* PDKIM - a RFC4871 (DKIM) implementation
*
* Copyright (C) 2009 - 2012 Tom Kistner <tom@duncanthrax.net>
- * Copyright (c) 2016 - 2017 Jeremy Harris
+ * Copyright (c) 2016 - 2018 Jeremy Harris
*
* http://duncanthrax.net/pdkim/
*
#include "../blob.h"
#include "../hash.h"
+#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
+ "Message-ID:To:Cc:MIME-Version:Content-Type:"\
+ "Content-Transfer-Encoding:Content-ID:"\
+ "Content-Description:Resent-Date:Resent-From:"\
+ "Resent-Sender:Resent-To:Resent-Cc:"\
+ "Resent-Message-ID:In-Reply-To:References:"\
+ "List-Id:List-Help:List-Unsubscribe:"\
+ "List-Subscribe:List-Post:List-Owner:List-Archive"
+
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
callback function. This should match the maximum RDLENGTH from DNS. */
#define PDKIM_ERR_RSA_SIGNING -102
#define PDKIM_ERR_LONG_LINE -103
#define PDKIM_ERR_BUFFER_TOO_SMALL -104
-#define PDKIM_SIGN_PRIVKEY_WRAP -105
-#define PDKIM_SIGN_PRIVKEY_B64D -106
+#define PDKIM_ERR_EXCESS_SIGS -105
+#define PDKIM_SIGN_PRIVKEY_WRAP -106
+#define PDKIM_SIGN_PRIVKEY_B64D -107
/* -------------------------------------------------------------------------- */
/* Main/Extended verification status */
#define PDKIM_VERIFY_INVALID 1
#define PDKIM_VERIFY_FAIL 2
#define PDKIM_VERIFY_PASS 3
+#define PDKIM_VERIFY_POLICY BIT(31)
#define PDKIM_VERIFY_FAIL_BODY 1
#define PDKIM_VERIFY_FAIL_MESSAGE 2
/* Some parameter values */
#define PDKIM_QUERYMETHOD_DNS_TXT 0
-#define PDKIM_ALGO_RSA_SHA256 0
-#define PDKIM_ALGO_RSA_SHA1 1
+/*#define PDKIM_ALGO_RSA_SHA256 0 */
+/*#define PDKIM_ALGO_RSA_SHA1 1 */
#define PDKIM_CANON_SIMPLE 0
#define PDKIM_CANON_RELAXED 1
-#define PDKIM_HASH_SHA256 0
-#define PDKIM_HASH_SHA1 1
-
-#define PDKIM_KEYTYPE_RSA 0
-
/* -------------------------------------------------------------------------- */
/* Some required forward declarations, please ignore */
typedef struct pdkim_stringlist pdkim_stringlist;
/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
typedef struct pdkim_pubkey {
- uschar *version; /* v= */
- uschar *granularity; /* g= */
+ const uschar * version; /* v= */
+ const uschar *granularity; /* g= */
- uschar *hashes; /* h= */
-#ifdef notdef
- uschar *keytype; /* k= */
-#endif
- uschar *srvtype; /* s= */
+ const uschar * hashes; /* h= */
+ const uschar * keytype; /* k= */
+ const uschar * srvtype; /* s= */
uschar *notes; /* n= */
blob key; /* p= */
int no_subdomaining; /* t=s */
} pdkim_pubkey;
+/* -------------------------------------------------------------------------- */
+/* Body-hash to be calculated */
+typedef struct pdkim_bodyhash {
+ struct pdkim_bodyhash * next;
+ int hashtype;
+ int canon_method;
+ long bodylength;
+
+ hctx body_hash_ctx;
+ unsigned long signed_body_bytes; /* done so far */
+ int num_buffered_blanklines;
+
+ blob bh; /* completed hash */
+} pdkim_bodyhash;
+
/* -------------------------------------------------------------------------- */
/* Signature as it appears in a DKIM-Signature header */
typedef struct pdkim_signature {
+ struct pdkim_signature * next;
/* Bits stored in a DKIM signature header --------------------------- */
/* (v=) The version, as an integer. Currently, always "1" */
int version;
- /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256
- or PDKIM_ALGO_RSA_SHA1 */
- int algo;
+ /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 */
+ int keytype; /* pdkim_keytypes index */
+ int hashtype; /* pdkim_hashes index */
/* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
or PDKIM_CANON_RELAXED */
/* (bh=) Raw body hash data, along with its length in bytes */
blob bodyhash;
- /* Folded DKIM-Signature: header. Singing only, NULL for verifying.
+ /* Folded DKIM-Signature: header. Signing only, NULL for verifying.
Ready for insertion into the message. Note: Folded using CRLFTB,
but final line terminator is NOT included. Note2: This buffer is
free()d when you call pdkim_free_ctx(). */
Caution: is NULL if signing or if no record was retrieved. */
pdkim_pubkey *pubkey;
- /* Pointer to the next pdkim_signature signature. NULL if signing or if
- this is the last signature. */
- void *next;
-
/* Properties below this point are used internally only ------------- */
/* Per-signature helper variables ----------------------------------- */
- hctx body_hash_ctx;
+ pdkim_bodyhash *calc_body_hash; /* hash to be / being calculated */
+
+ pdkim_stringlist *headers; /* Raw headers included in the sig */
- unsigned long signed_body_bytes; /* How many body bytes we hashed */
- pdkim_stringlist *headers; /* Raw headers included in the sig */
/* Signing specific ------------------------------------------------- */
- uschar * rsa_privkey; /* Private RSA key */
+ uschar * privkey; /* Private key */
uschar * sign_headers; /* To-be-signed header names */
uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */
} pdkim_signature;
/* One (signing) or several chained (verification) signatures */
pdkim_signature *sig;
+ /* One (signing) or several chained (verification) bodyhashes */
+ pdkim_bodyhash *bodyhash;
+
/* Callback for dns/txt query method (verification only) */
- int(*dns_txt_callback)(char *, char *);
+ uschar * (*dns_txt_callback)(uschar *);
/* Coder's little helpers */
- uschar *cur_header;
- int cur_header_size;
- int cur_header_len;
- char *linebuf;
+ gstring *cur_header;
+ uschar *linebuf;
int linebuf_offset;
- int num_buffered_crlf;
int num_headers;
pdkim_stringlist *headers; /* Raw headers for verification */
} pdkim_ctx;
+/******************************************************************************/
+
+typedef struct {
+ const uschar * dkim_hashname;
+ hashmethod exim_hashmethod;
+} pdkim_hashtype;
+extern const pdkim_hashtype pdkim_hashes[];
+
+/******************************************************************************/
+
+
/* -------------------------------------------------------------------------- */
/* API functions. Please see the sample code in sample/test_sign.c and
sample/test_verify.c for documentation.
void pdkim_init (void);
+void pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(uschar *));
+
DLLEXPORT
-pdkim_ctx *pdkim_init_sign (char *, char *, char *, int,
- BOOL, int(*)(char *, char *), const uschar **);
+pdkim_signature *pdkim_init_sign (pdkim_ctx *,
+ uschar *, uschar *, uschar *, uschar *,
+ const uschar **);
DLLEXPORT
-pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL);
+pdkim_ctx *pdkim_init_verify (uschar * (*)(uschar *), BOOL);
DLLEXPORT
-int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int,
+void pdkim_set_optional (pdkim_signature *, char *, char *,int, int,
long,
unsigned long,
unsigned long);
+int pdkim_hashname_to_hashtype(const uschar *, unsigned);
+void pdkim_cstring_to_canons(const uschar *, unsigned, int *, int *);
+pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, int, int, long);
+pdkim_bodyhash *pdkim_set_sig_bodyhash(pdkim_ctx *, pdkim_signature *);
+
DLLEXPORT
int pdkim_feed (pdkim_ctx *, uschar *, int);
DLLEXPORT
const uschar * pdkim_errstr(int);
+extern uschar * pdkim_encode_base64(blob *);
+extern void pdkim_decode_base64(const uschar *, blob *);
+extern void pdkim_hexprint(const uschar *, int);
+extern void pdkim_quoteprint(const uschar *, int);
+extern pdkim_pubkey * pdkim_parse_pubkey_record(const uschar *);
+extern uschar * pdkim_relax_header_n(const uschar *, int, BOOL);
+extern uschar * pdkim_relax_header(const uschar *, BOOL);
+extern uschar * dkim_sig_to_a_tag(const pdkim_signature *);
+
#ifdef __cplusplus
}
#endif