-/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.5 2009/03/17 12:57:37 tom Exp $ */
-/* pdkim.h */
-
-#include "sha1.h"
-#include "sha2.h"
-#include "rsa.h"
-#include "base64.h"
-
-#define PDKIM_SIGNATURE_VERSION "1"
-#define PDKIM_PUB_RECORD_VERSION "DKIM1"
-
-#define PDKIM_MAX_HEADER_LEN 65536
-#define PDKIM_MAX_HEADERS 512
-#define PDKIM_MAX_BODY_LINE_LEN 1024
-#define PDKIM_DNS_TXT_MAX_NAMELEN 1024
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
-#define PDKIM_DEBUG
-#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
- "Message-ID:To:Cc:MIME-Version:Content-Type:"\
- "Content-Transfer-Encoding:Content-ID:"\
- "Content-Description:Resent-Date:Resent-From:"\
- "Resent-Sender:Resent-To:Resent-Cc:"\
- "Resent-Message-ID:In-Reply-To:References:"\
- "List-Id:List-Help:List-Unsubscribe:"\
- "List-Subscribe:List-Post:List-Owner:List-Archive"
+/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.6 2009/03/17 14:56:55 tom Exp $ */
+/* pdkim-api.h */
+/* -------------------------------------------------------------------------- */
+/* Debugging. This can also be enabled/disabled at run-time. I recommend to
+ leave it defined. */
+#define PDKIM_DEBUG
+/* -------------------------------------------------------------------------- */
/* Function success / error codes */
#define PDKIM_OK 0
#define PDKIM_FAIL -1
#define PDKIM_ERR_LONG_LINE -103
#define PDKIM_ERR_BUFFER_TOO_SMALL -104
-/* Main verification status */
+/* -------------------------------------------------------------------------- */
+/* Main/Extended verification status */
#define PDKIM_VERIFY_NONE 0
#define PDKIM_VERIFY_INVALID 1
#define PDKIM_VERIFY_FAIL 2
#define PDKIM_VERIFY_PASS 3
-/* Extended verification status */
-#define PDKIM_VERIFY_FAIL_BODY 1
-#define PDKIM_VERIFY_FAIL_MESSAGE 2
-
+#define PDKIM_VERIFY_FAIL_BODY 1
+#define PDKIM_VERIFY_FAIL_MESSAGE 2
#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4
#define PDKIM_VERIFY_INVALID_PUBKEY_PARSING 5
-
-#ifdef PDKIM_DEBUG
-void pdkim_quoteprint(FILE *, char *, int, int);
-#endif
-
-typedef struct pdkim_stringlist {
- char *value;
- void *next;
-} pdkim_stringlist;
-pdkim_stringlist *pdkim_append_stringlist(pdkim_stringlist *, char *);
-
-
-#define PDKIM_STR_ALLOC_FRAG 256
-typedef struct pdkim_str {
- char *str;
- unsigned int len;
- unsigned int allocated;
-} pdkim_str;
-pdkim_str *pdkim_strnew (char *);
-char *pdkim_strcat (pdkim_str *, char *);
-char *pdkim_strncat(pdkim_str *, char *, int);
-void pdkim_strfree(pdkim_str *);
-
+/* -------------------------------------------------------------------------- */
+/* Some parameter values */
#define PDKIM_QUERYMETHOD_DNS_TXT 0
#define PDKIM_ALGO_RSA_SHA256 0
#define PDKIM_KEYTYPE_RSA 0
+/* -------------------------------------------------------------------------- */
+/* Some required forward declarations, please ignore */
+typedef struct pdkim_stringlist pdkim_stringlist;
+typedef struct pdkim_str pdkim_str;
+typedef struct sha1_context sha1_context;
+typedef struct sha2_context sha2_context;
+#define HAVE_SHA1_CONTEXT
+#define HAVE_SHA2_CONTEXT
/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
*/
int verify_status;
-
/* Extended verification status. Depending on the value of verify_status,
it can contain:
For verify_status == PDKIM_VERIFY_FAIL:
PDKIM_VERIFY_FAIL_BODY
- PDKIM_VERIFY_FAIL_MESSAGE
-
+ The calculated body hash does not match the advertised body hash
+ from the bh= tag of the signature.
+ PDKIM_VERIFY_FAIL_MESSAGE
+ RSA verification of the signature (b= tag) failed.
*/
int verify_ext_status;
+ /* Pointer to a public key record that was used to verify the signature.
+ See pdkim_pubkey declaration above for more information.
+ Caution: can be NULL if no record was retrieved. */
+ pdkim_pubkey *pubkey;
+ /* Pointer to the next pdkim_signature signature. NULL if this is the
+ last signature. */
+ void *next;
- pdkim_pubkey *pubkey; /* Public key used to verify this signature. */
- void *next; /* Pointer to next signature in list. */
+ /* Properties below this point are used internally only ------------- */
/* Per-signature helper variables ----------------------------------- */
- sha1_context sha1_body;
- sha2_context sha2_body;
- unsigned long signed_body_bytes;
- pdkim_stringlist *headers;
+ sha1_context *sha1_body; /* SHA1 block */
+ sha2_context *sha2_body; /* SHA256 block */
+ unsigned long signed_body_bytes; /* How many body bytes we hashed */
+ pdkim_stringlist *headers; /* Raw headers included in the sig */
/* Signing specific ------------------------------------------------- */
char *rsa_privkey; /* Private RSA key */
char *sign_headers; /* To-be-signed header names */
/* -------------------------------------------------------------------------- */
/* Context to keep state between all operations */
-
#define PDKIM_MODE_SIGN 0
#define PDKIM_MODE_VERIFY 1
#define PDKIM_INPUT_NORMAL 0
#define PDKIM_INPUT_SMTP 1
-
typedef struct pdkim_ctx {
/* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */
/* Coder's little helpers */
pdkim_str *cur_header;
- char linebuf[PDKIM_MAX_BODY_LINE_LEN];
+ char *linebuf;
int linebuf_offset;
int seen_lf;
int seen_eod;
} pdkim_ctx;
-int header_name_match (char *, char *, int);
-char *pdkim_relax_header (char *, int);
-
-int pdkim_update_bodyhash (pdkim_ctx *, char *, int);
-int pdkim_finish_bodyhash (pdkim_ctx *);
-
-int pdkim_bodyline_complete (pdkim_ctx *);
-int pdkim_header_complete (pdkim_ctx *);
-
-int pdkim_feed (pdkim_ctx *, char *, int);
-int pdkim_feed_finish (pdkim_ctx *, char **);
-
-char *pdkim_create_header (pdkim_signature *, int);
+/* -------------------------------------------------------------------------- */
+/* API functions. Please see pdkim-api.txt for documentation / example code. */
pdkim_ctx
*pdkim_init_sign (int, char *, char *, char *);
pdkim_ctx
- *pdkim_init_verify (int, int(*dns_txt_callback)(char *, char *));
+ *pdkim_init_verify (int, int(*)(char *, char *));
int pdkim_set_optional (pdkim_ctx *,
char *, char *,
unsigned long,
unsigned long);
-void pdkim_free_pubkey (pdkim_pubkey *);
-void pdkim_free_sig (pdkim_signature *);
-void pdkim_free_ctx (pdkim_ctx *);
+int pdkim_feed (pdkim_ctx *, char *, int);
+int pdkim_feed_finish (pdkim_ctx *, char **);
+void pdkim_free_ctx (pdkim_ctx *);
#ifdef PDKIM_DEBUG
void pdkim_set_debug_stream (pdkim_ctx *, FILE *);