From 321ef002e23ff171922075988bcd8e77bae884b7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 13 Apr 2018 11:51:50 +0100 Subject: DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkey --- test/dnszones-src/db.test.ex | 8 +++++++- test/log/4540 | 16 ++++++++++------ test/scripts/4540-DKIM-Ed25519/4540 | 36 +++++++++++++++++++++++++++++++++++- 3 files changed, 52 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index b8abd2845..492ee5df8 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -556,9 +556,15 @@ sel2._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+ ; EC signing, using Ed25519 ; - needs GnuTLS 3.6.0 (fedora rawhide has that) ; certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private -; ../src/util/ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private +; certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64 sed._domainkey TXT "v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E=" +; version of the above wrapped in SubjectPublicKeyInfo, in case the WG plumps in that direction +; certtool --load_privkey=aux-fixed/dkim/dkim_ed25519.private --pubkey_info +; (and grab the b64 content from between the pem headers) + +sedw._domainkey TXT "v=DKIM1; k=ed25519; p=MCowBQYDK2VwAyEAsPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E=" + ; End diff --git a/test/log/4540 b/test/log/4540 index 58039465a..7d0c92bd7 100644 --- a/test/log/4540 +++ b/test/log/4540 @@ -5,9 +5,13 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sed header.a=ed25519-sha256 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: kitterman.org bits: 512 -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] -1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: @kitterman.org bits: 512 -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] -1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=kitterman.org header.i=@kitterman.org header.s=ed25519 header.a=ed25519-sha256 -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sedw c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sedw header.a=ed25519-sha256 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: kitterman.org bits: 512 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: @kitterman.org bits: 512 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=kitterman.org header.i=@kitterman.org header.s=ed25519 header.a=ed25519-sha256 +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com diff --git a/test/scripts/4540-DKIM-Ed25519/4540 b/test/scripts/4540-DKIM-Ed25519/4540 index 0be08ea31..504676e7c 100644 --- a/test/scripts/4540-DKIM-Ed25519/4540 +++ b/test/scripts/4540-DKIM-Ed25519/4540 @@ -6,7 +6,7 @@ exim -DSERVER=server -bd -oX PORT_D # This should pass, only Mail::DKIM::Signer does not handle ed25519-sha256 yet # # Mail original (will be)in aux-fixed/4500.msg1.txt -# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=ed255190sha256 \ +# Sig (would be) generated by: perl aux-fixed/dkim/sign.pl --algorithm=ed255190sha256 \ # --method=simple/simple < aux-fixed/4500.msg1.txt # # TODO - until we have that we can only test internal consistency, @@ -44,6 +44,40 @@ QUIT **** # # +# Duplicate of the above, but referencing a pubkey in "wrapped-in-SubjectPublicKeyInfo" +# format. Should pass also. +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex + ; s=sedw; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; + b=g0aVl5sI4fFLWDwXj9SnLgENXg2u8H8kKgK5/bXBZ7DKAImkm2+4tRzz1UOveu/Navis53Bg/C + 9nPxsspzb/Dg==; +Received: from jgh by myhost.test.ex with local (Exim x.yz) + envelope-from ) + 1dtXln-0000YP-Hb + a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Sun, 17 Sep 2017 12:29:51 +0100 + +content +. +??? 250 +QUIT +??? 221 +**** +# +# + # This should pass, an independently-generated sample from Scott Kitterman. # I don't want to retain this longterm as it hits an external DNS record, # not under the testsuite. -- cgit v1.2.3