[exim.git] / src / src / pdkim / pdkim.h

/*
 *  PDKIM - a RFC4871 (DKIM) implementation
 *
 *  Copyright (C) 2009  Tom Kistner <tom@duncanthrax.net>
 *
 *  http://duncanthrax.net/pdkim/
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

/* -------------------------------------------------------------------------- */
/* Debugging. This can also be enabled/disabled at run-time. I recommend to
   leave it defined. */
#define PDKIM_DEBUG

/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
   callback function. */
#define PDKIM_DNS_TXT_MAX_RECLEN    4096

/* -------------------------------------------------------------------------- */
/* Function success / error codes */
#define PDKIM_OK                      0
#define PDKIM_FAIL                   -1
#define PDKIM_ERR_OOM              -100
#define PDKIM_ERR_RSA_PRIVKEY      -101
#define PDKIM_ERR_RSA_SIGNING      -102
#define PDKIM_ERR_LONG_LINE        -103
#define PDKIM_ERR_BUFFER_TOO_SMALL -104

/* -------------------------------------------------------------------------- */
/* Main/Extended verification status */
#define PDKIM_VERIFY_NONE      0
#define PDKIM_VERIFY_INVALID   1
#define PDKIM_VERIFY_FAIL      2
#define PDKIM_VERIFY_PASS      3

#define PDKIM_VERIFY_FAIL_BODY                  1
#define PDKIM_VERIFY_FAIL_MESSAGE               2
#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
#define PDKIM_VERIFY_INVALID_BUFFER_SIZE        4
#define PDKIM_VERIFY_INVALID_PUBKEY_PARSING     5

/* -------------------------------------------------------------------------- */
/* Some parameter values */
#define PDKIM_QUERYMETHOD_DNS_TXT 0

#define PDKIM_ALGO_RSA_SHA256     0
#define PDKIM_ALGO_RSA_SHA1       1

#define PDKIM_CANON_SIMPLE        0
#define PDKIM_CANON_RELAXED       1

#define PDKIM_HASH_SHA256         0
#define PDKIM_HASH_SHA1           1

#define PDKIM_KEYTYPE_RSA         0

/* -------------------------------------------------------------------------- */
/* Some required forward declarations, please ignore */
typedef struct pdkim_stringlist pdkim_stringlist;
typedef struct pdkim_str pdkim_str;
typedef struct sha1_context sha1_context;
typedef struct sha2_context sha2_context;
#define HAVE_SHA1_CONTEXT
#define HAVE_SHA2_CONTEXT

/* -------------------------------------------------------------------------- */
/* Some concessions towards Redmond */
#ifdef WINDOWS
#define snprintf _snprintf
#define strcasecmp _stricmp
#define strncasecmp _strnicmp
#define DLLEXPORT __declspec(dllexport)
#else
#define DLLEXPORT
#endif


/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
typedef struct pdkim_pubkey {
  char *version;                  /* v=  */
  char *granularity;              /* g=  */

  char *hashes;                   /* h=  */
  char *keytype;                  /* k=  */
  char *srvtype;                  /* s=  */
  char *notes;                    /* n=  */

  char *key;                      /* p=  */
  int   key_len;

  int   testing;                  /* t=y */
  int   no_subdomaining;          /* t=s */
} pdkim_pubkey;

/* -------------------------------------------------------------------------- */
/* Signature as it appears in a DKIM-Signature header */
typedef struct pdkim_signature {

  /* Bits stored in a DKIM signature header --------------------------- */

  /* (v=) The version, as an integer. Currently, always "1" */
  int version;

  /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256
     or PDKIM_ALGO_RSA_SHA1 */
  int algo;

  /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
     or PDKIM_CANON_RELAXED */
  int canon_headers;

  /* (c=/x) Body canonicalization method. Either PDKIM_CANON_SIMPLE
     or PDKIM_CANON_RELAXED */
  int canon_body;

  /* (q=) Query Method. Currently, only PDKIM_QUERYMETHOD_DNS_TXT
     is specified */
  int querymethod;

  /* (s=) The selector string as given in the signature */
  char *selector;

  /* (d=) The domain as given in the signature */
  char *domain;

  /* (i=) The identity as given in the signature */
  char *identity;

  /* (t=) Timestamp of signature creation */
  unsigned long created;

  /* (x=) Timestamp of expiry of signature */
  unsigned long expires;

  /* (l=) Amount of hashed body bytes (after canonicalization). Default
     is -1. Note: a value of 0 means that the body is unsigned! */
  long bodylength;

  /* (h=) Colon-separated list of header names that are included in the
     signature */
  char *headernames;

  /* (z=) */
  char *copiedheaders;

  /* (b=) Raw signature data, along with its length in bytes */
  char *sigdata;
  int   sigdata_len;

  /* (bh=) Raw body hash data, along with its length in bytes */
  char *bodyhash;
  int   bodyhash_len;

  /* Folded DKIM-Signature: header. Singing only, NULL for verifying.
     Ready for insertion into the message. Note: Folded using CRLFTB,
     but final line terminator is NOT included. Note2: This buffer is
     free()d when you call pdkim_free_ctx(). */
  char *signature_header;

  /* The main verification status. Verification only. One of:

     PDKIM_VERIFY_NONE      Verification was not attempted. This status
                            should not appear.

     PDKIM_VERIFY_INVALID   There was an error while trying to verify
                            the signature. A more precise description
                            is available in verify_ext_status.

     PDKIM_VERIFY_FAIL      Verification failed because either the body
                            hash did not match, or the signature verification
                            failed. This means the message was modified.
                            Check verify_ext_status for the exact reason.

     PDKIM_VERIFY_PASS      Verification succeeded.
  */
  int verify_status;

  /* Extended verification status. Verification only. Depending on the value
     of verify_status, it can contain:

     For verify_status == PDKIM_VERIFY_INVALID:

        PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE
          Unable to retrieve a public key container.

        PDKIM_VERIFY_INVALID_BUFFER_SIZE
          Either the DNS name constructed to retrieve the public key record
          does not fit into PDKIM_DNS_TXT_MAX_NAMELEN bytes, or the retrieved
          record is longer than PDKIM_DNS_TXT_MAX_RECLEN bytes.

        PDKIM_VERIFY_INVALID_PUBKEY_PARSING
          (Syntax) error while parsing the retrieved public key record.


     For verify_status == PDKIM_VERIFY_FAIL:

        PDKIM_VERIFY_FAIL_BODY
          The calculated body hash does not match the advertised body hash
          from the bh= tag of the signature.

        PDKIM_VERIFY_FAIL_MESSAGE
          RSA verification of the signature (b= tag) failed.
  */
  int verify_ext_status;

  /* Pointer to a public key record that was used to verify the signature.
     See pdkim_pubkey declaration above for more information.
     Caution: is NULL if signing or if no record was retrieved. */
  pdkim_pubkey *pubkey;

  /* Pointer to the next pdkim_signature signature. NULL if signing or if
     this is the last signature. */
  void *next;

  /* Properties below this point are used internally only ------------- */

  /* Per-signature helper variables ----------------------------------- */
  sha1_context *sha1_body; /* SHA1 block                                */
  sha2_context *sha2_body; /* SHA256 block                              */
  unsigned long signed_body_bytes; /* How many body bytes we hashed     */
  pdkim_stringlist *headers; /* Raw headers included in the sig         */
  /* Signing specific ------------------------------------------------- */
  char *rsa_privkey;     /* Private RSA key                             */
  char *sign_headers;    /* To-be-signed header names                   */
  char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */
} pdkim_signature;


/* -------------------------------------------------------------------------- */
/* Context to keep state between all operations. */
#define PDKIM_MODE_SIGN     0
#define PDKIM_MODE_VERIFY   1
#define PDKIM_INPUT_NORMAL  0
#define PDKIM_INPUT_SMTP    1
typedef struct pdkim_ctx {

  /* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */
  int mode;

  /* PDKIM_INPUT_SMTP or PDKIM_INPUT_NORMAL */
  int input_mode;

  /* One (signing) or several chained (verification) signatures */
  pdkim_signature *sig;

  /* Callback for dns/txt query method (verification only) */
  int(*dns_txt_callback)(char *, char *);

  /* Coder's little helpers */
  pdkim_str *cur_header;
  char      *linebuf;
  int        linebuf_offset;
  int        seen_lf;
  int        seen_eod;
  int        past_headers;
  int        num_buffered_crlf;
  int        num_headers;
  pdkim_stringlist *headers; /* Raw headers for verification         */

#ifdef PDKIM_DEBUG
  /* A FILE pointer. When not NULL, debug output will be generated
    and sent to this stream */
  FILE *debug_stream;
#endif

} pdkim_ctx;


/* -------------------------------------------------------------------------- */
/* API functions. Please see the sample code in sample/test_sign.c and
   sample/test_verify.c for documentation.
*/

#ifdef __cplusplus
extern "C" {
#endif

DLLEXPORT
pdkim_ctx *pdkim_init_sign    (int, char *, char *, char *);

DLLEXPORT
pdkim_ctx *pdkim_init_verify  (int, int(*)(char *, char *));

DLLEXPORT
int        pdkim_set_optional (pdkim_ctx *, char *, char *,int, int,
                               long, int,
                               unsigned long,
                               unsigned long);

DLLEXPORT
int        pdkim_feed         (pdkim_ctx *, char *, int);
DLLEXPORT
int        pdkim_feed_finish  (pdkim_ctx *, pdkim_signature **);

DLLEXPORT
void       pdkim_free_ctx     (pdkim_ctx *);

#ifdef PDKIM_DEBUG
DLLEXPORT
void       pdkim_set_debug_stream(pdkim_ctx *, FILE *);
#endif

#ifdef __cplusplus
}
#endif
Commit	Line	Data
	1	/*
	2	* PDKIM - a RFC4871 (DKIM) implementation
	3	*
	4	* Copyright (C) 2009 Tom Kistner <tom@duncanthrax.net>
	5	*
	6	* http://duncanthrax.net/pdkim/
	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License along
	19	* with this program; if not, write to the Free Software Foundation, Inc.,
	20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
	22
	23	/* -------------------------------------------------------------------------- */
	24	/* Debugging. This can also be enabled/disabled at run-time. I recommend to
	25	leave it defined. */
	26	#define PDKIM_DEBUG
	27
	28	/* -------------------------------------------------------------------------- */
	29	/* Length of the preallocated buffer for the "answer" from the dns/txt
	30	callback function. */
	31	#define PDKIM_DNS_TXT_MAX_RECLEN 4096
	32
	33	/* -------------------------------------------------------------------------- */
	34	/* Function success / error codes */
	35	#define PDKIM_OK 0
	36	#define PDKIM_FAIL -1
	37	#define PDKIM_ERR_OOM -100
	38	#define PDKIM_ERR_RSA_PRIVKEY -101
	39	#define PDKIM_ERR_RSA_SIGNING -102
	40	#define PDKIM_ERR_LONG_LINE -103
	41	#define PDKIM_ERR_BUFFER_TOO_SMALL -104
	42
	43	/* -------------------------------------------------------------------------- */
	44	/* Main/Extended verification status */
	45	#define PDKIM_VERIFY_NONE 0
	46	#define PDKIM_VERIFY_INVALID 1
	47	#define PDKIM_VERIFY_FAIL 2
	48	#define PDKIM_VERIFY_PASS 3
	49
	50	#define PDKIM_VERIFY_FAIL_BODY 1
	51	#define PDKIM_VERIFY_FAIL_MESSAGE 2
	52	#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
	53	#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4
	54	#define PDKIM_VERIFY_INVALID_PUBKEY_PARSING 5
	55
	56	/* -------------------------------------------------------------------------- */
	57	/* Some parameter values */
	58	#define PDKIM_QUERYMETHOD_DNS_TXT 0
	59
	60	#define PDKIM_ALGO_RSA_SHA256 0
	61	#define PDKIM_ALGO_RSA_SHA1 1
	62
	63	#define PDKIM_CANON_SIMPLE 0
	64	#define PDKIM_CANON_RELAXED 1
	65
	66	#define PDKIM_HASH_SHA256 0
	67	#define PDKIM_HASH_SHA1 1
	68
	69	#define PDKIM_KEYTYPE_RSA 0
	70
	71	/* -------------------------------------------------------------------------- */
	72	/* Some required forward declarations, please ignore */
	73	typedef struct pdkim_stringlist pdkim_stringlist;
	74	typedef struct pdkim_str pdkim_str;
	75	typedef struct sha1_context sha1_context;
	76	typedef struct sha2_context sha2_context;
	77	#define HAVE_SHA1_CONTEXT
	78	#define HAVE_SHA2_CONTEXT
	79
	80	/* -------------------------------------------------------------------------- */
	81	/* Some concessions towards Redmond */
	82	#ifdef WINDOWS
	83	#define snprintf _snprintf
	84	#define strcasecmp _stricmp
	85	#define strncasecmp _strnicmp
	86	#define DLLEXPORT __declspec(dllexport)
	87	#else
	88	#define DLLEXPORT
	89	#endif
	90
	91
	92	/* -------------------------------------------------------------------------- */
	93	/* Public key as (usually) fetched from DNS */
	94	typedef struct pdkim_pubkey {
	95	char version; / v= */
	96	char granularity; / g= */
	97
	98	char hashes; / h= */
	99	char keytype; / k= */
	100	char srvtype; / s= */
	101	char notes; / n= */
	102
	103	char key; / p= */
	104	int key_len;
	105
	106	int testing; /* t=y */
	107	int no_subdomaining; /* t=s */
	108	} pdkim_pubkey;
	109
	110	/* -------------------------------------------------------------------------- */
	111	/* Signature as it appears in a DKIM-Signature header */
	112	typedef struct pdkim_signature {
	113
	114	/* Bits stored in a DKIM signature header --------------------------- */
	115
	116	/* (v=) The version, as an integer. Currently, always "1" */
	117	int version;
	118
	119	/* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256
	120	or PDKIM_ALGO_RSA_SHA1 */
	121	int algo;
	122
	123	/* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
	124	or PDKIM_CANON_RELAXED */
	125	int canon_headers;
	126
	127	/* (c=/x) Body canonicalization method. Either PDKIM_CANON_SIMPLE
	128	or PDKIM_CANON_RELAXED */
	129	int canon_body;
	130
	131	/* (q=) Query Method. Currently, only PDKIM_QUERYMETHOD_DNS_TXT
	132	is specified */
	133	int querymethod;
	134
	135	/* (s=) The selector string as given in the signature */
	136	char *selector;
	137
	138	/* (d=) The domain as given in the signature */
	139	char *domain;
	140
	141	/* (i=) The identity as given in the signature */
	142	char *identity;
	143
	144	/* (t=) Timestamp of signature creation */
	145	unsigned long created;
	146
	147	/* (x=) Timestamp of expiry of signature */
	148	unsigned long expires;
	149
	150	/* (l=) Amount of hashed body bytes (after canonicalization). Default
	151	is -1. Note: a value of 0 means that the body is unsigned! */
	152	long bodylength;
	153
	154	/* (h=) Colon-separated list of header names that are included in the
	155	signature */
	156	char *headernames;
	157
	158	/* (z=) */
	159	char *copiedheaders;
	160
	161	/* (b=) Raw signature data, along with its length in bytes */
	162	char *sigdata;
	163	int sigdata_len;
	164
	165	/* (bh=) Raw body hash data, along with its length in bytes */
	166	char *bodyhash;
	167	int bodyhash_len;
	168
	169	/* Folded DKIM-Signature: header. Singing only, NULL for verifying.
	170	Ready for insertion into the message. Note: Folded using CRLFTB,
	171	but final line terminator is NOT included. Note2: This buffer is
	172	free()d when you call pdkim_free_ctx(). */
	173	char *signature_header;
	174
	175	/* The main verification status. Verification only. One of:
	176
	177	PDKIM_VERIFY_NONE Verification was not attempted. This status
	178	should not appear.
	179
	180	PDKIM_VERIFY_INVALID There was an error while trying to verify
	181	the signature. A more precise description
	182	is available in verify_ext_status.
	183
	184	PDKIM_VERIFY_FAIL Verification failed because either the body
	185	hash did not match, or the signature verification
	186	failed. This means the message was modified.
	187	Check verify_ext_status for the exact reason.
	188
	189	PDKIM_VERIFY_PASS Verification succeeded.
	190	*/
	191	int verify_status;
	192
	193	/* Extended verification status. Verification only. Depending on the value
	194	of verify_status, it can contain:
	195
	196	For verify_status == PDKIM_VERIFY_INVALID:
	197
	198	PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE
	199	Unable to retrieve a public key container.
	200
	201	PDKIM_VERIFY_INVALID_BUFFER_SIZE
	202	Either the DNS name constructed to retrieve the public key record
	203	does not fit into PDKIM_DNS_TXT_MAX_NAMELEN bytes, or the retrieved
	204	record is longer than PDKIM_DNS_TXT_MAX_RECLEN bytes.
	205
	206	PDKIM_VERIFY_INVALID_PUBKEY_PARSING
	207	(Syntax) error while parsing the retrieved public key record.
	208
	209
	210	For verify_status == PDKIM_VERIFY_FAIL:
	211
	212	PDKIM_VERIFY_FAIL_BODY
	213	The calculated body hash does not match the advertised body hash
	214	from the bh= tag of the signature.
	215
	216	PDKIM_VERIFY_FAIL_MESSAGE
	217	RSA verification of the signature (b= tag) failed.
	218	*/
	219	int verify_ext_status;
	220
	221	/* Pointer to a public key record that was used to verify the signature.
	222	See pdkim_pubkey declaration above for more information.
	223	Caution: is NULL if signing or if no record was retrieved. */
	224	pdkim_pubkey *pubkey;
	225
	226	/* Pointer to the next pdkim_signature signature. NULL if signing or if
	227	this is the last signature. */
	228	void *next;
	229
	230	/* Properties below this point are used internally only ------------- */
	231
	232	/* Per-signature helper variables ----------------------------------- */
	233	sha1_context sha1_body; / SHA1 block */
	234	sha2_context sha2_body; / SHA256 block */
	235	unsigned long signed_body_bytes; /* How many body bytes we hashed */
	236	pdkim_stringlist headers; / Raw headers included in the sig */
	237	/* Signing specific ------------------------------------------------- */
	238	char rsa_privkey; / Private RSA key */
	239	char sign_headers; / To-be-signed header names */
	240	char rawsig_no_b_val; / Original signature header w/o b= tag value. */
	241	} pdkim_signature;
	242
	243
	244	/* -------------------------------------------------------------------------- */
	245	/* Context to keep state between all operations. */
	246	#define PDKIM_MODE_SIGN 0
	247	#define PDKIM_MODE_VERIFY 1
	248	#define PDKIM_INPUT_NORMAL 0
	249	#define PDKIM_INPUT_SMTP 1
	250	typedef struct pdkim_ctx {
	251
	252	/* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */
	253	int mode;
	254
	255	/* PDKIM_INPUT_SMTP or PDKIM_INPUT_NORMAL */
	256	int input_mode;
	257
	258	/* One (signing) or several chained (verification) signatures */
	259	pdkim_signature *sig;
	260
	261	/* Callback for dns/txt query method (verification only) */
	262	int(dns_txt_callback)(char , char *);
	263
	264	/* Coder's little helpers */
	265	pdkim_str *cur_header;
	266	char *linebuf;
	267	int linebuf_offset;
	268	int seen_lf;
	269	int seen_eod;
	270	int past_headers;
	271	int num_buffered_crlf;
	272	int num_headers;
	273	pdkim_stringlist headers; / Raw headers for verification */
	274
	275	#ifdef PDKIM_DEBUG
	276	/* A FILE pointer. When not NULL, debug output will be generated
	277	and sent to this stream */
	278	FILE *debug_stream;
	279	#endif
	280
	281	} pdkim_ctx;
	282
	283
	284	/* -------------------------------------------------------------------------- */
	285	/* API functions. Please see the sample code in sample/test_sign.c and
	286	sample/test_verify.c for documentation.
	287	*/
	288
	289	#ifdef __cplusplus
	290	extern "C" {
	291	#endif
	292
	293	DLLEXPORT
	294	pdkim_ctx pdkim_init_sign (int, char , char , char );
	295
	296	DLLEXPORT
	297	pdkim_ctx pdkim_init_verify (int, int()(char , char ));
	298
	299	DLLEXPORT
	300	int pdkim_set_optional (pdkim_ctx , char , char *,int, int,
	301	long, int,
	302	unsigned long,
	303	unsigned long);
	304
	305	DLLEXPORT
	306	int pdkim_feed (pdkim_ctx , char , int);
	307	DLLEXPORT
	308	int pdkim_feed_finish (pdkim_ctx , pdkim_signature *);
	309
	310	DLLEXPORT
	311	void pdkim_free_ctx (pdkim_ctx *);
	312
	313	#ifdef PDKIM_DEBUG
	314	DLLEXPORT
	315	void pdkim_set_debug_stream(pdkim_ctx , FILE );
	316	#endif
	317
	318	#ifdef __cplusplus
	319	}
	320	#endif