]> git.cworth.org Git - notmuch-old/blob - test/T350-crypto.sh
test: make script exit (1) if it "fails" to source (.) a file
[notmuch-old] / test / T350-crypto.sh
1 #!/usr/bin/env bash
2
3 # TODO:
4 # - decryption/verification with signer key not available
5 # - verification of signatures from expired/revoked keys
6
7 test_description='PGP/MIME signature verification and decryption'
8 . ./test-lib.sh || exit 1
9
10 add_gnupg_home ()
11 {
12     local output
13     [ -d ${GNUPGHOME} ] && return
14     mkdir -m 0700 "$GNUPGHOME"
15     gpg --no-tty --import <$TEST_DIRECTORY/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
16     test_debug "cat $GNUPGHOME/import.log"
17     if (gpg --quick-random --version >/dev/null 2>&1) ; then
18         echo quick-random >> "$GNUPGHOME"/gpg.conf
19     elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
20         echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
21     fi
22     echo no-emit-version >> "$GNUPGHOME"/gpg.conf
23 }
24
25 ##################################################
26
27 add_gnupg_home
28 # get key fingerprint
29 FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
30
31 test_expect_success 'emacs delivery of signed message' \
32 'emacs_fcc_message \
33     "test signed message 001" \
34     "This is a test signed message." \
35     "(mml-secure-message-sign)"'
36
37 test_begin_subtest "signature verification"
38 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
39     | notmuch_json_show_sanitize \
40     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
41 expected='[[[{"id": "XXXXX",
42  "match": true,
43  "excluded": false,
44  "filename": "YYYYY",
45  "timestamp": 946728000,
46  "date_relative": "2000-01-01",
47  "tags": ["inbox","signed"],
48  "headers": {"Subject": "test signed message 001",
49  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
50  "To": "test_suite@notmuchmail.org",
51  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
52  "body": [{"id": 1,
53  "sigstatus": [{"status": "good",
54  "fingerprint": "'$FINGERPRINT'",
55  "created": 946728000}],
56  "content-type": "multipart/signed",
57  "content": [{"id": 2,
58  "content-type": "text/plain",
59  "content": "This is a test signed message.\n"},
60  {"id": 3,
61  "content-type": "application/pgp-signature",
62  "content-length": 280}]}]},
63  []]]]'
64 test_expect_equal_json \
65     "$output" \
66     "$expected"
67
68 test_begin_subtest "signature verification with full owner trust"
69 # give the key full owner trust
70 echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
71 gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
72 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
73     | notmuch_json_show_sanitize \
74     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
75 expected='[[[{"id": "XXXXX",
76  "match": true,
77  "excluded": false,
78  "filename": "YYYYY",
79  "timestamp": 946728000,
80  "date_relative": "2000-01-01",
81  "tags": ["inbox","signed"],
82  "headers": {"Subject": "test signed message 001",
83  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
84  "To": "test_suite@notmuchmail.org",
85  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
86  "body": [{"id": 1,
87  "sigstatus": [{"status": "good",
88  "fingerprint": "'$FINGERPRINT'",
89  "created": 946728000,
90  "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
91  "content-type": "multipart/signed",
92  "content": [{"id": 2,
93  "content-type": "text/plain",
94  "content": "This is a test signed message.\n"},
95  {"id": 3,
96  "content-type": "application/pgp-signature",
97  "content-length": 280}]}]},
98  []]]]'
99 test_expect_equal_json \
100     "$output" \
101     "$expected"
102
103 test_begin_subtest "signature verification with signer key unavailable"
104 # move the gnupghome temporarily out of the way
105 mv "${GNUPGHOME}"{,.bak}
106 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
107     | notmuch_json_show_sanitize \
108     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
109 expected='[[[{"id": "XXXXX",
110  "match": true,
111  "excluded": false,
112  "filename": "YYYYY",
113  "timestamp": 946728000,
114  "date_relative": "2000-01-01",
115  "tags": ["inbox","signed"],
116  "headers": {"Subject": "test signed message 001",
117  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
118  "To": "test_suite@notmuchmail.org",
119  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
120  "body": [{"id": 1,
121  "sigstatus": [{"status": "error",
122  "keyid": "'$(echo $FINGERPRINT | cut -c 25-)'",
123  "errors": 2}],
124  "content-type": "multipart/signed",
125  "content": [{"id": 2,
126  "content-type": "text/plain",
127  "content": "This is a test signed message.\n"},
128  {"id": 3,
129  "content-type": "application/pgp-signature",
130  "content-length": 280}]}]},
131  []]]]'
132 test_expect_equal_json \
133     "$output" \
134     "$expected"
135 mv "${GNUPGHOME}"{.bak,}
136
137 # create a test encrypted message with attachment
138 cat <<EOF >TESTATTACHMENT
139 This is a test file.
140 EOF
141 test_expect_success 'emacs delivery of encrypted message with attachment' \
142 'emacs_fcc_message \
143     "test encrypted message 001" \
144     "This is a test encrypted message.\n" \
145     "(mml-attach-file \"TESTATTACHMENT\") (mml-secure-message-encrypt)"'
146
147 test_begin_subtest "decryption, --format=text"
148 output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \
149     | notmuch_show_sanitize_all \
150     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
151 expected='\fmessage{ id:XXXXX depth:0 match:1 excluded:0 filename:XXXXX
152 \fheader{
153 Notmuch Test Suite <test_suite@notmuchmail.org> (2000-01-01) (encrypted inbox)
154 Subject: test encrypted message 001
155 From: Notmuch Test Suite <test_suite@notmuchmail.org>
156 To: test_suite@notmuchmail.org
157 Date: Sat, 01 Jan 2000 12:00:00 +0000
158 \fheader}
159 \fbody{
160 \fpart{ ID: 1, Content-type: multipart/encrypted
161 \fpart{ ID: 2, Content-type: application/pgp-encrypted
162 Non-text part: application/pgp-encrypted
163 \fpart}
164 \fpart{ ID: 3, Content-type: multipart/mixed
165 \fpart{ ID: 4, Content-type: text/plain
166 This is a test encrypted message.
167 \fpart}
168 \fattachment{ ID: 5, Filename: TESTATTACHMENT, Content-type: application/octet-stream
169 Non-text part: application/octet-stream
170 \fattachment}
171 \fpart}
172 \fpart}
173 \fbody}
174 \fmessage}'
175 test_expect_equal \
176     "$output" \
177     "$expected"
178
179 test_begin_subtest "decryption, --format=json"
180 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
181     | notmuch_json_show_sanitize \
182     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
183 expected='[[[{"id": "XXXXX",
184  "match": true,
185  "excluded": false,
186  "filename": "YYYYY",
187  "timestamp": 946728000,
188  "date_relative": "2000-01-01",
189  "tags": ["encrypted","inbox"],
190  "headers": {"Subject": "test encrypted message 001",
191  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
192  "To": "test_suite@notmuchmail.org",
193  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
194  "body": [{"id": 1,
195  "encstatus": [{"status": "good"}],
196  "sigstatus": [],
197  "content-type": "multipart/encrypted",
198  "content": [{"id": 2,
199  "content-type": "application/pgp-encrypted",
200  "content-length": 11},
201  {"id": 3,
202  "content-type": "multipart/mixed",
203  "content": [{"id": 4,
204  "content-type": "text/plain",
205  "content": "This is a test encrypted message.\n"},
206  {"id": 5,
207  "content-type": "application/octet-stream",
208  "content-length": 28,
209  "content-transfer-encoding": "base64",
210  "filename": "TESTATTACHMENT"}]}]}]},
211  []]]]'
212 test_expect_equal_json \
213     "$output" \
214     "$expected"
215
216 test_begin_subtest "decryption, --format=json, --part=4"
217 output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \
218     | notmuch_json_show_sanitize \
219     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
220 expected='{"id": 4,
221  "content-type": "text/plain",
222  "content": "This is a test encrypted message.\n"}'
223 test_expect_equal_json \
224     "$output" \
225     "$expected"
226
227 test_begin_subtest "decrypt attachment (--part=5 --format=raw)"
228 notmuch show \
229     --format=raw \
230     --part=5 \
231     --decrypt \
232     subject:"test encrypted message 001" >OUTPUT
233 test_expect_equal_file OUTPUT TESTATTACHMENT
234
235 test_begin_subtest "decryption failure with missing key"
236 mv "${GNUPGHOME}"{,.bak}
237 # The length of the encrypted attachment varies so must be normalized.
238 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
239     | notmuch_json_show_sanitize \
240     | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
241     | sed -e 's|"content-length": 6[1234567890]*|"content-length": 652|')
242 expected='[[[{"id": "XXXXX",
243  "match": true,
244  "excluded": false,
245  "filename": "YYYYY",
246  "timestamp": 946728000,
247  "date_relative": "2000-01-01",
248  "tags": ["encrypted","inbox"],
249  "headers": {"Subject": "test encrypted message 001",
250  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
251  "To": "test_suite@notmuchmail.org",
252  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
253  "body": [{"id": 1,
254  "encstatus": [{"status": "bad"}],
255  "content-type": "multipart/encrypted",
256  "content": [{"id": 2,
257  "content-type": "application/pgp-encrypted",
258  "content-length": 11},
259  {"id": 3,
260  "content-type": "application/octet-stream",
261  "content-length": 652}]}]},
262  []]]]'
263 test_expect_equal_json \
264     "$output" \
265     "$expected"
266 mv "${GNUPGHOME}"{.bak,}
267
268 test_expect_success 'emacs delivery of encrypted + signed message' \
269 'emacs_fcc_message \
270     "test encrypted message 002" \
271     "This is another test encrypted message.\n" \
272     "(mml-secure-message-sign-encrypt)"'
273
274 test_begin_subtest "decryption + signature verification"
275 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \
276     | notmuch_json_show_sanitize \
277     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
278 expected='[[[{"id": "XXXXX",
279  "match": true,
280  "excluded": false,
281  "filename": "YYYYY",
282  "timestamp": 946728000,
283  "date_relative": "2000-01-01",
284  "tags": ["encrypted","inbox"],
285  "headers": {"Subject": "test encrypted message 002",
286  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
287  "To": "test_suite@notmuchmail.org",
288  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
289  "body": [{"id": 1,
290  "encstatus": [{"status": "good"}],
291  "sigstatus": [{"status": "good",
292  "fingerprint": "'$FINGERPRINT'",
293  "created": 946728000,
294  "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
295  "content-type": "multipart/encrypted",
296  "content": [{"id": 2,
297  "content-type": "application/pgp-encrypted",
298  "content-length": 11},
299  {"id": 3,
300  "content-type": "text/plain",
301  "content": "This is another test encrypted message.\n"}]}]},
302  []]]]'
303 test_expect_equal_json \
304     "$output" \
305     "$expected"
306
307 test_begin_subtest "reply to encrypted message"
308 output=$(notmuch reply --decrypt subject:"test encrypted message 002" \
309     | grep -v -e '^In-Reply-To:' -e '^References:')
310 expected='From: Notmuch Test Suite <test_suite@notmuchmail.org>
311 Subject: Re: test encrypted message 002
312
313 On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
314 > This is another test encrypted message.'
315 test_expect_equal \
316     "$output" \
317     "$expected"
318
319 test_begin_subtest "signature verification with revoked key"
320 # generate revocation certificate and load it to revoke key
321 echo "y
322 1
323 Notmuch Test Suite key revocation (automated) $(date '+%F_%T%z')
324
325 y
326
327 " \
328     | gpg --no-tty --quiet --command-fd 0 --armor --gen-revoke "0x${FINGERPRINT}!" 2>/dev/null \
329     | gpg --no-tty --quiet --import
330 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
331     | notmuch_json_show_sanitize \
332     | sed -e 's|"created": [1234567890]*|"created": 946728000|')
333 expected='[[[{"id": "XXXXX",
334  "match": true,
335  "excluded": false,
336  "filename": "YYYYY",
337  "timestamp": 946728000,
338  "date_relative": "2000-01-01",
339  "tags": ["inbox","signed"],
340  "headers": {"Subject": "test signed message 001",
341  "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
342  "To": "test_suite@notmuchmail.org",
343  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
344  "body": [{"id": 1,
345  "sigstatus": [{"status": "error",
346  "keyid": "6D92612D94E46381",
347  "errors": 8}],
348  "content-type": "multipart/signed",
349  "content": [{"id": 2,
350  "content-type": "text/plain",
351  "content": "This is a test signed message.\n"},
352  {"id": 3,
353  "content-type": "application/pgp-signature",
354  "content-length": 280}]}]},
355  []]]]'
356 test_expect_equal_json \
357     "$output" \
358     "$expected"
359
360 test_done