Ubuntu
pydkim package

signature generation is incorrect

Bug #587783 reported by Martin Pool
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy
Fix Released
High
Martin Pool
pydkim (Ubuntu)
Fix Released
Undecided
Scott Kitterman

Bug Description

I think the signatures generated by python-dkim are incorrect:

In Relaxed header mode the 'DKIM-Signature' header should be canonicalized before hashing <http://tools.ietf.org/html/rfc4871#section-3.7> but currently it is wrong in two regards: it is hashed without case-folding and with non-canonical whitespace.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: python-dkim 0.3-3
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
CheckboxSubmission: a72aa433ee7cbc70b12a74f6938b856b
CheckboxSystem: bb422ca46d02494cdbc459927a98bc2f
Date: Mon May 31 17:19:16 2010
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_AU.UTF-8
 SHELL=/bin/zsh
SourcePackage: pydkim

Related branches

lp:~mbp/ubuntu/lucid/pydkim/587783-signing
lp:ubuntu/maverick/pydkim
lp:~mbp/dkimpy/587783-relaxed
Scott Kitterman: Approve
Diff: 56 lines (+16/-6)
2 files modified
ChangeLog (+5/-0)
dkim/__init__.py (+11/-6)
Revision history for this message
Martin Pool (mbp) wrote :
Revision history for this message
Martin Pool (mbp) wrote :

This patch is roughly correct but not quite finished.

Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Scott Kitterman (kitterman) wrote :

Please provide sample messages that you used to demonstrate the problem.

Changed in pydkim (Ubuntu):
status: New → Incomplete
Revision history for this message
David Stansby (dstansby-deactivatedaccount) wrote :

Added patch-needswork tag because the original patch uploader has said the patch isn't quite finished

tags: added: patch-needswork
removed: patch
Revision history for this message
Martin Pool (mbp) wrote :

This script demonstrates the messages signed by python-dkim in Relaxed header mode don't pass its own verification. If you change line 56 to Simple, Relaxed then verification succeeds.

Changed in pydkim (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Martin Pool (mbp) wrote :

OK, I believe this is a better patch for it.

tags: removed: patch-needswork
Revision history for this message
Martin Pool (mbp) wrote :

Updated demo script

Revision history for this message
Martin Pool (mbp) wrote :
Revision history for this message
Martin Pool (mbp) wrote :

I sent the patch upstream.

Scott Kitterman (kitterman)
Changed in pydkim (Ubuntu):
assignee: nobody → Scott Kitterman (kitterman)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pydkim - 0.3-4ubuntu1

---------------
pydkim (0.3-4ubuntu1) maverick; urgency=low

  * Add debian/patches/relaxed-canonicalization.patch to canonicalize before
    hashing when using the relaxed canonicalization - Thanks to Martin Pool for
    the patch (LP: #587783)
  * Rebuild with recent dh_python2 to fix pre-inst
 -- Scott Kitterman <email address hidden> Wed, 25 Aug 2010 20:38:23 +0000

Changed in pydkim (Ubuntu):
status: Confirmed → Fix Released
Martin Pool (mbp)
Changed in pydkim:
assignee: nobody → Martin Pool (mbp)
importance: Undecided → High
status: New → In Progress
Martin Pool (mbp)
Changed in pydkim:
status: In Progress → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Fixed in 0.4.

Changed in pydkim:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.