Test case for FWS in b= tag not ignored on verify.
This commit is contained in:
Stuart D. Gathman
@@ -455,6 +455,8 @@ class DKIM(object):
|
|||||||
sig2 = RSASSA_PKCS1_v1_5_sign(h, pk)
|
sig2 = RSASSA_PKCS1_v1_5_sign(h, pk)
|
||||||
except DigestTooLargeError:
|
except DigestTooLargeError:
|
||||||
raise ParameterError("digest too large for modulus")
|
raise ParameterError("digest too large for modulus")
|
||||||
|
# Folding b= is explicity allowed, but yahoo and live.com are broken
|
||||||
|
#sig_value = fold(sig_value + base64.b64encode(bytes(sig2)))
|
||||||
sig_value += base64.b64encode(bytes(sig2))
|
sig_value += base64.b64encode(bytes(sig2))
|
||||||
|
|
||||||
self.domain = domain
|
self.domain = domain
|
||||||
|
|||||||
+11
-3
@@ -86,9 +86,12 @@ class TestSignAndVerify(unittest.TestCase):
|
|||||||
res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
|
res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
|
||||||
self.assertFalse(res)
|
self.assertFalse(res)
|
||||||
|
|
||||||
def test_dkim_dignature_canonicalization(self):
|
def test_dkim_signature_canonicalization(self):
|
||||||
# <https://bugs.launchpad.net/ubuntu/+source/pydkim/+bug/587783>
|
# <https://bugs.launchpad.net/ubuntu/+source/pydkim/+bug/587783>
|
||||||
# Relaxed-mode header signing is wrong
|
# Relaxed-mode header signing is wrong
|
||||||
|
# <https://bugs.launchpad.net/dkimpy/+bug/939128>
|
||||||
|
# Simple-mode signature header verification is wrong
|
||||||
|
# (should ignore FWS anywhere in signature tag: b=)
|
||||||
sample_msg = """\
|
sample_msg = """\
|
||||||
From: mbp@canonical.com
|
From: mbp@canonical.com
|
||||||
To: scottk@example.com
|
To: scottk@example.com
|
||||||
@@ -125,8 +128,13 @@ b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ=="""
|
|||||||
|
|
||||||
dkim_header = dkim.sign(sample_msg, 'example', 'canonical.com',
|
dkim_header = dkim.sign(sample_msg, 'example', 'canonical.com',
|
||||||
sample_privkey, canonicalize=(header_mode, dkim.Relaxed))
|
sample_privkey, canonicalize=(header_mode, dkim.Relaxed))
|
||||||
signed = dkim_header + sample_msg
|
# Folding dkim_header affects b= tag only, since dkim.sign folds
|
||||||
|
# sig_value with empty b= before hashing, and then appends the
|
||||||
|
# signature. So folding dkim_header again adds FWS to
|
||||||
|
# the b= tag only. This should be ignored even with
|
||||||
|
# simple canonicalization.
|
||||||
|
# http://tools.ietf.org/html/rfc4871#section-3.5
|
||||||
|
signed = dkim.fold(dkim_header) + sample_msg
|
||||||
result = dkim.verify(signed,dnsfunc=lambda x: _dns_responses[x])
|
result = dkim.verify(signed,dnsfunc=lambda x: _dns_responses[x])
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
|
||||||
|
|||||||
@@ -48,6 +48,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
- Fix sha1 hash, Bug #969206
|
- Fix sha1 hash, Bug #969206
|
||||||
- Fix NoAnswer exception using dnspython
|
- Fix NoAnswer exception using dnspython
|
||||||
- Fix typos reporting ValidationError and DKIMException
|
- Fix typos reporting ValidationError and DKIMException
|
||||||
|
- Change default canonicalization to relaxed/simple to work around Bug #939128
|
||||||
|
|
||||||
* Fri Feb 03 2012 Stuart Gathman <stuart@bmsi.com> 0.5.1-1
|
* Fri Feb 03 2012 Stuart Gathman <stuart@bmsi.com> 0.5.1-1
|
||||||
- performance patch from https://launchpad.net/~petri Petri Lehtinen
|
- performance patch from https://launchpad.net/~petri Petri Lehtinen
|
||||||
|
|||||||
Reference in New Issue
Block a user