Self consistent, but not externally verified ed25519 based on draft-ietf-dcrup-dkim-crypto-08

2018-02-05 03:53:03 -05:00
parent 10e12c60d8
commit 077bf4813c
18 changed files with 447 additions and 32 deletions
@@ -28,6 +28,7 @@ def test_suite():
        test_canonicalization,
        test_crypto,
        test_dkim,
+        test_dkim_ed25519,
        test_util,
        test_arc,
        test_dnsplug,
@@ -36,6 +37,7 @@ def test_suite():
        test_canonicalization,
        test_crypto,
        test_dkim,
+        test_dkim_ed25519,
        test_util,
        test_arc,
        test_dnsplug,
@@ -0,0 +1 @@
+k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=
@@ -0,0 +1 @@
+fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA=
@@ -0,0 +1,9 @@
+Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=jqd@d1.example; dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass
+Received: from localhost
+Message-ID: <example@example.com>
+Date: Mon, 01 Jan 2011 01:02:03 +0400
+From: Test User <test@example.com>
+To: somebody@example.com
+Subject: Testing
+
+This is a test message.
@@ -0,0 +1,16 @@
+DKIM-Signature: v=1; a=ed25519; c=relaxed/simple; d=example.com;
+ i=@example.com; q=dns/txt; s=test; t=5; h=message-id :
+ date : from : to : subject : date : from : subject;
+ bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
+ b=wt7P+9DoBwcln1RKE3LN7069ZEEiSyVE/NH1YXnqnJy4JcrSCZUbeIEh
+ vXssPHelX4yNSXG9eTGTwwk5NxYqBw==
+Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=jqd@d1.example; dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass
+Received: from localhost
+Message-ID: <example@example.com>
+Date: Mon, 01 Jan 2011 01:02:03 +0400
+From: Test User <test@example.com>
+To: somebody@example.com
+Subject: Testing
+
+This is a test message.
+
@@ -0,0 +1,11 @@
+DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex
+        ; s=sed; h=From:To:Subject; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;
+         b=5fhyD3EILDrnL4DnkD4hDaeis7+GSzL9GMHrhIDZJjuJ00WD5iI8SQ1q9rDfzFL/Kdw0VIyB4R
+        Dq0a4H6HI+Bw==;
+Received: from jgh by myhost.test.ex with local (Exim x.yz)
+        envelope-from <jgh@myhost.test.ex>)
+         1dtXln-0000YP-Hb
+         a@test.ex; Sun, 17 Sep 2017 12:29:51 +0100
+From: nobody@example.com
+
+content
@@ -0,0 +1,16 @@
+DKIM-Signature: v=1; a=ed25519; c=relaxed/simple; d=kitterman.org;
+ i=@kitterman.org; q=dns/txt; s=ed25519; t=1517819503;
+ h=message-id : date : from : to : subject : date : from :
+ subject; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
+ b=79R3A+GEIghZIWWOfAxXUEVI/NhyOCH0QWVhYV2+sN8MPVfPfYQAMRi0
+ mlXux2AHLc7yihFV5SJWrsvqm62uCw==
+Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=example.com; dmarc=pass
+Received: from localhost
+Message-ID: <example@example.com>
+Date: Mon, 01 Jan 2011 01:02:03 +0400
+From: Test User <test@example.com>
+To: somebody@example.com
+Subject: Testing
+
+This is a test message.
+
@@ -0,0 +1,9 @@
+Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=example.com; dmarc=pass
+Received: from localhost
+Message-ID: <example@example.com>
+Date: Mon, 01 Jan 2011 01:02:03 +0400
+From: Test User <test@example.com>
+To: somebody@example.com
+Subject: Testing
+
+This is a test message.
@@ -0,0 +1 @@
+v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E=
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQi
+Y/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqM
+KrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB
+AoGAH0cxOhFZDgzXWhDhnAJDw5s4roOXN4OhjiXa8W7Y3rhX3FJqmJSPuC8N9vQm
+6SVbaLAE4SG5mLMueHlh4KXffEpuLEiNp9Ss3O4YfLiQpbRqE7Tm5SxKjvvQoZZe
+zHorimOaChRL2it47iuWxzxSiRMv4c+j70GiWdxXnxe4UoECQQDzJB/0U58W7RZy
+6enGVj2kWF732CoWFZWzi1FicudrBFoy63QwcowpoCazKtvZGMNlPWnC7x/6o8Gc
+uSe0ga2xAkEA8C7PipPm1/1fTRQvj1o/dDmZp243044ZNyxjg+/OPN0oWCbXIGxy
+WvmZbXriOWoSALJTjExEgraHEgnXssuk7QJBALl5ICsYMu6hMxO73gnfNayNgPxd
+WFV6Z7ULnKyV7HSVYF0hgYOHjeYe9gaMtiJYoo0zGN+L3AAtNP9huqkWlzECQE1a
+licIeVlo1e+qJ6Mgqr0Q7Aa7falZ448ccbSFYEPD6oFxiOl9Y9se9iYHZKKfIcst
+o7DUw1/hz2Ck4N5JrgUCQQCyKveNvjzkkd8HjYs0SwM0fPjK16//5qDZ2UiDGnOe
+uEzxBDAr518Z8VFbR41in3W4Y3yCDgQlLlcETrS+zYcL
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1 @@
+v=DKIM1; g=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB
@@ -113,7 +113,7 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"""
                self.assertTrue(res)

    def test_implicit_k(self):
-        # A message verifies after being signed.
+        # A message verifies after being signed when k= tag is not provided.
        for header_algo in (b"simple", b"relaxed"):
            for body_algo in (b"simple", b"relaxed"):
                sig = dkim.sign(
@@ -0,0 +1,273 @@
+# This software is provided 'as-is', without any express or implied
+# warranty.  In no event will the author be held liable for any damages
+# arising from the use of this software.
+#
+# Permission is granted to anyone to use this software for any purpose,
+# including commercial applications, and to alter it and redistribute it
+# freely, subject to the following restrictions:
+#
+# 1. The origin of this software must not be misrepresented; you must not
+#    claim that you wrote the original software. If you use this software
+#    in a product, an acknowledgment in the product documentation would be
+#    appreciated but is not required.
+# 2. Altered source versions must be plainly marked as such, and must not be
+#    misrepresented as being the original software.
+# 3. This notice may not be removed or altered from any source distribution.
+#
+# Copyright (c) 2011 William Grant <me@williamgrant.id.au>
+# Copyright (c) 2017 Scott Kitterman <scott@kitterman.com>
+
+import email
+import os.path
+import unittest
+import time
+
+import dkim
+
+
+def read_test_data(filename):
+    """Get the content of the given test data file.
+
+    The files live in dkim/tests/data.
+    """
+    path = os.path.join(os.path.dirname(__file__), 'data', filename)
+    with open(path, 'rb') as f:
+        return f.read()
+
+
+class TestFold(unittest.TestCase):
+
+    def test_short_line(self):
+        self.assertEqual(
+            b"foo", dkim.fold(b"foo"))
+
+    def test_long_line(self):
+        # The function is terribly broken, not passing even this simple
+        # test.
+        self.assertEqual(
+            b"foo" * 24 + b"\r\n foo", dkim.fold(b"foo" * 25))
+
+
+class TestSignAndVerify(unittest.TestCase):
+    """End-to-end signature and verification tests."""
+
+    def setUp(self):
+        self.message = read_test_data("ed25519test.msg")
+        self.message2 = read_test_data("ed25519test2.msg")
+        self.key = read_test_data("ed25519test.key")
+
+    def dnsfunc(self, domain):
+        sample_dns = """\
+k=ed25519; \
+p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y="""
+
+        _dns_responses = {
+          'example._domainkey.canonical.com.': sample_dns,
+          'test._domainkey.example.com.': """v=DKIM1; k=ed25519; \
+p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=""",
+          '20120113._domainkey.gmail.com.': """k=ed25519; \
+p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=""",
+          'sed._domainkey.test.ex.': read_test_data("eximtest.dns")
+        }
+        try:
+            domain = domain.decode('ascii')
+        except UnicodeDecodeError:
+            return None
+        self.assertTrue(domain in _dns_responses,domain)
+        return _dns_responses[domain]
+
+    def test_verifies(self):
+        # A message verifies after being signed.
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message, b"test", b"example.com", self.key,
+                    canonicalize=(header_algo, body_algo), signature_algorithm=b'ed25519')
+                res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
+                self.assertTrue(res)
+
+    def test_simple_signature(self):
+        # A message verifies after being signed with SHOULD headers
+        for header_algo in (b"simple", b"relaxed"):
+             for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message, b"test", b"example.com", self.key,
+                    canonicalize=(header_algo, body_algo),
+                    include_headers=(b'from',) + dkim.DKIM.SHOULD,
+                    signature_algorithm=b'ed25519')
+                res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
+                self.assertTrue(res)
+
+    def test_verify_third_party(self):
+        # Message signed by prototype Exim implementation
+        res = dkim.verify(self.message2)
+        self.assertTrue(res)
+
+    def test_add_body_length(self):
+        sig = dkim.sign(
+            self.message, b"test", b"example.com", self.key, length=True,
+                signature_algorithm=b'ed25519')
+        msg = email.message_from_string(self.message.decode('utf-8'))
+        self.assertIn('; l=%s' % len(msg.get_payload() + '\n'), sig.decode('utf-8'))
+        res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
+        self.assertTrue(res)
+
+    def test_altered_body_fails(self):
+        # An altered body fails verification.
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message, b"test", b"example.com", self.key,
+                    signature_algorithm=b'ed25519')
+                res = dkim.verify(
+                    sig + self.message + b"foo", dnsfunc=self.dnsfunc)
+                self.assertFalse(res)
+
+    def test_badly_encoded_domain_fails(self):
+        # Domains should be ASCII. Bad ASCII causes verification to fail.
+        sig = dkim.sign(self.message, b"test", b"example.com\xe9", self.key,
+            signature_algorithm=b'ed25519')
+        res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
+        self.assertFalse(res)
+
+    def test_dkim_signature_canonicalization(self):
+      # <https://bugs.launchpad.net/ubuntu/+source/pydkim/+bug/587783>
+      # Relaxed-mode header signing is wrong
+      # <https://bugs.launchpad.net/dkimpy/+bug/939128>
+      # Simple-mode signature header verification is wrong
+      # (should ignore FWS anywhere in signature tag: b=)
+      sample_msg = b"""\
+From: mbp@canonical.com
+To: scottk@example.com
+Subject: this is my
+    test message
+""".replace(b'\n', b'\r\n')
+
+      sample_privkey = b"""\
+fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA=\
+"""
+
+      sample_pubkey = """\
+yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=\
+"""
+
+      for header_mode in [dkim.Relaxed, dkim.Simple]:
+
+        dkim_header = dkim.sign(sample_msg, b'example', b'canonical.com',
+            sample_privkey, canonicalize=(header_mode, dkim.Relaxed),
+            signature_algorithm=b'ed25519')
+        # Folding dkim_header affects b= tag only, since dkim.sign folds
+        # sig_value with empty b= before hashing, and then appends the
+        # signature.  So folding dkim_header again adds FWS to
+        # the b= tag only.  This should be ignored even with
+        # simple canonicalization.
+        # http://tools.ietf.org/html/rfc4871#section-3.5
+        signed = dkim.fold(dkim_header) + sample_msg
+        result = dkim.verify(signed,dnsfunc=self.dnsfunc)
+        self.assertTrue(result)
+        dkim_header = dkim.fold(dkim_header)
+        # use a tab for last fold to test tab in FWS bug
+        pos = dkim_header.rindex(b'\r\n ')
+        dkim_header = dkim_header[:pos]+b'\r\n\t'+dkim_header[pos+3:]
+        result = dkim.verify(dkim_header + sample_msg,
+                dnsfunc=self.dnsfunc)
+        self.assertTrue(result)
+
+    def test_extra_headers(self):
+        # <https://bugs.launchpad.net/dkimpy/+bug/737311>
+        # extra headers above From caused failure
+        #message = read_test_data("test_extra.message")
+        message = read_test_data("message.mbox")
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                d = dkim.DKIM(message)
+                # bug requires a repeated header to manifest
+                d.should_not_sign.remove(b'received')
+                sig = d.sign(b"test", b"example.com", self.key,
+                    signature_algorithm=b'ed25519',
+                    include_headers=d.all_sign_headers(),
+                    canonicalize=(header_algo, body_algo))
+                dv = dkim.DKIM(sig + message)
+                res = dv.verify(dnsfunc=self.dnsfunc)
+                self.assertEquals(d.include_headers,dv.include_headers)
+                s = dkim.select_headers(d.headers,d.include_headers)
+                sv = dkim.select_headers(dv.headers,dv.include_headers)
+                self.assertEquals(s,sv)
+                self.assertTrue(res)
+
+    def test_multiple_from_fails(self):
+        # <https://bugs.launchpad.net/dkimpy/+bug/644046>
+        # additional From header fields should cause verify failure
+        hfrom = b'From: "Resident Evil" <sales@spammer.com>\r\n'
+        h,b = self.message.split(b'\n\n',1)
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message, b"test", b"example.com", self.key,
+                    signature_algorithm=b'ed25519')
+                # adding an unknown header still verifies
+                h1 = h+b'\r\n'+b'X-Foo: bar'
+                message = b'\n\n'.join((h1,b))
+                res = dkim.verify(sig+message, dnsfunc=self.dnsfunc)
+                self.assertTrue(res)
+                # adding extra from at end should not verify
+                h1 = h+b'\r\n'+hfrom.strip()
+                message = b'\n\n'.join((h1,b))
+                res = dkim.verify(sig+message, dnsfunc=self.dnsfunc)
+                self.assertFalse(res)
+                # add extra from in front should not verify either
+                h1 = hfrom+h
+                message = b'\n\n'.join((h1,b))
+                res = dkim.verify(sig+message, dnsfunc=self.dnsfunc)
+                self.assertFalse(res)
+
+    def test_no_from_fails(self):
+        # Body From is mandatory to be in the message and mandatory to sign
+        sigerror = False
+        sig = ''
+        message = read_test_data('test_nofrom.message')
+        selector = 'test'
+        domain = 'example.com'
+        identity = None
+        try:
+            sig = dkim.sign(message, selector, domain,
+                read_test_data('ed25519test.key'), identity = identity,
+                signature_algorithm=b'ed25519')
+        except dkim.ParameterError as x:
+            sigerror = True
+        self.assertTrue(sigerror)
+
+    def test_validate_signature_fields(self):
+      sig = {b'v': b'1',
+      b'a': b'ed25519',
+      b'b': b'K/UUOt8lCtgjp3kSTogqBm9lY1Yax/NwZ+bKm39/WKzo5KYe3L/6RoIA/0oiDX4kO\n \t Qut49HCV6ZUe6dY9V5qWBwLanRs1sCnObaOGMpFfs8tU4TWpDSVXaNZAqn15XVW0WH\n \t EzOzUfVuatpa1kF4voIgSbmZHR1vN3WpRtcTBe/I=',
+      b'bh': b'n0HUwGCP28PkesXBPH82Kboy8LhNFWU9zUISIpAez7M=',
+      b'c': b'simple/simple',
+      b'd': b'kitterman.com',
+      b'i': b'scott@Kitterman.com',
+      b'h': b'From:To:Subject:Date:Cc:MIME-Version:Content-Type:\n \t Content-Transfer-Encoding:Message-Id',
+      b's': b'2007-00',
+      b't': b'1299525798'}
+      dkim.validate_signature_fields(sig)
+      # try new version
+      sigVer = sig.copy()
+      sigVer[b'v'] = 2
+      self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigVer)
+      # try with x
+      sigX = sig.copy()
+      sigX[b'x'] = b'1399525798'
+      dkim.validate_signature_fields(sig)
+      # try with late t
+      sigX[b't'] = b'1400000000'
+      self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigX)
+      # try without t
+      now = int(time.time())
+      sigX[b'x'] = str(now+400000).encode('ascii')
+      dkim.validate_signature_fields(sigX)
+      # try when expired a day ago
+      sigX[b'x'] = str(now - 24*3600).encode('ascii')
+      self.assertRaises(dkim.ValidationError, dkim.validate_signature_fields, sigX)
+
+def test_suite():
+    from unittest import TestLoader
+    return TestLoader().loadTestsFromName(__name__)
				`@@ -0,0 +1 @@`
				`k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=`
				`@@ -0,0 +1 @@`
				`fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA=`
				`@@ -0,0 +1 @@`
				`v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E=`
				`@@ -0,0 +1 @@`
				`v=DKIM1; g=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB`