From af034532358b93b0700ab8fafb11ce32f812c5eb Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 15:41:49 +0700 Subject: [PATCH 01/10] made authenticated message members pub --- src/lib.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 60886dc..866647b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -331,18 +331,18 @@ pub struct MX { #[derive(Debug, Clone)] pub struct AuthenticatedMessage<'x> { - pub(crate) headers: Vec<(&'x [u8], &'x [u8])>, - pub(crate) from: Vec, - pub(crate) raw_message: &'x [u8], - pub(crate) body_offset: usize, - pub(crate) body_hashes: Vec<(Canonicalization, HashAlgorithm, u64, Vec)>, - pub(crate) dkim_headers: Vec>>, - pub(crate) ams_headers: Vec>>, - pub(crate) as_headers: Vec>>, - pub(crate) aar_headers: Vec>>, - pub(crate) received_headers_count: usize, - pub(crate) date_header_present: bool, - pub(crate) message_id_header_present: bool, + pub headers: Vec<(&'x [u8], &'x [u8])>, + pub from: Vec, + pub raw_message: &'x [u8], + pub body_offset: usize, + pub body_hashes: Vec<(Canonicalization, HashAlgorithm, u64, Vec)>, + pub dkim_headers: Vec>>, + pub ams_headers: Vec>>, + pub as_headers: Vec>>, + pub aar_headers: Vec>>, + pub received_headers_count: usize, + pub date_header_present: bool, + pub message_id_header_present: bool, } #[derive(Debug, Clone, PartialEq, Eq)] From f8a21261b802d77b60ba17c626024fb7f82ac8b4 Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 17:35:23 +0700 Subject: [PATCH 02/10] made more things public + added print --- src/common/headers.rs | 6 +++--- src/dkim/verify.rs | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/common/headers.rs b/src/common/headers.rs index 51cdb07..11a0f12 100644 --- a/src/common/headers.rs +++ b/src/common/headers.rs @@ -60,9 +60,9 @@ pub(crate) enum AuthenticatedHeader<'x> { #[derive(Debug, Clone, PartialEq, Eq)] pub struct Header<'x, T> { - pub(crate) name: &'x [u8], - pub(crate) value: &'x [u8], - pub(crate) header: T, + pub name: &'x [u8], + pub value: &'x [u8], + pub header: T, } impl<'x> HeaderParser<'x> { diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index a590339..5cb6e17 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -108,6 +108,11 @@ impl Resolver { let dkim_hdr_value = header.value.strip_signature(); let mut headers = message.signed_headers(&signature.h, header.name, &dkim_hdr_value); + println!( + "header.name, &dkim_hdr_value {:?} {:?}\n", + header.name, &dkim_hdr_value + ); + // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { output.push(DkimOutput::fail(err).with_signature(signature)); From 77792e91f14c1a198bf45d776cda4cf1fd500e5f Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 17:39:09 +0700 Subject: [PATCH 03/10] more pub(crate)s -> pub --- src/arc/mod.rs | 26 +++++++++++++------------- src/dkim/canonicalize.rs | 2 +- src/dkim/mod.rs | 38 +++++++++++++++++++------------------- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/src/arc/mod.rs b/src/arc/mod.rs index a285379..313740e 100644 --- a/src/arc/mod.rs +++ b/src/arc/mod.rs @@ -34,19 +34,19 @@ pub struct ArcSealer, State = NeedDomain> { #[derive(Debug, PartialEq, Eq, Clone, Default)] pub struct Signature { - pub(crate) i: u32, - pub(crate) a: Algorithm, - pub(crate) d: String, - pub(crate) s: String, - pub(crate) b: Vec, - pub(crate) bh: Vec, - pub(crate) h: Vec, - pub(crate) z: Vec, - pub(crate) l: u64, - pub(crate) x: u64, - pub(crate) t: u64, - pub(crate) ch: Canonicalization, - pub(crate) cb: Canonicalization, + pub i: u32, + pub a: Algorithm, + pub d: String, + pub s: String, + pub b: Vec, + pub bh: Vec, + pub h: Vec, + pub z: Vec, + pub l: u64, + pub x: u64, + pub t: u64, + pub ch: Canonicalization, + pub cb: Canonicalization, } #[derive(Debug, PartialEq, Eq, Clone, Default)] diff --git a/src/dkim/canonicalize.rs b/src/dkim/canonicalize.rs index 92c2c37..7a7a321 100644 --- a/src/dkim/canonicalize.rs +++ b/src/dkim/canonicalize.rs @@ -151,7 +151,7 @@ impl Canonicalization { } impl Signature { - pub(crate) fn canonicalize<'x>( + pub fn canonicalize<'x>( &self, mut message: impl HeaderStream<'x>, ) -> (usize, CanonicalHeaders<'x>, Vec, CanonicalBody<'x>) { diff --git a/src/dkim/mod.rs b/src/dkim/mod.rs index 6c5be8a..f9d388c 100644 --- a/src/dkim/mod.rs +++ b/src/dkim/mod.rs @@ -33,8 +33,8 @@ pub enum Canonicalization { #[derive(Debug, PartialEq, Eq, Clone, Default)] pub struct DkimSigner { _state: std::marker::PhantomData, - pub(crate) key: T, - pub(crate) template: Signature, + pub key: T, + pub template: Signature, } pub struct NeedDomain; @@ -44,23 +44,23 @@ pub struct Done; #[derive(Debug, PartialEq, Eq, Clone, Default)] pub struct Signature { - pub(crate) v: u32, - pub(crate) a: Algorithm, - pub(crate) d: String, - pub(crate) s: String, - pub(crate) b: Vec, - pub(crate) bh: Vec, - pub(crate) h: Vec, - pub(crate) z: Vec, - pub(crate) i: String, - pub(crate) l: u64, - pub(crate) x: u64, - pub(crate) t: u64, - pub(crate) r: bool, // RFC 6651 - pub(crate) atps: Option, // RFC 6541 - pub(crate) atpsh: Option, // RFC 6541 - pub(crate) ch: Canonicalization, - pub(crate) cb: Canonicalization, + pub v: u32, + pub a: Algorithm, + pub d: String, + pub s: String, + pub b: Vec, + pub bh: Vec, + pub h: Vec, + pub z: Vec, + pub i: String, + pub l: u64, + pub x: u64, + pub t: u64, + pub r: bool, // RFC 6651 + pub atps: Option, // RFC 6541 + pub atpsh: Option, // RFC 6541 + pub ch: Canonicalization, + pub cb: Canonicalization, } impl Default for Algorithm { From fee53a5c2ca4f94900acf4012aef6986b27fa742 Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 17:46:46 +0700 Subject: [PATCH 04/10] fix print on headers midway thru verify dkim --- src/dkim/verify.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 5cb6e17..1e21ac1 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -107,12 +107,14 @@ impl Resolver { // Hash headers let dkim_hdr_value = header.value.strip_signature(); let mut headers = message.signed_headers(&signature.h, header.name, &dkim_hdr_value); + let mut headers_copy = + message.signed_headers(&signature.h, header.name, &dkim_hdr_value); - println!( - "header.name, &dkim_hdr_value {:?} {:?}\n", - header.name, &dkim_hdr_value - ); - + for (header_name, header_value) in headers_copy { + let header_name_str = String::from_utf8_lossy(&header_name); + let header_value_str = String::from_utf8_lossy(&header_value); + println!("{}: {}", header_name_str, header_value_str); + } // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { output.push(DkimOutput::fail(err).with_signature(signature)); From 6b662ecdec5e839c3438f8b3253848a7818205ae Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 17:47:30 +0700 Subject: [PATCH 05/10] fixed print again --- src/dkim/verify.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 1e21ac1..39c96f6 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -113,7 +113,7 @@ impl Resolver { for (header_name, header_value) in headers_copy { let header_name_str = String::from_utf8_lossy(&header_name); let header_value_str = String::from_utf8_lossy(&header_value); - println!("{}: {}", header_name_str, header_value_str); + println!("Headers {}: {}", header_name_str, header_value_str); } // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { From 10a4a82943c3cb46dc15abe44c5543b3d78c41fe Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 18:24:35 +0700 Subject: [PATCH 06/10] debug signature --- src/dkim/verify.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 39c96f6..90233e4 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -115,6 +115,9 @@ impl Resolver { let header_value_str = String::from_utf8_lossy(&header_value); println!("Headers {}: {}", header_name_str, header_value_str); } + + println!("Signature: {}", signature); + // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { output.push(DkimOutput::fail(err).with_signature(signature)); From f66d0883b03565c6575409406c60af5aebbc8628 Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 19:19:42 +0700 Subject: [PATCH 07/10] print canonicalized header? --- src/common/crypto/ring_impls.rs | 2 ++ src/dkim/verify.rs | 15 +++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/common/crypto/ring_impls.rs b/src/common/crypto/ring_impls.rs index 284bf1c..cdcc0a8 100644 --- a/src/common/crypto/ring_impls.rs +++ b/src/common/crypto/ring_impls.rs @@ -210,6 +210,8 @@ impl VerifyingKey for RsaPublicKey { let mut data = Vec::with_capacity(256); canonicalization.canonicalize_headers(headers, &mut data); + println!("Canonicalized data: {:?}", data); + match algorithm { Algorithm::RsaSha256 => self .sha2 diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 90233e4..210157b 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -110,13 +110,16 @@ impl Resolver { let mut headers_copy = message.signed_headers(&signature.h, header.name, &dkim_hdr_value); - for (header_name, header_value) in headers_copy { - let header_name_str = String::from_utf8_lossy(&header_name); - let header_value_str = String::from_utf8_lossy(&header_value); - println!("Headers {}: {}", header_name_str, header_value_str); - } + // for (header_name, header_value) in headers_copy { + // let header_name_str = String::from_utf8_lossy(&header_name); + // let header_value_str = String::from_utf8_lossy(&header_value); + // println!("Headers {}: {}", header_name_str, header_value_str); + // } + + let mut data = Vec::with_capacity(256); + signature.ch.canonicalize_headers(headers_copy, &mut data); - println!("Signature: {}", signature); + println!("Prehash data: {:?}", data); // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { From 1f862722a3b6029df11ea777cdd2d38e9821fec8 Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 21:07:20 +0700 Subject: [PATCH 08/10] finished debugging and adding get_canonicalized_header function --- src/common/crypto/ring_impls.rs | 2 -- src/dkim/verify.rs | 45 +++++++++++++++++++++++++-------- 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/src/common/crypto/ring_impls.rs b/src/common/crypto/ring_impls.rs index cdcc0a8..284bf1c 100644 --- a/src/common/crypto/ring_impls.rs +++ b/src/common/crypto/ring_impls.rs @@ -210,8 +210,6 @@ impl VerifyingKey for RsaPublicKey { let mut data = Vec::with_capacity(256); canonicalization.canonicalize_headers(headers, &mut data); - println!("Canonicalized data: {:?}", data); - match algorithm { Algorithm::RsaSha256 => self .sha2 diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 210157b..52345be 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -110,17 +110,6 @@ impl Resolver { let mut headers_copy = message.signed_headers(&signature.h, header.name, &dkim_hdr_value); - // for (header_name, header_value) in headers_copy { - // let header_name_str = String::from_utf8_lossy(&header_name); - // let header_value_str = String::from_utf8_lossy(&header_value); - // println!("Headers {}: {}", header_name_str, header_value_str); - // } - - let mut data = Vec::with_capacity(256); - signature.ch.canonicalize_headers(headers_copy, &mut data); - - println!("Prehash data: {:?}", data); - // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { output.push(DkimOutput::fail(err).with_signature(signature)); @@ -253,6 +242,40 @@ impl Resolver { } impl<'x> AuthenticatedMessage<'x> { + // Function inserted by yush + // Excerpted and edited from verify_dkim_ + pub async fn get_canonicalized_header(&self) -> Result, Error> { + // Validate DKIM headers + let mut data = Vec::with_capacity(256); + for header in &self.dkim_headers { + // Validate body hash + let signature = match &header.header { + Ok(signature) => { + if signature.x == 0 || (signature.x > signature.t) { + signature + } else { + continue; + } + } + Err(err) => { + continue; + } + }; + + // Hash headers + let dkim_hdr_value = header.value.strip_signature(); + let mut headers = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); + let mut headers_copy = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); + + signature.ch.canonicalize_headers(headers_copy, &mut data); + + println!("Prehash data: {:?}", data); + return Ok(data); + } + // Return not ok + Err(Error::FailedBodyHashMatch) + } + pub fn signed_headers<'z: 'x>( &'z self, headers: &'x [String], From 068ade1af08f14acd2f6d3d6def7c57df9a471de Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 21:17:13 +0700 Subject: [PATCH 09/10] reduced pub variables, cleared prints, cleaned code --- src/arc/mod.rs | 26 +++++++++++++------------- src/dkim/mod.rs | 34 +++++++++++++++++----------------- src/dkim/verify.rs | 16 +++++----------- 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/src/arc/mod.rs b/src/arc/mod.rs index 313740e..a285379 100644 --- a/src/arc/mod.rs +++ b/src/arc/mod.rs @@ -34,19 +34,19 @@ pub struct ArcSealer, State = NeedDomain> { #[derive(Debug, PartialEq, Eq, Clone, Default)] pub struct Signature { - pub i: u32, - pub a: Algorithm, - pub d: String, - pub s: String, - pub b: Vec, - pub bh: Vec, - pub h: Vec, - pub z: Vec, - pub l: u64, - pub x: u64, - pub t: u64, - pub ch: Canonicalization, - pub cb: Canonicalization, + pub(crate) i: u32, + pub(crate) a: Algorithm, + pub(crate) d: String, + pub(crate) s: String, + pub(crate) b: Vec, + pub(crate) bh: Vec, + pub(crate) h: Vec, + pub(crate) z: Vec, + pub(crate) l: u64, + pub(crate) x: u64, + pub(crate) t: u64, + pub(crate) ch: Canonicalization, + pub(crate) cb: Canonicalization, } #[derive(Debug, PartialEq, Eq, Clone, Default)] diff --git a/src/dkim/mod.rs b/src/dkim/mod.rs index f9d388c..c3c5a12 100644 --- a/src/dkim/mod.rs +++ b/src/dkim/mod.rs @@ -44,23 +44,23 @@ pub struct Done; #[derive(Debug, PartialEq, Eq, Clone, Default)] pub struct Signature { - pub v: u32, - pub a: Algorithm, - pub d: String, - pub s: String, - pub b: Vec, - pub bh: Vec, - pub h: Vec, - pub z: Vec, - pub i: String, - pub l: u64, - pub x: u64, - pub t: u64, - pub r: bool, // RFC 6651 - pub atps: Option, // RFC 6541 - pub atpsh: Option, // RFC 6541 - pub ch: Canonicalization, - pub cb: Canonicalization, + pub(crate) v: u32, + pub(crate) a: Algorithm, + pub(crate) d: String, + pub(crate) s: String, + pub(crate) b: Vec, + pub(crate) bh: Vec, + pub(crate) h: Vec, + pub(crate) z: Vec, + pub(crate) i: String, + pub(crate) l: u64, + pub(crate) x: u64, + pub(crate) t: u64, + pub(crate) r: bool, // RFC 6651 + pub(crate) atps: Option, // RFC 6541 + pub(crate) atpsh: Option, // RFC 6541 + pub(crate) ch: Canonicalization, + pub(crate) cb: Canonicalization, } impl Default for Algorithm { diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index 52345be..d82666b 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -107,8 +107,6 @@ impl Resolver { // Hash headers let dkim_hdr_value = header.value.strip_signature(); let mut headers = message.signed_headers(&signature.h, header.name, &dkim_hdr_value); - let mut headers_copy = - message.signed_headers(&signature.h, header.name, &dkim_hdr_value); // Verify signature if let Err(err) = record.verify(&mut headers, signature, signature.ch) { @@ -242,9 +240,8 @@ impl Resolver { } impl<'x> AuthenticatedMessage<'x> { - // Function inserted by yush - // Excerpted and edited from verify_dkim_ pub async fn get_canonicalized_header(&self) -> Result, Error> { + // Based on verify_dkim_ function // Validate DKIM headers let mut data = Vec::with_capacity(256); for header in &self.dkim_headers { @@ -257,19 +254,16 @@ impl<'x> AuthenticatedMessage<'x> { continue; } } - Err(err) => { + Err(_err) => { continue; } }; - // Hash headers + // Get pre-hashed but canonically ordered headers, whos hash is signed let dkim_hdr_value = header.value.strip_signature(); - let mut headers = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); - let mut headers_copy = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); - - signature.ch.canonicalize_headers(headers_copy, &mut data); + let headers = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); + signature.ch.canonicalize_headers(headers, &mut data); - println!("Prehash data: {:?}", data); return Ok(data); } // Return not ok From 2b13f317a9c989aa015dc0a26b448eb7511e460e Mon Sep 17 00:00:00 2001 From: Divide-By-0 Date: Sat, 25 Mar 2023 21:21:16 +0700 Subject: [PATCH 10/10] fixed comments on function --- src/dkim/verify.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/dkim/verify.rs b/src/dkim/verify.rs index d82666b..31690f9 100644 --- a/src/dkim/verify.rs +++ b/src/dkim/verify.rs @@ -242,10 +242,10 @@ impl Resolver { impl<'x> AuthenticatedMessage<'x> { pub async fn get_canonicalized_header(&self) -> Result, Error> { // Based on verify_dkim_ function - // Validate DKIM headers + // Iterate through possible DKIM headers let mut data = Vec::with_capacity(256); for header in &self.dkim_headers { - // Validate body hash + // Ensure signature is not obviously invalid let signature = match &header.header { Ok(signature) => { if signature.x == 0 || (signature.x > signature.t) { @@ -259,7 +259,7 @@ impl<'x> AuthenticatedMessage<'x> { } }; - // Get pre-hashed but canonically ordered headers, whos hash is signed + // Get pre-hashed but canonically ordered headers, who's hash is signed let dkim_hdr_value = header.value.strip_signature(); let headers = self.signed_headers(&signature.h, header.name, &dkim_hdr_value); signature.ch.canonicalize_headers(headers, &mut data);