sqmail/doxygen/dkimsign_8cpp_source.html

/*****************************************************************************

*  Copyright 2005 Alt-N Technologies, Ltd.

*

*  Licensed under the Apache License, Version 2.0 (the "License");

*  you may not use this file except in compliance with the License.

*  You may obtain a copy of the License at

*

*      http://www.apache.org/licenses/LICENSE-2.0

*

*  This code incorporates intellectual property owned by Yahoo! and licensed

*  pursuant to the Yahoo! DomainKeys Patent License Agreement.

*

*  Unless required by applicable law or agreed to in writing, software

*  distributed under the License is distributed on an "AS IS" BASIS,

*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

*  See the License for the specific language governing permissions and

*  limitations under the License.

*

*  Changes done by ¢feh@fehcom.de obeying the above license

*

*****************************************************************************/


#define _strnicmp strncasecmp

#define _stricmp strcasecmp

#define LOWORD(l) ((unsigned)(l) & 0xffff)

#define HIWORD(l) ((unsigned)(l) >> 16)


#include <string.h>

#include <map>


#include "dkim.h"

#include "dkimsign.h"


/*****************************************************************************

*

* Generating Ed25519 signed message:

*

* 1. RSA SHA1/SHA256 signatures are generated in streaming mode together with

*    their hashes. Two different 'contexts' (ctx) are used here:

*    m_Hdr_shaXctx      => Used for signing (EVP_Sign...) -- covering the header only

*    m_[B,E]dy_shaXctx  => Used for hashing (EVP_Digest..) -- covering the body only

*

* 2. Private keys

*    For hybrid signing we need two distinct keys:

*    - RSAKey

*    - ECCKey

*    These private keys needs to be passed concurrently to the signature functions.

*    Given those keys, the signature operation itself is executed in one step.

*

* 3. Public keys

*    The 'public keys' need to be deployed in the DNS:

*    - The RSA public key is DER-header enriched base64-encoded; thus is 9 byte larger

*      than the 'naked' public key, which size depends on the given parameters.

*    - The Ed25519 public key is also base64-encoded with a constant length of 60 byte.

*

* 4. DKIM message preparation scheme

*    According to RFC 6376 Sec. 3.7, we have a conducted hash for

*    - the previously available headers in the message;

*      selected and given in order by h=...,

*    - any existing DKIM signature fields b=...,

*    - except for previous added 'X-Authentication ...' header fields,

*    - and all (new) synthezised DKIM header tokens; except of course for the

*      signature itself - treated as 'null string': b="".

*    All this is subject of canonicalization (adding/removing CRLF, whitespaces ...).

+    As a result, the input for further calculations depends on this order given.

*

*    Results following the 'preparation scheme':

*    -  The message body hash is included in the DKIM header   => bh=[m_[B,E]dy_shaXctx].

*    -  The message signature (including the result of bh=...) =>  b=[m_Hdr_shaXctx]

*

*    We consider SHA256 as default hash function and SHA1 as exception (on demand).

*

* 5. Generating (ECC) signatures

*    According to RFC 8032 Sect 4., we have two possible Ed25519 signature schemes:

*

*    a) PureEd25519, as a one shot signature calculation swallowing the

*       complete message and employing a shortened SHA-512 hash input.

*    b) HashEd25519 working again in 'streaming mode' and permitting a choice

*        for the hash function - which is in RFC 8463 - defined to be SHA-256.

*

*    RFC 8463 in Sect 3 is a bit ambiguous about the signing function:

*    Ed25519-256 vs. PureEd25519.

*    In fact (after consulting John Levine), it is PureEd25519.

*

*    In order to allow parallel RSA/Ed25519 processing, we need to generate:

*    m_Hdr_sha256ctx  => Used for RSA signatures

*    m_Bdy_sha256ctx  => The SHA256 hash of selected header parts and body (RSA)

*    m_Edy_sha256ctx  => The SHA256 hash of selected header parts and body (Ed25519)

*    m_Hdr_ed25519ctx => The signature of the messsage header using PureEd25519

*                        following the 'preparation' scheme

*

*    Now, two cryptographic informations are provided in the header:

*    bh=[m_Edy_sha256ctx]  => The SHA256 digest of the message (BodyHash),

*     b=[m_Hdr_ed25519ctx] => The PureED25519 signature.

*                             including the value of bh=... (EmailSignature)

*                             having a length of 512 bits => 64 bytes.

*

* 6. Hybrid signatures (RSA and Ed25519)

*    They involve

*    m_Hdr_sha256ctx  => Used for RSA signatures

*    m_Hdr_ed25519ctx => PureED25519 signature

*    m_Bdy_sha256ctx  => SHA256 digest of the message (BodyHash) for RSA

*    m_Edy_sha256ctx  => SHA256 digest of the message (BodyHash) for Ed25519

*

*    The EVP_DigestFinal routine has to be replaced by EVP_DigestFinal_ex.

*    However; after the first call, its content seems to be garbeled.

*    A common MD for both RSA and Ed2551 seems to be infeasible.

*

* ------

*

* The particular function and variable names chosen here do not obviously match

* what they are intended to do. However, in order to keep traceablility of the

* changes, I left those untouched.

*

*****************************************************************************/


CDKIMSign::CDKIMSign()

{

  m_EmptyLineCount = 0;

  m_pfnHdrCallback = NULL;


  m_Hdr_sha1ctx = EVP_MD_CTX_create();

  EVP_SignInit_ex(m_Hdr_sha1ctx,EVP_sha1(),NULL);


  m_Hdr_sha256ctx = EVP_MD_CTX_create();

  EVP_SignInit_ex(m_Hdr_sha256ctx,EVP_sha256(),NULL);


  m_Bdy_sha1ctx = EVP_MD_CTX_create();

  EVP_DigestInit_ex(m_Bdy_sha1ctx,EVP_sha1(),NULL);


  m_Bdy_sha256ctx = EVP_MD_CTX_create();

  EVP_DigestInit_ex(m_Bdy_sha256ctx,EVP_sha256(),NULL);


  m_Hdr_ed25519ctx = EVP_MD_CTX_create();


  m_Edy_sha256ctx = EVP_MD_CTX_create();

  EVP_DigestInit_ex(m_Edy_sha256ctx,EVP_sha256(),NULL);

}


CDKIMSign::~CDKIMSign()

{

   EVP_MD_CTX_free(m_Hdr_sha1ctx);

   EVP_MD_CTX_free(m_Hdr_sha256ctx);

   EVP_MD_CTX_free(m_Hdr_ed25519ctx);

   EVP_MD_CTX_free(m_Bdy_sha1ctx);

   EVP_MD_CTX_free(m_Bdy_sha256ctx);

   EVP_MD_CTX_free(m_Edy_sha256ctx);

}


//

// Init - save the options

//

int CDKIMSign::Init(DKIMSignOptions* pOptions)

{

  int nRet = CDKIMBase::Init();


  m_Canon = pOptions->nCanon;


  // as of draft 01, these are the only allowed signing types:

  if ((m_Canon != DKIM_SIGN_SIMPLE_RELAXED) &&

      (m_Canon != DKIM_SIGN_RELAXED) &&

      (m_Canon != DKIM_SIGN_RELAXED_SIMPLE)) {

    m_Canon = DKIM_SIGN_SIMPLE;

  }


  sSelector.assign(pOptions->szSelector);

  eSelector.assign(pOptions->szSelectorE);


  m_pfnHdrCallback = pOptions->pfnHeaderCallback;


  sDomain.assign(pOptions->szDomain);


  m_IncludeBodyLengthTag = (pOptions->nIncludeBodyLengthTag != 0);


  m_nBodyLength = 0;


  m_ExpireTime = pOptions->expireTime;


  sIdentity.assign(pOptions->szIdentity);


  m_nIncludeTimeStamp = pOptions->nIncludeTimeStamp;

  m_nIncludeQueryMethod = pOptions->nIncludeQueryMethod;

  m_nIncludeCopiedHeaders = pOptions->nIncludeCopiedHeaders;


  // NOTE: the following line is not backwards compatible with MD 8.0.3

  // because the szRequiredHeaders member was added after the release

  //sRequiredHeaders.assign(pOptions->szRequiredHeaders);


  //make sure there is a colon after the last header in the list

  if ((sRequiredHeaders.size() > 0) &&

       sRequiredHeaders.at(sRequiredHeaders.size() - 1) != ':') {

    sRequiredHeaders.append(":");

  }


  m_nHash = pOptions->nHash;

  m_bReturnedSigAssembled = false;

  m_sCopiedHeaders.erase();


  // Initializes ED25519 header fields SigHdrs

  SigHdrs.assign("");

  m_SigHdrs = 0;


  return nRet;

}


//

// Hash - update the hash

//

void CDKIMSign::Hash(const char *szBuffer,int nBufLength,bool bHdr)

{


  if (bHdr) {                                    /* Generate signature: b=... */

    if ((m_nHash == DKIM_HASH_SHA1) ||

        (m_nHash == DKIM_HASH_SHA1_AND_SHA256))

      EVP_SignUpdate(m_Hdr_sha1ctx,szBuffer,nBufLength);

    if ((m_nHash == DKIM_HASH_SHA256) ||

        (m_nHash == DKIM_HASH_SHA1_AND_SHA256) ||

        (m_nHash == DKIM_HASH_RSA256_AND_ED25519))

      EVP_SignUpdate(m_Hdr_sha256ctx,szBuffer,nBufLength);

    if ((m_nHash == DKIM_HASH_ED25519) ||

        (m_nHash == DKIM_HASH_RSA256_AND_ED25519)) {

      SigHdrs.append(szBuffer,nBufLength);

      m_SigHdrs += nBufLength;

    }

  } else {                                       /* lets go for body hash values: bh=... (either SHA1 or SHA256) */

    if ((m_nHash == DKIM_HASH_SHA1) ||

        (m_nHash == DKIM_HASH_SHA1_AND_SHA256))

      EVP_DigestUpdate(m_Bdy_sha1ctx,szBuffer,nBufLength);

    if (m_nHash != DKIM_HASH_SHA1)

      EVP_DigestUpdate(m_Bdy_sha256ctx,szBuffer,nBufLength);

    if ((m_nHash == DKIM_HASH_ED25519) ||

        (m_nHash == DKIM_HASH_RSA256_AND_ED25519))

      EVP_DigestUpdate(m_Edy_sha256ctx,szBuffer,nBufLength);

  }

}


//

// SignThisTag - return boolean whether or not to sign this tag

//

bool CDKIMSign::SignThisTag(const string& sTag)

{

  bool bRet = true;


  if (_strnicmp(sTag.c_str(),"X-",2) == 0 ||

      _stricmp(sTag.c_str(),"Authentication-Results:") == 0 ||

      _stricmp(sTag.c_str(),"Return-Path:") == 0) {

    bRet = false;

  }


  return bRet;

}


bool ConvertHeaderToQuotedPrintable(const char* source, char* dest)

{

  bool bConvert = false;


  // do quoted printable

  static unsigned char hexchars[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};


  unsigned char *d = (unsigned char*)dest;

  for (const unsigned char *s = (const unsigned char *)source; *s != '\0'; s++)

  {

    if (*s >= 33 && *s <= 126 && *s != '=' && *s != ':' && *s != ';' && *s != '|') {

      *d++ = *s;

    } else {

      bConvert = true;

      *d++ = '=';

      *d++ = hexchars[*s >> 4];

      *d++ = hexchars[*s & 15];

    }

  }

  *d = '\0';


  return bConvert;

}


//

// GetHeaderParams - Extract any needed header parameters

//

void CDKIMSign::GetHeaderParams(const string &sHdr)

{

  if (_strnicmp(sHdr.c_str(),"X",1) == 0) return;

  if (_strnicmp(sHdr.c_str(),"From:",5) == 0) { sFrom.assign(sHdr.c_str() + 5); }

  if (_strnicmp(sHdr.c_str(),"Sender:",7) == 0) { sSender.assign(sHdr.c_str() + 7); }


  if (m_nIncludeCopiedHeaders) {

    string::size_type pos = sHdr.find(':');


    if (pos != string::npos) {

      string sTag, sValue;

      char *workBuffer = new char[sHdr.size() * 3 + 1];


      sTag.assign(sHdr.substr(0,pos));

      sValue.assign(sHdr.substr(pos + 1,string::npos));


      ConvertHeaderToQuotedPrintable(sTag.c_str(),workBuffer);

      if (!m_sCopiedHeaders.empty()) { m_sCopiedHeaders.append("|"); }

      m_sCopiedHeaders.append(workBuffer); m_sCopiedHeaders.append(":");

      ConvertHeaderToQuotedPrintable(sValue.c_str(),workBuffer);

      m_sCopiedHeaders.append(workBuffer);


      delete[] workBuffer;

    }

  }

}


//

// ProcessHeaders - sign headers and save needed parameters (this is a lie)

//

int CDKIMSign::ProcessHeaders(void)

{

  map<string,list<string>::reverse_iterator> IterMap;

  map<string,list<string>::reverse_iterator>::iterator IterMapIter;

  list<string>::reverse_iterator riter;

  list<string>::iterator iter;

  string sTag;

  bool bFromHeaderFound = false;


  // walk the header list

  for (iter = HeaderList.begin(); iter != HeaderList.end(); iter++) {

    sTag.assign(*iter);


    // look for a colon

    string::size_type pos = sTag.find(':');


    if (pos != string::npos) {

      int nSignThisTag = 1;


      // hack off anything past the colon

      sTag.erase(pos + 1,string::npos);


      // is this the From: header?

      if (_stricmp(sTag.c_str(),"From:") == 0) {

        bFromHeaderFound = true;

        nSignThisTag = 1;

        IsRequiredHeader(sTag);  // remove from required header list

      }

      // is this in the list of headers that must be signed?

      else if (IsRequiredHeader(sTag)) {

        nSignThisTag = 1;

      }

      else {

        if(m_pfnHdrCallback) {

          nSignThisTag = m_pfnHdrCallback(iter->c_str());

        } else {

          nSignThisTag = SignThisTag(sTag) ? 1 : 0;

        }

      }


      // save header parameters

      GetHeaderParams(*iter);


      if (nSignThisTag > 0) {

        // add this tag to h=

        hParam.append(sTag);


        IterMapIter = IterMap.find(sTag);


        riter = (IterMapIter == IterMap.end()) ? HeaderList.rbegin() : IterMapIter->second;


        // walk the list in reverse looking for the last instance of this header

        while (riter != HeaderList.rend()) {

          if (_strnicmp(riter->c_str(),sTag.c_str(),sTag.size()) == 0) {

            ProcessHeader(*riter);


            // save the reverse iterator position for this tag

            riter++;

            IterMap[sTag] = riter;

            break;

          }

          riter++;

        }

      }

    }

  }


  if(!bFromHeaderFound) {

    string sFrom("From:");

    hParam.append(sFrom);

    IsRequiredHeader(sFrom); // remove from required header list

//    Hash("\r\n",2);

  }


  hParam.append(sRequiredHeaders);


//  string::size_type end = sRequiredHeaders.find(':');

//  while (end != string::npos)

//  {

//    Hash("\r\n",2);

//    end = sRequiredHeaders.find(':', end+1);

//  }


  // remove the last colon from h=

  if (hParam.at(hParam.size() - 1) == ':')

    hParam.erase(hParam.size() - 1,string::npos);


  return DKIM_SUCCESS;

}


void CDKIMSign::ProcessHeader(const string &sHdr)

{

  switch (HIWORD(m_Canon)) {

    case DKIM_CANON_SIMPLE:

      Hash(sHdr.c_str(),sHdr.size(),true);

      Hash("\r\n",2,true);

      break;


  case DKIM_CANON_NOWSP: {

      string sTemp = sHdr;

      RemoveSWSP(sTemp);


      // convert characters before ':' to lower case

      for (char *s = (char*)sTemp.c_str(); *s != '\0' && *s != ':'; s++) {

        if (*s >= 'A' && *s <= 'Z')

          *s += 'a' - 'A';

      }


      Hash(sTemp.c_str(),sTemp.size(),true);

      Hash("\r\n",2,true);

    }

    break;


  case DKIM_CANON_RELAXED: {

      string sTemp = RelaxHeader(sHdr);

      Hash(sTemp.c_str(),sTemp.length(),true);

      Hash("\r\n",2,true);

    }

    break;

  }

}


int CDKIMSign::ProcessBody(char *szBuffer,int nBufLength,bool bEOF)

{

  switch(LOWORD(m_Canon)) {

    case DKIM_CANON_SIMPLE:

      if (nBufLength > 0) {

        while (m_EmptyLineCount > 0) {

          Hash("\r\n",2,false);

          m_nBodyLength += 2;

          m_EmptyLineCount--;

        }

        Hash(szBuffer,nBufLength,false);

        Hash("\r\n",2,false);

        m_nBodyLength += nBufLength + 2;

      } else {

        m_EmptyLineCount++;

        if (bEOF) {

          Hash("\r\n",2,false);

          m_nBodyLength += 2;

        }

      }

      break;

    case DKIM_CANON_NOWSP:

      RemoveSWSP(szBuffer,nBufLength);

      if (nBufLength > 0) {

        Hash(szBuffer,nBufLength,false);

        m_nBodyLength += nBufLength;

      }

      break;

    case DKIM_CANON_RELAXED:

      CompressSWSP(szBuffer,nBufLength);

      if (nBufLength > 0) {

        while (m_EmptyLineCount > 0) {

          Hash("\r\n",2,false);

          m_nBodyLength += 2;

          m_EmptyLineCount--;

        }

        Hash(szBuffer,nBufLength,false);

        m_nBodyLength += nBufLength;

        if (!bEOF) {

          Hash("\r\n",2,false);

          m_nBodyLength += 2;

        }

      } else

        m_EmptyLineCount++;

      break;

  }


  return DKIM_SUCCESS;

}


bool CDKIMSign::ParseFromAddress(void)

{

  string::size_type pos, poss, pose; // npos is iterator

  string sAddress;


  if (!sFrom.empty()) {

    sAddress.assign(sFrom);

  } else if (!sSender.empty()) {

    sAddress.assign(sSender);

  } else {

    return false;

  }


  // simple for now, beef it up later


  // remove '<' and anything before it

  poss = sAddress.find('<');

  if (poss != string::npos)

    sAddress.erase(0,poss);


  // remove '>' and anything after it

  pose = sAddress.find('>');

  if (pose != string::npos)

    sAddress.erase(pose,string::npos);


  if (pose == poss + 1) return false;


  // look for '@' symbol

  pos = sAddress.find('@');

  if (pos == string::npos)

    return false;


  if (sDomain.empty()) {

    sDomain.assign (sAddress.c_str() + pos + 1);

    RemoveSWSP(sDomain);

  }


  return true;

}


//

// InitSig - initialize signature folding algorithm

//

void CDKIMSign::InitSig(void)

{

  m_sSig.reserve(1024);

  m_sSig.assign("DKIM-Signature:");

  m_nSigPos = m_sSig.size();

}


//

// AddTagToSig - add tag and value to signature folding if necessary

//               if bFold, fold at cbrk char

//

void CDKIMSign::AddTagToSig(const char* const Tag,const string &sValue,char cbrk,bool bFold)

{

  int nTagLen = strlen(Tag);


  AddInterTagSpace((!bFold) ? sValue.size() + nTagLen + 2 : nTagLen + 2);


  m_sSig.append(Tag);

  m_sSig.append("=");

  m_nSigPos += 1 + nTagLen;


  if (!bFold) {

    m_sSig.append(sValue);

    m_nSigPos += sValue.size();

  } else {

    AddFoldedValueToSig(sValue,cbrk);

  }

  m_sSig.append(";");

  m_nSigPos++;

}


//

// AddTagToSig - add tag and numeric value to signature folding if necessary

//

void CDKIMSign::AddTagToSig(const char* const Tag,unsigned long nValue)

{

  char szValue[64];

  sprintf(szValue,"%lu",nValue);

  AddTagToSig(Tag,szValue,0,false);

}


//

// AddInterTagSpace - add space or fold here

//

void CDKIMSign::AddInterTagSpace(int nSizeOfNextTag)

{

  if (m_nSigPos + nSizeOfNextTag + 1 > OptimalHeaderLineLength) {

//    m_sSig.append("\r\n\t");

    m_sSig.append("\r\n  ");  /* s/qmail style */

    m_nSigPos = 1;

  } else {

    m_sSig.append(" ");

    m_nSigPos++;

  }

}


//

// AddTagToSig - add value to signature folding if necessary

//               if cbrk == 0 fold anywhere, otherwise fold only at cbrk

//

void CDKIMSign::AddFoldedValueToSig(const string &sValue,char cbrk)

{

  string::size_type pos = 0;


  if (cbrk == 0) {

    // fold anywhere

    while (pos < sValue.size()) {

      string::size_type len = OptimalHeaderLineLength - m_nSigPos;

      if (len > sValue.size() - pos)

        len = sValue.size() - pos;

      m_sSig.append(sValue.substr(pos,len));

      m_nSigPos += len;

      pos += len;


      if (pos < sValue.size()) {

//        m_sSig.append("\r\n\t");

        m_sSig.append("\r\n  ");   /* s/qmail style */

        m_nSigPos = 1;

      }

    }

  } else {

    // fold only at cbrk

    while (pos < sValue.size()) {

      string::size_type len = OptimalHeaderLineLength - m_nSigPos;

      string::size_type brkpos;


      if (sValue.size() - pos < len) {

        brkpos = sValue.size();

      } else {

        brkpos = sValue.rfind(cbrk,pos + len);

      }


      if (brkpos == string::npos || brkpos < pos) {

        brkpos = sValue.find(cbrk,pos);

        if (brkpos == string::npos) {

          brkpos = sValue.size();

        }

      }


      len = brkpos - pos + 1;


      m_sSig.append(sValue.substr(pos,len));


      m_nSigPos += len;

      pos += len;


      if (pos < sValue.size()) {

//        m_sSig.append("\r\n\t");

        m_sSig.append("\r\n  ");   /* s/qmail style */

        m_nSigPos = 1;

      }

    }

  }

}


//

// GetSig - compute hash and return signature header in szSignature

//

int CDKIMSign::GetSig2(char* szRSAKey,char* szECCKey,char** pszSignature)

{

  if (szRSAKey == NULL && szECCKey == NULL) {

    return DKIM_BAD_PRIVATE_KEY;

  }


  if (pszSignature == NULL) {

    return DKIM_BUFFER_TOO_SMALL;

  }


  int nRet = AssembleReturnedSig(szRSAKey,szECCKey);


  if (nRet != DKIM_SUCCESS)

    return nRet;


  *pszSignature = (char*)m_sReturnedSig.c_str();


  return DKIM_SUCCESS;

}


//

// IsRequiredHeader - Check if header in required list. If so, delete

//                    header from list.

//

bool CDKIMSign::IsRequiredHeader(const string& sTag)

{

  string::size_type start = 0;

  string::size_type end = sRequiredHeaders.find(':');


  while (end != string::npos) {

    // check for a zero-length header

    if(start == end) {

      sRequiredHeaders.erase(start,1);

    } else {

      if (_stricmp(sTag.c_str(),sRequiredHeaders.substr(start,end - start + 1).c_str()) == 0) {

        sRequiredHeaders.erase(start,end - start + 1);

        return true;

      } else {

        start = end + 1;

      }

    }


    end = sRequiredHeaders.find(':',start);

  }


  return false;

}

//

// ConstructSignature

//

//  Here, we don't construct the 'signature' but rather the DKIM header

//  multiply and indidually crafted for each distinct nSigAlg method

//

//  nSigAlg: DKIM_HASH_SHA1, DKIM_HASH_SHA256, DKIM_HASH_ED25519

//

int CDKIMSign::ConstructSignature(char* szPrivKey,int nSigAlg)

{

  string sSignedSig;

  unsigned char* sig;

  EVP_PKEY *pkey = 0;

  BIO *bio, *b64;

  unsigned int siglen;

  int size;

  int len;

  char* buf;

  int nSignRet;


  /* construct the DKIM-Signature: header and add to hash */

  InitSig();


  AddTagToSig("v","1",0,false);


  switch (nSigAlg) {

    case DKIM_HASH_SHA1:

      AddTagToSig("a","rsa-sha1",0,false); break;

    case DKIM_HASH_SHA256:

      AddTagToSig("a","rsa-sha256",0,false); break;

    case DKIM_HASH_ED25519:

      AddTagToSig("a","ed25519-sha256",0,false); break;

  }


  switch (m_Canon) {

    case DKIM_SIGN_SIMPLE:

      AddTagToSig("c","simple/simple",0,false); break;

    case DKIM_SIGN_SIMPLE_RELAXED:

      AddTagToSig("c","simple/relaxed",0,false); break;

    case DKIM_SIGN_RELAXED:

      AddTagToSig("c","relaxed/relaxed",0,false); break;

    case DKIM_SIGN_RELAXED_SIMPLE:

      AddTagToSig("c","relaxed/simple",0,false); break;

  }


  AddTagToSig("d",sDomain,0,false);

  if (nSigAlg == DKIM_HASH_ED25519)

    AddTagToSig("s",eSelector,0,false);

  else

    AddTagToSig("s",sSelector,0,false);

  if (m_IncludeBodyLengthTag) { AddTagToSig("l",m_nBodyLength); }

  if (m_nIncludeTimeStamp != 0) { time_t t; time(&t); AddTagToSig("t",t); }

  if (m_ExpireTime != 0) { AddTagToSig("x",m_ExpireTime); }

  if (!sIdentity.empty()) { AddTagToSig("i",sIdentity,0,false); }

  if (m_nIncludeQueryMethod) { AddTagToSig("q","dns/txt",0,false); }


  AddTagToSig("h",hParam,':',true); // copied headers follow the ':'

  if (m_nIncludeCopiedHeaders) { AddTagToSig("z",m_sCopiedHeaders,0,true); }


  /* Set up context for (body) hash */


  unsigned char Hash[4096];

  unsigned int nHashLen = 0;


  switch (nSigAlg) {

    case DKIM_HASH_SHA1:

      EVP_DigestFinal_ex(m_Bdy_sha1ctx,Hash,&nHashLen); break;

    case DKIM_HASH_SHA256:

      EVP_DigestFinal_ex(m_Bdy_sha256ctx,Hash,&nHashLen); break;

    case DKIM_HASH_ED25519:

      EVP_DigestFinal_ex(m_Edy_sha256ctx,Hash,&nHashLen); break;

  }


  bio = BIO_new(BIO_s_mem());

  if (!bio) return DKIM_OUT_OF_MEMORY;


  b64 = BIO_new(BIO_f_base64());

  if (!b64) {

    BIO_free(bio);

    return DKIM_OUT_OF_MEMORY;

  }

  BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);

  BIO_push(b64,bio);

  if (BIO_write(b64,Hash,nHashLen) < (int)nHashLen) {

    BIO_free_all(b64);

    return DKIM_OUT_OF_MEMORY;

  }

  BIO_flush(b64);


  len = nHashLen * 2;

  buf = new char[len];


  if (buf == NULL) {

    BIO_free_all(b64);

    return DKIM_OUT_OF_MEMORY;

  }


  size = BIO_read(bio,buf,len);

  BIO_free_all(b64);


  // this should never happen

  if (size >= len) {

     delete[] buf;

     return DKIM_OUT_OF_MEMORY;

  }


  buf[size] = '\0';

  AddTagToSig("bh",buf,0,true);

  delete[] buf;


  AddInterTagSpace(3);


  m_sSig.append("b=");

  m_nSigPos += 2;


  // Force a full copy - no reference copies please

  sSignedSig.assign(m_sSig.c_str());


  // note that since we're not calling hash here, need to dump this

  // to the debug file if you want the full canonical form


  string sTemp;


  if (HIWORD(m_Canon) == DKIM_CANON_RELAXED) {

    sTemp = RelaxHeader(sSignedSig);

  } else {

    sTemp = sSignedSig.c_str();

  }


  /* Update streaming signatures */


  switch (nSigAlg) {

    case DKIM_HASH_SHA1:

      EVP_SignUpdate(m_Hdr_sha1ctx,sTemp.c_str(),sTemp.size()); break;

    case DKIM_HASH_SHA256:

      EVP_SignUpdate(m_Hdr_sha256ctx,sTemp.c_str(),sTemp.size()); break;

    case DKIM_HASH_ED25519:

      SigHdrs.append(sTemp.c_str(),sTemp.size());

      m_SigHdrs += sTemp.size(); break;

  }


  bio = BIO_new_mem_buf(szPrivKey, -1);

  if (bio == NULL) return DKIM_OUT_OF_MEMORY;


  pkey = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);  // FIXME - done

  BIO_free(bio);


  if (!pkey) { return DKIM_BAD_PRIVATE_KEY; }

  siglen = EVP_PKEY_size(pkey);


  sig = (unsigned char*) OPENSSL_malloc(siglen);

  if (sig == NULL) {

    EVP_PKEY_free(pkey);

    return DKIM_OUT_OF_MEMORY;

  }


  /* Finish streaming signature and potentially go for Ed25519 signatures */


  size_t sig_len;

  unsigned char* SignMsg;


  switch (nSigAlg) {

    case DKIM_HASH_SHA1:

      nSignRet = EVP_SignFinal(m_Hdr_sha1ctx,sig,&siglen,pkey); break;

    case DKIM_HASH_SHA256:

      nSignRet = EVP_SignFinal(m_Hdr_sha256ctx,sig,&siglen,pkey); break;

    case DKIM_HASH_ED25519:

      EVP_DigestSignInit(m_Hdr_ed25519ctx,NULL,NULL,NULL,pkey);

      SignMsg = (unsigned char*) SigHdrs.c_str();

      EVP_DigestSign(m_Hdr_ed25519ctx,NULL,&sig_len,SignMsg,m_SigHdrs);

      sig = (unsigned char*) OPENSSL_malloc(sig_len);

      nSignRet = EVP_DigestSign(m_Hdr_ed25519ctx,sig,&sig_len,SignMsg,m_SigHdrs);

      siglen = (unsigned int) sig_len; break;

  }

  EVP_PKEY_free(pkey);


  if (!nSignRet) {

    OPENSSL_free(sig);

    return DKIM_BAD_PRIVATE_KEY; // key too small

  }


  bio = BIO_new(BIO_s_mem());

  if (!bio) {

    return DKIM_OUT_OF_MEMORY;

  }


  b64 = BIO_new(BIO_f_base64());

  if (!b64) {

    BIO_free(bio);

    return DKIM_OUT_OF_MEMORY;

  }


  BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);

  BIO_push(b64,bio);


  if (BIO_write(b64,sig,siglen) < (int) siglen) {

    OPENSSL_free(sig);

    BIO_free_all(b64);

    return DKIM_OUT_OF_MEMORY;

  }

  BIO_flush(b64);

  OPENSSL_free(sig);


  len = siglen * 2;

  buf = new char[len];


  if (buf == NULL) {

    BIO_free_all(b64);

    return DKIM_OUT_OF_MEMORY;

  }


  size = BIO_read(bio,buf,len);

  BIO_free_all(b64);


  // this should never happen

  if (size >= len) {

    delete[] buf;

    return DKIM_OUT_OF_MEMORY;

  }


  buf[size] = '\0';

  AddFoldedValueToSig(buf,0);

  delete[] buf;

  return DKIM_SUCCESS;

}


//

// AssembleReturnSig

//

//  calls ConstructSignature

//  for all different hashes and signature key files

//

int CDKIMSign::AssembleReturnedSig(char* szRSAKey,char* szECCKey)

{

  int nRet;


  if (m_bReturnedSigAssembled)

    return DKIM_SUCCESS;


  ProcessFinal();


  if (ParseFromAddress() == false) {

    return DKIM_NO_SENDER;

  }


  string ed25519Sig, sha256Sig, sha1Sig;


  if ((m_nHash == DKIM_HASH_ED25519) ||

      (m_nHash == DKIM_HASH_RSA256_AND_ED25519)) {

    nRet = ConstructSignature(szECCKey,DKIM_HASH_ED25519);

    if (nRet == DKIM_SUCCESS) {

      ed25519Sig.assign(m_sSig);

    } else {

      return nRet;

     }

  }


  if ((m_nHash == DKIM_HASH_SHA256) ||

      (m_nHash == DKIM_HASH_SHA1_AND_SHA256) ||

      (m_nHash == DKIM_HASH_RSA256_AND_ED25519)) {

    nRet = ConstructSignature(szRSAKey,DKIM_HASH_SHA256);

    if (nRet == DKIM_SUCCESS) {

      sha256Sig.assign(m_sSig);

    } else {

      return nRet;

     }

  }


  if ((m_nHash == DKIM_HASH_SHA1) ||

      (m_nHash == DKIM_HASH_SHA1_AND_SHA256)) {

    nRet = ConstructSignature(szRSAKey,DKIM_HASH_SHA1);

    if (nRet == DKIM_SUCCESS) {

      sha1Sig.assign(m_sSig);

    } else {

      return nRet;

    }

  }


//  fclose(fpdebug);

//  fpdebug = NULL;


  if (!ed25519Sig.empty()) {

/*    if (!m_sReturnedSig.empty()) {

      m_sReturnedSig.append("\r\n");

    }

    */

    m_sReturnedSig.assign(ed25519Sig);

  }


  if (!sha1Sig.empty()) {

    if (!m_sReturnedSig.empty()) {

      m_sReturnedSig.append("\r\n");

    }

    m_sReturnedSig.append(sha1Sig);

  }


  if (!sha256Sig.empty()) {

    if (!m_sReturnedSig.empty()) {

      m_sReturnedSig.append("\r\n");

    }

    m_sReturnedSig.append(sha256Sig);

  }


  m_bReturnedSigAssembled = true;

  return DKIM_SUCCESS;

}

CDKIMBase::RelaxHeader
static string RelaxHeader(const string &sHeader)
Definition: dkimbase.cpp:293

CDKIMBase::ProcessFinal
int ProcessFinal(void)
Definition: dkimbase.cpp:167

CDKIMBase::CompressSWSP
static void CompressSWSP(char *pBuffer, int &nBufLength)
Definition: dkimbase.cpp:235

CDKIMBase::RemoveSWSP
static void RemoveSWSP(char *szBuffer)
Definition: dkimbase.cpp:214

CDKIMBase::Init
int Init(void)
Definition: dkimbase.cpp:49

CDKIMBase::HeaderList
list< string > HeaderList
Definition: dkimbase.h:75

CDKIMSign::m_sSig
string m_sSig
Definition: dkimsign.h:94

CDKIMSign::m_pfnHdrCallback
DKIMHEADERCALLBACK m_pfnHdrCallback
Definition: dkimsign.h:92

CDKIMSign::m_Hdr_ed25519ctx
EVP_MD_CTX * m_Hdr_ed25519ctx
Definition: dkimsign.h:65

CDKIMSign::GetSig2
int GetSig2(char *szRSAPrivKey, char *szECCPrivKey, char **pszSignature)
Definition: dkimsign.cpp:683

CDKIMSign::ParseFromAddress
bool ParseFromAddress(void)
Definition: dkimsign.cpp:510

CDKIMSign::m_nIncludeCopiedHeaders
int m_nIncludeCopiedHeaders
Definition: dkimsign.h:90

CDKIMSign::m_nBodyLength
int m_nBodyLength
Definition: dkimsign.h:85

CDKIMSign::hParam
string hParam
Definition: dkimsign.h:75

CDKIMSign::sDomain
string sDomain
Definition: dkimsign.h:80

CDKIMSign::AddInterTagSpace
void AddInterTagSpace(int nSizeOfNextTag)
Definition: dkimsign.cpp:605

CDKIMSign::ProcessHeader
void ProcessHeader(const string &sHdr)
Definition: dkimsign.cpp:428

CDKIMSign::InitSig
void InitSig(void)
Definition: dkimsign.cpp:555

CDKIMSign::m_ExpireTime
time_t m_ExpireTime
Definition: dkimsign.h:86

CDKIMSign::m_Edy_sha256ctx
EVP_MD_CTX * m_Edy_sha256ctx
Definition: dkimsign.h:69

CDKIMSign::IsRequiredHeader
bool IsRequiredHeader(const string &sTag)
Definition: dkimsign.cpp:710

CDKIMSign::sFrom
string sFrom
Definition: dkimsign.h:76

CDKIMSign::GetHeaderParams
void GetHeaderParams(const string &sHdr)
Definition: dkimsign.cpp:306

CDKIMSign::m_Hdr_sha1ctx
EVP_MD_CTX * m_Hdr_sha1ctx
Definition: dkimsign.h:63

CDKIMSign::m_IncludeBodyLengthTag
bool m_IncludeBodyLengthTag
Definition: dkimsign.h:84

CDKIMSign::m_nHash
int m_nHash
Definition: dkimsign.h:89

CDKIMSign::m_nSigPos
int m_nSigPos
Definition: dkimsign.h:95

CDKIMSign::m_Hdr_sha256ctx
EVP_MD_CTX * m_Hdr_sha256ctx
Definition: dkimsign.h:64

CDKIMSign::~CDKIMSign
~CDKIMSign()
Definition: dkimsign.cpp:140

CDKIMSign::SigHdrs
string SigHdrs
Definition: dkimsign.h:102

CDKIMSign::eSelector
string eSelector
Definition: dkimsign.h:79

CDKIMSign::m_SigHdrs
int m_SigHdrs
Definition: dkimsign.h:103

CDKIMSign::ProcessBody
virtual int ProcessBody(char *szBuffer, int nBufLength, bool bEOF) override
Definition: dkimsign.cpp:460

CDKIMSign::m_Bdy_sha256ctx
EVP_MD_CTX * m_Bdy_sha256ctx
Definition: dkimsign.h:68

CDKIMSign::m_EmptyLineCount
int m_EmptyLineCount
Definition: dkimsign.h:73

CDKIMSign::AddTagToSig
void AddTagToSig(const char *const Tag, const string &sValue, char cbrk, bool bFold)
Definition: dkimsign.cpp:568

CDKIMSign::ConstructSignature
int ConstructSignature(char *szSignKey, int nSigAlg)
Definition: dkimsign.cpp:743

CDKIMSign::sIdentity
string sIdentity
Definition: dkimsign.h:81

CDKIMSign::m_Bdy_sha1ctx
EVP_MD_CTX * m_Bdy_sha1ctx
Definition: dkimsign.h:67

CDKIMSign::AddFoldedValueToSig
void AddFoldedValueToSig(const string &sValue, char cbrk)
Definition: dkimsign.cpp:623

CDKIMSign::m_bReturnedSigAssembled
bool m_bReturnedSigAssembled
Definition: dkimsign.h:98

CDKIMSign::AssembleReturnedSig
int AssembleReturnedSig(char *szRSAPrivKey, char *szECCPrivKey)
Definition: dkimsign.cpp:969

CDKIMSign::ProcessHeaders
virtual int ProcessHeaders(void) override
Definition: dkimsign.cpp:338

CDKIMSign::m_sCopiedHeaders
string m_sCopiedHeaders
Definition: dkimsign.h:100

CDKIMSign::CDKIMSign
CDKIMSign()
Definition: dkimsign.cpp:117

CDKIMSign::SignThisTag
bool SignThisTag(const string &sTag)
Definition: dkimsign.cpp:264

CDKIMSign::sRequiredHeaders
string sRequiredHeaders
Definition: dkimsign.h:82

CDKIMSign::Hash
void Hash(const char *szBuffer, int nBufLength, bool bHdr)
Definition: dkimsign.cpp:213

CDKIMSign::m_nIncludeTimeStamp
int m_nIncludeTimeStamp
Definition: dkimsign.h:87

CDKIMSign::sSelector
string sSelector
Definition: dkimsign.h:78

CDKIMSign::m_nIncludeQueryMethod
int m_nIncludeQueryMethod
Definition: dkimsign.h:88

CDKIMSign::m_sReturnedSig
string m_sReturnedSig
Definition: dkimsign.h:97

CDKIMSign::sSender
string sSender
Definition: dkimsign.h:77

CDKIMSign::m_Canon
int m_Canon
Definition: dkimsign.h:71

CDKIMSign::OptimalHeaderLineLength
@ OptimalHeaderLineLength
Definition: dkimsign.h:41

dkim.h

DKIM_BUFFER_TOO_SMALL
#define DKIM_BUFFER_TOO_SMALL
Definition: dkim.h:72

DKIM_CANON_SIMPLE
#define DKIM_CANON_SIMPLE
Definition: dkim.h:39

DKIM_NO_SENDER
#define DKIM_NO_SENDER
Definition: dkim.h:70

DKIM_CANON_NOWSP
#define DKIM_CANON_NOWSP
Definition: dkim.h:40

DKIM_OUT_OF_MEMORY
#define DKIM_OUT_OF_MEMORY
Definition: dkim.h:68

DKIM_CANON_RELAXED
#define DKIM_CANON_RELAXED
Definition: dkim.h:41

DKIM_HASH_RSA256_AND_ED25519
#define DKIM_HASH_RSA256_AND_ED25519
Definition: dkim.h:36

DKIM_BAD_PRIVATE_KEY
#define DKIM_BAD_PRIVATE_KEY
Definition: dkim.h:71

DKIM_SIGN_RELAXED
#define DKIM_SIGN_RELAXED
Definition: dkim.h:45

DKIM_SIGN_SIMPLE
#define DKIM_SIGN_SIMPLE
Definition: dkim.h:43

DKIM_HASH_SHA1_AND_SHA256
#define DKIM_HASH_SHA1_AND_SHA256
Definition: dkim.h:34

DKIM_SIGN_RELAXED_SIMPLE
#define DKIM_SIGN_RELAXED_SIMPLE
Definition: dkim.h:46

DKIM_SIGN_SIMPLE_RELAXED
#define DKIM_SIGN_SIMPLE_RELAXED
Definition: dkim.h:44

DKIM_HASH_ED25519
#define DKIM_HASH_ED25519
Definition: dkim.h:35

DKIM_HASH_SHA1
#define DKIM_HASH_SHA1
Definition: dkim.h:32

DKIM_HASH_SHA256
#define DKIM_HASH_SHA256
Definition: dkim.h:33

DKIM_SUCCESS
#define DKIM_SUCCESS
Definition: dkim.h:49

LOWORD
#define LOWORD(l)
Definition: dkimsign.cpp:25

_stricmp
#define _stricmp
Definition: dkimsign.cpp:24

_strnicmp
#define _strnicmp
Definition: dkimsign.cpp:23

HIWORD
#define HIWORD(l)
Definition: dkimsign.cpp:26

ConvertHeaderToQuotedPrintable
bool ConvertHeaderToQuotedPrintable(const char *source, char *dest)
Definition: dkimsign.cpp:277

dkimsign.h

buf
char buf[100+FMT_ULONG]
Definition: hier.c:11

int
int
Definition: qmail-mrtg.c:27

size
unsigned long size
Definition: qmail-qread.c:56

d
struct del * d[CHANNELS]
Definition: qmail-send.c:726

DKIMSignOptions_t
Definition: dkim.h:99

DKIMSignOptions_t::nIncludeBodyLengthTag
int nIncludeBodyLengthTag
Definition: dkim.h:101

DKIMSignOptions_t::nCanon
int nCanon
Definition: dkim.h:100

DKIMSignOptions_t::nHash
int nHash
Definition: dkim.h:111

DKIMSignOptions_t::pfnHeaderCallback
DKIMHEADERCALLBACK pfnHeaderCallback
Definition: dkim.h:109

DKIMSignOptions_t::nIncludeCopiedHeaders
int nIncludeCopiedHeaders
Definition: dkim.h:113

DKIMSignOptions_t::expireTime
unsigned long expireTime
Definition: dkim.h:108

DKIMSignOptions_t::szDomain
char szDomain[256]
Definition: dkim.h:106

DKIMSignOptions_t::szIdentity
char szIdentity[256]
Definition: dkim.h:107

DKIMSignOptions_t::nIncludeTimeStamp
int nIncludeTimeStamp
Definition: dkim.h:102

DKIMSignOptions_t::szSelector
char szSelector[64]
Definition: dkim.h:104

DKIMSignOptions_t::nIncludeQueryMethod
int nIncludeQueryMethod
Definition: dkim.h:103

DKIMSignOptions_t::szSelectorE
char szSelectorE[64]
Definition: dkim.h:105