191 lines
6.1 KiB
Plaintext
191 lines
6.1 KiB
Plaintext
# Test dkim-dns subcommand with keys pre-generated by openssl, to validate
|
|
# interoperability.
|
|
c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_ed25519.pem
|
|
c <- sel123._domainkey.example.com TXT "v=DKIM1; k=ed25519; p=QXNdsDCVOrViGMRh4BIE/IgUCcBEwio3kpJ3e0GAipw="
|
|
c wait 0
|
|
|
|
c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_rsa.pem
|
|
c <- sel123._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieZWhl7dnxHGyucZS2+dyExPQytj/aY46RXJ4yT3zWY8gh5YkVZ2L1x++7XMzzSg/5FR5bkKYV9Xa+jO6YlhriYKo3ttWSmxU0hDKbG7dpD9Tr7tjCcmKqE1IXetl6DXlQl7LRdmkeIND4gtf9A1zOPLR3/+kvsu1u2cUsEFVs36FqbTe4BYLn2RQlT4IQocT5eVEvoHc5apKuTOKBYThhWRaSZG9YXvsdd1UjngR2Xmizu5e/hj2f3W+9rmRRy1ukmUryuMUHMae2V27Wy1vrHiYoMUA1kQJY+HTG5kMkuatxNui9yjmdqrQUvCIU2Fa5jxJYQTLIz4U0/z4tStRwIDAQAB"
|
|
c wait 0
|
|
|
|
# Generate our own keys, and then check we can parse them with dkim-dns.
|
|
# Do this once per algorithm (including the default).
|
|
|
|
# Default algorithm.
|
|
c = ./chasquid-util dkim-keygen example.com selDef .keys/test_def.pem
|
|
c <- Key written to ".keys/test_def.pem"
|
|
c <-
|
|
c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
|
|
c wait 0
|
|
|
|
c = ./chasquid-util dkim-dns example.com selDef .keys/test_def.pem
|
|
c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
|
|
c wait 0
|
|
|
|
# RSA 3072.
|
|
c = ./chasquid-util dkim-keygen example.com selRSA3 .keys/test_rsa3.pem --algo=rsa3072
|
|
c <- Key written to ".keys/test_rsa3.pem"
|
|
c <-
|
|
c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
|
|
c wait 0
|
|
|
|
c = ./chasquid-util dkim-dns example.com selRSA3 .keys/test_rsa3.pem
|
|
c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*"
|
|
c wait 0
|
|
|
|
# RSA 4096.
|
|
c = ./chasquid-util dkim-keygen example.com selRSA4 .keys/test_rsa4.pem --algo=rsa4096
|
|
c <- Key written to ".keys/test_rsa4.pem"
|
|
c <-
|
|
c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*"
|
|
c wait 0
|
|
|
|
c = ./chasquid-util dkim-dns example.com selRSA4 .keys/test_rsa4.pem
|
|
c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*"
|
|
c wait 0
|
|
|
|
# Ed25519.
|
|
c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519
|
|
c <- Key written to ".keys/test_ed25519.pem"
|
|
c <-
|
|
c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
|
|
c wait 0
|
|
|
|
c = ./chasquid-util dkim-dns example.com selED25519 .keys/test_ed25519.pem
|
|
c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
|
|
c wait 0
|
|
|
|
# Refuse to overwrite a key file.
|
|
c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519
|
|
c <- Error: key already exists at ".keys/test_ed25519.pem"
|
|
c wait 1
|
|
|
|
# Automatically decide on the selector and key path.
|
|
c = ./chasquid-util -C=.config dkim-keygen domain --algo=ed25519
|
|
c <~ Key written to ".config/domains/domain/dkim:[0-9]{8}.pem"
|
|
c <-
|
|
c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
|
|
c wait 0
|
|
|
|
# Custom selector, but automatic key path
|
|
c = ./chasquid-util -C=.config dkim-keygen domain sel1 --algo=ed25519
|
|
c <~ Key written to ".config/domains/domain/dkim:sel1.pem"
|
|
c <-
|
|
c <~ sel1._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
|
|
c wait 0
|
|
|
|
# Missing parameters.
|
|
c = ./chasquid-util -C=.config dkim-keygen
|
|
c <- Error: missing domain parameter
|
|
c wait 1
|
|
|
|
# Unsupported algorithm
|
|
c = ./chasquid-util -C=.config dkim-keygen domain s k.pem --algo=xxx666
|
|
c <- Error: unsupported algorithm "xxx666"
|
|
c wait 1
|
|
|
|
# Automatically find selector and key path.
|
|
c = ./chasquid-util -C=.config dkim-dns domain
|
|
c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*"
|
|
c wait 0
|
|
|
|
# Require at least a domain.
|
|
c = ./chasquid-util -C=.config dkim-dns
|
|
c <- Error: missing domain parameter
|
|
c wait 1
|
|
|
|
# Error reading key.
|
|
c = ./chasquid-util -C=.config dkim-dns domain unknownsel badkey.pem
|
|
c <- Error reading private key from "badkey.pem": open badkey.pem: no such file or directory
|
|
c wait 1
|
|
|
|
# No DKIM keys found.
|
|
c = ./chasquid-util -C=.config dkim-dns unkdomain
|
|
c <- No DKIM keys found in ".config/domains/unkdomain/dkim:*.pem"
|
|
c wait 1
|
|
|
|
# DKIM signing, with various forms.
|
|
c = ./chasquid-util -C=.config dkim-sign domain
|
|
c -> From: user-a@srv-a
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
|
|
c <~ \td=domain; s=\d+; t=\d+;
|
|
c <~ \th=from:from:subject:date:to:cc:message-id;
|
|
c <~ \tbh=.*;
|
|
c <~ \tb=.*
|
|
c <~ \t .*;
|
|
c wait 0
|
|
|
|
c = ./chasquid-util -C=.config dkim-sign domain sel1
|
|
c -> From: user-a@srv-a
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
|
|
c wait 0
|
|
|
|
c = ./chasquid-util -C=.config dkim-sign domain selED25519 .keys/test_ed25519.pem
|
|
c -> From: user-a@srv-a
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
|
|
c wait 0
|
|
|
|
c = ./chasquid-util -C=.config dkim-sign
|
|
c -> From: user-a@domain
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
|
|
c wait 0
|
|
|
|
# Bad message for dkim-sign.
|
|
c = ./chasquid-util -C=.config dkim-sign
|
|
c -> Invalid message.
|
|
c close
|
|
c <- Error parsing message: malformed header line: Invalid message.
|
|
c wait 1
|
|
|
|
c = ./chasquid-util -C=.config dkim-sign
|
|
c -> From: <not a good address>
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- Error parsing From: header: mail: missing @ in addr-spec
|
|
c wait 1
|
|
|
|
# DKIM verification.
|
|
# Just check that the attempt was made.
|
|
c = ./chasquid-util -C=.config dkim-verify
|
|
c -> From: user-a@srv-a
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <~ Authentication-Results: .*
|
|
c <~ \t;dkim=none
|
|
c wait 0
|
|
|
|
# Tracing. Just check that there's some output, we don't need byte-for-byte
|
|
# verification as the contents are not expected to be stable.
|
|
c = ./chasquid-util -C=.config dkim-sign -v
|
|
c -> From: user-a@domain
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <~ Signing for domain / \d+ with ed25519-sha256
|
|
c wait 0
|
|
|
|
c = ./chasquid-util -C=.config dkim-verify -v
|
|
c -> From: user-a@srv-a
|
|
c ->
|
|
c -> A little tiny message.
|
|
c close
|
|
c <- Found 0 signatures, 0 valid
|
|
c <~ Authentication-Results: .*
|
|
c <~ \t;dkim=none
|
|
c wait 0
|
|
|