diff options
| author | J08nY | 2017-07-28 00:32:47 +0200 |
|---|---|---|
| committer | J08nY | 2017-07-28 00:32:47 +0200 |
| commit | f190131409ada6126977965f6607224d4d97aa84 (patch) | |
| tree | b0898095cbfa911d11fc9fa0b721f9dde94c763d | |
| parent | a6e81421f0db2e741baee2ec0cedd2a285c6f233 (diff) | |
| download | mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.gz mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.zst mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.zip | |
4 files changed, 263 insertions, 31 deletions
diff --git a/src/mailman_pgp/pgp/mime_multisig.py b/src/mailman_pgp/pgp/mime_multisig.py index ced90fa..c7edf60 100644 --- a/src/mailman_pgp/pgp/mime_multisig.py +++ b/src/mailman_pgp/pgp/mime_multisig.py @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License along with # this program. If not, see <http://www.gnu.org/licenses/>. -"""""" +"""MIMEWrapper with multiple signature as per draft-ietf-openpgp-multsig-02.""" import copy from email import message_from_string from email.encoders import encode_7or8bit @@ -23,8 +23,8 @@ from email.mime.application import MIMEApplication from email.mime.multipart import MIMEMultipart from email.utils import collapse_rfc2231_value -from mailman.email.message import MultipartDigestMessage, Message -from pgpy import PGPSignature, PGPDetachedSignature +from mailman.email.message import Message, MultipartDigestMessage +from pgpy import PGPDetachedSignature, PGPSignature from mailman_pgp.pgp.mime import MIMEWrapper from mailman_pgp.utils.email import copy_headers @@ -41,7 +41,7 @@ class MIMEMultiSigWrapper(MIMEWrapper): def is_signed(self): """ - Whether the whole message is MIME signed as per draft-ietf-openpgp-multsig-02. + Whether the message is signed as per draft-ietf-openpgp-multsig-02. :return: If the message is MIME signed. :rtype: bool @@ -74,32 +74,36 @@ class MIMEMultiSigWrapper(MIMEWrapper): continue yield sig - def _wrap_signed_multiple(self, msg, signature): + def _wrap_signed_multiple(self, msg, payload_msg, signatures, signature): """ As per draft-ietf-openpgp-multsig-02. :param msg: + :param payload_msg: + :param signatures: :param signature: :return: """ micalg = ', '.join(self._micalg(sig.hash_algorithm) for sig in signature) out = MultipartDigestMessage('signed', micalg=micalg, - protocol=MIMEWrapper._signed_type) + protocol='multipart/mixed') out.preamble = MIMEMultiSigWrapper._signature_preamble second_part = MIMEMultipart() - for sig in signature: - sig_part = MIMEApplication(_data=str(sig), - _subtype=MIMEWrapper._signature_subtype, - _encoder=encode_7or8bit, - name='signature.asc') - sig_part.add_header('Content-Description', - 'OpenPGP digital signature') - sig_part.add_header('Content-Disposition', 'attachment', - filename='signature.asc') - second_part.attach(sig_part) - out.attach(copy.deepcopy(msg)) + for sig in signatures: + second_part.attach(copy.deepcopy(sig)) + + sig_part = MIMEApplication(_data=str(signature), + _subtype=MIMEWrapper._signature_subtype, + _encoder=encode_7or8bit, + name='signature.asc') + sig_part.add_header('Content-Description', + 'OpenPGP digital signature') + sig_part.add_header('Content-Disposition', 'attachment', + filename='signature.asc') + second_part.attach(sig_part) + out.attach(copy.deepcopy(payload_msg)) out.attach(second_part) copy_headers(msg, out) return out @@ -115,19 +119,21 @@ class MIMEMultiSigWrapper(MIMEWrapper): :return: The signed message. :rtype: mailman.email.message.Message """ + if self.is_signed(): - payload = next(iter(self.get_signed())) - signature = PGPDetachedSignature() - for sig in self.get_signature(): - signature |= sig - signature |= key.sign(payload, hash=hash) - return self._wrap_signed_multiple(self.msg, signature) + payload_msg = self.msg.get_payload(0) + signatures = [part for part in self.msg.get_payload(1)] else: - super().sign(key, hash) + payload_msg = self.msg + signatures = [] + signature = PGPDetachedSignature() + signature |= key.sign(payload_msg.as_string(), hash=hash) + return self._wrap_signed_multiple(self.msg, payload_msg, signatures, + signature) def verify(self, key): """ - Verify the signature of this message with key. + Verify the signatures of this message with key. :param key: The key to verify with. :type key: pgpy.PGPKey @@ -136,7 +142,11 @@ class MIMEMultiSigWrapper(MIMEWrapper): """ clear_text = next(iter(self.get_signed())) for signature in self.get_signature(): - yield key.verify(clear_text, signature) + try: + verification = key.verify(clear_text, signature) + except: + continue + yield verification def decrypt(self, key): """ @@ -156,10 +166,6 @@ class MIMEMultiSigWrapper(MIMEWrapper): out = message_from_string(dmsg, _class=Message) if decrypted.is_signed: - if len(decrypted.signatures) != 1: - out = self._wrap_signed_multiple(out, - decrypted.detached_signature) - else: - out = self._wrap_signed(out, decrypted.signatures.pop()) + out = self._wrap_signed_multiple(out, decrypted.detached_signature) copy_headers(self.msg, out) return out diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml new file mode 100644 index 0000000..555411f --- /dev/null +++ b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml @@ -0,0 +1,65 @@ +To: nobody@example.org +From: RSA 1024b example <RSA-1024b@example.org> +Subject: Some subject. +Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org> +Date: Wed, 21 Jun 2017 13:50:59 +0200 +User-Agent: Mutt/1.7.2 (2016-11-26) +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg="pgp-sha256, pgp-sha256"; + protocol="multipart/mixed"; + boundary="haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj" + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj +Content-Type: multipart/mixed; boundary="A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g"; + protected-headers="v1" +From: RSA 1024b example <RSA-1024b@example.org> +To: nobody@example.org +Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org> +Subject: Some subject. + +--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable + +Some signed text. + + +--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g-- + +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj +Content-Type: multipart/mixed; boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs" + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi +QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI +6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw +CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG +dBBQH0jA6p2OJV72 +=1tln +-----END PGP SIGNATURE----- + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi +QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI +6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw +CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG +dBBQH0jA6p2OJV72 +=1tln +-----END PGP SIGNATURE----- + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs-- + +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj-- diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml new file mode 100644 index 0000000..a13c1df --- /dev/null +++ b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml @@ -0,0 +1,65 @@ +To: nobody@example.org +From: RSA 1024b example <RSA-1024b@example.org> +Subject: Some subject. +Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org> +Date: Wed, 21 Jun 2017 13:50:59 +0200 +User-Agent: Mutt/1.7.2 (2016-11-26) +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg="pgp-sha256, pgp-sha256"; + protocol="multipart/mixed"; + boundary="haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj" + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj +Content-Type: multipart/mixed; boundary="A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g"; + protected-headers="v1" +From: RSA 1024b example <RSA-1024b@example.org> +To: nobody@example.org +Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org> +Subject: Some subject. + +--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable + +Some signed text. With some INVALID text added!! + + +--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g-- + +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj +Content-Type: multipart/mixed; boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs" + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi +QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI +6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw +CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG +dBBQH0jA6p2OJV72 +=1tln +-----END PGP SIGNATURE----- + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi +QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI +6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw +CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG +dBBQH0jA6p2OJV72 +=1tln +-----END PGP SIGNATURE----- + +--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs-- + +--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj-- diff --git a/src/mailman_pgp/pgp/tests/test_mime_multisig.py b/src/mailman_pgp/pgp/tests/test_mime_multisig.py new file mode 100644 index 0000000..2c02a97 --- /dev/null +++ b/src/mailman_pgp/pgp/tests/test_mime_multisig.py @@ -0,0 +1,96 @@ +# Copyright (C) 2017 Jan Jancar +# +# This file is a part of the Mailman PGP plugin. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along with +# this program. If not, see <http://www.gnu.org/licenses/>. + +"""Tests for the MultiSig wrapper.""" +from parameterized import parameterized + +from mailman_pgp.pgp.mime_multisig import MIMEMultiSigWrapper +from mailman_pgp.pgp.tests.base import load_key, load_message, WrapperTestCase + + +class MultiSigWrapperTestCase(WrapperTestCase): + wrapper = MIMEMultiSigWrapper + + +class TestSigning(MultiSigWrapperTestCase): + @parameterized.expand([ + (load_message('mime_signed.eml'), + False), + (load_message('mime_signed_invalid.eml'), + False), + (load_message('mime_multisig.eml'), + True), + (load_message('mime_multisig_invalid.eml'), + True), + (load_message('clear.eml'), + False), + (load_message('clear_multipart.eml'), + False) + ]) + def test_is_signed(self, message, signed): + self.is_signed(message, signed) + + @parameterized.expand([ + (load_message('mime_signed.eml'), + False), + (load_message('mime_signed_invalid.eml'), + False), + (load_message('mime_multisig.eml'), + True), + (load_message('mime_multisig_invalid.eml'), + True), + (load_message('clear.eml'), + False), + (load_message('clear_multipart.eml'), + False) + ]) + def test_has_signature(self, message, has): + self.has_signature(message, has) + + @parameterized.expand([ + (load_message('clear.eml'), + load_key('rsa_1024.priv.asc')), + (load_message('clear_multipart.eml'), + load_key('ecc_p256.priv.asc')) + ]) + def test_sign(self, message, key): + self.sign(message, key) + + @parameterized.expand([ + (load_message('clear.eml'), + load_key('rsa_1024.priv.asc'), + load_key('rsa_1024.pub.asc')), + (load_message('clear_multipart.eml'), + load_key('ecc_p256.priv.asc'), + load_key('ecc_p256.pub.asc')), + (load_message('mime_multisig.eml'), + load_key('ecc_p256.priv.asc'), + load_key('ecc_p256.pub.asc')) + ]) + def test_sign_verify(self, message, priv, pub): + self.sign_verify(message, priv, pub) + + @parameterized.expand([ + (load_message('mime_multisig.eml'), + load_key('rsa_1024.pub.asc'), + True), + (load_message('mime_multisig_invalid.eml'), + load_key('rsa_1024.pub.asc'), + False) + ]) + def test_verify(self, message, key, valid): + self.verify(message, key, valid) |