X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9e70917d0aa5e51f584b2af69ce80df458ac5c79..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/pdkim/pdkim.h diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index a350e6b7e..f918938e8 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -2,7 +2,8 @@ * PDKIM - a RFC4871 (DKIM) implementation * * Copyright (C) 2009 - 2012 Tom Kistner - * Copyright (c) 2016 - 2017 Jeremy Harris + * Copyright (c) 2016 - 2020 Jeremy Harris + * SPDX-License-Identifier: GPL-2.0-or-later * * http://duncanthrax.net/pdkim/ * @@ -26,6 +27,24 @@ #include "../blob.h" #include "../hash.h" +#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ + "Message-ID:To:Cc:MIME-Version:Content-Type:"\ + "Content-Transfer-Encoding:Content-ID:"\ + "Content-Description:Resent-Date:Resent-From:"\ + "Resent-Sender:Resent-To:Resent-Cc:"\ + "Resent-Message-ID:In-Reply-To:References:"\ + "List-Id:List-Help:List-Unsubscribe:"\ + "List-Subscribe:List-Post:List-Owner:List-Archive" + +#define PDKIM_OVERSIGN_HEADERS "+From:+Sender:+Reply-To:+Subject:+Date:"\ + "+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:"\ + "+Content-Transfer-Encoding:+Content-ID:"\ + "+Content-Description:+Resent-Date:+Resent-From:"\ + "+Resent-Sender:+Resent-To:+Resent-Cc:"\ + "+Resent-Message-ID:+In-Reply-To:+References:"\ + "+List-Id:+List-Help:+List-Unsubscribe:"\ + "+List-Subscribe:+List-Post:+List-Owner:+List-Archive" + /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt callback function. This should match the maximum RDLENGTH from DNS. */ @@ -39,8 +58,9 @@ #define PDKIM_ERR_RSA_SIGNING -102 #define PDKIM_ERR_LONG_LINE -103 #define PDKIM_ERR_BUFFER_TOO_SMALL -104 -#define PDKIM_SIGN_PRIVKEY_WRAP -105 -#define PDKIM_SIGN_PRIVKEY_B64D -106 +#define PDKIM_ERR_EXCESS_SIGS -105 +#define PDKIM_SIGN_PRIVKEY_WRAP -106 +#define PDKIM_SIGN_PRIVKEY_B64D -107 /* -------------------------------------------------------------------------- */ /* Main/Extended verification status */ @@ -48,6 +68,7 @@ #define PDKIM_VERIFY_INVALID 1 #define PDKIM_VERIFY_FAIL 2 #define PDKIM_VERIFY_PASS 3 +#define PDKIM_VERIFY_POLICY BIT(31) #define PDKIM_VERIFY_FAIL_BODY 1 #define PDKIM_VERIFY_FAIL_MESSAGE 2 @@ -56,8 +77,9 @@ #define PDKIM_VERIFY_INVALID_BUFFER_SIZE 5 #define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 6 #define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 7 -#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 8 -#define PDKIM_VERIFY_INVALID_DKIM_VERSION 9 +#define PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE 8 +#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 9 +#define PDKIM_VERIFY_INVALID_DKIM_VERSION 10 /* -------------------------------------------------------------------------- */ /* Some parameter values */ @@ -66,11 +88,6 @@ #define PDKIM_CANON_SIMPLE 0 #define PDKIM_CANON_RELAXED 1 -/*XXX change to enums */ -#define PDKIM_HASH_SHA256 1 - -#define PDKIM_KEYTYPE_RSA 0 - /* -------------------------------------------------------------------------- */ /* Some required forward declarations, please ignore */ typedef struct pdkim_stringlist pdkim_stringlist; @@ -99,10 +116,8 @@ typedef struct pdkim_pubkey { const uschar *granularity; /* g= */ const uschar * hashes; /* h= */ -#ifdef notdef - uschar *keytype; /* k= */ -#endif - const uschar *srvtype; /* s= */ + const uschar * keytype; /* k= */ + const uschar * srvtype; /* s= */ uschar *notes; /* n= */ blob key; /* p= */ @@ -110,6 +125,21 @@ typedef struct pdkim_pubkey { int no_subdomaining; /* t=s */ } pdkim_pubkey; +/* -------------------------------------------------------------------------- */ +/* Body-hash to be calculated */ +typedef struct pdkim_bodyhash { + struct pdkim_bodyhash * next; + int hashtype; + int canon_method; + long bodylength; + + hctx body_hash_ctx; + unsigned long signed_body_bytes; /* done so far */ + int num_buffered_blanklines; + + blob bh; /* completed hash */ +} pdkim_bodyhash; + /* -------------------------------------------------------------------------- */ /* Signature as it appears in a DKIM-Signature header */ typedef struct pdkim_signature { @@ -120,8 +150,10 @@ typedef struct pdkim_signature { /* (v=) The version, as an integer. Currently, always "1" */ int version; - int keytype; /* PDKIM_KEYTYPE_RSA */ - int hashtype; /* pdkim_hashes index */ + /* (a=) The signature algorithm. */ + int keytype; /* pdkim_keytypes index */ + unsigned keybits; /* size of the key */ + int hashtype; /* pdkim_hashes index */ /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED */ @@ -227,11 +259,9 @@ typedef struct pdkim_signature { /* Properties below this point are used internally only ------------- */ /* Per-signature helper variables ----------------------------------- */ - hctx body_hash_ctx; + pdkim_bodyhash *calc_body_hash; /* hash to be / being calculated */ - unsigned long signed_body_bytes; /* How many body bytes we hashed */ - int num_buffered_blanklines; - pdkim_stringlist *headers; /* Raw headers included in the sig */ + pdkim_stringlist *headers; /* Raw headers included in the sig */ /* Signing specific ------------------------------------------------- */ uschar * privkey; /* Private key */ @@ -255,20 +285,32 @@ typedef struct pdkim_ctx { /* One (signing) or several chained (verification) signatures */ pdkim_signature *sig; + /* One (signing) or several chained (verification) bodyhashes */ + pdkim_bodyhash *bodyhash; + /* Callback for dns/txt query method (verification only) */ - int(*dns_txt_callback)(char *, char *); + uschar * (*dns_txt_callback)(const uschar *); /* Coder's little helpers */ - uschar *cur_header; - int cur_header_size; - int cur_header_len; - char *linebuf; + gstring *cur_header; + uschar *linebuf; int linebuf_offset; int num_headers; pdkim_stringlist *headers; /* Raw headers for verification */ } pdkim_ctx; +/******************************************************************************/ + +typedef struct { + const uschar * dkim_hashname; + hashmethod exim_hashmethod; +} pdkim_hashtype; +extern const pdkim_hashtype pdkim_hashes[]; + +/******************************************************************************/ + + /* -------------------------------------------------------------------------- */ /* API functions. Please see the sample code in sample/test_sign.c and sample/test_verify.c for documentation. @@ -280,7 +322,7 @@ extern "C" { void pdkim_init (void); -void pdkim_init_context (pdkim_ctx *, BOOL, int(*)(char *, char *)); +void pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(const uschar *)); DLLEXPORT pdkim_signature *pdkim_init_sign (pdkim_ctx *, @@ -288,7 +330,7 @@ pdkim_signature *pdkim_init_sign (pdkim_ctx *, const uschar **); DLLEXPORT -pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL); +pdkim_ctx *pdkim_init_verify (uschar * (*)(const uschar *), BOOL); DLLEXPORT void pdkim_set_optional (pdkim_signature *, char *, char *,int, int, @@ -296,6 +338,11 @@ void pdkim_set_optional (pdkim_signature *, char *, char *,int, int, unsigned long, unsigned long); +int pdkim_hashname_to_hashtype(const uschar *, unsigned); +void pdkim_cstring_to_canons(const uschar *, unsigned, int *, int *); +pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, int, int, long); +pdkim_bodyhash *pdkim_set_sig_bodyhash(pdkim_ctx *, pdkim_signature *); + DLLEXPORT int pdkim_feed (pdkim_ctx *, uschar *, int); DLLEXPORT @@ -307,7 +354,14 @@ void pdkim_free_ctx (pdkim_ctx *); const uschar * pdkim_errstr(int); -uschar * dkim_sig_to_a_tag(const pdkim_signature * sig); +extern uschar * pdkim_encode_base64(blob *); +extern void pdkim_decode_base64(const uschar *, blob *); +extern void pdkim_hexprint(const uschar *, int); +extern void pdkim_quoteprint(const uschar *, int); +extern pdkim_pubkey * pdkim_parse_pubkey_record(const uschar *); +extern uschar * pdkim_relax_header_n(const uschar *, int, BOOL); +extern uschar * pdkim_relax_header(const uschar *, BOOL); +extern uschar * dkim_sig_to_a_tag(const pdkim_signature *); #ifdef __cplusplus }