1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4 /* Experimental ARC support for Exim
5 Copyright (c) Jeremy Harris 2018
10 #ifdef EXPERIMENTAL_ARC
11 # if !defined SUPPORT_SPF
12 # error SPF must also be enabled for ARC
13 # elif defined DISABLE_DKIM
14 # error DKIM must also be enabled for ARC
17 # include "functions.h"
18 # include "pdkim/pdkim.h"
19 # include "pdkim/signing.h"
21 extern pdkim_ctx * dkim_verify_ctx;
22 extern pdkim_ctx dkim_sign_ctx;
24 #define ARC_SIGN_OPT_TSTAMP BIT(0)
25 #define ARC_SIGN_OPT_EXPIRE BIT(1)
27 #define ARC_SIGN_DEFAULT_EXPIRE_DELTA (60 * 60 * 24 * 30) /* one month */
29 /******************************************************************************/
31 typedef struct hdr_rlist {
32 struct hdr_rlist * prev;
37 typedef struct arc_line {
38 header_line * complete; /* including the header name; nul-term */
41 /* identified tag contents */
54 /* tag content sub-portions */
61 /* modified copy of b= field in line */
65 typedef struct arc_set {
66 struct arc_set * next;
67 struct arc_set * prev;
74 const uschar * ams_verify_done;
75 BOOL ams_verify_passed;
78 typedef struct arc_ctx {
79 arc_set * arcset_chain;
80 arc_set * arcset_chain_last;
83 #define ARC_HDR_AAR US"ARC-Authentication-Results:"
84 #define ARC_HDRLEN_AAR 27
85 #define ARC_HDR_AMS US"ARC-Message-Signature:"
86 #define ARC_HDRLEN_AMS 22
87 #define ARC_HDR_AS US"ARC-Seal:"
88 #define ARC_HDRLEN_AS 9
89 #define HDR_AR US"Authentication-Results:"
94 static hdr_rlist * headers_rlist;
95 static arc_ctx arc_sign_ctx = { NULL };
96 static arc_ctx arc_verify_ctx = { NULL };
99 /******************************************************************************/
102 /* Get the instance number from the header.
105 arc_instance_from_hdr(const arc_line * al)
107 const uschar * s = al->i.data;
108 if (!s || !al->i.len) return 0;
109 return (unsigned) atoi(CCS s);
117 while (c && (c == ' ' || c == '\t' || c == '\n' || c == '\r')) c = *++s;
122 /* Locate instance struct on chain, inserting a new one if
123 needed. The chain is in increasing-instance-number order
124 by the "next" link, and we have a "prev" link also.
128 arc_find_set(arc_ctx * ctx, unsigned i)
130 arc_set ** pas, * as, * next, * prev;
132 for (pas = &ctx->arcset_chain, prev = NULL, next = ctx->arcset_chain;
133 as = *pas; pas = &as->next)
135 if (as->instance > i) break;
136 if (as->instance == i)
138 DEBUG(D_acl) debug_printf("ARC: existing instance %u\n", i);
145 DEBUG(D_acl) debug_printf("ARC: new instance %u\n", i);
146 *pas = as = store_get(sizeof(arc_set));
147 memset(as, 0, sizeof(arc_set));
154 ctx->arcset_chain_last = as;
160 /* Insert a tag content into the line structure.
161 Note this is a reference to existing data, not a copy.
162 Check for already-seen tag.
163 The string-pointer is on the '=' for entry. Update it past the
164 content (to the ;) on return;
168 arc_insert_tagvalue(arc_line * al, unsigned loff, uschar ** ss)
172 blob * b = (blob *)(US al + loff);
175 /* [FWS] tag-value [FWS] */
177 if (b->data) return US"fail";
178 s = skip_fws(s); /* FWS */
181 while ((c = *s) && c != ';') { len++; s++; }
183 while (len && ((c = s[-1]) == ' ' || c == '\t' || c == '\n' || c == '\r'))
184 { s--; len--; } /* FWS */
190 /* Inspect a header line, noting known tag fields.
191 Check for duplicates. */
194 arc_parse_line(arc_line * al, header_line * h, unsigned off, BOOL instance_only)
196 uschar * s = h->text + off;
197 uschar * r = NULL; /* compiler-quietening */
204 al->rawsig_no_b_val.data = store_get(h->slen + 1);
205 memcpy(al->rawsig_no_b_val.data, h->text, off); /* copy the header name blind */
206 r = al->rawsig_no_b_val.data + off;
207 al->rawsig_no_b_val.len = off;
210 /* tag-list = tag-spec *( ";" tag-spec ) [ ";" ] */
217 uschar * fieldstart = s;
218 uschar * bstart = NULL, * bend;
220 /* tag-spec = [FWS] tag-name [FWS] "=" [FWS] tag-value [FWS] */
222 s = skip_fws(s); /* FWS */
224 /* debug_printf("%s: consider '%s'\n", __FUNCTION__, s); */
226 s = skip_fws(s); /* FWS */
229 if (!instance_only || tagchar == 'i') switch (tagchar)
231 case 'a': /* a= AMS algorithm */
233 if (*s != '=') return US"no 'a' value";
234 if (arc_insert_tagvalue(al, offsetof(arc_line, a), &s)) return US"a tag dup";
236 /* substructure: algo-hash (eg. rsa-sha256) */
238 t = al->a_algo.data = al->a.data;
240 if (!*t++ || ++i > al->a.len) return US"no '-' in 'a' value";
242 if (*t++ != '-') return US"no '-' in 'a' value";
244 al->a_hash.len = al->a.len - i - 1;
253 case '=': /* b= AMS signature */
254 if (al->b.data) return US"already b data";
257 /* The signature can have FWS inserted in the content;
258 make a stripped copy */
260 while ((c = *++s) && c != ';')
261 if (c != ' ' && c != '\t' && c != '\n' && c != '\r')
262 g = string_catn(g, s, 1);
263 al->b.data = string_from_gstring(g);
265 gstring_reset_unused(g);
268 case 'h': /* bh= AMS body hash */
269 s = skip_fws(++s); /* FWS */
270 if (*s != '=') return US"no bh value";
271 if (al->bh.data) return US"already bh data";
273 /* The bodyhash can have FWS inserted in the content;
274 make a stripped copy */
276 while ((c = *++s) && c != ';')
277 if (c != ' ' && c != '\t' && c != '\n' && c != '\r')
278 g = string_catn(g, s, 1);
279 al->bh.data = string_from_gstring(g);
281 gstring_reset_unused(g);
291 case '=': /* c= AMS canonicalisation */
292 if (arc_insert_tagvalue(al, offsetof(arc_line, c), &s)) return US"c tag dup";
294 /* substructure: head/body (eg. relaxed/simple)) */
296 t = al->c_head.data = al->c.data;
298 if (!*t++ || ++i > al->a.len) break;
300 if (*t++ == '/') /* /body is optional */
303 al->c_body.len = al->c.len - i - 1;
307 al->c_body.data = US"simple";
311 case 'v': /* cv= AS validity */
312 if (*++s != '=') return US"cv tag val";
313 if (arc_insert_tagvalue(al, offsetof(arc_line, cv), &s)) return US"cv tag dup";
319 case 'd': /* d= AMS domain */
320 if (*s != '=') return US"d tag val";
321 if (arc_insert_tagvalue(al, offsetof(arc_line, d), &s)) return US"d tag dup";
323 case 'h': /* h= AMS headers */
324 if (*s != '=') return US"h tag val";
325 if (arc_insert_tagvalue(al, offsetof(arc_line, h), &s)) return US"h tag dup";
327 case 'i': /* i= ARC set instance */
328 if (*s != '=') return US"i tag val";
329 if (arc_insert_tagvalue(al, offsetof(arc_line, i), &s)) return US"i tag dup";
330 if (instance_only) goto done;
332 case 'l': /* l= bodylength */
333 if (*s != '=') return US"l tag val";
334 if (arc_insert_tagvalue(al, offsetof(arc_line, l), &s)) return US"l tag dup";
336 case 's': /* s= AMS selector */
337 if (*s != '=') return US"s tag val";
338 if (arc_insert_tagvalue(al, offsetof(arc_line, s), &s)) return US"s tag dup";
342 while ((c = *s) && c != ';') s++;
343 if (c) s++; /* ; after tag-spec */
345 /* for all but the b= tag, copy the field including FWS. For the b=,
346 drop the tag content. */
351 size_t n = bstart - fieldstart;
352 memcpy(r, fieldstart, n); /* FWS "b=" */
354 al->rawsig_no_b_val.len += n;
356 memcpy(r, bend, n); /* FWS ";" */
358 al->rawsig_no_b_val.len += n;
362 size_t n = s - fieldstart;
363 memcpy(r, fieldstart, n);
365 al->rawsig_no_b_val.len += n;
373 /* debug_printf("%s: finshed\n", __FUNCTION__); */
378 /* Insert one header line in the correct set of the chain,
379 adding instances as needed and checking for duplicate lines.
383 arc_insert_hdr(arc_ctx * ctx, header_line * h, unsigned off, unsigned hoff,
388 arc_line * al = store_get(sizeof(arc_line)), ** alp;
391 memset(al, 0, sizeof(arc_line));
393 if ((e = arc_parse_line(al, h, off, instance_only)))
395 DEBUG(D_acl) if (e) debug_printf("ARC: %s\n", e);
396 return US"line parse";
398 if (!(i = arc_instance_from_hdr(al))) return US"instance find";
399 if (i > 50) return US"overlarge instance number";
400 if (!(as = arc_find_set(ctx, i))) return US"set find";
401 if (*(alp = (arc_line **)(US as + hoff))) return US"dup hdr";
410 static const uschar *
411 arc_try_header(arc_ctx * ctx, header_line * h, BOOL instance_only)
415 /*debug_printf("consider hdr '%s'\n", h->text);*/
416 if (strncmpic(ARC_HDR_AAR, h->text, ARC_HDRLEN_AAR) == 0)
422 for (s = h->text + h->slen; s[-1] == '\r' || s[-1] == '\n'; )
424 debug_printf("ARC: found AAR: %.*s\n", len, h->text);
426 if ((e = arc_insert_hdr(ctx, h, ARC_HDRLEN_AAR, offsetof(arc_set, hdr_aar),
429 DEBUG(D_acl) debug_printf("inserting AAR: %s\n", e);
430 return US"inserting AAR";
433 else if (strncmpic(ARC_HDR_AMS, h->text, ARC_HDRLEN_AMS) == 0)
441 for (s = h->text + h->slen; s[-1] == '\r' || s[-1] == '\n'; )
443 debug_printf("ARC: found AMS: %.*s\n", len, h->text);
445 if ((e = arc_insert_hdr(ctx, h, ARC_HDRLEN_AMS, offsetof(arc_set, hdr_ams),
448 DEBUG(D_acl) debug_printf("inserting AMS: %s\n", e);
449 return US"inserting AMS";
453 /*XXX dubious selection of ams here */
454 ams = ctx->arcset_chain->hdr_ams;
457 ams->c_head.data = US"simple"; ams->c_head.len = 6;
458 ams->c_body = ams->c_head;
461 else if (strncmpic(ARC_HDR_AS, h->text, ARC_HDRLEN_AS) == 0)
467 for (s = h->text + h->slen; s[-1] == '\r' || s[-1] == '\n'; )
469 debug_printf("ARC: found AS: %.*s\n", len, h->text);
471 if ((e = arc_insert_hdr(ctx, h, ARC_HDRLEN_AS, offsetof(arc_set, hdr_as),
474 DEBUG(D_acl) debug_printf("inserting AS: %s\n", e);
475 return US"inserting AS";
483 /* Gather the chain of arc sets from the headers.
484 Check for duplicates while that is done. Also build the
485 reverse-order headers list;
487 Return: ARC state if determined, eg. by lack of any ARC chain.
490 static const uschar *
491 arc_vfy_collect_hdrs(arc_ctx * ctx)
494 hdr_rlist * r = NULL, * rprev = NULL;
497 DEBUG(D_acl) debug_printf("ARC: collecting arc sets\n");
498 for (h = header_list; h; h = h->next)
500 r = store_get(sizeof(hdr_rlist));
506 if ((e = arc_try_header(ctx, h, FALSE)))
508 arc_state_reason = string_sprintf("collecting headers: %s", e);
514 if (!ctx->arcset_chain) return US"none";
520 arc_cv_match(arc_line * al, const uschar * s)
522 return Ustrncmp(s, al->cv.data, al->cv.len) == 0;
525 /******************************************************************************/
527 /* Return the hash of headers from the message that the AMS claims it
532 arc_get_verify_hhash(arc_ctx * ctx, arc_line * ams, blob * hhash)
534 const uschar * headernames = string_copyn(ams->h.data, ams->h.len);
538 BOOL relaxed = Ustrncmp(US"relaxed", ams->c_head.data, ams->c_head.len) == 0;
539 int hashtype = pdkim_hashname_to_hashtype(
540 ams->a_hash.data, ams->a_hash.len);
545 if (!exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod))
548 debug_printf("ARC: hash setup error, possibly nonhandled hashtype\n");
552 /* For each headername in the list from the AMS (walking in order)
553 walk the message headers in reverse order, adding to the hash any
554 found for the first time. For that last point, maintain used-marks
555 on the list of message headers. */
557 DEBUG(D_acl) debug_printf("ARC: AMS header data for verification:\n");
559 for (r = headers_rlist; r; r = r->prev)
561 while ((hn = string_nextinlist(&headernames, &sep, NULL, 0)))
562 for (r = headers_rlist; r; r = r->prev)
564 && strncasecmp(CCS (s = r->h->text), CCS hn, Ustrlen(hn)) == 0
567 if (relaxed) s = pdkim_relax_header_n(s, r->h->slen, TRUE);
570 DEBUG(D_acl) pdkim_quoteprint(s, len);
571 exim_sha_update(&hhash_ctx, s, Ustrlen(s));
576 /* Finally add in the signature header (with the b= tag stripped); no CRLF */
578 s = ams->rawsig_no_b_val.data, len = ams->rawsig_no_b_val.len;
580 len = Ustrlen(s = pdkim_relax_header_n(s, len, FALSE));
581 DEBUG(D_acl) pdkim_quoteprint(s, len);
582 exim_sha_update(&hhash_ctx, s, len);
584 exim_sha_finish(&hhash_ctx, hhash);
586 { debug_printf("ARC: header hash: "); pdkim_hexprint(hhash->data, hhash->len); }
593 static pdkim_pubkey *
594 arc_line_to_pubkey(arc_line * al)
599 if (!(dns_txt = dkim_exim_query_dns_txt(string_sprintf("%.*s._domainkey.%.*s",
600 al->s.len, al->s.data, al->d.len, al->d.data))))
602 DEBUG(D_acl) debug_printf("pubkey dns lookup fail\n");
606 if ( !(p = pdkim_parse_pubkey_record(dns_txt))
607 || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0)
610 DEBUG(D_acl) debug_printf("pubkey dns lookup format error\n");
614 /* If the pubkey limits use to specified hashes, reject unusable
615 signatures. XXX should we have looked for multiple dns records? */
619 const uschar * list = p->hashes, * ele;
622 while ((ele = string_nextinlist(&list, &sep, NULL, 0)))
623 if (Ustrncmp(ele, al->a_hash.data, al->a_hash.len) == 0) break;
626 DEBUG(D_acl) debug_printf("pubkey h=%s vs sig a=%.*s\n",
627 p->hashes, (int)al->a.len, al->a.data);
637 static pdkim_bodyhash *
638 arc_ams_setup_vfy_bodyhash(arc_line * ams)
640 int canon_head, canon_body;
643 if (!ams->c.data) ams->c.data = US"simple"; /* RFC 6376 (DKIM) default */
644 pdkim_cstring_to_canons(ams->c.data, ams->c.len, &canon_head, &canon_body);
645 bodylen = ams->l.data
646 ? strtol(CS string_copyn(ams->l.data, ams->l.len), NULL, 10) : -1;
648 return pdkim_set_bodyhash(dkim_verify_ctx,
649 pdkim_hashname_to_hashtype(ams->a_hash.data, ams->a_hash.len),
656 /* Verify an AMS. This is a DKIM-sig header, but with an ARC i= tag
657 and without a DKIM v= tag.
660 static const uschar *
661 arc_ams_verify(arc_ctx * ctx, arc_set * as)
663 arc_line * ams = as->hdr_ams;
670 const uschar * errstr;
672 as->ams_verify_done = US"in-progress";
674 /* Check the AMS has all the required tags:
678 "d=" domain (for key lookup)
679 "h=" headers (included in signature)
680 "s=" key-selector (for key lookup)
682 if ( !ams->a.data || !ams->b.data || !ams->bh.data || !ams->d.data
683 || !ams->h.data || !ams->s.data)
685 as->ams_verify_done = arc_state_reason = US"required tag missing";
690 /* The bodyhash should have been created earlier, and the dkim code should
691 have managed calculating it during message input. Find the reference to it. */
693 if (!(b = arc_ams_setup_vfy_bodyhash(ams)))
695 as->ams_verify_done = arc_state_reason = US"internal hash setup error";
701 debug_printf("ARC i=%d AMS Body bytes hashed: %lu\n"
702 " Body %.*s computed: ",
703 as->instance, b->signed_body_bytes,
704 (int)ams->a_hash.len, ams->a_hash.data);
705 pdkim_hexprint(CUS b->bh.data, b->bh.len);
708 /* We know the bh-tag blob is of a nul-term string, so safe as a string */
711 || (pdkim_decode_base64(ams->bh.data, &sighash), sighash.len != b->bh.len)
712 || memcmp(sighash.data, b->bh.data, b->bh.len) != 0
717 debug_printf("ARC i=%d AMS Body hash from headers: ", as->instance);
718 pdkim_hexprint(sighash.data, sighash.len);
719 debug_printf("ARC i=%d AMS Body hash did NOT match\n", as->instance);
721 return as->ams_verify_done = arc_state_reason = US"AMS body hash miscompare";
724 DEBUG(D_acl) debug_printf("ARC i=%d AMS Body hash compared OK\n", as->instance);
726 /* Get the public key from DNS */
728 if (!(p = arc_line_to_pubkey(ams)))
729 return as->ams_verify_done = arc_state_reason = US"pubkey problem";
731 /* We know the b-tag blob is of a nul-term string, so safe as a string */
732 pdkim_decode_base64(ams->b.data, &sighash);
734 arc_get_verify_hhash(ctx, ams, &hhash);
736 /* Setup the interface to the signing library */
738 if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx)))
740 DEBUG(D_acl) debug_printf("ARC verify init: %s\n", errstr);
741 as->ams_verify_done = arc_state_reason = US"internal sigverify init error";
745 hashtype = pdkim_hashname_to_hashtype(ams->a_hash.data, ams->a_hash.len);
747 if ((errstr = exim_dkim_verify(&vctx,
748 pdkim_hashes[hashtype].exim_hashmethod, &hhash, &sighash)))
750 DEBUG(D_acl) debug_printf("ARC i=%d AMS verify %s\n", as->instance, errstr);
751 return as->ams_verify_done = arc_state_reason = US"AMS sig nonverify";
754 DEBUG(D_acl) debug_printf("ARC i=%d AMS verify pass\n", as->instance);
755 as->ams_verify_passed = TRUE;
761 /* Check the sets are instance-continuous and that all
762 members are present. Check that no arc_seals are "fail".
763 Set the highest instance number global.
764 Verify the latest AMS.
767 arc_headers_check(arc_ctx * ctx)
771 BOOL ams_fail_found = FALSE;
773 if (!(as = ctx->arcset_chain))
776 for(inst = 0; as; as = as->next)
778 if ( as->instance != ++inst
779 || !as->hdr_aar || !as->hdr_ams || !as->hdr_as
780 || arc_cv_match(as->hdr_as, US"fail")
783 arc_state_reason = string_sprintf("i=%d"
784 " (cv, sequence or missing header)", as->instance);
785 DEBUG(D_acl) debug_printf("ARC chain fail at %s\n", arc_state_reason);
789 /* Evaluate the oldest-pass AMS validation while we're here.
790 It does not affect the AS chain validation but is reported as
794 if (arc_ams_verify(ctx, as))
795 ams_fail_found = TRUE;
797 arc_oldest_pass = inst;
798 arc_state_reason = NULL;
801 arc_received = ctx->arcset_chain_last;
802 arc_received_instance = inst;
804 /* We can skip the latest-AMS validation, if we already did it. */
806 as = ctx->arcset_chain_last;
807 if (!as->ams_verify_passed)
809 if (as->ams_verify_done)
811 arc_state_reason = as->ams_verify_done;
814 if (!!arc_ams_verify(ctx, as))
821 /******************************************************************************/
822 static const uschar *
823 arc_seal_verify(arc_ctx * ctx, arc_set * as)
825 arc_line * hdr_as = as->hdr_as;
833 const uschar * errstr;
835 DEBUG(D_acl) debug_printf("ARC: AS vfy i=%d\n", as->instance);
837 1. If the value of the "cv" tag on that seal is "fail", the
838 chain state is "fail" and the algorithm stops here. (This
839 step SHOULD be skipped if the earlier step (2.1) was
842 2. In Boolean nomenclature: if ((i == 1 && cv != "none") or (cv
843 == "none" && i != 1)) then the chain state is "fail" and the
844 algorithm stops here (note that the ordering of the logic is
845 structured for short-circuit evaluation).
848 if ( as->instance == 1 && !arc_cv_match(hdr_as, US"none")
849 || arc_cv_match(hdr_as, US"none") && as->instance != 1
852 arc_state_reason = US"seal cv state";
857 3. Initialize a hash function corresponding to the "a" tag of
861 hashtype = pdkim_hashname_to_hashtype(hdr_as->a_hash.data, hdr_as->a_hash.len);
863 if (!exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod))
866 debug_printf("ARC: hash setup error, possibly nonhandled hashtype\n");
867 arc_state_reason = US"seal hash setup error";
872 4. Compute the canonicalized form of the ARC header fields, in
873 the order described in Section 5.4.2, using the "relaxed"
874 header canonicalization defined in Section 3.4.2 of
875 [RFC6376]. Pass the canonicalized result to the hash
878 Headers are CRLF-separated, but the last one is not crlf-terminated.
881 DEBUG(D_acl) debug_printf("ARC: AS header data for verification:\n");
882 for (as2 = ctx->arcset_chain;
883 as2 && as2->instance <= as->instance;
891 if (!(s = al->relaxed))
892 al->relaxed = s = pdkim_relax_header_n(al->complete->text,
893 al->complete->slen, TRUE);
895 DEBUG(D_acl) pdkim_quoteprint(s, len);
896 exim_sha_update(&hhash_ctx, s, len);
899 if (!(s = al->relaxed))
900 al->relaxed = s = pdkim_relax_header_n(al->complete->text,
901 al->complete->slen, TRUE);
903 DEBUG(D_acl) pdkim_quoteprint(s, len);
904 exim_sha_update(&hhash_ctx, s, len);
907 if (as2->instance == as->instance)
908 s = pdkim_relax_header_n(al->rawsig_no_b_val.data,
909 al->rawsig_no_b_val.len, FALSE);
910 else if (!(s = al->relaxed))
911 al->relaxed = s = pdkim_relax_header_n(al->complete->text,
912 al->complete->slen, TRUE);
914 DEBUG(D_acl) pdkim_quoteprint(s, len);
915 exim_sha_update(&hhash_ctx, s, len);
919 5. Retrieve the final digest from the hash function.
922 exim_sha_finish(&hhash_ctx, &hhash_computed);
925 debug_printf("ARC i=%d AS Header %.*s computed: ",
926 as->instance, (int)hdr_as->a_hash.len, hdr_as->a_hash.data);
927 pdkim_hexprint(hhash_computed.data, hhash_computed.len);
932 6. Retrieve the public key identified by the "s" and "d" tags in
933 the ARC-Seal, as described in Section 4.1.6.
936 if (!(p = arc_line_to_pubkey(hdr_as)))
937 return US"pubkey problem";
940 7. Determine whether the signature portion ("b" tag) of the ARC-
941 Seal and the digest computed above are valid according to the
942 public key. (See also Section Section 8.4 for failure case
945 8. If the signature is not valid, the chain state is "fail" and
946 the algorithm stops here.
949 /* We know the b-tag blob is of a nul-term string, so safe as a string */
950 pdkim_decode_base64(hdr_as->b.data, &sighash);
952 if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx)))
954 DEBUG(D_acl) debug_printf("ARC verify init: %s\n", errstr);
958 hashtype = pdkim_hashname_to_hashtype(hdr_as->a_hash.data, hdr_as->a_hash.len);
960 if ((errstr = exim_dkim_verify(&vctx,
961 pdkim_hashes[hashtype].exim_hashmethod,
962 &hhash_computed, &sighash)))
965 debug_printf("ARC i=%d AS headers verify: %s\n", as->instance, errstr);
966 arc_state_reason = US"seal sigverify error";
970 DEBUG(D_acl) debug_printf("ARC: AS vfy i=%d pass\n", as->instance);
975 static const uschar *
976 arc_verify_seals(arc_ctx * ctx)
978 arc_set * as = ctx->arcset_chain;
985 if (arc_seal_verify(ctx, as)) return US"fail";
988 DEBUG(D_acl) debug_printf("ARC: AS vfy overall pass\n");
991 /******************************************************************************/
993 /* Do ARC verification. Called from DATA ACL, on a verify = arc
994 condition. No arguments; we are checking globals.
996 Return: The ARC state, or NULL on error.
1000 acl_verify_arc(void)
1004 memset(&arc_verify_ctx, 0, sizeof(arc_verify_ctx));
1006 if (!dkim_verify_ctx)
1008 DEBUG(D_acl) debug_printf("ARC: no DKIM verify context\n");
1012 /* AS evaluation, per
1013 https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-10#section-6
1015 /* 1. Collect all ARC sets currently on the message. If there were
1016 none, the ARC state is "none" and the algorithm stops here.
1019 if ((res = arc_vfy_collect_hdrs(&arc_verify_ctx)))
1022 /* 2. If the form of any ARC set is invalid (e.g., does not contain
1023 exactly one of each of the three ARC-specific header fields),
1024 then the chain state is "fail" and the algorithm stops here.
1026 1. To avoid the overhead of unnecessary computation and delay
1027 from crypto and DNS operations, the cv value for all ARC-
1028 Seal(s) MAY be checked at this point. If any of the values
1029 are "fail", then the overall state of the chain is "fail" and
1030 the algorithm stops here.
1032 3. Conduct verification of the ARC-Message-Signature header field
1033 bearing the highest instance number. If this verification fails,
1034 then the chain state is "fail" and the algorithm stops here.
1037 if ((res = arc_headers_check(&arc_verify_ctx)))
1040 /* 4. For each ARC-Seal from the "N"th instance to the first, apply the
1043 1. If the value of the "cv" tag on that seal is "fail", the
1044 chain state is "fail" and the algorithm stops here. (This
1045 step SHOULD be skipped if the earlier step (2.1) was
1048 2. In Boolean nomenclature: if ((i == 1 && cv != "none") or (cv
1049 == "none" && i != 1)) then the chain state is "fail" and the
1050 algorithm stops here (note that the ordering of the logic is
1051 structured for short-circuit evaluation).
1053 3. Initialize a hash function corresponding to the "a" tag of
1056 4. Compute the canonicalized form of the ARC header fields, in
1057 the order described in Section 5.4.2, using the "relaxed"
1058 header canonicalization defined in Section 3.4.2 of
1059 [RFC6376]. Pass the canonicalized result to the hash
1062 5. Retrieve the final digest from the hash function.
1064 6. Retrieve the public key identified by the "s" and "d" tags in
1065 the ARC-Seal, as described in Section 4.1.6.
1067 7. Determine whether the signature portion ("b" tag) of the ARC-
1068 Seal and the digest computed above are valid according to the
1069 public key. (See also Section Section 8.4 for failure case
1072 8. If the signature is not valid, the chain state is "fail" and
1073 the algorithm stops here.
1075 5. If all seals pass validation, then the chain state is "pass", and
1076 the algorithm is complete.
1079 if ((res = arc_verify_seals(&arc_verify_ctx)))
1088 /******************************************************************************/
1090 /* Prepend the header to the rlist */
1093 arc_rlist_entry(hdr_rlist * list, const uschar * s, int len)
1095 hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line));
1096 header_line * h = r->h = (header_line *)(r+1);
1105 /* This works for either NL or CRLF lines; also nul-termination */
1107 if (*s == '\n' && s[1] != '\t' && s[1] != ' ') break;
1108 s++; /* move past end of line */
1114 /* Walk the given headers strings identifying each header, and construct
1115 a reverse-order list.
1119 arc_sign_scan_headers(arc_ctx * ctx, gstring * sigheaders)
1122 hdr_rlist * rheaders = NULL;
1124 s = sigheaders ? sigheaders->s : NULL;
1127 const uschar * s2 = s;
1129 /* This works for either NL or CRLF lines; also nul-termination */
1131 if (*s2 == '\n' && s2[1] != '\t' && s2[1] != ' ') break;
1132 s2++; /* move past end of line */
1134 rheaders = arc_rlist_entry(rheaders, s, s2 - s);
1142 /* Return the A-R content, without identity, with line-ending and
1146 arc_sign_find_ar(header_line * headers, const uschar * identity, blob * ret)
1149 int ilen = Ustrlen(identity);
1152 for(h = headers; h; h = h->next)
1154 uschar * s = h->text, c;
1157 if (Ustrncmp(s, HDR_AR, HDRLEN_AR) != 0) continue;
1158 s += HDRLEN_AR, len -= HDRLEN_AR; /* header name */
1160 && (c = *s) && (c == ' ' || c == '\t' || c == '\r' || c == '\n'))
1161 s++, len--; /* FWS */
1162 if (Ustrncmp(s, identity, ilen) != 0) continue;
1163 s += ilen; len -= ilen; /* identity */
1164 if (len <= 0) continue;
1165 if ((c = *s) && c == ';') s++, len--; /* identity terminator */
1167 && (c = *s) && (c == ' ' || c == '\t' || c == '\r' || c == '\n'))
1168 s++, len--; /* FWS */
1169 if (len <= 0) continue;
1179 /* Append a constructed AAR including CRLF. Add it to the arc_ctx too. */
1182 arc_sign_append_aar(gstring * g, arc_ctx * ctx,
1183 const uschar * identity, int instance, blob * ar)
1185 int aar_off = g ? g->ptr : 0;
1186 arc_set * as = store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line));
1187 arc_line * al = (arc_line *)(as+1);
1188 header_line * h = (header_line *)(al+1);
1190 g = string_catn(g, ARC_HDR_AAR, ARC_HDRLEN_AAR);
1191 g = string_cat(g, string_sprintf(" i=%d; %s;\r\n\t", instance, identity));
1192 g = string_catn(g, US ar->data, ar->len);
1194 h->slen = g->ptr - aar_off;
1195 h->text = g->s + aar_off;
1198 as->prev = ctx->arcset_chain_last;
1199 as->instance = instance;
1202 ctx->arcset_chain = as;
1204 ctx->arcset_chain_last->next = as;
1205 ctx->arcset_chain_last = as;
1207 DEBUG(D_transport) debug_printf("ARC: AAR '%.*s'\n", h->slen - 2, h->text);
1214 arc_sig_from_pseudoheader(gstring * hdata, int hashtype, const uschar * privkey,
1215 blob * sig, const uschar * why)
1217 hashmethod hm = /*sig->keytype == KEYTYPE_ED25519*/ FALSE
1218 ? HASH_SHA2_512 : pdkim_hashes[hashtype].exim_hashmethod;
1221 const uschar * errstr;
1226 debug_printf("ARC: %s header data for signing:\n", why);
1227 pdkim_quoteprint(hdata->s, hdata->ptr);
1229 (void) exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod);
1230 exim_sha_update(&hhash_ctx, hdata->s, hdata->ptr);
1231 exim_sha_finish(&hhash_ctx, &hhash);
1232 debug_printf("ARC: header hash: "); pdkim_hexprint(hhash.data, hhash.len);
1235 if (FALSE /*need hash for Ed25519 or GCrypt signing*/ )
1238 (void) exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod);
1239 exim_sha_update(&hhash_ctx, hdata->s, hdata->ptr);
1240 exim_sha_finish(&hhash_ctx, &hhash);
1244 hhash.data = hdata->s;
1245 hhash.len = hdata->ptr;
1248 if ( (errstr = exim_dkim_signing_init(privkey, &sctx))
1249 || (errstr = exim_dkim_sign(&sctx, hm, &hhash, sig)))
1251 log_write(0, LOG_MAIN, "ARC: %s signing: %s\n", why, errstr);
1260 arc_sign_append_sig(gstring * g, blob * sig)
1262 /*debug_printf("%s: raw sig ", __FUNCTION__); pdkim_hexprint(sig->data, sig->len);*/
1263 sig->data = pdkim_encode_base64(sig);
1264 sig->len = Ustrlen(sig->data);
1267 int len = MIN(sig->len, 74);
1268 g = string_catn(g, sig->data, len);
1269 if ((sig->len -= len) == 0) break;
1271 g = string_catn(g, US"\r\n\t ", 5);
1273 g = string_catn(g, US";\r\n", 3);
1274 gstring_reset_unused(g);
1275 string_from_gstring(g);
1280 /* Append a constructed AMS including CRLF. Add it to the arc_ctx too. */
1283 arc_sign_append_ams(gstring * g, arc_ctx * ctx, int instance,
1284 const uschar * identity, const uschar * selector, blob * bodyhash,
1285 hdr_rlist * rheaders, const uschar * privkey, unsigned options)
1288 gstring * hdata = NULL;
1290 int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6); /*XXX hardwired */
1293 arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line));
1294 header_line * h = (header_line *)(al+1);
1296 /* debug_printf("%s\n", __FUNCTION__); */
1298 /* Construct the to-be-signed AMS pseudo-header: everything but the sig. */
1301 g = string_append(g, 7,
1303 US" i=", string_sprintf("%d", instance),
1304 US"; a=rsa-sha256; c=relaxed; d=", identity, /*XXX hardwired */
1305 US"; s=", selector);
1306 if (options & ARC_SIGN_OPT_TSTAMP)
1307 g = string_append(g, 2,
1308 US"; t=", string_sprintf("%lu", (u_long)now));
1309 if (options & ARC_SIGN_OPT_EXPIRE)
1310 g = string_append(g, 2,
1311 US"; x=", string_sprintf("%lu", (u_long)expire));
1312 g = string_append(g, 3,
1313 US";\r\n\tbh=", pdkim_encode_base64(bodyhash),
1316 for(col = 3; rheaders; rheaders = rheaders->prev)
1318 const uschar * hnames = US"DKIM-Signature:" PDKIM_DEFAULT_SIGN_HEADERS;
1319 uschar * name, * htext = rheaders->h->text;
1322 /* Spot headers of interest */
1324 while ((name = string_nextinlist(&hnames, &sep, NULL, 0)))
1326 int len = Ustrlen(name);
1327 if (strncasecmp(CCS htext, CCS name, len) == 0)
1329 /* If too long, fold line in h= field */
1331 if (col + len > 78) g = string_catn(g, US"\r\n\t ", 5), col = 3;
1333 /* Add name to h= list */
1335 g = string_catn(g, name, len);
1336 g = string_catn(g, US":", 1);
1339 /* Accumulate header for hashing/signing */
1341 hdata = string_cat(hdata,
1342 pdkim_relax_header_n(htext, rheaders->h->slen, TRUE)); /*XXX hardwired */
1348 /* Lose the last colon from the h= list */
1350 if (g->s[g->ptr - 1] == ':') g->ptr--;
1352 g = string_catn(g, US";\r\n\tb=;", 7);
1354 /* Include the pseudo-header in the accumulation */
1356 s = pdkim_relax_header_n(g->s + ams_off, g->ptr - ams_off, FALSE);
1357 hdata = string_cat(hdata, s);
1359 /* Calculate the signature from the accumulation */
1360 /*XXX does that need further relaxation? there are spaces embedded in the b= strings! */
1362 if (!arc_sig_from_pseudoheader(hdata, hashtype, privkey, &sig, US"AMS"))
1365 /* Lose the trailing semicolon from the psuedo-header, and append the signature
1366 (folded over lines) and termination to complete it. */
1369 g = arc_sign_append_sig(g, &sig);
1371 h->slen = g->ptr - ams_off;
1372 h->text = g->s + ams_off;
1374 ctx->arcset_chain_last->hdr_ams = al;
1376 DEBUG(D_transport) debug_printf("ARC: AMS '%.*s'\n", h->slen - 2, h->text);
1382 /* Look for an arc= result in an A-R header blob. We know that its data
1383 happens to be a NUL-term string. */
1386 arc_ar_cv_status(blob * ar)
1388 const uschar * resinfo = ar->data;
1390 uschar * methodspec, * s;
1392 while ((methodspec = string_nextinlist(&resinfo, &sep, NULL, 0)))
1393 if (Ustrncmp(methodspec, US"arc=", 4) == 0)
1396 for (s = methodspec += 4;
1397 (c = *s) && c != ';' && c != ' ' && c != '\r' && c != '\n'; ) s++;
1398 return string_copyn(methodspec, s - methodspec);
1405 /* Build the AS header and prepend it */
1408 arc_sign_prepend_as(gstring * arcset_interim, arc_ctx * ctx,
1409 int instance, const uschar * identity, const uschar * selector, blob * ar,
1410 const uschar * privkey, unsigned options)
1414 uschar * status = arc_ar_cv_status(ar);
1415 arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line));
1416 header_line * h = (header_line *)(al+1);
1418 gstring * hdata = NULL;
1419 int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6); /*XXX hardwired */
1425 - no h= tag; implicit coverage
1426 - arc status from A-R
1428 - coverage is just the new ARC set
1429 including self (but with an empty b= in self)
1431 - all ARC set headers, set-number order, aar then ams then as,
1432 including self (but with an empty b= in self)
1435 /* Construct the AS except for the signature */
1437 arcset = string_append(NULL, 9,
1439 US" i=", string_sprintf("%d", instance),
1441 US"; a=rsa-sha256; d=", identity, /*XXX hardwired */
1442 US"; s=", selector); /*XXX same as AMS */
1443 if (options & ARC_SIGN_OPT_TSTAMP)
1444 arcset = string_append(arcset, 2,
1445 US"; t=", string_sprintf("%lu", (u_long)now));
1446 arcset = string_cat(arcset,
1449 h->slen = arcset->ptr;
1450 h->text = arcset->s;
1452 ctx->arcset_chain_last->hdr_as = al;
1454 /* For any but "fail" chain-verify status, walk the entire chain in order by
1455 instance. For fail, only the new arc-set. Accumulate the elements walked. */
1457 for (as = Ustrcmp(status, US"fail") == 0
1458 ? ctx->arcset_chain_last : ctx->arcset_chain;
1461 /* Accumulate AAR then AMS then AS. Relaxed canonicalisation
1462 is required per standard. */
1464 h = as->hdr_aar->complete;
1465 hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, TRUE));
1466 h = as->hdr_ams->complete;
1467 hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, TRUE));
1468 h = as->hdr_as->complete;
1469 hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, !!as->next));
1472 /* Calculate the signature from the accumulation */
1474 if (!arc_sig_from_pseudoheader(hdata, hashtype, privkey, &sig, US"AS"))
1477 /* Lose the trailing semicolon */
1479 arcset = arc_sign_append_sig(arcset, &sig);
1480 DEBUG(D_transport) debug_printf("ARC: AS '%.*s'\n", arcset->ptr - 2, arcset->s);
1482 /* Finally, append the AMS and AAR to the new AS */
1484 return string_catn(arcset, arcset_interim->s, arcset_interim->ptr);
1488 /**************************************/
1490 /* Return pointer to pdkim_bodyhash for given hash method, creating new
1495 arc_ams_setup_sign_bodyhash(void)
1497 int canon_head, canon_body;
1499 DEBUG(D_transport) debug_printf("ARC: requesting bodyhash\n");
1500 pdkim_cstring_to_canons(US"relaxed", 7, &canon_head, &canon_body); /*XXX hardwired */
1501 return pdkim_set_bodyhash(&dkim_sign_ctx,
1502 pdkim_hashname_to_hashtype(US"sha256", 6), /*XXX hardwired */
1512 memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx));
1517 /* A "normal" header line, identified by DKIM processing. These arrive before
1518 the call to arc_sign(), which carries any newly-created DKIM headers - and
1519 those go textually before the normal ones in the message.
1521 We have to take the feed from DKIM as, in the transport-filter case, the
1522 headers are not in memory at the time of the call to arc_sign().
1524 Take a copy of the header and construct a reverse-order list.
1525 Also parse ARC-chain headers and build the chain struct, retaining pointers
1529 static const uschar *
1530 arc_header_sign_feed(gstring * g)
1532 uschar * s = string_copyn(g->s, g->ptr);
1533 headers_rlist = arc_rlist_entry(headers_rlist, s, g->ptr);
1534 return arc_try_header(&arc_sign_ctx, headers_rlist->h, TRUE);
1539 /* ARC signing. Called from the smtp transport, if the arc_sign option is set.
1540 The dkim_exim_sign() function has already been called, so will have hashed the
1541 message body for us so long as we requested a hash previously.
1544 signspec Three-element colon-sep list: identity, selector, privkey.
1545 Optional fourth element: comma-sep list of options.
1547 sigheaders Any signature headers already generated, eg. by DKIM, or NULL
1551 Set of headers to prepend to the message, including the supplied sigheaders
1552 but not the plainheaders.
1556 arc_sign(const uschar * signspec, gstring * sigheaders, uschar ** errstr)
1558 const uschar * identity, * selector, * privkey, * opts, * s;
1559 unsigned options = 0;
1561 header_line * headers;
1562 hdr_rlist * rheaders;
1570 /* Parse the signing specification */
1572 identity = string_nextinlist(&signspec, &sep, NULL, 0);
1573 selector = string_nextinlist(&signspec, &sep, NULL, 0);
1574 if ( !*identity || !*selector
1575 || !(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) || !*privkey)
1577 log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)",
1578 !*identity ? "identity" : !*selector ? "selector" : "private-key");
1579 return sigheaders ? sigheaders : string_get(0);
1581 if (*privkey == '/' && !(privkey = expand_file_big_buffer(privkey)))
1582 return sigheaders ? sigheaders : string_get(0);
1584 if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))
1587 while ((s = string_nextinlist(&opts, &osep, NULL, 0)))
1588 if (Ustrcmp(s, "timestamps") == 0)
1590 options |= ARC_SIGN_OPT_TSTAMP;
1591 if (!now) now = time(NULL);
1593 else if (Ustrncmp(s, "expire", 6) == 0)
1595 options |= ARC_SIGN_OPT_EXPIRE;
1596 if (*(s += 6) == '=')
1599 if (!(expire = (time_t)atoi(++s)))
1600 expire = ARC_SIGN_DEFAULT_EXPIRE_DELTA;
1601 if (!now) now = time(NULL);
1605 expire = (time_t)atol(s);
1608 if (!now) now = time(NULL);
1609 expire = now + ARC_SIGN_DEFAULT_EXPIRE_DELTA;
1614 DEBUG(D_transport) debug_printf("ARC: sign for %s\n", identity);
1616 /* Make an rlist of any new DKIM headers, then add the "normals" rlist to it.
1617 Then scan the list for an A-R header. */
1619 string_from_gstring(sigheaders);
1620 if ((rheaders = arc_sign_scan_headers(&arc_sign_ctx, sigheaders)))
1623 for (rp = &headers_rlist; *rp; ) rp = &(*rp)->prev;
1627 /* Finally, build a normal-order headers list */
1628 /*XXX only needed for hunt-the-AR? */
1629 /*XXX also, we really should be accepting any number of ADMD-matching ARs */
1631 header_line * hnext = NULL;
1632 for (rheaders = headers_rlist; rheaders;
1633 hnext = rheaders->h, rheaders = rheaders->prev)
1634 rheaders->h->next = hnext;
1638 if (!(arc_sign_find_ar(headers, identity, &ar)))
1640 log_write(0, LOG_MAIN, "ARC: no Authentication-Results header for signing");
1641 return sigheaders ? sigheaders : string_get(0);
1644 /* We previously built the data-struct for the existing ARC chain, if any, using a headers
1645 feed from the DKIM module. Use that to give the instance number for the ARC set we are
1649 if (arc_sign_ctx.arcset_chain_last)
1650 debug_printf("ARC: existing chain highest instance: %d\n",
1651 arc_sign_ctx.arcset_chain_last->instance);
1653 debug_printf("ARC: no existing chain\n");
1655 instance = arc_sign_ctx.arcset_chain_last ? arc_sign_ctx.arcset_chain_last->instance + 1 : 1;
1659 - copy the A-R; prepend i= & identity
1662 g = arc_sign_append_aar(g, &arc_sign_ctx, identity, instance, &ar);
1666 - Looks fairly like a DKIM sig
1667 - Cover all DKIM sig headers as well as the usuals
1670 - we must have requested a suitable bodyhash previously
1673 b = arc_ams_setup_sign_bodyhash();
1674 g = arc_sign_append_ams(g, &arc_sign_ctx, instance, identity, selector,
1675 &b->bh, headers_rlist, privkey, options);
1680 - no h= tag; implicit coverage
1681 - arc status from A-R
1683 - coverage is just the new ARC set
1684 including self (but with an empty b= in self)
1686 - all ARC set headers, set-number order, aar then ams then as,
1687 including self (but with an empty b= in self)
1690 g = arc_sign_prepend_as(g, &arc_sign_ctx, instance, identity, selector, &ar,
1693 /* Finally, append the dkim headers and return the lot. */
1695 g = string_catn(g, sigheaders->s, sigheaders->ptr);
1696 (void) string_from_gstring(g);
1697 gstring_reset_unused(g);
1702 /******************************************************************************/
1704 /* Check to see if the line is an AMS and if so, set up to validate it.
1705 Called from the DKIM input processing. This must be done now as the message
1706 body data is hashed during input.
1708 We call the DKIM code to request a body-hash; it has the facility already
1709 and the hash parameters might be common with other requests.
1712 static const uschar *
1713 arc_header_vfy_feed(gstring * g)
1720 if (!dkim_verify_ctx) return US"no dkim context";
1722 if (strncmpic(ARC_HDR_AMS, g->s, ARC_HDRLEN_AMS) != 0) return US"not AMS";
1724 DEBUG(D_receive) debug_printf("ARC: spotted AMS header\n");
1725 /* Parse the AMS header */
1730 memset(&al, 0, sizeof(arc_line));
1731 if ((errstr = arc_parse_line(&al, &h, ARC_HDRLEN_AMS, FALSE)))
1733 DEBUG(D_acl) if (errstr) debug_printf("ARC: %s\n", errstr);
1734 return US"line parsing error";
1740 al.c_body.data = US"simple"; al.c_body.len = 6;
1741 al.c_head = al.c_body;
1744 /* Ask the dkim code to calc a bodyhash with those specs */
1746 if (!(b = arc_ams_setup_vfy_bodyhash(&al)))
1747 return US"dkim hash setup fail";
1749 /* Discard the reference; search again at verify time, knowing that one
1750 should have been created here. */
1757 /* A header line has been identified by DKIM processing.
1761 is_vfy TRUE for verify mode or FALSE for signing mode
1764 NULL for success, or an error string (probably unused)
1768 arc_header_feed(gstring * g, BOOL is_vfy)
1770 return is_vfy ? arc_header_vfy_feed(g) : arc_header_sign_feed(g);
1775 /******************************************************************************/
1777 /* Construct the list of domains from the ARC chain after validation */
1780 fn_arc_domains(void)
1786 for (as = arc_verify_ctx.arcset_chain, inst = 1; as; as = as->next, inst++)
1788 arc_line * hdr_as = as->hdr_as;
1791 blob * d = &hdr_as->d;
1793 for (; inst < as->instance; inst++)
1794 g = string_catn(g, ":", 1);
1796 g = d->data && d->len
1797 ? string_append_listele_n(g, ':', d->data, d->len)
1798 : string_catn(g, ":", 1);
1801 g = string_catn(g, ":", 1);
1803 return g ? g->s : US"";
1807 /* Construct an Authenticate-Results header portion, for the ARC module */
1810 authres_arc(gstring * g)
1814 arc_line * highest_ams;
1815 int start = 0; /* Compiler quietening */
1816 DEBUG(D_acl) start = g->ptr;
1818 g = string_append(g, 2, US";\n\tarc=", arc_state);
1819 if (arc_received_instance > 0)
1821 g = string_append(g, 3, US" (i=",
1822 string_sprintf("%d", arc_received_instance), US")");
1823 if (arc_state_reason)
1824 g = string_append(g, 3, US"(", arc_state_reason, US")");
1825 g = string_catn(g, US" header.s=", 10);
1826 highest_ams = arc_received->hdr_ams;
1827 g = string_catn(g, highest_ams->s.data, highest_ams->s.len);
1829 g = string_append(g, 2,
1830 US" arc.oldest-pass=", string_sprintf("%d", arc_oldest_pass));
1832 if (sender_host_address)
1833 g = string_append(g, 2, US" smtp.client-ip=", sender_host_address);
1835 else if (arc_state_reason)
1836 g = string_append(g, 3, US" (", arc_state_reason, US")");
1837 DEBUG(D_acl) debug_printf("ARC: authres '%.*s'\n",
1838 g->ptr - start - 3, g->s + start + 3);
1841 DEBUG(D_acl) debug_printf("ARC: no authres\n");
1846 # endif /* SUPPORT_SPF */
1847 #endif /* EXPERIMENTAL_ARC */