search

emersion / go-msgauth

🔏 A Go library and tools for DKIM, DMARC and Authentication-Results
MIT License
162 stars 51 forks source link

Word wrap on headers #18

Closed navossoc closed 4 years ago

navossoc commented 4 years ago

Hi, I started playing with this lib today, so far so good...

But in some cases I got DKIM-Result: fail (bad signature) when signing. I think it is because of the word wrapping on the headers. I'm still researching how this should work, but so far it seems like a bug.

For example: this header is ok...

"DKIM-Signature: a=rsa-sha256; bh=1IgjdN5a9wQkm07TioMOwKf0/FIi4DDu2oUc6NEp6E\r\n
 c=; c=relaxed/relaxed; d=XXXXXXXXXX.com.br; h=From:To:Subject:Message-ID; s\r\n
 =2019; t=1573137354; v=1; b=z0oq308f6gtrdpGQp8RnYlvuIhCP/MTAP6x7jZd11hyBDrI\r\n
 zXrFKBeg4Mg4/2KhxM7/yJ5frJ6qmApdDRTiRFRyOwj/QRvS6lZT1bLyblQLnZJEmJjCO4KK1L4\r\n
 A4QZZorA2IuEA9h6k7XfA5FGydKEUwzXZOQCojCI950HSIaQM=;\r\n
..."

If I add another header on the mail message just to change the signature a little bit.

"DKIM-Signature: a=rsa-sha256; bh=1IgjdN5a9wQkm07TioMOwKf0/FIi4DDu2oUc6NEp6E\r\n
 c=; c=relaxed/relaxed; d=XXXXXXXXXX.com.br; h=From:To:Subject:Message-ID:AB\r\n
 CDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQ; s=2019;\r\n
  t=1573138398; v=1; b=Ccb4SQE56OROMpx8Q8bFgsSz3lTypUcP/p/vSBPL2CXQJhT9evQsF\r\n
 ROgsvTld1gXNbhFWp9wyjDXIsUBQS1L3LiWMeZpXfTcJx6MkpLG2h0IzjPBQ/jKnPT56CtKOdj2\r\n
 SUQZ/GITsvQhurPgWfTq6G5jrMeMu6ZdXH3Vw/1GkmU=;\r\n
...

The DKIM starts to failing, probably because of that '\r\n' that was inserted on the middle of the header text.

Also, if the header had the right size the '\r\n' will be on the selector. Like this: s=2\r\n 019 and will result in a DNS failure.

"DKIM-Signature: a=rsa-sha256; bh=1IgjdN5a9wQkm07TioMOwKf0/FIi4DDu2oUc6NEp6E\r\n
 c=; c=relaxed/relaxed; d=XXXXXXXXXX.com.br; h=From:To:Subject:Message-ID:AB\r\n
 CDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABC; s=20\r\n
 19; t=1573138139; v=1; b=QyQd6bbOy8OI1+r6t7g16CWU2kjS6tCK2ZOBsxXhEMnACZKVY3\r\n
 ffO/5+RRgTOG748DO0zjQnuqOKPLF8O+DYQs/1fnkKbt04knC+1wNT5wK2ILgPERDlr3PG7rsNp\r\n
 juE0VCkkVMgbVmamhb02qdevU/IX2qRpVOws0vr1MnqiG8=;\r\n
...

I'm not sure how others handle this... I'll keep looking. Let me know if you have any clue.

AFAIK we can't have FWS (folded white spaces on that header value). https://tools.ietf.org/html/rfc6376

This is the result from the same header being handled by nodemailer:

"DKIM-Signature: a=rsa-sha256;\r\n
 bh=1IgjdN5a9wQkm07TioMOwKf0/FIi4DDu2oUc6NEp6Ec=; c=relaxed/relaxed;\r\n
 d=XXXXXXXXXX.com.br;\r\n
 h=From:To:Subject:Message-ID:ABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQABCDEFGHIJKLMNOPQ;\r\n
 s=2019; t=1573138398; v=1;\r\n
 b=Ccb4SQE56OROMpx8Q8bFgsSz3lTypUcP/p/vSBPL2CXQJhT9evQsFROgsvTld1gXNbhFWp9wyjDXIsUBQS1L3LiWMeZpXfTcJx6MkpLG2h0IzjPBQ/jKnPT56CtKOdj2SUQZ/GITsvQhurPgWfTq6G5jrMeMu6ZdXH3Vw/1GkmU=;\r\n
emersion commented 4 years ago

Maybe we should just ignore the 75 line length limit recommendation and do like nodemailer (ie. split on whitespace).