const gchar *dkim_header;
};
-#define RSPAMD_DKIM_KEY_ID_LEN 8
+#define RSPAMD_DKIM_KEY_ID_LEN 16
struct rspamd_dkim_key_s {
guint8 *keydata;
key->keylen = keylen;
key->type = type;
- rspamd_strlcpy (key->key_id, keydata, MIN (keylen, sizeof (key->key_id)));
+ if (!rspamd_cryptobox_base64_decode (keydata, keylen, key->keydata,
+ &key->decoded_len)) {
+ REF_RELEASE (key);
+ g_set_error (err,
+ DKIM_ERROR,
+ DKIM_SIGERROR_KEYFAIL,
+ "DKIM key is not a valid base64 string");
+
+ return NULL;
+ }
+
+ /* Calculate ID -> md5 */
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_create ();
+
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ EVP_MD_CTX_set_flags (mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
+
+ if (EVP_DigestInit_ex (mdctx, EVP_md5 (), NULL) == 1) {
+ guint dlen = sizeof (key->key_id);
+
+ EVP_DigestUpdate (mdctx, key->keydata, key->decoded_len);
+ EVP_DigestFinal_ex (mdctx, key->key_id, &dlen);
+ }
- rspamd_cryptobox_base64_decode (keydata, keylen, key->keydata,
- &key->decoded_len);
+ EVP_MD_CTX_destroy (mdctx);
if (key->type == RSPAMD_DKIM_KEY_EDDSA) {
key->key.key_eddsa = key->keydata;
return key;
}
-const gchar *
+const guchar *
rspamd_dkim_key_id (rspamd_dkim_key_t *key)
{
if (key) {
msg_info_dkim (
"%s: headers RSA verification failure; "
- "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s",
+ "body length %d->%d; headers length %d; d=%s; s=%s; key=%*xs; orig header: %s",
rspamd_dkim_type_to_string (ctx->common.type),
(gint)(body_end - body_start), ctx->common.body_canonicalised,
ctx->common.headers_canonicalised,
ctx->domain, ctx->selector,
- rspamd_dkim_key_id (key),
+ RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
ctx->dkim_header);
}
break;
key->key.key_ecdsa) != 1) {
msg_info_dkim (
"%s: headers ECDSA verification failure; "
- "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s",
+ "body length %d->%d; headers length %d; d=%s; s=%s; key=%*xs; orig header: %s",
rspamd_dkim_type_to_string (ctx->common.type),
(gint)(body_end - body_start), ctx->common.body_canonicalised,
ctx->common.headers_canonicalised,
ctx->domain, ctx->selector,
- rspamd_dkim_key_id (key),
+ RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
ctx->dkim_header);
msg_debug_dkim ("headers ecdsa verify failed");
res->rcode = DKIM_REJECT;
key->key.key_eddsa, RSPAMD_CRYPTOBOX_MODE_25519)) {
msg_info_dkim (
"%s: headers EDDSA verification failure; "
- "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s",
+ "body length %d->%d; headers length %d; d=%s; s=%s; key=%*xs; orig header: %s",
rspamd_dkim_type_to_string (ctx->common.type),
(gint)(body_end - body_start), ctx->common.body_canonicalised,
ctx->common.headers_canonicalised,
ctx->domain, ctx->selector,
- rspamd_dkim_key_id (key),
+ RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
ctx->dkim_header);
msg_debug_dkim ("headers eddsa verify failed");
res->rcode = DKIM_REJECT;
projects / rspamd.git / commitdiff