diff --git a/dkim/tests/data/rfc6376.signed.msg b/dkim/tests/data/rfc6376.signed.msg index 6a438a2..5653ceb 100644 --- a/dkim/tests/data/rfc6376.signed.msg +++ b/dkim/tests/data/rfc6376.signed.msg @@ -1,10 +1,18 @@ -DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; - d=football.example.com; i=@football.example.com; - q=dns/txt; s=brisbane; t=1518460054; h=from : to : - subject : date : message-id : from : subject : date; - bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; - b=9/dsDChY0YMTtD5Eyw3wx7x22BlSJP7M5ECbJ7GWrR45nXlTCGb8l0YB - o0wBLR++X5LqmsxXaOYLLJe46l10AQ== +DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; + d=football.example.com; i=@football.example.com; + q=dns/txt; s=brisbane; t=1518460054; h=from : to : + subject : date : message-id : from : subject : date; + bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; + b=9/dsDChY0YMTtD5Eyw3wx7x22BlSJP7M5ECbJ7GWrR45nXlTCGb8l0YB + o0wBLR++X5LqmsxXaOYLLJe46l10AQ== +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; + d=football.example.com; i=@football.example.com; + q=dns/txt; s=test; t=1527915362; h=from : to : subject : + date : message-id : from : subject : date; + bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; + b=icKcLSEZYXJ95flvWE8FT6hl5iqd8MC/LEKYH0QjsqYy6MO/4pgVNCZH + l/RAXAuADxE/40Fg7uTlxwwD1hjN2Ple6J//cJfslBdDOq6zTVbne1dqtl + NOat7iamJ1AfRqyG+ja7a2AZsrpUuJ7VA6O+0zRYPqpwMEkEFIzI9i/Xk= From: Joe SixPack To: Suzie Q Subject: Is dinner ready? diff --git a/dkim/tests/test_dkim.py b/dkim/tests/test_dkim.py index c476daf..2d9a59d 100644 --- a/dkim/tests/test_dkim.py +++ b/dkim/tests/test_dkim.py @@ -52,7 +52,10 @@ class TestSignAndVerify(unittest.TestCase): def setUp(self): self.message = read_test_data("test.message") + self.message3 = read_test_data("rfc6376.msg") + self.message4 = read_test_data("rfc6376.signed.msg") self.key = read_test_data("test.private") + self.rfckey = read_test_data("rfc8032_7_1.key") def dnsfunc(self, domain): sample_dns = """\ @@ -150,6 +153,25 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB""" self.assertTrue(domain in _dns_responses,domain) return _dns_responses[domain] + def dnsfunc5(self, domain): + sample_dns = """\ +k=rsa; \ +p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmBe10IgY+u7h3enWTukkqtUD5PR52T\ +b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ==""" + + _dns_responses = { + 'example._domainkey.canonical.com.': sample_dns, + 'test._domainkey.football.example.com.': read_test_data("test.txt"), + 'brisbane._domainkey.football.example.com.': """v=DKIM1; k=ed25519; \ +p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=""" + } + try: + domain = domain.decode('ascii') + except UnicodeDecodeError: + return None + self.assertTrue(domain in _dns_responses,domain) + return _dns_responses[domain] + def test_verifies(self): # A message verifies after being signed. for header_algo in (b"simple", b"relaxed"): @@ -160,6 +182,27 @@ Y+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB""" res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc) self.assertTrue(res) + def test_double_verifies(self): + # A message also containing a ed25519 signature verifies after being signed with rsa. + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message3, b"test", b"football.example.com", self.key, + canonicalize=(header_algo, body_algo), signature_algorithm=b'rsa-sha256') + res = dkim.verify(sig + self.message3, dnsfunc=self.dnsfunc5) + self.assertTrue(res) + + def test_double_previous_verifies(self): + # A message previously signed using both rsa and ed25519 verifies after being signed. + for header_algo in (b"simple", b"relaxed"): + for body_algo in (b"simple", b"relaxed"): + sig = dkim.sign( + self.message3, b"test", b"football.example.com", self.key, + canonicalize=(header_algo, body_algo), signature_algorithm=b'rsa-sha256') + d = dkim.DKIM(self.message4) + res = d.verify(dnsfunc=self.dnsfunc5) + self.assertTrue(res) + def test_implicit_k(self): # A message verifies after being signed when k= tag is not provided. for header_algo in (b"simple", b"relaxed"):