diff -Nru libmail-dkim-perl-0.28/ChangeLog libmail-dkim-perl-0.33/ChangeLog --- libmail-dkim-perl-0.28/ChangeLog 2007-07-31 21:40:41.000000000 +0100 +++ libmail-dkim-perl-0.33/ChangeLog 2009-03-10 14:46:58.000000000 +0000 @@ -1,3 +1,394 @@ +2008-11-19: Jason Long + * lib/Mail/DKIM/Signature.pm, DkSignature.pm (DEFAULT_PREFIX): new + method which determines what prefix to use in as_string, prettify, + etc. + * lib/Mail/DKIM/KeyValueList.pm (wrap): when splitting the h= field, + only allow breaks prior to ':' symbols + +2008-11-19: Jason Long + * t/signature.t: further checks for prettify signatures (found a case + where the new code caused a regression) + * lib/Mail/DKIM/TextWrap.pm (flush): remember to update cur position + when flushing text; use a "may_break" internal variable to know + whether a linebreak is acceptable; other fixes + * t/textwrap.t: another test case illustrating failure in TextWrap.pm + * lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() right after the + ';' character; this is a further fix for #2257046. + +2008-11-10: Jason Long + * lib/Mail/DKIM/TextWrap.pm (flush): new method to explicitly allow a + break at the current point in the string + * lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() whenever changing + TextWrap parameters (this should complete the fix for #2257046) + +2008-11-06: Jason Long + * t/signature.t: test Mark Martinec's bad-signature-wrapping bug + +2008-11-06: Jason Long + * t/verifier.t: use a "fake" dns implementation, so that this test + will pass no matter the user's state of dns + +2008-11-06: Jason Long + * lib/Mail/DKIM/DNS.pm (query): changed API so that it now returns + a list of Net::DNS::RR objects, rather than a Net::DNS::Packet object. + * lib/Mail/DKIM/Policy.pm: update for the change to the DNS.pm api. + * lib/Mail/DKIM/PublicKey.pm: update for the change to the DNS.pm api. + +2008-11-06: Jason Long + * lib/Mail/DKIM/Signature.pm (encode_qp, decode_qp): suppress a warning + about an uninitialized value + * lib/Mail/DKIM/Common.pm (message_originator, message_sender): if a + From/Sender line is present, but blank, still return a valid object + * t/public_key.t: new test to check for DNS problems + + -- VERSION 0.32 -- + +2008-05-09: Jason Long + * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: when populating a DomainKey + signature's identity, record where the identity came from + * lib/Mail/DKIM/DkSignature.pm (identity_source): make the source of + the identity (i.e. sender header or from header) available as a + method + +2008-05-09: Jason Long + * lib/Mail/DKIM/Signature.pm (identity): do quoted-printable encoding/ + decoding for the i= tag (issue #1839015) + * t/corpus/good_qp_1.txt, good_qp_2.txt, good_qp_3.txt: three test + files for identities using quoted-printable encoding + +2008-04-14: Jason Long + * lib/Mail/DKIM/Signature.pm: documentation for get_tag() + +2008-04-14: Jason Long + * lib/Mail/DKIM/PublicKey.pm (check_granularity): do case-sensitive + comparison (issue #1938112) + +2008-04-14: Jason Long + * t/corpus/badkey_12.txt: fix g= case-sensitivity test so it won't give + false positives on dkim-milter + * t/corpus/badkey_13.txt: test that the verifier checks granularity + against i= tag, not the From header + +2008-04-14: Jason Long + * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm, rsa_sha1.pm: replace use of + Digest::SHA1 with equivalent Digest::SHA + * Makefile.PL: remove requirement for Digest::SHA1 + +2008-04-14: Jason Long + * Makefile.PL: bump version + + -- VERSION 0.31 -- + +2008-04-08: Jason Long + * lib/Mail/DKIM/PrivateKey.pm: allow Cork argument to new() (#1879209) + +2008-04-07: Jason Long + * lib/Mail/DKIM/DkimPolicy.pm: fix "use of uninitialized value in string" + errors + * lib/Mail/DKIM/Signature.pm: provide public API to public-key object of + signatures, e.g. so its flags can be accessed (issue #1879215); + also, if an error occurs fetching the public-key record, the failure + is cached so it won't get tried again + * lib/Mail/DKIM/Signer.pm: document how to create a DomainKey-Signature + +2008-02-20: Jason Long + * lib/Mail/DKIM/TextWrap.pm: implement BreakBefore option; + provided a bunch of documentation for this module + * t/textwrap.t: tests new functionality of TextWrap + * lib/Mail/DKIM/KeyValueList.pm: colon-separated lists are now "wrapped" + with colons appearing at the beginning of the next line instead of + at the end of the current line (hoping this will fix #1868648) + +2008-02-06: Jason Long + * lib/Mail/DKIM/Signature.pm: conserve space by omitting "c=simple" + and "q=dns/txt" (#1878518) + +2008-02-06: Jason Long + * lib/Mail/DKIM/Canonicalization/DkCommon.pm, DkimCommon.pm: + bugfix for issue #1878954 (undef value used as an ARRAY ref) + * lib/Mail/DKIM/Canonicalization/DkCommon.pm: some cleanup, + possible bugfix for verifying message with two+ DomainKey signatures + * lib/Mail/DKIM/Verifier.pm: allow caller of fetch_author_policy() to + specify domain (#1879197) + * lib/Mail/DKIM/PrivateKey.pm: cleanup- indentation style; + throw error on load() if missing argument + +2008-01-24: Jason Long + * lib/Mail/DKIM/DkimPolicy.pm, Policy.pm, PublicKey.pm, Verifier.pm: + fix parsing regexes used to split email address into localpart and + domain (issue #1878994) + +2008-01-10: Jason Long + * Makefile.PL: bump version + * lib/Mail/DKIM/Signature.pm: make sure all public key problems are + prefixed with "public key:" (most were already, see below for actual + changes) + * lib/Mail/DKIM/PublicKey.pm: since Signature.pm is providing the "public + key:" prefix, it can be omitted in PublicKey.pm error messages + * lib/Mail/DKIM/Verifier: the following result_detail messages have changed: + "no public key available" => "public key: not available" + "key value list syntax error" => "syntax error" + or "public key: syntax error" + * t/verifier.t: test that "public key" is mentioned + + -- VERSION 0.30.1 -- + +2008-01-24: Jason Long + * lib/Mail/DKIM/Algorithm/*: implement wants_pre_signature_headers() + for each algorithm + * lib/Mail/DKIM/Verifier.pm: if the algorithm "wants_pre_signature_headers", + then feed headers found prior to the signature to the + signature-specific algorithm doing the verification. This fixes an + issue where signatures from cisco.com fail to verify (reported by + Mark Martinec). + + -- VERSION 0.30 -- + +2007-12-10: Jason Long + * lib/Mail/DKIM/Verifier.pm (is_subdomain): do case-insensitive + comparison + * t/corpus/good_dk_7.txt: tests DK signature with domain names that + differ only in case + * t/corpus/good_rfc4871_4.txt: tests DKIM signature with i= and d= + contain domain names differing in case + * t/corpus/badkey_12.txt: tests public key where i=JLong, g=jl*ng + +2007-12-07: Jason Long + * t/verifier.t: three new DK tests + * t/corpus/good_dk_6.txt: tests DK signature without h= tag + * t/corpus/bad_dk_2.txt: tests DK signature w/o h= tag, Sender has + been added + * t/corpus/dk_multiple_1.txt: tests two DK signatures (with different + domains) in a single message... both should pass + * Makefile.PL: version bump + +2007-12-07: Jason Long + * lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm, + lib/Mail/DKIM/Canonicalization/DkCommon.pm: + domainkeys: determine identity from algorithm object. Currently the + DomainKeys identity is determined by the Verifier. It is + theoretically possible for two different DomainKeys signatures on + the same message to have different identities. (This happens when + one DomainKey signature includes a Sender header, and the other one + does not.) This patch moves the determination of identity to the + algorithm object. + +2007-12-07: Jason Long + * lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Common.pm: initialize + signatures early. This patch makes Mail::DKIM::Verifier initialize + and check the signature object as soon as it is parsed, and + subsequent headers are fed into the algorithm as they are read, + instead of waiting for the end of header. + * lib/Mail/DKIM/Verifier.pm: fix DK identity. The previous patch broke + identity-checking for DomainKeys signatures. This patch moves some + things around so that identity checking still works. + +2007-12-07: Jason Long + * lib/Mail/DKIM/Verifier.pm (add_signature): changed to take a + signature object, instead of an unparsed header line + +2007-11-21: Jason Long + * t/corpus/bad_dk_2.txt renamed to dk_headers_2.txt: revert this + rename from earlier... the message should "pass" after + all (the Sender header was not part of the signature) + +2007-11-21: Jason Long + * lib/Mail/DKIM/Signer.pm: provide documentation for Key parameter + * lib/Mail/DKIM/PrivateKey.pm: created documentation for this package + * lib/Mail/DKIM/Signature.pm: implement Key parameter for constructor, + and key() method to get/set the private key + +2007-11-14: Jason Long + * lib/Mail/DKIM/Verifier.pm: for DomainKeys signatures, use the message + sender as the identity + * lib/Mail/DKIM/DkSignature.pm: allow verifier to supply the signing + identity + * lib/Mail/DKIM/Verifier.pm, PublicKey.pm: hack for allowing + DomainKeys signatures to use public keys with empty g= tags + +2007-11-14: Jason Long + * lib/Mail/DKIM/Verifier.pm, Signer.pm: update documentation for + message_sender() and message_originator() methods, which are now + guaranteed to return an object + * lib/Mail/DKIM/Common.pm (message_sender, message_originator): + always return a Mail::Address object, even if the relevant headers + were not found + * t/corpus/dk_headers_2.txt renamed to bad_dk_2.txt: it turns out this + message should've been failing all along, since the Sender header + doesn't match the domain of the signature + * lib/Mail/DKIM/Verifier.pm: slight change to the "unsupported version" + detail message (don't want nested parenthesis) + +2007-11-14: Jason Long + * t/corpus/goodkey_4.txt: tests signature with i=a@b, public key implied g= + * lib/Mail/DKIM/PublicKey.pm (check_granularity): fixed broken + ends-with check, reported by Mark Martinec + * t/corpus/good_dk_3.txt, good_dk_4.txt, good_dk_5.txt: + these files test DomainKeys signatures with g= values in the public keys + * t/corpus/bad_dk_1.txt: this one should fail, since the signature + domain does not match the From/Sender header + * scripts/dkimsign.pl: added option to override signature's d= tag + * t/corpus/badkey_11.txt: tests a valid, but unmatched h= in public key + +2007-11-08: Jason Long + * lib/Mail/DKIM/Canonicalization/relaxed.pm, + lib/Mail/DKIM/Canonicalization/nowsp.pm, + lib/Mail/DKIM/Canonicalization/DkCommon.pm, + lib/Mail/DKIM/Canonicalization/dk_simple.pm, + lib/Mail/DKIM/Canonicalization/simple.pm, + lib/Mail/DKIM/Canonicalization/dk_nofws.pm, + lib/Mail/DKIM/Canonicalization/DkimCommon.pm, + lib/Mail/DKIM/MessageParser.pm: + more speed-up optimizations by Mark Martinec, now multiple lines + at once can be fed into the canonicalization bits + +2007-11-08: Jason Long + * Makefile.PL, others: version bump to 0.30 + +2007-11-08: Jason Long + * lib/Mail/DKIM/Signature.pm: minor doc edit + * scripts/dkimsign.pl: generate "pretty" signatures; + die on unrecognized signature type + +2007-11-07: Jason Long + * lib/Mail/DKIM/Algorithm/Base.pm: cleanup (delete commented-out code) + * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm (finish_message): fix bug + where DomainKeys signatures were not "pretty", + reported by Byung-Hee HWANG. + +2007-11-07: Jason Long + * lib/Mail/DKIM/Signature.pm: allow Timestamp to be specified to new() + * lib/Mail/DKIM/Signer.pm: allow Timestamp to be specified to new(), + requested by Mark Martinec + * t/signer.t: test timestamp creation + +2007-11-06: Jason Long + * lib/Mail/DKIM/Canonicalization/simple.pm, + lib/Mail/DKIM/Canonicalization/Base.pm, + lib/Mail/DKIM/MessageParser.pm: speedup optimizations contributed + by Mark Martinec. + * lib/Mail/DKIM/Canonicalization/dk_simple,pm + lib/Mail/DKIM/Canonicalization/relaxed.pm: more speed up optimizations + by Mark Martinec. + + -- VERSION 0.29 -- + +2007-11-07: Jason Long + * lib/Mail/DKIM/Verifier.pm: signatures() is now public + +2007-10-30: Jason Long + * t/corpus/good_rfc4871_3.txt: to test extra tags in signature + * scripts/dkimsign.pl: allow user to specify arbitrary extra tags for + putting in the signature + * lib/Mail/DKIM/MessageParser.pm: make "not implemented" messages + more helpful + * t/corpus/badkey_10.txt: to test key with t=s + * lib/Mail/DKIM/Verifier.pm: allow check_granularity() to return different + detail messages; describe two additional result_detail possibilities + * lib/Mail/DKIM/PublicKey.pm (check_granularity): check for empty g= value; + check for subdomain usage; + (subdomain_flag): helper method to look for "s" in flags + (flags): return default value if no t= tag + +2007-10-26: Jason Long + * t/corpus/badkey_9.txt: to test empty g= in selector + * t/corpus/ignore_8.txt: to test bad i= value in signature + * lib/Mail/DKIM/Verifier.pm: check signature identity value + +2007-10-24: Jason Long + * t/corpus/badkey_8.txt, ignore_5.txt, ignore_6.txt: fix signature so + it would verify if not for the flaw in the public key + * scripts/dkimsign.pl: allow key protocol to be specified on command + line + * lib/Mail/DKIM/Verifier.pm: update documentation on possible error + codes + * lib/Mail/DKIM/PublicKey.pm: cleanup error code + +2007-10-24: Jason Long + * t/corpus/badkey_*.txt: changed subjects to indicate which test it is + * t/corpus/badkey_7.txt, badkey_8.txt, goodkey_1.txt, goodkey_2.txt, + goodkey_3.txt: additional tests of public key features + * t/corpus/verifier.t: test the new test messages + * lib/Mail/DKIM/Verifier.pm (check_public_key): check key granularity + and report the problem if it doesn't match + * lib/Mail/DKIM/PublicKey.pm (check_granularity): a method for testing + the granularity + (granularity): return the default value of '*' if g= not defined + * scripts/dkimsign.pl: ability to set i= tag from command-line + +2007-10-24: Jason Long + * lib/Mail/DKIM/Verifier.pm (check_signature): do signature version check + here + (finish_header): report invalid signature details to the signature + object + (signatures): return all parsed signatures, not just "valid" signatures + * lib/Mail/DKIM/Signature.pm: some misc. cleanup + (check_version): version check is now a separate method, rather than + being part of parse() + * lib/Mail/DKIM/DkSignature.pm (check_version): always true + * t/corpus/multiple_2.txt: a message testing multiple signatures with + different results + * t/verifier.t: verify that each signature's results are available and + correct + +2007-10-24: Jason Long + * t/corpus/ignore_7.txt: a message with an expired signature + * lib/Mail/DKIM/Signature.pm: recognize Expiration as a parameter + * scripts/dkimsign.pl: make it possible to create a signature with an + x= tag + * t/verifier.t: test ignore_7.txt message, should "ignore" + * lib/Mail/DKIM/Verifier.pm: check signature expiration when verifying + * lib/Mail/DKIM/Signature.pm (check_expiration): new method + +2007-10-08: Jason Long + * lib/Mail/DKIM/Signer.pm: use "Key" property instead of "private" to + store the private key; new methods key() and key_file(); allow each + signature to have its own private key + * t/signer_policy.t: test specifying a key file in a policy + +2007-10-04: Jason Long + * lib/Mail/DKIM/MessageParser.pm: return nonzero for PRINT and CLOSE + * lib/Mail/DKIM/DkSignature.pm: make expiration() for DomainKey-Signature + behave more compatibly with expiration() for DKIM-Signature + * lib/Mail/DKIM/Verifier.pm: remove dependency on Error module + * README: what I'm interested in if make test fails + * lib/Mail/DKIM/Signer.pm: fix bug reported by dairiki, who noticed that + the Signer class ignored the signature-specified algorithm when + building the algorithm object + * scripts/dkimsign.pl: update POD a bit + * scripts/dkimverify.pl: add POD + * lib/Mail/DKIM/Canonicalization/Base.pm, Algorithm/Base.pm: + add see also, author, copyright sections to POD + * lib/Mail/DKIM/Algorithm/rsa_sha1.pm, rsa_sha256.pm: remove useless pod + * ...and others...: inline documentation (POD) cleanup + +2007-10-03: Jason Long + * lib/Mail/DKIM/Canonicalization/DkCommon.pm: attempt at making the + header handling algorithm easier to understand + * t/signer.t: test case for unreadable private key + * lib/Mail/DKIM/PrivateKey.pm: die if unable to open private key file + * lib/Mail/DKIM/Signer.pm: no more need for a separate existance check + on the private key filename + * lib/Mail/DKIM/Signature.pm: allow Identity to be specified in new() + * lib/Mail/DKIM/Signer.pm: allow Identity to be specified in new() + * t/signer.t: test that specifying Identity works + +2007-10-02: Jason Long + * lib/Mail/DKIM/Canonicalization/DkCommon.pm: there are some varying + opinions about how to verify DomainKey-signed messages when there is + an h= tag and the headers are in a different order... this is an + attempt at making our verifier more compatible with other + implementations + * dk_headers.txt: some notes on multiple-occuring headers + +2007-09-06: Jason Long + * lib/Mail/DKIM/Policy.pm (get_lookup_name): new method that determines + the name of the record to lookup + * lib/Mail/DKIM/DkimPolicy.pm: no longer need to override fetch(), now + it just overrides get_lookup_name() + + -- VERSION 0.28 -- + 2007-07-31: Jason Long * Makefile.PL: OpenSSL 0.23 segfaults on certain signatures, so the requirement is now Crypt::OpenSSL::RSA 0.24 or better diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/Changes /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/Changes --- libmail-dkim-perl-0.28/Changes 2007-07-31 21:42:30.000000000 +0100 +++ libmail-dkim-perl-0.33/Changes 2009-03-10 14:46:58.000000000 +0000 @@ -1,7 +1,90 @@ This file summarizes what's changed between releases of Mail-DKIM. See the ChangeLog file for the details. -Version 0.28 +Version 0.33 + + since 0.32_5 + + * bugfixes: + * signature wrapping was still messed up, hopefully all bugs fixed + now + + since 0.32 + + * bugfixes: + * signature wrapping would sometimes cause improper preparation of + DKIM signatures, with "simple" canonicalization (issue #2257046) + * test scripts: + * the included corpus is now verified using a fake-DNS resolver, + which means the test corpus can validate even when your DNS + servers are really slow + + +Version 0.32 - released 2008-06-03 + + * removed requirement for Digest::SHA1 (issue #1832549). + We now use the more capable Digest::SHA module for SHA-1 and SHA-256. + * bugfixes: + * granularity checking should be case-sensitive (issue #1938112). + * identity tag now uses quoted-printable encoding (issue #1839015). + * API improvement: + * implemented identity_source() for DkSignature objects + + +Version 0.31 - released 2008-04-14 + + * some error detail messages were changed (see ChangeLog, 2008-01-10 entry) + * by default, and when possible, DKIM signatures now omit c= and q= tags + (they are optional tags) (issue #1878518) + * DKIM and DomainKey signatures are now wrapped so that line breaks + occur before colon (':') separators instead of after; this avoids + confusing some broken MUAs (issue #1868648) + * bugfixes: + * "undef value" error when DKIM signature appears at end of header + (issue #1878954) + * use proper regexp for splitting email address (issue #1878994) + * API improvements: + * can specify a domain for fetch_author_policy() (issue #1879197) + * can access a signature's public-key object (issue #1879215) + * can specify an OpenSSL-private-key object for PrivateKey->new() + (issue #1879209) + + +Version 0.30.1 - released 2008-01-24 + + * bugfix: + * email from cisco.com was failing to verify (issue #1878523) + + +Version 0.30 - released 2008-01-10 + + * includes speed-up optimizations by Mark Martinec + * DomainKeys, implement proper identity matching... + a DomainKey-Signature's domain should match the From/Sender address + * several more test cases + * API improvements: + * accept additional arguments when creating Signer/Signature + * bugfixes: + * DomainKey-Signature headers were not "prettified" + * granularity ending with '*' was not checked correctly + * DomainKey-Signature granularity was checked against the wrong value + + +Version 0.29 - released 2007-11-08 + + * verifiers can now access all parsed signatures and their results, + not just signatures that were fully tested + * signer policies can now specify what private key file to use + * some other minor API improvements + * bugfixes: + * for DomainKeys signatures, fixed a compatibility issue handling + the h= tag + * for DKIM, signature expirations had been ignored + * for DKIM, signature identities did not have to match the domain + * for DKIM, public key granularity field had been ignored + + +Version 0.28 - released 2007-07-31 * fixed a bug with line-wrapping a signature at the wrong place diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/debian/changelog /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/debian/changelog --- libmail-dkim-perl-0.28/debian/changelog 2009-06-15 22:36:08.000000000 +0100 +++ libmail-dkim-perl-0.33/debian/changelog 2009-06-15 22:36:08.000000000 +0100 @@ -1,3 +1,51 @@ +libmail-dkim-perl (0.33-1~hardy1) hardy-backports; urgency=low + + * Direct source backport. + + -- Michael Jeanson Mon, 15 Jun 2009 17:19:30 -0400 + +libmail-dkim-perl (0.33-1) unstable; urgency=low + + * New upstream release (Closes: #519151). + * Bumped Standards-Version to 3.8.0. No changes needed. + * debian/rules: Fix target dependencies, skip unnecessary Debhelper + calls, and delete severely incomplete Mail::DKIM::PublicKey(3pm) + manpage that Lintian complains about. + + -- Magnus Holmgren Tue, 10 Mar 2009 23:22:33 +0100 + +libmail-dkim-perl (0.32-1) unstable; urgency=low + + * New upstream release. + - No longer depends on libdigest-sha1-perl. + + -- Magnus Holmgren Sat, 07 Jun 2008 15:38:48 +0200 + +libmail-dkim-perl (0.31-1) unstable; urgency=low + + * New upstream release (Closes: 476908). + * Change debian/watch to use search.cpan.org only. + * New maintainer email address. + * Increase minimum version of libcrypt-openssl-rsa-perl to 0.24 (should + have done that at version 0.28 of this package). + + -- Magnus Holmgren Sun, 20 Apr 2008 18:08:09 +0200 + +libmail-dkim-perl (0.30.1-1) unstable; urgency=low + + * New upstream release (Closes: #470650). + + -- Magnus Holmgren Wed, 12 Mar 2008 18:47:28 +0100 + +libmail-dkim-perl (0.29-1) unstable; urgency=low + + * New upstream release. + * Bump Standards-Version to 3.7.3. + * Upstream homepage moved to SourceForge. + * Change XS-Vcs-* fields to just Vcs-*. + + -- Magnus Holmgren Sun, 23 Dec 2007 13:51:28 +0100 + libmail-dkim-perl (0.28-2) unstable; urgency=low * Skip 'make realclean' if Makefile does not exist, and do not ignore diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/debian/control /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/debian/control --- libmail-dkim-perl-0.28/debian/control 2009-06-15 22:36:08.000000000 +0100 +++ libmail-dkim-perl-0.33/debian/control 2009-06-15 22:36:08.000000000 +0100 @@ -1,21 +1,21 @@ Source: libmail-dkim-perl Section: perl Priority: optional -Maintainer: Magnus Holmgren +Maintainer: Magnus Holmgren Build-Depends: debhelper (>= 5) Build-Depends-Indep: perl (>= 5.6.0-16), liberror-perl, - libnet-dns-perl, libmailtools-perl, libdigest-sha1-perl, - libdigest-sha-perl, libcrypt-openssl-rsa-perl (>= 0.22) -Standards-Version: 3.7.2 -XS-Vcs-Svn: svn://svn.kibibyte.se/libmail-dkim-perl/trunk -XS-Vcs-Browser: http://svn.kibibyte.se/libmail-dkim-perl -Homepage: http://jason.long.name/dkimproxy/ + libnet-dns-perl, libmailtools-perl, + libdigest-sha-perl, libcrypt-openssl-rsa-perl (>= 0.24) +Standards-Version: 3.8.0 +Vcs-Svn: svn://svn.kibibyte.se/libmail-dkim-perl/trunk +Vcs-Browser: http://svn.kibibyte.se/libmail-dkim-perl +Homepage: http://dkimproxy.sourceforge.net Package: libmail-dkim-perl Architecture: all -Depends: ${perl:Depends}, liberror-perl, libdigest-sha1-perl, +Depends: ${perl:Depends}, liberror-perl, libdigest-sha-perl, libmailtools-perl, libnet-dns-perl, - libcrypt-openssl-rsa-perl (>= 0.22) + libcrypt-openssl-rsa-perl (>= 0.24) Description: cryptographically identify the sender of email - perl library RFC 4871, DomainKeys Identified Mail (DKIM), defines a domain-level authentication framework for email using public-key cryptography and diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/debian/copyright /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/debian/copyright --- libmail-dkim-perl-0.28/debian/copyright 2009-06-15 22:36:08.000000000 +0100 +++ libmail-dkim-perl-0.33/debian/copyright 2009-06-15 22:36:08.000000000 +0100 @@ -1,4 +1,4 @@ -This package was debianized by Magnus Holmgren on +This package was debianized by Magnus Holmgren on Wed, 12 Jul 2006 20:22:49 +0200. It was downloaded from @@ -18,5 +18,5 @@ Public License can be found in `/usr/share/common-licenses/GPL' and the Artistic Licence in `/usr/share/common-licenses/Artistic'. -The Debian packaging is (C) 2006 Magnus Holmgren and +The Debian packaging is (C) 2006 Magnus Holmgren and is also licensed under the above terms. diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/debian/rules /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/debian/rules --- libmail-dkim-perl-0.28/debian/rules 2009-06-15 22:36:08.000000000 +0100 +++ libmail-dkim-perl-0.33/debian/rules 2009-06-15 22:36:08.000000000 +0100 @@ -19,7 +19,7 @@ $(PERL) Makefile.PL INSTALLDIRS=vendor $(MAKE) - $(MAKE) test || true + -$(MAKE) test touch build-stamp clean: @@ -31,32 +31,29 @@ dh_clean -install: +install: build-stamp dh_testdir dh_testroot dh_clean -k - dh_installdirs $(MAKE) install DESTDIR=$(TMP)/ + rm -f $(TMP)/usr/share/man/man3/Mail::DKIM::PublicKey.3pm # Remove any empty directories find $(TMP)/usr -depth -type d -empty -exec rmdir '{}' ';' # Build architecture-dependent files here. binary-arch: - dh_testdir - touch debian/files # We have nothing to do by default. # Build architecture-independent files here. -binary-indep: build install +binary-indep: install dh_testdir dh_testroot dh_installdocs - dh_installman dh_installchangelogs -k ChangeLog dh_link - dh_compress usr/share/doc/$(PACKAGE)/Changes + dh_compress dh_fixperms dh_installdeb dh_perl diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/debian/watch /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/debian/watch --- libmail-dkim-perl-0.28/debian/watch 2009-06-15 22:36:08.000000000 +0100 +++ libmail-dkim-perl-0.33/debian/watch 2009-06-15 22:36:08.000000000 +0100 @@ -1,4 +1,3 @@ version=3 -http://jason.long.name/dkimproxy/Mail-DKIM-([\d.]+).tar.gz -ftp://ftp.sunet.se/pub/lang/perl/CPAN/modules/by-module/Mail/Mail-DKIM-([\d.]+).tar.gz +http://search.cpan.org/CPAN/modules/by-module/Mail/Mail-DKIM-([\d.]+).tar.gz diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/Base.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/Base.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/Base.pm 2007-05-01 19:20:40.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/Base.pm 2009-03-10 14:46:58.000000000 +0000 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright 2005-2006 Messiah College. All rights reserved. +# Copyright 2005-2007 Messiah College. All rights reserved. # Jason Long # Copyright (c) 2004 Anthony D. Urso. All rights reserved. @@ -186,6 +186,10 @@ { my $self = shift; + # The body_hash value is set in finish_message(), if we're operating + # from a version of the DKIM spec that uses the bh= tag. Otherwise, + # the signature shouldn't have a bh= tag to check. + if ($self->{body_hash}) { my $body_hash = $self->{body_hash}; @@ -206,7 +210,10 @@ sub finish_message { my $self = shift; -# $self->{canon}->finish_message; + + # DKIM requires the signature itself to be committed into the digest. + # But first, we need to set the bh= tag on the signature, then + # "prettify" it. if ($self->{draft_version} eq "01") { @@ -216,11 +223,6 @@ $self->{Signature}->body_hash( encode_base64($self->{body_hash}, "")); } - # else - # { - # print STDERR "verify: body hash is " - # . encode_base64($self->{body_hash}, "") . "\n"; - # } } if ($self->{mode} eq "sign") @@ -237,7 +239,6 @@ } $self->{canon}->output($canonicalized); - #$self->{header_digest}->add($canonicalized); } =head2 sign() - generates a signature using a private key @@ -288,3 +289,23 @@ } 1; + +__END__ + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2005-2007 by Messiah College + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,7 +18,32 @@ use base "Mail::DKIM::Algorithm::Base"; use Carp; use MIME::Base64; -use Digest::SHA1; +use Digest::SHA; + +sub finish_header +{ + my $self = shift; + $self->SUPER::finish_header(@_); + + if ((my $s = $self->signature) + && $self->{canon}->{interesting_header}) + { + my $sender = $self->{canon}->{interesting_header}->{sender}; + $sender = defined($sender) && (Mail::Address->parse($sender))[0]; + my $author = $self->{canon}->{interesting_header}->{from}; + $author = defined($author) && (Mail::Address->parse($author))[0]; + + if ($sender) + { + $s->init_identity($sender->address, "header.sender"); + } + elsif ($author) + { + $s->init_identity($author->address, "header.from"); + } + } + return; +} sub get_canonicalization_class { @@ -58,7 +83,7 @@ my $self = shift; # initialize a SHA-1 Digest - $self->{header_digest} = new Digest::SHA1; + $self->{header_digest} = Digest::SHA->new(1); $self->{body_digest} = $self->{header_digest}; } @@ -89,6 +114,20 @@ sub finish_message { + my $self = shift; + + # DomainKeys doesn't include the signature in the digest, + # but we still want it to look "pretty" :). + + if ($self->{mode} eq "sign") + { + $self->{Signature}->prettify; + } +} + +sub wants_pre_signature_headers +{ + return 0; } 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/rsa_sha1.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/rsa_sha1.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/rsa_sha1.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/rsa_sha1.pm 2009-03-10 14:46:58.000000000 +0000 @@ -16,17 +16,17 @@ use base "Mail::DKIM::Algorithm::Base"; use Carp; use MIME::Base64; -use Digest::SHA1; +use Digest::SHA; sub init_digests { my $self = shift; # initialize a SHA-1 Digest - $self->{header_digest} = new Digest::SHA1; + $self->{header_digest} = Digest::SHA->new(1); if ($self->{draft_version} eq "01") { - $self->{body_digest} = new Digest::SHA1; + $self->{body_digest} = Digest::SHA->new(1); } else { @@ -60,26 +60,9 @@ return $self->check_body_hash; } -1; - -__END__ - -=head1 NAME - -Mail::DKIM::Algorithm::rsa_sha1 - implements the rsa-sha1 signing algorithm for DKIM - -=head1 CONSTRUCTOR - -=head2 new() - create an object for the DKIM signing algorithm "rsa-sha1" - - my $algorithm = new Mail::DKIM::Algorithm::rsa_sha1( - Signature => $dkim_signature - ); - -=head1 METHODS - -See Mail::DKIM::Algorithm::Base for the full list of methods supported -by this algorithm class. - -=cut +sub wants_pre_signature_headers +{ + return 1; +} +1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/rsa_sha256.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/rsa_sha256.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Algorithm/rsa_sha256.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Algorithm/rsa_sha256.pm 2009-03-10 14:46:58.000000000 +0000 @@ -60,26 +60,9 @@ return $self->check_body_hash; } -1; - -__END__ - -=head1 NAME - -Mail::DKIM::Algorithm::rsa_sha256 - implements the rsa-sha256 signing algorithm for DKIM - -=head1 CONSTRUCTOR - -=head2 new() - create an object for the DKIM signing algorithm "rsa-sha256" - - my $algorithm = new Mail::DKIM::Algorithm::rsa_sha256( - Signature => $dkim_signature - ); - -=head1 METHODS - -See Mail::DKIM::Algorithm::Base for the full list of methods supported -by this algorithm class. - -=cut +sub wants_pre_signature_headers +{ + return 1; +} +1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/Base.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/Base.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/Base.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/Base.pm 2008-08-25 23:10:09.000000000 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright 2005 Messiah College. All rights reserved. +# Copyright 2005-2007 Messiah College. All rights reserved. # Jason Long # Copyright (c) 2004 Anthony D. Urso. All rights reserved. @@ -36,24 +36,24 @@ sub output { my $self = shift; - my ($output) = @_; + # my ($output) = @_; # optimized away for speed my $out_fh = $self->{output_fh}; if ($out_fh) { - print $out_fh $output; + print $out_fh @_; } if (my $digest = $self->{output_digest}) { - $digest->add($output); + $digest->add(@_); } if (my $out_obj = $self->{output}) { - $out_obj->PRINT($output); + $out_obj->PRINT(@_); } if (my $buffer = $self->{buffer}) { - ${$self->{buffer}} .= $output; + ${$self->{buffer}} .= $_[0]; } # this supports Debug_Canonicalization @@ -61,15 +61,15 @@ { if (UNIVERSAL::isa($debug, "SCALAR")) { - $$debug .= $output; + $$debug .= $_[0]; } elsif (UNIVERSAL::isa($debug, "GLOB")) { - print $debug $output; + print $debug @_; } elsif (UNIVERSAL::isa($debug, "IO::Handle")) { - $debug->print($output); + $debug->print(@_); } } } @@ -101,7 +101,7 @@ # add body $method->add_body("This is the body.\015\012"); - $method->add_body("Another line of the body.\015\012"); + $method->add_body("Another two lines\015\012of the body.\015\012"); $method->finish_body; # this adds the signature to the end @@ -153,9 +153,10 @@ =head2 add_body() - feeds part of the body into the canonicalization $method->add_body("This is the body.\015\012"); - $method->add_body("Another line of the body.\015\012"); + $method->add_body("Another two lines\015\012of the body.\015\012"); -The body should be fed one "line" at a time. +The body should be fed one or more "lines" at a time. +I.e. do not feed part of a line. =head2 result() @@ -165,4 +166,20 @@ result of the canonicalization is stored in the canonicalization method itself, and can be accessed using this method. +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2007 by Messiah College + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + =cut diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/DkCommon.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/DkCommon.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/DkCommon.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/DkCommon.pm 2008-08-12 17:03:41.000000000 +0100 @@ -13,6 +13,15 @@ use base "Mail::DKIM::Canonicalization::Base"; use Carp; +sub init +{ + my $self = shift; + $self->SUPER::init; + + $self->{myheaders} = []; +} + +# similar to code in DkimCommon.pm sub add_header { my $self = shift; @@ -20,41 +29,97 @@ #croak "header parse error \"$line\"" unless ($line =~ /:/); - if ($line =~ /^domainkey-signature:/i) - { - # DomainKeys never includes headers that precede the - # DomainKey-Signature header - $self->{myheaders} = []; - } - else - { - push @{$self->{myheaders}}, $self->canonicalize_header($line); - } + $line =~ s/\015\012\z//s; + push @{$self->{myheaders}}, + $self->canonicalize_header($line . "\015\012"); } sub finish_header { my $self = shift; - # check if signature specifies a list of headers - my @sigheaders = $self->{Signature}->headerlist; + # RFC4870, 3.3: + # h = A colon-separated list of header field names that identify the + # headers presented to the signing algorithm. If present, the + # value MUST contain the complete list of headers in the order + # presented to the signing algorithm. + # + # In the presence of duplicate headers, a signer may include + # duplicate entries in the list of headers in this tag. If a + # header is included in this list, a verifier must include all + # occurrences of that header, subsequent to the "DomainKey- + # Signature:" header in the verification. + # + # RFC4870, 3.4.2.1: + # * Each line of the email is presented to the signing algorithm in + # the order it occurs in the complete email, from the first line of + # the headers to the last line of the body. + # * If the "h" tag is used, only those header lines (and their + # continuation lines if any) added to the "h" tag list are included. - # iterate through each header, in the same order they appear in - # the message - foreach my $line (@{$self->{myheaders}}) + # check if signature specifies a list of headers + my @sig_header_names = $self->{Signature}->headerlist; + my @sig_headers; + if (@sig_header_names) { - if (@sigheaders) + # - first, group all header fields with the same name together + # (using a hash of arrays) + my %heads; + foreach my $line (@{$self->{myheaders}}) + { + next unless $line =~ /^([^\s:]+)\s*:/; + my $field_name = lc $1; + + $heads{$field_name} ||= []; + push @{$heads{$field_name}}, $line; + } + # - second, count how many times each header field name appears + # in the h= tag + my %counts; + foreach my $field_name (@sig_header_names) { - # if signature specifies a list of headers, we filter the - # canonicalized headers according to headers that are named - # in the signature + $heads{lc $field_name} ||= []; + $counts{lc $field_name}++; + } - my $field_name = ""; - if ($line =~ /^([^\s:]+)\s*:/) + # - finally, working backwards through the h= tag, + # collect the headers we will be signing (last to first). + # Normally, one occurrence of a name in the h= tag + # correlates to one occurrence of that header being presented + # to canonicalization, but if (working backwards) we are + # at the first occurrence of that name, and there are + # multiple headers of that name, then put them all in. + # + while (my $field_name = pop @sig_header_names) + { + $counts{lc $field_name}--; + if ($counts{lc $field_name} > 0) { - $field_name = lc $1; + # this field is named more than once in the h= tag, + # so only take the last occuring of that header + my $line = pop @{$heads{lc $field_name}}; + unshift @sig_headers, $line if defined $line; } - next unless (grep {lc($_) eq $field_name} @sigheaders); + else + { + unshift @sig_headers, @{$heads{lc $field_name}}; + $heads{lc $field_name} = []; + } + } + } + else + { + @sig_headers = @{$self->{myheaders}}; + } + + # iterate through each header, in the order determined above + foreach my $line (@sig_headers) + { + if ($line =~ /^(from|sender)\s*:(.*)$/i) + { + my $field = $1; + my $content = $2; + $self->{interesting_header}->{lc $field} = $content; } $self->output($line); } @@ -65,9 +130,9 @@ sub add_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; - $self->output($self->canonicalize_body($line)); + $self->output($self->canonicalize_body($multiline)); } sub finish_body diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/DkimCommon.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/DkimCommon.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/DkimCommon.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/DkimCommon.pm 2009-03-10 14:46:58.000000000 +0000 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright 2005 Messiah College. All rights reserved. +# Copyright 2005-2007 Messiah College. All rights reserved. # Jason Long # Copyright (c) 2004 Anthony D. Urso. All rights reserved. @@ -21,12 +21,14 @@ $self->{body_count} = 0; $self->{body_truncated} = 0; + $self->{myheaders} = []; # these canonicalization methods require signature to use $self->{Signature} or croak "no signature specified"; } +# similar to code in DkCommon.pm sub add_header { my $self = shift; @@ -48,7 +50,7 @@ # the headers will be canonicalized in reverse order (i.e. "from # the bottom of the header field block to the top"). # - # This is described in 5.4 of draft-allman-dkim-base-01. + # This is described in 5.4 of RFC4871. # Since the bottom-most headers are to get precedence, we reverse # the headers here... (now the first header matching a particular @@ -100,24 +102,25 @@ sub add_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; - $line = $self->canonicalize_body($line); + $multiline = $self->canonicalize_body($multiline); if ($self->{Signature}) { if (my $limit = $self->{Signature}->body_count) { my $remaining = $limit - $self->{body_count}; - if (length($line) > $remaining) + if (length($multiline) > $remaining) { - $self->{body_truncated} += length($line) - $remaining; - $line = substr($line, 0, $remaining); + $self->{body_truncated} += + length($multiline) - $remaining; + $multiline = substr($multiline, 0, $remaining); } } } - $self->{body_count} += length($line); - $self->output($line); + $self->{body_count} += length($multiline); + $self->output($multiline); } sub finish_body diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/dk_nofws.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/dk_nofws.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/dk_nofws.pm 2006-11-13 14:56:24.000000000 +0000 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/dk_nofws.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,17 +18,19 @@ my $self = shift; my ($line) = @_; - $line =~ s/[\t\n\r\ ]//g; + $line =~ s/[ \t\015\012]//g; return $self->SUPER::canonicalize_header($line . "\015\012"); } sub canonicalize_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; - $line =~ s/[\t\n\r\ ]//g; - return $self->SUPER::canonicalize_body($line . "\015\012"); + $multiline =~ s/[ \t]//g; + $multiline =~ s/\015(?!\012)//g; # standalone CR + $multiline =~ s/([^\015])\012/$1/g; # standalone LF + return $self->SUPER::canonicalize_body($multiline); } 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/dk_simple.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/dk_simple.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/dk_simple.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/dk_simple.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,7 +18,7 @@ my $self = shift; $self->SUPER::init; - $self->{canonicalize_body_buf} = ""; + $self->{canonicalize_body_empty_lines} = 0; } sub canonicalize_header @@ -33,26 +33,33 @@ sub canonicalize_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; # ignore empty lines at the end of the message body - # # (i.e. do not emit empty lines until a following nonempty line # is found) # - if ($line eq "\015\012") - { - $self->{canonicalize_body_buf} .= $line; - $line = ""; + my $empty_lines = $self->{canonicalize_body_empty_lines}; + + if ( $multiline =~ s/^((?:\015\012)+)// ) + { # count & strip leading empty lines + $empty_lines += length($1)/2; } - else - { - $line = $self->{canonicalize_body_buf} . $line; - $self->{canonicalize_body_buf} = ""; + + if ($empty_lines > 0 && length($multiline) > 0) + { # re-insert leading white if any nonempty lines exist + $multiline = ("\015\012" x $empty_lines) . $multiline; + $empty_lines = 0; } - return $line; + if ($multiline =~ s/((?:\015\012){2,})\z/\015\012/) + { # count & strip trailing empty lines + $empty_lines += length($1)/2 - 1; + } + + $self->{canonicalize_body_empty_lines} = $empty_lines; + return $multiline; } 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/nowsp.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/nowsp.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/nowsp.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/nowsp.pm 2008-08-12 17:03:41.000000000 +0100 @@ -20,7 +20,7 @@ my ($line) = @_; # remove all whitespace - $line =~ s/[\t\n\r\ ]//g; + $line =~ s/[ \t\015\012]//g; if ($line =~ /^([^:]+):(.*)$/) { @@ -34,10 +34,10 @@ sub canonicalize_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; - $line =~ s/[\t\n\r\ ]//g; - return $line; + $multiline =~ s/[ \t\015\012]//g; + return $multiline; } sub finish_body diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/relaxed.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/relaxed.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/relaxed.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/relaxed.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,7 +18,7 @@ my $self = shift; $self->SUPER::init; - $self->{canonicalize_body_buf} = ""; + $self->{canonicalize_body_empty_lines} = 0; } sub canonicalize_header @@ -66,40 +66,49 @@ sub canonicalize_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; - $line =~ s/\015\012\z//s; + $multiline =~ s/\015\012\z//s; # # step 1: ignore all white space at the end of lines # - $line =~ s/[ \t]+$//; + $multiline =~ s/[ \t]+(?=\015\012|\z)//g; # # step 2: reduce all sequences of WSP within a line to a single # SP character # - $line =~ s/[ \t]+/ /g; + $multiline =~ s/[ \t]+/ /g; - $line .= "\015\012"; + $multiline .= "\015\012"; # - # step 3: ignore empty lines at the end of the message bode + # step 3: ignore empty lines at the end of the message body # (i.e. do not emit empty lines until a following nonempty line # is found) # - if ($line eq "\015\012") - { - $self->{canonicalize_body_buf} .= $line; - $line = ""; + + my $empty_lines = $self->{canonicalize_body_empty_lines}; + + if ( $multiline =~ s/^((?:\015\012)+)// ) + { # count & strip leading empty lines + $empty_lines += length($1)/2; } - else - { - $line = $self->{canonicalize_body_buf} . $line; - $self->{canonicalize_body_buf} = ""; + + if ($empty_lines > 0 && length($multiline) > 0) + { # re-insert leading white if any nonempty lines exist + $multiline = ("\015\012" x $empty_lines) . $multiline; + $empty_lines = 0; + } + + if ($multiline =~ s/((?:\015\012){2,})\z/\015\012/) + { # count & strip trailing empty lines + $empty_lines += length($1)/2 - 1; } - return $line; + $self->{canonicalize_body_empty_lines} = $empty_lines; + return $multiline; } 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/simple.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/simple.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Canonicalization/simple.pm 2007-02-21 21:51:11.000000000 +0000 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Canonicalization/simple.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,7 +18,7 @@ my $self = shift; $self->SUPER::init; - $self->{canonicalize_body_buf} = ""; + $self->{canonicalize_body_empty_lines} = 0; } sub canonicalize_header @@ -39,7 +39,7 @@ sub canonicalize_body { my $self = shift; - my ($line) = @_; + my ($multiline) = @_; # # draft-allman-dkim-base-01.txt, section 3.4.3: @@ -51,19 +51,30 @@ # (i.e. do not emit empty lines until a following nonempty line # is found) # - if ($line eq "\015\012") - { - $self->{canonicalize_body_buf} .= $line; - $line = ""; + my $empty_lines = $self->{canonicalize_body_empty_lines}; + + if ( $multiline =~ s/^((?:\015\012)+)// ) + { # count & strip leading empty lines + $empty_lines += length($1)/2; } - else + + if (length($multiline) > 0) { - $line = $self->{canonicalize_body_buf} . $line; - $self->{canonicalize_body_buf} = ""; $self->{canonicalize_body_started} = 1; + if ($empty_lines > 0) + { # re-insert leading white if any nonempty lines exist + $multiline = ("\015\012" x $empty_lines) . $multiline; + $empty_lines = 0; + } } - return $line; + if ($multiline =~ s/((?:\015\012){2,})\z/\015\012/) + { # count & strip trailing empty lines + $empty_lines += length($1)/2 - 1; + } + + $self->{canonicalize_body_empty_lines} = $empty_lines; + return $multiline; } sub finish_body diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Common.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Common.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Common.pm 2007-07-31 21:41:22.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Common.pm 2008-11-19 18:34:03.000000000 +0000 @@ -15,7 +15,7 @@ package Mail::DKIM::Common; use base "Mail::DKIM::MessageParser"; use Carp; -our $VERSION = '0.28'; +our $VERSION = 0.33; sub new { @@ -28,6 +28,11 @@ my $self = shift; my ($line) = @_; + foreach my $algorithm (@{$self->{algorithms}}) + { + $algorithm->add_header($line); + } + if ($line =~ /^([^:]+)\s*:(.*)/s) { my $field_name = lc $1; @@ -133,9 +138,9 @@ if ($self->{headers_by_name}->{from}) { my @list = Mail::Address->parse($self->{headers_by_name}->{from}); - return $list[0]; + return $list[0] if @list; } - return undef; + return Mail::Address->new; } sub message_sender @@ -146,14 +151,14 @@ if ($self->{headers_by_name}->{sender}) { my @list = Mail::Address->parse($self->{headers_by_name}->{sender}); - return $list[0]; + return $list[0] if @list; } if ($self->{headers_by_name}->{from}) { my @list = Mail::Address->parse($self->{headers_by_name}->{from}); - return $list[0]; + return $list[0] if @list; } - return undef; + return Mail::Address->new; } sub result diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/DkimPolicy.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/DkimPolicy.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/DkimPolicy.pm 2007-07-18 21:14:50.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/DkimPolicy.pm 2008-08-12 17:03:41.000000000 +0100 @@ -18,7 +18,7 @@ =head1 NAME -Mail::DKIM::DkimPolicy - implements DKIM Sender Signing Practices records +Mail::DKIM::DkimPolicy - represents a DKIM Sender Signing Practices record =head1 CONSTRUCTORS @@ -31,55 +31,27 @@ =cut -sub fetch +# get_lookup_name() - determine name of record to fetch +# +sub get_lookup_name { - my $class = shift; - my %prms = @_; + my $self = shift; + my ($prms) = @_; - ($prms{'Protocol'} eq "dns") - or die "invalid protocol '$prms{Protocol}'\n"; + # in DKIM, the record to fetch is determined based on the From header - if ($prms{Author} && !$prms{Domain}) + if ($prms->{Author} && !$prms->{Domain}) { - (undef, $prms{Domain}) = split(/\@/, $prms{Author}, 2); + $prms->{Domain} = ($prms->{Author} =~ /\@([^@]*)$/ and $1); } - unless ($prms{Domain}) + unless ($prms->{Domain}) { die "no domain to fetch policy for\n"; } # IETF seems poised to create policy records this way - my $host = "_policy._domainkey." . $prms{Domain}; - - # - # perform DNS query for domain policy... - # if the query takes too long, we should catch it and generate - # an error - # - my $resp = Mail::DKIM::DNS::query($host, "TXT"); - unless ($resp) - { - # no response => NXDOMAIN, use default policy - return $class->default; - } - - my $strn; - foreach my $ans ($resp->answer) { - next unless $ans->type eq "TXT"; - $strn = join "", $ans->char_str_list; - } - - unless ($strn) - { - # empty record found in DNS, use default policy - return $class->default; - } - - return $class->parse( - String => $strn, - Domain => $prms{Domain}, - ); + return "_policy._domainkey." . $prms->{Domain}; } =head2 new() - construct a default policy object @@ -148,7 +120,8 @@ foreach my $signature ($dkim->signatures) { - next if $signature->result ne "pass"; + # only valid/verified signatures are considered + next unless ($signature->result && $signature->result eq "pass"); my $oa = $dkim->message_originator->address; if ($signature->identity_matches($oa)) diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/DkSignature.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/DkSignature.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/DkSignature.pm 2007-02-19 21:09:02.000000000 +0000 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/DkSignature.pm 2008-11-19 18:34:03.000000000 +0000 @@ -19,7 +19,7 @@ =head1 NAME -Mail::DKIM::DkSignature - a DomainKeys signature header +Mail::DKIM::DkSignature - represents a DomainKeys-Signature header =head1 CONSTRUCTORS @@ -102,15 +102,6 @@ =cut -sub as_string -{ - my $self = shift; - - my $prefix = $self->{prefix} || "DomainKey-Signature:"; - - return $prefix . $self->Mail::DKIM::KeyValueList::as_string; -} - sub as_string_without_data { croak "as_string_without_data not implemented"; @@ -171,6 +162,11 @@ return lc($self->get_tag("c")) || "simple"; } +sub DEFAULT_PREFIX +{ + return "DomainKey-Signature:"; +} + =head2 domain() - get or set the domain (d=) field my $d = $signature->domain; # gets the domain value @@ -195,7 +191,9 @@ sub expiration { - croak "expiration not implemented"; + my $self = shift; + croak "cannot change expiration on " . ref($self) if @_; + return undef; } use MIME::Base64; @@ -224,6 +222,12 @@ return ($protocol eq "dns"); } +sub check_version +{ + #DomainKeys doesn't have a v= tag + return 1; +} + sub get_algorithm_class { my $self = shift; @@ -266,16 +270,59 @@ #sub headerlist # is in Signature.pm +=head2 identity() - get the signing identity + + my $i = $signature->identity; + +In DomainKey signatures, the signing identity is the first address +found in the Sender header or the From header. This field is +populated by the Verifier when processing a DomainKey signature. + +=cut + sub identity { my $self = shift; croak "cannot change identity on " . ref($self) if @_; - return "@" . $self->domain; + return $self->{dk_identity}; +} + +=head2 identity_source() - determine which header had the identity + + my $source = $signature->identity_source; + +If the message is being verified, this method will tell you which +of the message headers was used to determine the signature identity. +Possible values are "header.sender" and "header.from". + +=cut + +sub identity_source +{ + my $self = shift; + croak "unexpected argument" if @_; + return $self->{dk_identity_source}; +} + +# init_identity() - initialize the DomainKeys concept of identity +# +# The signing identity of a DomainKeys signature is the sender +# of the message itself, i.e. the address in the Sender/From header. +# The sender may not be known when the signature object is +# constructed (since the signature usually precedes the From/Sender +# header), so use this method when you have the From/Sender value. +# See also finish_header() in Mail::DKIM::Verifier. +# +sub init_identity +{ + my $self = shift; + $self->{dk_identity} = shift; + $self->{dk_identity_source} = shift; } sub method { - croak "method not implemented"; + croak "method not implemented (use canonicalization instead)"; } =head2 protocol() - get or set the query methods (q=) field @@ -323,4 +370,22 @@ croak "version not implemented"; } +=head1 SEE ALSO + +L for DKIM-Signature headers + +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2007 by Messiah College + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + +=cut + 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/DNS.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/DNS.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/DNS.pm 2007-07-06 21:44:00.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/DNS.pm 2008-11-19 18:34:03.000000000 +0000 @@ -6,11 +6,15 @@ use strict; use warnings; -# this class contains a method to perform asynchronous DNS queries +# This class contains a method to perform synchronous DNS queries. +# Hopefully some day it will have a method to perform +# asynchronous DNS queries. package Mail::DKIM::DNS; use Net::DNS; +# query- now returns a list of RR objects +# sub query { my ($domain, $type) = @_; @@ -44,7 +48,8 @@ alarm 0; #FIXME- restore previous alarm? die $E if $E; - return $resp; + return () if not $resp; + return grep { lc $_->type eq lc $type } $resp->answer; } 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/KeyValueList.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/KeyValueList.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/KeyValueList.pm 2007-07-31 21:36:31.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/KeyValueList.pm 2008-11-19 18:34:03.000000000 +0000 @@ -47,7 +47,7 @@ my ($tagname, $value) = split(/\s*=\s*/, $raw_tag, 2); unless (defined $value) { - die "key value list syntax error\n"; + die "syntax error\n"; } $tag->{name} = $tagname; @@ -160,20 +160,24 @@ { my $tagname = $tag->{name}; my $tagtype = $args{Tags}->{$tagname} || $args{Default} || ""; + + $wrap->{Break} = undef; + $wrap->{BreakBefore} = undef; + $did_first ? $wrap->add(";") : ($did_first = 1); + my ($raw_name, $raw_value) = split(/=/, $tag->{raw}, 2); unless ($args{PreserveNames}) { + $wrap->flush; #allow a break before the tag name $raw_name =~ s/^\s*/ /; $raw_name =~ s/\s+$//; } - - $wrap->{Break} = undef; - $did_first ? $wrap->add(";") : ($did_first = 1); $wrap->add($raw_name . "="); if ($tagtype eq "b64") { $raw_value =~ s/\s+//gs; #removes all whitespace + $wrap->flush; $wrap->{Break} = qr/./; } elsif ($tagtype eq "list") @@ -181,12 +185,15 @@ $raw_value =~ s/\s+/ /gs; #reduces any whitespace to single space $raw_value =~ s/^\s|\s$//g; #trims preceding/trailing spaces $raw_value =~ s/\s*:\s*/:/g; - $wrap->{Break} = qr/[\s:]/; + $wrap->flush; + $wrap->{Break} = qr/[\s]/; + $wrap->{BreakBefore} = qr/[:]/; } elsif ($tagtype eq "") { $raw_value =~ s/\s+/ /gs; #reduces any whitespace to single space $raw_value =~ s/^\s|\s$//g; #trims preceding/trailing spaces + $wrap->flush; $wrap->{Break} = qr/\s/; } $wrap->add($raw_value); diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/MessageParser.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/MessageParser.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/MessageParser.pm 2007-02-22 00:13:06.000000000 +0000 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/MessageParser.pm 2008-08-12 17:03:41.000000000 +0100 @@ -47,34 +47,39 @@ sub PRINT { my $self = shift; - my $buf = $self->{buf} . join("", @_); + my $buf = $self->{buf}; + $buf .= @_ == 1 ? $_[0] : join("", @_) if @_; - while (length $buf) - { - if ($self->{in_header} && $buf =~ /^\015\012/s) - { - $buf = substr($buf, 2); - $self->finish_header(); - $self->{in_header} = 0; - next; - } - elsif ($self->{in_header} && $buf =~ /^(.*?\015\012)[^\ \t]/s) + if ($self->{in_header}) { + while (length $buf) { + if (substr($buf,0,2) eq "\015\012") + { + $buf = substr($buf, 2); + $self->finish_header(); + $self->{in_header} = 0; + last; + } + if ($buf !~ /^(.+?\015\012)[^\ \t]/s) + { + last; + } my $header = $1; - $buf = substr($buf, length($header)); $self->add_header($header); - next; + $buf = substr($buf, length($header)); } - elsif (!$self->{in_header} && $buf =~ /^(.*?\015\012)/s) + } + + if (!$self->{in_header}) { + my $j = rindex($buf,"\015\012"); + if ($j >= 0) { - my $body_line = $1; - $buf = substr($buf, length($body_line)); - $self->add_body($body_line); - next; + $self->add_body(substr($buf, 0, $j+2)); + substr($buf, 0, $j+2) = ''; } - last; } $self->{buf} = $buf; + return 1; } sub CLOSE @@ -105,21 +110,22 @@ } $self->{buf} = ""; $self->finish_body; + return 1; } sub add_header { - die "not implemented"; + die "add_header not implemented"; } sub finish_header { - die "not implemented"; + die "finish_header not implemented"; } sub add_body { - die "not implemented"; + die "add_body not implemented"; } sub finish_body diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Policy.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Policy.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Policy.pm 2007-07-18 21:14:49.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Policy.pm 2008-11-19 18:34:03.000000000 +0000 @@ -16,7 +16,7 @@ =head1 NAME -Mail::DKIM::Policy - represents a DomainKeys sender signing policy +Mail::DKIM::Policy - represents a DomainKeys Sender Signing Policy record =head1 DESCRIPTION @@ -78,45 +78,25 @@ my $class = shift; my %prms = @_; - my $strn; - ($prms{'Protocol'} eq "dns") or die "invalid protocol '$prms{Protocol}'\n"; - if ($prms{Author} && !$prms{Sender}) - { - $prms{Sender} = $prms{Author}; - } - if ($prms{Sender} && !$prms{Domain}) - { - (undef, $prms{Domain}) = split(/\@/, $prms{Sender}, 2); - } - - unless ($prms{Domain}) - { - die "no domain to fetch policy for\n"; - } - - # IETF seems poised to create policy records this way - #my $host = "_policy._domainkey." . $prms{Domain}; - - # but Yahoo! policy records are still much more common - # see historic RFC4870, section 3.6 - my $host = "_domainkey." . $prms{Domain}; + my $host = $class->get_lookup_name(\%prms); # # perform DNS query for domain policy... # if the query takes too long, we should catch it and generate # an error # - my $resp = Mail::DKIM::DNS::query($host, "TXT"); - unless ($resp) + my @resp = Mail::DKIM::DNS::query($host, "TXT"); + unless (@resp) { # no response => NXDOMAIN, use default policy return $class->default; } - foreach my $ans ($resp->answer) { + my $strn; + foreach my $ans (@resp) { next unless $ans->type eq "TXT"; $strn = join "", $ans->char_str_list; } @@ -133,6 +113,39 @@ ); } +# get_lookup_name() - determine name of record to fetch +# +sub get_lookup_name +{ + my $self = shift; + my ($prms) = @_; + + # in DomainKeys, the record to fetch is determined based on the + # Sender header, then the From header + + if ($prms->{Author} && !$prms->{Sender}) + { + $prms->{Sender} = $prms->{Author}; + } + if ($prms->{Sender} && !$prms->{Domain}) + { + # pick domain from email address + $prms->{Domain} = ($prms->{Sender} =~ /\@([^@]*)$/ and $1); + } + + unless ($prms->{Domain}) + { + die "no domain to fetch policy for\n"; + } + + # IETF seems poised to create policy records this way + #my $host = "_policy._domainkey." . $prms{Domain}; + + # but Yahoo! policy records are still much more common + # see historic RFC4870, section 3.6 + return "_domainkey." . $prms->{Domain}; +} + =head2 new() - construct a default policy object my $policy = Mail::DKIM::Policy->new; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/PrivateKey.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/PrivateKey.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/PrivateKey.pm 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/PrivateKey.pm 2008-08-12 17:03:41.000000000 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright 2005 Messiah College. All rights reserved. +# Copyright 2005-2007 Messiah College. All rights reserved. # Jason Long # # Copyright (c) 2004 Anthony D. Urso. All rights reserved. @@ -10,15 +10,57 @@ use strict; use warnings; +=head1 NAME + +Mail::DKIM::PrivateKey - a private key loaded in memory for DKIM signing + +=head1 SYNOPSIS + + my $key1 = Mail::DKIM::PrivateKey->load( + File => "/path/to/private.key"); + + my $key2 = Mail::DKIM::PrivateKey->load( + Data => $base64); + + # use the loaded key in a DKIM signing object + my $dkim = Mail::DKIM::Signer->new( + Key => $key2, + ); + +=cut + package Mail::DKIM::PrivateKey; use base "Mail::DKIM::Key"; +use Carp; *calculate_EM = \&Mail::DKIM::Key::calculate_EM; -sub load { - my $type = shift; +=head1 CONSTRUCTOR + +=head2 load() - loads a private key into memory + + my $key1 = Mail::DKIM::PrivateKey->load( + File => "/path/to/private.key"); + +Loads the Base64-encoded key from the specified file. + + my $key2 = Mail::DKIM::PrivateKey->load(Data => $base64); + +Loads the Base64-encoded key from a string already in memory. + + my $key3 = Mail::DKIM::PrivateKey->load(Cork => $openssl_object); + +Creates a Mail::DKIM::PrivateKey wrapper object for the given +OpenSSL key object. The key object should be of type +L. + +=cut + +sub load +{ + my $class = shift; my %prms = @_; - my $self = {}; + my $self = bless {}, $class; $self->{'TYPE'} = ($prms{'Type'} or "rsa"); @@ -26,8 +68,8 @@ $self->{'DATA'} = $prms{'Data'}; } elsif ($prms{'File'}) { my @data; - open FILE, "<$prms{'File'}" or - return; + open FILE, "<", $prms{'File'} + or die "Error: cannot read $prms{File}: $!\n"; while () { chomp; /^---/ and @@ -35,13 +77,25 @@ push @data, $_; } $self->{'DATA'} = join '', @data; + } elsif ($prms{'Cork'}) { + $self->{'CORK'} = $prms{'Cork'}; } else { - return; + croak "missing required argument"; } - bless $self, $type; + return $self; } +=head1 METHODS + +=head2 cork() - access the underlying OpenSSL key object + + $openssl_object = $key->cork; + +The returned object is of type L. + +=cut + sub convert { use Crypt::OpenSSL::RSA; @@ -113,4 +167,18 @@ return $rsa_priv->decrypt($EM); } +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2008 by Messiah College + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + +=cut + 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/PublicKey.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/PublicKey.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/PublicKey.pm 2007-07-06 21:44:00.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/PublicKey.pm 2008-11-19 18:34:03.000000000 +0000 @@ -59,14 +59,14 @@ # perform DNS query for public key... # if the query takes too long, we should generate an error # - my $resp = Mail::DKIM::DNS::query($host, "TXT"); - unless ($resp) + my @resp = Mail::DKIM::DNS::query($host, "TXT"); + unless (@resp) { # no response => NXDOMAIN return; } - foreach my $ans ($resp->answer) { + foreach my $ans (@resp) { next unless $ans->type eq "TXT"; $strn = join "", $ans->char_str_list; } @@ -92,7 +92,7 @@ { unless ($v eq "DKIM1") { - die "unrecognized public key version\n"; + die "unsupported version\n"; } } @@ -104,7 +104,7 @@ { unless ($k eq "rsa") { - die "public key: unsupported key type\n"; + die "unsupported key type\n"; } } @@ -112,15 +112,15 @@ my $p = $self->data; if (not defined $p) { - die "public key: missing p= tag\n"; + die "missing p= tag\n"; } if ($p eq "") { - die "public key: revoked\n"; + die "revoked\n"; } unless ($p =~ /^[A-Za-z0-9\+\/\=]+$/) { - die "public key: invalid data\n"; + die "invalid data\n"; } # have OpenSSL load the key @@ -134,11 +134,11 @@ chomp (my $E = $@); if ($E =~ /(OpenSSL error: .*?) at /) { - $E = "public key: $1"; + $E = "$1"; } elsif ($E =~ /^(panic:.*?) at /) { - $E = "public key: OpenSSL $1"; + $E = "OpenSSL $1"; } die "$E\n"; } @@ -149,13 +149,102 @@ my @list = split(/:/, $s); unless (grep { $_ eq "*" || $_ eq "email" } @list) { - die "public key: does not support email\n"; + die "does not support email\n"; } } return 1; } +# check_granularity() - check whether this key matches signature identity +# +# a public key record can restrict what identities it may sign with, +# g=, granularity, restricts the local part of the identity +# t=s, restricts whether subdomains can be used +# +# This method returns true if the given identity is allowed by this +# public key; it returns false otherwise. +# If false is returned, you can check C<$@> for an explanation of +# why. +# +sub check_granularity +{ + my $self = shift; + my ($identity, $empty_g_means_wildcard) = @_; + + # check granularity + my $g = $self->granularity; + + # yuck- what is this $empty_g_means_wildcard parameter? + # well, it turns out that with DomainKeys signatures, + # an empty g= is the same as g=* + if ($g eq "" && $empty_g_means_wildcard) + { + $g = "*"; + } + + # split i= value into a "local part" and a "domain part" + my ($local_part, $domain_part); + if ($identity =~ /^(.*)\@([^@]*)$/) + { + $local_part = $1; + $domain_part = $2; + } + else + { + $local_part = ""; + $domain_part = $identity; + } + + + my ($begins, $ends) = split /\*/, $g, 2; + if (defined $ends) + { + # the g= tag contains an asterisk + + # the local part must be at least as long as the pattern + if (length($local_part) < length($begins) + length($ends) + or + # the local part must begin with $begins + substr($local_part, 0, length($begins)) ne $begins + or + # the local part must end with $ends + (length($ends) && substr($local_part, -length($ends)) ne $ends)) + { + $@ = "granularity mismatch\n"; + return; + } + } + else + { + if ($g eq "") + { + $@ = "granularity is empty\n"; + return; + } + unless ($local_part eq $begins) + { + $@ = "granularity mismatch\n"; + return; + } + } + + # check subdomains + if ($self->subdomain_flag) + { + unless ($domain_part eq lc($self->{'Domain'})) + { + $@ = "does not support signing subdomains\n"; + return; + } + } + + return 1; +} + +# returns true if the actual hash algorithm used is listed by this +# public key; dies otherwise +# sub check_hash_algorithm { my $self = shift; @@ -167,7 +256,7 @@ my @list = split(/:/, $h); unless (grep { $_ eq $hash_algorithm } @list) { - die "public key: does not support hash algorithm '$hash_algorithm'\n"; + die "does not support hash algorithm '$hash_algorithm'\n"; } } return 1; @@ -226,14 +315,39 @@ return $rtrn; } +=head2 granularity() - get or set the granularity (g=) field + + my $g = $public_key->granularity; + + $public_key->granularity("*"); + +Granularity of the key. The value must match the Local-part of the +effective "i=" tag of the DKIM-Signature header field. +The granularity is a literal value, or a pattern with a single '*' +wildcard character that matches zero or more characters. + +If no granularity is defined, then the default value, '*', will +be returned. + +=cut + sub granularity { my $self = shift; + # set new granularity if provided (@_) and $self->set_tag("g", shift); - return $self->get_tag("g"); + my $g = $self->get_tag("g"); + if (defined $g) + { + return $g; + } + else + { + return '*'; + } } sub notes @@ -266,7 +380,18 @@ (@_) and $self->set_tag("t", shift); - return $self->get_tag("t"); + return $self->get_tag("t") || ""; +} + +# subdomain_flag() - checks whether "s" is specified in flags +# +# returns true if "s" is found, false otherwise +# +sub subdomain_flag +{ + my $self = shift; + my @flags = split /:/, $self->flags; + return grep { $_ eq "s" } @flags; } sub revoked @@ -299,6 +424,10 @@ return $self->verify_digest("SHA-1", $digest, $signature); } +# verify_digest() - returns true if the digest verifies, false otherwise +# +# if false, $@ is set to a description of the problem +# sub verify_digest { my $self = shift; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Signature.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Signature.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Signature.pm 2007-07-18 21:14:13.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Signature.pm 2009-03-10 14:47:20.000000000 +0000 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright 2005-2006 Messiah College. All rights reserved. +# Copyright 2005-2007 Messiah College. All rights reserved. # Jason Long # Copyright (c) 2004 Anthony D. Urso. All rights reserved. @@ -20,46 +20,53 @@ =head1 NAME -Mail::DKIM::Signature - encapsulates a DKIM signature header +Mail::DKIM::Signature - represents a DKIM-Signature header =head1 CONSTRUCTORS =head2 new() - create a new signature from parameters - my $signature = new Mail::DKIM::Signature( + my $signature = Mail::DKIM::Signature->new( [ Algorithm => "rsa-sha1", ] [ Signature => $base64, ] [ Method => "relaxed", ] [ Domain => "example.org", ] + [ Identity => 'user@example.org', ] [ Headers => "from:subject:date:message-id", ] [ Query => "dns", ] [ Selector => "alpha", ] + [ Timestamp => time(), ] + [ Expiration => time() + 86400, ] ); =cut -sub new { - my $type = shift; +sub new +{ + my $class = shift; my %prms = @_; my $self = {}; - bless $self, $type; + bless $self, $class; $self->version("1"); $self->algorithm($prms{'Algorithm'} || "rsa-sha1"); $self->signature($prms{'Signature'}); - $self->canonicalization($prms{'Method'} || "simple"); + $self->canonicalization($prms{'Method'}) if exists $prms{'Method'}; $self->domain($prms{'Domain'}); $self->headerlist($prms{'Headers'}); - #$self->protocol($prms{'Query'} || "dns"); - $self->protocol($prms{'Query'} || "dns/txt"); + $self->protocol($prms{'Query'}) if exists $prms{'Query'}; $self->selector($prms{'Selector'}); + $self->identity($prms{'Identity'}) if exists $prms{'Identity'}; + $self->timestamp($prms{'Timestamp'}) if defined $prms{'Timestamp'}; + $self->expiration($prms{'Expiration'}) if defined $prms{'Expiration'}; + $self->key($prms{'Key'}) if defined $prms{'Key'}; return $self; } =head2 parse() - create a new signature from a DKIM-Signature header - my $sig = parse Mail::DKIM::Signature( + my $sig = Mail::DKIM::Signature->parse( "DKIM-Signature: a=rsa-sha1; b=yluiJ7+0=; c=relaxed" ); @@ -95,16 +102,6 @@ my $self = $class->SUPER::parse($string); $self->{prefix} = $prefix; - # check version - if (my $version = $self->version) - { - my @ALLOWED_VERSIONS = ("0.5", "1"); - unless (grep {$_ eq $version} @ALLOWED_VERSIONS) - { - die "unsupported v=$version tag\n"; - } - } - return $self; } @@ -167,7 +164,7 @@ { my $self = shift; - my $prefix = $self->{prefix} || "DKIM-Signature:"; + my $prefix = $self->{prefix} || $self->DEFAULT_PREFIX; return $prefix . $self->SUPER::as_string; } @@ -177,7 +174,7 @@ { my $self = shift; - my $prefix = $self->{prefix} || "DKIM-Signature:"; + my $prefix = $self->{prefix} || $self->DEFAULT_PREFIX; return $prefix . join(";", map { ">" . $_->{raw} . "<" } @{$self->{tags}}); } @@ -306,6 +303,136 @@ } } +use MIME::Base64; + +# checks whether this signature specifies a legal canonicalization method +# returns true if the canonicalization is acceptable, false otherwise +# +sub check_canonicalization +{ + my $self = shift; + + my ($c1, $c2) = $self->canonicalization; + + my @known = ("nowsp", "simple", "relaxed"); + return undef unless (grep { $_ eq $c1 } @known); + return undef unless (grep { $_ eq $c2 } @known); + return 1; +} + +# checks whether the expiration time on this signature is acceptable +# returns a true value if acceptable, false otherwise +# +sub check_expiration +{ + my $self = shift; + my $x = $self->expiration; + return 1 if not defined $x; + + $self->{_verify_time} ||= time(); + return ($self->{_verify_time} <= $x); +} + +# checks whether the protocol found on this signature is valid for +# fetching the public key +# returns a true value if protocol is "dns/txt", false otherwise +# +sub check_protocol +{ + my $self = shift; + + my ($type, $options) = split(/\//, $self->protocol, 2); + return unless ($type eq "dns"); + return if ($options && $options ne "txt"); + + my $v = $self->version; + if ($v) + { + # in v=1 signatures, the /txt option is REQUIRED + return unless ($options && $options eq "txt"); + } + return 1; +} + +# checks whether the version tag has an acceptable value +# returns true if so, otherwise false +# +sub check_version +{ + my $self = shift; + + # check version + if (my $version = $self->version) + { + my @ALLOWED_VERSIONS = ("0.5", "1"); + return (grep {$_ eq $version} @ALLOWED_VERSIONS); + } + + # we still consider a missing v= tag acceptable, + # for backwards-compatibility + return 1; +} + +=head2 data() - get or set the signature data (b=) field + + my $base64 = $signature->data; + $signature->data($base64); + +The signature data. Whitespace is automatically stripped from the +returned value. The data is Base64-encoded. + +=cut + +sub data +{ + my $self = shift; + + if (@_) + { + $self->set_tag("b", shift); + } + + my $b = $self->get_tag("b"); + $b =~ tr/\015\012 \t//d if defined $b; + return $b; +} + +*signature = \*data; + +#undocumented, private function +#derived from MIME::Base64::Perl (allowed, thanks to the Perl license) +# +sub decode_qp +{ + my $res = shift; + + #TODO- should I worry about non-ASCII systems here? + $res =~ s/=([\da-fA-F]{2})/pack("C", hex($1))/ge + if defined $res; + return $res; +} + +#undocumented, private function +#derived from MIME::Base64::Perl (allowed, thanks to the Perl license) +# +sub encode_qp +{ + my $res = shift; + + # note- unlike MIME quoted-printable, we don't allow whitespace chars + my $DISALLOWED = qr/[^!"#\$%&'()*+,\-.\/0-9:;<>?\@A-Z[\\\]^_`a-z{|}~]/; + + #TODO- should I worry about non-ASCII systems here? + $res =~ s/($DISALLOWED)/sprintf('=%02X', ord($1))/eg + if defined $res; + return $res; +} + +sub DEFAULT_PREFIX +{ + return "DKIM-Signature:"; +} + =head2 domain() - get or set the domain (d=) field my $d = $signature->domain; # gets the domain value @@ -314,6 +441,10 @@ The domain of the signing entity, as specified in the signature. This is the domain that will be queried for the public key. +If using an "internationalized domain name", the domain name must be +converted to ASCII (following section 4.1 of RFC 3490) before passing +it to this method. + =cut sub domain @@ -347,41 +478,6 @@ return $self->get_tag("x"); } -use MIME::Base64; - -sub check_canonicalization -{ - my $self = shift; - - my ($c1, $c2) = $self->canonicalization; - - my @known = ("nowsp", "simple", "relaxed"); - return undef unless (grep { $_ eq $c1 } @known); - return undef unless (grep { $_ eq $c2 } @known); - return 1; -} - -# checks whether the protocol found on this subject is valid for -# fetching the public key -# returns a true value if protocol is "dns/txt", false otherwise -# -sub check_protocol -{ - my $self = shift; - - my ($type, $options) = split(/\//, $self->protocol, 2); - return unless ($type eq "dns"); - return if ($options && $options ne "txt"); - - my $v = $self->version; - if ($v) - { - # in v=1 signatures, the /txt option is REQUIRED - return unless ($options && $options eq "txt"); - } - return 1; -} - # allows the type of signature to determine what "algorithm" gets used sub get_algorithm_class { @@ -403,28 +499,36 @@ Public key to fetch is determined by the protocol, selector, and domain fields. +This method caches the result of the fetch, so subsequent calls will not +require additional DNS queries. + +This method will C if an error occurs. + =cut sub get_public_key { my $self = shift; - unless ($self->{public}) + unless (exists $self->{public}) { + # this ensures we only try fetching once, even if an error occurs + $self->{public} = undef; + my $pubk = Mail::DKIM::PublicKey->fetch( Protocol => $self->protocol, Selector => $self->selector, Domain => $self->domain); unless ($pubk) { - die "no public key available\n"; + die "not available\n"; } if ($pubk->revoked) { # FIXME- the key was checked in fetch(), so if the # key was really revoked, we shouldn't have gotten here - die "public key: revoked\n"; + die "revoked\n"; } $self->{public} = $pubk; @@ -432,6 +536,19 @@ return $self->{public}; } +=head2 get_tag() - access the raw value of a tag in this signature + + my $raw_identity = $signature->get_tag("i"); + +Use this method to access a tag not already supported by Mail::DKIM, +or if you want to bypass decoding of the value by Mail::DKIM. + +For example, the raw i= (identity) tag is encoded in quoted-printable +form. If you use the identity() method, Mail::DKIM will decode from +quoted-printable before returning the value. But if you use +get_tag("i"), you can access the encoded quoted-printable form of +the value. + =head2 hash_algorithm() - access the hash algorithm specified in this signature my $hash = $signature->hash_algorithm; @@ -513,6 +630,15 @@ valid signature. Whether the identity used is "authorized" to sign for the given message is not determined here. +If using an "internationalized domain name", the domain name must be +converted to ASCII (following section 4.1 of RFC 3490) before passing +it to this method. + +Identity values are encoded in the signature in quoted-printable format. +Using this method will translate to/from quoted-printable as necessary. +If you want the raw quoted-printable version of the identity, use +$signature->get_tag("i"). + =cut sub identity @@ -521,12 +647,12 @@ # set new identity if provided (@_) and - $self->set_tag("i", shift); + $self->set_tag("i", encode_qp(shift)); my $i = $self->get_tag("i"); if (defined $i) { - return $i; + return decode_qp($i); } else { @@ -551,6 +677,25 @@ return lc($addr) eq lc($id); } +=head2 key() - get or set the key object + + my $key = $signature->key; + + $signature->key(Mail::DKIM::PrivateKey->load(File => "private.key")); + +=cut + +sub key +{ + my $self = shift; + if (@_) + { + $self->{Key} = shift; + $self->{KeyFile} = undef; + } + return $self->{Key}; +} + =head2 method() - get or set the canonicalization (c=) field Message canonicalization (default is "simple"). This informs the verifier @@ -567,7 +712,7 @@ $self->set_tag("c", shift); } - return lc $self->get_tag("c"); + return (lc $self->get_tag("c")) || "simple"; } =head2 protocol() - get or set the query methods (q=) field @@ -651,32 +796,6 @@ return $self->get_tag("s"); } -=head2 data() - get or set the signature data (b=) field - - my $base64 = $signature->data; - $signature->data($base64); - -The signature data. Whitespace is automatically stripped from the -returned value. The data is Base64-encoded. - -=cut - -sub data -{ - my $self = shift; - - if (@_) - { - $self->set_tag("b", shift); - } - - my $b = $self->get_tag("b"); - $b =~ tr/\015\012 \t//d if defined $b; - return $b; -} - -*signature = \*data; - =head2 prettify() - alters the signature to look "nicer" as an email header $signature->prettify; @@ -685,13 +804,15 @@ it should be done ONLY when the signature is being generated, BEFORE being fed to the canonicalization algorithm. +See also prettify_safe(), which will not break signatures. + =cut sub prettify { my $self = shift; $self->wrap( - Start => length($self->{prefix} || "DKIM-Signature:"), + Start => length($self->{prefix} || $self->DEFAULT_PREFIX), Tags => { b => "b64", bh => "b64", @@ -713,7 +834,7 @@ { my $self = shift; $self->wrap( - Start => length($self->{prefix} || "DKIM-Signature:"), + Start => length($self->{prefix} || $self->DEFAULT_PREFIX), Tags => { b => "b64", }, @@ -757,6 +878,10 @@ return $self->get_tag("v"); } +=head1 SEE ALSO + +L for DomainKey-Signature headers + =head1 AUTHOR Jason Long, Ejlong@messiah.eduE diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Signer.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Signer.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Signer.pm 2007-07-31 21:41:41.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Signer.pm 2008-11-19 18:34:03.000000000 +0000 @@ -28,7 +28,7 @@ Method => "relaxed", Domain => "example.org", Selector => "selector1", - KeyFile => "private.key"); + KeyFile => "private.key", ); # read an email from a file handle @@ -65,23 +65,39 @@ # create a signer using a custom policy my $dkim = Mail::DKIM::Signer->new( Policy => $policyfn, - KeyFile => "private.key", ); -You must always specify the name of a private key file. In addition, -you must specify a policy object, or specify the algorithm, method, -domain, and selector to use. Use of the policy object lets you defer -the determination of algorithm, method, domain and selector until -the message being signed has been partially read. +The "default policy" is to create a DKIM signature using the specified +parameters, but only if the message's sender matches the domain. +The following parameters can be passed to this new() method to +influence the resulting signature: +Algorithm, Method, Domain, Selector, KeyFile, Identity, Timestamp. + +If you want different behavior, you can provide a "signer policy" +instead. A signer policy is a subroutine or class that determines +signature parameters after the message's headers have been parsed. +See the section L below for more information. + +See L for more information about policy objects. + +In addition to the parameters demonstrated above, the following +are recognized: + +=over -See Mail::DKIM::SignerPolicy for more information about policy objects. +=item Key + +rather than using C, use C to use an already-loaded +L object. + +=back =cut package Mail::DKIM::Signer; use base "Mail::DKIM::Common"; use Carp; -our $VERSION = '0.28'; +our $VERSION = 0.33; # PROPERTIES # @@ -107,15 +123,15 @@ # $dkim->{Selector} # identifies name of the selector identifying the key # +# $dkim->{Key} +# the loaded private key +# # private: # # $dkim->{algorithms} = [] # an array of algorithm objects... an algorithm object is created for # each signature being added to the message # -# $dkim->{private} -# the loaded private key -# # $dkim->{result} # result of the signing policy: "signed" or "skipped" # @@ -130,14 +146,9 @@ if (defined $self->{KeyFile}) { - croak "not a file: " . $self->{KeyFile} - unless (-f $self->{KeyFile}); - - $self->{private} = Mail::DKIM::PrivateKey->load( + $self->{Key} ||= Mail::DKIM::PrivateKey->load( File => $self->{KeyFile}); } - croak "No private key specified" - unless ($self->{private}); unless ($self->{"Algorithm"}) { @@ -213,12 +224,18 @@ } $self->add_signature( - new Mail::DKIM::Signature( + Mail::DKIM::Signature->new( Algorithm => $self->{"Algorithm"}, Method => $self->{"Method"}, Headers => $self->headers, Domain => $self->{"Domain"}, Selector => $self->{"Selector"}, + Key => $self->{"Key"}, + KeyFile => $self->{"KeyFile"}, + ($self->{"Identity"} ? + (Identity => $self->{"Identity"}) : ()), + ($self->{"Timestamp"} ? + (Timestamp => $self->{"Timestamp"}) : ()), )); } @@ -242,14 +259,28 @@ # finished canonicalizing $algorithm->finish_body; + # load the private key file if necessary + my $signature = $algorithm->signature; + my $key = $signature->{Key} + || $signature->{KeyFile} + || $self->{Key} + || $self->{KeyFile}; + if (not ref $key) + { + $key = Mail::DKIM::PrivateKey->load( + File => $key); + } + $key + or die "no key available to sign with\n"; + # compute signature value - my $signb64 = $algorithm->sign($self->{private}); - $algorithm->signature->data($signb64); + my $signb64 = $algorithm->sign($key); + $signature->data($signb64); # insert linebreaks in signature data, if desired - $algorithm->signature->prettify_safe(); + $signature->prettify_safe(); - $self->{signature} = $algorithm->signature; + $self->{signature} = $signature; $self->{result} = "signed"; } } @@ -277,7 +308,7 @@ Signer policies can use this method to specify complete parameters for the signature to add, including what type of signature. For more information, -see Mail::DKIM::SignerPolicy. +see L. =cut @@ -288,7 +319,7 @@ # create a canonicalization filter and algorithm my $algorithm_class = $signature->get_algorithm_class( - $self->{"Algorithm"}); + $signature->algorithm); my $algorithm = $algorithm_class->new( Signature => $signature, Debug_Canonicalization => $self->{Debug_Canonicalization}, @@ -395,6 +426,50 @@ return scalar grep { lc($_) eq lc($header_name) } @DEFAULT_HEADERS; } +=head2 key() - get or set the private key object + + my $key = $dkim->key; + + $dkim->key(Mail::DKIM::PrivateKey->load(File => "private.key")); + +If you use this method to specify a private key, +do not use L. + +=cut + +sub key +{ + my $self = shift; + if (@_) + { + $self->{Key} = shift; + $self->{KeyFile} = undef; + } + return $self->{Key}; +} + +=head2 key_file() - get or set the filename containing the private key + + my $filename = $dkim->key_file; + + $dkim->key_file("private.key"); + +If you use this method to specify a private key file, +do not use L. + +=cut + +sub key_file +{ + my $self = shift; + if (@_) + { + $self->{Key} = undef; + $self->{KeyFile} = shift; + } + return $self->{KeyFile}; +} + =head2 method() - get or set the selected canonicalization method $alg = $dkim->method; @@ -417,22 +492,29 @@ my $address = $dkim->message_originator; -Returns the "originator address" found in the message. This is typically -the (first) name and email address found in the From: header. The returned -object is of type Mail::Address. To get just the email address part, do: +Returns the "originator address" found in the message, as a +L object. +This is typically the (first) name and email address found in the +From: header. If there is no From: header, +then an empty L object is returned. + +To get just the email address part, do: my $email = $dkim->message_originator->address; +See also L. =head2 message_sender() - access the "From" or "Sender" header my $address = $dkim->message_sender; -Returns the "sender" found in the message. This is typically the (first) -name and email address found in the Sender: header. If there is no Sender: -header, it is the first name and email address in the From: header. -The returned object is of type Mail::Address, so to get just the email -address part, do: +Returns the "sender" found in the message, as a L object. +This is typically the (first) name and email address found in the +Sender: header. If there is no Sender: header, it is the first name and +email address in the From: header. If neither header is present, +then an empty L object is returned. + +To get just the email address part, do: my $email = $dkim->message_sender->address; @@ -515,7 +597,8 @@ Or the policy object can actually create the signature, using the add_signature method within the policy object. If you add a signature, you do not need to return a nonzero value. -This mechanism can be utilized to create multiple signatures. +This mechanism can be utilized to create multiple signatures, +or to create the older DomainKey-style signatures. my $policyfn = sub { my $dkim = shift; @@ -527,6 +610,14 @@ Domain => "example.org", Selector => "mx1", )); + $dkim->add_signature( + new Mail::DKIM::DkSignature( + Algorithm => "rsa-sha1", + Method => "nofws", + Headers => $dkim->headers, + Domain => "example.org", + Selector => "mx1", + )); return; }; @@ -536,7 +627,7 @@ =head1 SEE ALSO -Mail::DKIM::SignerPolicy +L =head1 AUTHOR diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/SignerPolicy.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/SignerPolicy.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/SignerPolicy.pm 2007-05-10 13:43:22.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/SignerPolicy.pm 2008-08-12 17:03:41.000000000 +0100 @@ -21,12 +21,13 @@ =head1 DESCRIPTION -Objects of type Mail::DKIM::SignerPolicy are used by Mail::DKIM::Signer. -To take advantage of policy objects, create your own Perl class that -extends this class. The only method you need to provide is the apply() -method. +A "signer policy" is an object, class, or function used by +L to determine what signatures to add to the +current message. To take advantage of signer policies, create your +own Perl class that extends the L class. +The only method you need to implement is the apply() method. -The apply() method takes as a parameter the Mail::DKIM::Signer object. +The apply() method takes as a parameter the L object. Using this object, it can determine some properties of the message (e.g. what the From: address or Sender: address is). Then it sets various signer properties as desired. The apply() method should @@ -47,6 +48,7 @@ $signer->method("relaxed"); $signer->domain("example.org"); $signer->selector("selector1"); + $signer->key_file("private.key"); return 1; } @@ -54,9 +56,8 @@ To use this policy, simply specify the name of the class as the Policy parameter... - my $dkim = Mail::DKIM::Signer->new_object( + my $dkim = Mail::DKIM::Signer->new( Policy => "MySignerPolicy", - KeyFile => "private.key" ); =head1 ADVANCED diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/TextWrap.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/TextWrap.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/TextWrap.pm 2007-04-16 19:42:02.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/TextWrap.pm 2008-11-19 19:27:32.000000000 +0000 @@ -6,6 +6,114 @@ package Mail::DKIM::TextWrap; use Carp; +=head1 NAME + +Mail::DKIM::TextWrap - text wrapping module written for use with DKIM + +=head1 SYNOPSIS + + my $output = ""; + my $tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + ); + $tw->add("Mary had a little lamb, whose fleece was white as snow.\n"); + $tw->finish; + + print $output; + +=head1 DESCRIPTION + +This is a general-purpose text-wrapping module that I wrote because +I had some specific needs with Mail::DKIM that none of the +contemporary text-wrapping modules offered. + +Specifically, it offers the ability to change wrapping options +in the middle of a paragraph. For instance, with a DKIM signature: + + DKIM-Signature: a=rsa; c=simple; h=first:second:third:fourth; + b=Xr2mo2wmb1LZBwmEJElIPezal7wQQkRQ8WZtxpofkNmXTjXf8y2f0 + +the line-breaks can be inserted next to any of the colons of the h= tag, +or any character of the b= tag. The way I implemented this was to +serialize the signature one element at a time, changing the +text-wrapping options at the start and end of each tag. + +=head1 TEXT WRAPPING OPTIONS + +Text wrapping options can be specified when calling new(), or +by simply changing the property as needed. For example, to change +the number of characters allowed per line: + + $tw->{Margin} = 20; + +=over + +=item Break + +a regular expression matching characters where a line break +can be inserted. Line breaks are inserted AFTER a matching substring. +The default is C. + +=item BreakBefore + +a regular expression matching characters where a line break +can be inserted. Line breaks are inserted BEFORE a matching substring. +Usually, you want to use Break, rather than BreakBefore. +The default is C. + +=item Margin + +specifies how many characters to allow per line. +The default is 72. If no place to line-break is found on a line, the +line will extend beyond this margin. + +=item Separator + +the text to insert when a linebreak is needed. +The default is "\n". If you want to set a following-line indent +(e.g. all lines but the first begin with four spaces), +use something like "\n ". + +=item Swallow + +a regular expression matching characters that can be omitted +when a line break occurs. For example, if you insert a line break +between two words, then you are replacing a "space" with the line +break, so you are omitting the space. On the other hand, if you +insert a line break between two parts of a hyphenated word, then +you are breaking at the hyphen, but you still want to display the +hyphen. +The default is C. + +=back + +=head1 CONSTRUCTOR + +=head2 new() - create a new text-wrapping object + + my $tw = Mail::DKIM::TextWrap->new( + Output => \$output, + %wrapping_options, + ); + +The text-wrapping object encapsulates the current options and the +current state of the text stream. In addition to specifying text +wrapping options as described in the section above, the following +options are recognized: + +=over + +=item Output + +a scalar reference, or a glob reference, to specify where the +"wrapped" text gets output to. If not specified, the default of +STDOUT is used. + +=back + +=cut + sub new { my $class = shift; @@ -13,22 +121,36 @@ my $self = { Margin => 72, Break => qr/\s/, + BreakBefore => undef, Swallow => qr/\s/, Separator => "\n", cur => 0, + may_break => 0, soft_space => "", + word => "", %args, }; $self->{Output} ||= \*STDOUT; return bless $self, $class; } -sub finish -{ - my $self = shift; - $self->output($self->{soft_space}); -} - +# Internal properties: +# +# cur - the last known column position +# +# may_break - nonzero if the current location allows a linebreak +# +# soft_space - contains added text that will not be printed if a linebreak +# occurs +# +# word - contains the current word + +# Internal methods: +# +# _calculate_new_column() - determine where cur would be after adding some text +# +# my $new_cur = _calculate_new_column($cur, "some additional\ntext"); +# sub _calculate_new_column { my ($cur, $text) = @_; @@ -51,30 +173,52 @@ return $cur; } +=head1 METHODS + +=head2 add() - process some text that can be wrapped + + $tw->add("Mary had a little lamb.\n"); + +You can add() all the text at once, or add() the text in parts by calling +add() multiple times. + +=cut + sub add { my ($self, $text) = @_; - my $break = $self->{Break}; + my $break_after = $self->{Break}; + my $break_before = $self->{BreakBefore}; my $swallow = $self->{Swallow}; - while (length $text) + $self->{word} .= $text; + while (length $self->{word}) { - my ($word, $remaining); - if (defined($break) and $text =~ /^(.*?)($break)(.*)$/s) + my $word; + if (defined($break_before) and $self->{word} =~ s/^(.+?)($break_before)/$2/s) + { + # note- $1 should have at least one character + $word = $1; + } + elsif (defined($break_after) and $self->{word} =~ s/^(.*?)($break_after)//s) { $word = $1 . $2; - $remaining = $3; + } + elsif ($self->{NoBuffering}) + { + $word = $self->{word}; + $self->{word} = ""; } else { - $word = $text; - $remaining = ""; + last; } + die "assertion failed" unless length($word) >= 1; + my $next_soft_space; - if ($word =~ /^(.*)($swallow)$/s) + if (defined($swallow) && $word =~ s/($swallow)$//s) { - $word = $1; - $next_soft_space = $2; + $next_soft_space = $1; } else { @@ -84,18 +228,19 @@ my $to_print = $self->{soft_space} . $word; my $new_pos = _calculate_new_column($self->{cur}, $to_print); - if ($new_pos > $self->{Margin}) + if ($new_pos > $self->{Margin} && $self->{may_break}) { # what would happen if we put the separator in? my $w_sep = _calculate_new_column($self->{cur}, $self->{Separator}); - if (defined($break) && $w_sep < $self->{cur}) + if ($w_sep < $self->{cur}) { # inserting the separator gives us more room, # so do it $self->output($self->{Separator}); $self->{soft_space} = ""; $self->{cur} = $w_sep; + $self->{word} = $word . $next_soft_space . $self->{word}; next; } } @@ -103,10 +248,46 @@ $self->output($to_print); $self->{soft_space} = $next_soft_space; $self->{cur} = $new_pos; - $text = $remaining; + $self->{may_break} = 1; } } +=head2 finish() - call when no more text is to be added + + $tw->finish; + +Call this when finished adding text, so that any remaining text +in TextWrap's buffers will be output. + +=cut + +sub finish +{ + my $self = shift; + $self->flush; + $self->reset; +} + +=head2 flush() - output the current partial word, if any + + $tw->flush; + +Call this whenever changing TextWrap's parameters in the middle +of a string of words. It explicitly allows a line-break at the +current position in the string, regardless of whether it matches +the current break pattern. + +=cut + +sub flush +{ + my $self = shift; + + local $self->{NoBuffering} = 1; + local $self->{Swallow} = undef; + $self->add(""); +} + sub output { my $self = shift; @@ -123,4 +304,12 @@ } } +sub reset +{ + my $self = shift; + $self->{cur} = 0; + $self->{soft_space} = ""; + $self->{word} = ""; +} + 1; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM/Verifier.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM/Verifier.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM/Verifier.pm 2007-07-31 21:41:32.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM/Verifier.pm 2008-11-19 18:34:03.000000000 +0000 @@ -89,8 +89,7 @@ package Mail::DKIM::Verifier; use base "Mail::DKIM::Common"; use Carp; -use Error ":try"; -our $VERSION = '0.28'; +our $VERSION = 0.33; sub init { @@ -101,7 +100,7 @@ # @{$dkim->{signatures}} # array of L objects, representing all -# syntactically valid signatures found in the header, +# parseable signatures found in the header, # ordered from the top of the header to the bottom. # # $dkim->{signature_reject_reason} @@ -132,12 +131,40 @@ if (lc($field_name) eq "dkim-signature") { - $self->add_signature($line); + eval + { + my $signature = Mail::DKIM::Signature->parse($line); + $self->add_signature($signature); + }; + if ($@) + { + # the only reason an error should be thrown is if the + # signature really is unparse-able + + # otherwise, invalid signatures are caught in finish_header() + + chomp (my $E = $@); + $self->{signature_reject_reason} = $E; + } } if (lc($field_name) eq "domainkey-signature") { - $self->add_signature_dk($line); + eval + { + my $signature = Mail::DKIM::DkSignature->parse($line); + $self->add_signature($signature); + }; + if ($@) + { + # the only reason an error should be thrown is if the + # signature really is unparse-able + + # otherwise, invalid signatures are caught in finish_header() + + chomp (my $E = $@); + $self->{signature_reject_reason} = $E; + } } } @@ -145,37 +172,39 @@ { my $self = shift; croak "wrong number of arguments" unless (@_ == 1); - my ($contents) = @_; + my ($signature) = @_; - eval - { - my $signature = Mail::DKIM::Signature->parse($contents); - push @{$self->{signatures}}, $signature; - }; - if ($@) + push @{$self->{signatures}}, $signature; + + unless ($self->check_signature($signature)) { - chomp (my $E = $@); - $self->{signature_reject_reason} = $E; + $signature->result("invalid", + $self->{signature_reject_reason}); + return; } -} -# parses a DomainKeys-type signature -sub add_signature_dk -{ - my $self = shift; - croak "wrong number of arguments" unless (@_ == 1); - my ($contents) = @_; + # create a canonicalization filter and algorithm + my $algorithm_class = $signature->get_algorithm_class( + $signature->algorithm); + my $algorithm = $algorithm_class->new( + Signature => $signature, + Debug_Canonicalization => $self->{Debug_Canonicalization}, + ); - eval + # push through the headers parsed prior to the signature header + if ($algorithm->wants_pre_signature_headers) { - my $signature = Mail::DKIM::DkSignature->parse($contents); - push @{$self->{signatures}}, $signature; - }; - if ($@) - { - chomp (my $E = $@); - $self->{signature_reject_reason} = $E; + # Note: this will include the signature header that led to this + # "algorithm"... + foreach my $head (@{$self->{headers}}) + { + $algorithm->add_header($head); + } } + + # save the algorithm + $self->{algorithms} ||= []; + push @{$self->{algorithms}}, $algorithm; } sub check_signature @@ -184,6 +213,21 @@ croak "wrong number of arguments" unless (@_ == 1); my ($signature) = @_; + unless ($signature->check_version) + { + # unsupported version + if (defined $signature->version) + { + $self->{signature_reject_reason} = "unsupported version " + . $signature->version; + } + else + { + $self->{signature_reject_reason} = "missing v tag"; + } + return 0; + } + unless ($signature->algorithm && $signature->get_algorithm_class($signature->algorithm)) { @@ -200,9 +244,9 @@ { # unsupported canonicalization method $self->{signature_reject_reason} = "unsupported canonicalization"; - if (defined $signature->method) + if (defined $signature->canonicalization) { - $self->{signature_reject_reason} .= " " . $signature->method; + $self->{signature_reject_reason} .= " " . $signature->canonicalization; } return 0; } @@ -216,6 +260,13 @@ return 0; } + unless ($signature->check_expiration) + { + # signature has expired + $self->{signature_reject_reason} = "signature is expired"; + return 0; + } + unless ($signature->domain ne '') { # no domain specified @@ -232,22 +283,6 @@ return 0; } - # check domain against message From: and Sender: headers -# my $responsible_address = $self->message_originator; -# if (!$responsible_address) -# { -# # oops, no From: or Sender: header -# die "No From: or Sender: header"; -# } -# -# my $senderdomain = $responsible_address->host; -# my $sigdomain = $signature->domain; -# if (!$self->match_subdomain($senderdomain, $sigdomain)) -# { -# $self->{signature_reject_reason} = "unmatched domain"; -# return 0; -# } - return 1; } @@ -260,29 +295,58 @@ my $result = 0; eval { + $@ = undef; + + # HACK- I'm indecisive here about whether I want the + # check_foo functions to return false or to "die" + # on failure + # check public key's allowed hash algorithms $result = $public_key->check_hash_algorithm( $signature->hash_algorithm); - # TODO - check public key's granularity + # HACK- DomainKeys signatures are allowed to have an empty g= + # tag in the public key + my $empty_g_means_wildcard = $signature->isa("Mail::DKIM::DkSignature"); + + # check public key's granularity + $result &&= $public_key->check_granularity( + $signature->identity, $empty_g_means_wildcard); + + die $@ if $@; }; if ($@) { my $E = $@; chomp $E; - $self->{signature_reject_reason} = $E; + $self->{signature_reject_reason} = "public key: $E"; } return $result; } +# returns true if the i= tag is an address with a domain matching or +# a subdomain of the d= tag +# +sub check_signature_identity +{ + my ($signature) = @_; + + my $d = $signature->domain; + my $i = $signature->identity; + if (defined($i) && $i =~ /\@([^@]*)$/) + { + return match_subdomain($1, $d); + } + return 0; +} + sub match_subdomain { - my $self = shift; croak "wrong number of arguments" unless (@_ == 2); my ($subdomain, $superdomain) = @_; my $tmp = substr(".$subdomain", -1 - length($superdomain)); - return (".$superdomain" eq $tmp); + return (lc ".$superdomain" eq lc $tmp); } # @@ -303,14 +367,24 @@ return; } + foreach my $algorithm (@{$self->{algorithms}}) + { + $algorithm->finish_header; + } + # For each parsed signature, check it for validity. If none are valid, # our result is "invalid" and our result detail will be the reason # why the last signature was invalid. - my @valid = (); foreach my $signature (@{$self->{signatures}}) { - next unless ($self->check_signature($signature)); + unless (check_signature_identity($signature)) + { + $self->{signature_reject_reason} = "bad identity"; + $signature->result("invalid", + $self->{signature_reject_reason}); + next; + } # get public key my $pkey; @@ -322,55 +396,33 @@ { my $E = $@; chomp $E; - $self->{signature_reject_reason} = $E; + $self->{signature_reject_reason} = "public key: $E"; + $signature->result("invalid", + $self->{signature_reject_reason}); + next; } - if ($pkey) - { - $self->check_public_key($signature, $pkey) - or next; - } - else + unless ($self->check_public_key($signature, $pkey)) { - # public key not available + $signature->result("invalid", + $self->{signature_reject_reason}); next; } - - # this signature is ok - push @valid, $signature; } - unless (@valid) - { - # no valid signatures found - $self->{result} = "invalid"; - $self->{details} = $self->{signature_reject_reason}; - return; - } - - # now, for each valid signature, create an "algorithm" object which - # will process the message - - $self->{algorithms} = []; - foreach my $signature (@valid) - { - # create a canonicalization filter and algorithm - my $algorithm_class = $signature->get_algorithm_class( - $signature->algorithm); - my $algorithm = $algorithm_class->new( - Signature => $signature, - Debug_Canonicalization => $self->{Debug_Canonicalization}, - ); - - # output header as received so far into canonicalization - foreach my $line (@{$self->{headers}}) + # stop processing signatures that are already known to be invalid + @{$self->{algorithms}} = grep { - $algorithm->add_header($line); - } - $algorithm->finish_header; + my $sig = $_->signature; + !($sig->result && $sig->result eq "invalid"); + } @{$self->{algorithms}}; - # save the algorithm - push @{$self->{algorithms}}, $algorithm; + if (@{$self->{algorithms}} == 0 + && @{$self->{signatures}} > 0) + { + $self->{result} = $self->{signatures}->[0]->result; + $self->{details} = $self->{signatures}->[0]->{verify_details}; + return; } } @@ -467,11 +519,11 @@ sub fetch_author_policy { my $self = shift; + my ($author) = @_; use Mail::DKIM::DkimPolicy; # determine address found in the "From" - my $author = $self->message_originator; - $author &&= $author->address; + $author ||= $self->message_originator->address; # fetch the policy return Mail::DKIM::DkimPolicy->fetch( @@ -506,10 +558,8 @@ use Mail::DKIM::Policy; # determine addresses found in the "From" and "Sender" headers - my $author = $self->message_originator; - $author &&= $author->address; - my $sender = $self->message_sender; - $sender &&= $sender->address; + my $author = $self->message_originator->address; + my $sender = $self->message_sender->address; # fetch the policy return Mail::DKIM::Policy->fetch( @@ -531,21 +581,29 @@ my $address = $dkim->message_originator; -Returns the "originator address" found in the message. This is typically -the (first) name and email address found in the From: header. The returned -object is of type Mail::Address. To get just the email address part, do: +Returns the "originator address" found in the message, as a +L object. +This is typically the (first) name and email address found in the +From: header. If there is no From: header, +then an empty L object is returned. + +To get just the email address part, do: my $email = $dkim->message_originator->address; +See also L. + =head2 message_sender() - access the "From" or "Sender" header my $address = $dkim->message_sender; -Returns the "sender" found in the message. This is typically the (first) -name and email address found in the Sender: header. If there is no Sender: -header, it is the first name and email address in the From: header. -The returned object is of type Mail::Address, so to get just the email -address part, do: +Returns the "sender" found in the message, as a L object. +This is typically the (first) name and email address found in the +Sender: header. If there is no Sender: header, it is the first name and +email address in the From: header. If neither header is present, +then an empty L object is returned. + +To get just the email address part, do: my $email = $dkim->message_sender->address; @@ -575,10 +633,8 @@ =item invalid -Returned if no valid DKIM-Signature headers were found, but there is at -least one invalid DKIM-Signature header. For a reason why a -DKIM-Signature header found in the message was invalid, -see $dkim->{signature_reject_reason}. +Returned if a DKIM-Signature could not be checked because of a problem +in the signature itself or the public key record. =item none @@ -603,22 +659,32 @@ pass fail (bad RSA signature) - fail (headers have been altered) + fail (OpenSSL error: ...) + fail (message has been altered) fail (body has been altered) - invalid (unsupported canonicalization) - invalid (unsupported query protocol) + invalid (bad identity) invalid (invalid domain in d tag) invalid (missing q tag) invalid (missing d tag) invalid (missing s tag) - invalid (unsupported v=0.1 tag) - invalid (no public key available) - invalid (public key: does not support email) - invalid (public key: does not support hash algorithm 'sha1') + invalid (unsupported version 0.1) + invalid (unsupported algorithm ...) + invalid (unsupported canonicalization ...) + invalid (unsupported query protocol ...) + invalid (signature is expired) + invalid (public key: not available) + invalid (public key: unknown query type ...) + invalid (public key: syntax error) + invalid (public key: unsupported version) invalid (public key: unsupported key type) invalid (public key: missing p= tag) - invalid (public key: revoked) invalid (public key: invalid data) + invalid (public key: does not support email) + invalid (public key: does not support hash algorithm 'sha1') + invalid (public key: does not support signing subdomains) + invalid (public key: revoked) + invalid (public key: granularity mismatch) + invalid (public key: granularity is empty) invalid (public key: OpenSSL error: ...) none @@ -627,7 +693,7 @@ my $sig = $dkim->signature; Accesses the signature found and verified in this message. The returned -object is of type Mail::DKIM::Signature. +object is of type L. In case of multiple signatures, the signature with the "best" result will be returned. @@ -635,21 +701,20 @@ =cut -#EXPERIMENTAL -# =head2 signatures() - access all of this message's signatures -# -# my @all_signatures = $dkim->signatures; -# -# =cut -#TODO -# how would the caller get the verification results of each signature? -# are they stored in the signature object? +=head2 signatures() - access all of this message's signatures + + my @all_signatures = $dkim->signatures; + +Use $signature->result or $signature->result_detail to access +the verification results of each signature. +=cut + sub signatures { my $self = shift; croak "unexpected argument" if @_; - return map { $_->signature } @{$self->{algorithms}}; + return @{$self->{signatures}}; } =head1 AUTHOR diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/lib/Mail/DKIM.pm /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/lib/Mail/DKIM.pm --- libmail-dkim-perl-0.28/lib/Mail/DKIM.pm 2007-07-31 21:41:16.000000000 +0100 +++ libmail-dkim-perl-0.33/lib/Mail/DKIM.pm 2008-11-19 18:34:03.000000000 +0000 @@ -4,7 +4,7 @@ use warnings; package Mail::DKIM; -our $VERSION = '0.28'; +our $VERSION = 0.33; 1; __END__ @@ -19,7 +19,7 @@ use Mail::DKIM::Verifier; # create a verifier object - my $dkim = Mail::DKIM::Verifier->new_object(); + my $dkim = Mail::DKIM::Verifier->new(); # read an email from stdin, pass it into the verifier while () @@ -44,13 +44,13 @@ The Mail::DKIM module uses an object-oriented interface. You use one of two different classes, depending on whether you are signing or verifying -a message. To sign, use the Mail::DKIM::Signer class. To verify, use the -Mail::DKIM::Verifier class. Simple, eh? +a message. To sign, use the L class. To verify, use the +L class. Simple, eh? =head1 SEE ALSO -Mail::DKIM::Signer, -Mail::DKIM::Verifier +L, +L http://jason.long.name/dkimproxy/ @@ -63,7 +63,7 @@ The "sender signing policy" component is still under construction. The sender signing policy is supposed to identify the practice of the message author, so you could for example reject a message from an author who claims -they always sign their messages. See Mail::DKIM::Policy. +they always sign their messages. See L. =head1 AUTHOR diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/Makefile.PL /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/Makefile.PL --- libmail-dkim-perl-0.28/Makefile.PL 2007-07-31 18:17:35.000000000 +0100 +++ libmail-dkim-perl-0.33/Makefile.PL 2009-03-10 14:47:52.000000000 +0000 @@ -4,12 +4,10 @@ # the contents of the Makefile that is written. WriteMakefile( NAME => 'Mail::DKIM', - VERSION_FROM => 'lib/Mail/DKIM.pm', # finds $VERSION + VERSION => "0.33", PREREQ_PM => { Crypt::OpenSSL::RSA => 0.24, - Digest::SHA1 => 0, Digest::SHA => 0, - Error => 0, Mail::Address => 0, MIME::Base64 => 0, Net::DNS => 0, diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/MANIFEST /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/MANIFEST --- libmail-dkim-perl-0.28/MANIFEST 2007-07-31 21:43:29.000000000 +0100 +++ libmail-dkim-perl-0.33/MANIFEST 2009-03-10 14:52:20.000000000 +0000 @@ -38,12 +38,15 @@ scripts/test_bare_rsa_sha1.pl scripts/test_canonicalization.pl scripts/test_nowsp_rsa_sha1.pl +t/FAKE_DNS.dat t/Mail-DKIM.t t/policy.t +t/public_key.t t/signature.t t/simple_canonicalization.t t/signer.t t/signer_policy.t +t/textwrap.t t/verifier.t t/test.key t/test5.txt @@ -58,17 +61,46 @@ t/corpus/good_dk_gmail.txt t/corpus/good_dk_1.txt t/corpus/good_dk_2.txt +t/corpus/good_dk_3.txt +t/corpus/good_dk_4.txt +t/corpus/good_dk_5.txt +t/corpus/good_dk_6.txt +t/corpus/good_dk_7.txt +t/corpus/good_rfc4871_3.txt +t/corpus/good_rfc4871_4.txt +t/corpus/good_1878523.txt +t/corpus/dk_headers_1.txt +t/corpus/dk_headers_2.txt +t/corpus/dk_multiple_1.txt t/corpus/multiple_1.txt +t/corpus/multiple_2.txt +t/corpus/bad_dk_1.txt +t/corpus/bad_dk_2.txt t/corpus/bad_ietf01_1.txt t/corpus/bad_ietf01_2.txt t/corpus/bad_ietf01_3.txt t/corpus/bad_1.txt +t/corpus/bad_1878954.txt t/corpus/badkey_1.txt t/corpus/badkey_2.txt t/corpus/badkey_3.txt t/corpus/badkey_4.txt t/corpus/badkey_5.txt t/corpus/badkey_6.txt +t/corpus/badkey_7.txt +t/corpus/badkey_8.txt +t/corpus/badkey_9.txt +t/corpus/badkey_10.txt +t/corpus/badkey_11.txt +t/corpus/badkey_12.txt +t/corpus/badkey_13.txt +t/corpus/goodkey_1.txt +t/corpus/goodkey_2.txt +t/corpus/goodkey_3.txt +t/corpus/goodkey_4.txt +t/corpus/good_qp_1.txt +t/corpus/good_qp_2.txt +t/corpus/good_qp_3.txt t/corpus/mine_ietf01_1.txt t/corpus/mine_ietf01_2.txt t/corpus/mine_ietf01_3.txt @@ -80,6 +112,8 @@ t/corpus/ignore_4.txt t/corpus/ignore_5.txt t/corpus/ignore_6.txt +t/corpus/ignore_7.txt +t/corpus/ignore_8.txt t/corpus/no_body_1.txt t/corpus/no_body_2.txt t/corpus/no_body_3.txt diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/META.yml /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/META.yml --- libmail-dkim-perl-0.28/META.yml 2007-07-31 21:43:29.000000000 +0100 +++ libmail-dkim-perl-0.33/META.yml 2009-03-10 14:52:20.000000000 +0000 @@ -1,21 +1,19 @@ --- #YAML:1.0 name: Mail-DKIM -version: 0.28 +version: 0.33 abstract: Signs/verifies Internet mail with DKIM/DomainKey signatures license: ~ -generated_by: ExtUtils::MakeMaker version 6.32 +author: + - Jason Long +generated_by: ExtUtils::MakeMaker version 6.42 distribution_type: module requires: Crypt::OpenSSL::RSA: 0.24 Digest::SHA: 0 - Digest::SHA1: 0 - Error: 0 Mail::Address: 0 MIME::Base64: 0 Net::DNS: 0 Test::Simple: 0 meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.2.html - version: 1.2 -author: - - Jason Long + url: http://module-build.sourceforge.net/META-spec-v1.3.html + version: 1.3 diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/README /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/README --- libmail-dkim-perl-0.28/README 2007-07-31 21:41:44.000000000 +0100 +++ libmail-dkim-perl-0.33/README 2008-11-19 18:34:03.000000000 +0000 @@ -1,11 +1,14 @@ -Mail-DKIM version 0.28 +Mail-DKIM version 0.33 ====================== This module implements the various components of the DKIM and DomainKeys message-signing and verifying standards for Internet mail. It currently -tries to implement these Internet Drafts: - * draft-ietf-dkim-base-10 - * draft-delany-domainkeys-base +tries to implement these specifications: + * RFC4871, for DKIM + * RFC4870, for DomainKeys + +With each release, this module is getting bigger, but don't worry, +most of the growth is from having more things to test with `make test'. INSTALLATION @@ -22,8 +25,6 @@ Crypt::OpenSSL::RSA Digest::SHA - Digest::SHA1 - Error Mail::Address (part of the MailTools package) MIME::Base64 Net::DNS @@ -40,10 +41,12 @@ See the TODO file for a list of things I know about. Report bugs to Jason Long . +If `make test' fails, please include the versions of your +installed Crypt::OpenSSL::RSA module and OpenSSL libraries. COPYRIGHT AND LICENCE -Copyright (C) 2006-2007 by Messiah College +Copyright (C) 2006-2008 by Messiah College This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, @@ -51,4 +54,4 @@ SEE ALSO -The DKIM proxy home page, http://jason.long.name/dkimproxy/. +The DKIM proxy home page, http://dkimproxy.sourceforge.net/. diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/scripts/dkimsign.pl /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/scripts/dkimsign.pl --- libmail-dkim-perl-0.28/scripts/dkimsign.pl 2007-07-18 19:05:23.000000000 +0100 +++ libmail-dkim-perl-0.33/scripts/dkimsign.pl 2008-08-12 17:03:41.000000000 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/perl -I../lib # -# Copyright (c) 2005-2006 Messiah College. This program is free software. +# Copyright (c) 2005-2007 Messiah College. This program is free software. # You can redistribute it and/or modify it under the terms of the # GNU Public License as found at http://www.fsf.org/copyleft/gpl.html. # @@ -10,6 +10,7 @@ use warnings; use Mail::DKIM::Signer; +use Mail::DKIM::TextWrap; use Getopt::Long; use Pod::Usage; @@ -17,6 +18,11 @@ my $selector = "selector1"; my $algorithm = "rsa-sha1"; my $method = "simple"; +my $domain; # undef => auto-select domain +my $expiration; +my $identity; +my $key_protocol; +my @extra_tag; my $debug_canonicalization; my $binary; my $help; @@ -25,7 +31,12 @@ "algorithm=s" => \$algorithm, "method=s" => \$method, "selector=s" => \$selector, + "domain=s" => \$domain, + "expiration=i" => \$expiration, + "identity=s" => \$identity, + "key-protocol=s" => \$key_protocol, "debug-canonicalization=s" => \$debug_canonicalization, + "extra-tag=s" => \@extra_tag, "binary" => \$binary, "help|?" => \$help, ) @@ -79,17 +90,26 @@ use Mail::DKIM::DkSignature; - $dkim->domain($dkim->message_sender->host); + $dkim->domain($domain || $dkim->message_sender->host); - my $class = $type eq "domainkeys" ? "Mail::DKIM::DkSignature" - : "Mail::DKIM::Signature"; + my $class = $type eq "domainkeys" ? "Mail::DKIM::DkSignature" : + $type eq "dkim" ? "Mail::DKIM::Signature" : + die "unknown signature type '$type'\n"; my $sig = $class->new( Algorithm => $dkim->algorithm, Method => $dkim->method, Headers => $dkim->headers, Domain => $dkim->domain, Selector => $dkim->selector, + defined($expiration) ? (Expiration => time() + $expiration) : (), + defined($identity) ? (Identity => $identity) : (), ); + $sig->protocol($key_protocol) if defined $key_protocol; + foreach my $extra (@extra_tag) + { + my ($n, $v) = split /=/, $extra, 2; + $sig->set_tag($n, $v); + } $dkim->add_signature($sig); return; } @@ -107,6 +127,7 @@ --type=TYPE --method=METHOD --selector=SELECTOR + --expiration=INTEGER --debug-canonicalization=FILE dkimsign.pl --help @@ -116,6 +137,11 @@ =over +=item B<--expiration> + +Optional. Specify the desired signature expiration, as a delta +from the signature timestamp. + =item B<--type> Determines the desired signature. Use dkim for a DKIM-Signature, or @@ -135,4 +161,16 @@ =back +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2007 by Messiah College + +This program is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + =cut diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/scripts/dkimverify.pl /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/scripts/dkimverify.pl --- libmail-dkim-perl-0.28/scripts/dkimverify.pl 2007-07-18 19:09:00.000000000 +0100 +++ libmail-dkim-perl-0.33/scripts/dkimverify.pl 2008-08-12 17:03:41.000000000 +0100 @@ -67,3 +67,44 @@ { print "sender policy result: not found\n"; } + +__END__ + +=head1 NAME + +dkimverify.pl - verifies DKIM signatures on an email message + +=head1 SYNOPSIS + + dkimverify.pl [options] < signed_email.txt + options: + --debug-canonicalization=FILE + + dkimverify.pl --help + to see a full description of the various options + +=head1 OPTIONS + +=over + +=item B<--debug-canonicalization> + +Outputs the canonicalized message to the specified file, in addition +to computing the DKIM signature. This is helpful for debugging +canonicalization methods. + +=back + +=head1 AUTHOR + +Jason Long, Ejlong@messiah.eduE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2007 by Messiah College + +This program is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.6 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/bad_1878954.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/bad_1878954.txt --- libmail-dkim-perl-0.28/t/corpus/bad_1878954.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/bad_1878954.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,10 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=ijs.si; h=from: + message-id:date; q=dns/txt; s=jakla2; bh=/edzoYuyn17WXm8KeqcX/R+ + khdQ=; b=S7zv7fa8ju7VDq20iD+0OcAE/7k3P1LvYKyIOJxeaEbXh8C06q1+Q4l + KUASCgesOs2M/3E7lkJdmRQvnYdX41BxkoCrI31suRpLyykIQYjM/pUoKHruEZaQ + 3K5Ud6SVKaI2abyzNFT5Yn3QdjdKAQMfMEFC/MAfdooQml/X6SIo= + +this message certainly doesn't verify, since I modified it, +but in certain versions of Mail::DKIM (e.g. 0.30.1), it crashes +with this error: +"Can't use an undefined value as an ARRAY reference" diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/bad_dk_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/bad_dk_1.txt --- libmail-dkim-perl-0.28/t/corpus/bad_dk_1.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/bad_dk_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,24 @@ +DomainKey-Signature: a=rsa-sha1; c=nofws; d=messiah.edu; h=from:to:subject: + date:message-id; q=dns; s=test1; b=RKd+t+/rSjCZ6vuvpXaSK/kH6NtFd + eyCfC0jXN2LigEU7RVb5iW33aW8UN6gEKmSAmfd4/8xIFVtOq+fAQg4gw== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: George +To: Nobody +Subject: domainkeys test (should fail since sender domain is wrong) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/bad_dk_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/bad_dk_2.txt --- libmail-dkim-perl-0.28/t/corpus/bad_dk_2.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/bad_dk_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,18 @@ +DomainKey-Signature: a=rsa-sha1; c=simple; d=messiah.edu; + q=dns; s=test1; b=DmkekrvBPH2D/VSZU9vSOk/xWrllr + QUy9KbJf/0IiMiILDXUIdQsf0J3DgGu3I/mez54kh/1bUA9r7b0plE2CA== +From: Jason Long +Sender: George +To: Nobody +Subject: domainkeys test - no h= tag +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_10.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_10.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_10.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_10.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,22 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=test5; i=jlong@subdomain.messiah.edu; bh=a1tsxn+Nkk390KsMynntsb/bycM=; b=OJLajmX/ndyDwjAAC6e1fElkVLoKBJivp5cFoOT2UrW2Pqs5zRZLjsE6+QkxcnBySL9g4l2/EYVMidhg1iXo9g== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= using subdomain, should fail) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_11.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_11.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_11.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_11.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,25 @@ +DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=messiah.edu; h=from:to: + subject:date:message-id; q=dns/txt; s=test2; bh=yWVxGwA0isgTMZQY + PnTyKv2gX8+hj4nSW9BGUYd/EbI=; b=IBgb6pvA1+zfgPfBUPf53yvBlA+czl1f + vMVOd31CJ9QvMe2yp4AjoTTJKvZ93gisUV3uigJZryLeJV1SpfMBTw== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (h= requires sha1, not sha256, so it should fail) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_12.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_12.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_12.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_12.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,23 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to + :subject:date; s=test3; i=JLONG@messiah.edu; bh=N9OQp3Fydw5h5SJ1 + UDyZrgBPEDU=; b=NC/Z6Cxe5zrXRfaHn+GXPUZtJKq4NqkbJUKPyTd98gqgb3Np + tlp94hM9wVIdBfIN1e5sgrAyixdRcWs5vRKKGA== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (g= is case-sensitive compare) +Date: Wed, 7 Dec 2005 09:11:00 -0500 + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_13.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_13.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_13.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_13.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,23 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to + :subject:date; s=test3; i=foo@messiah.edu; bh=F84VyLrUbda4ryQ+R8 + +e+8UgVxM=; b=g4rCx46HdrfJu2tIlNpNsBW5IDJZMbMOaxPYzZ3qOfxm7lw0VN + nzjx3Or5SlaeKSlhGqQwDmCqHzZ9caarICdQ== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (g= is compared to i= tag) +Date: Wed, 9 Apr 2008 09:11:00 -0500 + +Should fail. + +This is a test + More lines here + +Blah blah blah + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_1.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_1.txt 2007-03-09 21:48:49.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_1) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_2.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_2.txt 2007-03-09 21:49:20.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_2) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_3.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_3.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_3.txt 2007-03-09 21:51:55.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_3.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_3) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_4.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_4.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_4.txt 2007-03-09 21:52:02.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_4.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_4) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_5.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_5.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_5.txt 2007-03-09 21:52:08.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_5.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_5) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_6.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_6.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_6.txt 2007-03-09 21:52:15.000000000 +0000 +++ libmail-dkim-perl-0.33/t/corpus/badkey_6.txt 2008-08-12 17:03:41.000000000 +0100 @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (badkey_6) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_7.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_7.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_7.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_7.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,21 @@ +DKIM-Signature: v=0.5; a=rsa-sha1; c=simple; d=messiah.edu; h=received:received:from:to:subject:date:message-id; q=dns/txt; s=testbad7; bh=rYdLRBGGXK4PCDh+3AbwGuV2OEU=; b=fTmnR2WeabrW0qAlIDm25QOI8pEVfKayiu56bNQeIg7Qbcg7SEeq9Y71MU5WK11DWUwg2+nruwq+y22VQq/Wtw+014kTkfT073wMlTBjeZqNl63T+whlwgUAIjgR6XuR+BP6bc1/nRBbVB7Wjfctj5yNUgGCZqxVEh07wBtgFg0= +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (badkey_7) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_8.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_8.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_8.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_8.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,21 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=testbad8; i=jlong@messiah.edu; bh=N9OQp3Fydw5h5SJ1UDyZrgBPEDU=; b=A+2Cc4OXC/PhT/5zcWDPKh6JSidy2TC+7Ejg4vgXpIvsFU6nXFPxpT2jEpXuBvwcpXI7tAcFOFwwIwOwxIywuA== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (badkey_8) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/badkey_9.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/badkey_9.txt --- libmail-dkim-perl-0.28/t/corpus/badkey_9.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/badkey_9.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,22 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=test4; bh=a1tsxn+Nkk390KsMynntsb/bycM=; b=h2JxFpS6tGwIhc80mS5fuzRwlIr3jdycXDAuFtUOvH4AdbfWtoixEvLpHl8yhqlbXJJWmlyqJLmWkULjE3enOA== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (empty i= local part) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/dk_headers_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/dk_headers_1.txt --- libmail-dkim-perl-0.28/t/corpus/dk_headers_1.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/dk_headers_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,36 @@ +Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) + by mx2.messiah.edu (Postfix) with ESMTP id 79F442ADB4D + for ; Tue, 10 Oct 2006 15:27:14 -0400 (EDT) +Received: by ug-out-1314.google.com with SMTP id 29so952130ugc + for ; Tue, 10 Oct 2006 12:27:13 -0700 (PDT) +DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; + s=beta; d=gmail.com; + h=received:message-id:date:from:to:subject:mime-version:content-type; + b=JOYJLw6miPAjUXx+gIQm3NsWuFInq05TuJppyoxqTopYPe3bSKzRBPLw5X+OMO36re/FDEfZnOjJ4cNYvVPuld6JEikNjk2RK98unQvcdkgBPZODuE7g/vXgLZo005nQkwvfd+4dbpHiINsOTT/0ASxQ+65OcgBu0CRR/DO7z/M= +Received: by 10.66.240.12 with SMTP id n12mr8614290ugh; + Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Received: by 10.67.96.17 with HTTP; Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Date: Tue, 10 Oct 2006 15:27:12 -0400 +From: "Jason Long" +To: jlong@messiah.edu +Subject: Test from gmail +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/alternative; + boundary="----=_Part_20675_4029655.1160508432731" + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/plain; charset=ISO-8859-1; format=flowed +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail. + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/html; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail.
+ +------=_Part_20675_4029655.1160508432731-- diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/dk_headers_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/dk_headers_2.txt --- libmail-dkim-perl-0.28/t/corpus/dk_headers_2.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/dk_headers_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,37 @@ +Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) + by mx2.messiah.edu (Postfix) with ESMTP id 79F442ADB4D + for ; Tue, 10 Oct 2006 15:27:14 -0400 (EDT) +Received: by ug-out-1314.google.com with SMTP id 29so952130ugc + for ; Tue, 10 Oct 2006 12:27:13 -0700 (PDT) +DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; + s=beta; d=gmail.com; + h=foobar:received:message-id:date:from:to:barnone:subject:mime-version:content-type; + b=JOYJLw6miPAjUXx+gIQm3NsWuFInq05TuJppyoxqTopYPe3bSKzRBPLw5X+OMO36re/FDEfZnOjJ4cNYvVPuld6JEikNjk2RK98unQvcdkgBPZODuE7g/vXgLZo005nQkwvfd+4dbpHiINsOTT/0ASxQ+65OcgBu0CRR/DO7z/M= +Received: by 10.66.240.12 with SMTP id n12mr8614290ugh; + Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Received: by 10.67.96.17 with HTTP; Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Date: Tue, 10 Oct 2006 15:27:12 -0400 +From: "Jason Long" +To: jlong@messiah.edu +Subject: Test from gmail +Sender: evil doer +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/alternative; + boundary="----=_Part_20675_4029655.1160508432731" + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/plain; charset=ISO-8859-1; format=flowed +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail. + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/html; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail.
+ +------=_Part_20675_4029655.1160508432731-- diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/dk_multiple_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/dk_multiple_1.txt --- libmail-dkim-perl-0.28/t/corpus/dk_multiple_1.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/dk_multiple_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,41 @@ +DomainKey-Signature: a=rsa-sha1; c=simple; d=messiah.edu; h=date:from:to: + subject:sender:message-id:mime-version:content-type; q=dns; s= + test1; b=LtVZqGbwYWMXJVIEDEMJGKY6CxYOGPxlNVskEWTdOENGSjfuCe+sqrp + e4K4pq6gh0J35O3qZZXrNC21g/gezyg== +Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) + by mx2.messiah.edu (Postfix) with ESMTP id 79F442ADB4D + for ; Tue, 10 Oct 2006 15:27:14 -0400 (EDT) +Received: by ug-out-1314.google.com with SMTP id 29so952130ugc + for ; Tue, 10 Oct 2006 12:27:13 -0700 (PDT) +DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; + s=beta; d=gmail.com; + h=foobar:received:message-id:date:from:to:barnone:subject:mime-version:content-type; + b=JOYJLw6miPAjUXx+gIQm3NsWuFInq05TuJppyoxqTopYPe3bSKzRBPLw5X+OMO36re/FDEfZnOjJ4cNYvVPuld6JEikNjk2RK98unQvcdkgBPZODuE7g/vXgLZo005nQkwvfd+4dbpHiINsOTT/0ASxQ+65OcgBu0CRR/DO7z/M= +Received: by 10.66.240.12 with SMTP id n12mr8614290ugh; + Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Received: by 10.67.96.17 with HTTP; Tue, 10 Oct 2006 12:27:12 -0700 (PDT) +Date: Tue, 10 Oct 2006 15:27:12 -0400 +From: "Jason Long" +To: jlong@messiah.edu +Subject: Test from gmail +Sender: "George" +Message-ID: +MIME-Version: 1.0 +Content-Type: multipart/alternative; + boundary="----=_Part_20675_4029655.1160508432731" + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/plain; charset=ISO-8859-1; format=flowed +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail. + +------=_Part_20675_4029655.1160508432731 +Content-Type: text/html; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +This message sent from Gmail.
+ +------=_Part_20675_4029655.1160508432731-- diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_1878523.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_1878523.txt --- libmail-dkim-perl-0.28/t/corpus/good_1878523.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_1878523.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,24 @@ +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to: + subject:date; q=dns/txt; s=test1; bh=NKeLfwHtKnDOE3FQbS1TqhxDYN0 + =; b=VFNuRhCNOYPIMewC73aSqICVdmI8N3QgyDBYN0/suweIrjiGF+A6MWIF3Kc + GKr3mcfDKsmNoTcaSCP47cB6wAA== +To: Nobody +Subject: dkim test (signature moved) +Date: Wed, 7 Dec 2005 09:11:00 -0500 + +This tests whether issue #1878523 is fixed. +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_dk_3.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_dk_3.txt --- libmail-dkim-perl-0.28/t/corpus/good_dk_3.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_dk_3.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,24 @@ +DomainKey-Signature: a=rsa-sha1; c=nofws; d=messiah.edu; h=from:to:subject: + date:message-id; q=dns; s=test3; b=Y/BiKnnQFSFJs46ZZw1Qh0hovxT/L + +Db3izq4PAKhe3BjfhtxSNcqsnTj7QNjX/4duotVj5FWvKifkz3AVFP1A== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: domainkeys test (key has g= requirement, should pass) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_dk_4.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_dk_4.txt --- libmail-dkim-perl-0.28/t/corpus/good_dk_4.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_dk_4.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,26 @@ +DomainKey-Signature: a=rsa-sha1; c=nofws; d=messiah.edu; h=from:sender:to: + subject:date:message-id; q=dns; s=test3; b=H1Q37m3r5/SkjZa3Mik97 + kZ28YjnE3u0h/ANUr/WnVNqnCoGS1BtY6a2soWtgaiv8pj70HR1BWh0B1GBjTvS1 + g== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: George +Sender: Jason Long +To: Nobody +Subject: domainkeys test (key has g= requirement, should pass) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_dk_5.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_dk_5.txt --- libmail-dkim-perl-0.28/t/corpus/good_dk_5.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_dk_5.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,26 @@ +DomainKey-Signature: a=rsa-sha1; c=nofws; d=messiah.edu; h=from:sender:to: + subject:date:message-id; q=dns; s=test4; b=i5J01ofFaB5XDFC9+O3nb + mcThOO+QW75bwDxNWVt+PsZOuTqB8qu1v9wu9mC6VF3I56lpwQIQEgZoecCQT4eb + Q== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: George +Sender: Jason Long +To: Nobody +Subject: domainkeys test (key has empty g=, should pass) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_dk_6.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_dk_6.txt --- libmail-dkim-perl-0.28/t/corpus/good_dk_6.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_dk_6.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,17 @@ +DomainKey-Signature: a=rsa-sha1; c=simple; d=messiah.edu; + q=dns; s=test1; b=DmkekrvBPH2D/VSZU9vSOk/xWrllr + QUy9KbJf/0IiMiILDXUIdQsf0J3DgGu3I/mez54kh/1bUA9r7b0plE2CA== +From: Jason Long +To: Nobody +Subject: domainkeys test - no h= tag +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_dk_7.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_dk_7.txt --- libmail-dkim-perl-0.28/t/corpus/good_dk_7.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_dk_7.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,17 @@ +DomainKey-Signature: a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject: + date:message-id; q=dns; s=test1; b=rpgP51ZIZ69J8F1XOImeXrROOXPZj + NNkJ2GcB0wxm43/Uq0E1Mg6jyEFr/S0Y6gvDrhnjJAAxM4RQ76xPC2Odw== +From: Jason Long +To: Nobody +Subject: domainkeys test - case-different domain names +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/goodkey_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/goodkey_1.txt --- libmail-dkim-perl-0.28/t/corpus/goodkey_1.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/goodkey_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,20 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date; q=dns/txt; s=test1; bh=N9OQp3Fydw5h5SJ1UDyZrgBPEDU=; b=ZiYNuPr43CrzT9wUwgAapNx0NUVrBAV3nXj8AlOTkCh3OqVaR13LVxlUKA9hbznugXETCKSENDr4hGBPvuMwcA== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (goodkey_1) +Date: Wed, 7 Dec 2005 09:11:00 -0500 + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/goodkey_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/goodkey_2.txt --- libmail-dkim-perl-0.28/t/corpus/goodkey_2.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/goodkey_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,20 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date; q=dns/txt; s=test2; bh=N9OQp3Fydw5h5SJ1UDyZrgBPEDU=; b=sROAwTBt1swNXbyYeo2ZNgjk0fBh8oohypYpT5WxUSK5nOwex4/FQNJ0r+m8Y2L3bez96rFCwd+E0Nq/YLv+yQ== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (goodkey_2) +Date: Wed, 7 Dec 2005 09:11:00 -0500 + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/goodkey_3.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/goodkey_3.txt --- libmail-dkim-perl-0.28/t/corpus/goodkey_3.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/goodkey_3.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,20 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date; q=dns/txt; s=test3; i=jlong@messiah.edu; bh=N9OQp3Fydw5h5SJ1UDyZrgBPEDU=; b=RwH23zxIJNWSjpzNY3SnADAsHf4sjDqxPwcDC+uEUsnlqjeKG9cS3aX1ID+d6vVz+uuRjFKh0wxvOFeQVF4wcA== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (goodkey_3) +Date: Wed, 7 Dec 2005 09:11:00 -0500 + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/goodkey_4.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/goodkey_4.txt --- libmail-dkim-perl-0.28/t/corpus/goodkey_4.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/goodkey_4.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,25 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to: + subject:date:message-id; q=dns/txt; s=test1; i=jlong@messiah.edu; bh= + a1tsxn+Nkk390KsMynntsb/bycM=; b=FE5JP1m+QoWKRybcAWo/Uae/WcbDkMFh + 0JQYRN0PdhHqH7CS4izjiIj7t6CXIbF6PD7S5FUbQ5Swt2ffR6F0/Q== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= using subdomain, should pass) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_qp_1.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_qp_1.txt --- libmail-dkim-perl-0.28/t/corpus/good_qp_1.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_qp_1.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,25 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to + :subject:date; s=test3; i==6Along@messiah.edu; bh=OW2otvzd7V2TO8 + w056SjbYRFCa0=; b=Vfr9HgUlyVf1ZaRVMV8VJNSDXn7f1j2N/rFM4PPmYIC2GD + pSelCRrdA979Buuu/Mmx9FTWoZJBL+s5tafFM8bw== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= uses quoted-printable) +Date: Wed, 9 Apr 2008 09:11:00 -0500 + +Should pass. + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_qp_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_qp_2.txt --- libmail-dkim-perl-0.28/t/corpus/good_qp_2.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_qp_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,25 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to + :subject:date; s=test3; i=jlong@messiah=2Eedu; bh=OW2otvzd7V2TO8 + w056SjbYRFCa0=; b=TuQa6fkzR09SXKTV2LOWHmzVawRieFypY3x9ZhXsEul6+H + /odHbD71uDwBEFdkWwNh7n/WKWjy7gqyftQ0/ung== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= uses quoted-printable) +Date: Wed, 9 Apr 2008 09:11:00 -0500 + +Should pass. + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_qp_3.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_qp_3.txt --- libmail-dkim-perl-0.28/t/corpus/good_qp_3.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_qp_3.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,25 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to + :subject:date; s=test3; i=jlong=40messiah.edu; bh=OW2otvzd7V2TO8 + w056SjbYRFCa0=; b=DqfCOAEklcd1hgviRVra6RtufRW8JjdJ/h6tQmCOi3ATVD + /HakPtw/OqNsMPGBAwUkIYpi1mbt+t09sFj74unw== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= uses quoted-printable) +Date: Wed, 9 Apr 2008 09:11:00 -0500 + +Should pass. + +This is a test + More lines here + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_rfc4871_3.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_rfc4871_3.txt --- libmail-dkim-perl-0.28/t/corpus/good_rfc4871_3.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_rfc4871_3.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,22 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=test1; foo=bar; bh=a1tsxn+Nkk390KsMynntsb/bycM=; b=U0zAE8NPDILfQP9A5fpD35v5SVa/9e+Vrh7hDJpFzram1eVYZTkJmNqHdSF5nBPaCcRt6XBWR9InJkSl/UttZQ== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (sig. has extra tags) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/good_rfc4871_4.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/good_rfc4871_4.txt --- libmail-dkim-perl-0.28/t/corpus/good_rfc4871_4.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/good_rfc4871_4.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,18 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to: + subject:date:message-id; q=dns/txt; s=test1; i=JLong@Messiah.Edu; bh= + a1tsxn+Nkk390KsMynntsb/bycM=; b=CZ+EhwbclRQIvdhanykJLhkpMANaS/+c + GTEQ/0Ziy6t4SqM9TIeRv3qfzm+4TRNxvfiEzfr5KcTyVOnIVuQW3A== +From: Jason Long +To: Nobody +Subject: dkim test - case-differing domain name +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/ignore_5.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/ignore_5.txt --- libmail-dkim-perl-0.28/t/corpus/ignore_5.txt 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/ignore_5.txt 2008-08-12 17:03:41.000000000 +0100 @@ -1,4 +1,4 @@ -DKIM-Signature: v=0.5; a=rsa-sha1; c=simple; d=messiah.edu; h=received:received:from:to:subject:date:message-id; q=http; s=selector1; bh=rYdLRBGGXK4PCDh+3AbwGuV2OEU=; b=NjJBlNqLnQcz8zwF899l4JHO0blD3rRSlR3mPiOLa137fG5RSKOHeYle0U5sBcRNwIUQub+kpXhi9snZqf0zbRfO+TBaZ8dfdVRzX0d4n0PoQCX453fAAnmZcsgD3jevR+R0J/oa1Ao1A0Oj5X7mwut35QcwjIi42bDIjsFP9xk= +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=http; s=test1; bh=gG+cRFxnpu7ApVgxzeYxYHywjBA=; b=SqBRGTdPJyZZUbgRrzZlOxXeHvFXmUvPTLyR7FqkFfezM7SH1YMoFqmL1a5Yteej8CzNBJifhmJ9a3SoyuLn8w== Received: from x.y.test by example.net via TCP @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (ignore_5) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/ignore_6.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/ignore_6.txt --- libmail-dkim-perl-0.28/t/corpus/ignore_6.txt 2006-10-23 20:56:32.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/ignore_6.txt 2008-08-12 17:03:41.000000000 +0100 @@ -1,4 +1,4 @@ -DKIM-Signature: v=0.5; a=rsa-sha1; c=simple; d=messiah.edu; h=received:received:from:to:subject:date:message-id; q=dns/special; s=selector1; bh=rYdLRBGGXK4PCDh+3AbwGuV2OEU=; b=NjJBlNqLnQcz8zwF899l4JHO0blD3rRSlR3mPiOLa137fG5RSKOHeYle0U5sBcRNwIUQub+kpXhi9snZqf0zbRfO+TBaZ8dfdVRzX0d4n0PoQCX453fAAnmZcsgD3jevR+R0J/oa1Ao1A0Oj5X7mwut35QcwjIi42bDIjsFP9xk= +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/special; s=test1; bh=d+8ftYRNRA3Rl7UsO0gP3zT0XE0=; b=C5L1RpN/Nwer3JHq6dcDIilbAfNMynbCdPyGi1fGSsIIuSzBM2mmR3E9p13XqPeoz4rkeOP9PrwUTn3lpdH2uw== Received: from x.y.test by example.net via TCP @@ -8,7 +8,7 @@ Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: Jason Long To: Nobody -Subject: dkim test +Subject: dkim test (ignore_6) Date: Wed, 7 Dec 2005 09:11:00 -0500 Message-ID: <20051207091100@test.messiah.edu> diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/ignore_7.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/ignore_7.txt --- libmail-dkim-perl-0.28/t/corpus/ignore_7.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/ignore_7.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,16 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=selector1; x=1193229946; bh=ige3XiTAsWMkmHv+s6ZBSIbLNNc=; b=mRpAeHLMjhsluDZZpF+snljReZUX/MSFv9XShzGVo4wryMSvc5QEh/YtYwWmvm1gEwTgXbmhMgTmQuIIOggcQwlPurJSkz8Abx4HaHlhtFBIzAhc/R5Dfvh+Ni/tCPCqkOMiyE7yQjXBraxgZ9DpyFGf8JYZLDu1o6pz7hqeZcE= +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (ignore_7) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +Ignore this signature, it is expired. + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/ignore_8.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/ignore_8.txt --- libmail-dkim-perl-0.28/t/corpus/ignore_8.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/ignore_8.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,22 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=from:to:subject:date:message-id; q=dns/txt; s=test1; i=jon@example.org; bh=a1tsxn+Nkk390KsMynntsb/bycM=; b=geBkkvsxno7gZuGYSZmebXgM4G2V35hojxZduBbI5gFLBSUIF0D4NIbzrjbZnuoz7wOjZCXueHxtRidSAHanOw== +Received: from x.y.test + by example.net + via TCP + with ESMTP + id ABC12345 + for ; 21 Nov 1997 10:05:43 -0600 +Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 +From: Jason Long +To: Nobody +Subject: dkim test (i= has wrong domain) +Date: Wed, 7 Dec 2005 09:11:00 -0500 +Message-ID: <20051207091100@test.messiah.edu> + +This is a test + More lines here + + +Blah blah blah + + + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/corpus/multiple_2.txt /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/corpus/multiple_2.txt --- libmail-dkim-perl-0.28/t/corpus/multiple_2.txt 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/corpus/multiple_2.txt 2008-08-12 17:03:41.000000000 +0100 @@ -0,0 +1,18 @@ +DKIM-Signature: v=1; a=rsa-sha1; c=foobar; d=messiah.edu; h=date:from:subject; q=dns/txt; s=selector1; bh=q6DWKdHUzNbVPt6YBbD1KOai/b8=; b=keocS8z7y+utmOuSEa9Q3jpty3bD7ggJgVzh1As9IxLe1xdsLg6tsTgbSntF1Eo2OBwR3EEb1IfTnJ6YvranPVoau5xVF5ydSBjk65HDK/vl1jNrNR4JSkyxxsSFF1npfPZTA9pCEMskdU7mUPqHzC/AxOtm/npzviD83+VUPfA= +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=date:from:subject; q=dns/txt; s=selector1; bh=q6DWKdHUzNbVPt6YBbD1KOai/b8=; b=keocS8z7y+utmOuSEa9Q3jpty3bD7ggJgVzh1As9IxLe1xdsLg6tsTgbSntF1Eo2OBwR3EEb1IfTnJ6YvranPVoau5xVF5ydSBjk65HDK/vl1jNrNR4JSkyxxsSFF1npfPZTA9pCEMskdU7mUPqHzC/AxOtm/npzviD83+VUPfA= +DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=messiah.edu; h=date:from:subject; q=dns/txt; s=selector1; bh=q6DWKdHUzNbVPt6YBbD1KOai/b8=; b=shouldfailutmOuSEa9Q3jpty3bD7ggJgVzh1As9IxLe1xdsLg6tsTgbSntF1Eo2OBwR3EEb1IfTnJ6YvranPVoau5xVF5ydSBjk65HDK/vl1jNrNR4JSkyxxsSFF1npfPZTA9pCEMskdU7mUPqHzC/AxOtm/npzviD83+VUPfA= +DKIM-Signature: synerr +Date: Wed, 15 Feb 2006 17:32:54 -0500 +From: Jason Long +Subject: dkim test (multiple_2) + +The quick brown fox jumped over the lazy dog. + +The first signature should be invalid (i.e. bad canonicalization) + +The second signature should pass + +The third signature should fail + +The fourth signature is unparseable. + diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/FAKE_DNS.dat /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/FAKE_DNS.dat --- libmail-dkim-perl-0.28/t/FAKE_DNS.dat 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/FAKE_DNS.dat 2008-11-19 18:34:03.000000000 +0000 @@ -0,0 +1,21 @@ +# this file contains DNS records used by verifier.t +# +selector1._domainkey.messiah.edu k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhMlYqwtUA9UrrDcNp/IMtdFnytggDl5oIAzJ55oWzPILZE7eX4hLdP6WperHm1WJ9M32XsiKrr4TDbWfp4WjGWBnXf8QMi+WlDuEFOvwVRC/uWy+sAiEf3VcBR5KjGvDovPnGSnW8uDntSOY4HlkTJF/BTWnk29zKmlGyGnw9mQIDAQAB +test1._domainkey.messiah.edu v=DKIM1; t=y; s=email; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +test2._domainkey.messiah.edu v=DKIM1; s=email:web:fine; x1 = extra ; t = y:n:extra; h=md5:sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== ; +test3._domainkey.messiah.edu v=DKIM1; g=jl*g; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +test4._domainkey.messiah.edu v=DKIM1; g=; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +test5._domainkey.messiah.edu v=DKIM1; t=s; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad1._domainkey.messiah.edu v=DKIM3; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad2._domainkey.messiah.edu k=rsa; t; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad3._domainkey.messiah.edu k=foobar; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad4._domainkey.messiah.edu v=DKIM1; s=chat; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad7._domainkey.messiah.edu v=DKIM1; h=bad; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testbad8._domainkey.messiah.edu v=DKIM1; g=*poe; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALgSoqXVSEmfcIsOzw7oRuCCOwsmtX/SJnTWxYyj2leFxfS/AVJ+dYfY+hXqMsT7l+MZvvh/R1WzN4MO/kI/7XsCAwEAAQ== +testrevoked._domainkey.messiah.edu k=rsa; t=y; p= +s1024._domainkey.yahoo.com k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB; n=A 1024 bit key; +beta._domainkey.gmail.com t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3oNfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZEWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niRsZF/IBr5p8uQIDAQAB +jakla2._domainkey.ijs.si v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvWSehCSmnxlhzM+P1Ai+7CgzeAcvkL3RdoHFq8JwtpKN3iLnp/s1yRwE/heAi4QQXxDRdlB0bJm5NxZOsckzK7tJM8EdkebMjyXeKOzBKoJaOIlsx4WC2qHqORB0RLqm4lqJFYZJpUypEpskeAGy7WBG7a+1hOlir9+Tf9xtOkwIDAQAB +shan._domainkey.vmt2.cis.att.net v=DKIM1; k=rsa; h=sha1:sha256:sha512;n=send%20comments%20to%20tony%40att%2Ecom; g=*; s=*;p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALSQ1y/+tHT1d9XvpiVap4Z+GFaydEmDgfC48m3wLLmDqfKBADWYIqrCnfKPvZPzGYzo+aJMEiAOTtiNxPWYToiTfJlTpn2YyEEz6OUIXw0uc+NfEQviN4QQr0jVX9yRjwIDAQAB +foo._domainkey.vmt2.cis.att.net v=DKIM1; k=rsa; n=send%20comments%20to%20tony%40att%2Ecom; g=*; s=*;p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALSQ1y/+tHT1d9XvpiVap4Z+GFaydEmDgfC48m3wLLmDqfKBADWYIqrCnfKPvZPzGYzo+aJMEiAOTtiNxPWYToiTfJlTpn2YyEEz6OUIXw0uc+NfEQviN4QQr0jVX9yRjwIDAQAB +nonexistent._domainkey.messiah.edu NXDOMAIN diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/public_key.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/public_key.t --- libmail-dkim-perl-0.28/t/public_key.t 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/public_key.t 2008-11-19 18:34:03.000000000 +0000 @@ -0,0 +1,14 @@ +#!/usr/bin/perl -I../lib + +use strict; +use warnings; +use Test::More tests => 1; + +use Mail::DKIM::Verifier; + +my $pubkey = Mail::DKIM::PublicKey->fetch( + Protocol => "dns", + Selector => "test1", + Domain => "messiah.edu", + ); +ok($pubkey); diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/signature.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/signature.t --- libmail-dkim-perl-0.28/t/signature.t 2007-05-01 19:17:41.000000000 +0100 +++ libmail-dkim-perl-0.33/t/signature.t 2008-11-19 18:34:03.000000000 +0000 @@ -2,7 +2,7 @@ use strict; use warnings; -use Test::Simple tests => 9; +use Test::Simple tests => 12; use Mail::DKIM::Signature; use Mail::DKIM::TextWrap; @@ -43,3 +43,27 @@ print "#SAFE--->\n" . $signature->as_string . "\n"; $signature->prettify; print "#PRETTY->\n" . $signature->as_string . "\n"; +check_pretty($signature->as_string); + + +$unparsed = "DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ijs.si; s=jakla2;\n\tt=1225813757; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b="; +$signature = Mail::DKIM::Signature->parse($unparsed); +ok($signature, "parse() works (III)"); + +print "#BEFORE->\n" . $signature->as_string . "\n"; +$signature->data("blah"); +print "#AFTER-->\n" . $signature->as_string . "\n"; +my $first_part_1 = ($signature->as_string =~ /^(.*?b=)/s)[0]; +$signature->prettify_safe; +print "#PRETTY->\n" . $signature->as_string . "\n"; +my $first_part_2 = ($signature->as_string =~ /^(.*?b=)/s)[0]; +ok($first_part_1 eq $first_part_2, "signature preserved with prettify_safe"); + +sub check_pretty +{ + my $str = shift; + my @lines = split /\n/s, $str; + + my $any_long_lines = grep { length($_) > 72 } @lines; + ok(!$any_long_lines, "any lines exceed 72 characters"); +} diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/signer_policy.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/signer_policy.t --- libmail-dkim-perl-0.28/t/signer_policy.t 2007-02-21 23:50:08.000000000 +0000 +++ libmail-dkim-perl-0.33/t/signer_policy.t 2008-08-12 17:03:41.000000000 +0100 @@ -49,11 +49,11 @@ $signer->method("relaxed"); $signer->algorithm("rsa-sha256"); $signer->selector("beta"); + $signer->key_file($keyfile); return 1; }; $dkim = sign_sample_using_args( - Policy => $policy, - KeyFile => $keyfile); + Policy => $policy); ok($dkim, "processed message"); $signature = $dkim->signature; diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/signer.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/signer.t --- libmail-dkim-perl-0.28/t/signer.t 2007-05-24 13:46:53.000000000 +0100 +++ libmail-dkim-perl-0.33/t/signer.t 2008-08-12 17:03:41.000000000 +0100 @@ -2,13 +2,14 @@ use strict; use warnings; -use Test::Simple tests => 12; +use Test::Simple tests => 15; use Mail::DKIM::Signer; -my $EXPECTED_RE = qr/njTGkk8JIhv23OEV4VSokdvN5q/; +my $EXPECTED_RE = qr/CIDMVc94VWhLZ4Ktq2Q05011qBXSO/; -my $keyfile = -f "t/test.key" ? "t/test.key" : "test.key"; +my $tdir = -f "t/test.key" ? "t" : "."; +my $keyfile = "$tdir/test.key"; my $dkim = Mail::DKIM::Signer->new( Algorithm => "rsa-sha1", Method => "relaxed", @@ -61,6 +62,8 @@ Method => "relaxed", Domain => "example.org", Selector => "test", + Identity => "bob\@example.org", + Timestamp => time(), KeyFile => $keyfile); ok($dkim, "new() works"); @@ -68,10 +71,44 @@ $dkim->CLOSE; ok($dkim->signature, "signature() works"); -print "# signature=" . $signature->as_string . "\n"; +print "# signature=" . $dkim->signature->as_string . "\n"; + +# check whether the signature includes/excludes certain header fields my $sigstr = $dkim->signature->as_string; ok($sigstr =~ /subject/i, "subject was signed"); ok($sigstr =~ /from/i, "from was signed"); ok($sigstr !~ /received/i, "received was excluded"); ok($sigstr !~ /comments/i, "comments was excluded"); -ok($sigstr =~ /$EXPECTED_RE/, "got expected signature value"); + +# check if the identity got included +ok($sigstr =~ /i=bob\@/, "got expected identity value"); +# check if timestamp got included +ok($sigstr =~ /t=\d+/, "found timestamp value"); + +eval { +$dkim = Mail::DKIM::Signer->new( + Algorithm => "rsa-sha1", + Method => "relaxed", + Domain => "example.org", + Selector => "test", + KeyFile => "$tdir/non_existent_file_!!"); +}; +{ +my $E = $@; +print "# $E" if $E; +ok($E, "new() with bogus key file dies as expected"); +} + +eval { +$dkim = Mail::DKIM::Signer->new( + Algorithm => "rsa-sha1", + Method => "relaxed", + Domain => "example.org", + Selector => "test", + KeyFile => "$tdir/unreadable_file"); +}; +{ +my $E = $@; +print "# $E" if $E; +ok($E, "new() with bogus key file dies as expected"); +} diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/textwrap.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/textwrap.t --- libmail-dkim-perl-0.28/t/textwrap.t 1970-01-01 01:00:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/textwrap.t 2008-11-19 18:34:03.000000000 +0000 @@ -0,0 +1,122 @@ +#!/usr/bin/perl -I../lib + +use strict; +use warnings; +use Test::Simple tests => 16; + +use Mail::DKIM::TextWrap; + +my $tw; +$tw = Mail::DKIM::TextWrap->new; +ok($tw, "new() works"); + +my $output = ""; +my @lines; + +$tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + ); +$tw->add("Mary had a little lamb, whose fleece was white as snow.\n"); +$tw->finish; +my $saved1 = $output; +check_output("basic wrapping"); +ok(@lines == 7, "basic wrapping got expected number of lines"); + +foreach ("Mary ", "had ", "a ", "little ", "lamb, ", "whose ", "fleece ", + "was ", "white ", "as ", "snow.\n") +{ + $tw->add($_); +} +$tw->finish; +my $saved2 = $output; +check_output("basic wrapping- words added separately, space following each"); +ok($saved1 eq $saved2, "same result when words added separately, space following each"); + +foreach ("Mary", " had", " a", " little", " lamb,", " whose", " fleece", + " was", " white", " as", " snow.\n") +{ + $tw->add($_); +} +$tw->finish; +my $saved3 = $output; +check_output("basic wrapping- words added separately, space preceding each"); +ok($saved1 eq $saved3, "same result when words added separately, space preceding each"); + +$tw->{Separator} = "\n "; +$tw->add("Mary had a little lamb, whose fleece was white as snow.\n"); +$tw->finish; +check_output("with second-line indent"); +ok($lines[0] =~ /^Mary had a/, "first line looks ok"); + +$tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + Break => qr/[\s:]/, + ); +$tw->add("apple:orange:banana:apricot:blueberry:strawberry-kiwi\n"); +$tw->finish; +check_output("colon-separated list"); +ok($lines[0] eq "apple:", "first line looks ok"); +ok($lines[1] eq "orange:", "second line looks ok"); +ok($lines[$#lines] =~ "strawberry-kiwi", "over-long word did not get split"); + +$tw->add(" apple : orange : apricot : kiwi \n"); +$tw->finish; +check_output("colon-separated list with spaces"); +ok($lines[0] =~ /^\s/, "first line begins with space"); +ok($lines[$#lines] =~ /\s$/, "last line ends with space"); +ok(grep(!/(^\s|\s$)/, @lines[1 .. ($#lines - 1)]), "middle lines neither begin nor end with space"); + +$tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + Break => qr/[\s:]/, + BreakBefore => qr/[:]/, + ); +$tw->add("apple:orange:banana:apricot:lime:kiwi\n"); +$tw->finish; +check_output("colon-separated list, split before colons"); +ok($lines[0] eq "apple", "first line looks ok"); +ok($lines[1] eq ":orange", "second line looks ok"); +ok($lines[$#lines] =~ /:kiwi$/, "last line looks ok"); + +$tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + ); +$tw->add("apple"); +$tw->add("orange"); +$tw->add("banana"); +$tw->add("apricot"); +$tw->finish; +check_output(""); +ok(@lines == 1, "no wrapping took place"); + +$tw = Mail::DKIM::TextWrap->new( + Margin => 10, + Output => \$output, + ); +foreach (qw(apple orange banana apricot)) +{ + $tw->add($_); + $tw->flush; +} +$tw->finish; +check_output(""); +ok(!(grep { length($_) > 10 } @lines), "no long lines"); + +sub check_output +{ + my ($test_name) = @_; + @lines = split /\n/, $output; + $output = ""; + + print "# $test_name\n"; + print "# " . ('-' x $tw->{Margin}) . "\n"; + foreach my $l (@lines) + { + print "# $l\n"; + } + print "# " . ('-' x $tw->{Margin}) . "\n"; +} diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/t/verifier.t /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/t/verifier.t --- libmail-dkim-perl-0.28/t/verifier.t 2007-05-01 19:25:00.000000000 +0100 +++ libmail-dkim-perl-0.33/t/verifier.t 2009-03-10 14:46:59.000000000 +0000 @@ -2,22 +2,19 @@ use strict; use warnings; -use Test::More tests => 45; +use Test::More tests => 83; use Mail::DKIM::Verifier; +my $homedir = (-d "t") ? "t" : "."; + my $dkim = Mail::DKIM::Verifier->new(); ok($dkim, "new() works"); $dkim = Mail::DKIM::Verifier->new_object(); ok($dkim, "new_object() works"); -my $srcfile = "t/test5.txt"; -unless (-f $srcfile) -{ - $srcfile = "test5.txt" if (-f "test5.txt"); -} -my $sample_email = read_file($srcfile); +my $sample_email = read_file("$homedir/test5.txt"); ok($sample_email, "able to read sample email"); ok($sample_email =~ /\015\012/, "sample has proper line endings"); @@ -44,7 +41,18 @@ test_email("good_ietf00_5.txt", "pass"); test_email("good_ietf01_1.txt", "pass"); test_email("good_ietf01_2.txt", "pass"); +test_email("good_rfc4871_3.txt", "pass"); # tests extra tags in signature +test_email("good_rfc4871_4.txt", "pass"); # case-differing domain name +test_email("good_1878523.txt", "pass"); # test issue #1878523 test_email("multiple_1.txt", "pass"); +test_email("multiple_2.txt", "pass"); +my @sigs = $dkim->signatures; +ok($sigs[0]->result eq "invalid", "first signature is 'invalid'"); +ok($sigs[1]->result eq "pass", "second signature is 'pass'"); +ok($sigs[2]->result eq "fail", "third signature is 'fail'"); +test_email("good_qp_1.txt", "pass"); # tests i= quoted-printable value +test_email("good_qp_2.txt", "pass"); # tests i= quoted-printable value +test_email("good_qp_3.txt", "pass"); # tests i= quoted-printable value test_email("bad_ietf01_1.txt", "fail"); ok($dkim->result_detail =~ /body/, "determined body had been altered"); @@ -62,12 +70,27 @@ qr/OpenSSL/i, "determined OpenSSL error"); } +test_email("bad_1878954.txt", "fail"); # shouldn't die # test older DomainKeys messages, from Gmail and Yahoo! test_email("good_dk_gmail.txt", "pass"); test_email("good_dk_yahoo.txt", "pass"); test_email("good_dk_1.txt", "pass"); test_email("good_dk_2.txt", "pass"); +test_email("good_dk_3.txt", "pass"); # key with g= tag (ident in From header) +test_email("good_dk_4.txt", "pass"); # key with g= tag (ident in Sender head) +test_email("good_dk_5.txt", "pass"); # key with empty g= +test_email("good_dk_6.txt", "pass"); # no h= tag +test_email("good_dk_7.txt", "pass"); # case-differing domain names +test_email("dk_headers_1.txt", "pass"); +test_email("dk_headers_2.txt", "pass"); +test_email("bad_dk_1.txt", "invalid"); # sig. domain != From header (no Sender) +test_email("bad_dk_2.txt", "invalid"); # added Sender header, no h= tag +test_email("dk_multiple_1.txt", "pass"); +my @dksigs = $dkim->signatures; +ok(@dksigs == 2, "found two signatures"); +ok($dksigs[0]->result eq "pass", "first signature is 'pass'"); +ok($dksigs[1]->result eq "pass", "second signature is 'pass'"); # test empty/missing body - simple canonicalization test_email("no_body_1.txt", "pass"); @@ -83,6 +106,16 @@ test_email("ignore_4.txt", "invalid"); # unsupported c= tag (c=future) test_email("ignore_5.txt", "invalid"); # unsupported q= tag (q=http) test_email("ignore_6.txt", "invalid"); # unsupported q= tag (q=dns/special) +test_email("ignore_7.txt", "invalid"); # expired signature +test_email("ignore_8.txt", "invalid"); # bad i= value + +# +# test variants on the public key +# +test_email("goodkey_1.txt", "pass"); # public key with s=email +test_email("goodkey_2.txt", "pass"); # public key with extra tags, h=, s=, etc. +test_email("goodkey_3.txt", "pass"); # public key with g=jl*g +test_email("goodkey_4.txt", "pass"); # public key with implied g # # test problems with the public key @@ -91,8 +124,16 @@ test_email("badkey_2.txt", "invalid"); # public key REVOKED test_email("badkey_3.txt", "invalid"); # public key unsupported v= tag test_email("badkey_4.txt", "invalid"); # public key syntax error +ok($dkim->result_detail =~ /public key/, "detail mentions public key"); test_email("badkey_5.txt", "invalid"); # public key unsupported k= tag test_email("badkey_6.txt", "invalid"); # public key unsupported s= tag +test_email("badkey_7.txt", "invalid"); # public key unsupported h= tag +test_email("badkey_8.txt", "invalid"); # public key unmatched g= tag +test_email("badkey_9.txt", "invalid"); # public key empty g= tag +test_email("badkey_10.txt", "invalid"); # public key requires i == d +test_email("badkey_11.txt", "invalid"); # public key unmatched h= tag +test_email("badkey_12.txt", "invalid"); # public key g= != i= by case +test_email("badkey_13.txt", "invalid"); # public key g= matches From but not i= sub read_file @@ -112,11 +153,7 @@ my ($file, $expected_result) = @_; print "# verifying message '$file'\n"; $dkim = Mail::DKIM::Verifier->new(); - my $path = "t/corpus/" . $file; - unless (-f $path) - { - $path = "corpus/$file" if (-f "corpus/$file"); - } + my $path = "$homedir/corpus/$file"; my $email = read_file($path); $dkim->PRINT($email); $dkim->CLOSE; @@ -124,3 +161,56 @@ print "# result: " . $dkim->result_detail . "\n"; ok($result eq $expected_result, "'$file' should '$expected_result'"); } + +# override the DNS implementation, so that these tests do not +# rely on DNS servers I have no control over +my $CACHE; +sub Mail::DKIM::DNS::fake_query +{ + my ($domain, $type) = @_; + die "can't lookup $type record" if $type ne "TXT"; + + unless ($CACHE) + { + open my $fh, "<", "$homedir/FAKE_DNS.dat" + or die "Error: cannot read $homedir/FAKE_DNS.dat: $!\n"; + $CACHE = {}; + while (<$fh>) + { + chomp; + next if /^\s*[#;]/ || /^\s*$/; + my ($k, $v) = split /\s+/, $_, 2; + $CACHE->{$k} = $v eq "NXDOMAIN" ? [] : + [ bless \$v, "FakeDNS::Record" ]; + } + close $fh; + } + + if (not exists $CACHE->{$domain}) + { + warn "did not cache that DNS entry: $domain\n"; + print STDERR ">>>\n"; + print STDERR join("", (Mail::DKIM::DNS::orig_query($domain, $type))[0]->char_str_list) . "\n"; + print STDERR "<<<\n"; + die; + } + + return @{$CACHE->{$domain}}; +} + +BEGIN { + *Mail::DKIM::DNS::orig_query = *Mail::DKIM::DNS::query; + *Mail::DKIM::DNS::query = *Mail::DKIM::DNS::fake_query; +} + +package FakeDNS::Record; + +sub type +{ + return "TXT"; +} + +sub char_str_list +{ + return ${$_[0]}; +} diff -Nru /tmp/cCTvRKSj06/libmail-dkim-perl-0.28/TODO /tmp/P1gxurhBLF/libmail-dkim-perl-0.33/TODO --- libmail-dkim-perl-0.28/TODO 2007-06-11 14:59:01.000000000 +0100 +++ libmail-dkim-perl-0.33/TODO 2008-11-19 18:34:03.000000000 +0000 @@ -1,3 +1,6 @@ +Common: + - don't "die" on PRINT or CLOSE, find better ways to report the error + DKIM-Signature: - allow version tag (DONE) - accept q=dns/txt (DONE) @@ -10,7 +13,7 @@ Verifier: - verify multiple signatures (ietf05 6.1) (DONE) - check that From header is signed (ietf05 6.1.1) - - check public key "granularity" + - check public key "granularity" (DONE) - handle no response from first DNS server listed in resolv.conf (currently it goes to the second server after 5 seconds, but it does this for EVERY signature, so this will badly affect @@ -37,7 +40,8 @@ - allow adding chained signatures in one pass (e.g. allow adding a DomainKeys signature, and a DKIM signature, with the new DKIM signature signing the new DomainKeys signature) (REJECTED) - - allow creation of i=, l=, t=, x=, and z= tags + - allow creation of i= and x= tags (DONE) + - allow creation of l=, t=, and z= tags - do header-wrapping to signature before signing (DONE) - allow signer policy to change which private key is used @@ -47,24 +51,46 @@ - SERVFAIL - syntax error in public key record - test DNS timeout for signing policy + - test key records composed of fragmented TXT records - test signature options: - unspecified query type - query type of "dns/" - - bad query type - - bad algorithm + - bad query type (DONE) + - bad algorithm (DONE) - unspecified algorithm - bad canonicalization - unspecified canonicalization - test presence of version tag in signature - IMPORTANT- allow `make test' to work when DNS is not available + - test various components of verifying, so better diagnostics can be + made when the verify.t script reports a bunch of unexplained failures + - test absense of h= tag in DKIM signature + - test use of non-ASCII characters in header names and h= tag Possible issues in base-10 draft: - - 6.1.2 - check g= tag of public key against i= tag of signature - - 6.1.2 - check h= tag of public key against a= tag of signature + - 6.1.2 - check g= tag of public key against i= tag of signature (DONE) + - 6.1.2 - check h= tag of public key against a= tag of signature (DONE) - 3.5 - t= tag, create it when signing messages, check it when verifying - - 3.5 - x= tag, create it when signing messages, check it when verifying + - 3.5 - x= tag, create it when signing messages + - check it when verifying (DONE) - 5.4 - allow better control of which headers to sign - - 5.5 - recommended headers to sign and NOT to sign + - 5.5 - recommended headers to sign and NOT to sign (DONE) - 3.3.1 - what's an RSA exponent? - 6.1.1 - configurable list of unacceptable signing domains, e.g. "com" and "co.uk" + +Possible issues in RFC 4871: + - 3.6.1 - g= should be case-sensitive (see 3.2 "tag values must be + processed as case sensitive unless...", and 3.6.1, "g=", which does + NOT mention case-sensitivity) + - 3.6.1 - g= tag using irregular characters + - 3.5 - i= tag, should allow quoted-printable encoding + - 3.5 - i= tag, internationalized domains? + - 3.5 - l= tag, what happens if the number is REALLY big, + or doesn't contain a number? + - 3.5 - q= tag, should skip signature if subtype is not "txt" + (I think I do this, but do other verifiers?) + - rationale- if a dns/foo type comes out, then it will be WRONG + to lookup the txt record + - 3.2 - "if a tag name does occur more than once, the entire tag-list + is invalid"