NULL
};
-typedef struct {
- const uschar * dkim_hashname;
- hashmethod exim_hashmethod;
-} pdkim_hashtype;
-static const pdkim_hashtype pdkim_hashes[] = {
+const pdkim_hashtype pdkim_hashes[] = {
{ US"sha1", HASH_SHA1 },
{ US"sha256", HASH_SHA2_256 },
{ US"sha512", HASH_SHA2_512 }
}
+int
+pdkim_hashname_to_hashtype(const uschar * s, unsigned len)
+{
+int i;
+if (!len) len = Ustrlen(s);
+for (i = 0; i < nelem(pdkim_hashes); i++)
+ if (Ustrncmp(s, pdkim_hashes[i].dkim_hashname, len) == 0)
+ return i;
+return -1;
+}
+
+void
+pdkim_cstring_to_canons(const uschar * s, unsigned len,
+ int * canon_head, int * canon_body)
+{
+int i;
+if (!len) len = Ustrlen(s);
+for (i = 0; pdkim_combined_canons[i].str; i++)
+ if ( Ustrncmp(s, pdkim_combined_canons[i].str, len) == 0
+ && len == Ustrlen(pdkim_combined_canons[i].str))
+ {
+ *canon_head = pdkim_combined_canons[i].canon_headers;
+ *canon_body = pdkim_combined_canons[i].canon_body;
+ break;
+ }
+}
+
+
const char *
pdkim_verify_status_str(int status)
/* -------------------------------------------------------------------------- */
/* Print debugging functions */
-static void
+void
pdkim_quoteprint(const uschar *data, int len)
{
int i;
debug_printf("\n");
}
-static void
+void
pdkim_hexprint(const uschar *data, int len)
{
int i;
/* -------------------------------------------------------------------------- */
/* Performs "relaxed" canonicalization of a header. */
-static uschar *
-pdkim_relax_header(const uschar * header, BOOL append_crlf)
+uschar *
+pdkim_relax_header_n(const uschar * header, int len, BOOL append_crlf)
{
BOOL past_field_name = FALSE;
BOOL seen_wsp = FALSE;
const uschar * p;
-uschar * relaxed = store_get(Ustrlen(header)+3);
+uschar * relaxed = store_get(len+3);
uschar * q = relaxed;
-for (p = header; *p; p++)
+for (p = header; p - header < len; p++)
{
uschar c = *p;
}
+uschar *
+pdkim_relax_header(const uschar * header, BOOL append_crlf)
+{
+return pdkim_relax_header_n(header, Ustrlen(header), append_crlf);
+}
+
+
/* -------------------------------------------------------------------------- */
#define PDKIM_QP_ERROR_DECODE -1
/* -------------------------------------------------------------------------- */
-static void
+void
pdkim_decode_base64(const uschar * str, blob * b)
{
-int dlen;
-dlen = b64decode(str, &b->data);
+int dlen = b64decode(str, &b->data);
if (dlen < 0) b->data = NULL;
b->len = dlen;
}
-static uschar *
+uschar *
pdkim_encode_base64(blob * b)
{
return b64encode(b->data, b->len);
break;
case 'a': /* algorithm */
{
- uschar * s = Ustrchr(cur_val->s, '-');
-
- for(i = 0; i < nelem(pdkim_keytypes); i++)
- if (Ustrncmp(cur_val->s, pdkim_keytypes[i], s - cur_val->s) == 0)
- { sig->keytype = i; break; }
- if (sig->keytype < 0)
- log_write(0, LOG_MAIN,
- "DKIM: ignoring signature due to nonhandled keytype in a=%s",
- cur_val->s);
-
- for (++s, i = 0; i < nelem(pdkim_hashes); i++)
- if (Ustrcmp(s, pdkim_hashes[i].dkim_hashname) == 0)
- { sig->hashtype = i; break; }
- if (sig->hashtype < 0)
- log_write(0, LOG_MAIN,
- "DKIM: ignoring signature due to nonhandled hashtype in a=%s",
- cur_val);
- break;
+ const uschar * list = cur_val->s;
+ int sep = '-';
+ uschar * elem;
+
+ if ((elem = string_nextinlist(&list, &sep, NULL, 0)))
+ for(i = 0; i < nelem(pdkim_keytypes); i++)
+ if (Ustrcmp(elem, pdkim_keytypes[i]) == 0)
+ { sig->keytype = i; break; }
+ if ((elem = string_nextinlist(&list, &sep, NULL, 0)))
+ for (i = 0; i < nelem(pdkim_hashes); i++)
+ if (Ustrcmp(elem, pdkim_hashes[i].dkim_hashname) == 0)
+ { sig->hashtype = i; break; }
}
case 'c': /* canonicalization */
- for (i = 0; pdkim_combined_canons[i].str; i++)
- if (Ustrcmp(cur_val->s, pdkim_combined_canons[i].str) == 0)
- {
- sig->canon_headers = pdkim_combined_canons[i].canon_headers;
- sig->canon_body = pdkim_combined_canons[i].canon_body;
- break;
- }
+ pdkim_cstring_to_canons(cur_val->s, 0,
+ &sig->canon_headers, &sig->canon_body);
break;
case 'q': /* Query method (for pubkey)*/
for (i = 0; pdkim_querymethods[i]; i++)
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
-if (!pdkim_set_bodyhash(ctx, sig))
+if (!pdkim_set_sig_bodyhash(ctx, sig))
return NULL;
return sig;
/* -------------------------------------------------------------------------- */
-static pdkim_pubkey *
-pdkim_parse_pubkey_record(pdkim_ctx *ctx, const uschar *raw_record)
+pdkim_pubkey *
+pdkim_parse_pubkey_record(const uschar *raw_record)
{
const uschar * ele;
int sep = ';';
pdkim_signature * sig;
for (b = ctx->bodyhash; b; b = b->next) /* Finish hashes */
+ {
+ DEBUG(D_acl) debug_printf("PDKIM: finish bodyhash %d/%d/%d len %ld\n",
+ b->hashtype, b->canon_method, b->bodylength, b->signed_body_bytes);
exim_sha_finish(&b->body_hash_ctx, &b->bh);
+ }
/* Traverse all signatures */
for (sig = ctx->sig; sig; sig = sig->next)
--ctx->cur_header->ptr;
(void) string_from_gstring(ctx->cur_header);
+#ifdef EXPERIMENTAL_ARC
+/* Feed the header line to ARC processing */
+(void) arc_header_feed(ctx->cur_header, !(ctx->flags & PDKIM_MODE_SIGN));
+#endif
+
if (++ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
/* SIGNING -------------------------------------------------------------- */
dns_txt_name = string_sprintf("%s._domainkey.%s.", sig->selector, sig->domain);
-if ( !(dns_txt_reply = ctx->dns_txt_callback(CS dns_txt_name))
+if ( !(dns_txt_reply = ctx->dns_txt_callback(dns_txt_name))
|| dns_txt_reply[0] == '\0'
)
{
pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply));
}
-if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply))
+if ( !(p = pdkim_parse_pubkey_record(CUS dns_txt_reply))
|| (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0)
)
{
/* Import public key */
+/* Normally we use the signature a= tag to tell us the pubkey format.
+When signing under debug we do a test-import of the pubkey, and at that
+time we do not have a signature so we must interpret the pubkey k= tag
+instead. Assume writing on the sig is ok in that case. */
+
+if (sig->keytype < 0)
+ {
+ int i;
+ for(i = 0; i < nelem(pdkim_keytypes); i++)
+ if (Ustrcmp(p->keytype, pdkim_keytypes[i]) == 0)
+ { sig->keytype = i; goto k_ok; }
+ DEBUG(D_acl) debug_printf("verify_init: unhandled keytype %s\n", p->keytype);
+ sig->verify_status = PDKIM_VERIFY_INVALID;
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT;
+ return NULL;
+ }
+k_ok:
+
if ((*errstr = exim_dkim_verify_init(&p->key,
sig->keytype == KEYTYPE_ED25519 ? KEYFMT_ED25519_BARE : KEYFMT_DER,
vctx)))
pdkim_bodyhash * b;
pdkim_signature * sig;
BOOL verify_pass = FALSE;
-es_ctx sctx;
/* Check if we must still flush a (partial) header. If that is the
case, the message has no body, and we must compute a body hash
DEBUG(D_acl) debug_printf(
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+/* Build (and/or evaluate) body hash. Do this even if no DKIM sigs, in case we
+have a hash to do for ARC. */
+
+pdkim_finish_bodyhash(ctx);
+
if (!ctx->sig)
{
DEBUG(D_acl) debug_printf("PDKIM: no signatures\n");
+ *return_signatures = NULL;
return PDKIM_OK;
}
-/* Build (and/or evaluate) body hash */
-pdkim_finish_bodyhash(ctx);
-
for (sig = ctx->sig; sig; sig = sig->next)
{
hctx hhash_ctx;
gstring * hdata = NULL;
es_ctx sctx;
+ if ( !(ctx->flags & PDKIM_MODE_SIGN)
+ && sig->verify_status == PDKIM_VERIFY_FAIL)
+ {
+ DEBUG(D_acl)
+ debug_printf("PDKIM: [%s] abandoning this signature\n", sig->domain);
+ continue;
+ }
+
/*XXX The hash of the headers is needed for GCrypt (for which we can do RSA
suging only, as it happens) and for either GnuTLS and OpenSSL when we are
signing with EC (specifically, Ed25519). The former is because the GCrypt
the signature header */
/*XXX extend for non-RSA algos */
- if ((*err = exim_dkim_signing_init(US sig->privkey, &sctx)))
+ if ((*err = exim_dkim_signing_init(CUS sig->privkey, &sctx)))
{
log_write(0, LOG_MAIN|LOG_PANIC, "signing_init: %s", *err);
return PDKIM_ERR_RSA_PRIVKEY;
if (ctx->flags & PDKIM_MODE_SIGN)
{
hashmethod hm = sig->keytype == KEYTYPE_ED25519
- ? HASH_SHA2_512 : pdkim_hashes[sig->hashtype].exim_hashmethod;
+#if defined(SIGN_OPENSSL)
+ ? HASH_NULL
+#else
+ ? HASH_SHA2_512
+#endif
+ : pdkim_hashes[sig->hashtype].exim_hashmethod;
#ifdef SIGN_HAVE_ED25519
/* For GCrypt, and for EC, we pass the hash-of-headers to the signing
hhash.len = hdata->ptr;
}
-/*XXX extend for non-RSA algos */
-/*- done for GnuTLS */
if ((*err = exim_dkim_sign(&sctx, hm, &hhash, &sig->sighash)))
{
log_write(0, LOG_MAIN|LOG_PANIC, "signing: %s", *err);
else
{
ev_ctx vctx;
+ hashmethod hm;
/* Make sure we have all required signature tags */
if (!( sig->domain && *sig->domain
}
}
+ hm = sig->keytype == KEYTYPE_ED25519
+#if defined(SIGN_OPENSSL)
+ ? HASH_NULL
+#else
+ ? HASH_SHA2_512
+#endif
+ : pdkim_hashes[sig->hashtype].exim_hashmethod;
+
/* Check the signature */
-/*XXX extend for non-RSA algos */
-/*- done for GnuTLS */
- if ((*err = exim_dkim_verify(&vctx,
- pdkim_hashes[sig->hashtype].exim_hashmethod,
- &hhash, &sig->sighash)))
+
+ if ((*err = exim_dkim_verify(&vctx, hm, &hhash, &sig->sighash)))
{
DEBUG(D_acl) debug_printf("headers verify: %s\n", *err);
sig->verify_status = PDKIM_VERIFY_FAIL;
/* -------------------------------------------------------------------------- */
DLLEXPORT pdkim_ctx *
-pdkim_init_verify(uschar * (*dns_txt_callback)(char *), BOOL dot_stuffing)
+pdkim_init_verify(uschar * (*dns_txt_callback)(uschar *), BOOL dot_stuffing)
{
pdkim_ctx * ctx;
/* Set up a blob for calculating the bodyhash according to the
-needs of this signature. Use an existing one if possible, or
-create a new one.
+given needs. Use an existing one if possible, or create a new one.
-Return: hashblob pointer, or NULL on error (only used as a boolean).
+Return: hashblob pointer, or NULL on error
*/
pdkim_bodyhash *
-pdkim_set_bodyhash(pdkim_ctx * ctx, pdkim_signature * sig)
+pdkim_set_bodyhash(pdkim_ctx * ctx, int hashtype, int canon_method,
+ long bodylength)
{
pdkim_bodyhash * b;
for (b = ctx->bodyhash; b; b = b->next)
- if ( sig->hashtype == b->hashtype
- && sig->canon_body == b->canon_method
- && sig->bodylength == b->bodylength)
- goto old;
+ if ( hashtype == b->hashtype
+ && canon_method == b->canon_method
+ && bodylength == b->bodylength)
+ {
+ DEBUG(D_receive) debug_printf("PDKIM: using existing bodyhash %d/%d/%ld\n",
+ hashtype, canon_method, bodylength);
+ return b;
+ }
+DEBUG(D_receive) debug_printf("PDKIM: new bodyhash %d/%d/%ld\n",
+ hashtype, canon_method, bodylength);
b = store_get(sizeof(pdkim_bodyhash));
b->next = ctx->bodyhash;
-b->hashtype = sig->hashtype;
-b->canon_method = sig->canon_body;
-b->bodylength = sig->bodylength;
+b->hashtype = hashtype;
+b->canon_method = canon_method;
+b->bodylength = bodylength;
if (!exim_sha_init(&b->body_hash_ctx, /*XXX hash method: extend for sha512 */
- pdkim_hashes[sig->hashtype].exim_hashmethod))
+ pdkim_hashes[hashtype].exim_hashmethod))
{
DEBUG(D_acl)
debug_printf("PDKIM: hash init error, possibly nonhandled hashtype\n");
b->signed_body_bytes = 0;
b->num_buffered_blanklines = 0;
ctx->bodyhash = b;
+return b;
+}
-old:
+
+/* Set up a blob for calculating the bodyhash according to the
+needs of this signature. Use an existing one if possible, or
+create a new one.
+
+Return: hashblob pointer, or NULL on error (only used as a boolean).
+*/
+pdkim_bodyhash *
+pdkim_set_sig_bodyhash(pdkim_ctx * ctx, pdkim_signature * sig)
+{
+pdkim_bodyhash * b = pdkim_set_bodyhash(ctx,
+ sig->hashtype, sig->canon_body, sig->bodylength);
sig->calc_body_hash = b;
return b;
}
void
pdkim_init_context(pdkim_ctx * ctx, BOOL dot_stuffed,
- uschar * (*dns_txt_callback)(char *))
+ uschar * (*dns_txt_callback)(uschar *))
{
memset(ctx, 0, sizeof(pdkim_ctx));
ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;