git » chasquid » disable-domaininfo-incoming » tree

[disable-domaininfo-incoming] / cmd / chasquid-util / test_dkim.cmy

# Test dkim-dns subcommand with keys pre-generated by openssl, to validate
# interoperability.
c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_ed25519.pem
c <- sel123._domainkey.example.com	TXT	"v=DKIM1; k=ed25519; p=QXNdsDCVOrViGMRh4BIE/IgUCcBEwio3kpJ3e0GAipw="
c wait 0

c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_rsa.pem
c <- sel123._domainkey.example.com	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieZWhl7dnxHGyucZS2+dyExPQytj/aY46RXJ4yT3zWY8gh5YkVZ2L1x++7XMzzSg/5FR5bkKYV9Xa+jO6YlhriYKo3ttWSmxU0hDKbG7dpD9Tr7tjCcmKqE1IXetl6DXlQl7LRdmkeIND4gtf9A1zOPLR3/+kvsu1u2cUsEFVs36FqbTe4BYLn2RQlT4IQocT5eVEvoHc5apKuTOKBYThhWRaSZG9YXvsdd1UjngR2Xmizu5e/hj2f3W+9rmRRy1ukmUryuMUHMae2V27Wy1vrHiYoMUA1kQJY+HTG5kMkuatxNui9yjmdqrQUvCIU2Fa5jxJYQTLIz4U0/z4tStRwIDAQAB"
c wait 0

# Generate our own keys, and then check we can parse them with dkim-dns.
# Do this once per algorithm (including the default).

# Default algorithm.
c = ./chasquid-util dkim-keygen example.com selDef .keys/test_def.pem
c <- Key written to ".keys/test_def.pem"
c <-
c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
c wait 0

c = ./chasquid-util dkim-dns example.com selDef .keys/test_def.pem
c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
c wait 0

# RSA 3072.
c = ./chasquid-util dkim-keygen example.com selRSA3 .keys/test_rsa3.pem --algo=rsa3072
c <- Key written to ".keys/test_rsa3.pem"
c <-
c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
c wait 0

c = ./chasquid-util dkim-dns example.com selRSA3 .keys/test_rsa3.pem
c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
c wait 0

# RSA 4096.
c = ./chasquid-util dkim-keygen example.com selRSA4 .keys/test_rsa4.pem --algo=rsa4096
c <- Key written to ".keys/test_rsa4.pem"
c <-
c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*"
c wait 0

c = ./chasquid-util dkim-dns example.com selRSA4 .keys/test_rsa4.pem
c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*"
c wait 0

# Ed25519.
c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519
c <- Key written to ".keys/test_ed25519.pem"
c <-
c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
c wait 0

c = ./chasquid-util dkim-dns example.com selED25519 .keys/test_ed25519.pem
c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
c wait 0

# Refuse to overwrite a key file.
c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519
c <- Error: key already exists at ".keys/test_ed25519.pem"
c wait 1

# Automatically decide on the selector and key path.
c = ./chasquid-util -C=.config dkim-keygen domain --algo=ed25519
c <~ Key written to ".config/domains/domain/dkim:[0-9]{8}.pem"
c <-
c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
c wait 0

# Custom selector, but automatic key path
c = ./chasquid-util -C=.config dkim-keygen domain sel1 --algo=ed25519
c <~ Key written to ".config/domains/domain/dkim:sel1.pem"
c <-
c <~ sel1._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
c wait 0

# Missing parameters.
c = ./chasquid-util -C=.config dkim-keygen
c <- Error: missing domain parameter
c wait 1

# Unsupported algorithm
c = ./chasquid-util -C=.config dkim-keygen domain s k.pem --algo=xxx666
c <- Error: unsupported algorithm "xxx666"
c wait 1

# Automatically find selector and key path.
c = ./chasquid-util -C=.config dkim-dns domain
c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
c wait 0

# Require at least a domain.
c = ./chasquid-util -C=.config dkim-dns
c <- Error: missing domain parameter
c wait 1

# Error reading key.
c = ./chasquid-util -C=.config dkim-dns domain unknownsel badkey.pem
c <- Error reading private key from "badkey.pem": open badkey.pem: no such file or directory
c wait 1

# No DKIM keys found.
c = ./chasquid-util -C=.config dkim-dns unkdomain
c <- No DKIM keys found in ".config/domains/unkdomain/dkim:*.pem"
c wait 1

# DKIM signing, with various forms.
c = ./chasquid-util -C=.config dkim-sign domain
c -> From: user-a@srv-a
c ->
c -> A little tiny message.
c close
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
c <~ \td=domain; s=\d+; t=\d+;
c <~ \th=from:from:subject:date:to:cc:message-id;
c <~ \tbh=.*;
c <~ \tb=.*
c <~ \t  .*;
c wait 0

c = ./chasquid-util -C=.config dkim-sign domain sel1
c -> From: user-a@srv-a
c ->
c -> A little tiny message.
c close
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
c wait 0

c = ./chasquid-util -C=.config dkim-sign domain selED25519 .keys/test_ed25519.pem
c -> From: user-a@srv-a
c ->
c -> A little tiny message.
c close
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
c wait 0

c = ./chasquid-util -C=.config dkim-sign
c -> From: user-a@domain
c ->
c -> A little tiny message.
c close
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
c wait 0

# Bad message for dkim-sign.
c = ./chasquid-util -C=.config dkim-sign
c -> Invalid message.
c close
c <- Error parsing message: malformed header line: Invalid message.
c wait 1

c = ./chasquid-util -C=.config dkim-sign
c -> From: <not a good address>
c ->
c -> A little tiny message.
c close
c <- Error parsing From: header: mail: missing @ in addr-spec
c wait 1

# DKIM verification.
# Just check that the attempt was made.
c = ./chasquid-util -C=.config dkim-verify
c -> From: user-a@srv-a
c ->
c -> A little tiny message.
c close
c <~ Authentication-Results: .*
c <~ \t;dkim=none
c wait 0

# Tracing. Just check that there's some output, we don't need byte-for-byte
# verification as the contents are not expected to be stable.
c = ./chasquid-util -C=.config dkim-sign -v
c -> From: user-a@domain
c ->
c -> A little tiny message.
c close
c <~ Signing for domain / \d+ with ed25519-sha256
c wait 0

c = ./chasquid-util -C=.config dkim-verify -v
c -> From: user-a@srv-a
c ->
c -> A little tiny message.
c close
c <- Found 0 signatures, 0 valid
c <~ Authentication-Results: .*
c <~ \t;dkim=none
c wait 0