2 * PDKIM - a RFC4871 (DKIM) implementation
4 * Copyright (C) 2009 - 2016 Tom Kistner <tom@duncanthrax.net>
5 * Copyright (C) 2016 Jeremy Harris <jgh@exim.org>
7 * http://duncanthrax.net/pdkim/
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #ifndef DISABLE_DKIM /* entire file */
30 # error Need SUPPORT_TLS for DKIM
33 #include "crypt_ver.h"
36 # include <openssl/rsa.h>
37 # include <openssl/ssl.h>
38 # include <openssl/err.h>
39 #elif defined(RSA_GNUTLS)
40 # include <gnutls/gnutls.h>
41 # include <gnutls/x509.h>
47 #define PDKIM_SIGNATURE_VERSION "1"
48 #define PDKIM_PUB_RECORD_VERSION US "DKIM1"
50 #define PDKIM_MAX_HEADER_LEN 65536
51 #define PDKIM_MAX_HEADERS 512
52 #define PDKIM_MAX_BODY_LINE_LEN 16384
53 #define PDKIM_DNS_TXT_MAX_NAMELEN 1024
54 #define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
55 "Message-ID:To:Cc:MIME-Version:Content-Type:"\
56 "Content-Transfer-Encoding:Content-ID:"\
57 "Content-Description:Resent-Date:Resent-From:"\
58 "Resent-Sender:Resent-To:Resent-Cc:"\
59 "Resent-Message-ID:In-Reply-To:References:"\
60 "List-Id:List-Help:List-Unsubscribe:"\
61 "List-Subscribe:List-Post:List-Owner:List-Archive"
63 /* -------------------------------------------------------------------------- */
64 struct pdkim_stringlist {
70 /* -------------------------------------------------------------------------- */
71 /* A bunch of list constants */
72 const uschar * pdkim_querymethods[] = {
76 const uschar * pdkim_algos[] = {
81 const uschar * pdkim_canons[] = {
86 const uschar * pdkim_hashes[] = {
91 const uschar * pdkim_keytypes[] = {
96 typedef struct pdkim_combined_canon_entry {
100 } pdkim_combined_canon_entry;
102 pdkim_combined_canon_entry pdkim_combined_canons[] = {
103 { US"simple/simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE },
104 { US"simple/relaxed", PDKIM_CANON_SIMPLE, PDKIM_CANON_RELAXED },
105 { US"relaxed/simple", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE },
106 { US"relaxed/relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_RELAXED },
107 { US"simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE },
108 { US"relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE },
113 /* -------------------------------------------------------------------------- */
116 pdkim_verify_status_str(int status)
120 case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE";
121 case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
122 case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL";
123 case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS";
124 default: return "PDKIM_VERIFY_UNKNOWN";
129 pdkim_verify_ext_status_str(int ext_status)
133 case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
134 case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
135 case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
136 case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
137 case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD";
138 case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT";
139 case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: return "PDKIM_VERIFY_INVALID_SIGNATURE_ERROR";
140 case PDKIM_VERIFY_INVALID_DKIM_VERSION: return "PDKIM_VERIFY_INVALID_DKIM_VERSION";
141 default: return "PDKIM_VERIFY_UNKNOWN";
146 pdkim_errstr(int status)
150 case PDKIM_OK: return "OK";
151 case PDKIM_FAIL: return "FAIL";
152 case PDKIM_ERR_RSA_PRIVKEY: return "RSA_PRIVKEY";
153 case PDKIM_ERR_RSA_SIGNING: return "RSA SIGNING";
154 case PDKIM_ERR_LONG_LINE: return "RSA_LONG_LINE";
155 case PDKIM_ERR_BUFFER_TOO_SMALL: return "BUFFER_TOO_SMALL";
156 case PDKIM_SIGN_PRIVKEY_WRAP: return "PRIVKEY_WRAP";
157 case PDKIM_SIGN_PRIVKEY_B64D: return "PRIVKEY_B64D";
158 default: return "(unknown)";
163 /* -------------------------------------------------------------------------- */
164 /* Print debugging functions */
166 pdkim_quoteprint(const uschar *data, int len)
169 for (i = 0; i < len; i++)
171 const int c = data[i];
174 case ' ' : debug_printf("{SP}"); break;
175 case '\t': debug_printf("{TB}"); break;
176 case '\r': debug_printf("{CR}"); break;
177 case '\n': debug_printf("{LF}"); break;
178 case '{' : debug_printf("{BO}"); break;
179 case '}' : debug_printf("{BC}"); break;
181 if ( (c < 32) || (c > 127) )
182 debug_printf("{%02x}", c);
184 debug_printf("%c", c);
192 pdkim_hexprint(const uschar *data, int len)
195 for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]);
201 static pdkim_stringlist *
202 pdkim_prepend_stringlist(pdkim_stringlist * base, const uschar * str)
204 pdkim_stringlist * new_entry = store_get(sizeof(pdkim_stringlist));
206 memset(new_entry, 0, sizeof(pdkim_stringlist));
207 new_entry->value = string_copy(str);
208 if (base) new_entry->next = base;
214 /* Trim whitespace fore & aft */
217 pdkim_strtrim(uschar * str)
221 while (*p == '\t' || *p == ' ') p++; /* skip whitespace */
222 while (*p) {*q = *p; q++; p++;} /* dump the leading whitespace */
224 while (q != str && ( (*q == '\0') || (*q == '\t') || (*q == ' ') ) )
225 { /* dump trailing whitespace */
233 /* -------------------------------------------------------------------------- */
236 pdkim_free_ctx(pdkim_ctx *ctx)
241 /* -------------------------------------------------------------------------- */
242 /* Matches the name of the passed raw "header" against
243 the passed colon-separated "tick", and invalidates
244 the entry in tick. Returns OK or fail-code */
245 /*XXX might be safer done using a pdkim_stringlist for "tick" */
248 header_name_match(const uschar * header, uschar * tick)
254 uschar * hcolon = Ustrchr(header, ':'); /* Get header name */
257 return PDKIM_FAIL; /* This isn't a header */
259 /* if we had strncmpic() we wouldn't need this copy */
260 hname = string_copyn(header, hcolon-header);
262 /* Copy tick-off list locally, so we can punch zeroes into it */
263 p = lcopy = string_copy(tick);
265 for (q = Ustrchr(p, ':'); q; q = Ustrchr(p, ':'))
268 if (strcmpic(p, hname) == 0)
274 if (strcmpic(p, hname) == 0)
280 /* Invalidate header name instance in tick-off list */
286 /* -------------------------------------------------------------------------- */
287 /* Performs "relaxed" canonicalization of a header. */
290 pdkim_relax_header(const uschar * header, int crlf)
292 BOOL past_field_name = FALSE;
293 BOOL seen_wsp = FALSE;
295 uschar * relaxed = store_get(Ustrlen(header)+3);
296 uschar * q = relaxed;
298 for (p = header; *p; p++)
302 if (c == '\r' || c == '\n')
304 if (c == '\t' || c == ' ')
308 c = ' '; /* Turns WSP into SP */
312 if (!past_field_name && c == ':')
314 if (seen_wsp) q--; /* This removes WSP before the colon */
315 seen_wsp = TRUE; /* This removes WSP after the colon */
316 past_field_name = TRUE;
321 /* Lowercase header name */
322 if (!past_field_name) c = tolower(c);
326 if (q > relaxed && q[-1] == ' ') q--; /* Squash eventual trailing SP */
328 if (crlf) { *q++ = '\r'; *q++ = '\n'; }
334 /* -------------------------------------------------------------------------- */
335 #define PDKIM_QP_ERROR_DECODE -1
338 pdkim_decode_qp_char(uschar *qp_p, int *c)
340 uschar *initial_pos = qp_p;
342 /* Advance one char */
345 /* Check for two hex digits and decode them */
346 if (isxdigit(*qp_p) && isxdigit(qp_p[1]))
348 /* Do hex conversion */
349 *c = (isdigit(*qp_p) ? *qp_p - '0' : toupper(*qp_p) - 'A' + 10) << 4;
350 *c |= isdigit(qp_p[1]) ? qp_p[1] - '0' : toupper(qp_p[1]) - 'A' + 10;
354 /* Illegal char here */
355 *c = PDKIM_QP_ERROR_DECODE;
360 /* -------------------------------------------------------------------------- */
363 pdkim_decode_qp(uschar * str)
368 uschar * n = store_get(Ustrlen(str)+1);
376 p = pdkim_decode_qp_char(p, &nchar);
392 /* -------------------------------------------------------------------------- */
395 pdkim_decode_base64(uschar *str, blob * b)
398 dlen = b64decode(str, &b->data);
399 if (dlen < 0) b->data = NULL;
404 pdkim_encode_base64(blob * b)
406 return b64encode(b->data, b->len);
410 /* -------------------------------------------------------------------------- */
411 #define PDKIM_HDR_LIMBO 0
412 #define PDKIM_HDR_TAG 1
413 #define PDKIM_HDR_VALUE 2
415 static pdkim_signature *
416 pdkim_parse_sig_header(pdkim_ctx *ctx, uschar * raw_hdr)
418 pdkim_signature *sig ;
420 uschar * cur_tag = NULL; int ts = 0, tl = 0;
421 uschar * cur_val = NULL; int vs = 0, vl = 0;
422 BOOL past_hname = FALSE;
423 BOOL in_b_val = FALSE;
424 int where = PDKIM_HDR_LIMBO;
427 sig = store_get(sizeof(pdkim_signature));
428 memset(sig, 0, sizeof(pdkim_signature));
429 sig->bodylength = -1;
431 /* Set so invalid/missing data error display is accurate */
435 q = sig->rawsig_no_b_val = store_get(Ustrlen(raw_hdr)+1);
437 for (p = raw_hdr; ; p++)
442 if (c == '\r' || c == '\n')
445 /* Fast-forward through header name */
448 if (c == ':') past_hname = TRUE;
452 if (where == PDKIM_HDR_LIMBO)
454 /* In limbo, just wait for a tag-char to appear */
455 if (!(c >= 'a' && c <= 'z'))
458 where = PDKIM_HDR_TAG;
461 if (where == PDKIM_HDR_TAG)
463 if (c >= 'a' && c <= 'z')
464 cur_tag = string_catn(cur_tag, &ts, &tl, p, 1);
469 if (Ustrcmp(cur_tag, "b") == 0)
474 where = PDKIM_HDR_VALUE;
479 if (where == PDKIM_HDR_VALUE)
481 if (c == '\r' || c == '\n' || c == ' ' || c == '\t')
484 if (c == ';' || c == '\0')
489 pdkim_strtrim(cur_val);
491 DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag, cur_val);
496 if (cur_tag[1] == 'h')
497 pdkim_decode_base64(cur_val, &sig->bodyhash);
499 pdkim_decode_base64(cur_val, &sig->sigdata);
502 /* We only support version 1, and that is currently the
503 only version there is. */
505 Ustrcmp(cur_val, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
508 for (i = 0; pdkim_algos[i]; i++)
509 if (Ustrcmp(cur_val, pdkim_algos[i]) == 0)
516 for (i = 0; pdkim_combined_canons[i].str; i++)
517 if (Ustrcmp(cur_val, pdkim_combined_canons[i].str) == 0)
519 sig->canon_headers = pdkim_combined_canons[i].canon_headers;
520 sig->canon_body = pdkim_combined_canons[i].canon_body;
525 for (i = 0; pdkim_querymethods[i]; i++)
526 if (Ustrcmp(cur_val, pdkim_querymethods[i]) == 0)
528 sig->querymethod = i;
533 sig->selector = string_copy(cur_val); break;
535 sig->domain = string_copy(cur_val); break;
537 sig->identity = pdkim_decode_qp(cur_val); break;
539 sig->created = strtoul(CS cur_val, NULL, 10); break;
541 sig->expires = strtoul(CS cur_val, NULL, 10); break;
543 sig->bodylength = strtol(CS cur_val, NULL, 10); break;
545 sig->headernames = string_copy(cur_val); break;
547 sig->copiedheaders = pdkim_decode_qp(cur_val); break;
549 DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
556 where = PDKIM_HDR_LIMBO;
559 cur_val = string_catn(cur_val, &vs, &vl, p, 1);
571 /* Chomp raw header. The final newline must not be added to the signature. */
572 while (--q > sig->rawsig_no_b_val && (*q == '\r' || *q == '\n'))
578 "PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
579 pdkim_quoteprint(US sig->rawsig_no_b_val, Ustrlen(sig->rawsig_no_b_val));
581 "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sigdata.len*8);
583 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
586 exim_sha_init(&sig->body_hash, sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256);
591 /* -------------------------------------------------------------------------- */
593 static pdkim_pubkey *
594 pdkim_parse_pubkey_record(pdkim_ctx *ctx, const uschar *raw_record)
598 uschar * cur_tag = NULL; int ts = 0, tl = 0;
599 uschar * cur_val = NULL; int vs = 0, vl = 0;
600 int where = PDKIM_HDR_LIMBO;
602 pub = store_get(sizeof(pdkim_pubkey));
603 memset(pub, 0, sizeof(pdkim_pubkey));
605 for (p = raw_record; ; p++)
610 if (c == '\r' || c == '\n')
613 if (where == PDKIM_HDR_LIMBO)
615 /* In limbo, just wait for a tag-char to appear */
616 if (!(c >= 'a' && c <= 'z'))
619 where = PDKIM_HDR_TAG;
622 if (where == PDKIM_HDR_TAG)
624 if (c >= 'a' && c <= 'z')
625 cur_tag = string_catn(cur_tag, &ts, &tl, p, 1);
630 where = PDKIM_HDR_VALUE;
635 if (where == PDKIM_HDR_VALUE)
637 if (c == ';' || c == '\0')
642 pdkim_strtrim(cur_val);
643 DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag, cur_val);
648 /* This tag isn't evaluated because:
649 - We only support version DKIM1.
650 - Which is the default for this value (set below)
651 - Other versions are currently not specified. */
655 pub->hashes = string_copy(cur_val); break;
657 pub->granularity = string_copy(cur_val); break;
659 pub->notes = pdkim_decode_qp(cur_val); break;
661 pdkim_decode_base64(US cur_val, &pub->key);
664 pub->srvtype = string_copy(cur_val); break;
666 if (Ustrchr(cur_val, 'y') != NULL) pub->testing = 1;
667 if (Ustrchr(cur_val, 's') != NULL) pub->no_subdomaining = 1;
670 DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
676 where = PDKIM_HDR_LIMBO;
679 cur_val = string_catn(cur_val, &vs, &vl, p, 1);
683 if (c == '\0') break;
686 /* Set fallback defaults */
687 if (!pub->version ) pub->version = string_copy(PDKIM_PUB_RECORD_VERSION);
688 if (!pub->granularity) pub->granularity = string_copy(US"*");
689 if (!pub->keytype ) pub->keytype = string_copy(US"rsa");
690 if (!pub->srvtype ) pub->srvtype = string_copy(US"*");
700 /* -------------------------------------------------------------------------- */
703 pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len)
705 pdkim_signature *sig = ctx->sig;
706 /* Cache relaxed version of data */
707 uschar *relaxed_data = NULL;
710 /* Traverse all signatures, updating their hashes. */
713 /* Defaults to simple canon (no further treatment necessary) */
714 const uschar *canon_data = CUS data;
717 if (sig->canon_body == PDKIM_CANON_RELAXED)
719 /* Relax the line if not done already */
722 BOOL seen_wsp = FALSE;
726 /* We want to be able to free this else we allocate
727 for the entire message which could be many MB. Since
728 we don't know what allocations the SHA routines might
729 do, not safe to use store_get()/store_reset(). */
731 relaxed_data = malloc(len+1);
733 for (p = data; *p; p++)
738 if (q > 0 && relaxed_data[q-1] == ' ')
741 else if (c == '\t' || c == ' ')
743 c = ' '; /* Turns WSP into SP */
750 relaxed_data[q++] = c;
752 relaxed_data[q] = '\0';
755 canon_data = relaxed_data;
756 canon_len = relaxed_len;
759 /* Make sure we don't exceed the to-be-signed body length */
760 if ( sig->bodylength >= 0
761 && sig->signed_body_bytes + (unsigned long)canon_len > sig->bodylength
763 canon_len = sig->bodylength - sig->signed_body_bytes;
767 exim_sha_update(&sig->body_hash, CUS canon_data, canon_len);
768 sig->signed_body_bytes += canon_len;
769 DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len);
775 if (relaxed_data) free(relaxed_data);
780 /* -------------------------------------------------------------------------- */
783 pdkim_finish_bodyhash(pdkim_ctx *ctx)
785 pdkim_signature *sig;
787 /* Traverse all signatures */
788 for (sig = ctx->sig; sig; sig = sig->next)
789 { /* Finish hashes */
792 exim_sha_finish(&sig->body_hash, &bh);
796 debug_printf("PDKIM [%s] Body bytes hashed: %lu\n"
797 "PDKIM [%s] bh computed: ",
798 sig->domain, sig->signed_body_bytes, sig->domain);
799 pdkim_hexprint(CUS bh.data, bh.len);
802 /* SIGNING -------------------------------------------------------------- */
803 if (ctx->flags & PDKIM_MODE_SIGN)
807 /* If bodylength limit is set, and we have received less bytes
808 than the requested amount, effectively remove the limit tag. */
809 if (sig->signed_body_bytes < sig->bodylength)
810 sig->bodylength = -1;
813 /* VERIFICATION --------------------------------------------------------- */
816 /* Compare bodyhash */
817 if (memcmp(bh.data, sig->bodyhash.data, bh.len) == 0)
819 DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash verified OK\n", sig->domain);
825 debug_printf("PDKIM [%s] bh signature: ", sig->domain);
826 pdkim_hexprint(sig->bodyhash.data,
827 exim_sha_hashlen(&sig->body_hash));
828 debug_printf("PDKIM [%s] Body hash did NOT verify\n", sig->domain);
830 sig->verify_status = PDKIM_VERIFY_FAIL;
831 sig->verify_ext_status = PDKIM_VERIFY_FAIL_BODY;
840 pdkim_body_complete(pdkim_ctx * ctx)
842 pdkim_signature * sig = ctx->sig; /*XXX assumes only one sig */
844 /* In simple body mode, if any empty lines were buffered,
845 replace with one. rfc 4871 3.4.3 */
846 /*XXX checking the signed-body-bytes is a gross hack; I think
847 it indicates that all linebreaks should be buffered, including
848 the one terminating a text line */
850 if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE
851 && sig->signed_body_bytes == 0
852 && ctx->num_buffered_crlf > 0
854 pdkim_update_bodyhash(ctx, "\r\n", 2);
856 ctx->flags |= PDKIM_SEEN_EOD;
857 ctx->linebuf_offset = 0;
863 /* -------------------------------------------------------------------------- */
864 /* Call from pdkim_feed below for processing complete body lines */
867 pdkim_bodyline_complete(pdkim_ctx *ctx)
869 char *p = ctx->linebuf;
870 int n = ctx->linebuf_offset;
871 pdkim_signature *sig = ctx->sig; /*XXX assumes only one sig */
873 /* Ignore extra data if we've seen the end-of-data marker */
874 if (ctx->flags & PDKIM_SEEN_EOD) goto BAIL;
876 /* We've always got one extra byte to stuff a zero ... */
877 ctx->linebuf[ctx->linebuf_offset] = '\0';
879 /* Terminate on EOD marker */
880 if (ctx->flags & PDKIM_DOT_TERM)
882 if ( memcmp(p, ".\r\n", 3) == 0)
883 return pdkim_body_complete(ctx);
886 if (memcmp(p, "..", 2) == 0)
893 /* Empty lines need to be buffered until we find a non-empty line */
894 if (memcmp(p, "\r\n", 2) == 0)
896 ctx->num_buffered_crlf++;
900 if (sig && sig->canon_body == PDKIM_CANON_RELAXED)
902 /* Lines with just spaces need to be buffered too */
904 while (memcmp(check, "\r\n", 2) != 0)
908 if (c != '\t' && c != ' ')
913 ctx->num_buffered_crlf++;
918 /* At this point, we have a non-empty line, so release the buffered ones. */
919 while (ctx->num_buffered_crlf)
921 pdkim_update_bodyhash(ctx, "\r\n", 2);
922 ctx->num_buffered_crlf--;
925 pdkim_update_bodyhash(ctx, p, n);
928 ctx->linebuf_offset = 0;
933 /* -------------------------------------------------------------------------- */
934 /* Callback from pdkim_feed below for processing complete headers */
935 #define DKIM_SIGNATURE_HEADERNAME "DKIM-Signature:"
938 pdkim_header_complete(pdkim_ctx *ctx)
940 /* Special case: The last header can have an extra \r appended */
941 if ( (ctx->cur_header_len > 1) &&
942 (ctx->cur_header[(ctx->cur_header_len)-1] == '\r') )
943 --ctx->cur_header_len;
944 ctx->cur_header[ctx->cur_header_len] = '\0';
947 if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
949 /* SIGNING -------------------------------------------------------------- */
950 if (ctx->flags & PDKIM_MODE_SIGN)
952 pdkim_signature *sig;
954 for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */
956 /* Add header to the signed headers list (in reverse order) */
957 sig->headers = pdkim_prepend_stringlist(sig->headers,
961 /* VERIFICATION ----------------------------------------------------------- */
962 /* DKIM-Signature: headers are added to the verification list */
965 if (strncasecmp(CCS ctx->cur_header,
966 DKIM_SIGNATURE_HEADERNAME,
967 Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0)
969 pdkim_signature *new_sig;
971 /* Create and chain new signature block */
972 DEBUG(D_acl) debug_printf(
973 "PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
975 if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header)))
977 pdkim_signature *last_sig = ctx->sig;
982 while (last_sig->next) last_sig = last_sig->next;
983 last_sig->next = new_sig;
987 DEBUG(D_acl) debug_printf(
988 "Error while parsing signature header\n"
989 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
992 /* every other header is stored for signature verification */
994 ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header);
998 *ctx->cur_header = '\0';
999 ctx->cur_header_len = 0; /* leave buffer for reuse */
1005 /* -------------------------------------------------------------------------- */
1006 #define HEADER_BUFFER_FRAG_SIZE 256
1009 pdkim_feed(pdkim_ctx *ctx, char *data, int len)
1013 /* Alternate EOD signal, used in non-dotstuffing mode */
1015 pdkim_body_complete(ctx);
1017 for (p = 0; p<len; p++)
1021 if (ctx->flags & PDKIM_PAST_HDRS)
1023 /* Processing body byte */
1024 ctx->linebuf[ctx->linebuf_offset++] = c;
1027 int rc = pdkim_bodyline_complete(ctx); /* End of line */
1028 if (rc != PDKIM_OK) return rc;
1030 if (ctx->linebuf_offset == (PDKIM_MAX_BODY_LINE_LEN-1))
1031 return PDKIM_ERR_LONG_LINE;
1035 /* Processing header byte */
1040 if (ctx->flags & PDKIM_SEEN_LF)
1042 int rc = pdkim_header_complete(ctx); /* Seen last header line */
1043 if (rc != PDKIM_OK) return rc;
1045 ctx->flags = ctx->flags & ~PDKIM_SEEN_LF | PDKIM_PAST_HDRS;
1046 DEBUG(D_acl) debug_printf(
1047 "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>\n");
1051 ctx->flags |= PDKIM_SEEN_LF;
1053 else if (ctx->flags & PDKIM_SEEN_LF)
1055 if (!(c == '\t' || c == ' '))
1057 int rc = pdkim_header_complete(ctx); /* End of header */
1058 if (rc != PDKIM_OK) return rc;
1060 ctx->flags &= ~PDKIM_SEEN_LF;
1064 if (ctx->cur_header_len < PDKIM_MAX_HEADER_LEN)
1065 ctx->cur_header = string_catn(ctx->cur_header, &ctx->cur_header_size,
1066 &ctx->cur_header_len, CUS &data[p], 1);
1074 /* Extend a grwong header with a continuation-linebreak */
1076 pdkim_hdr_cont(uschar * str, int * size, int * ptr, int * col)
1079 return string_catn(str, size, ptr, US"\r\n\t", 3);
1085 * RFC 5322 specifies that header line length SHOULD be no more than 78
1089 * returns uschar * (not nul-terminated)
1091 * col: this int holds and receives column number (octets since last '\n')
1092 * str: partial string to append to
1093 * size: current buffer size for str
1094 * ptr: current tail-pointer for str
1095 * pad: padding, split line or space after before or after eg: ";"
1096 * intro: - must join to payload eg "h=", usually the tag name
1097 * payload: eg base64 data - long data can be split arbitrarily.
1099 * this code doesn't fold the header in some of the places that RFC4871
1100 * allows: As per RFC5322(2.2.3) it only folds before or after tag-value
1101 * pairs and inside long values. it also always spaces or breaks after the
1104 * no guarantees are made for output given out-of range input. like tag
1105 * names longer than 78, or bogus col. Input is assumed to be free of line breaks.
1109 pdkim_headcat(int * col, uschar * str, int * size, int * ptr,
1110 const uschar * pad, const uschar * intro, const uschar * payload)
1118 str = pdkim_hdr_cont(str, size, ptr, col);
1119 str = string_catn(str, size, ptr, pad, l);
1123 l = (pad?1:0) + (intro?Ustrlen(intro):0);
1126 { /*can't fit intro - start a new line to make room.*/
1127 str = pdkim_hdr_cont(str, size, ptr, col);
1128 l = intro?Ustrlen(intro):0;
1131 l += payload ? Ustrlen(payload):0 ;
1134 { /* this fragment will not fit on a single line */
1137 str = string_catn(str, size, ptr, US" ", 1);
1139 pad = NULL; /* only want this once */
1145 size_t sl = Ustrlen(intro);
1147 str = string_catn(str, size, ptr, intro, sl);
1150 intro = NULL; /* only want this once */
1155 size_t sl = Ustrlen(payload);
1156 size_t chomp = *col+sl < 77 ? sl : 78-*col;
1158 str = string_catn(str, size, ptr, payload, chomp);
1164 /* the while precondition tells us it didn't fit. */
1165 str = pdkim_hdr_cont(str, size, ptr, col);
1170 str = pdkim_hdr_cont(str, size, ptr, col);
1176 str = string_catn(str, size, ptr, US" ", 1);
1183 size_t sl = Ustrlen(intro);
1185 str = string_catn(str, size, ptr, intro, sl);
1193 size_t sl = Ustrlen(payload);
1195 str = string_catn(str, size, ptr, payload, sl);
1203 /* -------------------------------------------------------------------------- */
1206 pdkim_create_header(pdkim_signature *sig, BOOL final)
1211 uschar * hdr; int hdr_size = 0, hdr_len = 0;
1212 uschar * canon_all; int can_size = 0, can_len = 0;
1214 canon_all = string_cat (NULL, &can_size, &can_len,
1215 pdkim_canons[sig->canon_headers]);
1216 canon_all = string_catn(canon_all, &can_size, &can_len, US"/", 1);
1217 canon_all = string_cat (canon_all, &can_size, &can_len,
1218 pdkim_canons[sig->canon_body]);
1219 canon_all[can_len] = '\0';
1221 hdr = string_cat(NULL, &hdr_size, &hdr_len,
1222 US"DKIM-Signature: v="PDKIM_SIGNATURE_VERSION);
1225 /* Required and static bits */
1226 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"a=",
1227 pdkim_algos[sig->algo]);
1228 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"q=",
1229 pdkim_querymethods[sig->querymethod]);
1230 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"c=",
1232 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"d=",
1234 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"s=",
1237 /* list of header names can be split between items. */
1239 uschar * n = string_copy(sig->headernames);
1240 uschar * i = US"h=";
1245 uschar * c = Ustrchr(n, ':');
1250 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, NULL, NULL, US":");
1252 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, s, i, n);
1263 base64_bh = pdkim_encode_base64(&sig->bodyhash);
1264 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"bh=", base64_bh);
1268 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"i=", sig->identity);
1270 if (sig->created > 0)
1274 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->created);
1275 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"t=", minibuf);
1278 if (sig->expires > 0)
1282 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->expires);
1283 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"x=", minibuf);
1286 if (sig->bodylength >= 0)
1290 snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->bodylength);
1291 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"l=", minibuf);
1294 /* Preliminary or final version? */
1295 base64_b = final ? pdkim_encode_base64(&sig->sigdata) : US"";
1296 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"b=", base64_b);
1298 /* add trailing semicolon: I'm not sure if this is actually needed */
1299 hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, NULL, US";", US"");
1301 hdr[hdr_len] = '\0';
1306 /* -------------------------------------------------------------------------- */
1309 pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures)
1311 pdkim_signature *sig = ctx->sig;
1312 uschar * headernames = NULL; /* Collected signed header names */
1315 /* Check if we must still flush a (partial) header. If that is the
1316 case, the message has no body, and we must compute a body hash
1317 out of '<CR><LF>' */
1318 if (ctx->cur_header && ctx->cur_header_len)
1320 int rc = pdkim_header_complete(ctx);
1321 if (rc != PDKIM_OK) return rc;
1322 pdkim_update_bodyhash(ctx, "\r\n", 2);
1325 DEBUG(D_acl) debug_printf(
1326 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1328 /* Build (and/or evaluate) body hash */
1329 pdkim_finish_bodyhash(ctx);
1333 BOOL is_sha1 = sig->algo == PDKIM_ALGO_RSA_SHA1;
1338 int hdata_alloc = 0;
1343 exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256);
1345 DEBUG(D_acl) debug_printf(
1346 "PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>\n");
1348 /* SIGNING ---------------------------------------------------------------- */
1349 /* When signing, walk through our header list and add them to the hash. As we
1350 go, construct a list of the header's names to use for the h= parameter.
1351 Then append to that list any remaining header names for which there was no
1354 if (ctx->flags & PDKIM_MODE_SIGN)
1356 pdkim_stringlist *p;
1361 for (p = sig->headers; p; p = p->next)
1362 if (header_name_match(p->value, sig->sign_headers) == PDKIM_OK)
1365 /* Collect header names (Note: colon presence is guaranteed here) */
1366 uschar * q = Ustrchr(p->value, ':');
1368 headernames = string_catn(headernames, &hs, &hl,
1369 p->value, (q - US p->value) + (p->next ? 1 : 0));
1371 rh = sig->canon_headers == PDKIM_CANON_RELAXED
1372 ? pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */
1373 : string_copy(CUS p->value); /* just copy it for simple canon */
1375 /* Feed header to the hash algorithm */
1376 exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh));
1378 /* Remember headers block for signing (when the library cannot do incremental) */
1379 (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh);
1381 DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
1384 l = sig->sign_headers;
1385 while((s = string_nextinlist(&l, &sep, NULL, 0)))
1387 { /*SSS string_append_listele() */
1388 if (hl > 0 && headernames[hl-1] != ':')
1389 headernames = string_catn(headernames, &hs, &hl, US":", 1);
1391 headernames = string_cat(headernames, &hs, &hl, s);
1393 headernames[hl] = '\0';
1395 /* Copy headernames to signature struct */
1396 sig->headernames = headernames;
1397 headernames = NULL, hs = hl = 0;
1399 /* Create signature header with b= omitted */
1400 sig_hdr = pdkim_create_header(sig, FALSE);
1403 /* VERIFICATION ----------------------------------------------------------- */
1404 /* When verifying, walk through the header name list in the h= parameter and
1405 add the headers to the hash in that order. */
1408 uschar * b = string_copy(sig->headernames);
1411 pdkim_stringlist * hdrs;
1414 for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next)
1419 if ((q = Ustrchr(p, ':')))
1422 /*XXX walk the list of headers in same order as received. */
1423 for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next)
1425 && strncasecmp(hdrs->value, CS p, Ustrlen(p)) == 0
1426 && (hdrs->value)[Ustrlen(p)] == ':'
1429 uschar * rh = sig->canon_headers == PDKIM_CANON_RELAXED
1430 ? pdkim_relax_header(hdrs->value, 1) /* cook header for relaxed canon */
1431 : string_copy(CUS hdrs->value); /* just copy it for simple canon */
1433 /* Feed header to the hash algorithm */
1434 exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh));
1436 DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
1445 sig_hdr = string_copy(sig->rawsig_no_b_val);
1448 DEBUG(D_acl) debug_printf(
1449 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1451 /* Relax header if necessary */
1452 if (sig->canon_headers == PDKIM_CANON_RELAXED)
1453 sig_hdr = pdkim_relax_header(sig_hdr, 0);
1458 "PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>\n");
1459 pdkim_quoteprint(CUS sig_hdr, Ustrlen(sig_hdr));
1461 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1464 /* Finalize header hash */
1465 exim_sha_update(&hhash_ctx, CUS sig_hdr, Ustrlen(sig_hdr));
1466 exim_sha_finish(&hhash_ctx, &hhash);
1470 debug_printf("PDKIM [%s] hh computed: ", sig->domain);
1471 pdkim_hexprint(hhash.data, hhash.len);
1474 /* Remember headers block for signing (when the library cannot do incremental) */
1475 if (ctx->flags & PDKIM_MODE_SIGN)
1476 (void) exim_rsa_data_append(&hdata, &hdata_alloc, US sig_hdr);
1478 /* SIGNING ---------------------------------------------------------------- */
1479 if (ctx->flags & PDKIM_MODE_SIGN)
1482 const uschar * errstr;
1484 /* Import private key */
1485 if ((errstr = exim_rsa_signing_init(US sig->rsa_privkey, &sctx)))
1487 DEBUG(D_acl) debug_printf("signing_init: %s\n", errstr);
1488 return PDKIM_ERR_RSA_PRIVKEY;
1491 /* Do signing. With OpenSSL we are signing the hash of headers just
1492 calculated, with GnuTLS we have to sign an entire block of headers
1493 (due to available interfaces) and it recalculates the hash internally. */
1495 #if defined(RSA_OPENSSL) || defined(RSA_GCRYPT)
1499 if ((errstr = exim_rsa_sign(&sctx, is_sha1, &hdata, &sig->sigdata)))
1501 DEBUG(D_acl) debug_printf("signing: %s\n", errstr);
1502 return PDKIM_ERR_RSA_SIGNING;
1507 debug_printf( "PDKIM [%s] b computed: ", sig->domain);
1508 pdkim_hexprint(sig->sigdata.data, sig->sigdata.len);
1511 sig->signature_header = pdkim_create_header(sig, TRUE);
1514 /* VERIFICATION ----------------------------------------------------------- */
1518 const uschar * errstr;
1520 uschar *dns_txt_name, *dns_txt_reply;
1522 /* Make sure we have all required signature tags */
1523 if (!( sig->domain && *sig->domain
1524 && sig->selector && *sig->selector
1525 && sig->headernames && *sig->headernames
1526 && sig->bodyhash.data
1527 && sig->sigdata.data
1532 sig->verify_status = PDKIM_VERIFY_INVALID;
1533 sig->verify_ext_status = PDKIM_VERIFY_INVALID_SIGNATURE_ERROR;
1535 DEBUG(D_acl) debug_printf(
1536 " Error in DKIM-Signature header: tags missing or invalid\n"
1537 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1541 /* Make sure sig uses supported DKIM version (only v1) */
1542 if (sig->version != 1)
1544 sig->verify_status = PDKIM_VERIFY_INVALID;
1545 sig->verify_ext_status = PDKIM_VERIFY_INVALID_DKIM_VERSION;
1547 DEBUG(D_acl) debug_printf(
1548 " Error in DKIM-Signature header: unsupported DKIM version\n"
1549 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1553 /* Fetch public key for signing domain, from DNS */
1555 dns_txt_name = string_sprintf("%s._domainkey.%s.",
1556 sig->selector, sig->domain);
1558 dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN);
1559 memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN);
1561 if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK
1562 || dns_txt_reply[0] == '\0')
1564 sig->verify_status = PDKIM_VERIFY_INVALID;
1565 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE;
1572 "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"
1574 pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply));
1577 if (!(sig->pubkey = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply)))
1579 sig->verify_status = PDKIM_VERIFY_INVALID;
1580 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD;
1582 DEBUG(D_acl) debug_printf(
1583 " Error while parsing public key record\n"
1584 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1588 DEBUG(D_acl) debug_printf(
1589 "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1591 /* Import public key */
1592 if ((errstr = exim_rsa_verify_init(&sig->pubkey->key, &vctx)))
1594 DEBUG(D_acl) debug_printf("verify_init: %s\n", errstr);
1595 sig->verify_status = PDKIM_VERIFY_INVALID;
1596 sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT;
1600 /* Check the signature */
1601 if ((errstr = exim_rsa_verify(&vctx, is_sha1, &hhash, &sig->sigdata)))
1603 DEBUG(D_acl) debug_printf("headers verify: %s\n", errstr);
1604 sig->verify_status = PDKIM_VERIFY_FAIL;
1605 sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
1610 /* We have a winner! (if bodydhash was correct earlier) */
1611 if (sig->verify_status == PDKIM_VERIFY_NONE)
1612 sig->verify_status = PDKIM_VERIFY_PASS;
1618 debug_printf("PDKIM [%s] signature status: %s",
1619 sig->domain, pdkim_verify_status_str(sig->verify_status));
1620 if (sig->verify_ext_status > 0)
1621 debug_printf(" (%s)\n",
1622 pdkim_verify_ext_status_str(sig->verify_ext_status));
1631 /* If requested, set return pointer to signature(s) */
1632 if (return_signatures)
1633 *return_signatures = ctx->sig;
1639 /* -------------------------------------------------------------------------- */
1641 DLLEXPORT pdkim_ctx *
1642 pdkim_init_verify(int(*dns_txt_callback)(char *, char *), BOOL dot_stuffing)
1646 ctx = store_get(sizeof(pdkim_ctx));
1647 memset(ctx, 0, sizeof(pdkim_ctx));
1649 if (dot_stuffing) ctx->flags = PDKIM_DOT_TERM;
1650 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
1651 ctx->dns_txt_callback = dns_txt_callback;
1657 /* -------------------------------------------------------------------------- */
1659 DLLEXPORT pdkim_ctx *
1660 pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo,
1664 pdkim_signature *sig;
1666 if (!domain || !selector || !rsa_privkey)
1669 ctx = store_get(sizeof(pdkim_ctx));
1670 memset(ctx, 0, sizeof(pdkim_ctx));
1672 ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
1673 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
1675 sig = store_get(sizeof(pdkim_signature));
1676 memset(sig, 0, sizeof(pdkim_signature));
1678 sig->bodylength = -1;
1681 sig->domain = string_copy(US domain);
1682 sig->selector = string_copy(US selector);
1683 sig->rsa_privkey = string_copy(US rsa_privkey);
1686 exim_sha_init(&sig->body_hash, algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256);
1691 /* -------------------------------------------------------------------------- */
1694 pdkim_set_optional(pdkim_ctx *ctx,
1700 unsigned long created,
1701 unsigned long expires)
1703 pdkim_signature * sig = ctx->sig;
1706 sig->identity = string_copy(US identity);
1708 sig->sign_headers = string_copy(sign_headers
1709 ? US sign_headers : US PDKIM_DEFAULT_SIGN_HEADERS);
1711 sig->canon_headers = canon_headers;
1712 sig->canon_body = canon_body;
1713 sig->bodylength = bodylength;
1714 sig->created = created;
1715 sig->expires = expires;
1729 #endif /*DISABLE_DKIM*/
git://git.exim.org / exim.git / blob