DKIM: preferences for verify algorithms

9 files changed, 188 insertions, 0 deletions

diff --git a/test/confs/4509 b/test/confs/4509
new file mode 100644
index 000000000..5c64a49ab
--- /dev/null
+++ b/test/confs/4509
@@ -0,0 +1,28 @@
+# Exim test configuration 4509
+
+SERVER=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_data = check_data
+
+log_selector = +dkim_verbose
+
+# No sha1 !
+dkim_verify_hashes = sha256 : sha512
+
+queue_only
+queue_run_in_order
+
+
+begin acl
+
+check_data:
+  accept logwrite = ${authresults {$primary_hostname}}
+
+# End
diff --git a/test/confs/4520 b/test/confs/4520
index f345b9197..1f3162342 100644
--- a/test/confs/4520
+++ b/test/confs/4520
@@ -15,6 +15,9 @@ acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim
 acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status
 
 dkim_verify_signers = $dkim_signers
+.ifdef FILTER
+dkim_verify_minimal = true
+.endif
 
 DDIR=DIR/aux-fixed/dkim
 
diff --git a/test/confs/4541 b/test/confs/4541
new file mode 120000
index 000000000..072f5faf2
--- /dev/null
+++ b/test/confs/4541
@@ -0,0 +1 @@
+4520
\ No newline at end of file
diff --git a/test/log/4509 b/test/log/4509
new file mode 100644
index 000000000..0ab1a76f9
--- /dev/null
+++ b/test/log/4509
@@ -0,0 +1,5 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
diff --git a/test/log/4541 b/test/log/4541
new file mode 100644
index 000000000..b8a5f3347
--- /dev/null
+++ b/test/log/4541
@@ -0,0 +1,28 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass:pass
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex for a@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => a <a@test.ex> R=server_store T=file
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [not verified]
+1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass:none
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => b <b@test.ex> R=server_store T=file
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
diff --git a/test/mail/4541.a b/test/mail/4541.a
new file mode 100644
index 000000000..e1c95f022
--- /dev/null
+++ b/test/mail/4541.a
@@ -0,0 +1,26 @@
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+	by myhost.test.ex with esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaY-0005vi-00
+	for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
+	s=sel; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=toy5chxow6W
+	7Nn3qMvjZs+i0H00bQfi+6nakV6i36cRrZM/oWziHrc5IfYZuQunWNUA9UHnatK35Nsl7ZJRBU4em
+	wtzdO60jXnH7ZVyYjKxqTow9uCuuBKCgXdKxt1hpEfY0m7uUKt9OaqA0464NH5wEC4o/pt1aReidE
+	hvI6IY=;
+DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex
+	; s=sed; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=IKNwoUbCe
+	ayHoA7j2L0IU1IFuapa3DrlNx9wPlBodM1iKJ57WGibKzefQNdTjymHPsMlQ9fS+h9ZSsHmVNBdDA
+	==;
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaX-0005vi-00
+	for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+From: nobody@example.com
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+Sender: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+content
+
diff --git a/test/mail/4541.b b/test/mail/4541.b
new file mode 100644
index 000000000..7927bbc46
--- /dev/null
+++ b/test/mail/4541.b
@@ -0,0 +1,26 @@
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+	by myhost.test.ex with esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmbA-0005vi-00
+	for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
+	s=sel; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=toy5chxow6W
+	7Nn3qMvjZs+i0H00bQfi+6nakV6i36cRrZM/oWziHrc5IfYZuQunWNUA9UHnatK35Nsl7ZJRBU4em
+	wtzdO60jXnH7ZVyYjKxqTow9uCuuBKCgXdKxt1hpEfY0m7uUKt9OaqA0464NH5wEC4o/pt1aReidE
+	hvI6IY=;
+DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex
+	; s=sed; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=IKNwoUbCe
+	ayHoA7j2L0IU1IFuapa3DrlNx9wPlBodM1iKJ57WGibKzefQNdTjymHPsMlQ9fS+h9ZSsHmVNBdDA
+	==;
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaZ-0005vi-00
+	for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+From: nobody@example.com
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+Sender: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+content
+
diff --git a/test/scripts/4500-DKIM/4509 b/test/scripts/4500-DKIM/4509
new file mode 100644
index 000000000..c450d65ca
--- /dev/null
+++ b/test/scripts/4500-DKIM/4509
@@ -0,0 +1,41 @@
+# DKIM verify, dkim_verify_hashes option
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# This should not ve verified, as the config ignores the sha1 sig
+#  - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+	:date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+	PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+	41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+	1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+killdaemon
+#
+no_stdout_check
+no_msglog_check
diff --git a/test/scripts/4540-DKIM-Ed25519/4541 b/test/scripts/4540-DKIM-Ed25519/4541
new file mode 100644
index 000000000..cec41df0f
--- /dev/null
+++ b/test/scripts/4540-DKIM-Ed25519/4541
@@ -0,0 +1,30 @@
+# DKIM verify, multiple and dkim_verify_minimal
+# This relies on multiple-signing working (4545 tests that)
+#
+# Verify both
+exim -bd -DSERVER=server -oX PORT_D
+****
+#
+exim -DSELECTOR=sel:sed -DOPT=From: -odf a@test.ex
+From: nobody@example.com
+
+content
+****
+#
+millisleep 500
+killdaemon
+#
+#
+# Verify only EC sig
+exim -bd -DSERVER=server -DFILTER=y -oX PORT_D
+****
+#
+exim -DSELECTOR=sel:sed -DOPT=From: -odf b@test.ex
+From: nobody@example.com
+
+content
+****
+#
+millisleep 500
+killdaemon
+no_msglog_check