:notmuch/notmuch) that notmuch uses for Travis CI. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- test/T357-index-decryption.sh | 19 +++++++++++++ test/corpora/crypto/encrypted-signed.eml | 35 ++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 test/corpora/crypto/encrypted-signed.eml diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 8a2d4c02..1ac2836a 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -226,6 +226,7 @@ output=$(notmuch dump | LC_ALL=C sort) expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure #notmuch-dump batch-tag:3 config,properties,tags +encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org ++encrypted +inbox +unread -- id:encrypted-signed@crypto.notmuchmail.org +encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org' test_expect_equal \ "$output" \ @@ -288,6 +289,24 @@ test_expect_equal \ "$output" \ "$expected" +goodsig='good_sig:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' +nosig='no_sig:[0][0][0]["crypto"]!"signed"' + +test_begin_subtest "verify signature without a session key stashed when --decrypt=true" +output=$(notmuch show --format=json --decrypt=true id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" + +test_begin_subtest "do not verify sig without a session key stashed if --decrypt=auto" +output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$nosig" + +test_begin_subtest "verify signature when --decrypt=stash" +output=$(notmuch show --format=json --decrypt=stash id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" + +test_begin_subtest "verify signature with stashed session key" +output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" # TODO: test removal of a message from the message store between # indexing and reindexing. diff --git a/test/corpora/crypto/encrypted-signed.eml b/test/corpora/crypto/encrypted-signed.eml new file mode 100644 index 00000000..0345e3e9 --- /dev/null +++ b/test/corpora/crypto/encrypted-signed.eml @@ -0,0 +1,35 @@ +From: test_suite@notmuchmail.org +To: test_suite@notmuchmail.org +Subject: Lyrics +Date: Wed 29 May 2019 06:09:22 PM EDT +Message-ID: <encrypted-signed@crypto.notmuchmail.org> +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hIwDxE023q1UqxYBBAC9z781zV7QAInGMKHX6TKU5Xw/OkoWXahpDL88F6Ocm5R9 +7M9z2ocvlyrbgRhqE+nvFeGH/K7rVkBBT6TAcdIe/C8Qzbd3stPPcx1PlunGROj7 +H/WAcmDksK3HkXpHwmInUtzNw1pkhOoLy/sFSbPvtyg8GCUzXbafHAIIo0rB2tLB +DwGWD3l4WdcyQWuYD9QJKuDIqdWo8E3TTcKkiOAt/6liwPNZ0jGzDeCuSTnWFj6Z +AiXGeNtD3I1tCN/8T3NjEKOCQ+bdT5Y06dDaL61FpQ23eIuSUgksVxjnkEAb6iPe +07gjzcyNuGP3WPI/0qu0wtZwpAQxvaNygDsQj/OjR5kn9luBd/VqodM3TWWS8miV +m0z1tYbqYAQWW6TS7fXlsyXoOxTLW5MCfe3D36VSErL/NJItETklVKzNfKjMmRKx +CI2ZUzugxPWSLQzOp5yl7iICk8e+vS9TkQw2j0nXAQYLYgmqZMhf4av5GlFv3tQu +heO4XLT6NBDTHMFTDbgW42kE0N4MDPc29AqVFGImcTHvflF4Vp0qIbSJdIcHwKkU +5LKqvicAa0lsIoJbsW3lHrzowyjov2vLH/VGd/wIX+MS3KT7cySdyp8HVMcwwyZu +Y9nrTN/7G1FwKWlcGa4uJNcFFkYlcEymZj1EX2cyrdezPtX7K5vhwBYddptFD+Bn +IVkghRut3UDeXe83F8OutWiZfK5EVYABq/aP3//hIbQl2o4Dkd3z9m+8LobrIV5s +NXjAjU5WQOjRLoHBebG2HkMpFsWhXD/Fb/Bb58VOpdI= +=x12v +-----END PGP MESSAGE----- +--=-=-=-- -- 2.20.1 _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch