From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.ebner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id AA248C1BCF
 for <pmg-devel@lists.proxmox.com>; Thu, 18 Jan 2024 10:31:09 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 8F9DC1319F
 for <pmg-devel@lists.proxmox.com>; Thu, 18 Jan 2024 10:31:09 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pmg-devel@lists.proxmox.com>; Thu, 18 Jan 2024 10:31:08 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id BBB57491AE;
 Thu, 18 Jan 2024 10:31:07 +0100 (CET)
Message-ID: <dbd9d449-0f75-459c-bb9d-b0544bdf11ed@proxmox.com>
Date: Thu, 18 Jan 2024 10:31:00 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: LoveSy <shana@zju.edu.cn>, pmg-devel@lists.proxmox.com
References: <20240116174328.75567-1-shana@zju.edu.cn>
 <20240116174328.75567-2-shana@zju.edu.cn>
Content-Language: en-US
From: Fiona Ebner <f.ebner@proxmox.com>
In-Reply-To: <20240116174328.75567-2-shana@zju.edu.cn>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.075 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox.com, acme.pm]
Subject: Re: [pmg-devel] [PATCH acme 1/1] Fix EBA MAC key decoding
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
 <pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 09:31:09 -0000

Am 16.01.24 um 18:43 schrieb LoveSy:
> From: YU Jincheng <shana@zju.edu.cn>
>

Thank you for the contribution!

> Accroding to RFC 8555:
>> The MAC key SHOULD be provided in base64url-encoded form...
> 
> However, currently we are only decoding the MAC key as base64.
> This patch uses the correct function to decode the user provided
> MAC key as base64url format.
> 

The encoding is already done with encode_base64url(). Your change is for
the MAC provided via the Proxmox API, so it doesn't necessarily need to
adhere to the RFC. If it's a backwards-compatible change, it can still
be worth it of course.

> Signed-off-by: YU Jincheng <shana@zju.edu.cn>
> ---
>  src/PVE/ACME.pm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 

If I'm not missing something, PMG doesn't use this implementation but a
Rust-based one, see:
https://git.proxmox.com/?p=pmg-api.git;a=blob;f=src/PMG/API2/ACME.pm;h=1eab74da209f97460b3ef584b2bb8eba7b19e6ec;hb=HEAD#l153
https://git.proxmox.com/?p=proxmox-perl-rs.git;a=blob;f=pmg-rs/src/acme.rs;h=06281da6f2955475f2e85023e3241e496c4c7eba;hb=27a7f2e2529770de8802ce92bc096a67c18b9fa6
https://git.proxmox.com/?p=proxmox-acme.git;a=summary

Did you intend to send this patch to pve-devel instead, which does use
this Perl module?

If you haven't done already, you need to agree to the Harmony CLA before
we can accept your contribution:

https://pve.proxmox.com/wiki/Developer_Documentation#Software_License_and_Copyright

> diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
> index bf5410d..428cdda 100644
> --- a/src/PVE/ACME.pm
> +++ b/src/PVE/ACME.pm
> @@ -7,7 +7,7 @@ use POSIX;
>  
>  use Data::Dumper;
>  use Date::Parse;
> -use MIME::Base64 qw(encode_base64url decode_base64);
> +use MIME::Base64 qw(encode_base64url decode_base64url);
>  use File::Path qw(make_path);
>  use JSON;
>  use Digest::SHA qw(sha256 sha256_hex hmac_sha256);
> @@ -365,7 +365,7 @@ sub new_account {
>      my %payload = ( contact => $info{contact} );
>  
>      if (defined($info{eab})) {
> -	my $eab_hmac_key = decode_base64($info{eab}->{hmac_key});
> +	my $eab_hmac_key = decode_base64url($info{eab}->{hmac_key});
>  	$payload{externalAccountBinding} = external_account_binding_jws(
>  	    $info{eab}->{kid},
>  	    $eab_hmac_key,