mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21063 Commits
28 Branches
Tree: c8897ff041
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c8897ff041'
${ noResults }
rspamd/src/libserver/dkim.h

dkim.h 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #ifndef DKIM_H_

  17. #define DKIM_H_

  18. 

  19. #include "config.h"

  20. #include "contrib/libev/ev.h"

  21. #include "dns.h"

  22. #include "ref.h"

  23. 

  24. 

  25. /* Main types and definitions */

  26. 

  27. #define RSPAMD_DKIM_SIGNHEADER "DKIM-Signature"

  28. #define RSPAMD_DKIM_ARC_SIGNHEADER "ARC-Message-Signature"

  29. #define RSPAMD_DKIM_ARC_AUTHHEADER "ARC-Authentication-Results"

  30. #define RSPAMD_DKIM_ARC_SEALHEADER "ARC-Seal"

  31. /* DKIM signature header */

  32. 

  33. 

  34. /* Errors (from OpenDKIM) */

  35. 

  36. #define DKIM_SIGERROR_UNKNOWN (-1)       /* unknown error */

  37. #define DKIM_SIGERROR_VERSION 1          /* unsupported version */

  38. #define DKIM_SIGERROR_EXPIRED 3          /* signature expired */

  39. #define DKIM_SIGERROR_FUTURE 4           /* signature in the future */

  40. #define DKIM_SIGERROR_NOREC 6            /* No record */

  41. #define DKIM_SIGERROR_INVALID_HC 7       /* c= invalid (header) */

  42. #define DKIM_SIGERROR_INVALID_BC 8       /* c= invalid (body) */

  43. #define DKIM_SIGERROR_INVALID_A 10       /* a= invalid */

  44. #define DKIM_SIGERROR_INVALID_L 12       /* l= invalid */

  45. #define DKIM_SIGERROR_EMPTY_D 16         /* d= empty */

  46. #define DKIM_SIGERROR_EMPTY_S 18         /* s= empty */

  47. #define DKIM_SIGERROR_EMPTY_B 20         /* b= empty */

  48. #define DKIM_SIGERROR_NOKEY 22           /* no key found in DNS */

  49. #define DKIM_SIGERROR_KEYFAIL 24         /* DNS query failed */

  50. #define DKIM_SIGERROR_EMPTY_BH 26        /* bh= empty */

  51. #define DKIM_SIGERROR_BADSIG 28          /* signature mismatch */

  52. #define DKIM_SIGERROR_EMPTY_H 31         /* h= empty */

  53. #define DKIM_SIGERROR_INVALID_H 32       /* h= missing req'd entries */

  54. #define DKIM_SIGERROR_KEYHASHMISMATCH 37 /* sig-key hash mismatch */

  55. #define DKIM_SIGERROR_EMPTY_V 45         /* v= tag empty */

  56. 

  57. #ifdef __cplusplus

  58. extern "C" {

  59. #endif

  60. 

  61. /* Check results */

  62. enum rspamd_dkim_check_rcode {

  63. 	DKIM_CONTINUE = 0,

  64. 	DKIM_REJECT,

  65. 	DKIM_TRYAGAIN,

  66. 	DKIM_NOTFOUND,

  67. 	DKIM_RECORD_ERROR,

  68. 	DKIM_PERM_ERROR,

  69. };

  70. 

  71. #define DKIM_CANON_SIMPLE 0  /* as specified in DKIM spec */

  72. #define DKIM_CANON_RELAXED 1 /* as specified in DKIM spec */

  73. 

  74. struct rspamd_dkim_context_s;

  75. typedef struct rspamd_dkim_context_s rspamd_dkim_context_t;

  76. 

  77. struct rspamd_dkim_sign_context_s;

  78. typedef struct rspamd_dkim_sign_context_s rspamd_dkim_sign_context_t;

  79. 

  80. struct rspamd_dkim_key_s;

  81. typedef struct rspamd_dkim_key_s rspamd_dkim_key_t;

  82. typedef struct rspamd_dkim_key_s rspamd_dkim_sign_key_t;

  83. 

  84. struct rspamd_task;

  85. 

  86. enum rspamd_dkim_key_format {

  87. 	RSPAMD_DKIM_KEY_FILE = 0,

  88. 	RSPAMD_DKIM_KEY_PEM,

  89. 	RSPAMD_DKIM_KEY_BASE64,

  90. 	RSPAMD_DKIM_KEY_RAW,

  91. 	RSPAMD_DKIM_KEY_UNKNOWN

  92. };

  93. 

  94. enum rspamd_dkim_type {

  95. 	RSPAMD_DKIM_NORMAL,

  96. 	RSPAMD_DKIM_ARC_SIG,

  97. 	RSPAMD_DKIM_ARC_SEAL

  98. };

  99. 

  100. /* Signature methods */

  101. enum rspamd_sign_type {

  102. 	DKIM_SIGN_UNKNOWN = -2,

  103. 	DKIM_SIGN_RSASHA1 = 0,

  104. 	DKIM_SIGN_RSASHA256,

  105. 	DKIM_SIGN_RSASHA512,

  106. 	DKIM_SIGN_ECDSASHA256,

  107. 	DKIM_SIGN_ECDSASHA512,

  108. 	DKIM_SIGN_EDDSASHA256,

  109. };

  110. 

  111. enum rspamd_dkim_key_type {

  112. 	RSPAMD_DKIM_KEY_RSA = 0,

  113. 	RSPAMD_DKIM_KEY_ECDSA,

  114. 	RSPAMD_DKIM_KEY_EDDSA

  115. };

  116. 

  117. struct rspamd_dkim_check_result {

  118. 	enum rspamd_dkim_check_rcode rcode;

  119. 	rspamd_dkim_context_t *ctx;

  120. 	/* Processed parts */

  121. 	const char *selector;

  122. 	const char *domain;

  123. 	const char *short_b;

  124. 	const char *fail_reason;

  125. };

  126. 

  127. 

  128. /* Err MUST be freed if it is not NULL, key is allocated by slice allocator */

  129. typedef void (*dkim_key_handler_f)(rspamd_dkim_key_t *key, gsize keylen,

  130. 								   rspamd_dkim_context_t *ctx, gpointer ud, GError *err);

  131. 

  132. /**

  133.  * Create new dkim context from signature

  134.  * @param sig message's signature

  135.  * @param pool pool to allocate memory from

  136.  * @param time_jitter jitter in seconds to allow time diff while checking

  137.  * @param err pointer to error object

  138.  * @return new context or NULL

  139.  */

  140. rspamd_dkim_context_t *rspamd_create_dkim_context(const char *sig,

  141. 												  rspamd_mempool_t *pool,

  142. 												  struct rspamd_dns_resolver *resolver,

  143. 												  unsigned int time_jitter,

  144. 												  enum rspamd_dkim_type type,

  145. 												  GError **err);

  146. 

  147. /**

  148.  * Create new dkim context for making a signature

  149.  * @param task

  150.  * @param priv_key

  151.  * @param err

  152.  * @return

  153.  */

  154. rspamd_dkim_sign_context_t *rspamd_create_dkim_sign_context(struct rspamd_task *task,

  155. 															rspamd_dkim_sign_key_t *priv_key,

  156. 															int headers_canon,

  157. 															int body_canon,

  158. 															const char *dkim_headers,

  159. 															enum rspamd_dkim_type type,

  160. 															GError **err);

  161. 

  162. /**

  163.  * Load dkim key

  164.  * @param path

  165.  * @param err

  166.  * @return

  167.  */

  168. rspamd_dkim_sign_key_t *rspamd_dkim_sign_key_load(const char *what, gsize len,

  169. 												  enum rspamd_dkim_key_format type,

  170. 												  GError **err);

  171. 

  172. /**

  173.  * Invalidate modified sign key

  174.  * @param key

  175.  * @return

  176. */

  177. gboolean rspamd_dkim_sign_key_maybe_invalidate(rspamd_dkim_sign_key_t *key,

  178. 											   time_t mtime);

  179. 

  180. /**

  181.  * Make DNS request for specified context and obtain and parse key

  182.  * @param ctx dkim context from signature

  183.  * @param resolver dns resolver object

  184.  * @param s async session to make request

  185.  * @return

  186.  */

  187. gboolean rspamd_get_dkim_key(rspamd_dkim_context_t *ctx,

  188. 							 struct rspamd_task *task,

  189. 							 dkim_key_handler_f handler,

  190. 							 gpointer ud);

  191. 

  192. /**

  193.  * Check task for dkim context using dkim key

  194.  * @param ctx dkim verify context

  195.  * @param key dkim key (from cache or from dns request)

  196.  * @param task task to check

  197.  * @return

  198.  */

  199. struct rspamd_dkim_check_result *rspamd_dkim_check(rspamd_dkim_context_t *ctx,

  200. 												   rspamd_dkim_key_t *key,

  201. 												   struct rspamd_task *task);

  202. 

  203. struct rspamd_dkim_check_result *

  204. rspamd_dkim_create_result(rspamd_dkim_context_t *ctx,

  205. 						  enum rspamd_dkim_check_rcode rcode,

  206. 						  struct rspamd_task *task);

  207. 

  208. GString *rspamd_dkim_sign(struct rspamd_task *task,

  209. 						  const char *selector,

  210. 						  const char *domain,

  211. 						  time_t expire,

  212. 						  gsize len,

  213. 						  unsigned int idx,

  214. 						  const char *arc_cv,

  215. 						  rspamd_dkim_sign_context_t *ctx);

  216. 

  217. rspamd_dkim_key_t *rspamd_dkim_key_ref(rspamd_dkim_key_t *k);

  218. 

  219. void rspamd_dkim_key_unref(rspamd_dkim_key_t *k);

  220. 

  221. rspamd_dkim_sign_key_t *rspamd_dkim_sign_key_ref(rspamd_dkim_sign_key_t *k);

  222. 

  223. void rspamd_dkim_sign_key_unref(rspamd_dkim_sign_key_t *k);

  224. 

  225. const char *rspamd_dkim_get_domain(rspamd_dkim_context_t *ctx);

  226. 

  227. const char *rspamd_dkim_get_selector(rspamd_dkim_context_t *ctx);

  228. 

  229. const char *rspamd_dkim_get_dns_key(rspamd_dkim_context_t *ctx);

  230. 

  231. unsigned int rspamd_dkim_key_get_ttl(rspamd_dkim_key_t *k);

  232. 

  233. /**

  234.  * Create DKIM public key from a raw data

  235.  * @param keydata

  236.  * @param keylen

  237.  * @param type

  238.  * @param err

  239.  * @return

  240.  */

  241. rspamd_dkim_key_t *rspamd_dkim_make_key(const char *keydata, unsigned int keylen,

  242. 										enum rspamd_dkim_key_type type,

  243. 										GError **err);

  244. 

  245. #define RSPAMD_DKIM_KEY_ID_LEN 16

  246. /**

  247.  * Returns key id for dkim key (raw md5 of RSPAMD_DKIM_KEY_ID_LEN)

  248.  * NOT ZERO TERMINATED, use RSPAMD_DKIM_KEY_ID_LEN for length

  249.  * @param key

  250.  * @return

  251.  */

  252. const unsigned char *rspamd_dkim_key_id(rspamd_dkim_key_t *key);

  253. 

  254. /**

  255.  * Parse DKIM public key from a TXT record

  256.  * @param txt

  257.  * @param keylen

  258.  * @param err

  259.  * @return

  260.  */

  261. rspamd_dkim_key_t *rspamd_dkim_parse_key(const char *txt, gsize *keylen,

  262. 										 GError **err);

  263. 

  264. /**

  265.  * Canonicalise header using relaxed algorithm

  266.  * @param hname

  267.  * @param hvalue

  268.  * @param out

  269.  * @param outlen

  270.  * @return

  271.  */

  272. goffset rspamd_dkim_canonize_header_relaxed_str(const char *hname,

  273. 												const char *hvalue,

  274. 												char *out,

  275. 												gsize outlen);

  276. 

  277. /**

  278.  * Checks public and private keys for match

  279.  * @param pk

  280.  * @param sk

  281.  * @param err

  282.  * @return

  283.  */

  284. gboolean rspamd_dkim_match_keys(rspamd_dkim_key_t *pk,

  285. 								rspamd_dkim_sign_key_t *sk,

  286. 								GError **err);

  287. 

  288. /**

  289.  * Free DKIM key

  290.  * @param key

  291.  */

  292. void rspamd_dkim_key_free(rspamd_dkim_key_t *key);

  293. 

  294. #ifdef __cplusplus

  295. }

  296. #endif

  297. 

  298. #endif /* DKIM_H_ */