[Dcrup] Re: [standards] [Editorial Errata Reported] RFC8463 (7930)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 11 May 2024 04:40 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68600C151551 for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 21:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7YbQSwS9wQof for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 21:40:45 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995A3C169438 for <dcrup@ietf.org>; Fri, 10 May 2024 21:40:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1715402472; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to : from; bh=wfuHiCMp4kKR2RKKs3f3zlK+FwqvySveUdLCUBElIWI=; b=J7q5302S4nVIUu9aQ+aAAHHpPJcNz8/yklUdZx5m0UJ++2rl72s1Tb/fFGwD67J2sEnEL phvfu2Mf1CyckBNHryZ/CBUP4GRpLa57nxZ/y72Vvksx8V5erOdXEntkvuAVjKzyydGpZaz gIRpY20GWg6w1LTPqbOOKScJuz7GxC8=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id C4AB18DF27A; Sat, 11 May 2024 00:41:12 -0400 (EDT)
Date: Sat, 11 May 2024 00:41:12 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dcrup@ietf.org
Message-ID: <Zj726P3CJF1KM7Mu@chardros.imrryr.org>
References: <20240509203958.F19D933CD1@rfcpa.amsl.com> <e53d766c-1896-66df-8d4c-354d906b6854@taugh.com> <20240510215720.Yu6l3XKE@steffen%sdaoden.eu> <71fbef75-05dc-7f0a-5d69-afb7fe14cbdc@taugh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <71fbef75-05dc-7f0a-5d69-afb7fe14cbdc@taugh.com>
Message-ID-Hash: WSXG4S4TPGNEV3N7QJBEHE4C6UVJCSOQ
X-Message-ID-Hash: WSXG4S4TPGNEV3N7QJBEHE4C6UVJCSOQ
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dcrup.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: RFC Errata System <rfc-editor@rfc-editor.org>, Steffen Nurpmeso <steffen@sdaoden.eu>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Dcrup] Re: [standards] [Editorial Errata Reported] RFC8463 (7930)
List-Id: DKIM Crypto Update <dcrup.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/o798VIDlHCOb4ArXYJtejQhx3iI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Owner: <mailto:dcrup-owner@ietf.org>
List-Post: <mailto:dcrup@ietf.org>
List-Subscribe: <mailto:dcrup-join@ietf.org>
List-Unsubscribe: <mailto:dcrup-leave@ietf.org>

On Fri, May 10, 2024 at 08:14:51PM -0400, John R Levine wrote:

> On Fri, 10 May 2024, Steffen Nurpmeso wrote:
> > |As we have tried to tell Steffen, if your code disagrees with the spec,
> > |that doesn't mean the spec is wrong.

I have verified the correctness of the RFC signature value, details below.

> > This is not my code, this is the code from RFC 8032 copied over to
> > a file but with the "main()" driver replaced with the below so
> > i can feed in data as two lines of base64 (key, data).
> 
> It would be a lot more credible if you could get your code to produce the
> same result that is in the RFC and that other DKIM libraries get, and then
> show what you had to change and why it is wrong.

1. The "bh=" value in RFC8463 is correct:

    $ printf "%s\n\n%s\n\n%s\n\n" 'Hi.' 'We lost the game.  Are you hungry yet?' 'Joe.' |
        perl -pe 'BEGIN {undef $/}; s/[\t ]*\r?\n/\r\n/g; s/[\t ]+/ /g; s/(?:\r\n)+\z/\r\n/' |
        openssl dgst -sha256 -binary |
        openssl base64
    2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=

2. The headers to be signed are:

    h=from : to : subject : date : message-id : from : subject : date

    So the data-hash is:

    $ (
        printf "%s\n" 'From: Joe SixPack <joe@football.example.com>'
        printf "%s\n" 'To: Suzie Q <suzie@shopping.example.net>'
        printf "%s\n" 'Subject: Is dinner ready?'
        printf "%s\n" 'Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)'
        printf "%s\n" 'Message-ID: <20030712040037.46341.5F8J@football.example.com>'
        printf "%s\n" 'DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;'
        printf "%s\n" ' d=football.example.com; i=@football.example.com;'
        printf "%s\n" ' q=dns/txt; s=brisbane; t=1528637909; h=from : to :'
        printf "%s\n" ' subject : date : message-id : from : subject : date;'
        printf "%s" ' bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='
      ) | perl -ne '
        BEGIN {undef $/}
        @h = split(m{(?<=(?:\n(?=[^\t ])))});
        for (@h) {
            s{(\A[^:]+?)[\t ]*:[\t ]*}{\L$1:};
            s{\r?\n(?=.)}{}g;
            s{[\t ]+}{ }g;
            s{\r?\n\z}{\r\n};
            print;
        }' |
        openssl dgst -sha256 -binary |
        xxd -p -c32
    48ce9a2c710ece1710ff156996b836a7f45470e43efe5643074d6e1690ed62e7

3. This is then signed with the Ed25519 key from RFC8032:

    $ openssl genpkey -algorithm ed25519 -outform DER |
      xxd -p -c128 |
      perl -pe 's/0420.{64}$/04209d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60/' |
      xxd -p -r |
      openssl pkey -inform DER -out /tmp/pkey.pem

    $ printf "%s\n" 48ce9a2c710ece1710ff156996b836a7f45470e43efe5643074d6e1690ed62e7 |
      xxd -r -p > /tmp/data.hash

    $ openssl pkeyutl -rawin -sign -inkey /tmp/pkey.pem -in /tmp/data.hash |
      openssl base64
    /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY
    5OsU7ZbnKELq+eXdp1Q1Dw==

The result matches the "b=" value in https://datatracker.ietf.org/doc/html/rfc8463#appendix-A.3

-- 
    Viktor.