Re: [PATCH 2/4] util/crypto: identify and repair "Mixed Up" mangled messages
On Tue, May 28 2019, Daniel Kahn Gillmor wrote: > This patch implements a functional identification and repair process > for "Mixed Up" MIME messages as described in > https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1 > > The detection test is not entirely complete, in that it does not > verify the contents of the latter two message subparts, but this is > probably safe to skip, because those two parts are unlikely to be > readable anyway, and the only part we are effectively omitting (the > first subpart) is guaranteed to be empty anyway, so its removal can be > reversed if you want to do so. I've left FIXMEs in the code so that > anyone excited about adding these additional checks can see where to > put them in. > > I'll use this functionality in the next two patches. > > Signed-off-by: Daniel Kahn Gillmor > --- > util/crypto.c | 80 +++ > util/crypto.h | 9 ++ > 2 files changed, 89 insertions(+) I understand that this fix is for multipart/encrypted messages, but I'm not sure I would call the repair function itself a "crypto function". Given that I can imagine more repair functions in the future, would it make sense to break them out into their own library? jamie. ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH 4/4] cli/show: show repaired form of "Mixed Up" mangled messages
On Tue, May 28 2019, Daniel Kahn Gillmor wrote: > When showing a message that has been mangled in transit by an MTA in > the "Mixed up" way, "notmuch show" should instead show the repaired > form of the message. Given that this fix is in mime-node.c it will apply to reply as well, not just show, yes? ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH 4/4] cli/show: show repaired form of "Mixed Up" mangled messages
On Wed, May 29 2019, Jameson Graef Rollins wrote: > On Tue, May 28 2019, Daniel Kahn Gillmor wrote: >> When showing a message that has been mangled in transit by an MTA in >> the "Mixed up" way, "notmuch show" should instead show the repaired >> form of the message. > > Given that this fix is in mime-node.c it will apply to reply as well, > not just show, yes? Not that we really need to bother changing the commit log for that... just checking. ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: Safe and useful handling of "Mixed Up" mangled messages
On Wed, May 29 2019, Daniel Kahn Gillmor wrote: > On Tue 2019-05-28 18:58:22 -0400, Daniel Kahn Gillmor wrote: >> I forgot to mention: this test case makes use of the test_json_nodes >> functionality introduced in 03/17 of the protected header series. >> >> So please only consider this after that patch has been merged. > > It has been merged, so this series is good to go. Please review! > > I'm running this series today, and it is definitely useful. It'd be > great to get it into 0.29 if we can. As someone who's messages have been mangled in this way, I very much appreciate this fix. Thank you dkg! Daniel has documented this particular mangling very well in his IETF draft [0], and this patch follows the recommendation there for fixing messages. The way he handles the repair seems reasonable to me (modulo a couple minor comments in reply). I suppose the index.repaired property is a good way to indicate that a repair has happened. Given that we can have multiple properties with the same key, we will be able to indicate other repairs in the same way, which is good. All tests pass for me with these patches. jamie. [0] https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: Protected Headers (2nd major revision, more testing!)
Daniel Kahn Gillmor writes: > Hi all-- > > Way back in id:20180511055544.13676-1-...@fifthhorseman.net, i > proposed support for protected headers (in particular, for being able > to read and search for subject lines of encrypted messages which > protect the Subject). Although that series was reviewed by Bremner, i > never managed to get it in shape for merging. > > This is a revision of that series, applied against the current master, > having taken into account those reviews and the current state of the > notmuch codebase. I'm hoping that we can get it into 0.29 before the > feature freeze. It's in. I did bodge things up slightly due to the threading of patch 14, but I added the trivial patch with the one line change I missed. d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: Segfault on notmuch compiled using commit 73cebe6e7233f59ba26d9f7c05265b7776795818
rey-coyrehourcq writes: > Finally found my problem, > I install notmuch into custom dir, and the declared PATH point to an old > binary > in the wrong /bin folder. > I works now. > Sorry for that, and thanks David for your help. Great, glad it's working. And thanks for taking the time to make a good bug report. d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] NEWS: add a note about protected headers
Signed-off-by: Daniel Kahn Gillmor --- NEWS | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 8f250ab9..c08c564e 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,10 @@ mboxes); e.g. `gzip -9 $MAIL/archive/giant-message && notmuch new` should work. Note that maildir flag syncing for gzipped messages is currently untested. +Notmuch is now capable of indexing, searching and rendering +cryptographically-protected Subject: headers of the form produced by +Enigmail and K-9 mail in encrypted messages. + Command Line Interface -- @@ -30,7 +34,8 @@ Fix several performance problems with `notmuch reindex`. `notmuch show` and `notmuch reply` now emit per-message cryptographic status in their json and sexp output formats. See devel/schemata for -more details about what is included there. +more details about what is included there. This status includes +information about cryptographic protections for the Subject header. Emacs - -- 2.20.1 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: Protected Headers (2nd major revision, more testing!)
On Wed 2019-05-29 08:44:00 -0300, David Bremner wrote: > It's in. Thanks! > I did bodge things up slightly due to the threading of patch 14, but I > added the trivial patch with the one line change I missed. that's not a bodge at all compared to the several different bodges i did on that threading. i've verified that the result (2c1e5c186ee36fb215d3f312f9801884f4720d8f) is as i expected. Thanks for the merge! --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: Safe and useful handling of "Mixed Up" mangled messages
On Tue 2019-05-28 18:58:22 -0400, Daniel Kahn Gillmor wrote: > I forgot to mention: this test case makes use of the test_json_nodes > functionality introduced in 03/17 of the protected header series. > > So please only consider this after that patch has been merged. It has been merged, so this series is good to go. Please review! I'm running this series today, and it is definitely useful. It'd be great to get it into 0.29 if we can. --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] test: signature verification during decryption (session keys)
When the user knows the signer's key, we want "notmuch show" to be able to verify the signature of an encrypted and signed message regardless of whether we are using a stashed session key or not. I wrote this test because I was surprised to see signature verification failing when viewing some encrypted messages after upgrading to GPGME 1.13.0-1 in debian experimental. The added tests here all pass with GPGME 1.12.0, but the final test fails with 1.13.0, due to some buggy updates to GPGME upstream: see https://dev.gnupg.org/T3464 for more details. While the bug needs to be fixed in GPGME, notmuch's test suite needs to make sure that GMime is doing what we expect it to do; i was a bit surprised that it hadn't caught the problem, hence this patch. I've fixed this bug in debian experimental with gpgme 1.13.0-2, so the tests should pass on any debian system. I've also fixed it in the gpgme packages (1.13.0-2~ppa1) in the ubuntu xenial PPA (ppa:notmuch/notmuch) that notmuch uses for Travis CI. Signed-off-by: Daniel Kahn Gillmor --- test/T357-index-decryption.sh| 19 + test/corpora/crypto/encrypted-signed.eml | 35 2 files changed, 54 insertions(+) create mode 100644 test/corpora/crypto/encrypted-signed.eml diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 8a2d4c02..1ac2836a 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -226,6 +226,7 @@ output=$(notmuch dump | LC_ALL=C sort) expected='#= simple-encryp...@crypto.notmuchmail.org index.decryption=failure #notmuch-dump batch-tag:3 config,properties,tags +encrypted +inbox +unread -- id:basic-encryp...@crypto.notmuchmail.org ++encrypted +inbox +unread -- id:encrypted-sig...@crypto.notmuchmail.org +encrypted +inbox +unread -- id:simple-encryp...@crypto.notmuchmail.org' test_expect_equal \ "$output" \ @@ -288,6 +289,24 @@ test_expect_equal \ "$output" \ "$expected" +goodsig='good_sig:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' +nosig='no_sig:[0][0][0]["crypto"]!"signed"' + +test_begin_subtest "verify signature without a session key stashed when --decrypt=true" +output=$(notmuch show --format=json --decrypt=true id:encrypted-sig...@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" + +test_begin_subtest "do not verify sig without a session key stashed if --decrypt=auto" +output=$(notmuch show --format=json id:encrypted-sig...@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$nosig" + +test_begin_subtest "verify signature when --decrypt=stash" +output=$(notmuch show --format=json --decrypt=stash id:encrypted-sig...@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" + +test_begin_subtest "verify signature with stashed session key" +output=$(notmuch show --format=json id:encrypted-sig...@crypto.notmuchmail.org) +test_json_nodes <<<"$output" "$goodsig" # TODO: test removal of a message from the message store between # indexing and reindexing. diff --git a/test/corpora/crypto/encrypted-signed.eml b/test/corpora/crypto/encrypted-signed.eml new file mode 100644 index ..0345e3e9 --- /dev/null +++ b/test/corpora/crypto/encrypted-signed.eml @@ -0,0 +1,35 @@ +From: test_su...@notmuchmail.org +To: test_su...@notmuchmail.org +Subject: Lyrics +Date: Wed 29 May 2019 06:09:22 PM EDT +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-BEGIN PGP MESSAGE- + +hIwDxE023q1UqxYBBAC9z781zV7QAInGMKHX6TKU5Xw/OkoWXahpDL88F6Ocm5R9 +7M9z2ocvlyrbgRhqE+nvFeGH/K7rVkBBT6TAcdIe/C8Qzbd3stPPcx1PlunGROj7 +H/WAcmDksK3HkXpHwmInUtzNw1pkhOoLy/sFSbPvtyg8GCUzXbafHAIIo0rB2tLB +DwGWD3l4WdcyQWuYD9QJKuDIqdWo8E3TTcKkiOAt/6liwPNZ0jGzDeCuSTnWFj6Z +AiXGeNtD3I1tCN/8T3NjEKOCQ+bdT5Y06dDaL61FpQ23eIuSUgksVxjnkEAb6iPe +07gjzcyNuGP3WPI/0qu0wtZwpAQxvaNygDsQj/OjR5kn9luBd/VqodM3TWWS8miV +m0z1tYbqYAQWW6TS7fXlsyXoOxTLW5MCfe3D36VSErL/NJItETklVKzNfKjMmRKx +CI2ZUzugxPWSLQzOp5yl7iICk8e+vS9TkQw2j0nXAQYLYgmqZMhf4av5GlFv3tQu +heO4XLT6NBDTHMFTDbgW42kE0N4MDPc29AqVFGImcTHvflF4Vp0qIbSJdIcHwKkU +5LKqvicAa0lsIoJbsW3lHrzowyjov2vLH/VGd/wIX+MS3KT7cySdyp8HVMcwwyZu +Y9nrTN/7G1FwKWlcGa4uJNcFFkYlcEymZj1EX2cyrdezPtX7K5vhwBYddptFD+Bn +IVkghRut3UDeXe83F8OutWiZfK5EVYABq/aP3//hIbQl2o4Dkd3z9m+8LobrIV5s +NXjAjU5WQOjRLoHBebG2HkMpFsWhXD/Fb/Bb58VOpdI= +=x12v +-END PGP MESSAGE- +--=-=-=-- -- 2.20.1 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
