From e8876f418fdb3f9451960f58856cdfc1c27cff84 Mon Sep 17 00:00:00 2001 From: M66B Date: Thu, 30 Mar 2023 12:04:43 +0200 Subject: [PATCH] DKIM check public key length --- .../main/java/eu/faircode/email/MessageHelper.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/app/src/main/java/eu/faircode/email/MessageHelper.java b/app/src/main/java/eu/faircode/email/MessageHelper.java index 49bdfc1cb8..228d3c83f4 100644 --- a/app/src/main/java/eu/faircode/email/MessageHelper.java +++ b/app/src/main/java/eu/faircode/email/MessageHelper.java @@ -98,6 +98,7 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.Signature; +import java.security.interfaces.RSAPublicKey; import java.security.spec.X509EncodedKeySpec; import java.text.Normalizer; import java.text.ParsePosition; @@ -191,6 +192,7 @@ public class MessageHelper { private static final int FORMAT_FLOWED_LINE_LENGTH = 72; // characters private static final int MAX_DIAGNOSTIC = 250; // characters private static final int DKIM_MIN_TEXT = 100; // characters + private static final int DKIM_MIN_KEY_LENGTH = 1024; // bits private static final String DKIM_SIGNATURE = "DKIM-Signature"; private static final String ARC_SEAL = "ARC-Seal"; @@ -2439,6 +2441,17 @@ public class MessageHelper { PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); Signature sig = Signature.getInstance(salgo); // a= + // https://stackoverflow.com/a/43984402/1794097 + if (pubKey instanceof RSAPublicKey) + try { + int keylen = ((RSAPublicKey) pubKey).getModulus().bitLength(); + Log.i("DKIM RSA pubkey length=" + keylen); + if (keylen < DKIM_MIN_KEY_LENGTH) + throw new IllegalArgumentException("RSA pubkey length " + keylen + " < " + DKIM_MIN_KEY_LENGTH); + } catch (Throwable ex) { + Log.e(ex); + } + String hash = kv.get("b"); if (hash == null) return null;