From 9e70917d0aa5e51f584b2af69ce80df458ac5c79 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 12 Sep 2017 17:49:58 +0100
Subject: DKIM: support multiple signing, by selector

---
 test/confs/4520             |  7 ++++++-
 test/confs/4524             |  1 +
 test/log/4520               |  2 +-
 test/log/4524               | 12 ++++++++++++
 test/scripts/4500-DKIM/4520 |  2 +-
 test/scripts/4500-DKIM/4524 | 14 ++++++++++++++
 test/stderr/4520            | 12 ++++++++----
 7 files changed, 43 insertions(+), 7 deletions(-)
 create mode 120000 test/confs/4524
 create mode 100644 test/log/4524
 create mode 100644 test/scripts/4500-DKIM/4524

(limited to 'test')

diff --git a/test/confs/4520 b/test/confs/4520
index 449702855..5f4649846 100644
--- a/test/confs/4520
+++ b/test/confs/4520
@@ -12,6 +12,7 @@ primary_hostname = myhost.test.ex
 acl_smtp_rcpt = accept
 acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
 
+DDIR=DIR/aux-fixed/dkim
 
 # ----- Routers
 
@@ -42,7 +43,11 @@ send_to_server:
 .else
   dkim_selector =	sel
 .endif
-  dkim_private_key =	DIR/aux-fixed/dkim/dkim.private
+
+  dkim_private_key =	${if match {$dkim_selector}{^ses}	{DDIR/dkim512.private} \
+			  {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \
+			  {}}}}
+
 .ifndef HEADERS_MAXSIZE
   dkim_sign_headers =	OPT
 .endif
diff --git a/test/confs/4524 b/test/confs/4524
new file mode 120000
index 000000000..072f5faf2
--- /dev/null
+++ b/test/confs/4524
@@ -0,0 +1 @@
+4520
\ No newline at end of file
diff --git a/test/log/4520 b/test/log/4520
index e9736fd6f..73854cfc1 100644
--- a/test/log/4520
+++ b/test/log/4520
@@ -29,7 +29,7 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <c@test.ex> R=server_dump
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record]
-1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=From
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <d@test.ex> R=server_dump
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/log/4524 b/test/log/4524
new file mode 100644
index 000000000..a6d687c83
--- /dev/null
+++ b/test/log/4524
@@ -0,0 +1,12 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 h=From:To:Subject
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <c@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
diff --git a/test/scripts/4500-DKIM/4520 b/test/scripts/4500-DKIM/4520
index 6efe3545a..3e5879972 100644
--- a/test/scripts/4500-DKIM/4520
+++ b/test/scripts/4500-DKIM/4520
@@ -26,7 +26,7 @@ content
 ****
 #
 # check that on signing we warn in debug mode about verify problems
-exim -d-all+acl -DHEADERS_MAXSIZE=y -DSELECTOR=sel_bad -odf d@test.ex
+exim -d-all+acl -DOPT=From -DSELECTOR=sel_bad -odf d@test.ex
 From: nobody@example.com
 
 content
diff --git a/test/scripts/4500-DKIM/4524 b/test/scripts/4500-DKIM/4524
new file mode 100644
index 000000000..9737ad583
--- /dev/null
+++ b/test/scripts/4500-DKIM/4524
@@ -0,0 +1,14 @@
+# DKIM signing, multiple
+#
+exim -bd -DSERVER=server -oX PORT_D
+****
+#
+exim -DSELECTOR=ses:sel -DOPT=From:To:Subject -odf c@test.ex
+From: nobody@example.com
+
+content
+****
+#
+millisleep 500
+killdaemon
+no_msglog_check
diff --git a/test/stderr/4520 b/test/stderr/4520
index fc64a9e93..d8d2d7a03 100644
--- a/test/stderr/4520
+++ b/test/stderr/4520
@@ -25,6 +25,7 @@ cmd buf flush ddd bytes
   SMTP<< 354 Enter message, ending with "." on a line by itself
 PDKIM (checking verify key)>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+ sel_bad._domainkey.test.ex.
  Raw record: v=DKIM1\;{SP}p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB
  v=DKIM1\
  p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB
@@ -34,13 +35,16 @@ WARNING: bad dkim key in dns
 PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
 content{CR}{LF}
 PDKIM [test.ex] Body bytes hashed: 9
-PDKIM [test.ex] Body hash computed: fc06f48221d98ad6106c3845b33a2a41152482ab9e697f736ad26db4853fa657
+PDKIM [test.ex] Body sha256 computed: fc06f48221d98ad6106c3845b33a2a41152482ab9e697f736ad26db4853fa657
+PDKIM >> Headers to be signed:                            >>>>>>>>>>>>
+ From
 PDKIM >> Header data for hash, canonicalized, in sequence >>>>>>>>>>>>
-sender:CALLER_NAME{SP}<CALLER@myhost.test.ex>{CR}{LF}
-message-id:<E10HmbD-0005vi-00@myhost.test.ex>{CR}{LF}
 from:nobody@example.com{CR}{LF}
+PDKIM >> Signed DKIM-Signature header, pre-canonicalized >>>>>>>>>>>>>
+DKIM-Signature:{SP}v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=test.ex;{CR}{LF}{TB}s=sel_bad;{SP}h=From;{SP}bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;{SP}b=;
 PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
-dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=test.ex;{SP}s=sel_bad;{SP}h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:{SP}Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:{SP}Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:{SP}In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:{SP}List-Post:List-Owner:List-Archive;{SP}bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;{SP}b=;
+dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=test.ex;{SP}s=sel_bad;{SP}h=From;{SP}bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;{SP}b=;
+PDKIM [test.ex] Header sha256 computed: 241e16230df5723d899cfae9474c6b376a2ab1f81d1094e358f50ffd0e0067b3
   SMTP<< 250 OK id=10HmbE-0005vi-00
   SMTP>> QUIT
 cmd buf flush ddd bytes
-- 
cgit v1.2.3