X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fpdkim%2Fpdkim.h;h=005249d154ff1690cf10282b695b8c7a73d98b26;hp=8c477f744cbd3f49b6ba0a7b05af71c15d27ba0d;hb=260958d632506e2789fc632381f560f5a0c77ed7;hpb=d5c0d8c9374623620844d539d4810da63e9abca1;ds=sidebyside diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 8c477f744..005249d15 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -26,6 +26,15 @@ #include "../blob.h" #include "../hash.h" +#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ + "Message-ID:To:Cc:MIME-Version:Content-Type:"\ + "Content-Transfer-Encoding:Content-ID:"\ + "Content-Description:Resent-Date:Resent-From:"\ + "Resent-Sender:Resent-To:Resent-Cc:"\ + "Resent-Message-ID:In-Reply-To:References:"\ + "List-Id:List-Help:List-Unsubscribe:"\ + "List-Subscribe:List-Post:List-Owner:List-Archive" + /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt callback function. This should match the maximum RDLENGTH from DNS. */ @@ -51,28 +60,24 @@ #define PDKIM_VERIFY_FAIL_BODY 1 #define PDKIM_VERIFY_FAIL_MESSAGE 2 -#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3 -#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4 -#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 5 -#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 6 -#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 7 -#define PDKIM_VERIFY_INVALID_DKIM_VERSION 8 +#define PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH 3 +#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 4 +#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 5 +#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 6 +#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 7 +#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 8 +#define PDKIM_VERIFY_INVALID_DKIM_VERSION 9 /* -------------------------------------------------------------------------- */ /* Some parameter values */ #define PDKIM_QUERYMETHOD_DNS_TXT 0 -#define PDKIM_ALGO_RSA_SHA256 0 -#define PDKIM_ALGO_RSA_SHA1 1 +/*#define PDKIM_ALGO_RSA_SHA256 0 */ +/*#define PDKIM_ALGO_RSA_SHA1 1 */ #define PDKIM_CANON_SIMPLE 0 #define PDKIM_CANON_RELAXED 1 -#define PDKIM_HASH_SHA256 0 -#define PDKIM_HASH_SHA1 1 - -#define PDKIM_KEYTYPE_RSA 0 - /* -------------------------------------------------------------------------- */ /* Some required forward declarations, please ignore */ typedef struct pdkim_stringlist pdkim_stringlist; @@ -97,14 +102,12 @@ typedef struct sha2_context sha2_context; /* -------------------------------------------------------------------------- */ /* Public key as (usually) fetched from DNS */ typedef struct pdkim_pubkey { - uschar *version; /* v= */ - uschar *granularity; /* g= */ + const uschar * version; /* v= */ + const uschar *granularity; /* g= */ -#ifdef notdef - uschar *hashes; /* h= */ - uschar *keytype; /* k= */ -#endif - uschar *srvtype; /* s= */ + const uschar * hashes; /* h= */ + const uschar * keytype; /* k= */ + const uschar * srvtype; /* s= */ uschar *notes; /* n= */ blob key; /* p= */ @@ -112,18 +115,34 @@ typedef struct pdkim_pubkey { int no_subdomaining; /* t=s */ } pdkim_pubkey; +/* -------------------------------------------------------------------------- */ +/* Body-hash to be calculated */ +typedef struct pdkim_bodyhash { + struct pdkim_bodyhash * next; + int hashtype; + int canon_method; + long bodylength; + + hctx body_hash_ctx; + unsigned long signed_body_bytes; /* done so far */ + int num_buffered_blanklines; + + blob bh; /* completed hash */ +} pdkim_bodyhash; + /* -------------------------------------------------------------------------- */ /* Signature as it appears in a DKIM-Signature header */ typedef struct pdkim_signature { + struct pdkim_signature * next; /* Bits stored in a DKIM signature header --------------------------- */ /* (v=) The version, as an integer. Currently, always "1" */ int version; - /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 - or PDKIM_ALGO_RSA_SHA1 */ - int algo; + /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 */ + int keytype; /* pdkim_keytypes index */ + int hashtype; /* pdkim_hashes index */ /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED */ @@ -169,7 +188,7 @@ typedef struct pdkim_signature { /* (bh=) Raw body hash data, along with its length in bytes */ blob bodyhash; - /* Folded DKIM-Signature: header. Singing only, NULL for verifying. + /* Folded DKIM-Signature: header. Signing only, NULL for verifying. Ready for insertion into the message. Note: Folded using CRLFTB, but final line terminator is NOT included. Note2: This buffer is free()d when you call pdkim_free_ctx(). */ @@ -226,19 +245,15 @@ typedef struct pdkim_signature { Caution: is NULL if signing or if no record was retrieved. */ pdkim_pubkey *pubkey; - /* Pointer to the next pdkim_signature signature. NULL if signing or if - this is the last signature. */ - void *next; - /* Properties below this point are used internally only ------------- */ /* Per-signature helper variables ----------------------------------- */ - hctx body_hash_ctx; + pdkim_bodyhash *calc_body_hash; /* hash to be / being calculated */ + + pdkim_stringlist *headers; /* Raw headers included in the sig */ - unsigned long signed_body_bytes; /* How many body bytes we hashed */ - pdkim_stringlist *headers; /* Raw headers included in the sig */ /* Signing specific ------------------------------------------------- */ - uschar * rsa_privkey; /* Private RSA key */ + uschar * privkey; /* Private key */ uschar * sign_headers; /* To-be-signed header names */ uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */ } pdkim_signature; @@ -259,16 +274,16 @@ typedef struct pdkim_ctx { /* One (signing) or several chained (verification) signatures */ pdkim_signature *sig; + /* One (signing) or several chained (verification) bodyhashes */ + pdkim_bodyhash *bodyhash; + /* Callback for dns/txt query method (verification only) */ - int(*dns_txt_callback)(char *, char *); + uschar * (*dns_txt_callback)(char *); /* Coder's little helpers */ - uschar *cur_header; - int cur_header_size; - int cur_header_len; - char *linebuf; + gstring *cur_header; + uschar *linebuf; int linebuf_offset; - int num_buffered_crlf; int num_headers; pdkim_stringlist *headers; /* Raw headers for verification */ } pdkim_ctx; @@ -285,21 +300,26 @@ extern "C" { void pdkim_init (void); +void pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(char *)); + DLLEXPORT -pdkim_ctx *pdkim_init_sign (char *, char *, char *, int, - BOOL, int(*)(char *, char *), const uschar **); +pdkim_signature *pdkim_init_sign (pdkim_ctx *, + uschar *, uschar *, uschar *, uschar *, + const uschar **); DLLEXPORT -pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL); +pdkim_ctx *pdkim_init_verify (uschar * (*)(char *), BOOL); DLLEXPORT -int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int, +void pdkim_set_optional (pdkim_signature *, char *, char *,int, int, long, unsigned long, unsigned long); +pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, pdkim_signature *); + DLLEXPORT -int pdkim_feed (pdkim_ctx *, char *, int); +int pdkim_feed (pdkim_ctx *, uschar *, int); DLLEXPORT int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **, const uschar **); @@ -309,6 +329,8 @@ void pdkim_free_ctx (pdkim_ctx *); const uschar * pdkim_errstr(int); +uschar * dkim_sig_to_a_tag(const pdkim_signature * sig); + #ifdef __cplusplus } #endif