/* * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "config.h" #include "rspamd.h" #include "message.h" #include "dkim.h" #include "dns.h" #include "utlist.h" #include "unix-std.h" #include "mempool_vars_internal.h" #include #include #include /* special DNS tokens */ #define DKIM_DNSKEYNAME "_domainkey" /* ed25519 key lengths */ #define ED25519_B64_BYTES 45 #define ED25519_BYTES 32 /* Canonization methods */ #define DKIM_CANON_UNKNOWN (-1) /* unknown method */ #define DKIM_CANON_SIMPLE 0 /* as specified in DKIM spec */ #define DKIM_CANON_RELAXED 1 /* as specified in DKIM spec */ #define DKIM_CANON_DEFAULT DKIM_CANON_SIMPLE #define RSPAMD_SHORT_BH_LEN 8 /* Params */ enum rspamd_dkim_param_type { DKIM_PARAM_UNKNOWN = -1, DKIM_PARAM_SIGNATURE = 0, DKIM_PARAM_SIGNALG, DKIM_PARAM_DOMAIN, DKIM_PARAM_CANONALG, DKIM_PARAM_QUERYMETHOD, DKIM_PARAM_SELECTOR, DKIM_PARAM_HDRLIST, DKIM_PARAM_VERSION, DKIM_PARAM_IDENTITY, DKIM_PARAM_TIMESTAMP, DKIM_PARAM_EXPIRATION, DKIM_PARAM_COPIEDHDRS, DKIM_PARAM_BODYHASH, DKIM_PARAM_BODYLENGTH, DKIM_PARAM_IDX, DKIM_PARAM_CV, DKIM_PARAM_IGNORE }; #define RSPAMD_DKIM_MAX_ARC_IDX 10 #define msg_err_dkim(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \ "dkim", ctx->pool->tag.uid, \ RSPAMD_LOG_FUNC, \ __VA_ARGS__) #define msg_warn_dkim(...) rspamd_default_log_function(G_LOG_LEVEL_WARNING, \ "dkim", ctx->pool->tag.uid, \ RSPAMD_LOG_FUNC, \ __VA_ARGS__) #define msg_info_dkim(...) rspamd_default_log_function(G_LOG_LEVEL_INFO, \ "dkim", ctx->pool->tag.uid, \ RSPAMD_LOG_FUNC, \ __VA_ARGS__) #define msg_debug_dkim(...) rspamd_conditional_debug_fast(NULL, NULL, \ rspamd_dkim_log_id, "dkim", ctx->pool->tag.uid, \ RSPAMD_LOG_FUNC, \ __VA_ARGS__) #define msg_debug_dkim_taskless(...) rspamd_conditional_debug_fast(NULL, NULL, \ rspamd_dkim_log_id, "dkim", "", \ RSPAMD_LOG_FUNC, \ __VA_ARGS__) INIT_LOG_MODULE(dkim) #define RSPAMD_DKIM_FLAG_OVERSIGN (1u << 0u) #define RSPAMD_DKIM_FLAG_OVERSIGN_EXISTING (1u << 1u) union rspamd_dkim_header_stat { struct _st { uint16_t count; uint16_t flags; } s; uint32_t n; }; struct rspamd_dkim_common_ctx { rspamd_mempool_t *pool; uint64_t sig_hash; gsize len; GPtrArray *hlist; GHashTable *htable; /* header -> count mapping */ EVP_MD_CTX *headers_hash; EVP_MD_CTX *body_hash; enum rspamd_dkim_type type; unsigned int idx; int header_canon_type; int body_canon_type; unsigned int body_canonicalised; unsigned int headers_canonicalised; gboolean is_sign; }; enum rspamd_arc_seal_cv { RSPAMD_ARC_UNKNOWN = 0, RSPAMD_ARC_NONE, RSPAMD_ARC_INVALID, RSPAMD_ARC_FAIL, RSPAMD_ARC_PASS }; struct rspamd_dkim_context_s { struct rspamd_dkim_common_ctx common; rspamd_mempool_t *pool; struct rspamd_dns_resolver *resolver; gsize blen; gsize bhlen; int sig_alg; unsigned int ver; time_t timestamp; time_t expiration; char *domain; char *selector; int8_t *b; char *short_b; int8_t *bh; char *dns_key; enum rspamd_arc_seal_cv cv; const char *dkim_header; }; #define RSPAMD_DKIM_KEY_ID_LEN 16 struct rspamd_dkim_key_s { uint8_t *keydata; uint8_t *raw_key; gsize keylen; gsize decoded_len; char key_id[RSPAMD_DKIM_KEY_ID_LEN]; union { unsigned char *key_eddsa; struct { BIO *key_bio; EVP_PKEY *key_evp; } key_ssl; } specific; time_t mtime; unsigned int ttl; enum rspamd_dkim_key_type type; ref_entry_t ref; }; struct rspamd_dkim_sign_context_s { struct rspamd_dkim_common_ctx common; rspamd_dkim_sign_key_t *key; }; struct rspamd_dkim_header { const char *name; int count; }; /* Parser of dkim params */ typedef gboolean (*dkim_parse_param_f)(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_signature(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_signalg(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_domain(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_canonalg(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_ignore(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_selector(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_hdrlist(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_version(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_timestamp(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_expiration(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_bodyhash(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_bodylength(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_idx(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static gboolean rspamd_dkim_parse_cv(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err); static const dkim_parse_param_f parser_funcs[] = { [DKIM_PARAM_SIGNATURE] = rspamd_dkim_parse_signature, [DKIM_PARAM_SIGNALG] = rspamd_dkim_parse_signalg, [DKIM_PARAM_DOMAIN] = rspamd_dkim_parse_domain, [DKIM_PARAM_CANONALG] = rspamd_dkim_parse_canonalg, [DKIM_PARAM_QUERYMETHOD] = rspamd_dkim_parse_ignore, [DKIM_PARAM_SELECTOR] = rspamd_dkim_parse_selector, [DKIM_PARAM_HDRLIST] = rspamd_dkim_parse_hdrlist, [DKIM_PARAM_VERSION] = rspamd_dkim_parse_version, [DKIM_PARAM_IDENTITY] = rspamd_dkim_parse_ignore, [DKIM_PARAM_TIMESTAMP] = rspamd_dkim_parse_timestamp, [DKIM_PARAM_EXPIRATION] = rspamd_dkim_parse_expiration, [DKIM_PARAM_COPIEDHDRS] = rspamd_dkim_parse_ignore, [DKIM_PARAM_BODYHASH] = rspamd_dkim_parse_bodyhash, [DKIM_PARAM_BODYLENGTH] = rspamd_dkim_parse_bodylength, [DKIM_PARAM_IDX] = rspamd_dkim_parse_idx, [DKIM_PARAM_CV] = rspamd_dkim_parse_cv, [DKIM_PARAM_IGNORE] = rspamd_dkim_parse_ignore, }; #define DKIM_ERROR dkim_error_quark() GQuark dkim_error_quark(void) { return g_quark_from_static_string("dkim-error-quark"); } /* Parsers implementation */ static gboolean rspamd_dkim_parse_signature(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { ctx->b = rspamd_mempool_alloc0(ctx->pool, len); ctx->short_b = rspamd_mempool_alloc0(ctx->pool, RSPAMD_SHORT_BH_LEN + 1); rspamd_strlcpy(ctx->short_b, param, MIN(len, RSPAMD_SHORT_BH_LEN + 1)); (void) rspamd_cryptobox_base64_decode(param, len, ctx->b, &ctx->blen); return TRUE; } static gboolean rspamd_dkim_parse_signalg(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { /* XXX: ugly size comparison, improve this code style some day */ if (len == 8) { if (memcmp(param, "rsa-sha1", len) == 0) { ctx->sig_alg = DKIM_SIGN_RSASHA1; return TRUE; } } else if (len == 10) { if (memcmp(param, "rsa-sha256", len) == 0) { ctx->sig_alg = DKIM_SIGN_RSASHA256; return TRUE; } else if (memcmp(param, "rsa-sha512", len) == 0) { ctx->sig_alg = DKIM_SIGN_RSASHA512; return TRUE; } } else if (len == 15) { if (memcmp(param, "ecdsa256-sha256", len) == 0) { ctx->sig_alg = DKIM_SIGN_ECDSASHA256; return TRUE; } else if (memcmp(param, "ecdsa256-sha512", len) == 0) { ctx->sig_alg = DKIM_SIGN_ECDSASHA512; return TRUE; } } else if (len == 14) { if (memcmp(param, "ed25519-sha256", len) == 0) { ctx->sig_alg = DKIM_SIGN_EDDSASHA256; return TRUE; } } g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_A, "invalid dkim sign algorithm"); return FALSE; } static gboolean rspamd_dkim_parse_domain(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { if (!rspamd_str_has_8bit(param, len)) { ctx->domain = rspamd_mempool_alloc(ctx->pool, len + 1); rspamd_strlcpy(ctx->domain, param, len + 1); } else { ctx->domain = rspamd_dns_resolver_idna_convert_utf8(ctx->resolver, ctx->pool, param, len, NULL); if (!ctx->domain) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_H, "invalid dkim domain tag %.*s: idna failed", (int) len, param); return FALSE; } } return TRUE; } static gboolean rspamd_dkim_parse_canonalg(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { const char *p, *slash = NULL, *end = param + len; gsize sl = 0; p = param; while (p != end) { if (*p == '/') { slash = p; break; } p++; sl++; } if (slash == NULL) { /* Only check header */ if (len == 6 && memcmp(param, "simple", len) == 0) { ctx->common.header_canon_type = DKIM_CANON_SIMPLE; return TRUE; } else if (len == 7 && memcmp(param, "relaxed", len) == 0) { ctx->common.header_canon_type = DKIM_CANON_RELAXED; return TRUE; } } else { /* First check header */ if (sl == 6 && memcmp(param, "simple", sl) == 0) { ctx->common.header_canon_type = DKIM_CANON_SIMPLE; } else if (sl == 7 && memcmp(param, "relaxed", sl) == 0) { ctx->common.header_canon_type = DKIM_CANON_RELAXED; } else { goto err; } /* Check body */ len -= sl + 1; slash++; if (len == 6 && memcmp(slash, "simple", len) == 0) { ctx->common.body_canon_type = DKIM_CANON_SIMPLE; return TRUE; } else if (len == 7 && memcmp(slash, "relaxed", len) == 0) { ctx->common.body_canon_type = DKIM_CANON_RELAXED; return TRUE; } } err: g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_A, "invalid dkim canonization algorithm"); return FALSE; } static gboolean rspamd_dkim_parse_ignore(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { /* Just ignore unused params */ return TRUE; } static gboolean rspamd_dkim_parse_selector(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { if (!rspamd_str_has_8bit(param, len)) { ctx->selector = rspamd_mempool_alloc(ctx->pool, len + 1); rspamd_strlcpy(ctx->selector, param, len + 1); } else { ctx->selector = rspamd_dns_resolver_idna_convert_utf8(ctx->resolver, ctx->pool, param, len, NULL); if (!ctx->selector) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_H, "invalid dkim selector tag %.*s: idna failed", (int) len, param); return FALSE; } } return TRUE; } static void rspamd_dkim_hlist_free(void *ud) { GPtrArray *a = ud; g_ptr_array_free(a, TRUE); } static gboolean rspamd_dkim_parse_hdrlist_common(struct rspamd_dkim_common_ctx *ctx, const char *param, gsize len, gboolean sign, GError **err) { const char *c, *p, *end = param + len; char *h; gboolean from_found = FALSE, oversign, existing; unsigned int count = 0; struct rspamd_dkim_header *new; gpointer found; union rspamd_dkim_header_stat u; p = param; while (p <= end) { if ((p == end || *p == ':')) { count++; } p++; } if (count > 0) { ctx->hlist = g_ptr_array_sized_new(count); } else { return FALSE; } c = param; p = param; ctx->htable = g_hash_table_new(rspamd_strcase_hash, rspamd_strcase_equal); while (p <= end) { if ((p == end || *p == ':') && p - c > 0) { oversign = FALSE; existing = FALSE; h = rspamd_mempool_alloc(ctx->pool, p - c + 1); rspamd_strlcpy(h, c, p - c + 1); g_strstrip(h); if (sign) { if (rspamd_lc_cmp(h, "(o)", 3) == 0) { oversign = TRUE; h += 3; msg_debug_dkim("oversign header: %s", h); } else if (rspamd_lc_cmp(h, "(x)", 3) == 0) { oversign = TRUE; existing = TRUE; h += 3; msg_debug_dkim("oversign existing header: %s", h); } } /* Check mandatory from */ if (!from_found && g_ascii_strcasecmp(h, "from") == 0) { from_found = TRUE; } new = rspamd_mempool_alloc(ctx->pool, sizeof(struct rspamd_dkim_header)); new->name = h; new->count = 0; u.n = 0; g_ptr_array_add(ctx->hlist, new); found = g_hash_table_lookup(ctx->htable, h); if (oversign) { if (found) { msg_err_dkim("specified oversigned header more than once: %s", h); } u.s.flags |= RSPAMD_DKIM_FLAG_OVERSIGN; if (existing) { u.s.flags |= RSPAMD_DKIM_FLAG_OVERSIGN_EXISTING; } u.s.count = 0; } else { if (found != NULL) { u.n = GPOINTER_TO_UINT(found); new->count = u.s.count; u.s.count++; } else { /* Insert new header order to the list */ u.s.count = new->count + 1; } } g_hash_table_insert(ctx->htable, h, GUINT_TO_POINTER(u.n)); c = p + 1; p++; } else { p++; } } if (!ctx->hlist) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_H, "invalid dkim header list"); return FALSE; } else { if (!from_found) { g_ptr_array_free(ctx->hlist, TRUE); g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_H, "invalid dkim header list, from header is missing"); return FALSE; } rspamd_mempool_add_destructor(ctx->pool, (rspamd_mempool_destruct_t) rspamd_dkim_hlist_free, ctx->hlist); rspamd_mempool_add_destructor(ctx->pool, (rspamd_mempool_destruct_t) g_hash_table_unref, ctx->htable); } return TRUE; } static gboolean rspamd_dkim_parse_hdrlist(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { return rspamd_dkim_parse_hdrlist_common(&ctx->common, param, len, FALSE, err); } static gboolean rspamd_dkim_parse_version(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { if (len != 1 || *param != '1') { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_VERSION, "invalid dkim version"); return FALSE; } ctx->ver = 1; return TRUE; } static gboolean rspamd_dkim_parse_timestamp(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { gulong val; if (!rspamd_strtoul(param, len, &val)) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "invalid dkim timestamp"); return FALSE; } ctx->timestamp = val; return TRUE; } static gboolean rspamd_dkim_parse_expiration(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { gulong val; if (!rspamd_strtoul(param, len, &val)) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "invalid dkim expiration"); return FALSE; } ctx->expiration = val; return TRUE; } static gboolean rspamd_dkim_parse_bodyhash(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { ctx->bh = rspamd_mempool_alloc0(ctx->pool, len); (void) rspamd_cryptobox_base64_decode(param, len, ctx->bh, &ctx->bhlen); return TRUE; } static gboolean rspamd_dkim_parse_bodylength(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { gulong val; if (!rspamd_strtoul(param, len, &val)) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_L, "invalid dkim body length"); return FALSE; } ctx->common.len = val; return TRUE; } static gboolean rspamd_dkim_parse_idx(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { gulong val; if (!rspamd_strtoul(param, len, &val)) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_L, "invalid ARC idx"); return FALSE; } ctx->common.idx = val; return TRUE; } static gboolean rspamd_dkim_parse_cv(rspamd_dkim_context_t *ctx, const char *param, gsize len, GError **err) { /* Only check header */ if (len == 4 && memcmp(param, "fail", len) == 0) { ctx->cv = RSPAMD_ARC_FAIL; return TRUE; } else if (len == 4 && memcmp(param, "pass", len) == 0) { ctx->cv = RSPAMD_ARC_PASS; return TRUE; } else if (len == 4 && memcmp(param, "none", len) == 0) { ctx->cv = RSPAMD_ARC_NONE; return TRUE; } else if (len == 7 && memcmp(param, "invalid", len) == 0) { ctx->cv = RSPAMD_ARC_INVALID; return TRUE; } g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "invalid arc seal verification result"); return FALSE; } static void rspamd_dkim_add_arc_seal_headers(rspamd_mempool_t *pool, struct rspamd_dkim_common_ctx *ctx) { struct rspamd_dkim_header *hdr; int count = ctx->idx, i; ctx->hlist = g_ptr_array_sized_new(count * 3 - 1); for (i = 0; i < count; i++) { /* Authentication results */ hdr = rspamd_mempool_alloc(pool, sizeof(*hdr)); hdr->name = RSPAMD_DKIM_ARC_AUTHHEADER; hdr->count = -(i + 1); g_ptr_array_add(ctx->hlist, hdr); /* Arc signature */ hdr = rspamd_mempool_alloc(pool, sizeof(*hdr)); hdr->name = RSPAMD_DKIM_ARC_SIGNHEADER; hdr->count = -(i + 1); g_ptr_array_add(ctx->hlist, hdr); /* Arc seal (except last one) */ if (i != count - 1) { hdr = rspamd_mempool_alloc(pool, sizeof(*hdr)); hdr->name = RSPAMD_DKIM_ARC_SEALHEADER; hdr->count = -(i + 1); g_ptr_array_add(ctx->hlist, hdr); } } rspamd_mempool_add_destructor(ctx->pool, (rspamd_mempool_destruct_t) rspamd_dkim_hlist_free, ctx->hlist); } /** * Create new dkim context from signature * @param sig message's signature * @param pool pool to allocate memory from * @param err pointer to error object * @return new context or NULL */ rspamd_dkim_context_t * rspamd_create_dkim_context(const char *sig, rspamd_mempool_t *pool, struct rspamd_dns_resolver *resolver, unsigned int time_jitter, enum rspamd_dkim_type type, GError **err) { const char *p, *c, *tag = NULL, *end; int taglen; int param = DKIM_PARAM_UNKNOWN; const EVP_MD *md_alg; time_t now; rspamd_dkim_context_t *ctx; enum { DKIM_STATE_TAG = 0, DKIM_STATE_AFTER_TAG, DKIM_STATE_VALUE, DKIM_STATE_SKIP_SPACES = 99, DKIM_STATE_ERROR = 100 } state, next_state; if (sig == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_B, "empty signature"); return NULL; } ctx = rspamd_mempool_alloc0(pool, sizeof(rspamd_dkim_context_t)); ctx->pool = pool; ctx->resolver = resolver; if (type == RSPAMD_DKIM_ARC_SEAL) { ctx->common.header_canon_type = DKIM_CANON_RELAXED; ctx->common.body_canon_type = DKIM_CANON_RELAXED; } else { ctx->common.header_canon_type = DKIM_CANON_DEFAULT; ctx->common.body_canon_type = DKIM_CANON_DEFAULT; } ctx->sig_alg = DKIM_SIGN_UNKNOWN; ctx->common.pool = pool; ctx->common.type = type; /* A simple state machine of parsing tags */ state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_TAG; taglen = 0; p = sig; c = sig; end = p + strlen(p); ctx->common.sig_hash = rspamd_cryptobox_fast_hash(sig, end - sig, rspamd_hash_seed()); msg_debug_dkim("create dkim context sig = %L", ctx->common.sig_hash); while (p <= end) { switch (state) { case DKIM_STATE_TAG: if (g_ascii_isspace(*p)) { taglen = (int) (p - c); while (*p && g_ascii_isspace(*p)) { /* Skip spaces before '=' sign */ p++; } if (*p != '=') { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "invalid dkim param"); state = DKIM_STATE_ERROR; } else { state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_AFTER_TAG; param = DKIM_PARAM_UNKNOWN; p++; tag = c; } } else if (*p == '=') { state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_AFTER_TAG; param = DKIM_PARAM_UNKNOWN; p++; tag = c; } else { taglen++; if (taglen > G_MAXINT8) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "too long dkim tag"); state = DKIM_STATE_ERROR; } else { p++; } } break; case DKIM_STATE_AFTER_TAG: /* We got tag at tag and len at taglen */ switch (taglen) { case 0: g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "zero length dkim param"); state = DKIM_STATE_ERROR; break; case 1: /* 1 character tags */ switch (*tag) { case 'v': if (type == RSPAMD_DKIM_NORMAL) { param = DKIM_PARAM_VERSION; } else { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "invalid ARC v param"); state = DKIM_STATE_ERROR; break; } break; case 'a': param = DKIM_PARAM_SIGNALG; break; case 'b': param = DKIM_PARAM_SIGNATURE; break; case 'c': param = DKIM_PARAM_CANONALG; break; case 'd': param = DKIM_PARAM_DOMAIN; break; case 'h': if (type == RSPAMD_DKIM_ARC_SEAL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "ARC seal must NOT have h= tag"); state = DKIM_STATE_ERROR; break; } else { param = DKIM_PARAM_HDRLIST; } break; case 'i': if (type == RSPAMD_DKIM_NORMAL) { param = DKIM_PARAM_IDENTITY; } else { param = DKIM_PARAM_IDX; } break; case 'l': param = DKIM_PARAM_BODYLENGTH; break; case 'q': param = DKIM_PARAM_QUERYMETHOD; break; case 's': param = DKIM_PARAM_SELECTOR; break; case 't': param = DKIM_PARAM_TIMESTAMP; break; case 'x': param = DKIM_PARAM_EXPIRATION; break; case 'z': param = DKIM_PARAM_COPIEDHDRS; break; case 'r': param = DKIM_PARAM_IGNORE; break; default: param = DKIM_PARAM_UNKNOWN; msg_debug_dkim("unknown DKIM param %c, ignoring it", *tag); break; } break; case 2: /* Two characters tags, e.g. `bh` */ if (tag[0] == 'b' && tag[1] == 'h') { if (type == RSPAMD_DKIM_ARC_SEAL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "ARC seal must NOT have bh= tag"); state = DKIM_STATE_ERROR; } else { param = DKIM_PARAM_BODYHASH; } } else if (tag[0] == 'c' && tag[1] == 'v') { if (type != RSPAMD_DKIM_ARC_SEAL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "cv tag is valid for ARC-Seal only"); state = DKIM_STATE_ERROR; } else { param = DKIM_PARAM_CV; } } else { param = DKIM_PARAM_UNKNOWN; msg_debug_dkim("unknown DKIM param %*s, ignoring it", taglen, tag); } break; default: /* Long and unknown (yet) DKIM tag */ param = DKIM_PARAM_UNKNOWN; msg_debug_dkim("unknown DKIM param %*s, ignoring it", taglen, tag); break; } if (state != DKIM_STATE_ERROR) { /* Skip spaces */ state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_VALUE; } break; case DKIM_STATE_VALUE: if (*p == ';') { if (p - c == 0 || c > p) { state = DKIM_STATE_ERROR; } else { /* Cut trailing spaces for value */ int tlen = p - c; const char *tmp = p - 1; while (tlen > 0) { if (!g_ascii_isspace(*tmp)) { break; } tlen--; tmp--; } if (param != DKIM_PARAM_UNKNOWN) { if (!parser_funcs[param](ctx, c, tlen, err)) { state = DKIM_STATE_ERROR; } else { state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_TAG; p++; taglen = 0; } } else { /* Unknown param has been ignored */ msg_debug_dkim("ignored unknown tag parameter value: %*s = %*s", taglen, tag, tlen, c); state = DKIM_STATE_SKIP_SPACES; next_state = DKIM_STATE_TAG; p++; taglen = 0; } } } else if (p == end) { /* Last parameter with no `;` character */ int tlen = p - c; const char *tmp = p - 1; while (tlen > 0) { if (!g_ascii_isspace(*tmp)) { break; } tlen--; tmp--; } if (param != DKIM_PARAM_UNKNOWN) { if (!parser_funcs[param](ctx, c, tlen, err)) { state = DKIM_STATE_ERROR; } } else { msg_debug_dkim("ignored unknown tag parameter value: %*s: %*s", taglen, tag, tlen, c); } if (state == DKIM_STATE_ERROR) { /* * We need to return from here as state machine won't * do any more steps after p == end */ if (err) { msg_info_dkim("dkim parse failed: %e", *err); } return NULL; } /* Finish processing */ p++; } else { p++; } break; case DKIM_STATE_SKIP_SPACES: if (g_ascii_isspace(*p)) { p++; } else { c = p; state = next_state; } break; case DKIM_STATE_ERROR: if (err && *err) { msg_info_dkim("dkim parse failed: %s", (*err)->message); return NULL; } else { msg_info_dkim("dkim parse failed: unknown error when parsing %c tag", tag ? *tag : '?'); return NULL; } break; } } if (type == RSPAMD_DKIM_ARC_SEAL) { rspamd_dkim_add_arc_seal_headers(pool, &ctx->common); } /* Now check validity of signature */ if (ctx->b == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_B, "b parameter missing"); return NULL; } if (ctx->common.type != RSPAMD_DKIM_ARC_SEAL && ctx->bh == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_BH, "bh parameter missing"); return NULL; } if (ctx->domain == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_D, "domain parameter missing"); return NULL; } if (ctx->selector == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_S, "selector parameter missing"); return NULL; } if (ctx->common.type == RSPAMD_DKIM_NORMAL && ctx->ver == 0) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_V, "v parameter missing"); return NULL; } if (ctx->common.hlist == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_H, "h parameter missing"); return NULL; } if (ctx->sig_alg == DKIM_SIGN_UNKNOWN) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EMPTY_S, "s parameter missing"); return NULL; } if (type != RSPAMD_DKIM_ARC_SEAL) { if (ctx->sig_alg == DKIM_SIGN_RSASHA1) { /* Check bh length */ if (ctx->bhlen != (unsigned int) EVP_MD_size(EVP_sha1())) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_BADSIG, "signature has incorrect length: %zu", ctx->bhlen); return NULL; } } else if (ctx->sig_alg == DKIM_SIGN_RSASHA256 || ctx->sig_alg == DKIM_SIGN_ECDSASHA256) { if (ctx->bhlen != (unsigned int) EVP_MD_size(EVP_sha256())) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_BADSIG, "signature has incorrect length: %zu", ctx->bhlen); return NULL; } } else if (ctx->sig_alg == DKIM_SIGN_RSASHA512 || ctx->sig_alg == DKIM_SIGN_ECDSASHA512) { if (ctx->bhlen != (unsigned int) EVP_MD_size(EVP_sha512())) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_BADSIG, "signature has incorrect length: %zu", ctx->bhlen); return NULL; } } } /* Check expiration */ now = time(NULL); if (ctx->timestamp && now < ctx->timestamp && ctx->timestamp - now > (int) time_jitter) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_FUTURE, "signature was made in future, ignoring"); return NULL; } if (ctx->expiration && ctx->expiration < now) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_EXPIRED, "signature has expired"); return NULL; } if (ctx->common.type != RSPAMD_DKIM_NORMAL && (ctx->common.idx == 0 || ctx->common.idx > RSPAMD_DKIM_MAX_ARC_IDX)) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "i parameter missing or invalid for ARC"); return NULL; } if (ctx->common.type == RSPAMD_DKIM_ARC_SEAL) { if (ctx->cv == RSPAMD_ARC_UNKNOWN) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_UNKNOWN, "cv parameter missing or invalid for ARC"); return NULL; } } /* Now create dns key to request further */ gsize dnslen = strlen(ctx->domain) + strlen(ctx->selector) + sizeof(DKIM_DNSKEYNAME) + 2; ctx->dns_key = rspamd_mempool_alloc(ctx->pool, dnslen); rspamd_snprintf(ctx->dns_key, dnslen, "%s.%s.%s", ctx->selector, DKIM_DNSKEYNAME, ctx->domain); /* Create checksums for further operations */ if (ctx->sig_alg == DKIM_SIGN_RSASHA1) { md_alg = EVP_sha1(); } else if (ctx->sig_alg == DKIM_SIGN_RSASHA256 || ctx->sig_alg == DKIM_SIGN_ECDSASHA256 || ctx->sig_alg == DKIM_SIGN_EDDSASHA256) { md_alg = EVP_sha256(); } else if (ctx->sig_alg == DKIM_SIGN_RSASHA512 || ctx->sig_alg == DKIM_SIGN_ECDSASHA512) { md_alg = EVP_sha512(); } else { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_BADSIG, "signature has unsupported signature algorithm"); return NULL; } #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ctx->common.body_hash = EVP_MD_CTX_create(); EVP_DigestInit_ex(ctx->common.body_hash, md_alg, NULL); ctx->common.headers_hash = EVP_MD_CTX_create(); EVP_DigestInit_ex(ctx->common.headers_hash, md_alg, NULL); rspamd_mempool_add_destructor(pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_destroy, ctx->common.body_hash); rspamd_mempool_add_destructor(pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_destroy, ctx->common.headers_hash); #else ctx->common.body_hash = EVP_MD_CTX_new(); EVP_DigestInit_ex(ctx->common.body_hash, md_alg, NULL); ctx->common.headers_hash = EVP_MD_CTX_new(); EVP_DigestInit_ex(ctx->common.headers_hash, md_alg, NULL); rspamd_mempool_add_destructor(pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_free, ctx->common.body_hash); rspamd_mempool_add_destructor(pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_free, ctx->common.headers_hash); #endif ctx->dkim_header = sig; return ctx; } struct rspamd_dkim_key_cbdata { rspamd_dkim_context_t *ctx; dkim_key_handler_f handler; gpointer ud; }; rspamd_dkim_key_t * rspamd_dkim_make_key(const char *keydata, unsigned int keylen, enum rspamd_dkim_key_type type, GError **err) { rspamd_dkim_key_t *key = NULL; if (keylen < 3) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "DKIM key is too short to be valid"); return NULL; } key = g_malloc0(sizeof(rspamd_dkim_key_t)); REF_INIT_RETAIN(key, rspamd_dkim_key_free); key->keydata = g_malloc0(keylen + 1); key->raw_key = g_malloc(keylen); key->decoded_len = keylen; key->type = type; /* Copy key skipping all spaces and newlines */ const char *h = keydata; uint8_t *t = key->raw_key; while (h - keydata < keylen) { if (!g_ascii_isspace(*h)) { *t++ = *h++; } else { h++; } } key->keylen = t - key->raw_key; if (!rspamd_cryptobox_base64_decode(key->raw_key, key->keylen, key->keydata, &key->decoded_len)) { REF_RELEASE(key); g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "DKIM key is not a valid base64 string"); return NULL; } /* Calculate ID -> md5 */ EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); #endif if (EVP_DigestInit_ex(mdctx, EVP_md5(), NULL) == 1) { unsigned int dlen = sizeof(key->key_id); EVP_DigestUpdate(mdctx, key->keydata, key->decoded_len); EVP_DigestFinal_ex(mdctx, key->key_id, &dlen); } EVP_MD_CTX_destroy(mdctx); if (key->type == RSPAMD_DKIM_KEY_EDDSA) { key->specific.key_eddsa = key->keydata; if (key->decoded_len != crypto_sign_publickeybytes()) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "DKIM key is has invalid length %d for eddsa; expected %zd", (int) key->decoded_len, crypto_sign_publickeybytes()); REF_RELEASE(key); return NULL; } } else { key->specific.key_ssl.key_bio = BIO_new_mem_buf(key->keydata, key->decoded_len); if (key->specific.key_ssl.key_bio == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "cannot make ssl bio from key"); REF_RELEASE(key); return NULL; } key->specific.key_ssl.key_evp = d2i_PUBKEY_bio(key->specific.key_ssl.key_bio, NULL); if (key->specific.key_ssl.key_evp == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "cannot extract pubkey from bio"); REF_RELEASE(key); return NULL; } } return key; } const unsigned char * rspamd_dkim_key_id(rspamd_dkim_key_t *key) { if (key) { return key->key_id; } return NULL; } /** * Free DKIM key * @param key */ void rspamd_dkim_key_free(rspamd_dkim_key_t *key) { if (key->type != RSPAMD_DKIM_KEY_EDDSA) { if (key->specific.key_ssl.key_evp) { EVP_PKEY_free(key->specific.key_ssl.key_evp); } if (key->specific.key_ssl.key_bio) { BIO_free(key->specific.key_ssl.key_bio); } } g_free(key->raw_key); g_free(key->keydata); g_free(key); } void rspamd_dkim_sign_key_free(rspamd_dkim_sign_key_t *key) { if (key->type != RSPAMD_DKIM_KEY_EDDSA) { if (key->specific.key_ssl.key_evp) { EVP_PKEY_free(key->specific.key_ssl.key_evp); } if (key->specific.key_ssl.key_bio) { BIO_free(key->specific.key_ssl.key_bio); } } else { rspamd_explicit_memzero(key->specific.key_eddsa, key->keylen); g_free(key->keydata); } g_free(key); } rspamd_dkim_key_t * rspamd_dkim_parse_key(const char *txt, gsize *keylen, GError **err) { const char *c, *p, *end, *key = NULL, *alg = "rsa"; enum { read_tag = 0, read_tag_before_eqsign, read_eqsign, read_p_tag, read_k_tag, ignore_value, skip_spaces, } state = read_tag, next_state; char tag = '\0'; gsize klen = 0, alglen = 0; c = txt; p = txt; end = txt + strlen(txt); while (p < end) { switch (state) { case read_tag: if (*p == '=') { state = read_eqsign; } else if (g_ascii_isspace(*p)) { state = skip_spaces; if (tag != '\0') { /* We had tag letter */ next_state = read_tag_before_eqsign; } else { /* We had no tag letter, so we ignore empty tag */ next_state = read_tag; } } else { tag = *p; } p++; break; case read_tag_before_eqsign: /* Input: spaces before eqsign * Output: either read a next tag (previous had no value), or read value * p is moved forward */ if (*p == '=') { state = read_eqsign; } else { tag = *p; state = read_tag; } p++; break; case read_eqsign: /* Always switch to skip spaces state and do not advance p */ state = skip_spaces; if (tag == 'p') { next_state = read_p_tag; } else if (tag == 'k') { next_state = read_k_tag; } else { /* Unknown tag, ignore */ next_state = ignore_value; tag = '\0'; } break; case read_p_tag: if (*p == ';') { klen = p - c; key = c; state = read_tag; tag = '\0'; p++; } else { p++; } break; case read_k_tag: if (*p == ';') { alglen = p - c; alg = c; state = read_tag; tag = '\0'; p++; } else if (g_ascii_isspace(*p)) { alglen = p - c; alg = c; state = skip_spaces; next_state = read_tag; tag = '\0'; } else { p++; } break; case ignore_value: if (*p == ';') { state = read_tag; tag = '\0'; p++; } else if (g_ascii_isspace(*p)) { state = skip_spaces; next_state = read_tag; tag = '\0'; } else { p++; } break; case skip_spaces: /* Skip spaces and switch to the next state if needed */ if (g_ascii_isspace(*p)) { p++; } else { c = p; state = next_state; } break; default: break; } } /* Leftover */ switch (state) { case read_p_tag: klen = p - c; key = c; break; case read_k_tag: alglen = p - c; alg = c; break; default: break; } if (klen == 0 || key == NULL) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "key is missing"); return NULL; } if (alglen == 0 || alg == NULL) { alg = "rsa"; /* Implicit */ alglen = 3; } if (keylen) { *keylen = klen; } if (alglen == 8 && rspamd_lc_cmp(alg, "ecdsa256", alglen) == 0) { return rspamd_dkim_make_key(key, klen, RSPAMD_DKIM_KEY_ECDSA, err); } else if (alglen == 7 && rspamd_lc_cmp(alg, "ed25519", alglen) == 0) { return rspamd_dkim_make_key(key, klen, RSPAMD_DKIM_KEY_EDDSA, err); } else { /* We assume RSA default in all cases */ return rspamd_dkim_make_key(key, klen, RSPAMD_DKIM_KEY_RSA, err); } g_assert_not_reached(); return NULL; } /* Get TXT request data and parse it */ static void rspamd_dkim_dns_cb(struct rdns_reply *reply, gpointer arg) { struct rspamd_dkim_key_cbdata *cbdata = arg; rspamd_dkim_key_t *key = NULL; GError *err = NULL; struct rdns_reply_entry *elt; gsize keylen = 0; if (reply->code != RDNS_RC_NOERROR) { int err_code = DKIM_SIGERROR_NOKEY; if (reply->code == RDNS_RC_NOREC) { err_code = DKIM_SIGERROR_NOREC; } else if (reply->code == RDNS_RC_NXDOMAIN) { err_code = DKIM_SIGERROR_NOREC; } g_set_error(&err, DKIM_ERROR, err_code, "dns request to %s failed: %s", cbdata->ctx->dns_key, rdns_strerror(reply->code)); cbdata->handler(NULL, 0, cbdata->ctx, cbdata->ud, err); } else { LL_FOREACH(reply->entries, elt) { if (elt->type == RDNS_REQUEST_TXT) { if (err != NULL) { /* Free error as it is insignificant */ g_error_free(err); err = NULL; } key = rspamd_dkim_parse_key(elt->content.txt.data, &keylen, &err); if (key) { key->ttl = elt->ttl; break; } } } cbdata->handler(key, keylen, cbdata->ctx, cbdata->ud, err); } } /** * Make DNS request for specified context and obtain and parse key * @param ctx dkim context from signature * @param resolver dns resolver object * @param s async session to make request * @return */ gboolean rspamd_get_dkim_key(rspamd_dkim_context_t *ctx, struct rspamd_task *task, dkim_key_handler_f handler, gpointer ud) { struct rspamd_dkim_key_cbdata *cbdata; g_return_val_if_fail(ctx != NULL, FALSE); g_return_val_if_fail(ctx->dns_key != NULL, FALSE); cbdata = rspamd_mempool_alloc(ctx->pool, sizeof(struct rspamd_dkim_key_cbdata)); cbdata->ctx = ctx; cbdata->handler = handler; cbdata->ud = ud; return rspamd_dns_resolver_request_task_forced(task, rspamd_dkim_dns_cb, cbdata, RDNS_REQUEST_TXT, ctx->dns_key); } static gboolean rspamd_dkim_relaxed_body_step(struct rspamd_dkim_common_ctx *ctx, EVP_MD_CTX *ck, const char **start, unsigned int size, gssize *remain) { const char *h; char *t; unsigned int len, inlen; gssize octets_remain; gboolean got_sp, ret = TRUE; char buf[1024]; len = size; inlen = sizeof(buf) - 1; h = *start; t = buf; got_sp = FALSE; octets_remain = *remain; while (len > 0 && inlen > 0 && (octets_remain > 0)) { if (*h == '\r' || *h == '\n') { if (got_sp) { /* Ignore spaces at the end of line */ t--; } *t++ = '\r'; *t++ = '\n'; if (len > 1 && (*h == '\r' && h[1] == '\n')) { h += 2; len -= 2; octets_remain -= 2; } else { h++; len--; if (octets_remain >= 2) { octets_remain -= 2; /* Input has just \n or \r so we actually add more octets */ } else { octets_remain--; break; } } break; } else if (g_ascii_isspace(*h)) { if (got_sp) { /* Ignore multiply spaces */ h++; len--; continue; } else { *t++ = ' '; h++; inlen--; len--; octets_remain--; got_sp = TRUE; continue; } } else { got_sp = FALSE; } *t++ = *h++; inlen--; len--; octets_remain--; } if (octets_remain < 0) { /* Absurdic l tag value, but we still need to rewind the t pointer back */ while (t > buf && octets_remain < 0) { t--; octets_remain++; } ret = FALSE; } *start = h; if (t - buf > 0) { gsize cklen = t - buf; EVP_DigestUpdate(ck, buf, cklen); ctx->body_canonicalised += cklen; msg_debug_dkim("relaxed update signature with body buffer " "(%z size, %z -> %z remain)", cklen, *remain, octets_remain); *remain = octets_remain; } return ret && ((len > 0) && (octets_remain > 0)); } static gboolean rspamd_dkim_simple_body_step(struct rspamd_dkim_common_ctx *ctx, EVP_MD_CTX *ck, const char **start, unsigned int size, gssize *remain) { const char *h; char *t; unsigned int len, inlen; gssize octets_remain; char buf[1024]; len = size; inlen = sizeof(buf) - 1; h = *start; t = &buf[0]; octets_remain = *remain; while (len > 0 && inlen > 0 && (octets_remain != 0)) { if (*h == '\r' || *h == '\n') { *t++ = '\r'; *t++ = '\n'; if (len > 1 && (*h == '\r' && h[1] == '\n')) { h += 2; len -= 2; if (octets_remain >= 2) { octets_remain -= 2; /* Input has just \n or \r so we actually add more octets */ } else { octets_remain--; } } else { h++; len--; if (octets_remain >= 2) { octets_remain -= 2; /* Input has just \n or \r so we actually add more octets */ } else { octets_remain--; } } break; } *t++ = *h++; octets_remain--; inlen--; len--; } *start = h; if (t - buf > 0) { gsize cklen = t - buf; EVP_DigestUpdate(ck, buf, cklen); ctx->body_canonicalised += cklen; msg_debug_dkim("simple update signature with body buffer " "(%z size, %z -> %z remain)", cklen, *remain, octets_remain); *remain = octets_remain; } return ((len != 0) && (octets_remain != 0)); } static const char * rspamd_dkim_skip_empty_lines(const char *start, const char *end, unsigned int type, gboolean sign, gboolean *need_crlf) { const char *p = end - 1, *t; enum { init = 0, init_2, got_cr, got_lf, got_crlf, test_spaces, } state = init; unsigned int skip = 0; while (p >= start) { switch (state) { case init: if (*p == '\r') { state = got_cr; } else if (*p == '\n') { state = got_lf; } else if (type == DKIM_CANON_RELAXED && *p == ' ') { skip = 0; state = test_spaces; } else { if (sign || type != DKIM_CANON_RELAXED) { *need_crlf = TRUE; } goto end; } break; case init_2: if (*p == '\r') { state = got_cr; } else if (*p == '\n') { state = got_lf; } else if (type == DKIM_CANON_RELAXED && (*p == ' ' || *p == '\t')) { skip = 0; state = test_spaces; } else { goto end; } break; case got_cr: if (p >= start + 1) { if (*(p - 1) == '\r') { p--; state = got_cr; } else if (*(p - 1) == '\n') { if ((*p - 2) == '\r') { /* \r\n\r -> we know about one line */ p -= 1; state = got_crlf; } else { /* \n\r -> we know about one line */ p -= 1; state = got_lf; } } else if (type == DKIM_CANON_RELAXED && (*(p - 1) == ' ' || *(p - 1) == '\t')) { skip = 1; state = test_spaces; } else { goto end; } } else { if (g_ascii_isspace(*(p - 1))) { if (type == DKIM_CANON_RELAXED) { p -= 1; } } goto end; } break; case got_lf: if (p >= start + 1) { if (*(p - 1) == '\r') { state = got_crlf; } else if (*(p - 1) == '\n') { /* We know about one line */ p--; state = got_lf; } else if (type == DKIM_CANON_RELAXED && (*(p - 1) == ' ' || *(p - 1) == '\t')) { skip = 1; state = test_spaces; } else { goto end; } } else { if (g_ascii_isspace(*(p - 1))) { if (type == DKIM_CANON_RELAXED) { p -= 1; } } goto end; } break; case got_crlf: if (p >= start + 2) { if (*(p - 2) == '\r') { p -= 2; state = got_cr; } else if (*(p - 2) == '\n') { p -= 2; state = got_lf; } else if (type == DKIM_CANON_RELAXED && (*(p - 2) == ' ' || *(p - 2) == '\t')) { skip = 2; state = test_spaces; } else { goto end; } } else { if (g_ascii_isspace(*(p - 2))) { if (type == DKIM_CANON_RELAXED) { p -= 2; } } goto end; } break; case test_spaces: t = p - skip; while (t >= start + 2 && (*t == ' ' || *t == '\t')) { t--; } if (*t == '\r') { p = t; state = got_cr; } else if (*t == '\n') { p = t; state = got_lf; } else { goto end; } break; } } end: return p; } static gboolean rspamd_dkim_canonize_body(struct rspamd_task *task, struct rspamd_dkim_common_ctx *ctx, const char *start, const char *end, gboolean sign) { const char *p; gssize remain = ctx->len ? ctx->len : G_MAXSSIZE; unsigned int total_len = end - start; gboolean need_crlf = FALSE; if (start == NULL) { /* Empty body */ if (ctx->body_canon_type == DKIM_CANON_SIMPLE) { EVP_DigestUpdate(ctx->body_hash, CRLF, sizeof(CRLF) - 1); ctx->body_canonicalised += sizeof(CRLF) - 1; } else { EVP_DigestUpdate(ctx->body_hash, "", 0); } } else if (end >= start) { /* Add sanity checks for ctx->len */ if (ctx->body_canon_type == DKIM_CANON_SIMPLE && ctx->len > 0) { if (ctx->len < 2 && end - start > 2) { msg_info_task("DKIM l tag is invalid: %d (%d actual size)", (int) ctx->len, (int) (end - start)); return FALSE; } if (ctx->len + 2 < (double) (end - start) * 0.9) { msg_info_task("DKIM l tag does not cover enough of the body: %d (%d actual size)", (int) ctx->len, (int) (end - start)); return FALSE; } } /* Strip extra ending CRLF */ p = rspamd_dkim_skip_empty_lines(start, end, ctx->body_canon_type, sign, &need_crlf); end = p + 1; if (end == start) { /* Empty body */ if (ctx->body_canon_type == DKIM_CANON_SIMPLE) { EVP_DigestUpdate(ctx->body_hash, CRLF, sizeof(CRLF) - 1); ctx->body_canonicalised += sizeof(CRLF) - 1; } else { EVP_DigestUpdate(ctx->body_hash, "", 0); } } else { if (ctx->body_canon_type == DKIM_CANON_SIMPLE) { /* Simple canonization */ while (rspamd_dkim_simple_body_step(ctx, ctx->body_hash, &start, end - start, &remain)) ; /* * If we have l= tag then we cannot add crlf... */ if (need_crlf) { /* l is evil... */ if (ctx->len == 0) { remain = 2; } else { if (ctx->len <= total_len) { /* We don't have enough l to add \r\n */ remain = 0; } else { if (ctx->len - total_len >= 2) { remain = 2; } else { remain = ctx->len - total_len; } } } start = "\r\n"; end = start + 2; rspamd_dkim_simple_body_step(ctx, ctx->body_hash, &start, end - start, &remain); } } else { size_t orig_len = remain; while (rspamd_dkim_relaxed_body_step(ctx, ctx->body_hash, &start, end - start, &remain)) ; if (ctx->len > 0 && remain > (double) orig_len * 0.1) { msg_info_task("DKIM l tag does not cover enough of the body: %d (%d actual size)", (int) ctx->len, (int) (end - start)); return FALSE; } if (need_crlf) { start = "\r\n"; end = start + 2; remain = 2; rspamd_dkim_relaxed_body_step(ctx, ctx->body_hash, &start, end - start, &remain); } } } return TRUE; } return FALSE; } /* Update hash converting all CR and LF to CRLF */ static void rspamd_dkim_hash_update(EVP_MD_CTX *ck, const char *begin, gsize len) { const char *p, *c, *end; end = begin + len; p = begin; c = p; while (p < end) { if (*p == '\r') { EVP_DigestUpdate(ck, c, p - c); EVP_DigestUpdate(ck, CRLF, sizeof(CRLF) - 1); p++; if (p < end && *p == '\n') { p++; } c = p; } else if (*p == '\n') { EVP_DigestUpdate(ck, c, p - c); EVP_DigestUpdate(ck, CRLF, sizeof(CRLF) - 1); p++; c = p; } else { p++; } } if (p > c) { EVP_DigestUpdate(ck, c, p - c); } } /* Update hash by signature value (ignoring b= tag) */ static void rspamd_dkim_signature_update(struct rspamd_dkim_common_ctx *ctx, const char *begin, unsigned int len) { const char *p, *c, *end; gboolean tag, skip; end = begin + len; p = begin; c = begin; tag = TRUE; skip = FALSE; while (p < end) { if (tag && p[0] == 'b' && p[1] == '=') { /* Add to signature */ msg_debug_dkim("initial update hash with signature part: %*s", (int) (p - c + 2), c); ctx->headers_canonicalised += p - c + 2; rspamd_dkim_hash_update(ctx->headers_hash, c, p - c + 2); skip = TRUE; } else if (skip && (*p == ';' || p == end - 1)) { skip = FALSE; c = p; } else if (!tag && *p == ';') { tag = TRUE; } else if (tag && *p == '=') { tag = FALSE; } p++; } p--; /* Skip \r\n at the end */ while ((*p == '\r' || *p == '\n') && p >= c) { p--; } if (p - c + 1 > 0) { msg_debug_dkim("final update hash with signature part: %*s", (int) (p - c + 1), c); ctx->headers_canonicalised += p - c + 1; rspamd_dkim_hash_update(ctx->headers_hash, c, p - c + 1); } } goffset rspamd_dkim_canonize_header_relaxed_str(const char *hname, const char *hvalue, char *out, gsize outlen) { char *t; const unsigned char *h; gboolean got_sp; /* Name part */ t = out; h = hname; while (*h && t - out < outlen) { *t++ = lc_map[*h++]; } if (t - out >= outlen) { return -1; } *t++ = ':'; /* Value part */ h = hvalue; /* Skip spaces at the beginning */ while (g_ascii_isspace(*h)) { h++; } got_sp = FALSE; while (*h && (t - out < outlen)) { if (g_ascii_isspace(*h)) { if (got_sp) { h++; continue; } else { got_sp = TRUE; *t++ = ' '; h++; continue; } } else { got_sp = FALSE; } *t++ = *h++; } if (g_ascii_isspace(*(t - 1))) { t--; } if (t - out >= outlen - 2) { return -1; } *t++ = '\r'; *t++ = '\n'; *t = '\0'; return t - out; } static gboolean rspamd_dkim_canonize_header_relaxed(struct rspamd_dkim_common_ctx *ctx, const char *header, const char *header_name, gboolean is_sign, unsigned int count, bool is_seal) { static char st_buf[8192]; char *buf; unsigned int inlen; goffset r; gboolean allocated = FALSE; inlen = strlen(header) + strlen(header_name) + sizeof(":" CRLF); if (inlen > sizeof(st_buf)) { buf = g_malloc(inlen); allocated = TRUE; } else { /* Faster */ buf = st_buf; } r = rspamd_dkim_canonize_header_relaxed_str(header_name, header, buf, inlen); g_assert(r != -1); if (!is_sign) { msg_debug_dkim("update %s with header (idx=%d): %s", is_seal ? "seal" : "signature", count, buf); EVP_DigestUpdate(ctx->headers_hash, buf, r); } else { rspamd_dkim_signature_update(ctx, buf, r); } if (allocated) { g_free(buf); } return TRUE; } static gboolean rspamd_dkim_canonize_header(struct rspamd_dkim_common_ctx *ctx, struct rspamd_task *task, const char *header_name, int count, const char *dkim_header, const char *dkim_domain) { struct rspamd_mime_header *rh, *cur, *sel = NULL; int hdr_cnt = 0; bool use_idx = false, is_sign = ctx->is_sign; /* * TODO: * Temporary hack to prevent linked list being misused until refactored */ const unsigned int max_list_iters = 1000; if (count < 0) { use_idx = true; count = -(count); /* use i= in header content as it is arc stuff */ } if (dkim_header == NULL) { rh = rspamd_message_get_header_array(task, header_name, is_sign); if (rh) { /* Check uniqueness of the header but we count from the bottom to top */ if (!use_idx) { for (cur = rh->prev;; cur = cur->prev) { if (hdr_cnt == count) { sel = cur; } hdr_cnt++; if (cur == rh || hdr_cnt >= max_list_iters) { /* Cycle */ break; } } if ((rh->flags & RSPAMD_HEADER_UNIQUE) && hdr_cnt > 1) { uint64_t random_cookie = ottery_rand_uint64(); msg_warn_dkim("header %s is intended to be unique by" " email standards, but we have %d headers of this" " type, artificially break DKIM check", header_name, hdr_cnt); rspamd_dkim_hash_update(ctx->headers_hash, (const char *) &random_cookie, sizeof(random_cookie)); ctx->headers_canonicalised += sizeof(random_cookie); return FALSE; } if (hdr_cnt <= count) { /* * If DKIM has less headers requested than there are in a * message, then it's fine, it allows adding extra headers */ return TRUE; } } else { /* * This branch is used for ARC headers, and it orders them based on * i= string and not their real order in the list of headers */ char idx_buf[16]; int id_len, i; id_len = rspamd_snprintf(idx_buf, sizeof(idx_buf), "i=%d;", count); for (cur = rh->prev, i = 0; i < max_list_iters; cur = cur->prev, i++) { if (cur->decoded && rspamd_substring_search(cur->decoded, strlen(cur->decoded), idx_buf, id_len) != -1) { sel = cur; break; } if (cur == rh) { /* Cycle */ break; } } if (sel == NULL) { return FALSE; } } /* Selected header must be non-null if previous condition is false */ g_assert(sel != NULL); if (ctx->header_canon_type == DKIM_CANON_SIMPLE) { rspamd_dkim_hash_update(ctx->headers_hash, sel->raw_value, sel->raw_len); ctx->headers_canonicalised += sel->raw_len; msg_debug_dkim("update %s with header (idx=%d): %*s", (use_idx ? "seal" : "signature"), count, (int) sel->raw_len, sel->raw_value); } else { if (is_sign && (sel->flags & RSPAMD_HEADER_FROM)) { /* Special handling of the From handling when rewrite is done */ gboolean has_rewrite = FALSE; unsigned int i; struct rspamd_email_address *addr; PTR_ARRAY_FOREACH(MESSAGE_FIELD(task, from_mime), i, addr) { if ((addr->flags & RSPAMD_EMAIL_ADDR_ORIGINAL) && !(addr->flags & RSPAMD_EMAIL_ADDR_ALIASED)) { has_rewrite = TRUE; } } if (has_rewrite) { PTR_ARRAY_FOREACH(MESSAGE_FIELD(task, from_mime), i, addr) { if (!(addr->flags & RSPAMD_EMAIL_ADDR_ORIGINAL)) { if (!rspamd_dkim_canonize_header_relaxed(ctx, addr->raw, header_name, FALSE, i, use_idx)) { return FALSE; } return TRUE; } } } } if (!rspamd_dkim_canonize_header_relaxed(ctx, sel->value, header_name, FALSE, count, use_idx)) { return FALSE; } } } } else { /* For signature check just use the saved dkim header */ if (ctx->header_canon_type == DKIM_CANON_SIMPLE) { /* We need to find our own signature and use it */ rh = rspamd_message_get_header_array(task, header_name, is_sign); if (rh) { /* We need to find our own signature */ if (!dkim_domain) { msg_err_dkim("cannot verify dkim as we have no dkim domain!"); return FALSE; } gboolean found = FALSE; DL_FOREACH(rh, cur) { uint64_t th = rspamd_cryptobox_fast_hash(cur->decoded, strlen(cur->decoded), rspamd_hash_seed()); if (th == ctx->sig_hash) { rspamd_dkim_signature_update(ctx, cur->raw_value, cur->raw_len); found = TRUE; break; } } if (!found) { msg_err_dkim("BUGON: cannot verify dkim as we have lost our signature" " during simple canonicalisation, expected hash=%L", ctx->sig_hash); return FALSE; } } else { return FALSE; } } else { if (!rspamd_dkim_canonize_header_relaxed(ctx, dkim_header, header_name, TRUE, 0, use_idx)) { return FALSE; } } } return TRUE; } struct rspamd_dkim_cached_hash { unsigned char *digest_normal; unsigned char *digest_cr; unsigned char *digest_crlf; char *type; }; static struct rspamd_dkim_cached_hash * rspamd_dkim_check_bh_cached(struct rspamd_dkim_common_ctx *ctx, struct rspamd_task *task, gsize bhlen, gboolean is_sign) { char typebuf[64]; struct rspamd_dkim_cached_hash *res; rspamd_snprintf(typebuf, sizeof(typebuf), RSPAMD_MEMPOOL_DKIM_BH_CACHE "%z_%s_%d_%z", bhlen, ctx->body_canon_type == DKIM_CANON_RELAXED ? "1" : "0", !!is_sign, ctx->len); res = rspamd_mempool_get_variable(task->task_pool, typebuf); if (!res) { res = rspamd_mempool_alloc0(task->task_pool, sizeof(*res)); res->type = rspamd_mempool_strdup(task->task_pool, typebuf); rspamd_mempool_set_variable(task->task_pool, res->type, res, NULL); } return res; } static const char * rspamd_dkim_type_to_string(enum rspamd_dkim_type t) { switch (t) { case RSPAMD_DKIM_NORMAL: return "dkim"; case RSPAMD_DKIM_ARC_SIG: return "arc_sig"; case RSPAMD_DKIM_ARC_SEAL: default: return "arc_seal"; } } /** * Check task for dkim context using dkim key * @param ctx dkim verify context * @param key dkim key (from cache or from dns request) * @param task task to check * @return */ struct rspamd_dkim_check_result * rspamd_dkim_check(rspamd_dkim_context_t *ctx, rspamd_dkim_key_t *key, struct rspamd_task *task) { const char *body_end, *body_start; unsigned char raw_digest[EVP_MAX_MD_SIZE]; struct rspamd_dkim_cached_hash *cached_bh = NULL; EVP_MD_CTX *cpy_ctx = NULL; gsize dlen = 0; struct rspamd_dkim_check_result *res; unsigned int i; struct rspamd_dkim_header *dh; int nid; g_return_val_if_fail(ctx != NULL, NULL); g_return_val_if_fail(key != NULL, NULL); g_return_val_if_fail(task->msg.len > 0, NULL); /* First of all find place of body */ body_end = task->msg.begin + task->msg.len; body_start = MESSAGE_FIELD(task, raw_headers_content).body_start; res = rspamd_mempool_alloc0(task->task_pool, sizeof(*res)); res->ctx = ctx; res->selector = ctx->selector; res->domain = ctx->domain; res->fail_reason = NULL; res->short_b = ctx->short_b; res->rcode = DKIM_CONTINUE; if (!body_start) { res->rcode = DKIM_ERROR; return res; } if (ctx->common.type != RSPAMD_DKIM_ARC_SEAL) { dlen = EVP_MD_CTX_size(ctx->common.body_hash); cached_bh = rspamd_dkim_check_bh_cached(&ctx->common, task, dlen, FALSE); if (!cached_bh->digest_normal) { /* Start canonization of body part */ if (!rspamd_dkim_canonize_body(task, &ctx->common, body_start, body_end, FALSE)) { res->rcode = DKIM_RECORD_ERROR; return res; } } } /* Now canonize headers */ for (i = 0; i < ctx->common.hlist->len; i++) { dh = g_ptr_array_index(ctx->common.hlist, i); rspamd_dkim_canonize_header(&ctx->common, task, dh->name, dh->count, NULL, NULL); } /* Canonize dkim signature */ switch (ctx->common.type) { case RSPAMD_DKIM_NORMAL: rspamd_dkim_canonize_header(&ctx->common, task, RSPAMD_DKIM_SIGNHEADER, 0, ctx->dkim_header, ctx->domain); break; case RSPAMD_DKIM_ARC_SIG: rspamd_dkim_canonize_header(&ctx->common, task, RSPAMD_DKIM_ARC_SIGNHEADER, 0, ctx->dkim_header, ctx->domain); break; case RSPAMD_DKIM_ARC_SEAL: rspamd_dkim_canonize_header(&ctx->common, task, RSPAMD_DKIM_ARC_SEALHEADER, 0, ctx->dkim_header, ctx->domain); break; } /* Use cached BH for all but arc seal, if it is not NULL we are not in arc seal mode */ if (cached_bh != NULL) { if (!cached_bh->digest_normal) { /* Copy md_ctx to deal with broken CRLF at the end */ cpy_ctx = EVP_MD_CTX_create(); EVP_MD_CTX_copy(cpy_ctx, ctx->common.body_hash); EVP_DigestFinal_ex(cpy_ctx, raw_digest, NULL); cached_bh->digest_normal = rspamd_mempool_alloc(task->task_pool, sizeof(raw_digest)); memcpy(cached_bh->digest_normal, raw_digest, sizeof(raw_digest)); } /* Check bh field */ if (memcmp(ctx->bh, cached_bh->digest_normal, ctx->bhlen) != 0) { msg_debug_dkim( "bh value mismatch: %*xs versus %*xs, try add LF; try adding CRLF", (int) dlen, ctx->bh, (int) dlen, raw_digest); if (cpy_ctx) { /* Try add CRLF */ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX_cleanup(cpy_ctx); #else EVP_MD_CTX_reset(cpy_ctx); #endif EVP_MD_CTX_copy(cpy_ctx, ctx->common.body_hash); EVP_DigestUpdate(cpy_ctx, "\r\n", 2); EVP_DigestFinal_ex(cpy_ctx, raw_digest, NULL); cached_bh->digest_crlf = rspamd_mempool_alloc(task->task_pool, sizeof(raw_digest)); memcpy(cached_bh->digest_crlf, raw_digest, sizeof(raw_digest)); if (memcmp(ctx->bh, raw_digest, ctx->bhlen) != 0) { msg_debug_dkim( "bh value mismatch after added CRLF: %*xs versus %*xs, try add LF", (int) dlen, ctx->bh, (int) dlen, raw_digest); /* Try add LF */ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX_cleanup(cpy_ctx); #else EVP_MD_CTX_reset(cpy_ctx); #endif EVP_MD_CTX_copy(cpy_ctx, ctx->common.body_hash); EVP_DigestUpdate(cpy_ctx, "\n", 1); EVP_DigestFinal_ex(cpy_ctx, raw_digest, NULL); cached_bh->digest_cr = rspamd_mempool_alloc(task->task_pool, sizeof(raw_digest)); memcpy(cached_bh->digest_cr, raw_digest, sizeof(raw_digest)); if (memcmp(ctx->bh, raw_digest, ctx->bhlen) != 0) { msg_debug_dkim("bh value mismatch after added LF: %*xs versus %*xs", (int) dlen, ctx->bh, (int) dlen, raw_digest); res->fail_reason = "body hash did not verify"; res->rcode = DKIM_REJECT; } } } else if (cached_bh->digest_crlf) { if (memcmp(ctx->bh, cached_bh->digest_crlf, ctx->bhlen) != 0) { msg_debug_dkim("bh value mismatch after added CRLF: %*xs versus %*xs", (int) dlen, ctx->bh, (int) dlen, cached_bh->digest_crlf); if (cached_bh->digest_cr) { if (memcmp(ctx->bh, cached_bh->digest_cr, ctx->bhlen) != 0) { msg_debug_dkim( "bh value mismatch after added LF: %*xs versus %*xs", (int) dlen, ctx->bh, (int) dlen, cached_bh->digest_cr); res->fail_reason = "body hash did not verify"; res->rcode = DKIM_REJECT; } } else { res->fail_reason = "body hash did not verify"; res->rcode = DKIM_REJECT; } } } else { msg_debug_dkim( "bh value mismatch: %*xs versus %*xs", (int) dlen, ctx->bh, (int) dlen, cached_bh->digest_normal); res->fail_reason = "body hash did not verify"; res->rcode = DKIM_REJECT; } } if (cpy_ctx) { #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX_cleanup(cpy_ctx); #else EVP_MD_CTX_reset(cpy_ctx); #endif EVP_MD_CTX_destroy(cpy_ctx); } if (res->rcode == DKIM_REJECT) { msg_info_dkim( "%s: bh value mismatch: got %*Bs, expected %*Bs; " "body length %d->%d; d=%s; s=%s", rspamd_dkim_type_to_string(ctx->common.type), (int) dlen, cached_bh->digest_normal, (int) dlen, ctx->bh, (int) (body_end - body_start), ctx->common.body_canonicalised, ctx->domain, ctx->selector); return res; } } dlen = EVP_MD_CTX_size(ctx->common.headers_hash); EVP_DigestFinal_ex(ctx->common.headers_hash, raw_digest, NULL); /* Check headers signature */ if (ctx->sig_alg == DKIM_SIGN_RSASHA1) { nid = NID_sha1; } else if (ctx->sig_alg == DKIM_SIGN_RSASHA256 || ctx->sig_alg == DKIM_SIGN_ECDSASHA256 || ctx->sig_alg == DKIM_SIGN_EDDSASHA256) { nid = NID_sha256; } else if (ctx->sig_alg == DKIM_SIGN_RSASHA512 || ctx->sig_alg == DKIM_SIGN_ECDSASHA512) { nid = NID_sha512; } else { /* Not reached */ nid = NID_sha1; } switch (key->type) { case RSPAMD_DKIM_KEY_RSA: { GError *err = NULL; if (!rspamd_cryptobox_verify_evp_rsa(nid, ctx->b, ctx->blen, raw_digest, dlen, key->specific.key_ssl.key_evp, &err)) { if (err == NULL) { msg_debug_dkim("headers rsa verify failed"); ERR_clear_error(); res->rcode = DKIM_REJECT; res->fail_reason = "headers rsa verify failed"; msg_info_dkim( "%s: headers RSA verification failure; " "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s", rspamd_dkim_type_to_string(ctx->common.type), (int) (body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, ctx->domain, ctx->selector, RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key), ctx->dkim_header); } else { res->rcode = DKIM_PERM_ERROR; res->fail_reason = "openssl internal error"; msg_err_dkim("internal OpenSSL error: %s", err->message); msg_info_dkim( "%s: headers RSA verification failure due to OpenSSL internal error; " "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s", rspamd_dkim_type_to_string(ctx->common.type), (int) (body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, ctx->domain, ctx->selector, RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key), ctx->dkim_header); ERR_clear_error(); g_error_free(err); } } break; } case RSPAMD_DKIM_KEY_ECDSA: if (rspamd_cryptobox_verify_evp_ecdsa(nid, ctx->b, ctx->blen, raw_digest, dlen, key->specific.key_ssl.key_evp) != 1) { msg_info_dkim( "%s: headers ECDSA verification failure; " "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s", rspamd_dkim_type_to_string(ctx->common.type), (int) (body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, ctx->domain, ctx->selector, RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key), ctx->dkim_header); msg_debug_dkim("headers ecdsa verify failed"); ERR_clear_error(); res->rcode = DKIM_REJECT; res->fail_reason = "headers ecdsa verify failed"; } break; case RSPAMD_DKIM_KEY_EDDSA: if (!rspamd_cryptobox_verify(ctx->b, ctx->blen, raw_digest, dlen, key->specific.key_eddsa)) { msg_info_dkim( "%s: headers EDDSA verification failure; " "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s", rspamd_dkim_type_to_string(ctx->common.type), (int) (body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, ctx->domain, ctx->selector, RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key), ctx->dkim_header); msg_debug_dkim("headers eddsa verify failed"); res->rcode = DKIM_REJECT; res->fail_reason = "headers eddsa verify failed"; } break; } if (ctx->common.type == RSPAMD_DKIM_ARC_SEAL && res->rcode == DKIM_CONTINUE) { switch (ctx->cv) { case RSPAMD_ARC_INVALID: msg_info_dkim("arc seal is invalid i=%d", ctx->common.idx); res->rcode = DKIM_PERM_ERROR; res->fail_reason = "arc seal is invalid"; break; case RSPAMD_ARC_FAIL: msg_info_dkim("arc seal failed i=%d", ctx->common.idx); res->rcode = DKIM_REJECT; res->fail_reason = "arc seal failed"; break; default: break; } } return res; } struct rspamd_dkim_check_result * rspamd_dkim_create_result(rspamd_dkim_context_t *ctx, enum rspamd_dkim_check_rcode rcode, struct rspamd_task *task) { struct rspamd_dkim_check_result *res; res = rspamd_mempool_alloc0(task->task_pool, sizeof(*res)); res->ctx = ctx; res->selector = ctx->selector; res->domain = ctx->domain; res->fail_reason = NULL; res->short_b = ctx->short_b; res->rcode = rcode; return res; } rspamd_dkim_key_t * rspamd_dkim_key_ref(rspamd_dkim_key_t *k) { REF_RETAIN(k); return k; } void rspamd_dkim_key_unref(rspamd_dkim_key_t *k) { REF_RELEASE(k); } rspamd_dkim_sign_key_t * rspamd_dkim_sign_key_ref(rspamd_dkim_sign_key_t *k) { REF_RETAIN(k); return k; } void rspamd_dkim_sign_key_unref(rspamd_dkim_sign_key_t *k) { REF_RELEASE(k); } const char * rspamd_dkim_get_domain(rspamd_dkim_context_t *ctx) { if (ctx) { return ctx->domain; } return NULL; } const char * rspamd_dkim_get_selector(rspamd_dkim_context_t *ctx) { if (ctx) { return ctx->selector; } return NULL; } unsigned int rspamd_dkim_key_get_ttl(rspamd_dkim_key_t *k) { if (k) { return k->ttl; } return 0; } const char * rspamd_dkim_get_dns_key(rspamd_dkim_context_t *ctx) { if (ctx) { return ctx->dns_key; } return NULL; } #define PEM_SIG "-----BEGIN" rspamd_dkim_sign_key_t * rspamd_dkim_sign_key_load(const char *key, gsize len, enum rspamd_dkim_key_format type, GError **err) { unsigned char *map = NULL, *tmp = NULL; gsize maplen; rspamd_dkim_sign_key_t *nkey; time_t mtime = time(NULL); if (type < 0 || type > RSPAMD_DKIM_KEY_UNKNOWN || len == 0 || key == NULL) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "invalid key type to load: %d", type); return NULL; } nkey = g_malloc0(sizeof(*nkey)); nkey->mtime = mtime; msg_debug_dkim_taskless("got public key with length %z and type %d", len, type); /* Load key file if needed */ if (type == RSPAMD_DKIM_KEY_FILE) { struct stat st; if (stat(key, &st) != 0) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "cannot stat key file: '%s' %s", key, strerror(errno)); g_free(nkey); return NULL; } nkey->mtime = st.st_mtime; map = rspamd_file_xmap(key, PROT_READ, &maplen, TRUE); if (map == NULL) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "cannot map key file: '%s' %s", key, strerror(errno)); g_free(nkey); return NULL; } key = map; len = maplen; if (maplen > sizeof(PEM_SIG) && strncmp(map, PEM_SIG, sizeof(PEM_SIG) - 1) == 0) { type = RSPAMD_DKIM_KEY_PEM; } else if (rspamd_cryptobox_base64_is_valid(map, maplen)) { type = RSPAMD_DKIM_KEY_BASE64; } else { type = RSPAMD_DKIM_KEY_RAW; } } if (type == RSPAMD_DKIM_KEY_UNKNOWN) { if (len > sizeof(PEM_SIG) && memcmp(key, PEM_SIG, sizeof(PEM_SIG) - 1) == 0) { type = RSPAMD_DKIM_KEY_PEM; } else { type = RSPAMD_DKIM_KEY_RAW; } } if (type == RSPAMD_DKIM_KEY_BASE64) { type = RSPAMD_DKIM_KEY_RAW; tmp = g_malloc(len); rspamd_cryptobox_base64_decode(key, len, tmp, &len); key = tmp; } if (type == RSPAMD_DKIM_KEY_RAW && (len == 32 || len == crypto_sign_secretkeybytes())) { if (len == 32) { /* Seeded key, need scalarmult */ unsigned char pk[32]; nkey->type = RSPAMD_DKIM_KEY_EDDSA; nkey->specific.key_eddsa = g_malloc(crypto_sign_secretkeybytes()); crypto_sign_ed25519_seed_keypair(pk, nkey->specific.key_eddsa, key); nkey->keylen = crypto_sign_secretkeybytes(); } else { /* Full ed25519 key */ unsigned klen = crypto_sign_secretkeybytes(); nkey->type = RSPAMD_DKIM_KEY_EDDSA; nkey->specific.key_eddsa = g_malloc(klen); memcpy(nkey->specific.key_eddsa, key, klen); nkey->keylen = klen; } } else { nkey->specific.key_ssl.key_bio = BIO_new_mem_buf(key, len); if (type == RSPAMD_DKIM_KEY_RAW) { if (d2i_PrivateKey_bio(nkey->specific.key_ssl.key_bio, &nkey->specific.key_ssl.key_evp) == NULL) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "cannot parse raw private key: %s", ERR_error_string(ERR_get_error(), NULL)); rspamd_dkim_sign_key_free(nkey); nkey = NULL; goto end; } } else { if (!PEM_read_bio_PrivateKey(nkey->specific.key_ssl.key_bio, &nkey->specific.key_ssl.key_evp, NULL, NULL)) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "cannot parse pem private key: %s", ERR_error_string(ERR_get_error(), NULL)); rspamd_dkim_sign_key_free(nkey); nkey = NULL; goto end; } } } REF_INIT_RETAIN(nkey, rspamd_dkim_sign_key_free); end: if (map != NULL) { munmap(map, maplen); } if (tmp != NULL) { rspamd_explicit_memzero(tmp, len); g_free(tmp); } return nkey; } #undef PEM_SIG gboolean rspamd_dkim_sign_key_maybe_invalidate(rspamd_dkim_sign_key_t *key, time_t mtime) { if (mtime > key->mtime) { return TRUE; } return FALSE; } rspamd_dkim_sign_context_t * rspamd_create_dkim_sign_context(struct rspamd_task *task, rspamd_dkim_sign_key_t *priv_key, int headers_canon, int body_canon, const char *headers, enum rspamd_dkim_type type, GError **err) { rspamd_dkim_sign_context_t *nctx; if (headers_canon != DKIM_CANON_SIMPLE && headers_canon != DKIM_CANON_RELAXED) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_HC, "bad headers canonicalisation"); return NULL; } if (body_canon != DKIM_CANON_SIMPLE && body_canon != DKIM_CANON_RELAXED) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_INVALID_BC, "bad body canonicalisation"); return NULL; } if (!priv_key) { g_set_error(err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "bad key to sign"); return NULL; } nctx = rspamd_mempool_alloc0(task->task_pool, sizeof(*nctx)); nctx->common.pool = task->task_pool; nctx->common.header_canon_type = headers_canon; nctx->common.body_canon_type = body_canon; nctx->common.type = type; nctx->common.is_sign = TRUE; if (type != RSPAMD_DKIM_ARC_SEAL) { if (!rspamd_dkim_parse_hdrlist_common(&nctx->common, headers, strlen(headers), TRUE, err)) { return NULL; } } else { rspamd_dkim_add_arc_seal_headers(task->task_pool, &nctx->common); } nctx->key = rspamd_dkim_sign_key_ref(priv_key); rspamd_mempool_add_destructor(task->task_pool, (rspamd_mempool_destruct_t) rspamd_dkim_sign_key_unref, priv_key); #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) nctx->common.body_hash = EVP_MD_CTX_create(); EVP_DigestInit_ex(nctx->common.body_hash, EVP_sha256(), NULL); nctx->common.headers_hash = EVP_MD_CTX_create(); EVP_DigestInit_ex(nctx->common.headers_hash, EVP_sha256(), NULL); rspamd_mempool_add_destructor(task->task_pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_destroy, nctx->common.body_hash); rspamd_mempool_add_destructor(task->task_pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_destroy, nctx->common.headers_hash); #else nctx->common.body_hash = EVP_MD_CTX_new(); EVP_DigestInit_ex(nctx->common.body_hash, EVP_sha256(), NULL); nctx->common.headers_hash = EVP_MD_CTX_new(); EVP_DigestInit_ex(nctx->common.headers_hash, EVP_sha256(), NULL); rspamd_mempool_add_destructor(task->task_pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_free, nctx->common.body_hash); rspamd_mempool_add_destructor(task->task_pool, (rspamd_mempool_destruct_t) EVP_MD_CTX_free, nctx->common.headers_hash); #endif return nctx; } GString * rspamd_dkim_sign(struct rspamd_task *task, const char *selector, const char *domain, time_t expire, gsize len, unsigned int idx, const char *arc_cv, rspamd_dkim_sign_context_t *ctx) { GString *hdr; struct rspamd_dkim_header *dh; const char *body_end, *body_start, *hname; unsigned char raw_digest[EVP_MAX_MD_SIZE]; struct rspamd_dkim_cached_hash *cached_bh = NULL; gsize dlen = 0; unsigned int i, j; char *b64_data; unsigned char *sig_buf; unsigned int sig_len; unsigned int headers_len = 0, cur_len = 0; union rspamd_dkim_header_stat hstat; g_assert(ctx != NULL); /* First of all find place of body */ body_end = task->msg.begin + task->msg.len; body_start = MESSAGE_FIELD(task, raw_headers_content).body_start; if (len > 0) { ctx->common.len = len; } if (!body_start) { return NULL; } /* Start canonization of body part */ if (ctx->common.type != RSPAMD_DKIM_ARC_SEAL) { dlen = EVP_MD_CTX_size(ctx->common.body_hash); cached_bh = rspamd_dkim_check_bh_cached(&ctx->common, task, dlen, TRUE); if (!cached_bh->digest_normal) { /* Start canonization of body part */ if (!rspamd_dkim_canonize_body(task, &ctx->common, body_start, body_end, TRUE)) { return NULL; } } } hdr = g_string_sized_new(255); if (ctx->common.type == RSPAMD_DKIM_NORMAL) { rspamd_printf_gstring(hdr, "v=1; a=%s; c=%s/%s; d=%s; s=%s; ", ctx->key->type == RSPAMD_DKIM_KEY_RSA ? "rsa-sha256" : "ed25519-sha256", ctx->common.header_canon_type == DKIM_CANON_RELAXED ? "relaxed" : "simple", ctx->common.body_canon_type == DKIM_CANON_RELAXED ? "relaxed" : "simple", domain, selector); } else if (ctx->common.type == RSPAMD_DKIM_ARC_SIG) { rspamd_printf_gstring(hdr, "i=%d; a=%s; c=%s/%s; d=%s; s=%s; ", idx, ctx->key->type == RSPAMD_DKIM_KEY_RSA ? "rsa-sha256" : "ed25519-sha256", ctx->common.header_canon_type == DKIM_CANON_RELAXED ? "relaxed" : "simple", ctx->common.body_canon_type == DKIM_CANON_RELAXED ? "relaxed" : "simple", domain, selector); } else { g_assert(arc_cv != NULL); rspamd_printf_gstring(hdr, "i=%d; a=%s; d=%s; s=%s; cv=%s; ", idx, ctx->key->type == RSPAMD_DKIM_KEY_RSA ? "rsa-sha256" : "ed25519-sha256", domain, selector, arc_cv); } if (expire > 0) { rspamd_printf_gstring(hdr, "x=%t; ", expire); } if (ctx->common.type != RSPAMD_DKIM_ARC_SEAL) { if (len > 0) { rspamd_printf_gstring(hdr, "l=%z; ", len); } } rspamd_printf_gstring(hdr, "t=%t; h=", time(NULL)); /* Now canonize headers */ for (i = 0; i < ctx->common.hlist->len; i++) { struct rspamd_mime_header *rh, *cur; dh = g_ptr_array_index(ctx->common.hlist, i); /* We allow oversigning if dh->count > number of headers with this name */ hstat.n = GPOINTER_TO_UINT(g_hash_table_lookup(ctx->common.htable, dh->name)); if (hstat.s.flags & RSPAMD_DKIM_FLAG_OVERSIGN) { /* Do oversigning */ unsigned int count = 0; rh = rspamd_message_get_header_array(task, dh->name, FALSE); if (rh) { DL_FOREACH(rh, cur) { /* Sign all existing headers */ rspamd_dkim_canonize_header(&ctx->common, task, dh->name, count, NULL, NULL); count++; } } /* Now add one more entry to oversign */ if (count > 0 || !(hstat.s.flags & RSPAMD_DKIM_FLAG_OVERSIGN_EXISTING)) { cur_len = (strlen(dh->name) + 1) * (count + 1); headers_len += cur_len; if (headers_len > 70 && i > 0 && i < ctx->common.hlist->len - 1) { rspamd_printf_gstring(hdr, " "); headers_len = cur_len; } for (j = 0; j < count + 1; j++) { rspamd_printf_gstring(hdr, "%s:", dh->name); } } } else { rh = rspamd_message_get_header_array(task, dh->name, FALSE); if (rh) { if (hstat.s.count > 0) { cur_len = (strlen(dh->name) + 1) * (hstat.s.count); headers_len += cur_len; if (headers_len > 70 && i > 0 && i < ctx->common.hlist->len - 1) { rspamd_printf_gstring(hdr, " "); headers_len = cur_len; } for (j = 0; j < hstat.s.count; j++) { rspamd_printf_gstring(hdr, "%s:", dh->name); } } rspamd_dkim_canonize_header(&ctx->common, task, dh->name, dh->count, NULL, NULL); } } g_hash_table_remove(ctx->common.htable, dh->name); } /* Replace the last ':' with ';' */ hdr->str[hdr->len - 1] = ';'; if (ctx->common.type != RSPAMD_DKIM_ARC_SEAL) { if (!cached_bh->digest_normal) { EVP_DigestFinal_ex(ctx->common.body_hash, raw_digest, NULL); cached_bh->digest_normal = rspamd_mempool_alloc(task->task_pool, sizeof(raw_digest)); memcpy(cached_bh->digest_normal, raw_digest, sizeof(raw_digest)); } b64_data = rspamd_encode_base64(cached_bh->digest_normal, dlen, 0, NULL); rspamd_printf_gstring(hdr, " bh=%s; b=", b64_data); g_free(b64_data); } else { rspamd_printf_gstring(hdr, " b="); } switch (ctx->common.type) { case RSPAMD_DKIM_NORMAL: default: hname = RSPAMD_DKIM_SIGNHEADER; break; case RSPAMD_DKIM_ARC_SIG: hname = RSPAMD_DKIM_ARC_SIGNHEADER; break; case RSPAMD_DKIM_ARC_SEAL: hname = RSPAMD_DKIM_ARC_SEALHEADER; break; } if (ctx->common.header_canon_type == DKIM_CANON_RELAXED) { if (!rspamd_dkim_canonize_header_relaxed(&ctx->common, hdr->str, hname, TRUE, 0, ctx->common.type == RSPAMD_DKIM_ARC_SEAL)) { g_string_free(hdr, TRUE); return NULL; } } else { /* Will likely have issues with folding */ rspamd_dkim_hash_update(ctx->common.headers_hash, hdr->str, hdr->len); ctx->common.headers_canonicalised += hdr->len; msg_debug_task("update signature with header: %*s", (int) hdr->len, hdr->str); } dlen = EVP_MD_CTX_size(ctx->common.headers_hash); EVP_DigestFinal_ex(ctx->common.headers_hash, raw_digest, NULL); if (ctx->key->type == RSPAMD_DKIM_KEY_RSA) { sig_len = EVP_PKEY_size(ctx->key->specific.key_ssl.key_evp); sig_buf = g_alloca(sig_len); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(ctx->key->specific.key_ssl.key_evp, NULL); if (EVP_PKEY_sign_init(pctx) <= 0) { g_string_free(hdr, TRUE); msg_err_task("rsa sign error: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) <= 0) { g_string_free(hdr, TRUE); msg_err_task("rsa sign error: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha256()) <= 0) { g_string_free(hdr, TRUE); msg_err_task("rsa sign error: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } size_t sig_len_size_t = sig_len; if (EVP_PKEY_sign(pctx, sig_buf, &sig_len_size_t, raw_digest, dlen) <= 0) { g_string_free(hdr, TRUE); msg_err_task("rsa sign error: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } } else if (ctx->key->type == RSPAMD_DKIM_KEY_EDDSA) { sig_len = crypto_sign_bytes(); sig_buf = g_alloca(sig_len); rspamd_cryptobox_sign(sig_buf, NULL, raw_digest, dlen, ctx->key->specific.key_eddsa); } else { g_string_free(hdr, TRUE); msg_err_task("unsupported key type for signing"); return NULL; } if (task->protocol_flags & RSPAMD_TASK_PROTOCOL_FLAG_MILTER) { b64_data = rspamd_encode_base64_fold(sig_buf, sig_len, 70, NULL, RSPAMD_TASK_NEWLINES_LF); } else { b64_data = rspamd_encode_base64_fold(sig_buf, sig_len, 70, NULL, MESSAGE_FIELD(task, nlines_type)); } rspamd_printf_gstring(hdr, "%s", b64_data); g_free(b64_data); return hdr; } gboolean rspamd_dkim_match_keys(rspamd_dkim_key_t *pk, rspamd_dkim_sign_key_t *sk, GError **err) { if (pk == NULL || sk == NULL) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "missing public or private key"); return FALSE; } if (pk->type != sk->type) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYFAIL, "public and private key types do not match"); return FALSE; } if (pk->type == RSPAMD_DKIM_KEY_EDDSA) { if (memcmp(sk->specific.key_eddsa + 32, pk->specific.key_eddsa, 32) != 0) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYHASHMISMATCH, "pubkey does not match private key"); return FALSE; } } #if OPENSSL_VERSION_MAJOR >= 3 else if (EVP_PKEY_eq(pk->specific.key_ssl.key_evp, sk->specific.key_ssl.key_evp) != 1) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYHASHMISMATCH, "pubkey does not match private key"); return FALSE; } #else else if (EVP_PKEY_cmp(pk->specific.key_ssl.key_evp, sk->specific.key_ssl.key_evp) != 1) { g_set_error(err, dkim_error_quark(), DKIM_SIGERROR_KEYHASHMISMATCH, "pubkey does not match private key"); return FALSE; } #endif return TRUE; }