diff --git a/ChangeLog b/ChangeLog index 34df70d..69f0fcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ UNRELEASED Version 0.7.0 - - Initial ed25519 implementation assuming use of ed25519-sh512 and base64 - encoded keys - experimental - IETF draft not updated yet + - Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto-08 + experimental - IETF draft, design not finalized - Port dkimsign.py to use argparse; now gives standard usage message and is more extensible - Add command line options to dkimsign.py to select header and body diff --git a/dkim/__init__.py b/dkim/__init__.py index fc4d369..866727b 100644 --- a/dkim/__init__.py +++ b/dkim/__init__.py @@ -44,6 +44,12 @@ try: except: pass +# only needed for ed25519 signing/verification +try: + import nacl.signing + import nacl.encoding +except: + pass from dkim.canonicalization import ( CanonicalizationPolicy, @@ -78,6 +84,8 @@ __all__ = [ "MessageFormatError", "ParameterError", "ValidationError", + "AuthresNotFoundError", + "NaClNotFoundError", "CV_Pass", "CV_Fail", "CV_None", @@ -152,6 +160,13 @@ class AuthresNotFoundError(DKIMException): """ Authres Package not installed, needed for ARC """ pass +class NaClNotFoundError(DKIMException): + """ Nacl package not installed, needed for ed25119 signatures """ + pass + +class UnknownKeyTypeError(DKIMException): + """ Key type (k tag) is not known (rsa/ed25519) """ + def select_headers(headers, include_headers): """Select message header fields to be signed/verified. @@ -197,6 +212,20 @@ def hash_headers(hasher, canonicalize_headers, headers, include_headers, hasher.update(y) return sign_headers +def hash_headers_ed25519(pk, canonicalize_headers, headers, include_headers, + sigheader, sig): + """Update hash for signed message header fields.""" + hash_header = '' + sign_headers = select_headers(headers,include_headers) + # The call to _remove() assumes that the signature b= only appears + # once in the signature header + cheaders = canonicalize_headers.canonicalize_headers( + [(sigheader[0], RE_BTAG.sub(b'\\1',sigheader[1]))]) + # the dkim sig is hashed with no trailing crlf, even if the + # canonicalization algorithm would add one. + for x,y in sign_headers + [(x, y.rstrip()) for x,y in cheaders]: + hash_header += x + y + return sign_headers, hash_header def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'd', b'h', b's'], arc=False): """Validate DKIM or ARC Signature fields. @@ -356,13 +385,22 @@ def load_pk_from_dns(name, dnsfunc=get_txt): except InvalidTagValueList as e: raise KeyFormatError(e) try: - pk = parse_public_key(base64.b64decode(pub[b'p'])) - keysize = bitsize(pk['modulus']) + if pub[b'k'] == b'ed25519': + pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder) + keysize = 256 + ktag = b'ed25519' except KeyError: - raise KeyFormatError("incomplete public key: %s" % s) - except (TypeError,UnparsableKeyError) as e: - raise KeyFormatError("could not parse public key (%s): %s" % (pub[b'p'],e)) - return pk, keysize + pub[b'k'] = b'rsa' + if pub[b'k'] == b'rsa': + try: + pk = parse_public_key(base64.b64decode(pub[b'p'])) + keysize = bitsize(pk['modulus']) + except KeyError: + raise KeyFormatError("incomplete public key: %s" % s) + except (TypeError,UnparsableKeyError) as e: + raise KeyFormatError("could not parse public key (%s): %s" % (pub[b'p'],e)) + ktag = b'rsa' + return pk, keysize, ktag #: Abstract base class for holding messages and options during DKIM/ARC signing and verification. class DomainSigner(object): @@ -513,10 +551,14 @@ class DomainSigner(object): h, canon_policy, headers, include_headers, header, sig) self.logger.debug("sign %s headers: %r" % (header_name, h.hashed())) - try: - sig2 = RSASSA_PKCS1_v1_5_sign(h, pk) - except DigestTooLargeError: - raise ParameterError("digest too large for modulus") + if self.signature_algorithm == b'rsa-sha256' or self.signature_algorithm == b'rsa-sha1': + try: + sig2 = RSASSA_PKCS1_v1_5_sign(h, pk) + except DigestTooLargeError: + raise ParameterError("digest too large for modulus") + elif self.signature_algorithm == b'ed25519': + sigobj = pk.sign(h.digest()) + sig2 = sigobj.signature # Folding b= is explicity allowed, but yahoo and live.com are broken #header_value += base64.b64encode(bytes(sig2)) # Instead of leaving unfolded (which lets an MTA fold it later and still @@ -539,7 +581,7 @@ class DomainSigner(object): def verify_sig(self, sig, include_headers, sig_header, dnsfunc): name = sig[b's'] + b"._domainkey." + sig[b'd'] + b"." try: - pk, self.keysize = load_pk_from_dns(name, dnsfunc) + pk, self.keysize, ktag = load_pk_from_dns(name, dnsfunc) except KeyFormatError as e: self.logger.error("%s" % e) return False @@ -584,16 +626,25 @@ class DomainSigner(object): self.signed_headers = hash_headers( h, canon_policy, headers, include_headers, sig_header, sig) self.logger.debug("signed for %s: %r" % (sig_header[0], h.hashed())) - - try: - signature = base64.b64decode(re.sub(br"\s+", b"", sig[b'b'])) - res = RSASSA_PKCS1_v1_5_verify(h, signature, pk) - self.logger.debug("%s valid: %s" % (sig_header[0], res)) - if res and self.keysize < self.minkey: - raise KeyFormatError("public key too small: %d" % self.keysize) - return res - except (TypeError,DigestTooLargeError) as e: - raise KeyFormatError("digest too large for modulus: %s"%e) + signature = base64.b64decode(re.sub(br"\s+", b"", sig[b'b'])) + if ktag == b'rsa': + try: + res = RSASSA_PKCS1_v1_5_verify(h, signature, pk) + self.logger.debug("%s valid: %s" % (sig_header[0], res)) + if res and self.keysize < self.minkey: + raise KeyFormatError("public key too small: %d" % self.keysize) + return res + except (TypeError,DigestTooLargeError) as e: + raise KeyFormatError("digest too large for modulus: %s"%e) + elif ktag == b'ed25519': + try: + pk.verify(h.digest(), signature) + self.logger.debug("%s valid" % (sig_header[0])) + return True + except (nacl.exceptions.BadSignatureError) as e: + return False + else: + raise UnknownKeyTypeError(ktag) #: Hold messages and options during DKIM signing and verification. class DKIM(DomainSigner): @@ -632,12 +683,17 @@ class DKIM(DomainSigner): #: @return: DKIM-Signature header field terminated by '\r\n' #: @raise DKIMException: when the message, include_headers, or key are badly #: formed. - def sign(self, selector, domain, privkey, identity=None, + def sign(self, selector, domain, privkey, signature_algorithm=None, identity=None, canonicalize=(b'relaxed',b'simple'), include_headers=None, length=False): - try: - pk = parse_pem_private_key(privkey) - except UnparsableKeyError as e: - raise KeyFormatError(str(e)) + if signature_algorithm: + self.signature_algorithm = signature_algorithm + if self.signature_algorithm == b'rsa-sha256' or self.signature_algorithm == b'rsa-sha1': + try: + pk = parse_pem_private_key(privkey) + except UnparsableKeyError as e: + raise KeyFormatError(str(e)) + elif self.signature_algorithm == b'ed25519': + pk = nacl.signing.SigningKey(privkey, encoder=nacl.encoding.Base64Encoder) if identity is not None and not identity.endswith(domain): raise ParameterError("identity must end with domain") diff --git a/dkim/crypto.py b/dkim/crypto.py index c46c97a..305a630 100644 --- a/dkim/crypto.py +++ b/dkim/crypto.py @@ -81,6 +81,7 @@ ASN1_RSAPrivateKey = [ HASH_ALGORITHMS = { b'rsa-sha1': hashlib.sha1, b'rsa-sha256': hashlib.sha256, + b'ed25519': hashlib.sha256 } # These values come from RFC 8017, section 9.2 Notes, page 46. diff --git a/dkim/tests/__init__.py b/dkim/tests/__init__.py index 40cb64a..ca65c13 100644 --- a/dkim/tests/__init__.py +++ b/dkim/tests/__init__.py @@ -28,6 +28,7 @@ def test_suite(): test_canonicalization, test_crypto, test_dkim, + test_dkim_ed25519, test_util, test_arc, test_dnsplug, @@ -36,6 +37,7 @@ def test_suite(): test_canonicalization, test_crypto, test_dkim, + test_dkim_ed25519, test_util, test_arc, test_dnsplug, diff --git a/dkim/tests/data/ed25519test.dns b/dkim/tests/data/ed25519test.dns new file mode 100644 index 0000000..8272844 --- /dev/null +++ b/dkim/tests/data/ed25519test.dns @@ -0,0 +1 @@ +k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y= diff --git a/dkim/tests/data/ed25519test.key b/dkim/tests/data/ed25519test.key new file mode 100644 index 0000000..f12a3d1 --- /dev/null +++ b/dkim/tests/data/ed25519test.key @@ -0,0 +1 @@ +fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA= diff --git a/dkim/tests/data/ed25519test.msg b/dkim/tests/data/ed25519test.msg new file mode 100644 index 0000000..82f3c0f --- /dev/null +++ b/dkim/tests/data/ed25519test.msg @@ -0,0 +1,9 @@ +Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=jqd@d1.example; dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass +Received: from localhost +Message-ID: +Date: Mon, 01 Jan 2011 01:02:03 +0400 +From: Test User +To: somebody@example.com +Subject: Testing + +This is a test message. diff --git a/dkim/tests/data/ed25519test.verify.msg b/dkim/tests/data/ed25519test.verify.msg new file mode 100644 index 0000000..7f9a8e5 --- /dev/null +++ b/dkim/tests/data/ed25519test.verify.msg @@ -0,0 +1,16 @@ +DKIM-Signature: v=1; a=ed25519; c=relaxed/simple; d=example.com; + i=@example.com; q=dns/txt; s=test; t=5; h=message-id : + date : from : to : subject : date : from : subject; + bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=; + b=wt7P+9DoBwcln1RKE3LN7069ZEEiSyVE/NH1YXnqnJy4JcrSCZUbeIEh + vXssPHelX4yNSXG9eTGTwwk5NxYqBw== +Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=jqd@d1.example; dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass +Received: from localhost +Message-ID: +Date: Mon, 01 Jan 2011 01:02:03 +0400 +From: Test User +To: somebody@example.com +Subject: Testing + +This is a test message. + diff --git a/dkim/tests/data/ed25519test2.msg b/dkim/tests/data/ed25519test2.msg new file mode 100644 index 0000000..fcbc490 --- /dev/null +++ b/dkim/tests/data/ed25519test2.msg @@ -0,0 +1,11 @@ +DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex + ; s=sed; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; + b=5fhyD3EILDrnL4DnkD4hDaeis7+GSzL9GMHrhIDZJjuJ00WD5iI8SQ1q9rDfzFL/Kdw0VIyB4R + Dq0a4H6HI+Bw==; +Received: from jgh by myhost.test.ex with local (Exim x.yz) + envelope-from ) + 1dtXln-0000YP-Hb + a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100 +From: nobody@example.com + +content diff --git a/dkim/tests/data/ed25519test3.msg b/dkim/tests/data/ed25519test3.msg new file mode 100644 index 0000000..72ab4fc --- /dev/null +++ b/dkim/tests/data/ed25519test3.msg @@ -0,0 +1,16 @@ +DKIM-Signature: v=1; a=ed25519; c=relaxed/simple; d=kitterman.org; + i=@kitterman.org; q=dns/txt; s=ed25519; t=1517819503; + h=message-id : date : from : to : subject : date : from : + subject; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=; + b=79R3A+GEIghZIWWOfAxXUEVI/NhyOCH0QWVhYV2+sN8MPVfPfYQAMRi0 + mlXux2AHLc7yihFV5SJWrsvqm62uCw== +Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=example.com; dmarc=pass +Received: from localhost +Message-ID: +Date: Mon, 01 Jan 2011 01:02:03 +0400 +From: Test User +To: somebody@example.com +Subject: Testing + +This is a test message. + diff --git a/dkim/tests/data/ed25519test3.unsigned.msg b/dkim/tests/data/ed25519test3.unsigned.msg new file mode 100644 index 0000000..99f5c2c --- /dev/null +++ b/dkim/tests/data/ed25519test3.unsigned.msg @@ -0,0 +1,9 @@ +Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=example.com; dmarc=pass +Received: from localhost +Message-ID: +Date: Mon, 01 Jan 2011 01:02:03 +0400 +From: Test User +To: somebody@example.com +Subject: Testing + +This is a test message. diff --git a/dkim/tests/data/eximtest.dns b/dkim/tests/data/eximtest.dns new file mode 100644 index 0000000..ceb1d2a --- /dev/null +++ b/dkim/tests/data/eximtest.dns @@ -0,0 +1 @@ +v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E= diff --git a/dkim/tests/data/test2.private b/dkim/tests/data/test2.private new file mode 100644 index 0000000..3800be0 --- /dev/null +++ b/dkim/tests/data/test2.private @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQi +Y/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqM +KrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB +AoGAH0cxOhFZDgzXWhDhnAJDw5s4roOXN4OhjiXa8W7Y3rhX3FJqmJSPuC8N9vQm +6SVbaLAE4SG5mLMueHlh4KXffEpuLEiNp9Ss3O4YfLiQpbRqE7Tm5SxKjvvQoZZe +zHorimOaChRL2it47iuWxzxSiRMv4c+j70GiWdxXnxe4UoECQQDzJB/0U58W7RZy +6enGVj2kWF732CoWFZWzi1FicudrBFoy63QwcowpoCazKtvZGMNlPWnC7x/6o8Gc +uSe0ga2xAkEA8C7PipPm1/1fTRQvj1o/dDmZp243044ZNyxjg+/OPN0oWCbXIGxy +WvmZbXriOWoSALJTjExEgraHEgnXssuk7QJBALl5ICsYMu6hMxO73gnfNayNgPxd +WFV6Z7ULnKyV7HSVYF0hgYOHjeYe9gaMtiJYoo0zGN+L3AAtNP9huqkWlzECQE1a +licIeVlo1e+qJ6Mgqr0Q7Aa7falZ448ccbSFYEPD6oFxiOl9Y9se9iYHZKKfIcst +o7DUw1/hz2Ck4N5JrgUCQQCyKveNvjzkkd8HjYs0SwM0fPjK16//5qDZ2UiDGnOe +uEzxBDAr518Z8VFbR41in3W4Y3yCDgQlLlcETrS+zYcL +-----END RSA PRIVATE KEY----- diff --git a/dkim/tests/data/test2.txt b/dkim/tests/data/test2.txt new file mode 100644 index 0000000..f8f0230 --- /dev/null +++ b/dkim/tests/data/test2.txt @@ -0,0 +1 @@ +v=DKIM1; g=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB diff --git a/dkim/tests/test_dkim.py b/dkim/tests/test_dkim.py index 5d47647..1c567b0 100644 --- a/dkim/tests/test_dkim.py +++ b/dkim/tests/test_dkim.py @@ -113,7 +113,7 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB""" self.assertTrue(res) def test_implicit_k(self): - # A message verifies after being signed. + # A message verifies after being signed when k= tag is not provided. for header_algo in (b"simple", b"relaxed"): for body_algo in (b"simple", b"relaxed"): sig = dkim.sign( diff --git a/dkim/tests/test_dkim_ed25519.py b/dkim/tests/test_dkim_ed25519.py new file mode 100644 index 0000000..f93f7bb --- /dev/null +++ b/dkim/tests/test_dkim_ed25519.py @@ -0,0 +1,273 @@ +# This software is provided 'as-is', without any express or implied +# warranty. In no event will the author be held liable for any damages +# arising from the use of this software. +# +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute it +# freely, subject to the following restrictions: +# +# 1. The origin of this software must not be misrepresented; you must not +# claim that you wrote the original software. If you use this software +# in a product, an acknowledgment in the product documentation would be +# appreciated but is not required. +# 2. Altered source versions must be plainly marked as such, and must not be +# misrepresented as being the original software. +# 3. This notice may not be removed or altered from any source distribution. +# +# Copyright (c) 2011 William Grant +# Copyright (c) 2017 Scott Kitterman + +import email +import os.path +import unittest +import time + +import dkim + + +def read_test_data(filename): + """Get the content of the given test data file. + + The files live in dkim/tests/data. + """ + path = os.path.join(os.path.dirname(__file__), 'data', filename) + with open(path, 'rb') as f: + return f.read() + + +class TestFold(unittest.TestCase): + + def test_short_line(self): + self.assertEqual( + b"foo", dkim.fold(b"foo")) + + def test_long_line(self): + # The function is terribly broken, not passing even this simple + # test. + self.assertEqual( + b"foo" * 24 + b"\r\n foo", dkim.fold(b"foo" * 25)) + + +class TestSignAndVerify(unittest.TestCase): + """End-to-end signature and verification tests.""" + + def setUp(self): + self.message = read_test_data("ed25519test.msg") + self.message2 = read_test_data("ed25519test2.msg") + self.key = read_test_data("ed25519test.key") + + def dnsfunc(self, domain): + sample_dns = """\ +k=ed25519; \ +p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=""" + + _dns_responses = { + 'example._domainkey.canonical.com.': sample_dns, + 'test._domainkey.example.com.': """v=DKIM1; k=ed25519; \ +p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=""", + '20120113._domainkey.gmail.com.': """k=ed25519; \ +p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=""", + 'sed._domainkey.test.ex.': read_test_data("eximtest.dns") + } + try: + domain = domain.decode('ascii') + except UnicodeDecodeError: + return None + self.assertTrue(domain in _dns_responses,domain) + return _dns_responses[domain] + + def test_verifies(self): + # A message verifies after being signed. + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message, b"test", b"example.com", self.key, + canonicalize=(header_algo, body_algo), signature_algorithm=b'ed25519') + res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc) + self.assertTrue(res) + + def test_simple_signature(self): + # A message verifies after being signed with SHOULD headers + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message, b"test", b"example.com", self.key, + canonicalize=(header_algo, body_algo), + include_headers=(b'from',) + dkim.DKIM.SHOULD, + signature_algorithm=b'ed25519') + res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc) + self.assertTrue(res) + + def test_verify_third_party(self): + # Message signed by prototype Exim implementation + res = dkim.verify(self.message2) + self.assertTrue(res) + + def test_add_body_length(self): + sig = dkim.sign( + self.message, b"test", b"example.com", self.key, length=True, + signature_algorithm=b'ed25519') + msg = email.message_from_string(self.message.decode('utf-8')) + self.assertIn('; l=%s' % len(msg.get_payload() + '\n'), sig.decode('utf-8')) + res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc) + self.assertTrue(res) + + def test_altered_body_fails(self): + # An altered body fails verification. + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message, b"test", b"example.com", self.key, + signature_algorithm=b'ed25519') + res = dkim.verify( + sig + self.message + b"foo", dnsfunc=self.dnsfunc) + self.assertFalse(res) + + def test_badly_encoded_domain_fails(self): + # Domains should be ASCII. Bad ASCII causes verification to fail. + sig = dkim.sign(self.message, b"test", b"example.com\xe9", self.key, + signature_algorithm=b'ed25519') + res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc) + self.assertFalse(res) + + def test_dkim_signature_canonicalization(self): + # + # Relaxed-mode header signing is wrong + # + # Simple-mode signature header verification is wrong + # (should ignore FWS anywhere in signature tag: b=) + sample_msg = b"""\ +From: mbp@canonical.com +To: scottk@example.com +Subject: this is my + test message +""".replace(b'\n', b'\r\n') + + sample_privkey = b"""\ +fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA=\ +""" + + sample_pubkey = """\ +yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=\ +""" + + for header_mode in [dkim.Relaxed, dkim.Simple]: + + dkim_header = dkim.sign(sample_msg, b'example', b'canonical.com', + sample_privkey, canonicalize=(header_mode, dkim.Relaxed), + signature_algorithm=b'ed25519') + # Folding dkim_header affects b= tag only, since dkim.sign folds + # sig_value with empty b= before hashing, and then appends the + # signature. So folding dkim_header again adds FWS to + # the b= tag only. This should be ignored even with + # simple canonicalization. + # http://tools.ietf.org/html/rfc4871#section-3.5 + signed = dkim.fold(dkim_header) + sample_msg + result = dkim.verify(signed,dnsfunc=self.dnsfunc) + self.assertTrue(result) + dkim_header = dkim.fold(dkim_header) + # use a tab for last fold to test tab in FWS bug + pos = dkim_header.rindex(b'\r\n ') + dkim_header = dkim_header[:pos]+b'\r\n\t'+dkim_header[pos+3:] + result = dkim.verify(dkim_header + sample_msg, + dnsfunc=self.dnsfunc) + self.assertTrue(result) + + def test_extra_headers(self): + # + # extra headers above From caused failure + #message = read_test_data("test_extra.message") + message = read_test_data("message.mbox") + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + d = dkim.DKIM(message) + # bug requires a repeated header to manifest + d.should_not_sign.remove(b'received') + sig = d.sign(b"test", b"example.com", self.key, + signature_algorithm=b'ed25519', + include_headers=d.all_sign_headers(), + canonicalize=(header_algo, body_algo)) + dv = dkim.DKIM(sig + message) + res = dv.verify(dnsfunc=self.dnsfunc) + self.assertEquals(d.include_headers,dv.include_headers) + s = dkim.select_headers(d.headers,d.include_headers) + sv = dkim.select_headers(dv.headers,dv.include_headers) + self.assertEquals(s,sv) + self.assertTrue(res) + + def test_multiple_from_fails(self): + # + # additional From header fields should cause verify failure + hfrom = b'From: "Resident Evil" \r\n' + h,b = self.message.split(b'\n\n',1) + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message, b"test", b"example.com", self.key, + signature_algorithm=b'ed25519') + # adding an unknown header still verifies + h1 = h+b'\r\n'+b'X-Foo: bar' + message = b'\n\n'.join((h1,b)) + res = dkim.verify(sig+message, dnsfunc=self.dnsfunc) + self.assertTrue(res) + # adding extra from at end should not verify + h1 = h+b'\r\n'+hfrom.strip() + message = b'\n\n'.join((h1,b)) + res = dkim.verify(sig+message, dnsfunc=self.dnsfunc) + self.assertFalse(res) + # add extra from in front should not verify either + h1 = hfrom+h + message = b'\n\n'.join((h1,b)) + res = dkim.verify(sig+message, dnsfunc=self.dnsfunc) + self.assertFalse(res) + + def test_no_from_fails(self): + # Body From is mandatory to be in the message and mandatory to sign + sigerror = False + sig = '' + message = read_test_data('test_nofrom.message') + selector = 'test' + domain = 'example.com' + identity = None + try: + sig = dkim.sign(message, selector, domain, + read_test_data('ed25519test.key'), identity = identity, + signature_algorithm=b'ed25519') + except dkim.ParameterError as x: + sigerror = True + self.assertTrue(sigerror) + + def test_validate_signature_fields(self): + sig = {b'v': b'1', + b'a': b'ed25519', + b'b': b'K/UUOt8lCtgjp3kSTogqBm9lY1Yax/NwZ+bKm39/WKzo5KYe3L/6RoIA/0oiDX4kO\n \t Qut49HCV6ZUe6dY9V5qWBwLanRs1sCnObaOGMpFfs8tU4TWpDSVXaNZAqn15XVW0WH\n \t EzOzUfVuatpa1kF4voIgSbmZHR1vN3WpRtcTBe/I=', + b'bh': b'n0HUwGCP28PkesXBPH82Kboy8LhNFWU9zUISIpAez7M=', + b'c': b'simple/simple', + b'd': b'kitterman.com', + b'i': b'scott@Kitterman.com', + b'h': b'From:To:Subject:Date:Cc:MIME-Version:Content-Type:\n \t Content-Transfer-Encoding:Message-Id', + b's': b'2007-00', + b't': b'1299525798'} + dkim.validate_signature_fields(sig) + # try new version + sigVer = sig.copy() + sigVer[b'v'] = 2 + self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigVer) + # try with x + sigX = sig.copy() + sigX[b'x'] = b'1399525798' + dkim.validate_signature_fields(sig) + # try with late t + sigX[b't'] = b'1400000000' + self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigX) + # try without t + now = int(time.time()) + sigX[b'x'] = str(now+400000).encode('ascii') + dkim.validate_signature_fields(sigX) + # try when expired a day ago + sigX[b'x'] = str(now - 24*3600).encode('ascii') + self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigX) + +def test_suite(): + from unittest import TestLoader + return TestLoader().loadTestsFromName(__name__) diff --git a/dkimsign.py b/dkimsign.py index b73d0b6..3c38a76 100644 --- a/dkimsign.py +++ b/dkimsign.py @@ -44,7 +44,7 @@ parser.add_argument('--hcanon', choices=['simple', 'relaxed'], parser.add_argument('--bcanon', choices=['simple', 'relaxed'], default='simple', help='Body canonicalization algorithm: default=simple') -parser.add_argument('--signalg', choices=['rsa-sha256', 'rsa-sha1'], +parser.add_argument('--signalg', choices=['rsa-sha256', 'ed25519', 'rsa-sha1'], default='rsa-sha256', help='Signature algorithm: default=rsa-sha256') parser.add_argument('--identity', help='Optional value for i= tag.') diff --git a/dknewkey.py b/dknewkey.py index 162a61e..3192f79 100644 --- a/dknewkey.py +++ b/dknewkey.py @@ -52,12 +52,13 @@ def GenEd25519Keys(private_key_file): Output is unprotected. You should encrypt your keys. """ import nacl.signing # Yes, pep-8, but let's not make everyone install nacl + import nacl.encoding import os skg = nacl.signing.SigningKey(seed=os.urandom(32)) priv_key = skg.generate() print >> sys.stderr, 'generating ' + private_key_file pkf = open(private_key_file, "w+") - print >> pkf, base64.b64encode(bytes(priv_key)) + print >> pkf, priv_key.encode(encoder=nacl.encoding.Base64Encoder) pkf.close() return(priv_key) @@ -81,7 +82,9 @@ def ExtractRSADnsPublicKey(private_key_file, dns_file): def ExtractEd25519PublicKey(private_key_file, dns_file, priv_key): """ Given a ed25519 key, extract the bit we should place in DNS. """ - output = base64.b64encode(bytes(priv_key.verify_key)) + import nacl.encoding # Yes, pep-8, but let's not make everyone install nacl + pubkey = priv_key.verify_key + output = pubkey.encode(encoder=nacl.encoding.Base64Encoder) dns_fp = open(dns_file, "w+") print >> sys.stderr, 'writing ' + dns_file print >> dns_fp, "k=ed25519; p={0}".format(output)