mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6035 Commits
28 Branches
Tree: 8766fba694
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8766fba694'
${ noResults }
rspamd/src/libserver/dkim.h

dkim.h 7.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #ifndef DKIM_H_

  17. #define DKIM_H_

  18. 

  19. #include "config.h"

  20. #include "event.h"

  21. #include "dns.h"

  22. #include "ref.h"

  23. #ifdef HAVE_OPENSSL

  24. #include <openssl/rsa.h>

  25. #include <openssl/engine.h>

  26. #endif

  27. 

  28. /* Main types and definitions */

  29. 

  30. #define DKIM_SIGNHEADER     "DKIM-Signature"

  31. /* DKIM signature header */

  32. 

  33. /* special DNS tokens */

  34. #define DKIM_DNSKEYNAME     "_domainkey"

  35. /* reserved DNS sub-zone */

  36. #define DKIM_DNSPOLICYNAME  "_adsp" /* reserved DNS sub-zone */

  37. 

  38. /* Canonization methods */

  39. #define DKIM_CANON_UNKNOWN  (-1)    /* unknown method */

  40. #define DKIM_CANON_SIMPLE   0   /* as specified in DKIM spec */

  41. #define DKIM_CANON_RELAXED  1   /* as specified in DKIM spec */

  42. 

  43. #define DKIM_CANON_DEFAULT  DKIM_CANON_SIMPLE

  44. 

  45. /* Signature methods */

  46. #define DKIM_SIGN_UNKNOWN   (-2)    /* unknown method */

  47. #define DKIM_SIGN_DEFAULT   (-1)    /* use internal default */

  48. #define DKIM_SIGN_RSASHA1   0   /* an RSA-signed SHA1 digest */

  49. #define DKIM_SIGN_RSASHA256 1   /* an RSA-signed SHA256 digest */

  50. 

  51. /* Params */

  52. #define DKIM_PARAM_UNKNOWN  (-1)    /* unknown */

  53. #define DKIM_PARAM_SIGNATURE    0   /* b */

  54. #define DKIM_PARAM_SIGNALG  1   /* a */

  55. #define DKIM_PARAM_DOMAIN   2   /* d */

  56. #define DKIM_PARAM_CANONALG 3   /* c */

  57. #define DKIM_PARAM_QUERYMETHOD  4   /* q */

  58. #define DKIM_PARAM_SELECTOR 5   /* s */

  59. #define DKIM_PARAM_HDRLIST  6   /* h */

  60. #define DKIM_PARAM_VERSION  7   /* v */

  61. #define DKIM_PARAM_IDENTITY 8   /* i */

  62. #define DKIM_PARAM_TIMESTAMP    9   /* t */

  63. #define DKIM_PARAM_EXPIRATION   10  /* x */

  64. #define DKIM_PARAM_COPIEDHDRS   11  /* z */

  65. #define DKIM_PARAM_BODYHASH 12  /* bh */

  66. #define DKIM_PARAM_BODYLENGTH   13  /* l */

  67. 

  68. /* Errors (from OpenDKIM) */

  69. 

  70. #define DKIM_SIGERROR_UNKNOWN       (-1)    /* unknown error */

  71. #define DKIM_SIGERROR_OK        0   /* no error */

  72. #define DKIM_SIGERROR_VERSION       1   /* unsupported version */

  73. #define DKIM_SIGERROR_DOMAIN        2   /* invalid domain (d=/i=) */

  74. #define DKIM_SIGERROR_EXPIRED       3   /* signature expired */

  75. #define DKIM_SIGERROR_FUTURE        4   /* signature in the future */

  76. #define DKIM_SIGERROR_TIMESTAMPS    5   /* x= < t= */

  77. #define DKIM_SIGERROR_UNUSED        6   /* OBSOLETE */

  78. #define DKIM_SIGERROR_INVALID_HC    7   /* c= invalid (header) */

  79. #define DKIM_SIGERROR_INVALID_BC    8   /* c= invalid (body) */

  80. #define DKIM_SIGERROR_MISSING_A     9   /* a= missing */

  81. #define DKIM_SIGERROR_INVALID_A     10  /* a= invalid */

  82. #define DKIM_SIGERROR_MISSING_H     11  /* h= missing */

  83. #define DKIM_SIGERROR_INVALID_L     12  /* l= invalid */

  84. #define DKIM_SIGERROR_INVALID_Q     13  /* q= invalid */

  85. #define DKIM_SIGERROR_INVALID_QO    14  /* q= option invalid */

  86. #define DKIM_SIGERROR_MISSING_D     15  /* d= missing */

  87. #define DKIM_SIGERROR_EMPTY_D       16  /* d= empty */

  88. #define DKIM_SIGERROR_MISSING_S     17  /* s= missing */

  89. #define DKIM_SIGERROR_EMPTY_S       18  /* s= empty */

  90. #define DKIM_SIGERROR_MISSING_B     19  /* b= missing */

  91. #define DKIM_SIGERROR_EMPTY_B       20  /* b= empty */

  92. #define DKIM_SIGERROR_CORRUPT_B     21  /* b= corrupt */

  93. #define DKIM_SIGERROR_NOKEY     22  /* no key found in DNS */

  94. #define DKIM_SIGERROR_DNSSYNTAX     23  /* DNS reply corrupt */

  95. #define DKIM_SIGERROR_KEYFAIL       24  /* DNS query failed */

  96. #define DKIM_SIGERROR_MISSING_BH    25  /* bh= missing */

  97. #define DKIM_SIGERROR_EMPTY_BH      26  /* bh= empty */

  98. #define DKIM_SIGERROR_CORRUPT_BH    27  /* bh= corrupt */

  99. #define DKIM_SIGERROR_BADSIG        28  /* signature mismatch */

  100. #define DKIM_SIGERROR_SUBDOMAIN     29  /* unauthorized subdomain */

  101. #define DKIM_SIGERROR_MULTIREPLY    30  /* multiple records returned */

  102. #define DKIM_SIGERROR_EMPTY_H       31  /* h= empty */

  103. #define DKIM_SIGERROR_INVALID_H     32  /* h= missing req'd entries */

  104. #define DKIM_SIGERROR_TOOLARGE_L    33  /* l= value exceeds body size */

  105. #define DKIM_SIGERROR_MBSFAILED     34  /* "must be signed" failure */

  106. #define DKIM_SIGERROR_KEYVERSION    35  /* unknown key version */

  107. #define DKIM_SIGERROR_KEYUNKNOWNHASH    36  /* unknown key hash */

  108. #define DKIM_SIGERROR_KEYHASHMISMATCH   37  /* sig-key hash mismatch */

  109. #define DKIM_SIGERROR_NOTEMAILKEY   38  /* not an e-mail key */

  110. #define DKIM_SIGERROR_UNUSED2       39  /* OBSOLETE */

  111. #define DKIM_SIGERROR_KEYTYPEMISSING    40  /* key type missing */

  112. #define DKIM_SIGERROR_KEYTYPEUNKNOWN    41  /* key type unknown */

  113. #define DKIM_SIGERROR_KEYREVOKED    42  /* key revoked */

  114. #define DKIM_SIGERROR_KEYDECODE     43  /* key couldn't be decoded */

  115. #define DKIM_SIGERROR_MISSING_V     44  /* v= tag missing */

  116. #define DKIM_SIGERROR_EMPTY_V       45  /* v= tag empty */

  117. 

  118. /* Check results */

  119. #define DKIM_CONTINUE   0   /* continue */

  120. #define DKIM_REJECT 1   /* reject */

  121. #define DKIM_TRYAGAIN   2   /* try again later */

  122. #define DKIM_NOTFOUND   3   /* requested record not found */

  123. #define DKIM_RECORD_ERROR   4   /* error requesting record */

  124. 

  125. typedef struct rspamd_dkim_context_s {

  126. 	rspamd_mempool_t *pool;

  127. 	gint sig_alg;

  128. 	gint header_canon_type;

  129. 	gint body_canon_type;

  130. 	gsize len;

  131. 	gchar *domain;

  132. 	gchar *selector;

  133. 	time_t timestamp;

  134. 	time_t expiration;

  135. 	gint8 *b;

  136. 	gint8 *bh;

  137. 	guint bhlen;

  138. 	guint blen;

  139. 	GPtrArray *hlist;

  140. 	guint ver;

  141. 	gchar *dns_key;

  142. 	const gchar *dkim_header;

  143. 	GChecksum *headers_hash;

  144. 	GChecksum *body_hash;

  145. } rspamd_dkim_context_t;

  146. 

  147. typedef struct rspamd_dkim_key_s {

  148. 	guint8 *keydata;

  149. 	guint keylen;

  150. 	gsize decoded_len;

  151. 	guint ttl;

  152. #ifdef HAVE_OPENSSL

  153. 	RSA *key_rsa;

  154. 	BIO *key_bio;

  155. 	EVP_PKEY *key_evp;

  156. #endif

  157. 	ref_entry_t ref;

  158. } rspamd_dkim_key_t;

  159. 

  160. struct rspamd_task;

  161. 

  162. /* Err MUST be freed if it is not NULL, key is allocated by slice allocator */

  163. typedef void (*dkim_key_handler_f)(rspamd_dkim_key_t *key, gsize keylen,

  164. 	rspamd_dkim_context_t *ctx, gpointer ud, GError *err);

  165. 

  166. /**

  167.  * Create new dkim context from signature

  168.  * @param sig message's signature

  169.  * @param pool pool to allocate memory from

  170.  * @param time_jitter jitter in seconds to allow time diff while checking

  171.  * @param err pointer to error object

  172.  * @return new context or NULL

  173.  */

  174. rspamd_dkim_context_t * rspamd_create_dkim_context (const gchar *sig,

  175. 	rspamd_mempool_t *pool,

  176. 	guint time_jitter,

  177. 	GError **err);

  178. 

  179. /**

  180.  * Make DNS request for specified context and obtain and parse key

  181.  * @param ctx dkim context from signature

  182.  * @param resolver dns resolver object

  183.  * @param s async session to make request

  184.  * @return

  185.  */

  186. gboolean rspamd_get_dkim_key (rspamd_dkim_context_t *ctx,

  187. 	struct rspamd_task *task,

  188. 	dkim_key_handler_f handler,

  189. 	gpointer ud);

  190. 

  191. /**

  192.  * Check task for dkim context using dkim key

  193.  * @param ctx dkim verify context

  194.  * @param key dkim key (from cache or from dns request)

  195.  * @param task task to check

  196.  * @return

  197.  */

  198. gint rspamd_dkim_check (rspamd_dkim_context_t *ctx,

  199. 	rspamd_dkim_key_t *key,

  200. 	struct rspamd_task *task);

  201. 

  202. /**

  203.  * Free DKIM key

  204.  * @param key

  205.  */

  206. void rspamd_dkim_key_free (rspamd_dkim_key_t *key);

  207. 

  208. #endif /* DKIM_H_ */