| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2024-03-09 21:58:55 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2024-03-12 20:43:21 UTC |
| parent | 8abed11edeb068eacd134488322c56bb2d0b56e6 |
| cmd/chasquid-util/dkim.go | +7 | -0 |
| test/t-21-dkim/from_B_to_A.expected | +7 | -1 |
| test/t-21-dkim/run.sh | +20 | -1 |
| test/util/minidns/minidns.go | +10 | -1 |
| test/util/test-mda | +0 | -1 |
diff --git a/cmd/chasquid-util/dkim.go b/cmd/chasquid-util/dkim.go index 90c4390..49ad311 100644 --- a/cmd/chasquid-util/dkim.go +++ b/cmd/chasquid-util/dkim.go @@ -82,6 +82,13 @@ func dkimVerify() { }) } + if txt, ok := args["--txt"]; ok { + ctx = dkim.WithLookupTXTFunc(ctx, + func(ctx context.Context, domain string) ([]string, error) { + return []string{txt}, nil + }) + } + results, err := dkim.VerifyMessage(ctx, string(msg)) if err != nil { Fatalf("Error verifying message: %v", err) diff --git a/test/t-21-dkim/from_B_to_A.expected b/test/t-21-dkim/from_B_to_A.expected index e7836bd..61ca115 100644 --- a/test/t-21-dkim/from_B_to_A.expected +++ b/test/t-21-dkim/from_B_to_A.expected @@ -2,12 +2,18 @@ From user-a@srv-a Authentication-Results: srv-a ;spf=none (no DNS record found) ;dkim=pass header.b=* -DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=srv-b; s=sel77; * h=from:subject:to:from:subject:date:to:cc:message-id; bh=* b=* * + * + * + * + * + * + * From: user-b@srv-b To: user-a@srv-a Subject: Feliz primavera! diff --git a/test/t-21-dkim/run.sh b/test/t-21-dkim/run.sh index c4f289d..d83b0f3 100755 --- a/test/t-21-dkim/run.sh +++ b/test/t-21-dkim/run.sh @@ -16,7 +16,7 @@ export GOTAGS="dnsoverride" # Use a fixed selector so we can be more thorough in from_B_to_A.expected. rm -f B/domains/srv-b/*.pem mkdir -p B/domains/srv-b/ -CONFDIR=B chasquid-util dkim-keygen srv-b sel77 --algo=ed25519 > /dev/null +CONFDIR=B chasquid-util dkim-keygen srv-b sel77 > /dev/null cp zones .zones CONFDIR=B chasquid-util dkim-dns srv-b | sed 's/"//g' >> .zones @@ -65,5 +65,24 @@ smtpc --addr=localhost:2465 \ wait_for_file .mail/user-a@srv-a mail_diff from_B_to_A.expected .mail/user-a@srv-a +# Run chasquid-util dkim-verify to double check these are valid. +cat .zones | grep _domainkey.srv-b | sed 's/.*TXT//g' > .srv-b.dns.txt +CONFDIR=A chasquid-util dkim-verify -v "--txt=$(cat ./.srv-b.dns.txt)" \ + < .mail/user-a@srv-a > .chasquid-util-dkim-verify.out 2>&1 +if ! grep -q ";dkim=pass" .chasquid-util-dkim-verify.out; then + echo "chasquid-util dkim-verify output:" + cat .chasquid-util-dkim-verify.out + echo + fail "Failed chasquid-util dkim-verify" +fi + +# If driusan/dkim's dkimverify is available, use it to check the generated +# signature. +if dkimverify --help 2>&1 > /dev/null | grep -q -- "-txt string"; then + # Verify B's signature only, because dkimverify only supports RSA. + dkimverify -txt .srv-b.dns.txt < .mail/user-a@srv-a +else + echo "skipped driusan's dkimverify cross-check (binary not available)" +fi success diff --git a/test/util/minidns/minidns.go b/test/util/minidns/minidns.go index 0a15554..0205c54 100644 --- a/test/util/minidns/minidns.go +++ b/test/util/minidns/minidns.go @@ -290,8 +290,17 @@ func (m *miniDNS) loadZones(f *os.File) { } case "txt": qType = dnsmessage.TypeTXT + + // Cut value in chunks of 255 bytes. + chunks := []string{} + v := value + for len(v) > 254 { + chunks = append(chunks, v[:254]) + v = v[254:] + } + chunks = append(chunks, v) body = &dnsmessage.TXTResource{ - TXT: []string{value}, + TXT: chunks, } default: log.Fatalf("line %d: unknown type %q", lineno, t) diff --git a/test/util/test-mda b/test/util/test-mda index 4a1775f..7969dbc 100755 --- a/test/util/test-mda +++ b/test/util/test-mda @@ -5,7 +5,6 @@ set -e mkdir -p ${MDA_DIR} # TODO: use flock to lock the file, to prevent atomic writes. -echo "From ${1}" >> ${MDA_DIR}/.tmp-${1} cat >> ${MDA_DIR}/.tmp-${1} X=$? if [ -e ${MDA_DIR}/.tmp-${1} ]; then