1package dkim

3import (

4 "bufio"

5 "bytes"

6 "context"

7 "crypto"

8 "crypto/ed25519"

9 "crypto/rsa"

10 "crypto/sha256"

11 "crypto/x509"

12 "encoding/base64"

13 "encoding/pem"

14 "errors"

15 "strings"

16 "testing"

18 "github.com/mjl-/mox/config"

19 "github.com/mjl-/mox/dns"

20)

22func policyOK(sig *Sig) error {

23 return nil

24}

26func parseRSAKey(t *testing.T, rsaText string) *rsa.PrivateKey {

27 rsab, _ := pem.Decode([]byte(rsaText))

28 if rsab == nil {

29 t.Fatalf("no pem in privKey")

30 }

32 key, err := x509.ParsePKCS8PrivateKey(rsab.Bytes)

33 if err != nil {

34 t.Fatalf("parsing private key: %s", err)

35 }

36 return key.(*rsa.PrivateKey)

37}

39func getRSAKey(t *testing.T) *rsa.PrivateKey {

40 // Generated with:

41 // openssl genrsa -out pkcs1.pem 2048

42 // openssl pkcs8 -topk8 -inform pem -in pkcs1.pem -outform pem -nocrypt -out pkcs8.pem

43 const rsaText = `-----BEGIN PRIVATE KEY-----

44MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu7iTF/AAvJQ3U

45WRlcXd+n6HXOSYvmDlqjLsuCKn6/T+Ma0ZtobCRfzyXh5pFQBCHffW6fpEzJs/2o

46+e896zb1QKjD8Xxsjarjdw1iXzgMj/lhDGWyNyUHC34+k77UfpQBZgPLvZHyYyQG

47sVMzzmvURE+GMFmXYUiGI581PdCx4bNba/4gYQnc/eqQ8oX0T//2RdRqdhdDM2d7

48CYALtkxKetH1F+Rz7XDjFmI3GjPs1KwVdh+Cl8kejThi0SVxXpqnoqB2WGsr/lGG

49GxsxcpLb/+KWFjI0go3OJjMaxFCmhB0pGdW8I7kNwNrZsCdSvmjMDojNuegx6WMg

50/T7go3CvAgMBAAECggEAQA3AlmSDtr+lNDvZ7voKwwN6W6qPmRJpevZQG54u4iPA

51/5mAA/kRSqnh77mLPRb+RkU6RCeX3IXVXNIEGhKugZiHE5Sx4FfxmrAFzR8buXHg

52uXoeJOdPXiiFtilIh6u/y1FNE4YbUnud/fthgYdU8Zl/2x2KOMWtFj0l94tmhzOI

53b2y8/U8r85anI5XGYuzRCqKS1WskXhkXH8LZUB+9yAxX7V5ysgxjofM4FW8ns7yj

54K4cBS8KY2v3t7TZ4FgwkAhPcTfBc/E2UWT1Ztmr+18LFV5bqI8g2YlN+BgCxU7U/

551tawxqFhs+xowEpzNwAvjAIPpptIRiY1rz7sBB9g5QKBgQDLo/5rTUwNOPR9dYvA

56+DYUSCfxvNamI4GI66AgwOeN8O+W+dRDF/Ewbk/SJsBPSLIYzEiQ2uYKcNEmIjo+

577WwSCJZjKujovw77s9JAHexhpd8uLD2w9l3KeTg41LEYm2uVwoXWEHYSYJ9Ynz0M

58PWxvi2Hm0IoQ7gJIfxng/wIw3QKBgQDb6GFvPH/OTs40+dopwtm3irmkBAmT8N0b

593TpehONCOiL4GPxmn2DN6ELhHFV27Jj/1CfpGVbcBlaS1xYUGUGsB9gYukhdaBST

60KGHRoeZDcf0gaQLKG15EEfFOvcKI9aGljV8FdFfG+Z4fW3LA8khvpvjLLkv1A1jM

61MrEBthco+wKBgD45EM9GohtUMNh450gCT7voxFPICKphJP5qSNZZOyeS3BJ8qdAK

62a8cJndgvwQk4xDpxiSbBzBKaoD2Prc52i1QDTbhlbx9W6cQdEPxIaGb54PThzcPZ

63s5Tfbz9mNeq36qqq8mwTQZCh926D0YqA5jY7F6IITHeZ0hbGx2iJYuj9AoGARIyK

64ms8kE95y3wanX+8ySMmAlsT/a1NgyUfL4xzPbpyKvAWl4CN8XJMzDdL0PS8BfnXW

65vw28CrgbEojjg/5ff02uqf6fgiZoi3rCC0PJcGq++fRh/zhKyTNCokX6txDCg8Wu

66wheDKS40gRfTjJu5wrwsv8E9wjF546VFkf/99jMCgYEAm/x+kEfWKuzx8pQT66TY

67pxnC41upJOO1htTHNIN24J7XrrFI5+OZq90G+t/VgWX08Z8RlhejX+ukBf+SRu3u

685VMGcAs4px+iECX/FHo21YQFnrmArN1zdFxPU3rBWoBueqmGO6FT0HBbKzTuS7N0

697fIv3GQqImz3+ZbYWlXfkPI=

70-----END PRIVATE KEY-----`

71 return parseRSAKey(t, rsaText)

72}

74func getWeakRSAKey(t *testing.T) *rsa.PrivateKey {

75 const rsaText = `-----BEGIN PRIVATE KEY-----

76MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAsQo3ATJAZ4aAZz+l

77ndXl27ODOY+49DjYxwhgtg+OU8A1WEYCfWaZ7ozYtpsqH8GNFvlKtK38eKbdDuLw

78gsFYMQIDAQABAkBwstb2/P1Aqb9deoe8JOiw5eJYJySO2w0sDio6W0a4Cqi7XQ7r

79/yZ1gOp+ZnShX/sJq0Pd16UkJUUEtEPoZyptAiEA4KLP8pz/9R0t7Envqph1oVjQ

80CVDIL/UKRmdnMiwwDosCIQDJwiu08UgNNeliAygbkC2cdszjf4a3laGmYbfWrtAn

81swIgUBfc+w0degDgadpm2LWpY1DuRBQIfIjrE/U0Z0A4FkcCIHxEuoLycjygziTu

82aM/BWDac/cnKDIIbCbvfSEpU1iT9AiBsbkAcYCQ8mR77BX6gZKEc74nSce29gmR7

83mtrKWknTDQ==

84-----END PRIVATE KEY-----`

85 return parseRSAKey(t, rsaText)

86}

88func TestParseSignature(t *testing.T) {

89 // Domain name must always be A-labels, not U-labels. We do allow localpart with non-ascii.

90 hdr := `DKIM-Signature: v=1; a=rsa-sha256; d=xn--h-bga.mox.example; s=xn--yr2021-pua;

91 i=møx@xn--h-bga.mox.example; t=1643719203; h=From:To:Cc:Bcc:Reply-To:

92 References:In-Reply-To:Subject:Date:Message-ID:Content-Type:From:To:Subject:

93 Date:Message-ID:Content-Type;

94 bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b=dtgAOl71h/dNPQrmZTi3SBVkm+

95 EjMnF7sWGT123fa5g+m6nGpPue+I+067wwtkWQhsedbDkqT7gZb5WaG5baZsr9e/XpJ/iX4g6YXpr

96 07aLY8eF9jazcGcRCVCqLtyq0UJQ2Oz/ML74aYu1beh3jXsoI+k3fJ+0/gKSVC7enCFpNe1HhbXVS

97 4HRy/Rw261OEIy2e20lyPT4iDk2oODabzYa28HnXIciIMELjbc/sSawG68SAnhwdkWBrRzBDMCCHm

98 wvkmgDsVJWtdzjJqjxK2mYVxBMJT0lvsutXgYQ+rr6BLtjHsOb8GMSbQGzY5SJ3N8TP02pw5OykBu

99 B/aHff1A==

100`

101 smtputf8 := true

102 _, _, err := parseSignature([]byte(strings.ReplaceAll(hdr, "\n", "\r\n")), smtputf8)

103 if err != nil {

104 t.Fatalf("parsing signature: %s", err)

105 }

106}

107

108func TestVerifyRSA(t *testing.T) {

109 message := strings.ReplaceAll(`Return-Path: <mechiel@ueber.net>

110X-Original-To: mechiel@ueber.net

111Delivered-To: mechiel@ueber.net

112Received: from [IPV6:2a02:a210:4a3:b80:ca31:30ee:74a7:56e0] (unknown [IPv6:2a02:a210:4a3:b80:ca31:30ee:74a7:56e0])

113 by koriander.ueber.net (Postfix) with ESMTPSA id E119EDEB0B

114 for <mechiel@ueber.net>; Fri, 10 Dec 2021 20:09:08 +0100 (CET)

115DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ueber.net;

116 s=koriander; t=1639163348;

117 bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;

118 h=Date:To:From:Subject:From;

119 b=rpWruWprs2TB7/MnulA2n2WtfUIfrrnAvRoSrip1ruX5ORN4AOYPPMmk/gGBDdc6O

120 grRpSsNzR9BrWcooYfbNfSbl04nPKMp0acsZGfpvkj0+mqk5b8lqZs3vncG1fHlQc7

121 0KXfnAHyEs7bjyKGbrw2XG1p/EDoBjIjUsdpdCAtamMGv3A3irof81oSqvwvi2KQks

122 17aB1YAL9Xzkq9ipo1aWvDf2W6h6qH94YyNocyZSVJ+SlVm3InNaF8APkV85wOm19U

123 9OW81eeuQbvSPcQZJVOmrWzp7XKHaXH0MYE3+hdH/2VtpCnPbh5Zj9SaIgVbaN6NPG

124 Ua0E07rwC86sg==

125Message-ID: <427999f6-114f-e59c-631e-ab2a5f6bfe4c@ueber.net>

126Date: Fri, 10 Dec 2021 20:09:08 +0100

127MIME-Version: 1.0

128User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101

129 Thunderbird/91.4.0

130Content-Language: nl

131To: mechiel@ueber.net

132From: Mechiel Lukkien <mechiel@ueber.net>

133Subject: test

134Content-Type: text/plain; charset=UTF-8; format=flowed

135Content-Transfer-Encoding: 7bit

136

137test

138`, "\n", "\r\n")

139

140 resolver := dns.MockResolver{

141 TXT: map[string][]string{

142 "koriander._domainkey.ueber.net.": {"v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3Z9ffZe8gUTJrdGuKj6IwEembmKYpp0jMa8uhudErcI4gFVUaFiiRWxc4jP/XR9NAEv3XwHm+CVcHu+L/n6VWt6g59U7vHXQicMfKGmEp2VplsgojNy/Y5X9HdVYM0azsI47NcJCDW9UVfeOHdOSgFME4F8dNtUKC4KTB2d1pqj/yixz+V8Sv8xkEyPfSRHcNXIw0LvelqJ1MRfN3hO/3uQSVrPYYk4SyV0b6wfnkQs28fpiIpGQvzlGI5WkrdOQT5k4YHaEvZDLNdwiMeVZOEL7dDoFs2mQsovm+tH0StUAZTnr61NLVFfD5V6Ip1V9zVtspPHvYSuOWwyArFZ9QIDAQAB"},

143 },

144 }

145

146 results, err := Verify(context.Background(), resolver, false, policyOK, strings.NewReader(message), false)

147 if err != nil {

148 t.Fatalf("dkim verify: %v", err)

149 }

150 if len(results) != 1 || results[0].Status != StatusPass {

151 t.Fatalf("verify: unexpected results %v", results)

152 }

153}

154

155func TestVerifyEd25519(t *testing.T) {

156 // ../rfc/8463:287

157 message := strings.ReplaceAll(`DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;

158 d=football.example.com; i=@football.example.com;

159 q=dns/txt; s=brisbane; t=1528637909; h=from : to :

160 subject : date : message-id : from : subject : date;

161 bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;

162 b=/gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11Bus

163 Fa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw==

164DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

165 d=football.example.com; i=@football.example.com;

166 q=dns/txt; s=test; t=1528637909; h=from : to : subject :

167 date : message-id : from : subject : date;

168 bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;

169 b=F45dVWDfMbQDGHJFlXUNB2HKfbCeLRyhDXgFpEL8GwpsRe0IeIixNTe3

170 DhCVlUrSjV4BwcVcOF6+FF3Zo9Rpo1tFOeS9mPYQTnGdaSGsgeefOsk2Jz

171 dA+L10TeYt9BgDfQNZtKdN1WO//KgIqXP7OdEFE4LjFYNcUxZQ4FADY+8=

172From: Joe SixPack <joe@football.example.com>

173To: Suzie Q <suzie@shopping.example.net>

174Subject: Is dinner ready?

175Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)

176Message-ID: <20030712040037.46341.5F8J@football.example.com>

177

178Hi.

179

180We lost the game. Are you hungry yet?

181

182Joe.

183

184`, "\n", "\r\n")

185

186 resolver := dns.MockResolver{

187 TXT: map[string][]string{

188 "brisbane._domainkey.football.example.com.": {"v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="},

189 "test._domainkey.football.example.com.": {"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB"},

190 },

191 }

192

193 results, err := Verify(context.Background(), resolver, false, policyOK, strings.NewReader(message), false)

194 if err != nil {

195 t.Fatalf("dkim verify: %v", err)

196 }

197 if len(results) != 2 || results[0].Status != StatusPass || results[1].Status != StatusPass {

198 t.Fatalf("verify: unexpected results %#v", results)

199 }

200}

201

202func TestSign(t *testing.T) {

203 message := strings.ReplaceAll(`Message-ID: <427999f6-114f-e59c-631e-ab2a5f6bfe4c@ueber.net>

204Date: Fri, 10 Dec 2021 20:09:08 +0100

205MIME-Version: 1.0

206User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101

207 Thunderbird/91.4.0

208Content-Language: nl

209To: mechiel@ueber.net

210From: Mechiel Lukkien <mechiel@ueber.net>

211Subject: test

212 test

213Content-Type: text/plain; charset=UTF-8; format=flowed

214Content-Transfer-Encoding: 7bit

215

216test

217`, "\n", "\r\n")

218

219 rsaKey := getRSAKey(t)

220 ed25519Key := ed25519.NewKeyFromSeed(make([]byte, 32))

221

222 selrsa := config.Selector{

223 HashEffective: "sha256",

224 Key: rsaKey,

225 HeadersEffective: strings.Split("From,To,Cc,Bcc,Reply-To,References,In-Reply-To,Subject,Date,Message-ID,Content-Type", ","),

226 Domain: dns.Domain{ASCII: "testrsa"},

227 }

228

229 // Now with sha1 and relaxed canonicalization.

230 selrsa2 := config.Selector{

231 HashEffective: "sha1",

232 Key: rsaKey,

233 HeadersEffective: strings.Split("From,To,Cc,Bcc,Reply-To,References,In-Reply-To,Subject,Date,Message-ID,Content-Type", ","),

234 Domain: dns.Domain{ASCII: "testrsa2"},

235 }

236 selrsa2.Canonicalization.HeaderRelaxed = true

237 selrsa2.Canonicalization.BodyRelaxed = true

238

239 // Ed25519 key.

240 seled25519 := config.Selector{

241 HashEffective: "sha256",

242 Key: ed25519Key,

243 HeadersEffective: strings.Split("From,To,Cc,Bcc,Reply-To,References,In-Reply-To,Subject,Date,Message-ID,Content-Type", ","),

244 Domain: dns.Domain{ASCII: "tested25519"},

245 }

246 // Again ed25519, but without sealing headers. Use sha256 again, for reusing the body hash from the previous dkim-signature.

247 seled25519b := config.Selector{

248 HashEffective: "sha256",

249 Key: ed25519Key,

250 HeadersEffective: strings.Split("From,To,Cc,Bcc,Reply-To,Subject,Date", ","),

251 DontSealHeaders: true,

252 Domain: dns.Domain{ASCII: "tested25519b"},

253 }

254 dkimConf := config.DKIM{

255 Selectors: map[string]config.Selector{

256 "testrsa": selrsa,

257 "testrsa2": selrsa2,

258 "tested25519": seled25519,

259 "tested25519b": seled25519b,

260 },

261 Sign: []string{"testrsa", "testrsa2", "tested25519", "tested25519b"},

262 }

263

264 ctx := context.Background()

265 headers, err := Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader(message))

266 if err != nil {

267 t.Fatalf("sign: %v", err)

268 }

269

270 makeRecord := func(k string, publicKey any) string {

271 tr := &Record{

272 Version: "DKIM1",

273 Key: k,

274 PublicKey: publicKey,

275 Flags: []string{"s"},

276 }

277 txt, err := tr.Record()

278 if err != nil {

279 t.Fatalf("making dns txt record: %s", err)

280 }

281 //log.Infof("txt record: %s", txt)

282 return txt

283 }

284

285 resolver := dns.MockResolver{

286 TXT: map[string][]string{

287 "testrsa._domainkey.mox.example.": {makeRecord("rsa", rsaKey.Public())},

288 "testrsa2._domainkey.mox.example.": {makeRecord("rsa", rsaKey.Public())},

289 "tested25519._domainkey.mox.example.": {makeRecord("ed25519", ed25519Key.Public())},

290 "tested25519b._domainkey.mox.example.": {makeRecord("ed25519", ed25519Key.Public())},

291 },

292 }

293

294 nmsg := headers + message

295

296 results, err := Verify(ctx, resolver, false, policyOK, strings.NewReader(nmsg), false)

297 if err != nil {

298 t.Fatalf("verify: %s", err)

299 }

300 if len(results) != 4 || results[0].Status != StatusPass || results[1].Status != StatusPass || results[2].Status != StatusPass || results[3].Status != StatusPass {

301 t.Fatalf("verify: unexpected results %v\nheaders:\n%s", results, headers)

302 }

303 //log.Infof("headers:%s", headers)

304 //log.Infof("nmsg\n%s", nmsg)

305

306 // Multiple From headers.

307 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader("From: <mjl@mox.example>\r\nFrom: <mjl@mox.example>\r\n\r\ntest"))

308 if !errors.Is(err, ErrFrom) {

309 t.Fatalf("sign, got err %v, expected ErrFrom", err)

310 }

311

312 // No From header.

313 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader("Brom: <mjl@mox.example>\r\n\r\ntest"))

314 if !errors.Is(err, ErrFrom) {

315 t.Fatalf("sign, got err %v, expected ErrFrom", err)

316 }

317

318 // Malformed headers.

319 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader(":\r\n\r\ntest"))

320 if !errors.Is(err, ErrHeaderMalformed) {

321 t.Fatalf("sign, got err %v, expected ErrHeaderMalformed", err)

322 }

323 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader(" From:<mjl@mox.example>\r\n\r\ntest"))

324 if !errors.Is(err, ErrHeaderMalformed) {

325 t.Fatalf("sign, got err %v, expected ErrHeaderMalformed", err)

326 }

327 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader("Frøm:<mjl@mox.example>\r\n\r\ntest"))

328 if !errors.Is(err, ErrHeaderMalformed) {

329 t.Fatalf("sign, got err %v, expected ErrHeaderMalformed", err)

330 }

331 _, err = Sign(ctx, "mjl", dns.Domain{ASCII: "mox.example"}, dkimConf, false, strings.NewReader("From:<mjl@mox.example>"))

332 if !errors.Is(err, ErrHeaderMalformed) {

333 t.Fatalf("sign, got err %v, expected ErrHeaderMalformed", err)

334 }

335}

336

337func TestVerify(t *testing.T) {

338 // We do many Verify calls, each time starting out with a valid configuration, then

339 // we modify one thing to trigger an error, which we check for.

340

341 const message = `From: <mjl@mox.example>

342To: <other@mox.example>

343Subject: test

344Date: Fri, 10 Dec 2021 20:09:08 +0100

345Message-ID: <test@mox.example>

346MIME-Version: 1.0

347Content-Type: text/plain; charset=UTF-8; format=flowed

348Content-Transfer-Encoding: 7bit

349

350test

351`

352

353 key := ed25519.NewKeyFromSeed(make([]byte, 32))

354 var resolver dns.MockResolver

355 var record *Record

356 var recordTxt string

357 var msg string

358 var sel config.Selector

359 var dkimConf config.DKIM

360 var policy func(*Sig) error

361 var signed bool

362 var signDomain dns.Domain

363

364 prepare := func() {

365 t.Helper()

366

367 policy = DefaultPolicy

368 signDomain = dns.Domain{ASCII: "mox.example"}

369

370 record = &Record{

371 Version: "DKIM1",

372 Key: "ed25519",

373 PublicKey: key.Public(),

374 Flags: []string{"s"},

375 }

376

377 txt, err := record.Record()

378 if err != nil {

379 t.Fatalf("making dns txt record: %s", err)

380 }

381 recordTxt = txt

382

383 resolver = dns.MockResolver{

384 TXT: map[string][]string{

385 "test._domainkey.mox.example.": {txt},

386 },

387 }

388

389 sel = config.Selector{

390 HashEffective: "sha256",

391 Key: key,

392 HeadersEffective: strings.Split("From,To,Cc,Bcc,Reply-To,References,In-Reply-To,Subject,Date,Message-ID,Content-Type", ","),

393 Domain: dns.Domain{ASCII: "test"},

394 }

395 dkimConf = config.DKIM{

396 Selectors: map[string]config.Selector{

397 "test": sel,

398 },

399 Sign: []string{"test"},

400 }

401

402 msg = message

403 signed = false

404 }

405

406 sign := func() {

407 t.Helper()

408

409 msg = strings.ReplaceAll(msg, "\n", "\r\n")

410

411 headers, err := Sign(context.Background(), "mjl", signDomain, dkimConf, false, strings.NewReader(msg))

412 if err != nil {

413 t.Fatalf("sign: %v", err)

414 }

415 msg = headers + msg

416 signed = true

417 }

418

419 test := func(expErr error, expStatus Status, expResultErr error, mod func()) {

420 t.Helper()

421

422 prepare()

423 mod()

424 if !signed {

425 sign()

426 }

427

428 results, err := Verify(context.Background(), resolver, true, policy, strings.NewReader(msg), false)

429 if (err == nil) != (expErr == nil) || err != nil && !errors.Is(err, expErr) {

430 t.Fatalf("got verify error %v, expected %v", err, expErr)

431 }

432 if expStatus != "" && (len(results) == 0 || results[0].Status != expStatus) {

433 var status Status

434 if len(results) > 0 {

435 status = results[0].Status

436 }

437 t.Fatalf("got status %q, expected %q", status, expStatus)

438 }

439 var resultErr error

440 if len(results) > 0 {

441 resultErr = results[0].Err

442 }

443 if (resultErr == nil) != (expResultErr == nil) || resultErr != nil && !errors.Is(resultErr, expResultErr) {

444 t.Fatalf("got result error %v, expected %v", resultErr, expResultErr)

445 }

446 }

447

448 test(nil, StatusPass, nil, func() {})

449

450 // Cannot parse message, so not much more to do.

451 test(ErrHeaderMalformed, "", nil, func() {

452 sign()

453 msg = ":\r\n\r\n" // Empty header key.

454 })

455

456 // From Lookup.

457 // No DKIM record. ../rfc/6376:2608

458 test(nil, StatusPermerror, ErrNoRecord, func() {

459 resolver.TXT = nil

460 })

461 // DNS request is failing temporarily.

462 test(nil, StatusTemperror, ErrDNS, func() {

463 resolver.Fail = []string{

464 "txt test._domainkey.mox.example.",

465 }

466 })

467 // Claims to be DKIM through v=, but cannot be parsed. ../rfc/6376:2621

468 test(nil, StatusPermerror, ErrSyntax, func() {

469 resolver.TXT = map[string][]string{

470 "test._domainkey.mox.example.": {"v=DKIM1; bogus"},

471 }

472 })

473 // Not a DKIM record. ../rfc/6376:2621

474 test(nil, StatusTemperror, ErrSyntax, func() {

475 resolver.TXT = map[string][]string{

476 "test._domainkey.mox.example.": {"bogus"},

477 }

478 })

479 // Multiple dkim records. ../rfc/6376:1609

480 test(nil, StatusTemperror, ErrMultipleRecords, func() {

481 resolver.TXT["test._domainkey.mox.example."] = []string{recordTxt, recordTxt}

482 })

483

484 // Invalid DKIM-Signature header. ../rfc/6376:2503

485 test(nil, StatusPermerror, errSigMissingTag, func() {

486 msg = strings.ReplaceAll("DKIM-Signature: v=1\n"+msg, "\n", "\r\n")

487 signed = true

488 })

489

490 // Signature has valid syntax, but parameters aren't acceptable.

491 // "From" not signed. ../rfc/6376:2546

492 test(nil, StatusPermerror, ErrFrom, func() {

493 sign()

494 // Remove "from" from signed headers (h=).

495 msg = strings.ReplaceAll(msg, ":From:", ":")

496 msg = strings.ReplaceAll(msg, "=From:", "=")

497 })

498 // todo: check expired signatures with StatusPermerror and ErrSigExpired. ../rfc/6376:2550

499 // Domain in signature is higher-level than organizational domain. ../rfc/6376:2554

500 test(nil, StatusPermerror, ErrTLD, func() {

501 // Pretend to sign as .com

502 msg = strings.ReplaceAll(msg, "From: <mjl@mox.example>\n", "From: <mjl@com>\n")

503 signDomain = dns.Domain{ASCII: "com"}

504 resolver.TXT = map[string][]string{

505 "test._domainkey.com.": {recordTxt},

506 }

507 })

508 // Unknown hash algorithm.

509 test(nil, StatusPermerror, ErrHashAlgorithmUnknown, func() {

510 sign()

511 msg = strings.ReplaceAll(msg, "sha256", "sha257")

512 })

513 // Unknown canonicalization.

514 test(nil, StatusPermerror, ErrCanonicalizationUnknown, func() {

515 sel.Canonicalization.HeaderRelaxed = true

516 sel.Canonicalization.BodyRelaxed = true

517 dkimConf.Selectors = map[string]config.Selector{

518 "test": sel,

519 }

520

521 sign()

522 msg = strings.ReplaceAll(msg, "relaxed/relaxed", "bogus/bogus")

523 })

524 // Query methods without dns/txt. ../rfc/6376:1268

525 test(nil, StatusPermerror, ErrQueryMethod, func() {

526 sign()

527 msg = strings.ReplaceAll(msg, "DKIM-Signature: ", "DKIM-Signature: q=other;")

528 })

529

530 // Unacceptable through policy. ../rfc/6376:2560

531 test(nil, StatusPolicy, ErrPolicy, func() {

532 sign()

533 msg = strings.ReplaceAll(msg, "DKIM-Signature: ", "DKIM-Signature: l=1;")

534 })

535 // Hash algorithm not allowed by DNS record. ../rfc/6376:2639

536 test(nil, StatusPermerror, ErrHashAlgNotAllowed, func() {

537 recordTxt += ";h=sha1"

538 resolver.TXT = map[string][]string{

539 "test._domainkey.mox.example.": {recordTxt},

540 }

541 })

542 // Signature algorithm mismatch. ../rfc/6376:2651

543 test(nil, StatusPermerror, ErrSigAlgMismatch, func() {

544 record.PublicKey = getRSAKey(t).Public()

545 record.Key = "rsa"

546 txt, err := record.Record()

547 if err != nil {

548 t.Fatalf("making dns txt record: %s", err)

549 }

550 resolver.TXT = map[string][]string{

551 "test._domainkey.mox.example.": {txt},

552 }

553 })

554 // Empty public key means revoked key. ../rfc/6376:2645

555 test(nil, StatusPermerror, ErrKeyRevoked, func() {

556 record.PublicKey = nil

557 txt, err := record.Record()

558 if err != nil {

559 t.Fatalf("making dns txt record: %s", err)

560 }

561 resolver.TXT = map[string][]string{

562 "test._domainkey.mox.example.": {txt},

563 }

564 })

565 // We refuse rsa keys smaller than 1024 bits.

566 test(nil, StatusPermerror, ErrWeakKey, func() {

567 key := getWeakRSAKey(t)

568 record.Key = "rsa"

569 record.PublicKey = key.Public()

570 txt, err := record.Record()

571 if err != nil {

572 t.Fatalf("making dns txt record: %s", err)

573 }

574 resolver.TXT = map[string][]string{

575 "test._domainkey.mox.example.": {txt},

576 }

577 sel.Key = key

578 dkimConf.Selectors = map[string]config.Selector{

579 "test": sel,

580 }

581 })

582 // Key not allowed for email by DNS record. ../rfc/6376:1541

583 test(nil, StatusPermerror, ErrKeyNotForEmail, func() {

584 recordTxt += ";s=other"

585 resolver.TXT = map[string][]string{

586 "test._domainkey.mox.example.": {recordTxt},

587 }

588 })

589 // todo: Record has flag "s" but identity does not have exact domain match. Cannot currently easily implement this test because Sign() always uses the same domain. ../rfc/6376:1575

590 // Wrong signature, different datahash, and thus signature.

591 test(nil, StatusFail, ErrSigVerify, func() {

592 sign()

593 msg = strings.ReplaceAll(msg, "Subject: test\r\n", "Subject: modified header\r\n")

594 })

595 // Signature is correct for bodyhash, but the body has changed.

596 test(nil, StatusFail, ErrBodyhashMismatch, func() {

597 sign()

598 msg = strings.ReplaceAll(msg, "\r\ntest\r\n", "\r\nmodified body\r\n")

599 })

600

601 // Check that last-occurring header field is used.