DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Updates for experimental ARC support:

Browse Source 
- Limit to rsa-sha256, rsa-sha1 not used by ARC and multi-signature
        design TBD
This commit is contained in:
Scott Kitterman
2018-10-30 08:13:06 -04:00
parent 3aaa7e2ab5
commit cd0ebc1ecb
3 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog
+3
View File
@@ -1,4 +1,7 @@
UNRELEASED Version 0.8.2 UNRELEASED Version 0.8.2
- Updates for experimental ARC support:
- Limit to rsa-sha256, rsa-sha1 not used by ARC and multi-signature
design TBD
- Fix DNS lookups to be compatible with EAI addresses in domains and - Fix DNS lookups to be compatible with EAI addresses in domains and
selectors (John Levine) selectors (John Levine)
- Add type Hinting for sign and verify functions (LP: #1782596) - Add type Hinting for sign and verify functions (LP: #1782596)
dkim/__init__.py
+7 -2
View File
@@ -60,6 +60,7 @@ from dkim.canonicalization import Relaxed as RelaxedCanonicalization
from dkim.crypto import ( from dkim.crypto import (
DigestTooLargeError, DigestTooLargeError,
HASH_ALGORITHMS, HASH_ALGORITHMS,
ARC_HASH_ALGORITHMS,
parse_pem_private_key, parse_pem_private_key,
parse_public_key, parse_public_key,
RSASSA_PKCS1_v1_5_sign, RSASSA_PKCS1_v1_5_sign,
@@ -251,11 +252,15 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'
@param mandatory_fields: A list of non-optional fields @param mandatory_fields: A list of non-optional fields
@param arc: flag to differentiate between dkim & arc @param arc: flag to differentiate between dkim & arc
""" """
if arc:
hashes = ARC_HASH_ALGORITHMS
else:
hashes = HASH_ALGORITHMS
for field in mandatory_fields: for field in mandatory_fields:
if field not in sig: if field not in sig:
raise ValidationError("missing %s=" % field) raise ValidationError("missing %s=" % field)
if b'a' in sig and not sig[b'a'] in HASH_ALGORITHMS: if b'a' in sig and not sig[b'a'] in hashes:
raise ValidationError("unknown signature algorithm: %s" % sig[b'a']) raise ValidationError("unknown signature algorithm: %s" % sig[b'a'])
if b'b' in sig: if b'b' in sig:
@@ -1242,7 +1247,7 @@ def arc_sign(message, selector, domain, privkey,
@raise DKIMException: when the message, include_headers, or key are badly formed. @raise DKIMException: when the message, include_headers, or key are badly formed.
""" """
a = ARC(message,logger=logger,signature_algorithm=signature_algorithm) a = ARC(message,logger=logger,signature_algorithm=b'rsa-sha256')
if not include_headers: if not include_headers:
include_headers = a.default_sign_headers() include_headers = a.default_sign_headers()
return a.sign(selector, domain, privkey, srv_id, include_headers=include_headers, return a.sign(selector, domain, privkey, srv_id, include_headers=include_headers,
dkim/crypto.py
+5
View File
@@ -23,6 +23,7 @@
__all__ = [ __all__ = [
'DigestTooLargeError', 'DigestTooLargeError',
'HASH_ALGORITHMS', 'HASH_ALGORITHMS',
'ARC_HASH_ALGORITHMS',
'parse_pem_private_key', 'parse_pem_private_key',
'parse_private_key', 'parse_private_key',
'parse_public_key', 'parse_public_key',
@@ -85,6 +86,10 @@ HASH_ALGORITHMS = {
b'ed25519-sha256': hashlib.sha256 b'ed25519-sha256': hashlib.sha256
} }
ARC_HASH_ALGORITHMS = {
b'rsa-sha256': hashlib.sha256,
}
# These values come from RFC 8017, section 9.2 Notes, page 46. # These values come from RFC 8017, section 9.2 Notes, page 46.
HASH_ID_MAP = { HASH_ID_MAP = {
'sha1': b"\x2b\x0e\x03\x02\x1a", 'sha1': b"\x2b\x0e\x03\x02\x1a",