From fe986d5bb7d3f912da1e15c22386fee987229f6d Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Sat, 9 Mar 2024 21:58:55 +0000 Subject: [PATCH] test/t-21-dkim: Add driusan/dkim's dkimverify check This patch adds a cross-tool integration check that uses driusan/dkim's dkimverify to confirm it can verify our own DKIM signatures. It is optional, since the tool may not be present. --- test/t-21-dkim/from_B_to_A.expected | 8 +++++++- test/t-21-dkim/run.sh | 11 ++++++++++- test/util/minidns/minidns.go | 11 ++++++++++- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/test/t-21-dkim/from_B_to_A.expected b/test/t-21-dkim/from_B_to_A.expected index e7836bd..61ca115 100644 --- a/test/t-21-dkim/from_B_to_A.expected +++ b/test/t-21-dkim/from_B_to_A.expected @@ -2,12 +2,18 @@ From user-a@srv-a Authentication-Results: srv-a ;spf=none (no DNS record found) ;dkim=pass header.b=* -DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=srv-b; s=sel77; * h=from:subject:to:from:subject:date:to:cc:message-id; bh=* b=* * + * + * + * + * + * + * From: user-b@srv-b To: user-a@srv-a Subject: Feliz primavera! diff --git a/test/t-21-dkim/run.sh b/test/t-21-dkim/run.sh index c4f289d..752bca2 100755 --- a/test/t-21-dkim/run.sh +++ b/test/t-21-dkim/run.sh @@ -16,7 +16,7 @@ export GOTAGS="dnsoverride" # Use a fixed selector so we can be more thorough in from_B_to_A.expected. rm -f B/domains/srv-b/*.pem mkdir -p B/domains/srv-b/ -CONFDIR=B chasquid-util dkim-keygen srv-b sel77 --algo=ed25519 > /dev/null +CONFDIR=B chasquid-util dkim-keygen srv-b sel77 > /dev/null cp zones .zones CONFDIR=B chasquid-util dkim-dns srv-b | sed 's/"//g' >> .zones @@ -65,5 +65,14 @@ smtpc --addr=localhost:2465 \ wait_for_file .mail/user-a@srv-a mail_diff from_B_to_A.expected .mail/user-a@srv-a +# If driusan/dkim's dkimverify is available, use it to check the generated +# signature. +if dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then + # Verify B's signature only, because dkimverify only supports RSA. + cat .zones | grep _domainkey.srv-b | sed 's/.*TXT//g' > .srv-b.dns.txt + dkimverify -txt .srv-b.dns.txt < .mail/user-a@srv-a +else + skipped "driusan's dkimverify cross-check (binary not available)" +fi success diff --git a/test/util/minidns/minidns.go b/test/util/minidns/minidns.go index 0a15554..0205c54 100644 --- a/test/util/minidns/minidns.go +++ b/test/util/minidns/minidns.go @@ -290,8 +290,17 @@ func (m *miniDNS) loadZones(f *os.File) { } case "txt": qType = dnsmessage.TypeTXT + + // Cut value in chunks of 255 bytes. + chunks := []string{} + v := value + for len(v) > 254 { + chunks = append(chunks, v[:254]) + v = v[254:] + } + chunks = append(chunks, v) body = &dnsmessage.TXTResource{ - TXT: []string{value}, + TXT: chunks, } default: log.Fatalf("line %d: unknown type %q", lineno, t)