search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
password expires today
[ghsmtp.git] / OpenDKIM.cpp
blob52134d3c83b40a8c66163a3a5ecf744bdf61823e
1 #include "OpenDKIM.hpp"
2
3 #include "iobuffer.hpp"
4
5 #include <stdbool.h> // needs to be above <dkim.h>
6
7 #include <dkim.h>
8
9 #include <glog/logging.h>
10
11 namespace {
12 // Not nice to use "unsigned char" for character data.
13 u_char* uc(char const* cp)
14 {
15 return reinterpret_cast<u_char*>(const_cast<char*>(cp));
16 }
17
18 char const* c(unsigned char* ucp) { return reinterpret_cast<char const*>(ucp); }
19
20 constexpr unsigned char id_v[]{"DKIM::verify"};
21 constexpr unsigned char id_s[]{"DKIM::sign"};
22 } // namespace
23
24 namespace OpenDKIM {
25
26 lib::lib()
27 : lib_(CHECK_NOTNULL(dkim_init(nullptr, nullptr)))
28 {
29 }
30
31 lib::~lib()
32 {
33 dkim_free(dkim_);
34 dkim_close(lib_);
35 }
36
37 void lib::header(std::string_view header)
38 {
39 if (header.size() && header.back() == '\n')
40 header.remove_suffix(1);
41 if (header.size() && header.back() == '\r')
42 header.remove_suffix(1);
43
44 CHECK_EQ((status_ = dkim_header(dkim_, uc(header.data()), header.length())),
45 DKIM_STAT_OK)
46 << "dkim_header error: " << dkim_getresultstr(status_);
47
48 // LOG(INFO) << "processed: " << std::string(header.data(),
49 // header.length());
50 }
51
52 void lib::eoh()
53 {
54 status_ = dkim_eoh(dkim_);
55 switch (status_) {
56 case DKIM_STAT_OK:
57 case DKIM_STAT_NOSIG:
58 // all good
59 break;
60
61 default:
62 LOG(WARNING) << "dkim_eoh error: " << dkim_getresultstr(status_);
63 break;
64 }
65 }
66
67 void lib::body(std::string_view body)
68 {
69 CHECK_EQ((status_ = dkim_body(dkim_, uc(body.data()), body.length())),
70 DKIM_STAT_OK)
71 << "dkim_body error: " << dkim_getresultstr(status_);
72 }
73
74 void lib::chunk(std::string_view chunk)
75 {
76 CHECK_EQ((status_ = dkim_chunk(dkim_, uc(chunk.data()), chunk.length())),
77 DKIM_STAT_OK)
78 << "dkim_chunk error: " << dkim_getresultstr(status_);
79 }
80
81 void lib::eom()
82 {
83 status_ = dkim_eom(dkim_, nullptr);
84
85 switch (status_) {
86 case DKIM_STAT_OK:
87 case DKIM_STAT_NOSIG:
88 // all good
89 break;
90
91 default:
92 LOG(WARNING) << "dkim_eom error: " << dkim_getresultstr(status_);
93 break;
94 }
95 }
96
97 //.............................................................................
98
99 sign::sign(char const* secretkey,
100 char const* selector,
101 char const* domain,
102 body_type typ)
103 {
104 // clang-format off
105 dkim_ = dkim_sign(lib_,
106 id_s,
107 nullptr,
108 uc(secretkey),
109 uc(selector),
110 uc(domain),
111 DKIM_CANON_RELAXED,
112 (typ == body_type::binary) ? DKIM_CANON_SIMPLE
113 : DKIM_CANON_RELAXED,
114 DKIM_SIGN_RSASHA256,
115 -1,
116 &status_);
117 // clang-format on
118 CHECK_NOTNULL(dkim_);
119 CHECK_EQ(status_, DKIM_STAT_OK);
120
121 char const* hdrlist[] = {"cc",
122 "content-language",
123 "content-transfer-encoding",
124 "content-type",
125 "date",
126 "feedback-id",
127 "from",
128 "in-reply-to",
129 "list-archive",
130 "list-help",
131 "list-id",
132 "list-owner",
133 "list-post",
134 "list-subscribe",
135 "list-unsubscribe",
136 "message-id",
137 "mime-version",
138 "precedence",
139 "references",
140 "reply-to",
141 "resent-cc",
142 "resent-date",
143 "resent-from",
144 "resent-to",
145 "subject",
146 "to",
147 nullptr};
148
149 dkim_signhdrs(dkim_, hdrlist);
150 }
151
152 std::string sign::getsighdr()
153 {
154 auto const initial{strlen(DKIM_SIGNHEADER) + 2};
155 unsigned char* buf = nullptr;
156 size_t len = 0;
157 status_ = dkim_getsighdr_d(dkim_, initial, &buf, &len);
158 return std::string(c(buf), len);
159 }
160
161 //.............................................................................
162
163 void verify::foreach_sig(std::function<void(char const* domain,
164 bool passed,
165 char const* identity,
166 char const* selector,
167 char const* b)> func)
168 {
169 int nsigs = 0;
170 DKIM_SIGINFO** sigs = nullptr;
171 status_ = dkim_getsiglist(dkim_, &sigs, &nsigs);
172 if (status_ == DKIM_STAT_INVALID) {
173 LOG(WARNING) << "skipping DKIM sigs";
174 return;
175 }
176 CHECK_EQ(status_, DKIM_STAT_OK);
177
178 iobuffer<u_char> identity(4 * 1024);
179
180 for (auto i{0}; i < nsigs; ++i) {
181 auto const dom = CHECK_NOTNULL(dkim_sig_getdomain(sigs[i]));
182
183 auto const flg = dkim_sig_getflags(sigs[i]);
184 if ((flg & DKIM_SIGFLAG_IGNORE) != 0) {
185 LOG(INFO) << "ignoring signature for domain " << dom;
186 continue;
187 }
188 if ((flg & DKIM_SIGFLAG_TESTKEY) != 0) {
189 LOG(INFO) << "testkey for domain " << dom;
190 }
191
192 if ((flg & DKIM_SIGFLAG_PROCESSED) == 0) {
193 LOG(INFO) << "ignoring unprocessed sig for domain " << dom;
194 continue;
195 }
196
197 auto const bh = dkim_sig_getbh(sigs[i]);
198 if (bh != DKIM_SIGBH_MATCH) {
199 LOG(INFO) << "body hash mismatch for domain " << dom;
200 }
201
202 auto bits{0u};
203 status_ = dkim_sig_getkeysize(sigs[i], &bits);
204 if (status_ == DKIM_STAT_OK) {
205 if (bits < 1024) {
206 LOG(WARNING) << "keysize " << bits << " too small for domain " << dom;
207 }
208 }
209 else {
210 LOG(WARNING) << "getkeysize failed for domain " << dom << " with "
211 << dkim_getresultstr(status_);
212 }
213
214 auto const passed =
215 ((flg & DKIM_SIGFLAG_PASSED) != 0) && (bh == DKIM_SIGBH_MATCH);
216
217 CHECK_EQ(
218 dkim_sig_getidentity(dkim_, sigs[i], identity.data(), identity.size()),
219 DKIM_STAT_OK);
220
221 auto const selector = dkim_sig_getselector(sigs[i]);
222
223 auto const b = dkim_sig_gettagvalue(sigs[i], false, uc("b"));
224
225 func(c(dom), passed, c(identity.data()), c(selector), c(b));
226 }
227 }
228
229 verify::verify()
230 {
231 dkim_ = CHECK_NOTNULL(dkim_verify(lib_, id_v, nullptr, &status_));
232 }
233
234 bool verify::check()
235 {
236 int nsigs = 0;
237 DKIM_SIGINFO** sigs = nullptr;
238 status_ = dkim_getsiglist(dkim_, &sigs, &nsigs);
239 CHECK_EQ(status_, DKIM_STAT_OK);
240
241 LOG(INFO) << "nsigs == " << nsigs;
242
243 for (auto i{0}; i < nsigs; ++i) {
244 LOG(INFO) << i << " domain == " << dkim_sig_getdomain(sigs[i]);
245 auto flg = dkim_sig_getflags(sigs[i]);
246 if ((flg & DKIM_SIGFLAG_IGNORE) != 0) {
247 LOG(INFO) << "DKIM_SIGFLAG_IGNORE";
248 }
249 if ((flg & DKIM_SIGFLAG_PROCESSED) != 0) {
250 LOG(INFO) << "DKIM_SIGFLAG_PROCESSED";
251 }
252 if ((flg & DKIM_SIGFLAG_PASSED) != 0) {
253 LOG(INFO) << "DKIM_SIGFLAG_PASSED";
254 }
255 if ((flg & DKIM_SIGFLAG_TESTKEY) != 0) {
256 LOG(INFO) << "DKIM_SIGFLAG_TESTKEY";
257 }
258 if ((flg & DKIM_SIGFLAG_NOSUBDOMAIN) != 0) {
259 LOG(INFO) << "DKIM_SIGFLAG_NOSUBDOMAIN";
260 }
261 }
262
263 if (nsigs) {
264 auto sig{dkim_getsignature(dkim_)};
265 if (sig) {
266
267 LOG(INFO) << "dkim_getsignature domain == " << dkim_sig_getdomain(sig);
268
269 ssize_t msglen;
270 ssize_t canonlen;
271 ssize_t signlen;
272
273 status_ = dkim_sig_getcanonlen(dkim_, sig, &msglen, &canonlen, &signlen);
274
275 CHECK_EQ(status_, DKIM_STAT_OK);
276
277 LOG(INFO) << "msglen == " << msglen;
278 LOG(INFO) << "canonlen == " << canonlen;
279 LOG(INFO) << "signlen == " << signlen;
280
281 auto nhdrs{0u};
282 status_ = dkim_sig_getsignedhdrs(dkim_, sig, nullptr, 0, &nhdrs);
283 if (status_ != DKIM_STAT_NORESOURCE) {
284 return false;
285 }
286
287 LOG(INFO) << "nhdrs == " << nhdrs;
288
289 auto constexpr hdr_sz{DKIM_MAXHEADER + 1};
290 auto signedhdrs{std::vector<unsigned char>(nhdrs * hdr_sz, '\0')};
291
292 status_ =
293 dkim_sig_getsignedhdrs(dkim_, sig, &signedhdrs[0], hdr_sz, &nhdrs);
294 CHECK_EQ(status_, DKIM_STAT_OK);
295
296 for (auto i{0u}; i < nhdrs; ++i)
297 LOG(INFO) << &signedhdrs[i * hdr_sz];
298
299 return true;
300 }
301 }
302
303 return false;
304 }
305
306 bool verify::sig_syntax(std::string_view sig)
307 {
308 return dkim_sig_syntax(dkim_, uc(sig.data()), sig.length()) == DKIM_STAT_OK;
309 }
310
311 } // namespace OpenDKIM
Gene's SMTP server