Commit
+25 -24 +/-5 browse
1 | diff --git a/examples/report_arf_generate.rs b/examples/report_arf_generate.rs |
2 | index d2802a7..766680c 100644 |
3 | --- a/examples/report_arf_generate.rs |
4 | +++ b/examples/report_arf_generate.rs |
5 | @@ -40,8 +40,7 @@ fn main() { |
6 | .with_identity_alignment(IdentityAlignment::DkimSpf) |
7 | .with_message(&b"From: hello@world.org\r\nTo: ciao@mundo.org\r\n\r\n"[..]) |
8 | .to_rfc5322( |
9 | - "DMARC Reports", |
10 | - "no-reply@example.org", |
11 | + ("DMARC Reports", "no-reply@example.org"), |
12 | "ruf@otherdomain.com", |
13 | "DMARC Authentication Failure Report", |
14 | ) |
15 | diff --git a/examples/report_dmarc_generate.rs b/examples/report_dmarc_generate.rs |
16 | index 8c8511c..eb279d8 100644 |
17 | --- a/examples/report_dmarc_generate.rs |
18 | +++ b/examples/report_dmarc_generate.rs |
19 | @@ -99,9 +99,8 @@ fn main() { |
20 | ) |
21 | .to_rfc5322( |
22 | "initech.net", |
23 | - "Initech Industries", |
24 | - "noreply-dmarc@initech.net", |
25 | - "dmarc-reports@example.org", |
26 | + ("Initech Industries", "noreply-dmarc@initech.net"), |
27 | + ["dmarc-reports@example.org"].iter().copied(), |
28 | ) |
29 | .unwrap(); |
30 | |
31 | diff --git a/src/arc/seal.rs b/src/arc/seal.rs |
32 | index 381063c..101c620 100644 |
33 | --- a/src/arc/seal.rs |
34 | +++ b/src/arc/seal.rs |
35 | @@ -247,13 +247,13 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
36 | ); |
37 | |
38 | // Create private keys |
39 | - let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
40 | let pk_ed_public = |
41 | base64_decode(ED25519_PUBLIC_KEY.rsplit_once("p=").unwrap().1.as_bytes()).unwrap(); |
42 | let pk_ed_private = base64_decode(ED25519_PRIVATE_KEY.as_bytes()).unwrap(); |
43 | |
44 | // Create DKIM-signed message |
45 | - let mut raw_message = DkimSigner::from_key(pk_rsa.clone()) |
46 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
47 | + let mut raw_message = DkimSigner::from_key(pk_rsa) |
48 | .domain("manchego.org") |
49 | .selector("rsa") |
50 | .headers(["From", "To", "Subject"]) |
51 | @@ -264,6 +264,8 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
52 | |
53 | // Verify and seal the message 50 times |
54 | for _ in 0..25 { |
55 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
56 | + |
57 | raw_message = arc_verify_and_seal( |
58 | &resolver, |
59 | &raw_message, |
60 | @@ -272,14 +274,8 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
61 | Ed25519Key::from_bytes(&pk_ed_public, &pk_ed_private).unwrap(), |
62 | ) |
63 | .await; |
64 | - raw_message = arc_verify_and_seal( |
65 | - &resolver, |
66 | - &raw_message, |
67 | - "manchego.org", |
68 | - "rsa", |
69 | - pk_rsa.clone(), |
70 | - ) |
71 | - .await; |
72 | + raw_message = |
73 | + arc_verify_and_seal(&resolver, &raw_message, "manchego.org", "rsa", pk_rsa).await; |
74 | } |
75 | |
76 | //println!("{}", raw_message); |
77 | diff --git a/src/common/crypto/rust_crypto.rs b/src/common/crypto/rust_crypto.rs |
78 | index 178fb2d..2d6c34d 100644 |
79 | --- a/src/common/crypto/rust_crypto.rs |
80 | +++ b/src/common/crypto/rust_crypto.rs |
81 | @@ -8,7 +8,7 @@ use crate::{common::headers::Writer, dkim::Canonicalization, Error, Result}; |
82 | |
83 | use super::{Algorithm, HashContext, HashImpl, HashOutput, Sha1, Sha256, SigningKey, VerifyingKey}; |
84 | |
85 | - #[derive(Clone, Debug)] |
86 | + #[derive(Debug)] |
87 | pub struct RsaKey<T> { |
88 | inner: RsaPrivateKey, |
89 | padding: PhantomData<T>, |
90 | diff --git a/src/dkim/sign.rs b/src/dkim/sign.rs |
91 | index 43c2e6e..1aa996e 100644 |
92 | --- a/src/dkim/sign.rs |
93 | +++ b/src/dkim/sign.rs |
94 | @@ -198,7 +198,6 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
95 | ); |
96 | |
97 | // Create private keys |
98 | - let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
99 | let pk_ed = Ed25519Key::from_bytes( |
100 | &base64_decode(ED25519_PUBLIC_KEY.rsplit_once("p=").unwrap().1.as_bytes()).unwrap(), |
101 | &base64_decode(ED25519_PRIVATE_KEY.as_bytes()).unwrap(), |
102 | @@ -224,9 +223,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
103 | ); |
104 | |
105 | // Test RSA-SHA256 relaxed/relaxed |
106 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
107 | verify( |
108 | &resolver, |
109 | - DkimSigner::from_key(pk_rsa.clone()) |
110 | + DkimSigner::from_key(pk_rsa) |
111 | .domain("example.com") |
112 | .selector("default") |
113 | .headers(["From", "To", "Subject"]) |
114 | @@ -253,9 +253,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
115 | .await; |
116 | |
117 | // Test RSA-SHA256 simple/simple with duplicated headers |
118 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
119 | verify( |
120 | &resolver, |
121 | - DkimSigner::from_key(pk_rsa.clone()) |
122 | + DkimSigner::from_key(pk_rsa) |
123 | .domain("example.com") |
124 | .selector("default") |
125 | .headers([ |
126 | @@ -275,9 +276,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
127 | .await; |
128 | |
129 | // Test RSA-SHA256 simple/relaxed with fixed body length |
130 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
131 | verify( |
132 | &resolver, |
133 | - DkimSigner::from_key(pk_rsa.clone()) |
134 | + DkimSigner::from_key(pk_rsa) |
135 | .domain("example.com") |
136 | .selector("default") |
137 | .headers(["From", "To", "Subject"]) |
138 | @@ -291,9 +293,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
139 | .await; |
140 | |
141 | // Test AUID not matching domain |
142 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
143 | verify( |
144 | &resolver, |
145 | - DkimSigner::from_key(pk_rsa.clone()) |
146 | + DkimSigner::from_key(pk_rsa) |
147 | .domain("example.com") |
148 | .selector("default") |
149 | .headers(["From", "To", "Subject"]) |
150 | @@ -306,9 +309,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
151 | .await; |
152 | |
153 | // Test expired signature and reporting |
154 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
155 | let r = verify( |
156 | &resolver, |
157 | - DkimSigner::from_key(pk_rsa.clone()) |
158 | + DkimSigner::from_key(pk_rsa) |
159 | .domain("example.com") |
160 | .selector("default") |
161 | .headers(["From", "To", "Subject"]) |
162 | @@ -326,9 +330,10 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
163 | assert_eq!(r.as_deref(), Some("dkim-failures@example.com")); |
164 | |
165 | // Verify ATPS (failure) |
166 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
167 | verify( |
168 | &resolver, |
169 | - DkimSigner::from_key(pk_rsa.clone()) |
170 | + DkimSigner::from_key(pk_rsa) |
171 | .domain("example.com") |
172 | .selector("default") |
173 | .headers(["From", "To", "Subject"]) |
174 | @@ -342,6 +347,7 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
175 | .await; |
176 | |
177 | // Verify ATPS (success) |
178 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
179 | resolver.txt_add( |
180 | "UN42N5XOV642KXRXRQIYANHCOUPGQL5LT4WTBKYT2IJFLBWODFDQ._atps.example.com.".to_string(), |
181 | Atps::parse(b"v=ATPS1;").unwrap(), |
182 | @@ -349,7 +355,7 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
183 | ); |
184 | verify( |
185 | &resolver, |
186 | - DkimSigner::from_key(pk_rsa.clone()) |
187 | + DkimSigner::from_key(pk_rsa) |
188 | .domain("example.com") |
189 | .selector("default") |
190 | .headers(["From", "To", "Subject"]) |
191 | @@ -363,6 +369,7 @@ GMot/L2x0IYyMLAz6oLWh2hm7zwtb0CgOrPo1ke44hFYnfc= |
192 | .await; |
193 | |
194 | // Verify ATPS (success - no hash) |
195 | + let pk_rsa = RsaKey::<Sha256>::from_pkcs1_pem(RSA_PRIVATE_KEY).unwrap(); |
196 | resolver.txt_add( |
197 | "example.com._atps.example.com.".to_string(), |
198 | Atps::parse(b"v=ATPS1;").unwrap(), |