[Dcrup] Re: [standards] [Editorial Errata Reported] RFC8463 (7930)
Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 11 May 2024 04:40 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68600C151551 for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 21:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7YbQSwS9wQof for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 21:40:45 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995A3C169438 for <dcrup@ietf.org>; Fri, 10 May 2024 21:40:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1715402472; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to : from; bh=wfuHiCMp4kKR2RKKs3f3zlK+FwqvySveUdLCUBElIWI=; b=J7q5302S4nVIUu9aQ+aAAHHpPJcNz8/yklUdZx5m0UJ++2rl72s1Tb/fFGwD67J2sEnEL phvfu2Mf1CyckBNHryZ/CBUP4GRpLa57nxZ/y72Vvksx8V5erOdXEntkvuAVjKzyydGpZaz gIRpY20GWg6w1LTPqbOOKScJuz7GxC8=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id C4AB18DF27A; Sat, 11 May 2024 00:41:12 -0400 (EDT)
Date: Sat, 11 May 2024 00:41:12 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dcrup@ietf.org
Message-ID: <Zj726P3CJF1KM7Mu@chardros.imrryr.org>
References: <20240509203958.F19D933CD1@rfcpa.amsl.com> <e53d766c-1896-66df-8d4c-354d906b6854@taugh.com> <20240510215720.Yu6l3XKE@steffen%sdaoden.eu> <71fbef75-05dc-7f0a-5d69-afb7fe14cbdc@taugh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <71fbef75-05dc-7f0a-5d69-afb7fe14cbdc@taugh.com>
Message-ID-Hash: WSXG4S4TPGNEV3N7QJBEHE4C6UVJCSOQ
X-Message-ID-Hash: WSXG4S4TPGNEV3N7QJBEHE4C6UVJCSOQ
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dcrup.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: RFC Errata System <rfc-editor@rfc-editor.org>, Steffen Nurpmeso <steffen@sdaoden.eu>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Dcrup] Re: [standards] [Editorial Errata Reported] RFC8463 (7930)
List-Id: DKIM Crypto Update <dcrup.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/o798VIDlHCOb4ArXYJtejQhx3iI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Owner: <mailto:dcrup-owner@ietf.org>
List-Post: <mailto:dcrup@ietf.org>
List-Subscribe: <mailto:dcrup-join@ietf.org>
List-Unsubscribe: <mailto:dcrup-leave@ietf.org>
On Fri, May 10, 2024 at 08:14:51PM -0400, John R Levine wrote: > On Fri, 10 May 2024, Steffen Nurpmeso wrote: > > |As we have tried to tell Steffen, if your code disagrees with the spec, > > |that doesn't mean the spec is wrong. I have verified the correctness of the RFC signature value, details below. > > This is not my code, this is the code from RFC 8032 copied over to > > a file but with the "main()" driver replaced with the below so > > i can feed in data as two lines of base64 (key, data). > > It would be a lot more credible if you could get your code to produce the > same result that is in the RFC and that other DKIM libraries get, and then > show what you had to change and why it is wrong. 1. The "bh=" value in RFC8463 is correct: $ printf "%s\n\n%s\n\n%s\n\n" 'Hi.' 'We lost the game. Are you hungry yet?' 'Joe.' | perl -pe 'BEGIN {undef $/}; s/[\t ]*\r?\n/\r\n/g; s/[\t ]+/ /g; s/(?:\r\n)+\z/\r\n/' | openssl dgst -sha256 -binary | openssl base64 2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8= 2. The headers to be signed are: h=from : to : subject : date : message-id : from : subject : date So the data-hash is: $ ( printf "%s\n" 'From: Joe SixPack <joe@football.example.com>' printf "%s\n" 'To: Suzie Q <suzie@shopping.example.net>' printf "%s\n" 'Subject: Is dinner ready?' printf "%s\n" 'Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)' printf "%s\n" 'Message-ID: <20030712040037.46341.5F8J@football.example.com>' printf "%s\n" 'DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;' printf "%s\n" ' d=football.example.com; i=@football.example.com;' printf "%s\n" ' q=dns/txt; s=brisbane; t=1528637909; h=from : to :' printf "%s\n" ' subject : date : message-id : from : subject : date;' printf "%s" ' bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=' ) | perl -ne ' BEGIN {undef $/} @h = split(m{(?<=(?:\n(?=[^\t ])))}); for (@h) { s{(\A[^:]+?)[\t ]*:[\t ]*}{\L$1:}; s{\r?\n(?=.)}{}g; s{[\t ]+}{ }g; s{\r?\n\z}{\r\n}; print; }' | openssl dgst -sha256 -binary | xxd -p -c32 48ce9a2c710ece1710ff156996b836a7f45470e43efe5643074d6e1690ed62e7 3. This is then signed with the Ed25519 key from RFC8032: $ openssl genpkey -algorithm ed25519 -outform DER | xxd -p -c128 | perl -pe 's/0420.{64}$/04209d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60/' | xxd -p -r | openssl pkey -inform DER -out /tmp/pkey.pem $ printf "%s\n" 48ce9a2c710ece1710ff156996b836a7f45470e43efe5643074d6e1690ed62e7 | xxd -r -p > /tmp/data.hash $ openssl pkeyutl -rawin -sign -inkey /tmp/pkey.pem -in /tmp/data.hash | openssl base64 /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY 5OsU7ZbnKELq+eXdp1Q1Dw== The result matches the "b=" value in https://datatracker.ietf.org/doc/html/rfc8463#appendix-A.3 -- Viktor.
- [Dcrup] [Editorial Errata Reported] RFC8463 (7930) RFC Errata System
- [Dcrup] Re: [standards] [Editorial Errata Reporte… John R Levine
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Alessandro Vesely
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… John R Levine
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Viktor Dukhovni
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Viktor Dukhovni
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… John R Levine
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Viktor Dukhovni
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Hector Santos
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Alessandro Vesely
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Viktor Dukhovni
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Rebecca VanRheenen
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Alessandro Vesely
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Viktor Dukhovni
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Steffen Nurpmeso
- [Dcrup] Re: [Ietf-dkim] [standards] [Editorial Er… Hector Santos
- [Dcrup] Re: [Ietf-dkim] [standards] [Editorial Er… Viktor Dukhovni
- [Dcrup] Re: [Ietf-dkim] [standards] [Editorial Er… Steffen Nurpmeso
- [Dcrup] Re: [Ietf-dkim] [standards] [Editorial Er… Viktor Dukhovni
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Murray S. Kucherawy
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Murray S. Kucherawy
- [Dcrup] Re: [Editorial Errata Reported] RFC8463 (… Orie Steele
- [Dcrup] Re: [standards] [Editorial Errata Reporte… Murray S. Kucherawy