DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkey

3 files changed, 52 insertions, 8 deletions

diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index b8abd2845..492ee5df8 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -556,9 +556,15 @@ sel2._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+
 ; EC signing, using Ed25519
 ; - needs GnuTLS 3.6.0 (fedora rawhide has that)
 ;           certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private
-;           ../src/util/ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private
+;	    certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64
 
 sed._domainkey TXT "v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E="
 
+; version of the above wrapped in SubjectPublicKeyInfo, in case the WG plumps in that direction
+;	certtool --load_privkey=aux-fixed/dkim/dkim_ed25519.private --pubkey_info
+;	 (and grab the b64 content from between the pem headers)
+
+sedw._domainkey TXT "v=DKIM1; k=ed25519; p=MCowBQYDK2VwAyEAsPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E="
+
 
 ; End
diff --git a/test/log/4540 b/test/log/4540
index 58039465a..7d0c92bd7 100644
--- a/test/log/4540
+++ b/test/log/4540
@@ -5,9 +5,13 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
 1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n	dkim=pass header.d=test.ex header.s=sed header.a=ed25519-sha256
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: kitterman.org bits: 512
-1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: @kitterman.org bits: 512
-1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n	dkim=pass header.d=kitterman.org header.i=@kitterman.org header.s=ed25519 header.a=ed25519-sha256
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com
+1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 512
+1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sedw c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n	dkim=pass header.d=test.ex header.s=sedw header.a=ed25519-sha256
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 signer: kitterman.org bits: 512
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 signer: @kitterman.org bits: 512
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n	dkim=pass header.d=kitterman.org header.i=@kitterman.org header.s=ed25519 header.a=ed25519-sha256
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com
diff --git a/test/scripts/4540-DKIM-Ed25519/4540 b/test/scripts/4540-DKIM-Ed25519/4540
index 0be08ea31..504676e7c 100644
--- a/test/scripts/4540-DKIM-Ed25519/4540
+++ b/test/scripts/4540-DKIM-Ed25519/4540
@@ -6,7 +6,7 @@ exim -DSERVER=server -bd -oX PORT_D
 # This should pass, only Mail::DKIM::Signer does not handle ed25519-sha256 yet
 #
 # Mail original (will be)in aux-fixed/4500.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=ed255190sha256 \
+# Sig (would be) generated by: perl aux-fixed/dkim/sign.pl --algorithm=ed255190sha256 \
 #			--method=simple/simple < aux-fixed/4500.msg1.txt
 #
 # TODO - until we have that we can only test internal consistency,
@@ -44,6 +44,40 @@ QUIT
 ****
 #
 #
+# Duplicate of the above, but referencing a pubkey in "wrapped-in-SubjectPublicKeyInfo"
+# format.  Should pass also.
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex
+ ; s=sedw; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;
+ b=g0aVl5sI4fFLWDwXj9SnLgENXg2u8H8kKgK5/bXBZ7DKAImkm2+4tRzz1UOveu/Navis53Bg/C
+ 9nPxsspzb/Dg==;
+Received: from jgh by myhost.test.ex with local (Exim x.yz)
+	envelope-from <jgh@myhost.test.ex>)
+	 1dtXln-0000YP-Hb
+	 a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100
+From: nobody@example.com
+Message-Id: <E1dtXln-0000YP-Hb@myhost.test.ex>
+Sender: CALLER_NAME <jgh@myhost.test.ex>
+Date: Sun, 17 Sep 2017 12:29:51 +0100
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+
 # This should pass, an independently-generated sample from Scott Kitterman.
 # I don't want to retain this longterm as it hits an external DNS record,
 # not under the testsuite.