DKIM: dkim_verify_min_keysizes option

author: Jeremy Harris <jgh146exb@wizmail.org> 2020-04-25 20:50:07 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2020-04-26 12:40:34 +0100
commit: be24b950ae0db88b1c9811b3a028e95133c55efa (patch)
tree: df0508c57dab4c921320107da467c7cb45bcd4cb /test/scripts
parent: a841a6eca79ff08b36f2225dcf89c1c162bb8777 (diff)
2 files changed, 83 insertions, 2 deletions
diff --git a/test/scripts/4500-DKIM/4500 b/test/scripts/4500-DKIM/4500
index 3999d4988..81fa577d9 100644
--- a/test/scripts/4500-DKIM/4500
+++ b/test/scripts/4500-DKIM/4500
@@ -1,6 +1,6 @@
 # DKIM verify, simple canonicalisation
 #
-exim -DSERVER=server -bd -oX PORT_D
+exim -DSERVER=server -DMSIZE='rsa=512 ed25519=250' -bd -oX PORT_D
 ****
 #
 # This should pass.
@@ -138,7 +138,7 @@ QUIT
 killdaemon
 #
 # A verifier that refuses sha1
-exim -DSERVER=server -DOPTION -bd -oX PORT_D
+exim -DSERVER=server -DOPTION -DMSIZE='rsa=512 ed25519c=32' -bd -oX PORT_D
 ****
 #
 # This should fail despite being a passing submission above (with the unlimited verifier).
@@ -174,5 +174,45 @@ QUIT
 ****
 killdaemon
 #
+#
+#
+#
+#
+#
+# With the default keysize minima, a 512b key should fail
+exim -DSERVER=server -bd -oX PORT_D
+****
+#  - sha1, 512b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple --selector=ses \
+#			--keyfile=aux-fixed/dkim/dkim512.private < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+	:date:message-id:subject; s=ses; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+	cIErF1eueIT9AU4qG54FyT3yrlVDDM7RZnuU6fWTevZpAuMqhYcRO8tU3U4vtKWB
+	+I2vd+F1gzqCzBcRtfLhZg==
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
 no_stdout_check
 no_msglog_check
diff --git a/test/scripts/4540-DKIM-Ed25519/4540 b/test/scripts/4540-DKIM-Ed25519/4540
index 22558dfa7..317385041 100644
--- a/test/scripts/4540-DKIM-Ed25519/4540
+++ b/test/scripts/4540-DKIM-Ed25519/4540
@@ -112,5 +112,46 @@ QUIT
 ****
 #
 killdaemon
+#
+#
+#
+#
+# This should fail because the signing pubkey is too small.
+exim -DSERVER=server -DMSIZE='rsa=1024 ed25519=300' -bd -oX PORT_D
+****
+#
+# Duplicate test input to the first one, above.
+#
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex
+	; s=sed; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;
+	 b=5fhyD3EILDrnL4DnkD4hDaeis7+GSzL9GMHrhIDZJjuJ00WD5iI8SQ1q9rDfzFL/Kdw0VIyB4R
+	Dq0a4H6HI+Bw==;
+Received: from jgh by myhost.test.ex with local (Exim x.yz)
+	envelope-from <jgh@myhost.test.ex>)
+	 1dtXln-0000YP-Hb
+	 a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100
+From: nobody@example.com
+Message-Id: <E1dtXln-0000YP-Hb@myhost.test.ex>
+Sender: CALLER_NAME <jgh@myhost.test.ex>
+Date: Sun, 17 Sep 2017 12:29:51 +0100
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
 no_stdout_check
 no_msglog_check
author	Jeremy Harris <jgh146exb@wizmail.org>	2020-04-25 20:50:07 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2020-04-26 12:40:34 +0100
commit	be24b950ae0db88b1c9811b3a028e95133c55efa (patch)
tree	df0508c57dab4c921320107da467c7cb45bcd4cb /test/scripts
parent	a841a6eca79ff08b36f2225dcf89c1c162bb8777 (diff)