Update tests so that both RSA and Ed25519 verifying test verifying dual signed message.

2018-06-02 01:19:24 -04:00
parent a911d5eac5
commit 3a68a64836
2 changed files with 58 additions and 7 deletions
@@ -1,10 +1,18 @@
-DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; 
- d=football.example.com; i=@football.example.com; 
- q=dns/txt; s=brisbane; t=1518460054; h=from : to : 
- subject : date : message-id : from : subject : date; 
- bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; 
- b=9/dsDChY0YMTtD5Eyw3wx7x22BlSJP7M5ECbJ7GWrR45nXlTCGb8l0YB
- o0wBLR++X5LqmsxXaOYLLJe46l10AQ==
+DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; 
+ d=football.example.com; i=@football.example.com; 
+ q=dns/txt; s=brisbane; t=1518460054; h=from : to : 
+ subject : date : message-id : from : subject : date; 
+ bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; 
+ b=9/dsDChY0YMTtD5Eyw3wx7x22BlSJP7M5ECbJ7GWrR45nXlTCGb8l0YB
+ o0wBLR++X5LqmsxXaOYLLJe46l10AQ==
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; 
+ d=football.example.com; i=@football.example.com; 
+ q=dns/txt; s=test; t=1527915362; h=from : to : subject : 
+ date : message-id : from : subject : date; 
+ bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; 
+ b=icKcLSEZYXJ95flvWE8FT6hl5iqd8MC/LEKYH0QjsqYy6MO/4pgVNCZH
+ l/RAXAuADxE/40Fg7uTlxwwD1hjN2Ple6J//cJfslBdDOq6zTVbne1dqtl
+ NOat7iamJ1AfRqyG+ja7a2AZsrpUuJ7VA6O+0zRYPqpwMEkEFIzI9i/Xk=
 From: Joe SixPack <joe@football.example.com>
 To: Suzie Q <suzie@shopping.example.net>
 Subject: Is dinner ready?
@@ -52,7 +52,10 @@ class TestSignAndVerify(unittest.TestCase):

    def setUp(self):
        self.message = read_test_data("test.message")
+        self.message3 = read_test_data("rfc6376.msg")
+        self.message4 = read_test_data("rfc6376.signed.msg")
        self.key = read_test_data("test.private")
+        self.rfckey = read_test_data("rfc8032_7_1.key")

    def dnsfunc(self, domain):
        sample_dns = """\
@@ -150,6 +153,25 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"""
        self.assertTrue(domain in _dns_responses,domain)
        return _dns_responses[domain]

+    def dnsfunc5(self, domain):
+        sample_dns = """\
+k=rsa; \
+p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmBe10IgY+u7h3enWTukkqtUD5PR52T\
+b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ=="""
+
+        _dns_responses = {
+          'example._domainkey.canonical.com.': sample_dns,
+          'test._domainkey.football.example.com.': read_test_data("test.txt"),
+          'brisbane._domainkey.football.example.com.': """v=DKIM1; k=ed25519; \
+p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="""
+        }
+        try:
+            domain = domain.decode('ascii')
+        except UnicodeDecodeError:
+            return None
+        self.assertTrue(domain in _dns_responses,domain)
+        return _dns_responses[domain]
+
    def test_verifies(self):
        # A message verifies after being signed.
        for header_algo in (b"simple", b"relaxed"):
@@ -160,6 +182,27 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"""
                res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
                self.assertTrue(res)

+    def test_double_verifies(self):
+        # A message also containing a ed25519 signature verifies after being signed with rsa.
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message3, b"test", b"football.example.com", self.key,
+                    canonicalize=(header_algo, body_algo), signature_algorithm=b'rsa-sha256')
+                res = dkim.verify(sig + self.message3, dnsfunc=self.dnsfunc5)
+                self.assertTrue(res)
+
+    def test_double_previous_verifies(self):
+        # A message previously signed using both rsa and ed25519 verifies after being signed.
+        for header_algo in (b"simple", b"relaxed"):
+            for body_algo in (b"simple", b"relaxed"):
+                sig = dkim.sign(
+                    self.message3, b"test", b"football.example.com", self.key,
+                    canonicalize=(header_algo, body_algo), signature_algorithm=b'rsa-sha256')
+                d = dkim.DKIM(self.message4)
+                res = d.verify(dnsfunc=self.dnsfunc5)
+                self.assertTrue(res)
+
    def test_implicit_k(self):
        # A message verifies after being signed when k= tag is not provided.
        for header_algo in (b"simple", b"relaxed"):