[9front] upas/dkim: dkim signing for upas

[9front] upas/dkim: dkim signing for upas

[ori]

This change adds support for dkim signing to upas.

It has2 pieces:

1. Adding support for different asn1 formats to auth/rsa2asn1;
   we can now generate SubjectPublicKeyInfo RSA keys, which
   wrap the keys up with an algorithm identifier.
2. Adding a upas/dkim command which filters a message and signs
   it using dkim.

To configure dkim, you need to generate a (small-ish) rsa key;
large keys do not fit into DNS text records:

	# generate the private key and add it to factotum
	ramfs -p
	cd /tmp
	auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=orib.dev owner=*' > dkim.key
	cat dkim.key > factotum.ctl

	# extract the public key, encode it, and strip out the junk
	pubkey=`{
		<dkim.key auth/rsa2asn1 -f spki | \
		auth/pemencode WHATEVER | \
		grep -v 'WHATEVER' | \
		ssam 'x/\n/d'
	}
	domain=example.org
	# then add it to /lib/ndb.local
	echo 'dom=dkim._domainkey.'$domain' soa=
		ip=144.202.1.203
		refresh=600 ttl=600
		ns=ns.orib.dev
		txt="k=rsa; v='$pubkey \
	>> /lib/ndb/local

Then, finally, insert it into your outgoing mail pipeline. One
thing to be careful of is that upas will do some outgoing 'From:'
rewriting, so you may need to make sure that either '$upasname'
is set, or 'upas/dkim' is inserted after the rewrite stage.
A good place is in /mail/lib/qmail, in place of upas/vf:

	% cat /mail/lib/qmail 
	rfork s
	upas/dkim -d example.com | upas/qer /mail/queue mail $* || exit 'qer failed'
	upas/runq -n 10 /mail/queue /mail/lib/remotemail </dev/null >/dev/null >[2=1] &


diff 7ca997bf7efdca16416b22488ebc7b70c419fd44 uncommitted
--- a//sys/include/libsec.h
+++ b//sys/include/libsec.h
@@ -374,6 +374,7 @@
 int		pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype);
 int		asn1encodeRSApub(RSApub *pk, uchar *buf, int len);
 int		asn1encodeRSApriv(RSApriv *k, uchar *buf, int len);
+int		asn1encodeRSApubSPKI(RSApub *pk, uchar *buf, int len);
 int		asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*),
 			uchar *digest, uchar *buf, int len);
 
--- a//sys/man/1/filter
+++ b//sys/man/1/filter
@@ -24,6 +24,15 @@
 .I recipient
 .I fromfile
 .I mbox
+.B upas/dkim
+[
+.B -d
+.I domain
+]
+[
+.B -s
+.I selector
+]
 .PP
 .B upas/token
 .I key
@@ -183,6 +192,23 @@
 You should copy it into a directory that normally gets
 bound by your profile onto
 .BR /bin .
+.PP
+.I Dkim
+Takes a mail message as standard input, and signs
+a selection of headers and the body of the message.
+The
+.I -d
+flag specifies the domain,
+and the
+.I -s
+flag specifies the selector. If the selector is not
+specified, it defaults to
+.IR dkim .
+The keyspec searched for the signing key is:
+.IP
+.EX
+proto=rsa service=dkim role=sign hash=sha256 domain=$domain
+.EE
 .PP
 .I Vf
 (virus filter)
--- a//sys/man/8/rsa
+++ b//sys/man/8/rsa
@@ -28,9 +28,13 @@
 .PP
 .B rsa2asn1
 [
--a
+.B -a
 ]
 [
+.B -f
+.I fmt
+]
+[
 .I file
 ]
 .PP
@@ -200,6 +204,16 @@
 With the
 .I -a
 flag a private key is read and encoded in ANS.1/DER format.
+With the
+.I -f
+flag, the format of the ASN.1/DER encoded key is selected.
+The supported formats are 
+.I pkcs1
+and 
+.IR spki ,
+which refer to RFC3447 RSAPublicKey and RFC5280 SubjectPublicKeyInfo
+formatted RSA keys respectively.
+The default format is pkcs1.
 .PP
 .I Rsa2ssh
 reads a Plan 9 RSA public or private key and prints the public portion 
--- a//sys/src/cmd/auth/rsa2asn1.c
+++ b//sys/src/cmd/auth/rsa2asn1.c
@@ -6,11 +6,12 @@
 #include "rsa2any.h"
 
 int privatekey = 0;
+char *format = "pkcs1";
 
 void
 usage(void)
 {
-	fprint(2, "usage: auth/rsa2asn1 [-a] [file]\n");
+	fprint(2, "usage: auth/rsa2asn1 [-a] [-f fmt] [file]\n");
 	exits("usage");
 }
 
@@ -25,6 +26,9 @@
 	case 'a':
 		privatekey = 1;
 		break;
+	case 'f':
+		format = EARGF(usage());
+		break;
 	default:
 		usage();
 	}ARGEND
@@ -32,14 +36,25 @@
 	if(argc > 1)
 		usage();
 
+	n = -1;
 	if((k = getrsakey(argc, argv, privatekey, nil)) == nil)
 		sysfatal("%r");
 	if(privatekey){
-		if((n = asn1encodeRSApriv(k, buf, sizeof(buf))) < 0)
-			sysfatal("asn1encodeRSApriv: %r");
+		if(strcmp(format, "pkcs1") == 0)
+			n = asn1encodeRSApriv(k, buf, sizeof(buf));
+		else
+			sysfatal("unknown format %s", format);
+		if(n < 0)
+			sysfatal("encode: %r");
 	}else{
-		if((n = asn1encodeRSApub(&k->pub, buf, sizeof(buf))) < 0)
-			sysfatal("asn1encodeRSApub: %r");
+		if(strcmp(format, "pkcs1") == 0)
+			n = asn1encodeRSApub(&k->pub, buf, sizeof(buf));
+		else if(strcmp(format, "spki") == 0)
+			n = asn1encodeRSApubSPKI(&k->pub, buf, sizeof(buf));
+		else
+			sysfatal("unknown format %s", format);
+		if(n < 0)
+			sysfatal("encode: %r");
 	}
 	if(write(1, buf, n) != n)
 		sysfatal("write: %r");
--- /dev/null
+++ b//sys/src/cmd/upas/dkim/dkim.c
@@ -1,0 +1,210 @@
+#include <u.h>
+#include <libc.h>
+#include <bio.h>
+#include <libsec.h>
+#include <auth.h>
+#include <authsrv.h>
+#include <pool.h>
+
+char *signhdr[] = {
+	"from:",
+	"to:",
+	"subject:",
+	"date:",
+	"message-id:",
+	nil
+};
+
+char *keyspec;
+char *domain;
+char *selector = "dkim";
+
+int
+trim(char *p)
+{
+	char *e;
+
+	for(e = p; *e != 0; e++)
+		if(*e == '\r' || *e == '\n')
+			break;
+	*e = 0;
+	return e - p;
+}		
+
+int
+usehdr(char *ln, char **hs)
+{
+	char **p;
+
+	for(p = signhdr; *p; p++)
+		if(cistrncmp(ln, *p, strlen(*p)) == 0){
+			if((*hs = realloc(*hs, strlen(*hs) + strlen(*p) + 1)) == nil)
+				sysfatal("realloc: %r");
+			strcat(*hs, *p);
+			return 1;
+		}
+	return 0;
+}
+
+void
+append(char **m, int *nm, int *sz, char *ln, int n)
+{
+	while(*nm + n + 2 >= *sz){
+		*sz += *sz/2;
+		*m = realloc(*m, *sz);
+	}
+	memcpy(*m + *nm, ln, n);
+	memcpy(*m + *nm + n, "\r\n", 2);
+	*nm += n+2;
+}
+
+
+int
+sign(uchar *hash, int nhash, char **sig, int *nsig)
+{
+	AuthRpc *rpc;
+	int afd;
+
+	if((afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0)
+		return -1;
+	if((rpc = auth_allocrpc(afd)) == nil){
+		close(afd);
+		return -1;
+	}
+	if(auth_rpc(rpc, "start", keyspec, strlen(keyspec)) != ARok){
+		auth_freerpc(rpc);
+		close(afd);
+		return -1;
+	}
+
+	if(auth_rpc(rpc, "write", hash, nhash) != ARok)
+		sysfatal("sign: write hash: %r");
+	if(auth_rpc(rpc, "read", nil, 0) != ARok)
+		sysfatal("sign: read sig: %r");
+	if((*sig = malloc(rpc->narg)) == nil)
+		sysfatal("malloc: %r");
+	*nsig = rpc->narg;
+	memcpy(*sig, rpc->arg, *nsig);
+	auth_freerpc(rpc);
+	close(afd);
+	return 0;
+}
+
+void
+usage(void)
+{
+	fprint(2, "usage: %s [-s sel] -d dom\n", argv0);
+	exits("usage");
+}
+
+void
+main(int argc, char **argv)
+{
+	int i, n, nhdr, nmsg, nsig, ntail, hdrsz, msgsz, use;
+	uchar hdrhash[SHA2_256dlen], msghash[SHA2_256dlen];
+	char *hdr, *msg, *sig, *ln, *hdrset, *dhdr;
+	Biobuf *rd, *wr;
+	DigestState *sh, *sb;
+
+	ARGBEGIN{
+	case 'd':
+		domain = EARGF(usage());
+		break;
+	case 's':
+		selector = EARGF(usage());
+		break;
+	default:
+		usage();
+		break;
+	}ARGEND;
+
+	if(domain == nil)
+		usage();
+	fmtinstall('H', encodefmt);
+	fmtinstall('[', encodefmt);
+	keyspec = smprint("proto=rsa service=dkim role=sign hash=sha256 domain=%s", domain);
+
+	rd = Bfdopen(0, OREAD);
+	wr = Bfdopen(1, OWRITE);
+
+	nhdr = 0;
+	hdrsz = 32;
+	if((hdr = malloc(hdrsz)) == nil)
+		sysfatal("malloc: %r");
+	nmsg = 0;
+	msgsz = 32;
+	if((msg = malloc(msgsz)) == nil)
+		sysfatal("malloc: %r");
+
+	use = 0;
+	sh = nil;
+	hdrset = strdup("");
+	while((ln = Brdstr(rd, '\n', 1)) != nil){
+		n = trim(ln);
+		if(n == 0
+		|| (n == 1 && ln[0] == '\r' || ln[0] == '\n')
+		|| (n == 2 && strcmp(ln, "\r\n") == 0))
+			break;
+		/*
+		 * strip out existing DKIM signatures,
+		 * for the sake of mailing lists and such.
+		 */
+		if(cistrcmp(ln, "DKIM-Signature:") == 0)
+			continue;
+		if(ln[0] != ' ' && ln[0] != '\t')
+			use = usehdr(ln, &hdrset);
+		if(use){
+			sh = sha2_256((uchar*)ln, n, nil, sh);
+			sh = sha2_256((uchar*)"\r\n", 2, nil, sh);
+		}
+		append(&hdr, &nhdr, &hdrsz, ln, n);
+	}
+
+	sb = nil;
+	ntail = 0;
+	while((ln = Brdstr(rd, '\n', 0)) != nil){
+		n = trim(ln);
+		if(n == 0){
+			ntail++;
+			continue;
+		}
+		for(i = 0; i < ntail; i++){
+			sb = sha2_256((uchar*)"\r\n", 2, nil, sb);
+			append(&msg, &nmsg, &msgsz, "", 0);
+			ntail = 0;
+		}
+		sb = sha2_256((uchar*)ln, n, nil, sb);
+		sb = sha2_256((uchar*)"\r\n", 2, nil, sb);
+		append(&msg, &nmsg, &msgsz, ln, n);
+	}
+	if(nmsg == 0 || ntail > 1)
+		sb = sha2_256((uchar*)"\r\n", 2, nil, sb);
+	Bterm(rd);
+
+	sha2_256(nil, 0, msghash, sb);
+	dhdr = smprint(
+		"DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=%s;\r\n"
+		" h=%s; s=%s;\r\n"
+		" bh=%.*[; \r\n"
+		" b=",
+		domain, hdrset, selector,
+		(int)sizeof(msghash), msghash);
+	if(dhdr == nil)
+		sysfatal("smprint: %r");
+	sh = sha2_256((uchar*)dhdr, strlen(dhdr), nil, sh);
+	sha2_256(nil, 0, hdrhash, sh);
+	if(sign(hdrhash, sizeof(hdrhash), &sig, &nsig) == -1)
+		sysfatal("sign: %r");
+
+	Bwrite(wr, dhdr, strlen(dhdr));
+	Bprint(wr, "%.*[\r\n", nsig, sig);
+	Bwrite(wr, hdr, nhdr);
+	Bprint(wr, "\n");
+	Bwrite(wr, msg, nmsg);
+	Bterm(wr);
+
+	free(hdr);
+	free(msg);
+	free(sig);
+	exits(nil);	
+}
--- /dev/null
+++ b//sys/src/cmd/upas/dkim/mkfile
@@ -1,0 +1,7 @@
+</$objtype/mkfile
+
+TARG=dkim
+OFILES=dkim.$O
+
+</sys/src/cmd/mkone
+<../mkupas
--- a//sys/src/cmd/upas/mkfile
+++ b//sys/src/cmd/upas/mkfile
@@ -6,6 +6,7 @@
 	alias\
 	bayes\
 	binscripts\
+	dkim\
 	filterkit\
 	fs\
 	imap4d\
--- a//sys/src/libsec/port/x509.c
+++ b//sys/src/libsec/port/x509.c
@@ -788,6 +788,7 @@
 
 	p = &uc;
 	err = enc(&p, e, 1);
+	*pbytes = nil;
 	if(err == ASN_OK) {
 		ans = newbytes(p-&uc);
 		p = ans->data;
@@ -2900,6 +2901,32 @@
 	}
 	memmove(buf, b->data, len = b->len);
 	freebytes(b);
+	return len;
+}
+
+int
+asn1encodeRSApubSPKI(RSApub *pk, uchar *buf, int len)
+{
+	Bytes *b, *k;
+	Elem e;
+
+	k = encode_rsapubkey(pk);
+	if(k == nil)
+		return -1;
+	e = mkseq(
+		mkel(mkalg(ALG_rsaEncryption),
+		mkel(mkbits(k->data, k->len),
+		nil)));
+	encode(e, &b);
+	freebytes(k);
+	if(b == nil)
+		return -1;
+	if(b->len > len){
+		freebytes(b);
+		werrstr("buffer too small");
+		return -1;
+	}
+	memmove(buf, b->data, len = b->len);
 	return len;
 }