projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Debug: more detail in dkim processing
[exim.git] / src / src / pdkim / pdkim.c
1 /*
2 * PDKIM - a RFC4871 (DKIM) implementation
3 *
4 * Copyright (C) 2009 - 2016 Tom Kistner <tom@duncanthrax.net>
5 * Copyright (C) 2016 - 2018 Jeremy Harris <jgh@exim.org>
6 *
7 * http://duncanthrax.net/pdkim/
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 #include "../exim.h"
25
26
27 #ifndef DISABLE_DKIM /* entire file */
28
29 #ifndef SUPPORT_TLS
30 # error Need SUPPORT_TLS for DKIM
31 #endif
32
33 #include "crypt_ver.h"
34
35 #ifdef SIGN_OPENSSL
36 # include <openssl/rsa.h>
37 # include <openssl/ssl.h>
38 # include <openssl/err.h>
39 #elif defined(SIGN_GNUTLS)
40 # include <gnutls/gnutls.h>
41 # include <gnutls/x509.h>
42 #endif
43
44 #include "pdkim.h"
45 #include "signing.h"
46
47 #define PDKIM_SIGNATURE_VERSION "1"
48 #define PDKIM_PUB_RECORD_VERSION US "DKIM1"
49
50 #define PDKIM_MAX_HEADER_LEN 65536
51 #define PDKIM_MAX_HEADERS 512
52 #define PDKIM_MAX_BODY_LINE_LEN 16384
53 #define PDKIM_DNS_TXT_MAX_NAMELEN 1024
54
55 /* -------------------------------------------------------------------------- */
56 struct pdkim_stringlist {
57 uschar * value;
58 int tag;
59 void * next;
60 };
61
62 /* -------------------------------------------------------------------------- */
63 /* A bunch of list constants */
64 const uschar * pdkim_querymethods[] = {
65 US"dns/txt",
66 NULL
67 };
68 const uschar * pdkim_canons[] = {
69 US"simple",
70 US"relaxed",
71 NULL
72 };
73
74 typedef struct {
75 const uschar * dkim_hashname;
76 hashmethod exim_hashmethod;
77 } pdkim_hashtype;
78 static const pdkim_hashtype pdkim_hashes[] = {
79 { US"sha1", HASH_SHA1 },
80 { US"sha256", HASH_SHA2_256 },
81 { US"sha512", HASH_SHA2_512 }
82 };
83
84 const uschar * pdkim_keytypes[] = {
85 [KEYTYPE_RSA] = US"rsa",
86 #ifdef SIGN_HAVE_ED25519
87 [KEYTYPE_ED25519] = US"ed25519", /* Works for 3.6.0 GnuTLS */
88 #endif
89
90 #ifdef notyet_EC_dkim_extensions /* https://tools.ietf.org/html/draft-srose-dkim-ecc-00 */
91 US"eccp256",
92 US"eccp348",
93 US"ed448",
94 #endif
95 };
96
97 typedef struct pdkim_combined_canon_entry {
98 const uschar * str;
99 int canon_headers;
100 int canon_body;
101 } pdkim_combined_canon_entry;
102
103 pdkim_combined_canon_entry pdkim_combined_canons[] = {
104 { US"simple/simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE },
105 { US"simple/relaxed", PDKIM_CANON_SIMPLE, PDKIM_CANON_RELAXED },
106 { US"relaxed/simple", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE },
107 { US"relaxed/relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_RELAXED },
108 { US"simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE },
109 { US"relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE },
110 { NULL, 0, 0 }
111 };
112
113
114 static blob lineending = {.data = US"\r\n", .len = 2};
115
116 /* -------------------------------------------------------------------------- */
117 uschar *
118 dkim_sig_to_a_tag(const pdkim_signature * sig)
119 {
120 if ( sig->keytype < 0 || sig->keytype > nelem(pdkim_keytypes)
121 || sig->hashtype < 0 || sig->hashtype > nelem(pdkim_hashes))
122 return US"err";
123 return string_sprintf("%s-%s",
124 pdkim_keytypes[sig->keytype], pdkim_hashes[sig->hashtype].dkim_hashname);
125 }
126
127
128
129 const char *
130 pdkim_verify_status_str(int status)
131 {
132 switch(status)
133 {
134 case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE";
135 case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
136 case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL";
137 case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS";
138 default: return "PDKIM_VERIFY_UNKNOWN";
139 }
140 }
141
142 const char *
143 pdkim_verify_ext_status_str(int ext_status)
144 {
145 switch(ext_status)
146 {
147 case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
148 case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
149 case PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH: return "PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH";
150 case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
151 case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
152 case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD";
153 case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT";
154 case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: return "PDKIM_VERIFY_INVALID_SIGNATURE_ERROR";
155 case PDKIM_VERIFY_INVALID_DKIM_VERSION: return "PDKIM_VERIFY_INVALID_DKIM_VERSION";
156 default: return "PDKIM_VERIFY_UNKNOWN";
157 }
158 }
159
160 const uschar *
161 pdkim_errstr(int status)
162 {
163 switch(status)
164 {
165 case PDKIM_OK: return US"OK";
166 case PDKIM_FAIL: return US"FAIL";
167 case PDKIM_ERR_RSA_PRIVKEY: return US"PRIVKEY";
168 case PDKIM_ERR_RSA_SIGNING: return US"SIGNING";
169 case PDKIM_ERR_LONG_LINE: return US"LONG_LINE";
170 case PDKIM_ERR_BUFFER_TOO_SMALL: return US"BUFFER_TOO_SMALL";
171 case PDKIM_SIGN_PRIVKEY_WRAP: return US"PRIVKEY_WRAP";
172 case PDKIM_SIGN_PRIVKEY_B64D: return US"PRIVKEY_B64D";
173 default: return US"(unknown)";
174 }
175 }
176
177
178 /* -------------------------------------------------------------------------- */
179 /* Print debugging functions */
180 static void
181 pdkim_quoteprint(const uschar *data, int len)
182 {
183 int i;
184 for (i = 0; i < len; i++)
185 {
186 const int c = data[i];
187 switch (c)
188 {
189 case ' ' : debug_printf("{SP}"); break;
190 case '\t': debug_printf("{TB}"); break;
191 case '\r': debug_printf("{CR}"); break;
192 case '\n': debug_printf("{LF}"); break;
193 case '{' : debug_printf("{BO}"); break;
194 case '}' : debug_printf("{BC}"); break;
195 default:
196 if ( (c < 32) || (c > 127) )
197 debug_printf("{%02x}", c);
198 else
199 debug_printf("%c", c);
200 break;
201 }
202 }
203 debug_printf("\n");
204 }
205
206 static void
207 pdkim_hexprint(const uschar *data, int len)
208 {
209 int i;
210 if (data) for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]);
211 else debug_printf("<NULL>");
212 debug_printf("\n");
213 }
214
215
216
217 static pdkim_stringlist *
218 pdkim_prepend_stringlist(pdkim_stringlist * base, const uschar * str)
219 {
220 pdkim_stringlist * new_entry = store_get(sizeof(pdkim_stringlist));
221
222 memset(new_entry, 0, sizeof(pdkim_stringlist));
223 new_entry->value = string_copy(str);
224 if (base) new_entry->next = base;
225 return new_entry;
226 }
227
228
229
230 /* Trim whitespace fore & aft */
231
232 static void
233 pdkim_strtrim(gstring * str)
234 {
235 uschar * p = str->s;
236 uschar * q;
237
238 while (*p == '\t' || *p == ' ') /* dump the leading whitespace */
239 { str->size--; str->ptr--; str->s++; }
240
241 while ( str->ptr > 0
242 && ((q = str->s + str->ptr - 1), (*q == '\t' || *q == ' '))
243 )
244 str->ptr--; /* dump trailing whitespace */
245
246 (void) string_from_gstring(str);
247 }
248
249
250
251 /* -------------------------------------------------------------------------- */
252
253 DLLEXPORT void
254 pdkim_free_ctx(pdkim_ctx *ctx)
255 {
256 }
257
258
259 /* -------------------------------------------------------------------------- */
260 /* Matches the name of the passed raw "header" against
261 the passed colon-separated "tick", and invalidates
262 the entry in tick. Entries can be prefixed for multi- or over-signing,
263 in which case do not invalidate.
264
265 Returns OK for a match, or fail-code
266 */
267
268 static int
269 header_name_match(const uschar * header, uschar * tick)
270 {
271 const uschar * ticklist = tick;
272 int sep = ':';
273 BOOL multisign;
274 uschar * hname, * p, * ele;
275 uschar * hcolon = Ustrchr(header, ':'); /* Get header name */
276
277 if (!hcolon)
278 return PDKIM_FAIL; /* This isn't a header */
279
280 /* if we had strncmpic() we wouldn't need this copy */
281 hname = string_copyn(header, hcolon-header);
282
283 while (p = US ticklist, ele = string_nextinlist(&ticklist, &sep, NULL, 0))
284 {
285 switch (*ele)
286 {
287 case '=': case '+': multisign = TRUE; ele++; break;
288 default: multisign = FALSE; break;
289 }
290
291 if (strcmpic(ele, hname) == 0)
292 {
293 if (!multisign)
294 *p = '_'; /* Invalidate this header name instance in tick-off list */
295 return PDKIM_OK;
296 }
297 }
298 return PDKIM_FAIL;
299 }
300
301
302 /* -------------------------------------------------------------------------- */
303 /* Performs "relaxed" canonicalization of a header. */
304
305 static uschar *
306 pdkim_relax_header(const uschar * header, BOOL append_crlf)
307 {
308 BOOL past_field_name = FALSE;
309 BOOL seen_wsp = FALSE;
310 const uschar * p;
311 uschar * relaxed = store_get(Ustrlen(header)+3);
312 uschar * q = relaxed;
313
314 for (p = header; *p; p++)
315 {
316 uschar c = *p;
317
318 if (c == '\r' || c == '\n') /* Ignore CR & LF */
319 continue;
320 if (c == '\t' || c == ' ')
321 {
322 if (seen_wsp)
323 continue;
324 c = ' '; /* Turns WSP into SP */
325 seen_wsp = TRUE;
326 }
327 else
328 if (!past_field_name && c == ':')
329 {
330 if (seen_wsp) q--; /* This removes WSP immediately before the colon */
331 seen_wsp = TRUE; /* This removes WSP immediately after the colon */
332 past_field_name = TRUE;
333 }
334 else
335 seen_wsp = FALSE;
336
337 /* Lowercase header name */
338 if (!past_field_name) c = tolower(c);
339 *q++ = c;
340 }
341
342 if (q > relaxed && q[-1] == ' ') q--; /* Squash eventual trailing SP */
343
344 if (append_crlf) { *q++ = '\r'; *q++ = '\n'; }
345 *q = '\0';
346 return relaxed;
347 }
348
349
350 /* -------------------------------------------------------------------------- */
351 #define PDKIM_QP_ERROR_DECODE -1
352
353 static const uschar *
354 pdkim_decode_qp_char(const uschar *qp_p, int *c)
355 {
356 const uschar *initial_pos = qp_p;
357
358 /* Advance one char */
359 qp_p++;
360
361 /* Check for two hex digits and decode them */
362 if (isxdigit(*qp_p) && isxdigit(qp_p[1]))
363 {
364 /* Do hex conversion */
365 *c = (isdigit(*qp_p) ? *qp_p - '0' : toupper(*qp_p) - 'A' + 10) << 4;
366 *c |= isdigit(qp_p[1]) ? qp_p[1] - '0' : toupper(qp_p[1]) - 'A' + 10;
367 return qp_p + 2;
368 }
369
370 /* Illegal char here */
371 *c = PDKIM_QP_ERROR_DECODE;
372 return initial_pos;
373 }
374
375
376 /* -------------------------------------------------------------------------- */
377
378 static uschar *
379 pdkim_decode_qp(const uschar * str)
380 {
381 int nchar = 0;
382 uschar * q;
383 const uschar * p = str;
384 uschar * n = store_get(Ustrlen(str)+1);
385
386 *n = '\0';
387 q = n;
388 while (*p)
389 {
390 if (*p == '=')
391 {
392 p = pdkim_decode_qp_char(p, &nchar);
393 if (nchar >= 0)
394 {
395 *q++ = nchar;
396 continue;
397 }
398 }
399 else
400 *q++ = *p;
401 p++;
402 }
403 *q = '\0';
404 return n;
405 }
406
407
408 /* -------------------------------------------------------------------------- */
409
410 static void
411 pdkim_decode_base64(const uschar * str, blob * b)
412 {
413 int dlen;
414 dlen = b64decode(str, &b->data);
415 if (dlen < 0) b->data = NULL;
416 b->len = dlen;
417 }
418
419 static uschar *
420 pdkim_encode_base64(blob * b)
421 {
422 return b64encode(b->data, b->len);
423 }
424
425
426 /* -------------------------------------------------------------------------- */
427 #define PDKIM_HDR_LIMBO 0
428 #define PDKIM_HDR_TAG 1
429 #define PDKIM_HDR_VALUE 2
430
431 static pdkim_signature *
432 pdkim_parse_sig_header(pdkim_ctx * ctx, uschar * raw_hdr)
433 {
434 pdkim_signature * sig;
435 uschar *p, *q;
436 gstring * cur_tag = NULL;
437 gstring * cur_val = NULL;
438 BOOL past_hname = FALSE;
439 BOOL in_b_val = FALSE;
440 int where = PDKIM_HDR_LIMBO;
441 int i;
442
443 sig = store_get(sizeof(pdkim_signature));
444 memset(sig, 0, sizeof(pdkim_signature));
445 sig->bodylength = -1;
446
447 /* Set so invalid/missing data error display is accurate */
448 sig->version = 0;
449 sig->keytype = -1;
450 sig->hashtype = -1;
451
452 q = sig->rawsig_no_b_val = store_get(Ustrlen(raw_hdr)+1);
453
454 for (p = raw_hdr; ; p++)
455 {
456 char c = *p;
457
458 /* Ignore FWS */
459 if (c == '\r' || c == '\n')
460 goto NEXT_CHAR;
461
462 /* Fast-forward through header name */
463 if (!past_hname)
464 {
465 if (c == ':') past_hname = TRUE;
466 goto NEXT_CHAR;
467 }
468
469 if (where == PDKIM_HDR_LIMBO)
470 {
471 /* In limbo, just wait for a tag-char to appear */
472 if (!(c >= 'a' && c <= 'z'))
473 goto NEXT_CHAR;
474
475 where = PDKIM_HDR_TAG;
476 }
477
478 if (where == PDKIM_HDR_TAG)
479 {
480 if (c >= 'a' && c <= 'z')
481 cur_tag = string_catn(cur_tag, p, 1);
482
483 if (c == '=')
484 {
485 if (Ustrcmp(string_from_gstring(cur_tag), "b") == 0)
486 {
487 *q++ = '=';
488 in_b_val = TRUE;
489 }
490 where = PDKIM_HDR_VALUE;
491 goto NEXT_CHAR;
492 }
493 }
494
495 if (where == PDKIM_HDR_VALUE)
496 {
497 if (c == '\r' || c == '\n' || c == ' ' || c == '\t')
498 goto NEXT_CHAR;
499
500 if (c == ';' || c == '\0')
501 {
502 /* We must have both tag and value, and tags must be one char except
503 for the possibility of "bh". */
504
505 if ( cur_tag && cur_val
506 && (cur_tag->ptr == 1 || *cur_tag->s == 'b')
507 )
508 {
509 (void) string_from_gstring(cur_val);
510 pdkim_strtrim(cur_val);
511
512 DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->s, cur_val->s);
513
514 switch (*cur_tag->s)
515 {
516 case 'b': /* sig-data or body-hash */
517 switch (cur_tag->s[1])
518 {
519 case '\0': pdkim_decode_base64(cur_val->s, &sig->sighash); break;
520 case 'h': if (cur_tag->ptr == 2)
521 pdkim_decode_base64(cur_val->s, &sig->bodyhash);
522 break;
523 default: break;
524 }
525 break;
526 case 'v': /* version */
527 /* We only support version 1, and that is currently the
528 only version there is. */
529 sig->version =
530 Ustrcmp(cur_val->s, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
531 break;
532 case 'a': /* algorithm */
533 {
534 uschar * s = Ustrchr(cur_val->s, '-');
535
536 for(i = 0; i < nelem(pdkim_keytypes); i++)
537 if (Ustrncmp(cur_val->s, pdkim_keytypes[i], s - cur_val->s) == 0)
538 { sig->keytype = i; break; }
539 if (sig->keytype < 0)
540 log_write(0, LOG_MAIN,
541 "DKIM: ignoring signature due to nonhandled keytype in a=%s",
542 cur_val->s);
543
544 for (++s, i = 0; i < nelem(pdkim_hashes); i++)
545 if (Ustrcmp(s, pdkim_hashes[i].dkim_hashname) == 0)
546 { sig->hashtype = i; break; }
547 if (sig->hashtype < 0)
548 log_write(0, LOG_MAIN,
549 "DKIM: ignoring signature due to nonhandled hashtype in a=%s",
550 cur_val);
551 break;
552 }
553
554 case 'c': /* canonicalization */
555 for (i = 0; pdkim_combined_canons[i].str; i++)
556 if (Ustrcmp(cur_val->s, pdkim_combined_canons[i].str) == 0)
557 {
558 sig->canon_headers = pdkim_combined_canons[i].canon_headers;
559 sig->canon_body = pdkim_combined_canons[i].canon_body;
560 break;
561 }
562 break;
563 case 'q': /* Query method (for pubkey)*/
564 for (i = 0; pdkim_querymethods[i]; i++)
565 if (Ustrcmp(cur_val->s, pdkim_querymethods[i]) == 0)
566 {
567 sig->querymethod = i; /* we never actually use this */
568 break;
569 }
570 break;
571 case 's': /* Selector */
572 sig->selector = string_copyn(cur_val->s, cur_val->ptr); break;
573 case 'd': /* SDID */
574 sig->domain = string_copyn(cur_val->s, cur_val->ptr); break;
575 case 'i': /* AUID */
576 sig->identity = pdkim_decode_qp(cur_val->s); break;
577 case 't': /* Timestamp */
578 sig->created = strtoul(CS cur_val->s, NULL, 10); break;
579 case 'x': /* Expiration */
580 sig->expires = strtoul(CS cur_val->s, NULL, 10); break;
581 case 'l': /* Body length count */
582 sig->bodylength = strtol(CS cur_val->s, NULL, 10); break;
583 case 'h': /* signed header fields */
584 sig->headernames = string_copyn(cur_val->s, cur_val->ptr); break;
585 case 'z': /* Copied headfields */
586 sig->copiedheaders = pdkim_decode_qp(cur_val->s); break;
587 /*XXX draft-ietf-dcrup-dkim-crypto-05 would need 'p' tag support
588 for rsafp signatures. But later discussion is dropping those. */
589 default:
590 DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
591 break;
592 }
593 }
594 cur_tag = cur_val = NULL;
595 in_b_val = FALSE;
596 where = PDKIM_HDR_LIMBO;
597 }
598 else
599 cur_val = string_catn(cur_val, p, 1);
600 }
601
602 NEXT_CHAR:
603 if (c == '\0')
604 break;
605
606 if (!in_b_val)
607 *q++ = c;
608 }
609
610 if (sig->keytype < 0 || sig->hashtype < 0) /* Cannot verify this signature */
611 return NULL;
612
613 *q = '\0';
614 /* Chomp raw header. The final newline must not be added to the signature. */
615 while (--q > sig->rawsig_no_b_val && (*q == '\r' || *q == '\n'))
616 *q = '\0';
617
618 DEBUG(D_acl)
619 {
620 debug_printf(
621 "PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
622 pdkim_quoteprint(US sig->rawsig_no_b_val, Ustrlen(sig->rawsig_no_b_val));
623 debug_printf(
624 "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sighash.len*8);
625 debug_printf(
626 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
627 }
628
629 if (!pdkim_set_bodyhash(ctx, sig))
630 return NULL;
631
632 return sig;
633 }
634
635
636 /* -------------------------------------------------------------------------- */
637
638 static pdkim_pubkey *
639 pdkim_parse_pubkey_record(pdkim_ctx *ctx, const uschar *raw_record)
640 {
641 const uschar * ele;
642 int sep = ';';
643 pdkim_pubkey * pub;
644
645 pub = store_get(sizeof(pdkim_pubkey));
646 memset(pub, 0, sizeof(pdkim_pubkey));
647
648 while ((ele = string_nextinlist(&raw_record, &sep, NULL, 0)))
649 {
650 const uschar * val;
651
652 if ((val = Ustrchr(ele, '=')))
653 {
654 int taglen = val++ - ele;
655
656 DEBUG(D_acl) debug_printf(" %.*s=%s\n", taglen, ele, val);
657 switch (ele[0])
658 {
659 case 'v': pub->version = val; break;
660 case 'h': pub->hashes = val; break;
661 case 'k': pub->keytype = val; break;
662 case 'g': pub->granularity = val; break;
663 case 'n': pub->notes = pdkim_decode_qp(val); break;
664 case 'p': pdkim_decode_base64(val, &pub->key); break;
665 case 's': pub->srvtype = val; break;
666 case 't': if (Ustrchr(val, 'y')) pub->testing = 1;
667 if (Ustrchr(val, 's')) pub->no_subdomaining = 1;
668 break;
669 default: DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break;
670 }
671 }
672 }
673
674 /* Set fallback defaults */
675 if (!pub->version)
676 pub->version = string_copy(PDKIM_PUB_RECORD_VERSION);
677 else if (Ustrcmp(pub->version, PDKIM_PUB_RECORD_VERSION) != 0)
678 {
679 DEBUG(D_acl) debug_printf(" Bad v= field\n");
680 return NULL;
681 }
682
683 if (!pub->granularity) pub->granularity = US"*";
684 if (!pub->keytype ) pub->keytype = US"rsa";
685 if (!pub->srvtype ) pub->srvtype = US"*";
686
687 /* p= is required */
688 if (pub->key.data)
689 return pub;
690
691 DEBUG(D_acl) debug_printf(" Missing p= field\n");
692 return NULL;
693 }
694
695
696 /* -------------------------------------------------------------------------- */
697
698 /* Update one bodyhash with some additional data.
699 If we have to relax the data for this sig, return our copy of it. */
700
701 static blob *
702 pdkim_update_ctx_bodyhash(pdkim_bodyhash * b, blob * orig_data, blob * relaxed_data)
703 {
704 blob * canon_data = orig_data;
705 /* Defaults to simple canon (no further treatment necessary) */
706
707 if (b->canon_method == PDKIM_CANON_RELAXED)
708 {
709 /* Relax the line if not done already */
710 if (!relaxed_data)
711 {
712 BOOL seen_wsp = FALSE;
713 const uschar * p, * r;
714 int q = 0;
715
716 /* We want to be able to free this else we allocate
717 for the entire message which could be many MB. Since
718 we don't know what allocations the SHA routines might
719 do, not safe to use store_get()/store_reset(). */
720
721 relaxed_data = store_malloc(sizeof(blob) + orig_data->len+1);
722 relaxed_data->data = US (relaxed_data+1);
723
724 for (p = orig_data->data, r = p + orig_data->len; p < r; p++)
725 {
726 char c = *p;
727 if (c == '\r')
728 {
729 if (q > 0 && relaxed_data->data[q-1] == ' ')
730 q--;
731 }
732 else if (c == '\t' || c == ' ')
733 {
734 c = ' '; /* Turns WSP into SP */
735 if (seen_wsp)
736 continue;
737 seen_wsp = TRUE;
738 }
739 else
740 seen_wsp = FALSE;
741 relaxed_data->data[q++] = c;
742 }
743 relaxed_data->data[q] = '\0';
744 relaxed_data->len = q;
745 }
746 canon_data = relaxed_data;
747 }
748
749 /* Make sure we don't exceed the to-be-signed body length */
750 if ( b->bodylength >= 0
751 && b->signed_body_bytes + (unsigned long)canon_data->len > b->bodylength
752 )
753 canon_data->len = b->bodylength - b->signed_body_bytes;
754
755 if (canon_data->len > 0)
756 {
757 exim_sha_update(&b->body_hash_ctx, CUS canon_data->data, canon_data->len);
758 b->signed_body_bytes += canon_data->len;
759 DEBUG(D_acl) pdkim_quoteprint(canon_data->data, canon_data->len);
760 }
761
762 return relaxed_data;
763 }
764
765
766 /* -------------------------------------------------------------------------- */
767
768 static void
769 pdkim_finish_bodyhash(pdkim_ctx * ctx)
770 {
771 pdkim_bodyhash * b;
772 pdkim_signature * sig;
773
774 for (b = ctx->bodyhash; b; b = b->next) /* Finish hashes */
775 exim_sha_finish(&b->body_hash_ctx, &b->bh);
776
777 /* Traverse all signatures */
778 for (sig = ctx->sig; sig; sig = sig->next)
779 {
780 b = sig->calc_body_hash;
781
782 DEBUG(D_acl)
783 {
784 debug_printf("PDKIM [%s] Body bytes (%s) hashed: %lu\n"
785 "PDKIM [%s] Body %s computed: ",
786 sig->domain, pdkim_canons[b->canon_method], b->signed_body_bytes,
787 sig->domain, pdkim_hashes[b->hashtype].dkim_hashname);
788 pdkim_hexprint(CUS b->bh.data, b->bh.len);
789 }
790
791 /* SIGNING -------------------------------------------------------------- */
792 if (ctx->flags & PDKIM_MODE_SIGN)
793 {
794 /* If bodylength limit is set, and we have received less bytes
795 than the requested amount, effectively remove the limit tag. */
796 if (b->signed_body_bytes < sig->bodylength)
797 sig->bodylength = -1;
798 }
799
800 else
801 /* VERIFICATION --------------------------------------------------------- */
802 /* Be careful that the header sig included a bodyash */
803
804 if ( sig->bodyhash.data
805 && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
806 {
807 DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash compared OK\n", sig->domain);
808 }
809 else
810 {
811 DEBUG(D_acl)
812 {
813 debug_printf("PDKIM [%s] Body hash signature from headers: ", sig->domain);
814 pdkim_hexprint(sig->bodyhash.data, sig->bodyhash.len);
815 debug_printf("PDKIM [%s] Body hash did NOT verify\n", sig->domain);
816 }
817 sig->verify_status = PDKIM_VERIFY_FAIL;
818 sig->verify_ext_status = PDKIM_VERIFY_FAIL_BODY;
819 }
820 }
821 }
822
823
824
825 static void
826 pdkim_body_complete(pdkim_ctx * ctx)
827 {
828 pdkim_bodyhash * b;
829
830 /* In simple body mode, if any empty lines were buffered,
831 replace with one. rfc 4871 3.4.3 */
832 /*XXX checking the signed-body-bytes is a gross hack; I think
833 it indicates that all linebreaks should be buffered, including
834 the one terminating a text line */
835
836 for (b = ctx->bodyhash; b; b = b->next)
837 if ( b->canon_method == PDKIM_CANON_SIMPLE
838 && b->signed_body_bytes == 0
839 && b->num_buffered_blanklines > 0
840 )
841 (void) pdkim_update_ctx_bodyhash(b, &lineending, NULL);
842
843 ctx->flags |= PDKIM_SEEN_EOD;
844 ctx->linebuf_offset = 0;
845 }
846
847
848
849 /* -------------------------------------------------------------------------- */
850 /* Call from pdkim_feed below for processing complete body lines */
851 /* NOTE: the line is not NUL-terminated; but we have a count */
852
853 static void
854 pdkim_bodyline_complete(pdkim_ctx * ctx)
855 {
856 blob line = {.data = ctx->linebuf, .len = ctx->linebuf_offset};
857 pdkim_bodyhash * b;
858 blob * rnl = NULL;
859 blob * rline = NULL;
860
861 /* Ignore extra data if we've seen the end-of-data marker */
862 if (ctx->flags & PDKIM_SEEN_EOD) goto all_skip;
863
864 /* We've always got one extra byte to stuff a zero ... */
865 ctx->linebuf[line.len] = '\0';
866
867 /* Terminate on EOD marker */
868 if (ctx->flags & PDKIM_DOT_TERM)
869 {
870 if (memcmp(line.data, ".\r\n", 3) == 0)
871 { pdkim_body_complete(ctx); return; }
872
873 /* Unstuff dots */
874 if (memcmp(line.data, "..", 2) == 0)
875 { line.data++; line.len--; }
876 }
877
878 /* Empty lines need to be buffered until we find a non-empty line */
879 if (memcmp(line.data, "\r\n", 2) == 0)
880 {
881 for (b = ctx->bodyhash; b; b = b->next) b->num_buffered_blanklines++;
882 goto all_skip;
883 }
884
885 /* Process line for each bodyhash separately */
886 for (b = ctx->bodyhash; b; b = b->next)
887 {
888 if (b->canon_method == PDKIM_CANON_RELAXED)
889 {
890 /* Lines with just spaces need to be buffered too */
891 uschar * cp = line.data;
892 char c;
893
894 while ((c = *cp))
895 {
896 if (c == '\r' && cp[1] == '\n') break;
897 if (c != ' ' && c != '\t') goto hash_process;
898 cp++;
899 }
900
901 b->num_buffered_blanklines++;
902 goto hash_skip;
903 }
904
905 hash_process:
906 /* At this point, we have a non-empty line, so release the buffered ones. */
907
908 while (b->num_buffered_blanklines)
909 {
910 rnl = pdkim_update_ctx_bodyhash(b, &lineending, rnl);
911 b->num_buffered_blanklines--;
912 }
913
914 rline = pdkim_update_ctx_bodyhash(b, &line, rline);
915 hash_skip: ;
916 }
917
918 if (rnl) store_free(rnl);
919 if (rline) store_free(rline);
920
921 all_skip:
922
923 ctx->linebuf_offset = 0;
924 return;
925 }
926
927
928 /* -------------------------------------------------------------------------- */
929 /* Callback from pdkim_feed below for processing complete headers */
930 #define DKIM_SIGNATURE_HEADERNAME "DKIM-Signature:"
931
932 static int
933 pdkim_header_complete(pdkim_ctx * ctx)
934 {
935 pdkim_signature * sig, * last_sig;
936
937 /* Special case: The last header can have an extra \r appended */
938 if ( (ctx->cur_header->ptr > 1) &&
939 (ctx->cur_header->s[ctx->cur_header->ptr-1] == '\r') )
940 --ctx->cur_header->ptr;
941 (void) string_from_gstring(ctx->cur_header);
942
943 if (++ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
944
945 /* SIGNING -------------------------------------------------------------- */
946 if (ctx->flags & PDKIM_MODE_SIGN)
947 for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */
948
949 /* Add header to the signed headers list (in reverse order) */
950 sig->headers = pdkim_prepend_stringlist(sig->headers, ctx->cur_header->s);
951
952 /* VERIFICATION ----------------------------------------------------------- */
953 /* DKIM-Signature: headers are added to the verification list */
954 else
955 {
956 #ifdef notdef
957 DEBUG(D_acl)
958 {
959 debug_printf("PDKIM >> raw hdr: ");
960 pdkim_quoteprint(CUS ctx->cur_header->s, ctx->cur_header->ptr);
961 }
962 #endif
963 if (strncasecmp(CCS ctx->cur_header->s,
964 DKIM_SIGNATURE_HEADERNAME,
965 Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0)
966 {
967 /* Create and chain new signature block. We could error-check for all
968 required tags here, but prefer to create the internal sig and expicitly
969 fail verification of it later. */
970
971 DEBUG(D_acl) debug_printf(
972 "PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
973
974 sig = pdkim_parse_sig_header(ctx, ctx->cur_header->s);
975
976 if (!(last_sig = ctx->sig))
977 ctx->sig = sig;
978 else
979 {
980 while (last_sig->next) last_sig = last_sig->next;
981 last_sig->next = sig;
982 }
983 }
984
985 /* all headers are stored for signature verification */
986 ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header->s);
987 }
988
989 BAIL:
990 ctx->cur_header->s[ctx->cur_header->ptr = 0] = '\0'; /* leave buffer for reuse */
991 return PDKIM_OK;
992 }
993
994
995
996 /* -------------------------------------------------------------------------- */
997 #define HEADER_BUFFER_FRAG_SIZE 256
998
999 DLLEXPORT int
1000 pdkim_feed(pdkim_ctx * ctx, uschar * data, int len)
1001 {
1002 int p, rc;
1003
1004 /* Alternate EOD signal, used in non-dotstuffing mode */
1005 if (!data)
1006 pdkim_body_complete(ctx);
1007
1008 else for (p = 0; p<len; p++)
1009 {
1010 uschar c = data[p];
1011
1012 if (ctx->flags & PDKIM_PAST_HDRS)
1013 {
1014 if (c == '\n' && !(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */
1015 {
1016 ctx->linebuf[ctx->linebuf_offset++] = '\r';
1017 if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1)
1018 return PDKIM_ERR_LONG_LINE;
1019 }
1020
1021 /* Processing body byte */
1022 ctx->linebuf[ctx->linebuf_offset++] = c;
1023 if (c == '\r')
1024 ctx->flags |= PDKIM_SEEN_CR;
1025 else if (c == '\n')
1026 {
1027 ctx->flags &= ~PDKIM_SEEN_CR;
1028 pdkim_bodyline_complete(ctx);
1029 }
1030
1031 if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1)
1032 return PDKIM_ERR_LONG_LINE;
1033 }
1034 else
1035 {
1036 /* Processing header byte */
1037 if (c == '\r')
1038 ctx->flags |= PDKIM_SEEN_CR;
1039 else if (c == '\n')
1040 {
1041 if (!(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */
1042 ctx->cur_header = string_catn(ctx->cur_header, CUS "\r", 1);
1043
1044 if (ctx->flags & PDKIM_SEEN_LF) /* Seen last header line */
1045 {
1046 if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
1047 return rc;
1048
1049 ctx->flags = (ctx->flags & ~(PDKIM_SEEN_LF|PDKIM_SEEN_CR)) | PDKIM_PAST_HDRS;
1050 DEBUG(D_acl) debug_printf(
1051 "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1052 continue;
1053 }
1054 else
1055 ctx->flags = (ctx->flags & ~PDKIM_SEEN_CR) | PDKIM_SEEN_LF;
1056 }
1057 else if (ctx->flags & PDKIM_SEEN_LF)
1058 {
1059 if (!(c == '\t' || c == ' ')) /* End of header */
1060 if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
1061 return rc;
1062 ctx->flags &= ~PDKIM_SEEN_LF;
1063 }
1064
1065 if (!ctx->cur_header || ctx->cur_header->ptr < PDKIM_MAX_HEADER_LEN)
1066 ctx->cur_header = string_catn(ctx->cur_header, CUS &data[p], 1);
1067 }
1068 }
1069 return PDKIM_OK;
1070 }
1071
1072
1073
1074 /* Extend a growing header with a continuation-linebreak */
1075 static gstring *
1076 pdkim_hdr_cont(gstring * str, int * col)
1077 {
1078 *col = 1;
1079 return string_catn(str, US"\r\n\t", 3);
1080 }
1081
1082
1083
1084 /*
1085 * RFC 5322 specifies that header line length SHOULD be no more than 78
1086 * lets make it so!
1087 * pdkim_headcat
1088 *
1089 * returns uschar * (not nul-terminated)
1090 *
1091 * col: this int holds and receives column number (octets since last '\n')
1092 * str: partial string to append to
1093 * pad: padding, split line or space after before or after eg: ";"
1094 * intro: - must join to payload eg "h=", usually the tag name
1095 * payload: eg base64 data - long data can be split arbitrarily.
1096 *
1097 * this code doesn't fold the header in some of the places that RFC4871
1098 * allows: As per RFC5322(2.2.3) it only folds before or after tag-value
1099 * pairs and inside long values. it also always spaces or breaks after the
1100 * "pad"
1101 *
1102 * no guarantees are made for output given out-of range input. like tag
1103 * names longer than 78, or bogus col. Input is assumed to be free of line breaks.
1104 */
1105
1106 static gstring *
1107 pdkim_headcat(int * col, gstring * str,
1108 const uschar * pad, const uschar * intro, const uschar * payload)
1109 {
1110 size_t l;
1111
1112 if (pad)
1113 {
1114 l = Ustrlen(pad);
1115 if (*col + l > 78)
1116 str = pdkim_hdr_cont(str, col);
1117 str = string_catn(str, pad, l);
1118 *col += l;
1119 }
1120
1121 l = (pad?1:0) + (intro?Ustrlen(intro):0);
1122
1123 if (*col + l > 78)
1124 { /*can't fit intro - start a new line to make room.*/
1125 str = pdkim_hdr_cont(str, col);
1126 l = intro?Ustrlen(intro):0;
1127 }
1128
1129 l += payload ? Ustrlen(payload):0 ;
1130
1131 while (l>77)
1132 { /* this fragment will not fit on a single line */
1133 if (pad)
1134 {
1135 str = string_catn(str, US" ", 1);
1136 *col += 1;
1137 pad = NULL; /* only want this once */
1138 l--;
1139 }
1140
1141 if (intro)
1142 {
1143 size_t sl = Ustrlen(intro);
1144
1145 str = string_catn(str, intro, sl);
1146 *col += sl;
1147 l -= sl;
1148 intro = NULL; /* only want this once */
1149 }
1150
1151 if (payload)
1152 {
1153 size_t sl = Ustrlen(payload);
1154 size_t chomp = *col+sl < 77 ? sl : 78-*col;
1155
1156 str = string_catn(str, payload, chomp);
1157 *col += chomp;
1158 payload += chomp;
1159 l -= chomp-1;
1160 }
1161
1162 /* the while precondition tells us it didn't fit. */
1163 str = pdkim_hdr_cont(str, col);
1164 }
1165
1166 if (*col + l > 78)
1167 {
1168 str = pdkim_hdr_cont(str, col);
1169 pad = NULL;
1170 }
1171
1172 if (pad)
1173 {
1174 str = string_catn(str, US" ", 1);
1175 *col += 1;
1176 pad = NULL;
1177 }
1178
1179 if (intro)
1180 {
1181 size_t sl = Ustrlen(intro);
1182
1183 str = string_catn(str, intro, sl);
1184 *col += sl;
1185 l -= sl;
1186 intro = NULL;
1187 }
1188
1189 if (payload)
1190 {
1191 size_t sl = Ustrlen(payload);
1192
1193 str = string_catn(str, payload, sl);
1194 *col += sl;
1195 }
1196
1197 return str;
1198 }
1199
1200
1201 /* -------------------------------------------------------------------------- */
1202
1203 /* Signing: create signature header
1204 */
1205 static uschar *
1206 pdkim_create_header(pdkim_signature * sig, BOOL final)
1207 {
1208 uschar * base64_bh;
1209 uschar * base64_b;
1210 int col = 0;
1211 gstring * hdr;
1212 gstring * canon_all;
1213
1214 canon_all = string_cat (NULL, pdkim_canons[sig->canon_headers]);
1215 canon_all = string_catn(canon_all, US"/", 1);
1216 canon_all = string_cat (canon_all, pdkim_canons[sig->canon_body]);
1217 (void) string_from_gstring(canon_all);
1218
1219 hdr = string_cat(NULL, US"DKIM-Signature: v="PDKIM_SIGNATURE_VERSION);
1220 col = hdr->ptr;
1221
1222 /* Required and static bits */
1223 hdr = pdkim_headcat(&col, hdr, US";", US"a=", dkim_sig_to_a_tag(sig));
1224 hdr = pdkim_headcat(&col, hdr, US";", US"q=", pdkim_querymethods[sig->querymethod]);
1225 hdr = pdkim_headcat(&col, hdr, US";", US"c=", canon_all->s);
1226 hdr = pdkim_headcat(&col, hdr, US";", US"d=", sig->domain);
1227 hdr = pdkim_headcat(&col, hdr, US";", US"s=", sig->selector);
1228
1229 /* list of header names can be split between items. */
1230 {
1231 uschar * n = string_copy(sig->headernames);
1232 uschar * i = US"h=";
1233 uschar * s = US";";
1234
1235 while (*n)
1236 {
1237 uschar * c = Ustrchr(n, ':');
1238
1239 if (c) *c ='\0';
1240
1241 if (!i)
1242 hdr = pdkim_headcat(&col, hdr, NULL, NULL, US":");
1243
1244 hdr = pdkim_headcat(&col, hdr, s, i, n);
1245
1246 if (!c)
1247 break;
1248
1249 n = c+1;
1250 s = NULL;
1251 i = NULL;
1252 }
1253 }
1254
1255 base64_bh = pdkim_encode_base64(&sig->calc_body_hash->bh);
1256 hdr = pdkim_headcat(&col, hdr, US";", US"bh=", base64_bh);
1257
1258 /* Optional bits */
1259 if (sig->identity)
1260 hdr = pdkim_headcat(&col, hdr, US";", US"i=", sig->identity);
1261
1262 if (sig->created > 0)
1263 {
1264 uschar minibuf[20];
1265
1266 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->created);
1267 hdr = pdkim_headcat(&col, hdr, US";", US"t=", minibuf);
1268 }
1269
1270 if (sig->expires > 0)
1271 {
1272 uschar minibuf[20];
1273
1274 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->expires);
1275 hdr = pdkim_headcat(&col, hdr, US";", US"x=", minibuf);
1276 }
1277
1278 if (sig->bodylength >= 0)
1279 {
1280 uschar minibuf[20];
1281
1282 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->bodylength);
1283 hdr = pdkim_headcat(&col, hdr, US";", US"l=", minibuf);
1284 }
1285
1286 /* Preliminary or final version? */
1287 if (final)
1288 {
1289 base64_b = pdkim_encode_base64(&sig->sighash);
1290 hdr = pdkim_headcat(&col, hdr, US";", US"b=", base64_b);
1291
1292 /* add trailing semicolon: I'm not sure if this is actually needed */
1293 hdr = pdkim_headcat(&col, hdr, NULL, US";", US"");
1294 }
1295 else
1296 {
1297 /* To satisfy the rule "all surrounding whitespace [...] deleted"
1298 ( RFC 6376 section 3.7 ) we ensure there is no whitespace here. Otherwise
1299 the headcat routine could insert a linebreak which the relaxer would reduce
1300 to a single space preceding the terminating semicolon, resulting in an
1301 incorrect header-hash. */
1302 hdr = pdkim_headcat(&col, hdr, US";", US"b=;", US"");
1303 }
1304
1305 return string_from_gstring(hdr);
1306 }
1307
1308
1309 /* -------------------------------------------------------------------------- */
1310
1311 static pdkim_pubkey *
1312 pdkim_key_from_dns(pdkim_ctx * ctx, pdkim_signature * sig, ev_ctx * vctx,
1313 const uschar ** errstr)
1314 {
1315 uschar * dns_txt_name, * dns_txt_reply;
1316 pdkim_pubkey * p;
1317
1318 /* Fetch public key for signing domain, from DNS */
1319
1320 dns_txt_name = string_sprintf("%s._domainkey.%s.", sig->selector, sig->domain);
1321
1322 if ( !(dns_txt_reply = ctx->dns_txt_callback(CS dns_txt_name))
1323 || dns_txt_reply[0] == '\0'
1324 )
1325 {
1326 sig->verify_status = PDKIM_VERIFY_INVALID;
1327 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE;
1328 return NULL;
1329 }
1330
1331 DEBUG(D_acl)
1332 {
1333 debug_printf(
1334 "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"
1335 " %s\n"
1336 " Raw record: ",
1337 dns_txt_name);
1338 pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply));
1339 }
1340
1341 if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply))
1342 || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0)
1343 )
1344 {
1345 sig->verify_status = PDKIM_VERIFY_INVALID;
1346 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD;
1347
1348 DEBUG(D_acl)
1349 {
1350 if (p)
1351 debug_printf(" Invalid public key service type '%s'\n", p->srvtype);
1352 else
1353 debug_printf(" Error while parsing public key record\n");
1354 debug_printf(
1355 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1356 }
1357 return NULL;
1358 }
1359
1360 DEBUG(D_acl) debug_printf(
1361 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1362
1363 /* Import public key */
1364
1365 if ((*errstr = exim_dkim_verify_init(&p->key,
1366 sig->keytype == KEYTYPE_ED25519 ? KEYFMT_ED25519_BARE : KEYFMT_DER,
1367 vctx)))
1368 {
1369 DEBUG(D_acl) debug_printf("verify_init: %s\n", *errstr);
1370 sig->verify_status = PDKIM_VERIFY_INVALID;
1371 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT;
1372 return NULL;
1373 }
1374
1375 vctx->keytype = sig->keytype;
1376 return p;
1377 }
1378
1379
1380 /* -------------------------------------------------------------------------- */
1381
1382 DLLEXPORT int
1383 pdkim_feed_finish(pdkim_ctx * ctx, pdkim_signature ** return_signatures,
1384 const uschar ** err)
1385 {
1386 pdkim_bodyhash * b;
1387 pdkim_signature * sig;
1388 BOOL verify_pass = FALSE;
1389 es_ctx sctx;
1390
1391 /* Check if we must still flush a (partial) header. If that is the
1392 case, the message has no body, and we must compute a body hash
1393 out of '<CR><LF>' */
1394 if (ctx->cur_header && ctx->cur_header->ptr > 0)
1395 {
1396 blob * rnl = NULL;
1397 int rc;
1398
1399 if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
1400 return rc;
1401
1402 for (b = ctx->bodyhash; b; b = b->next)
1403 rnl = pdkim_update_ctx_bodyhash(b, &lineending, rnl);
1404 if (rnl) store_free(rnl);
1405 }
1406 else
1407 DEBUG(D_acl) debug_printf(
1408 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1409
1410 if (!ctx->sig)
1411 {
1412 DEBUG(D_acl) debug_printf("PDKIM: no signatures\n");
1413 return PDKIM_OK;
1414 }
1415
1416 /* Build (and/or evaluate) body hash */
1417 pdkim_finish_bodyhash(ctx);
1418
1419 for (sig = ctx->sig; sig; sig = sig->next)
1420 {
1421 hctx hhash_ctx;
1422 uschar * sig_hdr = US"";
1423 blob hhash;
1424 gstring * hdata = NULL;
1425 es_ctx sctx;
1426
1427 /*XXX The hash of the headers is needed for GCrypt (for which we can do RSA
1428 suging only, as it happens) and for either GnuTLS and OpenSSL when we are
1429 signing with EC (specifically, Ed25519). The former is because the GCrypt
1430 signing operation is pure (does not do its own hash) so we must hash. The
1431 latter is because we (stupidly, but this is what the IETF draft is saying)
1432 must hash with the declared hash method, then pass the result to the library
1433 hash-and-sign routine (because that's all the libraries are providing. And
1434 we're stuck with whatever that hidden hash method is, too). We may as well
1435 do this hash incrementally.
1436 We don't need the hash we're calculating here for the GnuTLS and OpenSSL
1437 cases of RSA signing, since those library routines can do hash-and-sign.
1438
1439 Some time in the future we could easily avoid doing the hash here for those
1440 cases (which will be common for a long while. We could also change from
1441 the current copy-all-the-headers-into-one-block, then call the hash-and-sign
1442 implementation - to a proper incremental one. Unfortunately, GnuTLS just
1443 cannot do incremental - either signing or verification. Unsure about GCrypt.
1444 */
1445
1446 /*XXX The header hash is also used (so far) by the verify operation */
1447
1448 if (!exim_sha_init(&hhash_ctx, pdkim_hashes[sig->hashtype].exim_hashmethod))
1449 {
1450 log_write(0, LOG_MAIN|LOG_PANIC,
1451 "PDKIM: hash setup error, possibly nonhandled hashtype");
1452 break;
1453 }
1454
1455 if (ctx->flags & PDKIM_MODE_SIGN)
1456 DEBUG(D_acl) debug_printf(
1457 "PDKIM >> Headers to be signed: >>>>>>>>>>>>\n"
1458 " %s\n",
1459 sig->sign_headers);
1460
1461 DEBUG(D_acl) debug_printf(
1462 "PDKIM >> Header data for hash, canonicalized (%-7s), in sequence >>\n",
1463 pdkim_canons[sig->canon_headers]);
1464
1465
1466 /* SIGNING ---------------------------------------------------------------- */
1467 /* When signing, walk through our header list and add them to the hash. As we
1468 go, construct a list of the header's names to use for the h= parameter.
1469 Then append to that list any remaining header names for which there was no
1470 header to sign. */
1471
1472 if (ctx->flags & PDKIM_MODE_SIGN)
1473 {
1474 gstring * g = NULL;
1475 pdkim_stringlist *p;
1476 const uschar * l;
1477 uschar * s;
1478 int sep = 0;
1479
1480 /* Import private key, including the keytype which we need for building
1481 the signature header */
1482
1483 /*XXX extend for non-RSA algos */
1484 if ((*err = exim_dkim_signing_init(US sig->privkey, &sctx)))
1485 {
1486 log_write(0, LOG_MAIN|LOG_PANIC, "signing_init: %s", *err);
1487 return PDKIM_ERR_RSA_PRIVKEY;
1488 }
1489 sig->keytype = sctx.keytype;
1490
1491 for (sig->headernames = NULL, /* Collected signed header names */
1492 p = sig->headers; p; p = p->next)
1493 {
1494 uschar * rh = p->value;
1495
1496 if (header_name_match(rh, sig->sign_headers) == PDKIM_OK)
1497 {
1498 /* Collect header names (Note: colon presence is guaranteed here) */
1499 g = string_append_listele_n(g, ':', rh, Ustrchr(rh, ':') - rh);
1500
1501 if (sig->canon_headers == PDKIM_CANON_RELAXED)
1502 rh = pdkim_relax_header(rh, TRUE); /* cook header for relaxed canon */
1503
1504 /* Feed header to the hash algorithm */
1505 exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh));
1506
1507 /* Remember headers block for signing (when the library cannot do incremental) */
1508 /*XXX we could avoid doing this for all but the GnuTLS/RSA case */
1509 hdata = exim_dkim_data_append(hdata, rh);
1510
1511 DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
1512 }
1513 }
1514
1515 /* Any headers we wanted to sign but were not present must also be listed.
1516 Ignore elements that have been ticked-off or are marked as never-oversign. */
1517
1518 l = sig->sign_headers;
1519 while((s = string_nextinlist(&l, &sep, NULL, 0)))
1520 {
1521 if (*s == '+') /* skip oversigning marker */
1522 s++;
1523 if (*s != '_' && *s != '=')
1524 g = string_append_listele(g, ':', s);
1525 }
1526 sig->headernames = string_from_gstring(g);
1527
1528 /* Create signature header with b= omitted */
1529 sig_hdr = pdkim_create_header(sig, FALSE);
1530 }
1531
1532 /* VERIFICATION ----------------------------------------------------------- */
1533 /* When verifying, walk through the header name list in the h= parameter and
1534 add the headers to the hash in that order. */
1535 else
1536 {
1537 uschar * p = sig->headernames;
1538 uschar * q;
1539 pdkim_stringlist * hdrs;
1540
1541 if (p)
1542 {
1543 /* clear tags */
1544 for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next)
1545 hdrs->tag = 0;
1546
1547 p = string_copy(p);
1548 while(1)
1549 {
1550 if ((q = Ustrchr(p, ':')))
1551 *q = '\0';
1552
1553 /*XXX walk the list of headers in same order as received. */
1554 for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next)
1555 if ( hdrs->tag == 0
1556 && strncasecmp(CCS hdrs->value, CCS p, Ustrlen(p)) == 0
1557 && (hdrs->value)[Ustrlen(p)] == ':'
1558 )
1559 {
1560 /* cook header for relaxed canon, or just copy it for simple */
1561
1562 uschar * rh = sig->canon_headers == PDKIM_CANON_RELAXED
1563 ? pdkim_relax_header(hdrs->value, TRUE)
1564 : string_copy(CUS hdrs->value);
1565
1566 /* Feed header to the hash algorithm */
1567 exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh));
1568
1569 DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
1570 hdrs->tag = 1;
1571 break;
1572 }
1573
1574 if (!q) break;
1575 p = q+1;
1576 }
1577
1578 sig_hdr = string_copy(sig->rawsig_no_b_val);
1579 }
1580 }
1581
1582 DEBUG(D_acl) debug_printf(
1583 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1584
1585 DEBUG(D_acl)
1586 {
1587 debug_printf(
1588 "PDKIM >> Signed DKIM-Signature header, pre-canonicalized >>>>>>>>>>>>>\n");
1589 pdkim_quoteprint(CUS sig_hdr, Ustrlen(sig_hdr));
1590 debug_printf(
1591 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1592 }
1593
1594 /* Relax header if necessary */
1595 if (sig->canon_headers == PDKIM_CANON_RELAXED)
1596 sig_hdr = pdkim_relax_header(sig_hdr, FALSE);
1597
1598 DEBUG(D_acl)
1599 {
1600 debug_printf("PDKIM >> Signed DKIM-Signature header, canonicalized (%-7s) >>>>>>>\n",
1601 pdkim_canons[sig->canon_headers]);
1602 pdkim_quoteprint(CUS sig_hdr, Ustrlen(sig_hdr));
1603 debug_printf(
1604 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1605 }
1606
1607 /* Finalize header hash */
1608 exim_sha_update(&hhash_ctx, CUS sig_hdr, Ustrlen(sig_hdr));
1609 exim_sha_finish(&hhash_ctx, &hhash);
1610
1611 DEBUG(D_acl)
1612 {
1613 debug_printf("PDKIM [%s] Header %s computed: ",
1614 sig->domain, pdkim_hashes[sig->hashtype].dkim_hashname);
1615 pdkim_hexprint(hhash.data, hhash.len);
1616 }
1617
1618 /* Remember headers block for signing (when the signing library cannot do
1619 incremental) */
1620 if (ctx->flags & PDKIM_MODE_SIGN)
1621 hdata = exim_dkim_data_append(hdata, US sig_hdr);
1622
1623 /* SIGNING ---------------------------------------------------------------- */
1624 if (ctx->flags & PDKIM_MODE_SIGN)
1625 {
1626 hashmethod hm = sig->keytype == KEYTYPE_ED25519
1627 ? HASH_SHA2_512 : pdkim_hashes[sig->hashtype].exim_hashmethod;
1628
1629 #ifdef SIGN_HAVE_ED25519
1630 /* For GCrypt, and for EC, we pass the hash-of-headers to the signing
1631 routine. For anything else we just pass the headers. */
1632
1633 if (sig->keytype != KEYTYPE_ED25519)
1634 #endif
1635 {
1636 hhash.data = hdata->s;
1637 hhash.len = hdata->ptr;
1638 }
1639
1640 /*XXX extend for non-RSA algos */
1641 /*- done for GnuTLS */
1642 if ((*err = exim_dkim_sign(&sctx, hm, &hhash, &sig->sighash)))
1643 {
1644 log_write(0, LOG_MAIN|LOG_PANIC, "signing: %s", *err);
1645 return PDKIM_ERR_RSA_SIGNING;
1646 }
1647
1648 DEBUG(D_acl)
1649 {
1650 debug_printf( "PDKIM [%s] b computed: ", sig->domain);
1651 pdkim_hexprint(sig->sighash.data, sig->sighash.len);
1652 }
1653
1654 sig->signature_header = pdkim_create_header(sig, TRUE);
1655 }
1656
1657 /* VERIFICATION ----------------------------------------------------------- */
1658 else
1659 {
1660 ev_ctx vctx;
1661
1662 /* Make sure we have all required signature tags */
1663 if (!( sig->domain && *sig->domain
1664 && sig->selector && *sig->selector
1665 && sig->headernames && *sig->headernames
1666 && sig->bodyhash.data
1667 && sig->sighash.data
1668 && sig->keytype >= 0
1669 && sig->hashtype >= 0
1670 && sig->version
1671 ) )
1672 {
1673 sig->verify_status = PDKIM_VERIFY_INVALID;
1674 sig->verify_ext_status = PDKIM_VERIFY_INVALID_SIGNATURE_ERROR;
1675
1676 DEBUG(D_acl) debug_printf(
1677 " Error in DKIM-Signature header: tags missing or invalid\n"
1678 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1679 goto NEXT_VERIFY;
1680 }
1681
1682 /* Make sure sig uses supported DKIM version (only v1) */
1683 if (sig->version != 1)
1684 {
1685 sig->verify_status = PDKIM_VERIFY_INVALID;
1686 sig->verify_ext_status = PDKIM_VERIFY_INVALID_DKIM_VERSION;
1687
1688 DEBUG(D_acl) debug_printf(
1689 " Error in DKIM-Signature header: unsupported DKIM version\n"
1690 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1691 goto NEXT_VERIFY;
1692 }
1693
1694 DEBUG(D_acl)
1695 {
1696 debug_printf( "PDKIM [%s] b from mail: ", sig->domain);
1697 pdkim_hexprint(sig->sighash.data, sig->sighash.len);
1698 }
1699
1700 if (!(sig->pubkey = pdkim_key_from_dns(ctx, sig, &vctx, err)))
1701 {
1702 log_write(0, LOG_MAIN, "PDKIM: %s%s %s%s [failed key import]",
1703 sig->domain ? "d=" : "", sig->domain ? sig->domain : US"",
1704 sig->selector ? "s=" : "", sig->selector ? sig->selector : US"");
1705 goto NEXT_VERIFY;
1706 }
1707
1708 /* If the pubkey limits to a list of specific hashes, ignore sigs that
1709 do not have the hash part of the sig algorithm matching */
1710
1711 if (sig->pubkey->hashes)
1712 {
1713 const uschar * list = sig->pubkey->hashes, * ele;
1714 int sep = ':';
1715 while ((ele = string_nextinlist(&list, &sep, NULL, 0)))
1716 if (Ustrcmp(ele, pdkim_hashes[sig->hashtype].dkim_hashname) == 0) break;
1717 if (!ele)
1718 {
1719 DEBUG(D_acl) debug_printf("pubkey h=%s vs. sig a=%s_%s\n",
1720 sig->pubkey->hashes,
1721 pdkim_keytypes[sig->keytype],
1722 pdkim_hashes[sig->hashtype].dkim_hashname);
1723 sig->verify_status = PDKIM_VERIFY_FAIL;
1724 sig->verify_ext_status = PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH;
1725 goto NEXT_VERIFY;
1726 }
1727 }
1728
1729 /* Check the signature */
1730 /*XXX extend for non-RSA algos */
1731 /*- done for GnuTLS */
1732 if ((*err = exim_dkim_verify(&vctx,
1733 pdkim_hashes[sig->hashtype].exim_hashmethod,
1734 &hhash, &sig->sighash)))
1735 {
1736 DEBUG(D_acl) debug_printf("headers verify: %s\n", *err);
1737 sig->verify_status = PDKIM_VERIFY_FAIL;
1738 sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
1739 goto NEXT_VERIFY;
1740 }
1741
1742
1743 /* We have a winner! (if bodyhash was correct earlier) */
1744 if (sig->verify_status == PDKIM_VERIFY_NONE)
1745 {
1746 sig->verify_status = PDKIM_VERIFY_PASS;
1747 verify_pass = TRUE;
1748 }
1749
1750 NEXT_VERIFY:
1751
1752 DEBUG(D_acl)
1753 {
1754 debug_printf("PDKIM [%s] %s signature status: %s",
1755 sig->domain, dkim_sig_to_a_tag(sig),
1756 pdkim_verify_status_str(sig->verify_status));
1757 if (sig->verify_ext_status > 0)
1758 debug_printf(" (%s)\n",
1759 pdkim_verify_ext_status_str(sig->verify_ext_status));
1760 else
1761 debug_printf("\n");
1762 }
1763 }
1764 }
1765
1766 /* If requested, set return pointer to signature(s) */
1767 if (return_signatures)
1768 *return_signatures = ctx->sig;
1769
1770 return ctx->flags & PDKIM_MODE_SIGN || verify_pass
1771 ? PDKIM_OK : PDKIM_FAIL;
1772 }
1773
1774
1775 /* -------------------------------------------------------------------------- */
1776
1777 DLLEXPORT pdkim_ctx *
1778 pdkim_init_verify(uschar * (*dns_txt_callback)(char *), BOOL dot_stuffing)
1779 {
1780 pdkim_ctx * ctx;
1781
1782 ctx = store_get(sizeof(pdkim_ctx));
1783 memset(ctx, 0, sizeof(pdkim_ctx));
1784
1785 if (dot_stuffing) ctx->flags = PDKIM_DOT_TERM;
1786 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
1787 ctx->dns_txt_callback = dns_txt_callback;
1788
1789 return ctx;
1790 }
1791
1792
1793 /* -------------------------------------------------------------------------- */
1794
1795 DLLEXPORT pdkim_signature *
1796 pdkim_init_sign(pdkim_ctx * ctx,
1797 uschar * domain, uschar * selector, uschar * privkey,
1798 uschar * hashname, const uschar ** errstr)
1799 {
1800 int hashtype;
1801 pdkim_signature * sig;
1802
1803 if (!domain || !selector || !privkey)
1804 return NULL;
1805
1806 /* Allocate & init one signature struct */
1807
1808 sig = store_get(sizeof(pdkim_signature));
1809 memset(sig, 0, sizeof(pdkim_signature));
1810
1811 sig->bodylength = -1;
1812
1813 sig->domain = string_copy(US domain);
1814 sig->selector = string_copy(US selector);
1815 sig->privkey = string_copy(US privkey);
1816 sig->keytype = -1;
1817
1818 for (hashtype = 0; hashtype < nelem(pdkim_hashes); hashtype++)
1819 if (Ustrcmp(hashname, pdkim_hashes[hashtype].dkim_hashname) == 0)
1820 { sig->hashtype = hashtype; break; }
1821 if (hashtype >= nelem(pdkim_hashes))
1822 {
1823 log_write(0, LOG_MAIN|LOG_PANIC,
1824 "PDKIM: unrecognised hashname '%s'", hashname);
1825 return NULL;
1826 }
1827
1828 DEBUG(D_acl)
1829 {
1830 pdkim_signature s = *sig;
1831 ev_ctx vctx;
1832
1833 debug_printf("PDKIM (checking verify key)>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1834 if (!pdkim_key_from_dns(ctx, &s, &vctx, errstr))
1835 debug_printf("WARNING: bad dkim key in dns\n");
1836 debug_printf("PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1837 }
1838 return sig;
1839 }
1840
1841
1842 /* -------------------------------------------------------------------------- */
1843
1844 DLLEXPORT void
1845 pdkim_set_optional(pdkim_signature * sig,
1846 char * sign_headers,
1847 char * identity,
1848 int canon_headers,
1849 int canon_body,
1850 long bodylength,
1851 unsigned long created,
1852 unsigned long expires)
1853 {
1854 if (identity)
1855 sig->identity = string_copy(US identity);
1856
1857 sig->sign_headers = string_copy(sign_headers
1858 ? US sign_headers : US PDKIM_DEFAULT_SIGN_HEADERS);
1859
1860 sig->canon_headers = canon_headers;
1861 sig->canon_body = canon_body;
1862 sig->bodylength = bodylength;
1863 sig->created = created;
1864 sig->expires = expires;
1865
1866 return;
1867 }
1868
1869
1870
1871 /* Set up a blob for calculating the bodyhash according to the
1872 needs of this signature. Use an existing one if possible, or
1873 create a new one.
1874
1875 Return: hashblob pointer, or NULL on error (only used as a boolean).
1876 */
1877 pdkim_bodyhash *
1878 pdkim_set_bodyhash(pdkim_ctx * ctx, pdkim_signature * sig)
1879 {
1880 pdkim_bodyhash * b;
1881
1882 for (b = ctx->bodyhash; b; b = b->next)
1883 if ( sig->hashtype == b->hashtype
1884 && sig->canon_body == b->canon_method
1885 && sig->bodylength == b->bodylength)
1886 goto old;
1887
1888 b = store_get(sizeof(pdkim_bodyhash));
1889 b->next = ctx->bodyhash;
1890 b->hashtype = sig->hashtype;
1891 b->canon_method = sig->canon_body;
1892 b->bodylength = sig->bodylength;
1893 if (!exim_sha_init(&b->body_hash_ctx, /*XXX hash method: extend for sha512 */
1894 pdkim_hashes[sig->hashtype].exim_hashmethod))
1895 {
1896 DEBUG(D_acl)
1897 debug_printf("PDKIM: hash init error, possibly nonhandled hashtype\n");
1898 return NULL;
1899 }
1900 b->signed_body_bytes = 0;
1901 b->num_buffered_blanklines = 0;
1902 ctx->bodyhash = b;
1903
1904 old:
1905 sig->calc_body_hash = b;
1906 return b;
1907 }
1908
1909
1910 /* -------------------------------------------------------------------------- */
1911
1912
1913 void
1914 pdkim_init_context(pdkim_ctx * ctx, BOOL dot_stuffed,
1915 uschar * (*dns_txt_callback)(char *))
1916 {
1917 memset(ctx, 0, sizeof(pdkim_ctx));
1918 ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
1919 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
1920 DEBUG(D_acl) ctx->dns_txt_callback = dns_txt_callback;
1921 }
1922
1923
1924 void
1925 pdkim_init(void)
1926 {
1927 exim_dkim_init();
1928 }
1929
1930
1931
1932 #endif /*DISABLE_DKIM*/
Unnamed repository; edit this file 'description' to name the repository.