X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/cd1a5fe0ed22087c6afbe585ab0206c2a4a267aa..d73e45df63ef6602fa32bd3e196d20735a0b69b5:/src/src/pdkim/pdkim.h

diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index c1c8c262e..3c420ae63 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -2,7 +2,7 @@
  *  PDKIM - a RFC4871 (DKIM) implementation
  *
  *  Copyright (C) 2009 - 2012  Tom Kistner <tom@duncanthrax.net>
- *  Copyright (c) Jeremy Harris 2016
+ *  Copyright (c) 2016 - 2017  Jeremy Harris
  *
  *  http://duncanthrax.net/pdkim/
  *
@@ -51,25 +51,23 @@
 
 #define PDKIM_VERIFY_FAIL_BODY                    1
 #define PDKIM_VERIFY_FAIL_MESSAGE                 2
-#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE   3
-#define PDKIM_VERIFY_INVALID_BUFFER_SIZE          4
-#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD     5
-#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT        6
-#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR      7
-#define PDKIM_VERIFY_INVALID_DKIM_VERSION         8
+#define PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH	  3
+#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE   4
+#define PDKIM_VERIFY_INVALID_BUFFER_SIZE          5
+#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD     6
+#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT        7
+#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR      8
+#define PDKIM_VERIFY_INVALID_DKIM_VERSION         9
 
 /* -------------------------------------------------------------------------- */
 /* Some parameter values */
 #define PDKIM_QUERYMETHOD_DNS_TXT 0
 
-#define PDKIM_ALGO_RSA_SHA256     0
-#define PDKIM_ALGO_RSA_SHA1       1
-
 #define PDKIM_CANON_SIMPLE        0
 #define PDKIM_CANON_RELAXED       1
 
-#define PDKIM_HASH_SHA256         0
-#define PDKIM_HASH_SHA1           1
+/*XXX change to enums */
+#define PDKIM_HASH_SHA256         1
 
 #define PDKIM_KEYTYPE_RSA         0
 
@@ -97,14 +95,14 @@ typedef struct sha2_context sha2_context;
 /* -------------------------------------------------------------------------- */
 /* Public key as (usually) fetched from DNS */
 typedef struct pdkim_pubkey {
-  uschar *version;                /* v=  */
-  uschar *granularity;            /* g=  */
+  const uschar * version;         /* v=  */
+  const uschar *granularity;      /* g=  */
 
+  const uschar * hashes;          /* h=  */
 #ifdef notdef
-  uschar *hashes;                 /* h=  */
   uschar *keytype;                /* k=  */
 #endif
-  uschar *srvtype;                /* s=  */
+  const uschar *srvtype;          /* s=  */
   uschar *notes;                  /* n=  */
 
   blob  key;                      /* p=  */
@@ -121,9 +119,8 @@ typedef struct pdkim_signature {
   /* (v=) The version, as an integer. Currently, always "1" */
   int version;
 
-  /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256
-     or PDKIM_ALGO_RSA_SHA1 */
-  int algo;
+  int keytype;	/* PDKIM_KEYTYPE_RSA */
+  int hashtype;	/* pdkim_hashes index */
 
   /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
      or PDKIM_CANON_RELAXED */
@@ -164,7 +161,7 @@ typedef struct pdkim_signature {
   uschar *copiedheaders;
 
   /* (b=) Raw signature data, along with its length in bytes */
-  blob sigdata;
+  blob sighash;
 
   /* (bh=) Raw body hash data, along with its length in bytes */
   blob bodyhash;
@@ -233,12 +230,12 @@ typedef struct pdkim_signature {
   /* Properties below this point are used internally only ------------- */
 
   /* Per-signature helper variables ----------------------------------- */
-  hctx         body_hash;
+  hctx         body_hash_ctx;
 
   unsigned long signed_body_bytes; /* How many body bytes we hashed     */
   pdkim_stringlist *headers; /* Raw headers included in the sig         */
   /* Signing specific ------------------------------------------------- */
-  uschar * rsa_privkey;     /* Private RSA key                             */
+  uschar * privkey;	     /* Private key                                 */
   uschar * sign_headers;    /* To-be-signed header names                   */
   uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */
 } pdkim_signature;
@@ -250,9 +247,10 @@ typedef struct pdkim_ctx {
 
 #define PDKIM_MODE_SIGN   BIT(0)	/* if unset, mode==verify */
 #define PDKIM_DOT_TERM	  BIT(1)	/* dot termination and unstuffing */
-#define PDKIM_SEEN_LF	  BIT(2)
-#define PDKIM_SEEN_EOD	  BIT(3)
+#define PDKIM_SEEN_CR	  BIT(2)
+#define PDKIM_SEEN_LF	  BIT(3)
 #define PDKIM_PAST_HDRS	  BIT(4)
+#define PDKIM_SEEN_EOD	  BIT(5)
   unsigned   flags;
 
   /* One (signing) or several chained (verification) signatures */
@@ -285,8 +283,8 @@ extern "C" {
 void	   pdkim_init         (void);
 
 DLLEXPORT
-pdkim_ctx *pdkim_init_sign    (char *, char *, char *, int,
-			      BOOL, int(*)(char *, char *));
+pdkim_ctx *pdkim_init_sign    (uschar *, uschar *, uschar *, uschar *,
+			      BOOL, int(*)(char *, char *), const uschar **);
 
 DLLEXPORT
 pdkim_ctx *pdkim_init_verify  (int(*)(char *, char *), BOOL);
@@ -298,15 +296,17 @@ int        pdkim_set_optional (pdkim_ctx *, char *, char *,int, int,
                                unsigned long);
 
 DLLEXPORT
-int        pdkim_feed         (pdkim_ctx *, char *, int);
+int        pdkim_feed         (pdkim_ctx *, uschar *, int);
 DLLEXPORT
-int        pdkim_feed_finish  (pdkim_ctx *, pdkim_signature **);
+int        pdkim_feed_finish  (pdkim_ctx *, pdkim_signature **, const uschar **);
 
 DLLEXPORT
 void       pdkim_free_ctx     (pdkim_ctx *);
 
 
-const char *	pdkim_errstr(int);
+const uschar *	pdkim_errstr(int);
+
+uschar *	dkim_sig_to_a_tag(pdkim_signature * sig);
 
 #ifdef __cplusplus
 }