DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update fix for bug 587783 verifying relaxed signatures

Browse Source
This commit is contained in:
Martin Pool
2011-03-15 16:30:16 +11:00
parent 00164b8b5c
commit c646369d66
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog
+5
View File
@@ -1,3 +1,8 @@
Not yet released
- when verifying Relaxed mode signatures, the partial DKIM-Signature
header must be canonicalized before hashing (Martin Pool)
<https://launchpad.net/bugs/587783>
2008-06-25 Version 0.3 2008-06-25 Version 0.3
- length parameter to sign() is now a boolean - length parameter to sign() is now a boolean
dkim/__init__.py
+11 -6
View File
@@ -313,18 +313,23 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple
('bh', bodyhash), ('bh', bodyhash),
('b', ""), ('b', ""),
] if x] ] if x]
sig = "DKIM-Signature: " + "; ".join("%s=%s" % x for x in sigfields)
sig = fold(sig) sig_value = fold("; ".join("%s=%s" % x for x in sigfields))
dkim_header = canonicalize[0].canonicalize_headers([
['DKIM-Signature', ' ' + sig_value]])[0]
# the dkim sig is hashed with no trailing crlf, even if the
# canonicalization algorithm would add one.
if dkim_header[1][-2:] == '\r\n':
dkim_header = (dkim_header[0], dkim_header[1][:-2])
sign_headers.append(dkim_header)
if debuglog is not None: if debuglog is not None:
print >>debuglog, "sign headers:", sign_headers + [("DKIM-Signature", " "+"; ".join("%s=%s" % x for x in sigfields))] print >>debuglog, "sign headers:", sign_headers
h = hashlib.sha256() h = hashlib.sha256()
for x in sign_headers: for x in sign_headers:
h.update(x[0]) h.update(x[0])
h.update(":") h.update(":")
h.update(x[1]) h.update(x[1])
h.update(sig)
d = h.digest() d = h.digest()
if debuglog is not None: if debuglog is not None:
print >>debuglog, "sign digest:", " ".join("%02x" % ord(x) for x in d) print >>debuglog, "sign digest:", " ".join("%02x" % ord(x) for x in d)
@@ -334,9 +339,9 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple
d, HASHID_SHA256, pk['privateExponent'], pk['modulus']) d, HASHID_SHA256, pk['privateExponent'], pk['modulus'])
except DigestTooLargeError: except DigestTooLargeError:
raise ParameterError("digest too large for modulus") raise ParameterError("digest too large for modulus")
sig += base64.b64encode(sig2) sig_value += base64.b64encode(sig2)
return sig + "\r\n" return 'DKIM-Signature: ' + sig_value + "\r\n"
def verify(message, debuglog=None, dnsfunc=dnstxt): def verify(message, debuglog=None, dnsfunc=dnstxt):
"""Verify a DKIM signature on an RFC822 formatted message. """Verify a DKIM signature on an RFC822 formatted message.