feature/sign-adds-to-existing

author: J08nY 2017-07-28 00:32:47 +0200
committer: J08nY 2017-07-28 00:32:47 +0200
commit: f190131409ada6126977965f6607224d4d97aa84 (patch)
tree: b0898095cbfa911d11fc9fa0b721f9dde94c763d /src
parent: a6e81421f0db2e741baee2ec0cedd2a285c6f233 (diff)
download: mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.gz
mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.zst
mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.zip
4 files changed, 263 insertions, 31 deletions
diff --git a/src/mailman_pgp/pgp/mime_multisig.py b/src/mailman_pgp/pgp/mime_multisig.py
index ced90fa..c7edf60 100644
--- a/src/mailman_pgp/pgp/mime_multisig.py
+++ b/src/mailman_pgp/pgp/mime_multisig.py
@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License along with
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
-""""""
+"""MIMEWrapper with multiple signature as per draft-ietf-openpgp-multsig-02."""
 import copy
 from email import message_from_string
 from email.encoders import encode_7or8bit
@@ -23,8 +23,8 @@ from email.mime.application import MIMEApplication
 from email.mime.multipart import MIMEMultipart
 from email.utils import collapse_rfc2231_value
 
-from mailman.email.message import MultipartDigestMessage, Message
-from pgpy import PGPSignature, PGPDetachedSignature
+from mailman.email.message import Message, MultipartDigestMessage
+from pgpy import PGPDetachedSignature, PGPSignature
 
 from mailman_pgp.pgp.mime import MIMEWrapper
 from mailman_pgp.utils.email import copy_headers
@@ -41,7 +41,7 @@ class MIMEMultiSigWrapper(MIMEWrapper):
 
     def is_signed(self):
         """
-        Whether the whole message is MIME signed as per draft-ietf-openpgp-multsig-02.
+        Whether the message is signed as per draft-ietf-openpgp-multsig-02.
 
         :return: If the message is MIME signed.
         :rtype: bool
@@ -74,32 +74,36 @@ class MIMEMultiSigWrapper(MIMEWrapper):
                 continue
             yield sig
 
-    def _wrap_signed_multiple(self, msg, signature):
+    def _wrap_signed_multiple(self, msg, payload_msg, signatures, signature):
         """
         As per draft-ietf-openpgp-multsig-02.
 
         :param msg:
+        :param payload_msg:
+        :param signatures:
         :param signature:
         :return:
         """
         micalg = ', '.join(self._micalg(sig.hash_algorithm)
                            for sig in signature)
         out = MultipartDigestMessage('signed', micalg=micalg,
-                                     protocol=MIMEWrapper._signed_type)
+                                     protocol='multipart/mixed')
         out.preamble = MIMEMultiSigWrapper._signature_preamble
 
         second_part = MIMEMultipart()
-        for sig in signature:
-            sig_part = MIMEApplication(_data=str(sig),
-                                       _subtype=MIMEWrapper._signature_subtype,
-                                       _encoder=encode_7or8bit,
-                                       name='signature.asc')
-            sig_part.add_header('Content-Description',
-                                'OpenPGP digital signature')
-            sig_part.add_header('Content-Disposition', 'attachment',
-                                filename='signature.asc')
-            second_part.attach(sig_part)
-        out.attach(copy.deepcopy(msg))
+        for sig in signatures:
+            second_part.attach(copy.deepcopy(sig))
+
+        sig_part = MIMEApplication(_data=str(signature),
+                                   _subtype=MIMEWrapper._signature_subtype,
+                                   _encoder=encode_7or8bit,
+                                   name='signature.asc')
+        sig_part.add_header('Content-Description',
+                            'OpenPGP digital signature')
+        sig_part.add_header('Content-Disposition', 'attachment',
+                            filename='signature.asc')
+        second_part.attach(sig_part)
+        out.attach(copy.deepcopy(payload_msg))
         out.attach(second_part)
         copy_headers(msg, out)
         return out
@@ -115,19 +119,21 @@ class MIMEMultiSigWrapper(MIMEWrapper):
         :return: The signed message.
         :rtype: mailman.email.message.Message
         """
+
         if self.is_signed():
-            payload = next(iter(self.get_signed()))
-            signature = PGPDetachedSignature()
-            for sig in self.get_signature():
-                signature |= sig
-            signature |= key.sign(payload, hash=hash)
-            return self._wrap_signed_multiple(self.msg, signature)
+            payload_msg = self.msg.get_payload(0)
+            signatures = [part for part in self.msg.get_payload(1)]
         else:
-            super().sign(key, hash)
+            payload_msg = self.msg
+            signatures = []
+        signature = PGPDetachedSignature()
+        signature |= key.sign(payload_msg.as_string(), hash=hash)
+        return self._wrap_signed_multiple(self.msg, payload_msg, signatures,
+                                          signature)
 
     def verify(self, key):
         """
-        Verify the signature of this message with key.
+        Verify the signatures of this message with key.
 
         :param key: The key to verify with.
         :type key: pgpy.PGPKey
@@ -136,7 +142,11 @@ class MIMEMultiSigWrapper(MIMEWrapper):
         """
         clear_text = next(iter(self.get_signed()))
         for signature in self.get_signature():
-            yield key.verify(clear_text, signature)
+            try:
+                verification = key.verify(clear_text, signature)
+            except:
+                continue
+            yield verification
 
     def decrypt(self, key):
         """
@@ -156,10 +166,6 @@ class MIMEMultiSigWrapper(MIMEWrapper):
 
         out = message_from_string(dmsg, _class=Message)
         if decrypted.is_signed:
-            if len(decrypted.signatures) != 1:
-                out = self._wrap_signed_multiple(out,
-                                                 decrypted.detached_signature)
-            else:
-                out = self._wrap_signed(out, decrypted.signatures.pop())
+            out = self._wrap_signed_multiple(out, decrypted.detached_signature)
         copy_headers(self.msg, out)
         return out
diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml
new file mode 100644
index 0000000..555411f
--- /dev/null
+++ b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig.eml
@@ -0,0 +1,65 @@
+To: nobody@example.org
+From: RSA 1024b example <RSA-1024b@example.org>
+Subject: Some subject.
+Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
+Date: Wed, 21 Jun 2017 13:50:59 +0200
+User-Agent: Mutt/1.7.2 (2016-11-26)
+MIME-Version: 1.0
+Content-Type: multipart/signed; micalg="pgp-sha256, pgp-sha256";
+ protocol="multipart/mixed";
+ boundary="haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj"
+
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj
+Content-Type: multipart/mixed; boundary="A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g";
+ protected-headers="v1"
+From: RSA 1024b example <RSA-1024b@example.org>
+To: nobody@example.org
+Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
+Subject: Some subject.
+
+--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Some signed text.
+
+
+--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g--
+
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj
+Content-Type: multipart/mixed; boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs"
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: OpenPGP digital signature
+Content-Disposition: attachment; filename="signature.asc"
+
+-----BEGIN PGP SIGNATURE-----
+
+iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi
+QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI
+6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw
+CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG
+dBBQH0jA6p2OJV72
+=1tln
+-----END PGP SIGNATURE-----
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: OpenPGP digital signature
+Content-Disposition: attachment; filename="signature.asc"
+
+-----BEGIN PGP SIGNATURE-----
+
+iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi
+QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI
+6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw
+CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG
+dBBQH0jA6p2OJV72
+=1tln
+-----END PGP SIGNATURE-----
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs--
+
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj--
diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml
new file mode 100644
index 0000000..a13c1df
--- /dev/null
+++ b/src/mailman_pgp/pgp/tests/data/messages/mime_multisig_invalid.eml
@@ -0,0 +1,65 @@
+To: nobody@example.org
+From: RSA 1024b example <RSA-1024b@example.org>
+Subject: Some subject.
+Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
+Date: Wed, 21 Jun 2017 13:50:59 +0200
+User-Agent: Mutt/1.7.2 (2016-11-26)
+MIME-Version: 1.0
+Content-Type: multipart/signed; micalg="pgp-sha256, pgp-sha256";
+ protocol="multipart/mixed";
+ boundary="haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj"
+
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj
+Content-Type: multipart/mixed; boundary="A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g";
+ protected-headers="v1"
+From: RSA 1024b example <RSA-1024b@example.org>
+To: nobody@example.org
+Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
+Subject: Some subject.
+
+--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Some signed text. With some INVALID text added!!
+
+
+--A8WMQ249PdQmpiQhW1ELOnL2UctI16T1g--
+
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj
+Content-Type: multipart/mixed; boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs"
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: OpenPGP digital signature
+Content-Disposition: attachment; filename="signature.asc"
+
+-----BEGIN PGP SIGNATURE-----
+
+iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi
+QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI
+6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw
+CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG
+dBBQH0jA6p2OJV72
+=1tln
+-----END PGP SIGNATURE-----
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: OpenPGP digital signature
+Content-Disposition: attachment; filename="signature.asc"
+
+-----BEGIN PGP SIGNATURE-----
+
+iMoEAQEIADQWIQTUqUiGscoglqZFjlxH8QwIeIS3WAUCWUpjIBYccnNhLTEwMjRi
+QGV4YW1wbGUub3JnAAoJEEfxDAh4hLdYb8wD/0AlaGxAhVGQqrXBuVXSDm4c49VI
+6+DG8cMOCZEin6P96hrLbs4SAm61xivJHPueIRRQ1PfWTcElPn97WuQ48e+/5hhw
+CZevF5CmyODGfriC78LwLRRvq2nF5n9iRww0lINPDyqrBr3mdY8QG+s8qBkTi7IG
+dBBQH0jA6p2OJV72
+=1tln
+-----END PGP SIGNATURE-----
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs--
+
+--haWP9JQ7TiajUxWjooGlinHgq3IhJGnaj--
diff --git a/src/mailman_pgp/pgp/tests/test_mime_multisig.py b/src/mailman_pgp/pgp/tests/test_mime_multisig.py
new file mode 100644
index 0000000..2c02a97
--- /dev/null
+++ b/src/mailman_pgp/pgp/tests/test_mime_multisig.py
@@ -0,0 +1,96 @@
+# Copyright (C) 2017 Jan Jancar
+#
+# This file is a part of the Mailman PGP plugin.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""Tests for the MultiSig wrapper."""
+from parameterized import parameterized
+
+from mailman_pgp.pgp.mime_multisig import MIMEMultiSigWrapper
+from mailman_pgp.pgp.tests.base import load_key, load_message, WrapperTestCase
+
+
+class MultiSigWrapperTestCase(WrapperTestCase):
+    wrapper = MIMEMultiSigWrapper
+
+
+class TestSigning(MultiSigWrapperTestCase):
+    @parameterized.expand([
+        (load_message('mime_signed.eml'),
+         False),
+        (load_message('mime_signed_invalid.eml'),
+         False),
+        (load_message('mime_multisig.eml'),
+         True),
+        (load_message('mime_multisig_invalid.eml'),
+         True),
+        (load_message('clear.eml'),
+         False),
+        (load_message('clear_multipart.eml'),
+         False)
+    ])
+    def test_is_signed(self, message, signed):
+        self.is_signed(message, signed)
+
+    @parameterized.expand([
+        (load_message('mime_signed.eml'),
+         False),
+        (load_message('mime_signed_invalid.eml'),
+         False),
+        (load_message('mime_multisig.eml'),
+         True),
+        (load_message('mime_multisig_invalid.eml'),
+         True),
+        (load_message('clear.eml'),
+         False),
+        (load_message('clear_multipart.eml'),
+         False)
+    ])
+    def test_has_signature(self, message, has):
+        self.has_signature(message, has)
+
+    @parameterized.expand([
+        (load_message('clear.eml'),
+         load_key('rsa_1024.priv.asc')),
+        (load_message('clear_multipart.eml'),
+         load_key('ecc_p256.priv.asc'))
+    ])
+    def test_sign(self, message, key):
+        self.sign(message, key)
+
+    @parameterized.expand([
+        (load_message('clear.eml'),
+         load_key('rsa_1024.priv.asc'),
+         load_key('rsa_1024.pub.asc')),
+        (load_message('clear_multipart.eml'),
+         load_key('ecc_p256.priv.asc'),
+         load_key('ecc_p256.pub.asc')),
+        (load_message('mime_multisig.eml'),
+         load_key('ecc_p256.priv.asc'),
+         load_key('ecc_p256.pub.asc'))
+    ])
+    def test_sign_verify(self, message, priv, pub):
+        self.sign_verify(message, priv, pub)
+
+    @parameterized.expand([
+        (load_message('mime_multisig.eml'),
+         load_key('rsa_1024.pub.asc'),
+         True),
+        (load_message('mime_multisig_invalid.eml'),
+         load_key('rsa_1024.pub.asc'),
+         False)
+    ])
+    def test_verify(self, message, key, valid):
+        self.verify(message, key, valid)
author	J08nY	2017-07-28 00:32:47 +0200
committer	J08nY	2017-07-28 00:32:47 +0200
commit	f190131409ada6126977965f6607224d4d97aa84 (patch)
tree	b0898095cbfa911d11fc9fa0b721f9dde94c763d /src
parent	a6e81421f0db2e741baee2ec0cedd2a285c6f233 (diff)
download	mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.gz mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.tar.zst mailman-pgp-f190131409ada6126977965f6607224d4d97aa84.zip