subject:"\[PATCH 10\/20\] cli\/show\: add tests for viewing protected headers"

Re: [PATCH 10/20] cli/show: add tests for viewing protected headers

2018-06-30 Thread Daniel Kahn Gillmor

On Sun 2018-06-24 22:31:44 -0300, David Bremner wrote:
> Daniel Kahn Gillmor  writes:
>
>> +
>> +# TODO:
>> +#  * check S/MIME as well as PGP/MIME
>
> Decrypting S/MIME would be good first step. Or is the feature there
> (with gmime 3.0?) but tests missing? because T355-smime says there is no
> S/MIME decryption.

agreed, though you could argue that S/MIME signatures are relevant to
the cryptographic envelope, even without decryption.

regardless, i think that's orthogonal to this series, so i'm not going
to try to address it now.

>> +#  * process headers protected by signature
>
>> +
>> +test_description='Message decryption with protected headers'
>> +. $(dirname "$0")/test-lib.sh || exit 1
>> +
>> +##
>> +
>> +add_gnupg_home
>> +# Change this if we ship a new test key
>> +FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
>
> I wonder if it would be reasonable for add_gnupg_home to define FINGERPRINT

fine with me, i'll include that in the upcoming revised series.

>> +
>> +add_email_corpus protected-headers
>> +
>> +test_begin_subtest "verify protected header is not visible without 
>> decryption"
>> +output=$(notmuch show --format=json 
>> id:protected-hea...@crypto.notmuchmail.org)
>> +test_json_nodes <<<"$output" \
>> +'no_crypto:[0][0][0]!"crypto"' \
>> +'subject:[0][0][0]["headers"]["Subject"]="encrypted 
>> message"'
>
> maybe a pointer to where to find the docs for the json test syntax.

I'll stick a pointer in lib/test-lib.sh's definition of
test_json_nodes() because you suggest it, but i think it would be out of
place to do it here in a specifis test.

   --dkg
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH 10/20] cli/show: add tests for viewing protected headers

2018-06-24 Thread David Bremner

Daniel Kahn Gillmor  writes:

> +
> +# TODO:
> +#  * check S/MIME as well as PGP/MIME

Decrypting S/MIME would be good first step. Or is the feature there
(with gmime 3.0?) but tests missing? because T355-smime says there is no
S/MIME decryption.

> +#  * process headers protected by signature

> +
> +test_description='Message decryption with protected headers'
> +. $(dirname "$0")/test-lib.sh || exit 1
> +
> +##
> +
> +add_gnupg_home
> +# Change this if we ship a new test key
> +FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"

I wonder if it would be reasonable for add_gnupg_home to define FINGERPRINT

> +
> +add_email_corpus protected-headers
> +
> +test_begin_subtest "verify protected header is not visible without 
> decryption"
> +output=$(notmuch show --format=json 
> id:protected-hea...@crypto.notmuchmail.org)
> +test_json_nodes <<<"$output" \
> +'no_crypto:[0][0][0]!"crypto"' \
> +'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'

maybe a pointer to where to find the docs for the json test syntax.

___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

[PATCH 10/20] cli/show: add tests for viewing protected headers

2018-05-10 Thread Daniel Kahn Gillmor

Here we add several variant e-mail messages, some of which have
correctly-structured protected headers, and some of which do not.  The
goal of the tests is to ensure that the right protected subjects get
reported.
---
 test/T356-protected-headers.sh| 69 +++
 ...le-wrapped-with-phony-protected-header.eml | 38 ++
 .../misplaced-protected-header.eml| 35 ++
 .../nested-rfc822-message.eml | 32 +
 .../no-protected-header-attribute.eml | 29 
 .../phony-protected-header-bad-encryption.eml | 30 
 .../protected-headers/protected-header.eml| 30 
 .../wrapped-protected-header.eml  | 39 +++
 8 files changed, 302 insertions(+)
 create mode 100755 test/T356-protected-headers.sh
 create mode 100644 
test/corpora/protected-headers/double-wrapped-with-phony-protected-header.eml
 create mode 100644 
test/corpora/protected-headers/misplaced-protected-header.eml
 create mode 100644 test/corpora/protected-headers/nested-rfc822-message.eml
 create mode 100644 
test/corpora/protected-headers/no-protected-header-attribute.eml
 create mode 100644 
test/corpora/protected-headers/phony-protected-header-bad-encryption.eml
 create mode 100644 test/corpora/protected-headers/protected-header.eml
 create mode 100644 test/corpora/protected-headers/wrapped-protected-header.eml

diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
new file mode 100755
index ..9c6fe467
--- /dev/null
+++ b/test/T356-protected-headers.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+# TODO:
+#  * check S/MIME as well as PGP/MIME
+#  * process headers protected by signature
+
+test_description='Message decryption with protected headers'
+. $(dirname "$0")/test-lib.sh || exit 1
+
+##
+
+add_gnupg_home
+# Change this if we ship a new test key
+FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
+
+add_email_corpus protected-headers
+
+test_begin_subtest "verify protected header is not visible without decryption"
+output=$(notmuch show --format=json id:protected-hea...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'no_crypto:[0][0][0]!"crypto"' \
+'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
+
+test_begin_subtest "verify protected header is visible with decryption"
+output=$(notmuch show --decrypt=true --format=json 
id:protected-hea...@crypto.notmuchmail.org)
+test_subtest_known_broken
+test_json_nodes <<<"$output" \
+'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' 
\
+'subject:[0][0][0]["headers"]["Subject"]="This is a protected 
header"'
+
+
+test_begin_subtest "misplaced protected headers should not be made visible 
during decryption"
+output=$(notmuch show --decrypt=true --format=json 
id:misplaced-protected-hea...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' 
\
+'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
+
+test_begin_subtest "verify double-wrapped phony protected header is not 
visible when inner decryption fails"
+output=$(notmuch show --decrypt=true --format=json 
id:double-wrapped-with-phony-protected-hea...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' 
\
+'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
+
+test_begin_subtest "cleartext phony protected headers should not be made 
visible when decryption fails"
+output=$(notmuch show --decrypt=true --format=json 
id:phony-protected-header-bad-encrypt...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'no_crypto:[0][0][0]!"crypto"' \
+'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
+
+test_begin_subtest "wrapped protected headers should not be made visible 
during decryption"
+output=$(notmuch show --decrypt=true --format=json 
id:wrapped-protected-hea...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'crypto:[0][0][0]["crypto"]={"decrypted": {"status": 
"partial"}}' \
+'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] 
encrypted message"'
+
+test_begin_subtest "internal headers without protected-header attribute should 
be skipped"
+output=$(notmuch show --decrypt=true --format=json 
id:no-protected-header-attrib...@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' 
\
+'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
+
+test_begin_subtest "verify nested message/rfc822 protected header is visible"
+output=$(notmuch show --decrypt=true --format=json 
id:nested-rfc822-mess...@crypto.notmuchmail.org)
+test_subtest_known_broken

Re: [PATCH 10/20] cli/show: add tests for viewing protected headers

Re: [PATCH 10/20] cli/show: add tests for viewing protected headers

[PATCH 10/20] cli/show: add tests for viewing protected headers

3 matches

Site Navigation

Mail list logo

Footer information