DKIM: fix $dkim_key_length in verify

[exim.git] / src / src / pdkim / pdkim.h

diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 1a7a0c8d09e680ccb3a0cb858c5ef9a7f71faf05..0b21df8ab358ea5b12e1f0128cf7d828408a35d0 100644 (file)
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -35,6 +35,15 @@
                              "List-Id:List-Help:List-Unsubscribe:"\
                              "List-Subscribe:List-Post:List-Owner:List-Archive"
 
+#define PDKIM_OVERSIGN_HEADERS "+From:+Sender:+Reply-To:+Subject:+Date:"\
+                             "+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:"\
+                             "+Content-Transfer-Encoding:+Content-ID:"\
+                             "+Content-Description:+Resent-Date:+Resent-From:"\
+                             "+Resent-Sender:+Resent-To:+Resent-Cc:"\
+                             "+Resent-Message-ID:+In-Reply-To:+References:"\
+                             "+List-Id:+List-Help:+List-Unsubscribe:"\
+                             "+List-Subscribe:+List-Post:+List-Owner:+List-Archive"
+
 /* -------------------------------------------------------------------------- */
 /* Length of the preallocated buffer for the "answer" from the dns/txt
    callback function. This should match the maximum RDLENGTH from DNS. */
@@ -48,8 +57,9 @@
 #define PDKIM_ERR_RSA_SIGNING      -102
 #define PDKIM_ERR_LONG_LINE        -103
 #define PDKIM_ERR_BUFFER_TOO_SMALL -104
-#define PDKIM_SIGN_PRIVKEY_WRAP    -105
-#define PDKIM_SIGN_PRIVKEY_B64D    -106
+#define PDKIM_ERR_EXCESS_SIGS     -105
+#define PDKIM_SIGN_PRIVKEY_WRAP    -106
+#define PDKIM_SIGN_PRIVKEY_B64D    -107
 
 /* -------------------------------------------------------------------------- */
 /* Main/Extended verification status */
@@ -57,6 +67,7 @@
 #define PDKIM_VERIFY_INVALID   1
 #define PDKIM_VERIFY_FAIL      2
 #define PDKIM_VERIFY_PASS      3
+#define PDKIM_VERIFY_POLICY    BIT(31)
 
 #define PDKIM_VERIFY_FAIL_BODY                    1
 #define PDKIM_VERIFY_FAIL_MESSAGE                 2
@@ -72,9 +83,6 @@
 /* Some parameter values */
 #define PDKIM_QUERYMETHOD_DNS_TXT 0
 
-/*#define PDKIM_ALGO_RSA_SHA256     0 */
-/*#define PDKIM_ALGO_RSA_SHA1       1 */
-
 #define PDKIM_CANON_SIMPLE        0
 #define PDKIM_CANON_RELAXED       1
 
@@ -140,9 +148,10 @@ typedef struct pdkim_signature {
   /* (v=) The version, as an integer. Currently, always "1" */
   int version;
 
-  /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 */
-  int keytype; /* pdkim_keytypes index */
-  int hashtype;        /* pdkim_hashes index */
+  /* (a=) The signature algorithm. */
+  int          keytype;        /* pdkim_keytypes index */
+  unsigned     keybits;        /* size of the key */
+  int          hashtype;       /* pdkim_hashes index */
 
   /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
      or PDKIM_CANON_RELAXED */
@@ -278,7 +287,7 @@ typedef struct pdkim_ctx {
   pdkim_bodyhash *bodyhash;
 
   /* Callback for dns/txt query method (verification only) */
-  uschar * (*dns_txt_callback)(char *);
+  uschar * (*dns_txt_callback)(const uschar *);
 
   /* Coder's little helpers */
   gstring   *cur_header;
@@ -289,6 +298,17 @@ typedef struct pdkim_ctx {
 } pdkim_ctx;
 
 
+/******************************************************************************/
+
+typedef struct {
+  const uschar * dkim_hashname;
+  hashmethod    exim_hashmethod;
+} pdkim_hashtype;
+extern const pdkim_hashtype pdkim_hashes[];
+
+/******************************************************************************/
+
+
 /* -------------------------------------------------------------------------- */
 /* API functions. Please see the sample code in sample/test_sign.c and
    sample/test_verify.c for documentation.
@@ -300,7 +320,7 @@ extern "C" {
 
 void      pdkim_init         (void);
 
-void      pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(char *));
+void      pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(const uschar *));
 
 DLLEXPORT
 pdkim_signature *pdkim_init_sign    (pdkim_ctx *,
@@ -308,7 +328,7 @@ pdkim_signature *pdkim_init_sign    (pdkim_ctx *,
                               const uschar **);
 
 DLLEXPORT
-pdkim_ctx *pdkim_init_verify  (uschar * (*)(char *), BOOL);
+pdkim_ctx *pdkim_init_verify  (uschar * (*)(const uschar *), BOOL);
 
 DLLEXPORT
 void       pdkim_set_optional (pdkim_signature *, char *, char *,int, int,
@@ -316,7 +336,10 @@ void       pdkim_set_optional (pdkim_signature *, char *, char *,int, int,
                                unsigned long,
                                unsigned long);
 
-pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, pdkim_signature *);
+int            pdkim_hashname_to_hashtype(const uschar *, unsigned);
+void           pdkim_cstring_to_canons(const uschar *, unsigned, int *, int *);
+pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, int, int, long);
+pdkim_bodyhash *pdkim_set_sig_bodyhash(pdkim_ctx *, pdkim_signature *);
 
 DLLEXPORT
 int        pdkim_feed         (pdkim_ctx *, uschar *, int);
@@ -329,7 +352,14 @@ void       pdkim_free_ctx     (pdkim_ctx *);
 
 const uschar * pdkim_errstr(int);
 
-uschar *       dkim_sig_to_a_tag(const pdkim_signature * sig);
+extern uschar *                pdkim_encode_base64(blob *);
+extern void            pdkim_decode_base64(const uschar *, blob *);
+extern void            pdkim_hexprint(const uschar *, int);
+extern void            pdkim_quoteprint(const uschar *, int);
+extern pdkim_pubkey *  pdkim_parse_pubkey_record(const uschar *);
+extern uschar *                pdkim_relax_header_n(const uschar *, int, BOOL);
+extern uschar *                pdkim_relax_header(const uschar *, BOOL);
+extern uschar *                dkim_sig_to_a_tag(const pdkim_signature *);
 
 #ifdef __cplusplus
 }