[PATCH 07/11] test: add crypto tests for signature verification and decryption
This adds a new "crypto" test script to the test suite to test
PGP/MIME signature verification and message decryption. Included here
is a test GNUPGHOME with a test secret key (passwordless), and test
for:
* signing/verification
* signing/verification with full owner trust
* verification with signer key unavailable
* encryption/decryption
* decryption failure with missing key
* encryption/decryption + signing/verfifying
* reply to encrypted message
* verification of signature from revoked key
These tests are not expected to pass now, but will as crypto
functionality is included.
---
test/basic |5 +-
test/crypto| 330
test/gnupg-secret-key.NOTE |9 ++
test/gnupg-secret-key.asc | 34 +
test/notmuch-test |1 +
test/test-lib.sh | 29
6 files changed, 407 insertions(+), 1 deletions(-)
create mode 100755 test/crypto
create mode 100644 test/gnupg-secret-key.NOTE
create mode 100644 test/gnupg-secret-key.asc
diff --git a/test/basic b/test/basic
index 3b43ad9..d6c0d00 100755
--- a/test/basic
+++ b/test/basic
@@ -57,7 +57,10 @@ available=$(ls -1 ../ | \
sed -r -e
"/^(aggregate-results.sh|Makefile|Makefile.local|notmuch-test)/d" \
-e "/^(README|test-lib.sh|test-results|tmp.*|valgrind|corpus*)/d" \
-e
"/^(emacs.expected-output|smtp-dummy|smtp-dummy.c|test-verbose)/d" \
- -e "/^(test.expected-output|.*~)/d" | sort)
+ -e "/^(test.expected-output|.*~)/d" \
+ -e "/^(gnupg-secret-key.asc)/d" \
+ -e "/^(gnupg-secret-key.NOTE)/d" \
+ | sort)
test_expect_equal "$tests_in_suite" "$available"
EXPECTED=../test.expected-output
diff --git a/test/crypto b/test/crypto
new file mode 100755
index 000..3b0f381
--- /dev/null
+++ b/test/crypto
@@ -0,0 +1,330 @@
+#!/bin/bash
+
+# TODO:
+# - decryption/verification with signer key not available
+# - verification of signatures from expired/revoked keys
+
+test_description='PGP/MIME signature verification and decryption'
+. ./test-lib.sh
+
+add_gnupg_home ()
+{
+local output
+[ -d ${GNUPGHOME} ] && return
+mkdir -m 0700 "$GNUPGHOME"
+gpg --no-tty --import <../gnupg-secret-key.asc >"$GNUPGHOME"/import.log
2>&1
+test_debug "cat $GNUPGHOME/import.log"
+if (gpg --quick-random --version >/dev/null 2>&1) ; then
+ echo quick-random >> "$GNUPGHOME"/gpg.conf
+elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
+ echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
+fi
+}
+
+##
+
+add_gnupg_home
+# get key fingerprint
+FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint |
grep '^fpr:' | cut -d: -f10)
+
+# for some reason this is needed for emacs_deliver_message to work,
+# although I can't figure out why
+add_email_corpus
+
+test_expect_success 'emacs delivery of signed message' \
+'emacs_deliver_message \
+"test signed message 001" \
+"This is a test signed message." \
+"(mml-secure-message-sign)"'
+
+test_begin_subtest "signature verification"
+output=$(notmuch show --format=json --verify subject:"test signed message 001"
\
+| notmuch_json_show_sanitize \
+| sed -e 's|"created": [1234567890]*|"created": 946728000|')
+expected='[[[{"id": "X",
+ "match": true,
+ "filename": "Y",
+ "timestamp": 946728000,
+ "date_relative": "2000-01-01",
+ "tags": ["inbox"],
+ "headers": {"Subject": "test signed message 001",
+ "From": "Notmuch Test Suite ",
+ "To": "test_suite at notmuchmail.org",
+ "Cc": "",
+ "Bcc": "",
+ "Date": "01 Jan 2000 12:00:00 -"},
+ "body": [{"id": 1,
+ "sigstatus": [{"status": "good",
+ "fingerprint": "'$FINGERPRINT'",
+ "created": 946728000}],
+ "content-type": "text/plain",
+ "content": "This is a test signed message.\n"}]},
+ ['
+test_expect_equal \
+"$output" \
+"$expected"
+
+test_begin_subtest "signature verification with full owner trust"
+# give the key full owner trust
+echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust
>>"$GNUPGHOME"/trust.log 2>&1
+gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
+output=$(notmuch show --format=json --verify subject:"test signed message 001"
\
+| notmuch_json_show_sanitize \
+| sed -e 's|"created": [1234567890]*|"created": 946728000|')
+expected='[[[{"id": "X",
+ "match": true,
+ "filename": "Y",
+ "timestamp": 946728000,
+ "date_relative": "2000-01-01",
+ "tags": ["inbox"],
+ "headers": {"Subject": "test signed message 001",
+ "From": "Notmuch Test Suite ",
+ "To": "test_suite at notmuchmail.org",
+ "Cc": "",
+ "Bcc": "",
+ "Date": "01 Jan 2000 12:00:00 -"},
+ "body": [{"id": 1,
+ "sigstatus": [{"status": "good",
+ "fingerprint": "'$FINGERPRINT'",
+ "created": 946728000,
+ "userid": " Notmuch Test Suite (INSECURE!)"}],
+ "content-type": "text/plain",
+ "content": "This is a test signed message.\n"}]},
+ ['
[PATCH 07/11] test: add crypto tests for signature verification and decryption
This adds a new crypto test script to the test suite to test
PGP/MIME signature verification and message decryption. Included here
is a test GNUPGHOME with a test secret key (passwordless), and test
for:
* signing/verification
* signing/verification with full owner trust
* verification with signer key unavailable
* encryption/decryption
* decryption failure with missing key
* encryption/decryption + signing/verfifying
* reply to encrypted message
* verification of signature from revoked key
These tests are not expected to pass now, but will as crypto
functionality is included.
---
test/basic |5 +-
test/crypto| 330
test/gnupg-secret-key.NOTE |9 ++
test/gnupg-secret-key.asc | 34 +
test/notmuch-test |1 +
test/test-lib.sh | 29
6 files changed, 407 insertions(+), 1 deletions(-)
create mode 100755 test/crypto
create mode 100644 test/gnupg-secret-key.NOTE
create mode 100644 test/gnupg-secret-key.asc
diff --git a/test/basic b/test/basic
index 3b43ad9..d6c0d00 100755
--- a/test/basic
+++ b/test/basic
@@ -57,7 +57,10 @@ available=$(ls -1 ../ | \
sed -r -e
/^(aggregate-results.sh|Makefile|Makefile.local|notmuch-test)/d \
-e /^(README|test-lib.sh|test-results|tmp.*|valgrind|corpus*)/d \
-e
/^(emacs.expected-output|smtp-dummy|smtp-dummy.c|test-verbose)/d \
- -e /^(test.expected-output|.*~)/d | sort)
+ -e /^(test.expected-output|.*~)/d \
+ -e /^(gnupg-secret-key.asc)/d \
+ -e /^(gnupg-secret-key.NOTE)/d \
+ | sort)
test_expect_equal $tests_in_suite $available
EXPECTED=../test.expected-output
diff --git a/test/crypto b/test/crypto
new file mode 100755
index 000..3b0f381
--- /dev/null
+++ b/test/crypto
@@ -0,0 +1,330 @@
+#!/bin/bash
+
+# TODO:
+# - decryption/verification with signer key not available
+# - verification of signatures from expired/revoked keys
+
+test_description='PGP/MIME signature verification and decryption'
+. ./test-lib.sh
+
+add_gnupg_home ()
+{
+local output
+[ -d ${GNUPGHOME} ] return
+mkdir -m 0700 $GNUPGHOME
+gpg --no-tty --import ../gnupg-secret-key.asc $GNUPGHOME/import.log
21
+test_debug cat $GNUPGHOME/import.log
+if (gpg --quick-random --version /dev/null 21) ; then
+ echo quick-random $GNUPGHOME/gpg.conf
+elif (gpg --debug-quick-random --version /dev/null 21) ; then
+ echo debug-quick-random $GNUPGHOME/gpg.conf
+fi
+}
+
+##
+
+add_gnupg_home
+# get key fingerprint
+FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint |
grep '^fpr:' | cut -d: -f10)
+
+# for some reason this is needed for emacs_deliver_message to work,
+# although I can't figure out why
+add_email_corpus
+
+test_expect_success 'emacs delivery of signed message' \
+'emacs_deliver_message \
+test signed message 001 \
+This is a test signed message. \
+(mml-secure-message-sign)'
+
+test_begin_subtest signature verification
+output=$(notmuch show --format=json --verify subject:test signed message 001
\
+| notmuch_json_show_sanitize \
+| sed -e 's|created: [1234567890]*|created: 946728000|')
+expected='[[[{id: X,
+ match: true,
+ filename: Y,
+ timestamp: 946728000,
+ date_relative: 2000-01-01,
+ tags: [inbox],
+ headers: {Subject: test signed message 001,
+ From: Notmuch Test Suite test_su...@notmuchmail.org,
+ To: test_su...@notmuchmail.org,
+ Cc: ,
+ Bcc: ,
+ Date: 01 Jan 2000 12:00:00 -},
+ body: [{id: 1,
+ sigstatus: [{status: good,
+ fingerprint: '$FINGERPRINT',
+ created: 946728000}],
+ content-type: text/plain,
+ content: This is a test signed message.\n}]},
+ ['
+test_expect_equal \
+$output \
+$expected
+
+test_begin_subtest signature verification with full owner trust
+# give the key full owner trust
+echo ${FINGERPRINT}:6: | gpg --no-tty --import-ownertrust
$GNUPGHOME/trust.log 21
+gpg --no-tty --check-trustdb $GNUPGHOME/trust.log 21
+output=$(notmuch show --format=json --verify subject:test signed message 001
\
+| notmuch_json_show_sanitize \
+| sed -e 's|created: [1234567890]*|created: 946728000|')
+expected='[[[{id: X,
+ match: true,
+ filename: Y,
+ timestamp: 946728000,
+ date_relative: 2000-01-01,
+ tags: [inbox],
+ headers: {Subject: test signed message 001,
+ From: Notmuch Test Suite test_su...@notmuchmail.org,
+ To: test_su...@notmuchmail.org,
+ Cc: ,
+ Bcc: ,
+ Date: 01 Jan 2000 12:00:00 -},
+ body: [{id: 1,
+ sigstatus: [{status: good,
+ fingerprint: '$FINGERPRINT',
+ created: 946728000,
+ userid: Notmuch Test Suite test_su...@notmuchmail.org (INSECURE!)}],
+ content-type: text/plain,
+ content: This is a test signed message.\n}]},
+ ['
+test_expect_equal \
+$output \
+$expected
+
+test_begin_subtest signature verification with signer key unavailable
+# move the gnupghome temporarily
