[exim-dev] [Bug 2295] Invalid DKIM signatures (due to header…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2295] Invalid DKIM signatures (due to header hash miscomputed)
https://bugs.exim.org/show_bug.cgi?id=2295

--- Comment #4 from Guillaume Outters <guillaume-exim@???> ---
Wow…

This seems to be linked to my signing key length (1536 bits), triggering an
off-by-1 bug in pdkim_headcat.

(I chose a 1536 bits length as it was the maximum power-of-2-round value before
my DNS provider's web interface rejected my TXT record for being too long.
Anyway)

Comparing my DKIM-Signature with one of exim-dev's:

DKIM-Signature: v=1; […]; h=Message-ID:[…]
    List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=xgoKQ37mrKC7EifZ0ddjdYEgqan9G5XvDdJ7Rg/Ya/c=;
b=FUnBXInlf2W47Ki5PVg9gDmq7m


ACzB5kJM9vnGincERkJHfFU3PkfpvfYnc6wbjBszVZ0vDo4Ucua+daSty2yAyTtWmM02JW6TMbEXZ

DLvJeF6aSqsAUGErpiq/UBj5M7Rntaig0722nujqMelGm8A0Dr/K8Zipidk00NFHjMnIys0GZKIB1

qv6xR5erP82LPBmDn7NNsjcsdWBtDomA8PPyQnJWoxKjS6QzHm8wPgMem9qDJgLXazaM0JyStY8X

DKIM-Signature: v=1; […]; h=Sender:[…]
    Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
    bh=Ov322o8ALSs/zTSbtBtU5VEc3AyaG/ZlOno3LsqN93M=;
b=CN+nEvm3utUkPjsA+Tx9U6cEL6


QlBV47wRZUhThXL43XS3Z0n9xs9vAvDNvxngXw8fF1FJ9DjWtoZD5CLQX56Pvp99x3kM1Uz8WkgJ0

oANdUPKfZRyY3Z7XL5htAvFnO3oZBM2aZWFZztBz+7G5eP0vtHyixUSpVSFGfONiQxmpyjsPjTk/v

Je/uC9Z93OJehMfKP9ZZlX6lTFSrHs8xPLP6tpR9wCgLqXnuMofP1GTJx1MOqDoqODQZyEKpJWup1

Hf3ZiEGnzLR/SRTTRnevRu5JacxDAclNmI0jbHCrPCOPt1afLt14PrGKA1oDZ6+gDOHQfXkpYgr0x
    U6cSGfMw==;


Notice (on bh=) that when an addition does not fit on the current line (the
last one of the h=), but is less than 77 characters long, pdkim_headcat prefers
to put it on its own, new, line rather than splitting it with its start filling
the current line and its end put on a new line.

So, in both cases (mine and exim-dev e-mail server's), our bh= starts a new
line.
Then b= gets appended.
My 1536 bits key generates a 1536 bits signature, that is 192 bytes, or 256
base64 bytes.
exim-dev's 2048 one generates a 344 byte base64.

So my "bh=" + "b=" total to 307 bytes, that is, 4 * 77 - 1 (notice, in
monospace fonts, that my …Y8X arrives one character left from the 78-chars
aligned EOL).

When adding the 1-character ";" ("hdr = pdkim_headcat(&col, hdr, NULL, US";",
US"");"), a bug in pdkim_headcat completely skips the addition, so this is why
my ";" disappears.
When debugging exim, after the "hdr = pdkim_headcat(&col, hdr, US";", US"b=",
base64_b);", col's value was 1 ("already on a new line"), while I was expecting
77 ("you still have room for 1 character").

(if I pad my "bh=, b=" by adding a space before the b=, it suffices to make the
signature go the EOL and the ; to appear on a new line)

May it have to do with the "while (l>77)"? May it be the cause for the
confidence-lacking "the headcat routine could insert a linebreak" comment?
Either way, it has to be corrected, because it means that any other
pdkim_headcat with a 1-length intro and a 0-length payload will skip the intro.

--
You are receiving this mail because:
You are on the CC list for the bug.