summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/mailman_pgp/pgp/mime_multisig.py48
-rw-r--r--src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_signed.eml30
-rw-r--r--src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_then_signed.eml50
-rw-r--r--src/mailman_pgp/pgp/tests/data/messages/mime_signed_then_encrypted.eml48
-rw-r--r--src/mailman_pgp/pgp/tests/test_mime.py17
-rw-r--r--src/mailman_pgp/pgp/tests/test_mime_multisig.py34
-rw-r--r--src/mailman_pgp/pgp/tests/test_wrapper.py2
-rw-r--r--src/mailman_pgp/testing/pgp.py12
8 files changed, 154 insertions, 87 deletions
diff --git a/src/mailman_pgp/pgp/mime_multisig.py b/src/mailman_pgp/pgp/mime_multisig.py
index c7edf60..1061b64 100644
--- a/src/mailman_pgp/pgp/mime_multisig.py
+++ b/src/mailman_pgp/pgp/mime_multisig.py
@@ -74,35 +74,39 @@ class MIMEMultiSigWrapper(MIMEWrapper):
continue
yield sig
- def _wrap_signed_multiple(self, msg, payload_msg, signatures, signature):
+ def _wrap_signed_multiple(self, msg, payload_msg, sig_msgs, signatures,
+ signature):
"""
As per draft-ietf-openpgp-multsig-02.
:param msg:
:param payload_msg:
+ :param sig_msgs:
:param signatures:
:param signature:
:return:
"""
micalg = ', '.join(self._micalg(sig.hash_algorithm)
- for sig in signature)
+ for sig in signatures + signature.signatures)
out = MultipartDigestMessage('signed', micalg=micalg,
protocol='multipart/mixed')
out.preamble = MIMEMultiSigWrapper._signature_preamble
second_part = MIMEMultipart()
- for sig in signatures:
- second_part.attach(copy.deepcopy(sig))
+ for sig_msg in sig_msgs:
+ second_part.attach(copy.deepcopy(sig_msg))
+
+ for sig in signature.signatures:
+ sig_part = MIMEApplication(_data=str(sig),
+ _subtype=MIMEWrapper._signature_subtype,
+ _encoder=encode_7or8bit,
+ name='signature.asc')
+ sig_part.add_header('Content-Description',
+ 'OpenPGP digital signature')
+ sig_part.add_header('Content-Disposition', 'attachment',
+ filename='signature.asc')
+ second_part.attach(sig_part)
- sig_part = MIMEApplication(_data=str(signature),
- _subtype=MIMEWrapper._signature_subtype,
- _encoder=encode_7or8bit,
- name='signature.asc')
- sig_part.add_header('Content-Description',
- 'OpenPGP digital signature')
- sig_part.add_header('Content-Disposition', 'attachment',
- filename='signature.asc')
- second_part.attach(sig_part)
out.attach(copy.deepcopy(payload_msg))
out.attach(second_part)
copy_headers(msg, out)
@@ -122,14 +126,17 @@ class MIMEMultiSigWrapper(MIMEWrapper):
if self.is_signed():
payload_msg = self.msg.get_payload(0)
- signatures = [part for part in self.msg.get_payload(1)]
+ sig_msgs = [part for part in self.msg.get_payload(1).get_payload()]
else:
payload_msg = self.msg
- signatures = []
+ sig_msgs = []
+ # TODO: exception safe this
+ signatures = [PGPSignature.from_blob(sig_msg.get_payload())
+ for sig_msg in sig_msgs]
signature = PGPDetachedSignature()
signature |= key.sign(payload_msg.as_string(), hash=hash)
- return self._wrap_signed_multiple(self.msg, payload_msg, signatures,
- signature)
+ return self._wrap_signed_multiple(self.msg, payload_msg, sig_msgs,
+ signatures, signature)
def verify(self, key):
"""
@@ -158,6 +165,7 @@ class MIMEMultiSigWrapper(MIMEWrapper):
:rtype: mailman.email.message.Message
"""
pmsg = next(iter(self.get_encrypted()))
+ # TODO: exception safe this
decrypted = key.decrypt(pmsg)
dmsg = decrypted.message
@@ -166,6 +174,8 @@ class MIMEMultiSigWrapper(MIMEWrapper):
out = message_from_string(dmsg, _class=Message)
if decrypted.is_signed:
- out = self._wrap_signed_multiple(out, decrypted.detached_signature)
- copy_headers(self.msg, out)
+ out = self._wrap_signed_multiple(self.msg, out, [], [],
+ decrypted.detached_signature)
+ else:
+ copy_headers(self.msg, out)
return out
diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_signed.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_signed.eml
index 57a6afd..8f29564 100644
--- a/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_signed.eml
+++ b/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_signed.eml
@@ -22,21 +22,21 @@ Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
-hIwD9aW4UkhFqMoBBACwoGB7sVXIpfsLlkNyVSzoRsXCiD2fs0z8xHiZGWEAR0OB
-vwld+2U1HA+ayegmNA62EQ+D41nhK9Gaq8dC7/yTQT0Kf9jVnzd4K83oiq4zakL4
-BUn9w0gBjCu1GeigXrPIK3v4g+8sdabwmISDEFPmLaFqDCLi01t3/Khe7MrdVdLp
-AY2Tnh4U/jzZtUxBvBItwBGmOBhATxA2Ql+MuvHsvZdn8G8Wbep0DlaujaCdAcI4
-t61uT35u6X69Ab8jnC2eCtCT4fr17zNQH54K2znn5lpRbOVLPCuF85dAX1LoxjuX
-7ZigsV1ksx8MjsJD6QEFMBjBzNzM9wsSgHjKQqgFrRHqMq0tMxGyT9Arm4nx3c5u
-A/L0GsOyCmSPF0YHnpZyN4HIAO7Eg64B6zT52DsTygyXGibv972nGQacXF3SL/Mw
-MBvB2jfaxHpBaKNaRDhz4Y7q0Fsv9mKy6PZt0X38kp17lBuJ5f78Z676MEKBGJiM
-qdmjXz8Av1ByhojbM9vSh7CJONGiDN27sQ7HZbbOiXJqvPJcC1CHfirHUzOBqJXy
-7e1R+cJqoq1I1A21hcbZS8PccbfRtMKIG4fMTezl1Z9NYoThnr0tMSwucNIR1RyA
-MGMDsEJe0KeWKPnGeErEDm7ypekCLOEcpPcvyT/VumkFXOdUwz+gRz6b179aQGJu
-oOVin/fFKL2ZXIGDGL0aHF6ICmPRS45i0qhNVRuXgN8P5ThLYwXYVx1veOIco29I
-IO038WTH4ddPauIpklAyPKTV5hGtlh+SRUSGZpfwqJcHyqi1MrkGv0wQj183QgHX
-nDTM6AVZfv49FceJVLyOMZsHujo3C3TU/PqYa4/sHoUBgw==
-=rZHH
+wYwD9aW4UkhFqMoBBACGtNO0KHi7y2RJT8jD8kUCm5ymrb8p4cUzQypm0br8pIKD
+TOzsnR1igG4F3yvPl5ODYhjbkugcFoLU7DGR7EcA08yVXai4Nov6YRpXqzl8LBD4
+NbyLTu242B3Z53j5il72ddc6NKyG2Dg0Kq/iqMKipFa+VGNA0DYV1bIpElyk49LB
+JAGxq7bp5+BEePNrxvHXGyFhPt4GJztp1KIv/pQoMQSeQdmr4Pak4rTfrgEnoomd
+04f8uZV+dh7K9nULzdx1W6yqlDwIOmjtnO/J2Xwmga5C+rkm9p75XKNsscDmDMyM
+0m6DgcTpJbBvAE4wZHNNQuWozQZYQfKJNjnOcyejCi3DfnEmgtpfEmm4TrVWlLXP
+sZvwedS8bpMpgZj5uUa33Zw3V+5KtBBucVmKF7tOB8eN83EA7OGYTHNtllnhFQTD
+K9CnXBWm8j89uhAuxdA6Xu/6uE+6ilNVq7O8pXZaw0WAlJGismYtOkuuOfw8XXgC
+Tfy3XxsTnS7rtfo2seBHhKpY5PsBx29nKD4OBBfKuBvkLRoYj2dsdHoImXbK0kgN
+PNwGkFm01eiOUxbwq7qzEH2kGgVOY7AE75u0lDZ8PPMs6Ni3DIcwrFuqeSodJvGF
+8vqjF1pa/1QqDIWAypMhzTjpxaEFVW5YKgsCAsKOiFVpQjuYpsMm3mi+402lXwhK
+FjaT5Ihi6Dh5nrXlapLva4PcxSlwRMcpI8R4pXiCRsVrpLGNZg5rMhzOAtqCtDem
+ReVTYA1vL4cLCHOvlnAHYc46TapdcymjRyiQioYGlh1ZDhAtqD66iJygRVXjfzak
+dpGNfTc=
+=F4gW
-----END PGP MESSAGE-----
--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs-- \ No newline at end of file
diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_then_signed.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_then_signed.eml
deleted file mode 100644
index 2a350ab..0000000
--- a/src/mailman_pgp/pgp/tests/data/messages/mime_encrypted_then_signed.eml
+++ /dev/null
@@ -1,50 +0,0 @@
-To: nobody@example.org
-From: RSA 1024b example <RSA-1024b@example.org>
-Subject: Some subject.
-Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
-Date: Wed, 21 Jun 2017 13:50:59 +0200
-User-Agent: Mutt/1.7.2 (2016-11-26)
-MIME-Version: 1.0
-Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
- boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs"
-
-This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
---abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
-Content-Type: application/pgp-encrypted
-Content-Description: PGP/MIME version identification
-
-Version: 1
-
---abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
-Content-Type: application/octet-stream; name="encrypted.asc"
-Content-Description: OpenPGP encrypted message
-Content-Disposition: inline; filename="encrypted.asc"
-
------BEGIN PGP MESSAGE-----
-
-hIwD9aW4UkhFqMoBA/9QSX57wRXFQ21pc92xOHeOPJSt/rv1dK2EowZnNuMQyIrR
-uYXn0B5KxAHoSQRqEX+rs7HJDMDNd1QKouc45PZwuI/ZGF3jBA0P2fWni3gNeWOR
-T/jeuvomGe+pXOGq8IsJfq7ks/pA5nmcgKEPjjlHkD8hNjFmgyWc5Fv38MBgStLp
-AWk/tCOTfSR+64sETL7+42+kCAKigwQOBikvT7UaZ+3lI1IRNuPd4ndvoL1NxiaG
-kAV6DRwQMV8uSj4NefXyIBz47T0IzRCHMVKInkkGibjIxeUBUxJfG1ZbBtNXTTOJ
-sGr5Kvsj+47bt6m+ExmgeumVjyvbcBESw41WwKsIdxxc7PenfLfQY0dnLvPEfNAC
-cKyUn1Nr8jqiKd2NBy4RxINmWZ8u1SUeYNpO6UqtvKU3kgNfpezW1gpdNM2UYFeV
-8Hy8ksQJGz1qcGf9Id0bBld+uno6N9PAKEslIYOlwEqX3LntrtzSg5kv+blOBQlD
-zrYH3Nwp2IcFJjxZgLqfn1CpG3fVvocosEnagDrLEAoly7vVL0ZExFVSye7oLfw/
-NFHHujU9SXqplHzSJwnJrgyA38xEjvJrWS+jbFKOLdUMWE/cu4lOQSBlL5ObBgUq
-PIn17BUyTglU7A5XbOS3X/VEYoQglFXWz8oPb1urxUnwlJKRwt4bDHgZmlAzUP82
-cuA3ZCEXgE8qvYGZuXN0KQ4FBJbTsyPR+p6wHPPR/iyyozuP4G5oBww8Ed4locCn
-AsCL8XNK5ceL9qkh6gFPb+z/Bvh7ODBawayaaqjkK8pYjR4TE+CcV8fizZ1EATZR
-mgCbJOmMexIlvRjaDDWZ/+TFiVhKtxfXCStQUc1uTxzAqhA1MsFm5afkLk2/c1P3
-VzPXOpNRAm3A4la+3tcP7faqgJ2lDKKBOu/a0L13KPbf/pLSVcyFbGglmrr/u711
-PHYcEAlD1RRjoHKj2E3CBN0d8N+8SCtohtI3BMSG3IVlGQrxNPka4Lron4clJy3m
-8sm2YBFk458OPCcuKsbiWZtKPDIsFsxu6bbLo2jdrWjb2DZO8xKRM0WOChyus45N
-dIyCpEqK6VB3p5rcr3KYm5KFIBeogGxsHWTt5xKjbmG9jVAqzOaSGRVhV+QYcrda
-5eT1cvFUTkUddmq4j6i1d3dtQ6cYpHq8ehdHezcaqN8Wn7pzTauNB9WzeNgynNat
-BMyVvVgmfwa+NCb0s3zO78ysmeYXlayIa2aE0AXE83h8xfQw/zrV52NZ/xT2Sz2u
-AzxUkYEXmU0Utb6B3/AzYwzNpQ3RhnHzfg0/OYtgNQlfgLGlJt5adLdozyoxZY46
-BSIZcJxQUQVSlkMz
-=Q354
------END PGP MESSAGE-----
-
---abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs-- \ No newline at end of file
diff --git a/src/mailman_pgp/pgp/tests/data/messages/mime_signed_then_encrypted.eml b/src/mailman_pgp/pgp/tests/data/messages/mime_signed_then_encrypted.eml
new file mode 100644
index 0000000..709a583
--- /dev/null
+++ b/src/mailman_pgp/pgp/tests/data/messages/mime_signed_then_encrypted.eml
@@ -0,0 +1,48 @@
+To: nobody@example.org
+From: RSA 1024b example <RSA-1024b@example.org>
+Subject: Some subject.
+Message-ID: <76a591ed-bfc4-d08b-73d3-fc2489148fd7@example.org>
+Date: Wed, 21 Jun 2017 13:50:59 +0200
+User-Agent: Mutt/1.7.2 (2016-11-26)
+MIME-Version: 1.0
+Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
+ boundary="abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs"
+
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/pgp-encrypted
+Content-Description: PGP/MIME version identification
+
+Version: 1
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs
+Content-Type: application/octet-stream; name="encrypted.asc"
+Content-Description: OpenPGP encrypted message
+Content-Disposition: inline; filename="encrypted.asc"
+
+-----BEGIN PGP MESSAGE-----
+
+wYwD9aW4UkhFqMoBA/9B7YJGpP+NMchcJ10APkW/6LSlSRvHmCUhacrq3tLmb2cJ
+Whtz+hfbS6LVutIXCo5uD+aqHO0tS2V3wt4BkjVPE4PJtU/di6D9U+qe0UXK6M2w
+5D2ITNxGutqhTmTDotV1reIryZm+qkccw8Ld6kLbQETN9jZe5M2MoOLcfns89NLC
+TQHtGJgOGRUHv1vXLPOJe22S9R/q4yblz89uHBPcsn/aQmEuVHqgINh4M406bs8R
+2vbdNK5hpYFl6bHmy332Bcn2WuzbbI+6Dw37rDTtVZhAXsSx6dOTPFHanVy/Srh/
+VKquHUbS3I2RLWeGHSIizSB0/EgwGYVVsyGl3sa5bTXHQ2voLqv1Sl/hmTc/zB3w
+7LdvgP9HVlXJ5mQD68vEKhxLh5s1p5TFrwuFJnjrkQ0Ev7C/wUnmD/AtsOyVZwBq
+YYjgpa7LAjZsEB8uxPtuvRAo5IgchUML+5pLRdVblWQCQOsjOy4XgFOgH+3K9Xyt
+ZujUjAXDxqT2T/Cuj+He0/Hp59bper09KV1kJK3ONH6xAGIevve7myEkH903I6rZ
+Bkd/ohFqvnCfQ+DCDvj4ZJKVdk8DEC+Mx15cem4ZYz7xAkNUcKhAEDvWlUlPHEyW
+sQc6hHsTHSsy9KBQ5CvgxidK4l04cVpV9kqvp6U1ymjEDBg7oskUiNB3AovisB4a
+ENjwYWy2TEZPYntGRszWjCRaWIDeTXDzSM+XYUBA0gnnMGhTRDAJXzY4Z7LYpmwt
+CBd+5pqkiLpa39uwTQuxNbJCJxVKAsNAw/fllZZbADjiyjL2yGfBXgFa9LeTK+le
+Oa3G8j9d3lIaxqAq397Ph29iIAhQ5DgVIzXYKgcRN81mx8MP2fHhzJDeY/gJow3X
+dmguGewXAtV+nJUKPeiugJfqnXH17GEe8WcRarQAXGgxcArV0LXZ2Z6PVGItvxcS
+jywgDpJ0hb/7PHmfheJafDe4C3CNeiE+A2EO9CjMQPuw09B4iN0pctKZfQNLkX23
+8ZnEivfzJ5j6Cgr6W/4sYP7T1bUtDh/oOFLkmbLDPEZxp0hOXv5kL+x26M3OMfgf
+MFdHP+gPNZPprbqJN0hBoC7Ifh3uGzapxi1F1dGws2UwrLWFRS8viWNWj0Q+Sdcx
+y9vBsoJcbDOFb9ZKSJ0zcKgvb2uhY+iti3L8LOJKKN3M7kACDaQRrDDThe6WqjKV
+I95LzwvJpBuqa41Sjo4=
+=ly+t
+-----END PGP MESSAGE-----
+
+--abjqkjsfwqsfa546qw2wfq6sdq2sqwr56qqs--
diff --git a/src/mailman_pgp/pgp/tests/test_mime.py b/src/mailman_pgp/pgp/tests/test_mime.py
index 883e6ca..1415be5 100644
--- a/src/mailman_pgp/pgp/tests/test_mime.py
+++ b/src/mailman_pgp/pgp/tests/test_mime.py
@@ -90,7 +90,7 @@ class TestEncryption(MIMEWrapperTestCase):
@parameterized.expand([
(load_message('mime_encrypted.eml'),
True),
- (load_message('mime_encrypted_then_signed.eml'),
+ (load_message('mime_signed_then_encrypted.eml'),
True)
])
def test_is_encrypted(self, message, encrypted):
@@ -99,7 +99,7 @@ class TestEncryption(MIMEWrapperTestCase):
@parameterized.expand([
(load_message('mime_encrypted.eml'),
True),
- (load_message('mime_encrypted_then_signed.eml'),
+ (load_message('mime_signed_then_encrypted.eml'),
True)
])
def test_has_encryption(self, message, has):
@@ -193,3 +193,16 @@ class TestCombined(MIMEWrapperTestCase):
def test_sign_then_encrypt_decrypt_verify(self, message, sign_key,
encrypt_key):
self.sign_then_encrypt_decrypt_verify(message, sign_key, encrypt_key)
+
+ @parameterized.expand([
+ (load_message('mime_encrypted_signed.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('rsa_1024.pub.asc'),
+ True),
+ (load_message('mime_signed_then_encrypted.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('rsa_1024.pub.asc'),
+ True)
+ ])
+ def test_decrypt_verify(self, message, decrypt_key, verify_key, valid):
+ self.decrypt_verify(message, decrypt_key, verify_key, valid)
diff --git a/src/mailman_pgp/pgp/tests/test_mime_multisig.py b/src/mailman_pgp/pgp/tests/test_mime_multisig.py
index fe08e5b..46b0705 100644
--- a/src/mailman_pgp/pgp/tests/test_mime_multisig.py
+++ b/src/mailman_pgp/pgp/tests/test_mime_multisig.py
@@ -94,3 +94,37 @@ class TestSigning(MultiSigWrapperTestCase):
])
def test_verify(self, message, key, valid):
self.verify(message, key, valid)
+
+
+class TestCombined(MultiSigWrapperTestCase):
+ @parameterized.expand([
+ (load_message('clear.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('ecc_p256.priv.asc')),
+ (load_message('clear_multipart.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('ecc_p256.priv.asc'))
+ ])
+ def test_sign_encrypt_decrypt_verify(self, message, sign_key, encrypt_key):
+ self.sign_encrypt_decrypt_verify(message, sign_key, encrypt_key)
+
+ @parameterized.expand([
+ (load_message('clear.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('ecc_p256.priv.asc')),
+ (load_message('clear_multipart.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('ecc_p256.priv.asc'))
+ ])
+ def test_sign_then_encrypt_decrypt_verify(self, message, sign_key,
+ encrypt_key):
+ self.sign_then_encrypt_decrypt_verify(message, sign_key, encrypt_key)
+
+ @parameterized.expand([
+ (load_message('mime_encrypted_signed.eml'),
+ load_key('rsa_1024.priv.asc'),
+ load_key('rsa_1024.pub.asc'),
+ True)
+ ])
+ def test_decrypt_verify(self, message, decrypt_key, verify_key, valid):
+ self.decrypt_verify(message, decrypt_key, verify_key, valid)
diff --git a/src/mailman_pgp/pgp/tests/test_wrapper.py b/src/mailman_pgp/pgp/tests/test_wrapper.py
index eb096d3..13657ac 100644
--- a/src/mailman_pgp/pgp/tests/test_wrapper.py
+++ b/src/mailman_pgp/pgp/tests/test_wrapper.py
@@ -94,7 +94,7 @@ class TestEncryption(PGPWrapperTestCase):
@parameterized.expand([
(load_message('inline_encrypted.eml'),
True),
- (load_message('mime_encrypted_then_signed.eml'),
+ (load_message('mime_signed_then_encrypted.eml'),
True),
(load_message('inline_cleartext_signed.eml'),
False),
diff --git a/src/mailman_pgp/testing/pgp.py b/src/mailman_pgp/testing/pgp.py
index e16c95e..6b2bc48 100644
--- a/src/mailman_pgp/testing/pgp.py
+++ b/src/mailman_pgp/testing/pgp.py
@@ -168,3 +168,15 @@ class WrapperTestCase(TestCase):
self.assertTrue(bool(sig))
self.assertListEqual(list(decrypted_wrapped.get_signed()),
list(wrapped.get_payload()))
+
+ def decrypt_verify(self, message, decrypt_key, verify_key, valid):
+ wrapped = self.wrap(message)
+ decrypted = wrapped.decrypt(decrypt_key)
+ decrypted_wrapped = self.wrap(decrypted)
+
+ self.assertFalse(decrypted_wrapped.is_encrypted())
+ self.assertTrue(decrypted_wrapped.is_signed())
+
+ verification = decrypted_wrapped.verify(verify_key)
+ for sig in verification:
+ self.assertEqual(bool(sig), valid)
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 16:30:18 +0000