#define PDKIM_MAX_HEADERS 512
#define PDKIM_MAX_BODY_LINE_LEN 16384
#define PDKIM_DNS_TXT_MAX_NAMELEN 1024
-#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
- "Message-ID:To:Cc:MIME-Version:Content-Type:"\
- "Content-Transfer-Encoding:Content-ID:"\
- "Content-Description:Resent-Date:Resent-From:"\
- "Resent-Sender:Resent-To:Resent-Cc:"\
- "Resent-Message-ID:In-Reply-To:References:"\
- "List-Id:List-Help:List-Unsubscribe:"\
- "List-Subscribe:List-Post:List-Owner:List-Archive"
/* -------------------------------------------------------------------------- */
struct pdkim_stringlist {
pdkim_strtrim(gstring * str)
{
uschar * p = str->s;
-uschar * q = p + str->ptr;
+uschar * q;
while (*p == '\t' || *p == ' ') /* dump the leading whitespace */
{ str->size--; str->ptr--; str->s++; }
while ( str->ptr > 0
- && (q = str->s + str->ptr - 1), *q == '\t' || *q == ' '
+ && ((q = str->s + str->ptr - 1), (*q == '\t' || *q == ' '))
)
str->ptr--; /* dump trailing whitespace */
/* -------------------------------------------------------------------------- */
/* Matches the name of the passed raw "header" against
the passed colon-separated "tick", and invalidates
- the entry in tick. Returns OK or fail-code */
-/*XXX might be safer done using a pdkim_stringlist for "tick" */
+ the entry in tick. Entries can be prefixed for multi- or over-signing,
+ in which case do not invalidate.
+
+ Returns OK for a match, or fail-code
+*/
static int
header_name_match(const uschar * header, uschar * tick)
{
-uschar * hname;
-uschar * lcopy;
-uschar * p;
-uschar * q;
+const uschar * ticklist = tick;
+int sep = ':';
+BOOL multisign;
+uschar * hname, * p, * ele;
uschar * hcolon = Ustrchr(header, ':'); /* Get header name */
if (!hcolon)
/* if we had strncmpic() we wouldn't need this copy */
hname = string_copyn(header, hcolon-header);
-/* Copy tick-off list locally, so we can punch zeroes into it */
-p = lcopy = string_copy(tick);
-
-for (q = Ustrchr(p, ':'); q; q = Ustrchr(p, ':'))
+while (p = US ticklist, ele = string_nextinlist(&ticklist, &sep, NULL, 0))
{
- *q = '\0';
- if (strcmpic(p, hname) == 0)
- goto found;
-
- p = q+1;
+ switch (*ele)
+ {
+ case '=': case '+': multisign = TRUE; ele++; break;
+ default: multisign = FALSE; break;
}
-if (strcmpic(p, hname) == 0)
- goto found;
-
+ if (strcmpic(ele, hname) == 0)
+ {
+ if (!multisign)
+ *p = '_'; /* Invalidate this header name instance in tick-off list */
+ return PDKIM_OK;
+ }
+ }
return PDKIM_FAIL;
-
-found:
- /* Invalidate header name instance in tick-off list */
- tick[p-lcopy] = '_';
- return PDKIM_OK;
}
if (c == ';' || c == '\0')
{
- if (cur_tag && cur_val)
+ /* We must have both tag and value, and tags must be one char except
+ for the possibility of "bh". */
+
+ if ( cur_tag && cur_val
+ && (cur_tag->ptr == 1 || *cur_tag->s == 'b')
+ )
{
(void) string_from_gstring(cur_val);
pdkim_strtrim(cur_val);
switch (*cur_tag->s)
{
case 'b':
- pdkim_decode_base64(cur_val->s,
- cur_tag->s[1] == 'h' ? &sig->bodyhash : &sig->sighash);
+ switch (cur_tag->s[1])
+ {
+ case '\0': pdkim_decode_base64(cur_val->s, &sig->sighash); break;
+ case 'h': if (cur_tag->ptr == 2)
+ pdkim_decode_base64(cur_val->s, &sig->bodyhash);
+ break;
+ default: break;
+ }
break;
case 'v':
/* We only support version 1, and that is currently the
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
-/*XXX hash method: extend for sha512 */
-if (!exim_sha_init(&sig->body_hash_ctx,
- pdkim_hashes[sig->hashtype].exim_hashmethod))
- {
- DEBUG(D_acl)
- debug_printf("PDKIM: hash init error, possibly nonhandled hashtype\n");
+if (!pdkim_set_bodyhash(ctx, sig))
return NULL;
- }
+
return sig;
}
}
/* Set fallback defaults */
-if (!pub->version ) pub->version = string_copy(PDKIM_PUB_RECORD_VERSION);
+if (!pub->version)
+ pub->version = string_copy(PDKIM_PUB_RECORD_VERSION);
else if (Ustrcmp(pub->version, PDKIM_PUB_RECORD_VERSION) != 0)
{
DEBUG(D_acl) debug_printf(" Bad v= field\n");
/* -------------------------------------------------------------------------- */
-/* Update the bodyhash for one sig, with some additional data.
+/* Update one bodyhash with some additional data.
If we have to relax the data for this sig, return our copy of it. */
-/*XXX Currently we calculate a hash for each sig. But it is possible
-that multi-signing will be wanted using different signing algos
-(rsa, ec) using the same hash and canonicalization. Consider in future
-hanging the hash+cacnon from the ctx and only referencing from the sig,
-so that it can be calculated only once - being over the body this
-caould be meagbytes, hence expensive. */
-
static blob *
-pdkim_update_sig_bodyhash(pdkim_signature * sig, blob * orig_data, blob * relaxed_data)
+pdkim_update_ctx_bodyhash(pdkim_bodyhash * b, blob * orig_data, blob * relaxed_data)
{
blob * canon_data = orig_data;
/* Defaults to simple canon (no further treatment necessary) */
-if (sig->canon_body == PDKIM_CANON_RELAXED)
+if (b->canon_method == PDKIM_CANON_RELAXED)
{
/* Relax the line if not done already */
if (!relaxed_data)
}
/* Make sure we don't exceed the to-be-signed body length */
-if ( sig->bodylength >= 0
- && sig->signed_body_bytes + (unsigned long)canon_data->len > sig->bodylength
+if ( b->bodylength >= 0
+ && b->signed_body_bytes + (unsigned long)canon_data->len > b->bodylength
)
- canon_data->len = sig->bodylength - sig->signed_body_bytes;
+ canon_data->len = b->bodylength - b->signed_body_bytes;
if (canon_data->len > 0)
{
- exim_sha_update(&sig->body_hash_ctx, CUS canon_data->data, canon_data->len);
- sig->signed_body_bytes += canon_data->len;
+ exim_sha_update(&b->body_hash_ctx, CUS canon_data->data, canon_data->len);
+ b->signed_body_bytes += canon_data->len;
DEBUG(D_acl) pdkim_quoteprint(canon_data->data, canon_data->len);
}
static void
pdkim_finish_bodyhash(pdkim_ctx * ctx)
{
+pdkim_bodyhash * b;
pdkim_signature * sig;
+for (b = ctx->bodyhash; b; b = b->next) /* Finish hashes */
+ exim_sha_finish(&b->body_hash_ctx, &b->bh);
+
/* Traverse all signatures */
for (sig = ctx->sig; sig; sig = sig->next)
- { /* Finish hashes */
- blob bh;
-
- exim_sha_finish(&sig->body_hash_ctx, &bh);
+ {
+ b = sig->calc_body_hash;
DEBUG(D_acl)
{
debug_printf("PDKIM [%s] Body bytes hashed: %lu\n"
"PDKIM [%s] Body %s computed: ",
- sig->domain, sig->signed_body_bytes,
+ sig->domain, b->signed_body_bytes,
sig->domain, pdkim_hashes[sig->hashtype].dkim_hashname);
- pdkim_hexprint(CUS bh.data, bh.len);
+ pdkim_hexprint(CUS b->bh.data, b->bh.len);
}
/* SIGNING -------------------------------------------------------------- */
if (ctx->flags & PDKIM_MODE_SIGN)
{
- sig->bodyhash = bh;
-
/* If bodylength limit is set, and we have received less bytes
than the requested amount, effectively remove the limit tag. */
- if (sig->signed_body_bytes < sig->bodylength)
+ if (b->signed_body_bytes < sig->bodylength)
sig->bodylength = -1;
}
/* VERIFICATION --------------------------------------------------------- */
/* Be careful that the header sig included a bodyash */
- if (sig->bodyhash.data && memcmp(bh.data, sig->bodyhash.data, bh.len) == 0)
+ if ( sig->bodyhash.data
+ && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
{
DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash verified OK\n", sig->domain);
}
static void
pdkim_body_complete(pdkim_ctx * ctx)
{
-pdkim_signature * sig;
+pdkim_bodyhash * b;
/* In simple body mode, if any empty lines were buffered,
replace with one. rfc 4871 3.4.3 */
it indicates that all linebreaks should be buffered, including
the one terminating a text line */
-for (sig = ctx->sig; sig; sig = sig->next)
- if ( sig->canon_body == PDKIM_CANON_SIMPLE
- && sig->signed_body_bytes == 0
- && sig->num_buffered_blanklines > 0
+for (b = ctx->bodyhash; b; b = b->next)
+ if ( b->canon_method == PDKIM_CANON_SIMPLE
+ && b->signed_body_bytes == 0
+ && b->num_buffered_blanklines > 0
)
- (void) pdkim_update_sig_bodyhash(sig, &lineending, NULL);
+ (void) pdkim_update_ctx_bodyhash(b, &lineending, NULL);
ctx->flags |= PDKIM_SEEN_EOD;
ctx->linebuf_offset = 0;
pdkim_bodyline_complete(pdkim_ctx * ctx)
{
blob line = {.data = ctx->linebuf, .len = ctx->linebuf_offset};
-pdkim_signature * sig;
+pdkim_bodyhash * b;
blob * rnl = NULL;
blob * rline = NULL;
/* Empty lines need to be buffered until we find a non-empty line */
if (memcmp(line.data, "\r\n", 2) == 0)
{
- for (sig = ctx->sig; sig; sig = sig->next) sig->num_buffered_blanklines++;
+ for (b = ctx->bodyhash; b; b = b->next) b->num_buffered_blanklines++;
goto all_skip;
}
-/* Process line for each sig separately */
-for (sig = ctx->sig; sig; sig = sig->next)
+/* Process line for each bodyhash separately */
+for (b = ctx->bodyhash; b; b = b->next)
{
- if (sig->canon_body == PDKIM_CANON_RELAXED)
+ if (b->canon_method == PDKIM_CANON_RELAXED)
{
/* Lines with just spaces need to be buffered too */
uschar * cp = line.data;
while ((c = *cp))
{
if (c == '\r' && cp[1] == '\n') break;
- if (c != ' ' && c != '\t') goto sig_process;
+ if (c != ' ' && c != '\t') goto hash_process;
cp++;
}
- sig->num_buffered_blanklines++;
- goto sig_skip;
+ b->num_buffered_blanklines++;
+ goto hash_skip;
}
-sig_process:
+hash_process:
/* At this point, we have a non-empty line, so release the buffered ones. */
- while (sig->num_buffered_blanklines)
+ while (b->num_buffered_blanklines)
{
- rnl = pdkim_update_sig_bodyhash(sig, &lineending, rnl);
- sig->num_buffered_blanklines--;
+ rnl = pdkim_update_ctx_bodyhash(b, &lineending, rnl);
+ b->num_buffered_blanklines--;
}
- rline = pdkim_update_sig_bodyhash(sig, &line, rline);
-sig_skip: ;
+ rline = pdkim_update_ctx_bodyhash(b, &line, rline);
+hash_skip: ;
}
if (rnl) store_free(rnl);
/* -------------------------------------------------------------------------- */
+/* Signing: create signature header
+*/
static uschar *
pdkim_create_header(pdkim_signature * sig, BOOL final)
{
}
}
-base64_bh = pdkim_encode_base64(&sig->bodyhash);
+base64_bh = pdkim_encode_base64(&sig->calc_body_hash->bh);
hdr = pdkim_headcat(&col, hdr, US";", US"bh=", base64_bh);
/* Optional bits */
dns_txt_name = string_sprintf("%s._domainkey.%s.", sig->selector, sig->domain);
-dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN);
-memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN);
-
-if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK
+if ( !(dns_txt_reply = ctx->dns_txt_callback(CS dns_txt_name))
|| dns_txt_reply[0] == '\0'
)
{
pdkim_feed_finish(pdkim_ctx * ctx, pdkim_signature ** return_signatures,
const uschar ** err)
{
+pdkim_bodyhash * b;
pdkim_signature * sig;
/* Check if we must still flush a (partial) header. If that is the
if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
return rc;
- for (sig = ctx->sig; sig; sig = sig->next)
- rnl = pdkim_update_sig_bodyhash(sig, &lineending, rnl);
+ for (b = ctx->bodyhash; b; b = b->next)
+ rnl = pdkim_update_ctx_bodyhash(b, &lineending, rnl);
if (rnl) store_free(rnl);
}
else
}
}
- /* Any headers we wanted to sign but were not present must also be listed */
+ /* Any headers we wanted to sign but were not present must also be listed.
+ Ignore elements that have been ticked-off or are marked as never-oversign. */
+
l = sig->sign_headers;
while((s = string_nextinlist(&l, &sep, NULL, 0)))
- if (*s != '_')
+ {
+ if (*s == '+') /* skip oversigning marker */
+ s++;
+ if (*s != '_' && *s != '=')
g = string_append_listele(g, ':', s);
+ }
sig->headernames = string_from_gstring(g);
/* Create signature header with b= omitted */
/* -------------------------------------------------------------------------- */
DLLEXPORT pdkim_ctx *
-pdkim_init_verify(int(*dns_txt_callback)(char *, char *), BOOL dot_stuffing)
+pdkim_init_verify(uschar * (*dns_txt_callback)(char *), BOOL dot_stuffing)
{
pdkim_ctx * ctx;
return NULL;
}
-if (!exim_sha_init(&sig->body_hash_ctx, pdkim_hashes[hashtype].exim_hashmethod))
- {
- DEBUG(D_acl)
- debug_printf("PDKIM: hash setup error, possibly nonhandled hashtype\n");
- return NULL;
- }
-
DEBUG(D_acl)
{
pdkim_signature s = *sig;
+/* Set up a blob for calculating the bodyhash according to the
+needs of this signature. Use an existing one if possible, or
+create a new one.
+
+Return: hashblob pointer, or NULL on error (only used as a boolean).
+*/
+pdkim_bodyhash *
+pdkim_set_bodyhash(pdkim_ctx * ctx, pdkim_signature * sig)
+{
+pdkim_bodyhash * b;
+
+for (b = ctx->bodyhash; b; b = b->next)
+ if ( sig->hashtype == b->hashtype
+ && sig->canon_body == b->canon_method
+ && sig->bodylength == b->bodylength)
+ goto old;
+
+b = store_get(sizeof(pdkim_bodyhash));
+b->next = ctx->bodyhash;
+b->hashtype = sig->hashtype;
+b->canon_method = sig->canon_body;
+b->bodylength = sig->bodylength;
+if (!exim_sha_init(&b->body_hash_ctx, /*XXX hash method: extend for sha512 */
+ pdkim_hashes[sig->hashtype].exim_hashmethod))
+ {
+ DEBUG(D_acl)
+ debug_printf("PDKIM: hash init error, possibly nonhandled hashtype\n");
+ return NULL;
+ }
+b->signed_body_bytes = 0;
+b->num_buffered_blanklines = 0;
+ctx->bodyhash = b;
+
+old:
+sig->calc_body_hash = b;
+return b;
+}
+
+
+/* -------------------------------------------------------------------------- */
+
+
void
pdkim_init_context(pdkim_ctx * ctx, BOOL dot_stuffed,
- int(*dns_txt_callback)(char *, char *))
+ uschar * (*dns_txt_callback)(char *))
{
memset(ctx, 0, sizeof(pdkim_ctx));
ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
projects / exim.git / blobdiff