dkimverify 0.0.1

data/dkimverify.rb

@@ -0,0 +1,256 @@
+require 'mail'
+require 'digest'
+require 'openssl'
+require 'base64'
+require_relative './dkim-query/lib/dkim/query'
+
+
+# TODO make this an option somehow
+$debuglog = nil # alternatively, set this to `STDERR` to log to stdout.
+
+module Dkim
+    # what are these magic numbers?!
+    # These values come from RFC 3447, section 9.2 Notes, page 43.
+    # cf. https://github.com/emboss/krypt/blob/c804f736d4dbaa4425014d036d2e68d8ee66d559/lib/krypt/asn1/common.rb
+    #       SHA1       = algorithm_null_params('1.3.14.3.2.26')
+    #       SHA256 = algorithm_null_params('2.16.840.1.101.3.4.2.1')    
+    OpenSSL::ASN1::ObjectId.register('1.3.14.3.2.26', 'sha1', 'HASHID_SHA1')
+    OpenSSL::ASN1::ObjectId.register('2.16.840.1.101.3.4.2.1', 'sha256', 'HASHID_SHA256')
+    HASHID_SHA1   = OpenSSL::ASN1::ObjectId.new('sha1')
+    HASHID_SHA256 = OpenSSL::ASN1::ObjectId.new('sha256')
+
+    class DkimError < StandardError; end
+    class InvalidDkimSignature < DkimError; end
+    class DkimVerificationFailure < DkimError; end
+
+    class Verifier
+        def initialize(email_filename)
+            mail = Mail.read(email_filename)
+            @headers = mail.header
+            @body = mail.body.raw_source
+            dkim_signature_str = @headers["DKIM-Signature"].value.to_s
+            @dkim_signature = {}
+            dkim_signature_str.split(/\s*;\s*/).each do |key_val| 
+                if m = key_val.match(/(\w+)\s*=\s*(.*)/)
+                    @dkim_signature[m[1]] = m[2]
+                end
+            end
+            validate_signature! # just checking to make sure we have all the ingredients we need to actually verify the signature
+        end
+
+
+        def verify!
+            figure_out_canonicalization_methods!
+            verify_body_hash!
+
+            # 'b=' is the signed message headers' hash.
+            # we need to decrypt the 'b=' value (with the public key)
+            # and compare it with the computed headers_hash.
+            # decrypted_header_hash is the "expected" value.
+            my_headers_hash = headers_hash
+            my_decrypted_header_hash = decrypted_header_hash
+
+            raise DkimVerificationFailure.new("header hash signatures sizes don't match") if my_decrypted_header_hash.size != my_headers_hash.size
+            
+            # Byte-by-byte compare of signatures
+            does_signature_match = my_decrypted_header_hash.bytes.zip(my_headers_hash.bytes).all?{|exp, got| exp == got }
+            raise DkimVerificationFailure.new("header hash signatures don't match. expected #{my_decrypted_header_hash}, got #{my_headers_hash}") unless does_signature_match
+            return does_signature_match # always true, but this is a good guarantee of somebody accidentally refactoring this to always return true
+        end
+
+        private
+
+
+        def verify_body_hash!
+            # here we're figuring out what algorithm to use for computing the signature
+            hasher, @hashid = if @dkim_signature['a'] == "rsa-sha1"
+                      [Digest::SHA1, HASHID_SHA1]
+                    elsif @dkim_signature['a'] == "rsa-sha256"
+                      [Digest::SHA256, HASHID_SHA256]
+                    else
+                      puts "couldn't figure out the right algorithm to use"
+                      exit 1
+                    end
+            
+            body = Dkim.canonicalize_body(@body, @how_to_canonicalize_body)
+            
+            
+            bodyhash = hasher.digest(body)
+
+            $debuglog.puts "bh: #{Base64.encode64(bodyhash)}" unless $debuglog.nil?
+
+            if bodyhash != Base64.decode64(@dkim_signature['bh'].gsub(/\s+/, ''))
+                error_msg = "body hash mismatch (got #{Base64.encode64(bodyhash)}, expected #{@dkim_signature['bh']})"
+                $debuglog.puts error_msg unless $debuglog.nil?
+                raise DkimVerificationFailure.new(error_msg)
+            end
+            nil
+        end
+
+
+        # here we're figuring out the canonicalization algorithm for the body and for the headers
+        def figure_out_canonicalization_methods!
+            c_match = @dkim_signature['c'].match(/(\w+)(?:\/(\w+))?$/)
+            if not c_match
+              puts "can't figure out canonicalization ('c=')"
+              return false
+            end
+            @how_to_canonicalize_headers = c_match[1]
+            if c_match[2]
+                @how_to_canonicalize_body = c_match[2]
+            else
+                @how_to_canonicalize_body = "simple"
+            end
+            raise ArgumentError, "invalid canonicalization method for headers" unless ["relaxed", "simple"].include?(@how_to_canonicalize_headers)
+            raise ArgumentError, "invalid canonicalization method for body" unless ["relaxed", "simple"].include?(@how_to_canonicalize_body)
+        end
+
+        def public_key
+            # here we're getting the website's actual public key from the DNS system
+            # s = dnstxt(sig['s']+"._domainkey."+sig['d']+".")
+            dkim_record_from_dns = DKIM::Query::Domain.query(@dkim_signature['d'], {:selectors => [@dkim_signature['s']]}).keys[@dkim_signature['s']]
+            x = OpenSSL::ASN1.decode(Base64.decode64(dkim_record_from_dns.public_key.to_s))
+            publickey = x.value[1].value
+        end
+
+        def headers_to_sign
+
+            # we figure out which headers we care about, then canonicalize them
+            header_fields_to_include = @dkim_signature['h'].split(/\s*:\s*/)
+            $debuglog.puts "header_fields_to_include: #{header_fields_to_include}" unless $debuglog.nil?
+            canonicalized_headers = []
+            canonicalized_headers = Dkim.canonicalize_headers(header_fields_to_include.map{|header_name| [header_name, @headers[header_name].value] }, @how_to_canonicalize_headers)
+            # def _remove(s, t):
+            #     i = s.find(t)
+            #     assert i >= 0
+            #     return s[:i] + s[i+len(t):]
+
+
+            # The call to _remove() assumes that the signature b= only appears once in the signature header
+            canonicalized_headers += Dkim.canonicalize_headers([
+                [
+                    @headers["DKIM-Signature"].name.to_s, 
+                    @headers["DKIM-Signature"].value.to_s.split(@dkim_signature['b']).join('')
+                ]
+            ], @how_to_canonicalize_headers).map{|x| [x[0], x[1].rstrip()] }
+
+            $debuglog.puts "verify headers: #{canonicalized_headers}" unless $debuglog.nil?
+            canonicalized_headers
+        end
+
+        def headers_digest
+            hasher = if @dkim_signature['a'] == "rsa-sha1"
+                      Digest::SHA1
+                    elsif @dkim_signature['a'] == "rsa-sha256"
+                      Digest::SHA256
+                    else
+                      puts "couldn't figure out the right algorithm to use"
+                      exit 1
+                    end.new
+            headers_to_sign.each do |header|
+                hasher.update(header[0])
+                hasher.update(":")
+                hasher.update(header[1])
+            end
+            digest = hasher.digest
+            $debuglog.puts "verify digest: #{  Base64.encode64(digest)  }" unless $debuglog.nil?
+            digest
+        end
+        
+
+        def headers_hash
+            dinfo = OpenSSL::ASN1::Sequence.new([
+                        OpenSSL::ASN1::Sequence.new([
+                            @hashid,
+                            OpenSSL::ASN1::Null.new(nil),
+                        ]),
+                        OpenSSL::ASN1::OctetString.new(headers_digest),
+                ])
+            $debuglog.puts "dinfo: #{ dinfo.to_der  }" unless $debuglog.nil?
+            headers_der = Base64.encode64(dinfo.to_der).gsub(/\s+/, '')
+            $debuglog.puts "headers_hash: #{headers_der}" unless $debuglog.nil?
+            headers_der
+        end
+
+        def decrypted_header_hash
+            decrypted_header_hash_bytes = OpenSSL::PKey::RSA.new(public_key).public_decrypt(Base64.decode64(@dkim_signature['b']))
+            ret = Base64.encode64(decrypted_header_hash_bytes).gsub(/\s+/, '')
+            $debuglog.puts "decrypted_header_hash: #{ret}" unless $debuglog.nil?
+            ret
+        end
+
+        def validate_signature!
+            # version: only version 1 is defined
+            raise InvalidDkimSignature("DKIM signature is missing required tag v=") unless @dkim_signature.include?('v')
+            raise InvalidDkimSignature("DKIM signature v= value is invalid (got \"#{@dkim_signature['v']}\"; expected \"1\")") unless @dkim_signature['v'] == "1"
+            
+            # encryption algorithm
+            raise InvalidDkimSignature("DKIM signature is missing required tag a=") unless @dkim_signature.include?('a')
+            
+            # header hash
+            raise InvalidDkimSignature("DKIM signature is missing required tag b=") unless @dkim_signature.include?('b')
+            raise InvalidDkimSignature("DKIM signature b= value is not valid base64") unless @dkim_signature['b'].match(/[\s0-9A-Za-z+\/]+=*$/)
+            raise InvalidDkimSignature("DKIM signature is missing required tag h=") unless @dkim_signature.include?('h')
+            
+            # body hash (not directly encrypted)
+            raise InvalidDkimSignature("DKIM signature is missing required tag bh=") unless @dkim_signature.include?('bh')
+            raise InvalidDkimSignature("DKIM signature bh= value is not valid base64") unless @dkim_signature['bh'].match(/[\s0-9A-Za-z+\/]+=*$/)
+            
+            # domain selector
+            raise InvalidDkimSignature("DKIM signature is missing required tag d=") unless @dkim_signature.include?('d')
+            raise InvalidDkimSignature("DKIM signature is missing required tag s=") unless @dkim_signature.include?('s')
+            
+            # these are expiration dates, which are not checked above.
+            raise InvalidDkimSignature("DKIM signature t= value is not a valid decimal integer") unless @dkim_signature['t'].nil? || @dkim_signature['t'].match(/\d+$/)
+            raise InvalidDkimSignature("DKIM signature x= value is not a valid decimal integer") unless @dkim_signature['x'].nil? || @dkim_signature['x'].match(/\d+$/)
+            raise InvalidDkimSignature("DKIM signature x= value is less than t= (and must be greater than or equal to t=). (x=#{@dkim_signature['x']}, t=#{@dkim_signature['t']}) ") unless @dkim_signature['x'].nil? || @dkim_signature['x'].to_i >= @dkim_signature['t'].to_i
+
+            # other unimplemented stuff
+            raise InvalidDkimSignature("DKIM signature i= domain is not a subdomain of d= (i=#{@dkim_signature[i]} d=#{@dkim_signature[d]})") if @dkim_signature['i'] && !(@dkim_signature['i'].end_with?(@dkim_signature['d']) || ["@", ".", "@."].include?(@dkim_signature['i'][-@dkim_signature['d'].size-1]))
+            raise InvalidDkimSignature("DKIM signature l= value is invalid") if @dkim_signature['l'] && !@dkim_signature['l'].match(/\d{,76}$/)
+            raise InvalidDkimSignature("DKIM signature q= value is invalid (got \"#{@dkim_signature['q']}\"; expected \"dns/txt\")") if @dkim_signature['q'] && @dkim_signature['q'] != "dns/txt"
+        end
+    end
+
+    # these two canonicalization methods are defined in the DKIM RFC
+    def self.canonicalize_headers(headers, how)
+      if how == "simple"
+        # No changes to headers.
+        $debuglog.puts "canonicalizing headers with 'simple'" unless $debuglog.nil?
+        return headers
+      elsif how == "relaxed"
+        # Convert all header field names to lowercase.
+        # Unfold all header lines.
+        # Compress WSP to single space.
+        # Remove all WSP at the start or end of the field value (strip).
+        $debuglog.puts "canonicalizing headers with 'relaxed'" unless $debuglog.nil?
+        headers.map{|k, v| [k.downcase, v.gsub(/\r\n/, '').gsub(/\s+/, " ").strip + "\r\n"]  }
+      end
+    end
+    def self.canonicalize_body(body, how)
+      if how == "simple"  
+        $debuglog.puts "canonicalizing body with 'simple'" unless $debuglog.nil?
+        # Ignore all empty lines at the end of the message body.
+        body.gsub(/(\r\n)*$/, "\r\n")
+      elsif how == "relaxed"
+        $debuglog.puts "canonicalizing body with 'relaxed'" unless $debuglog.nil?
+        
+        body.gsub(/[\x09\x20]+\r\n/, "\r\n") # Remove all trailing WSP at end of lines.
+            .gsub(/[\x09\x20]+/, " ")        # Compress non-line-ending WSP to single space.
+            .gsub(/(\r\n)+\Z/, "\r\n")       # Ignore all empty lines at the end of the message body.
+                                             # POTENTIAL PROBLEM: the python source has /(\r\n)*$/ so the + / * change is dubious
+      end
+    end
+
+end
+
+if __FILE__ == $0
+    emlfn = ARGV[0] || "/Users/204434/code/stevedore-uploader-internal/inputs/podesta-part36/59250.eml"
+    begin
+        Dkim::Verifier.new(emlfn).verify!
+    rescue Dkim::DkimError
+        puts "uh oh, something went wrong, the signature did not verify correctly"
+        exit 1
+    end
+    puts "signature verified correctly"
+end

metadata

@@ -0,0 +1,104 @@
+--- !ruby/object:Gem::Specification
+name: dkimverify
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jeremy B. Merrill
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.6.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.6.4
+- !ruby/object:Gem::Dependency
+  name: parslet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+description: " A pure-Ruby library for validating/verifying DKIM signatures. "
+email:
+- jeremybmerrill@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- dkim-query/.gitignore
+- dkim-query/.rspec
+- dkim-query/.travis.yml
+- dkim-query/.yardopts
+- dkim-query/ChangeLog.md
+- dkim-query/Gemfile
+- dkim-query/LICENSE.txt
+- dkim-query/README.md
+- dkim-query/Rakefile
+- dkim-query/bin/dkim-query
+- dkim-query/dkim-query.gemspec
+- dkim-query/lib/dkim/query.rb
+- dkim-query/lib/dkim/query/domain.rb
+- dkim-query/lib/dkim/query/exceptions.rb
+- dkim-query/lib/dkim/query/key.rb
+- dkim-query/lib/dkim/query/malformed_key.rb
+- dkim-query/lib/dkim/query/parser.rb
+- dkim-query/lib/dkim/query/query.rb
+- dkim-query/lib/dkim/query/version.rb
+- dkim-query/spec/domain_spec.rb
+- dkim-query/spec/key_spec.rb
+- dkim-query/spec/malformed_key.rb
+- dkim-query/spec/parser_spec.rb
+- dkim-query/spec/query_spec.rb
+- dkim-query/spec/spec_helper.rb
+- dkim-query/tasks/alexa.rb
+- dkimverify.gemspec
+- dkimverify.rb
+homepage: https://github.com/jeremybmerrill/dkimverify
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- dkim-query
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: A pure-Ruby library for validating/verifying DKIM signatures.
+test_files: []