diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-06 14:24:23 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-06 15:04:01 +0000 |
| commit | 286b9d5fa4344de72fe6575fa089237fd7dbb56f (patch) | |
| tree | 752fa289d3ebdf80e55bff1889cb2696a689e951 /test | |
| parent | d584cdcac04235b9323a34c049a1c5dc2cd2a309 (diff) | |
DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)
Diffstat (limited to 'test')
| -rw-r--r-- | test/Makefile.in | 8 | ||||
| -rw-r--r-- | test/aux-fixed/dkim/dkim_ed25519.private | 3 | ||||
| -rwxr-xr-x | test/configure | 14 | ||||
| -rw-r--r-- | test/configure.ac | 2 | ||||
| l--------- | test/confs/4505 | 1 | ||||
| -rw-r--r-- | test/confs/4520 | 8 | ||||
| l--------- | test/confs/4525 | 1 | ||||
| -rw-r--r-- | test/dnszones-src/db.test.ex | 8 | ||||
| -rw-r--r-- | test/log/4502 | 1 | ||||
| -rw-r--r-- | test/log/4503 | 1 | ||||
| -rw-r--r-- | test/log/4504 | 1 | ||||
| -rw-r--r-- | test/log/4505 | 11 | ||||
| -rw-r--r-- | test/log/4506 | 4 | ||||
| -rw-r--r-- | test/log/4520 | 1 | ||||
| -rw-r--r-- | test/log/4525 | 25 | ||||
| -rw-r--r-- | test/mail/4530.y | 8 | ||||
| -rw-r--r-- | test/mail/4530.z | 8 | ||||
| -rwxr-xr-x | test/runtest | 1 | ||||
| -rw-r--r-- | test/scripts/4500-DKIM/4505 | 83 | ||||
| -rw-r--r-- | test/scripts/4500-DKIM/4525 | 24 | ||||
| -rw-r--r-- | test/scripts/4500-DKIM/4530 | 2 | ||||
| -rw-r--r-- | test/src/ed25519_privkey_pem_to_pubkey_raw_b64.c | 139 | ||||
| -rw-r--r-- | test/stderr/0021 | 1 | ||||
| -rw-r--r-- | test/stderr/0022 | 3 | ||||
| -rw-r--r-- | test/stderr/0303 | 2 | ||||
| -rw-r--r-- | test/stderr/0371 | 1 | ||||
| -rw-r--r-- | test/stderr/0386 | 2 | ||||
| -rw-r--r-- | test/stderr/0465 | 2 | ||||
| -rw-r--r-- | test/stderr/0487 | 1 | ||||
| -rw-r--r-- | test/stderr/0575 | 1 | ||||
| -rw-r--r-- | test/stderr/5410 | 3 | ||||
| -rw-r--r-- | test/stderr/5420 | 3 |
32 files changed, 358 insertions, 15 deletions
diff --git a/test/Makefile.in b/test/Makefile.in index edcc4ab78..26631f398 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -8,6 +8,7 @@ CFLAGS=@CFLAGS@ @BIND_8_COMPAT@ @DEFS@ LDFLAGS=@LDFLAGS@ CLIENT_SSL=@CLIENT_SSL@ CLIENT_GNUTLS=@CLIENT_GNUTLS@ +B64_GNUTLS=@B64_GNUTLS@ LOADED=@LOADED@ LOADED_OPT=@LOADED_OPT@ LIBS=@LIBS@ @@ -18,7 +19,8 @@ SRC = @srcdir@/src BINARIES = bin/cf bin/client $(CLIENT_SSL) $(CLIENT_GNUTLS) \ bin/checkaccess bin/fakens bin/fd bin/iefbr14 $(LOADED) \ - bin/mtpscript bin/server bin/showids bin/locate + bin/mtpscript bin/server bin/showids bin/locate \ + $(B64_GNUTLS) # List of targets @@ -85,6 +87,10 @@ bin/locate: $(SRC)/locate.sh Makefile cp $(SRC)/locate.pl bin/locate chmod 0755 bin/locate +bin/ed25519_privkey_pem_to_pubkey_raw_b64: $(SRC)/ed25519_privkey_pem_to_pubkey_raw_b64.c Makefile + $(CC) $(CFLAGS) -DHAVE_GNUTLS $(LDFLAGS) -o bin/ed25519_privkey_pem_to_pubkey_raw_b64 \ + $(SRC)/ed25519_privkey_pem_to_pubkey_raw_b64.c -lgnutls -lgcrypt $(LIBS) + clean:; rm -rf $(BINARIES) bin.sys FORCE: diff --git a/test/aux-fixed/dkim/dkim_ed25519.private b/test/aux-fixed/dkim/dkim_ed25519.private new file mode 100644 index 000000000..a532b8d74 --- /dev/null +++ b/test/aux-fixed/dkim/dkim_ed25519.private @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIMCVDSGjt6hBzzc/Km1UBZ7nMcvLCZSqeiay3rhuQIqF +-----END PRIVATE KEY----- diff --git a/test/configure b/test/configure index 26489c630..78f734198 100755 --- a/test/configure +++ b/test/configure @@ -623,6 +623,7 @@ ac_subst_vars='LTLIBOBJS LIBOBJS LOADED_OPT LOADED +B64_GNUTLS CLIENT_GNUTLS CLIENT_SSL BIND_8_COMPAT @@ -3242,6 +3243,18 @@ fi done +for ac_header in gnutls/gnutls.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "gnutls/gnutls.h" "ac_cv_header_gnutls_gnutls_h" "$ac_includes_default" +if test "x$ac_cv_header_gnutls_gnutls_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GNUTLS_GNUTLS_H 1 +_ACEOF + B64_GNUTLS=bin/ed25519_privkey_pem_to_pubkey_raw_b64 +fi + +done + @@ -3501,6 +3514,7 @@ fi + ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF diff --git a/test/configure.ac b/test/configure.ac index 017d22d38..858b8e30f 100644 --- a/test/configure.ac +++ b/test/configure.ac @@ -18,6 +18,7 @@ dnl Checks for header files. AC_CHECK_HEADERS(sys/socket.h) AC_CHECK_HEADERS(openssl/crypto.h,[CLIENT_SSL=bin/client-ssl]) AC_CHECK_HEADERS(gnutls/gnutls.h,[CLIENT_GNUTLS=bin/client-gnutls]) +AC_CHECK_HEADERS(gnutls/gnutls.h,[B64_GNUTLS=bin/ed25519_privkey_pem_to_pubkey_raw_b64]) dnl The check on dynamically loaded modules requires the building of dnl something to load. This seems to be something that varies between @@ -61,6 +62,7 @@ dnl "Export" these variables AC_SUBST(BIND_8_COMPAT) AC_SUBST(CLIENT_SSL) AC_SUBST(CLIENT_GNUTLS) +AC_SUBST(B64_GNUTLS) AC_SUBST(LOADED) AC_SUBST(LOADED_OPT) AC_SUBST(LIBS) diff --git a/test/confs/4505 b/test/confs/4505 new file mode 120000 index 000000000..c4f73bacd --- /dev/null +++ b/test/confs/4505 @@ -0,0 +1 @@ +4500
\ No newline at end of file diff --git a/test/confs/4520 b/test/confs/4520 index 9092c74dc..8332fa1d1 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -50,9 +50,11 @@ send_to_server: dkim_selector = sel .endif - dkim_private_key = ${if match {$dkim_selector}{^ses} {DDIR/dkim512.private} \ - {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \ - {}}}} + dkim_private_key = ${extract {${length_3:$dkim_selector}} {\ + ses=dkim512.private \ + sel=dkim.private \ + sed=dkim_ed25519.private \ + }{DDIR/$value}} .ifndef HEADERS_MAXSIZE dkim_sign_headers = OPT diff --git a/test/confs/4525 b/test/confs/4525 new file mode 120000 index 000000000..072f5faf2 --- /dev/null +++ b/test/confs/4525 @@ -0,0 +1 @@ +4520
\ No newline at end of file diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index 9bd39dfeb..08aadb963 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -553,4 +553,12 @@ ses_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB sel2._domainkey TXT "v=spf1 mx a include:spf.nl2go.com -all" sel2._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" +; EC signing, using Ed25519 +; - needs GnuTLS 3.6.0 (fedora rawhide has that) +; certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private +; bin/ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private + +sed._domainkey TXT "v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E=" + + ; End diff --git a/test/log/4502 b/test/log/4502 index efe78d2f0..dbbaa7420 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -10,6 +10,7 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 PDKIM: d=test.ex s=sel_bad [failed key import] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4503 b/test/log/4503 index 55374fa33..2693a947c 100644 --- a/test/log/4503 +++ b/test/log/4503 @@ -1,6 +1,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4504 b/test/log/4504 index a4dee26bc..b67852209 100644 --- a/test/log/4504 +++ b/test/log/4504 @@ -1,6 +1,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel2 c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4505 b/test/log/4505 new file mode 100644 index 000000000..388fcf58e --- /dev/null +++ b/test/log/4505 @@ -0,0 +1,11 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: kitterman.org bits: 512 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: @kitterman.org bits: 512 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com diff --git a/test/log/4506 b/test/log/4506 index 1c39568c0..62cea9db4 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -10,8 +10,8 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: validation error: RSA_LONG_LINE -1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: validation error: LONG_LINE +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: Error during validation, disabling signature verification: LONG_LINE 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] diff --git a/test/log/4520 b/test/log/4520 index 593cd6692..44a12694d 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -80,6 +80,7 @@ 1999-03-02 09:44:33 10HmbK-0005vi-00 => :blackhole: <c@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbM-0005vi-00 PDKIM: d=test.ex s=sel_bad [failed key import] 1999-03-02 09:44:33 10HmbM-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmbM-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbM-0005vi-00 data acl: dkim status invalid diff --git a/test/log/4525 b/test/log/4525 new file mode 100644 index 000000000..a2c502607 --- /dev/null +++ b/test/log/4525 @@ -0,0 +1,25 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server_dump +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass:pass +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <b@test.ex> R=server_dump +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/mail/4530.y b/test/mail/4530.y index 445e41a95..35543799b 100644 --- a/test/mail/4530.y +++ b/test/mail/4530.y @@ -5,10 +5,10 @@ Received: from localhost ([127.0.0.1] helo=testhost.test.ex) id 10HmaY-0005vi-00 for y@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; - s=sel; h=LIST; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=TIqPqpKM5qf - ZFlv2H8yio5RybWA3sLCtVmE6HmBhBKqW+uqLKG2grqJhVMJ3qXnvQQ3ixnMjMlJqfCpEBtxfsSR9 - MGLPP9ZMdlrBNEL6XKlgE+X8bAra5zkuLZs8gy8H3/mtEfoKPs4ltB/ZK/j2FHG2+CEx+TDTIkh9E - wkAMrA=; + s=sel; h=Subject; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=JTYpVY1D + sO37MibaZTC2CgpQAZlz/lRefFQv3Q7JM4D0aUfseT24Xg+kxv3xc5guSzKWQzycm3zie366tHape + lu70O4/5+Dyr0f/FKjmYxT+ALcIzuVN7Rty2JioBG07aryqJqmcR0xpmiggctb/h/2a/JGRKPcDWO + psj50XQNQ=; Received: from [127.0.0.1] (helo=xxx) by testhost.test.ex with esmtp (Exim x.yz) (envelope-from <CALLER@bloggs.com>) diff --git a/test/mail/4530.z b/test/mail/4530.z index 1b4735507..f81ae7b01 100644 --- a/test/mail/4530.z +++ b/test/mail/4530.z @@ -5,10 +5,10 @@ Received: from localhost ([127.0.0.1] helo=testhost.test.ex) id 10HmaX-0005vi-00 for z@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; - s=sel; h=LIST; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=TIqPqpKM5qf - ZFlv2H8yio5RybWA3sLCtVmE6HmBhBKqW+uqLKG2grqJhVMJ3qXnvQQ3ixnMjMlJqfCpEBtxfsSR9 - MGLPP9ZMdlrBNEL6XKlgE+X8bAra5zkuLZs8gy8H3/mtEfoKPs4ltB/ZK/j2FHG2+CEx+TDTIkh9E - wkAMrA=; + s=sel; h=Subject; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=JTYpVY1D + sO37MibaZTC2CgpQAZlz/lRefFQv3Q7JM4D0aUfseT24Xg+kxv3xc5guSzKWQzycm3zie366tHape + lu70O4/5+Dyr0f/FKjmYxT+ALcIzuVN7Rty2JioBG07aryqJqmcR0xpmiggctb/h/2a/JGRKPcDWO + psj50XQNQ=; Received: from [127.0.0.1] (helo=xxx) by testhost.test.ex with esmtp (Exim x.yz) (envelope-from <CALLER@bloggs.com>) diff --git a/test/runtest b/test/runtest index 41531609e..035c56cdc 100755 --- a/test/runtest +++ b/test/runtest @@ -1194,6 +1194,7 @@ RESET_AFTER_EXTRA_LINE_READ: # openssl version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; + s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:int_rsa_verify:bad signature$/$1Public key signature verification has failed./; } # ======== All files other than stderr ======== diff --git a/test/scripts/4500-DKIM/4505 b/test/scripts/4500-DKIM/4505 new file mode 100644 index 000000000..0be08ea31 --- /dev/null +++ b/test/scripts/4500-DKIM/4505 @@ -0,0 +1,83 @@ +# DKIM verify, ed25519 +# +exim -DSERVER=server -bd -oX PORT_D +**** +# +# This should pass, only Mail::DKIM::Signer does not handle ed25519-sha256 yet +# +# Mail original (will be)in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=ed255190sha256 \ +# --method=simple/simple < aux-fixed/4500.msg1.txt +# +# TODO - until we have that we can only test internal consistency, +# signing vs. verification. For now, use a message we signed with +# the Exim GnuTLS implementation (then we can test GnuTLS vs. others) +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex + ; s=sed; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; + b=5fhyD3EILDrnL4DnkD4hDaeis7+GSzL9GMHrhIDZJjuJ00WD5iI8SQ1q9rDfzFL/Kdw0VIyB4R + Dq0a4H6HI+Bw==; +Received: from jgh by myhost.test.ex with local (Exim x.yz) + envelope-from <jgh@myhost.test.ex>) + 1dtXln-0000YP-Hb + a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100 +From: nobody@example.com +Message-Id: <E1dtXln-0000YP-Hb@myhost.test.ex> +Sender: CALLER_NAME <jgh@myhost.test.ex> +Date: Sun, 17 Sep 2017 12:29:51 +0100 + +content +. +??? 250 +QUIT +??? 221 +**** +# +# +# This should pass, an independently-generated sample from Scott Kitterman. +# I don't want to retain this longterm as it hits an external DNS record, +# not under the testsuite. +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.org; + i=@kitterman.org; q=dns/txt; s=ed25519; t=1517847601; + h=message-id : date : from : to : subject : date : from : + subject; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=; + b=sEnnE99Xsjpcqa/cNf8k/KQCEgjJ/4tswIKoNvq2q0fFQL6XBORJ2fQb + Fvt34Tb4sOxlZtBYu01kEJlmGz4uCw== +Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=example.com; dmarc=pass +Received: from localhost +Message-ID: <example@example.com> +Date: Mon, 01 Jan 2011 01:02:03 +0400 +From: Test User <test@example.com> +To: somebody@example.com +Subject: Testing + +This is a test message. +. +??? 250 +QUIT +??? 221 +**** +# +killdaemon +no_stdout_check +no_msglog_check diff --git a/test/scripts/4500-DKIM/4525 b/test/scripts/4500-DKIM/4525 new file mode 100644 index 000000000..cc53a96c0 --- /dev/null +++ b/test/scripts/4500-DKIM/4525 @@ -0,0 +1,24 @@ +# DKIM signing, ed25519 +# +exim -bd -DSERVER=server -oX PORT_D +**** +# +# Privkey used here is: aux-fixed/dkim/dkim_ed25519.private (set in the conf) +# +exim -DSELECTOR=sed -DOPT=From:To:Subject -odf a@test.ex +From: nobody@example.com + +content +**** +# +# Multiple-signing test (rsa + ed25519) +# +exim -DSELECTOR=sed:sel -DOPT=From: -odf b@test.ex +From: nobody@example.com + +content +**** +# +millisleep 500 +killdaemon +no_msglog_check diff --git a/test/scripts/4500-DKIM/4530 b/test/scripts/4500-DKIM/4530 index 1465d5896..fb98e5564 100644 --- a/test/scripts/4500-DKIM/4530 +++ b/test/scripts/4500-DKIM/4530 @@ -1,6 +1,6 @@ # DKIM, CHUNKING, wireformat-spoolfile # -exim -bd -DSERVER=server -DOPT=dkim -oX PORT_S:PORT_D +exim -bd -DSERVER=server -DOPT=dkim -DLIST=Subject -oX PORT_S:PORT_D **** # # 1: non-CHUNKING injection; will not be stored as wireformat therefore diff --git a/test/src/ed25519_privkey_pem_to_pubkey_raw_b64.c b/test/src/ed25519_privkey_pem_to_pubkey_raw_b64.c new file mode 100644 index 000000000..f6639b758 --- /dev/null +++ b/test/src/ed25519_privkey_pem_to_pubkey_raw_b64.c @@ -0,0 +1,139 @@ + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +/* Unix includes */ + +typedef unsigned char uschar; + +#define CS (char *) +#define US (unsigned char *) + +#define FALSE 0 +#define TRUE 1 + + + +#ifdef HAVE_GNUTLS + + +#include <gnutls/gnutls.h> +#include <gnutls/abstract.h> +#include <gnutls/x509.h> + +#if GNUTLS_VERSION_NUMBER >= 0x030600 +# define SIGN_HAVE_ED25519 +#endif + + + +static uschar *enc64table = + US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +uschar * +b64encode(uschar *clear, int len) +{ +uschar *code = malloc(4*((len+2)/3) + 2); +uschar *p = code; + +while (len-- >0) + { + int x, y; + + x = *clear++; + *p++ = enc64table[(x >> 2) & 63]; + + if (len-- <= 0) + { + *p++ = enc64table[(x << 4) & 63]; + *p++ = '='; + *p++ = '='; + break; + } + + y = *clear++; + *p++ = enc64table[((x << 4) | ((y >> 4) & 15)) & 63]; + + if (len-- <= 0) + { + *p++ = enc64table[(y << 2) & 63]; + *p++ = '='; + break; + } + + x = *clear++; + *p++ = enc64table[((y << 2) | ((x >> 6) & 3)) & 63]; + + *p++ = enc64table[x & 63]; + } + +*p = 0; + +return code; +} + +/************************************************* +* Main Program * +*************************************************/ + + +int +main(int argc, char **argv) +{ +uschar * pemfile = argv[1]; +int fd; +uschar buf[1024]; +int len, rc; +gnutls_privkey_t privkey; +gnutls_datum_t k; +gnutls_pubkey_t pubkey; +uschar * b64; + +#ifdef SIGN_HAVE_ED25519 +if ((fd = open(CS pemfile, O_RDONLY)) < 0) + exit(1); + +if ((len = read(fd, buf, sizeof(buf)-1)) < 0) + exit(2); + +k.data = buf; +k.size = len; + +if ( (rc = gnutls_privkey_init(&privkey)) + || (rc = gnutls_privkey_import_x509_raw(privkey, &k, GNUTLS_X509_FMT_PEM, NULL, GNUTLS_PKCS_PLAIN)) + || (rc = gnutls_pubkey_init(&pubkey)) + || (rc = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, 0)) + || (rc = gnutls_pubkey_export_ecc_raw2(pubkey, NULL, &k, NULL, GNUTLS_EXPORT_FLAG_NO_LZ)) + ) + fprintf(stderr, "%s\n", gnutls_strerror(rc)); + +b64 = b64encode(k.data, k.size); + +printf("%s\n", b64); +exit(0); + +#else +fprintf(stderr, "No support for ed25519 signing in GnuTLS (version %s)\n", gnutls_check_version(NULL)); +exit(3); +#endif +} + +#endif + +#ifdef HAVE_OPENSSL +int +main(int argc, char **argv) +{ +fprintf(stderr, "No support for ed25519 signing in OpenSSL\n"); +exit(3); +} + +#endif diff --git a/test/stderr/0021 b/test/stderr/0021 index 207889b0d..dd1cb8c7b 100644 --- a/test/stderr/0021 +++ b/test/stderr/0021 @@ -184,6 +184,7 @@ end of ACL "rcpt": ACCEPT >>Headers added by MAIL or RCPT ACL: X-ACL-Warn: added header line >> +PDKIM: no signatures LOG: MAIN <= ok@test3 H=[10.9.8.8] U=CALLER P=smtp S=sss Exim version x.yz .... diff --git a/test/stderr/0022 b/test/stderr/0022 index c558b4226..4b149a426 100644 --- a/test/stderr/0022 +++ b/test/stderr/0022 @@ -53,6 +53,7 @@ P Received: from [V4NET.9.8.7] (envelope-from <x@y>) id 10HmbF-0005vi-00 for warn_empty@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN @@ -123,6 +124,7 @@ P Received: from [V4NET.9.8.7] (envelope-from <x@y>) id 10HmbG-0005vi-00 for warn_log@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN @@ -194,6 +196,7 @@ P Received: from [V4NET.9.8.7] >>Headers added by MAIL or RCPT ACL: X-ACL-Warn: warn user message >> +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN diff --git a/test/stderr/0303 b/test/stderr/0303 index edf35c14f..5853432ca 100644 --- a/test/stderr/0303 +++ b/test/stderr/0303 @@ -101,6 +101,7 @@ P Received: from [V4NET.2.3.4] by myhost.test.ex with esmtp (Exim x.yz) id 10HmaX-0005vi-00 for x@y; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN @@ -177,6 +178,7 @@ P Received: from host.name.tld ([V4NET.2.3.4]) by myhost.test.ex with esmtp (Exim x.yz) id 10HmaY-0005vi-00 for x@y; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN diff --git a/test/stderr/0371 b/test/stderr/0371 index 9ff930690..9ecca772c 100644 --- a/test/stderr/0371 +++ b/test/stderr/0371 @@ -87,6 +87,7 @@ P Received: from [V4NET.0.0.0] (helo=something) (envelope-from <x@y>) id 10HmaX-0005vi-00 for x@y; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures using ACL "data" processing "accept" check set acl_m0 = $acl_m0; data diff --git a/test/stderr/0386 b/test/stderr/0386 index 245137ea2..89f313b93 100644 --- a/test/stderr/0386 +++ b/test/stderr/0386 @@ -206,6 +206,7 @@ P Received: from [V4NET.11.12.13] (ident=CALLER) X-Warning: V4NET.11.12.13 is listed at rbl.test.ex X-Warning: This is a test blacklisting message >> +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL Writing spool header file: TESTSUITE/spool//input//hdr.pppp @@ -389,6 +390,7 @@ P Received: from [V4NET.11.12.13] (ident=CALLER) X-Warning: V4NET.11.12.13 is listed at rbl.test.ex X-Warning: This is a test blacklisting message >> +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL Writing spool header file: TESTSUITE/spool//input//hdr.pppp diff --git a/test/stderr/0465 b/test/stderr/0465 index 52dcbf3d5..6d5e59593 100644 --- a/test/stderr/0465 +++ b/test/stderr/0465 @@ -79,6 +79,7 @@ Data file written for message 10HmaY-0005vi-00 P Received: from CALLER by myhost.test.ex with local-smtp (Exim x.yz) id 10HmaY-0005vi-00 for abc@domain; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures using ACL "check_data" processing "accept" check verify = header_syntax @@ -152,6 +153,7 @@ Data file written for message 10HmaX-0005vi-00 P Received: from CALLER by myhost.test.ex with local-smtp (Exim x.yz) id 10HmaX-0005vi-00 for abc@xyz; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures using ACL "check_data" processing "accept" check verify = header_syntax diff --git a/test/stderr/0487 b/test/stderr/0487 index ad2daa2f8..e65c6a7eb 100644 --- a/test/stderr/0487 +++ b/test/stderr/0487 @@ -59,6 +59,7 @@ P Received: from CALLER (helo=x.y) (envelope-from <x@y>) id 10HmaX-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL Writing spool header file: TESTSUITE/spool//input//hdr.pppp diff --git a/test/stderr/0575 b/test/stderr/0575 index 73467881a..c2df9c7da 100644 --- a/test/stderr/0575 +++ b/test/stderr/0575 @@ -48,6 +48,7 @@ P Received: from [V4NET.0.0.0] (envelope-from <x@y>) id 10HmaX-0005vi-00 for x@y; Tue, 2 Mar 1999 09:44:33 +0000 +PDKIM: no signatures calling local_scan(); timeout=300 local_scan() returned 0 NULL LOG: MAIN diff --git a/test/stderr/5410 b/test/stderr/5410 index 946c48a2a..3f2c47994 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -227,6 +227,7 @@ end of inline ACL: ACCEPT for userx@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 @@ -441,6 +442,7 @@ end of inline ACL: ACCEPT for usery@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 @@ -655,6 +657,7 @@ end of inline ACL: ACCEPT for usery@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/stderr/5420 b/test/stderr/5420 index 97af80b4f..d2dc05d94 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -226,6 +226,7 @@ end of inline ACL: ACCEPT for userx@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 @@ -440,6 +441,7 @@ end of inline ACL: ACCEPT for usery@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 @@ -654,6 +656,7 @@ end of inline ACL: ACCEPT for usery@domain.com ----------- start cutthrough headers send ----------- ----------- done cutthrough headers send ------------ +PDKIM: no signatures ┌considering: ${tod_full} ├──expanding: ${tod_full} └─────result: Tue, 2 Mar 1999 09:44:33 +0000 |