* PDKIM - a RFC4871 (DKIM) implementation
*
* Copyright (C) 2009 - 2012 Tom Kistner <tom@duncanthrax.net>
- * Copyright (c) Jeremy Harris 2016
+ * Copyright (c) 2016 - 2017 Jeremy Harris
*
* http://duncanthrax.net/pdkim/
*
#ifndef PDKIM_H
#define PDKIM_H
-#include "blob.h"
-#include "hash.h"
+#include "../blob.h"
+#include "../hash.h"
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
/* Function success / error codes */
#define PDKIM_OK 0
#define PDKIM_FAIL -1
-#define PDKIM_ERR_OOM -100
#define PDKIM_ERR_RSA_PRIVKEY -101
#define PDKIM_ERR_RSA_SIGNING -102
#define PDKIM_ERR_LONG_LINE -103
#define PDKIM_VERIFY_FAIL 2
#define PDKIM_VERIFY_PASS 3
-#define PDKIM_VERIFY_FAIL_BODY 1
-#define PDKIM_VERIFY_FAIL_MESSAGE 2
-#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
-#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4
-#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 5
-#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 6
+#define PDKIM_VERIFY_FAIL_BODY 1
+#define PDKIM_VERIFY_FAIL_MESSAGE 2
+#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
+#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4
+#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 5
+#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 6
+#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 7
+#define PDKIM_VERIFY_INVALID_DKIM_VERSION 8
/* -------------------------------------------------------------------------- */
/* Some parameter values */
/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
typedef struct pdkim_pubkey {
- char *version; /* v= */
- char *granularity; /* g= */
+ uschar *version; /* v= */
+ uschar *granularity; /* g= */
- char *hashes; /* h= */
- char *keytype; /* k= */
- char *srvtype; /* s= */
- char *notes; /* n= */
+#ifdef notdef
+ uschar *hashes; /* h= */
+ uschar *keytype; /* k= */
+#endif
+ uschar *srvtype; /* s= */
+ uschar *notes; /* n= */
blob key; /* p= */
-
int testing; /* t=y */
int no_subdomaining; /* t=s */
} pdkim_pubkey;
int querymethod;
/* (s=) The selector string as given in the signature */
- char *selector;
+ uschar *selector;
/* (d=) The domain as given in the signature */
- char *domain;
+ uschar *domain;
/* (i=) The identity as given in the signature */
- char *identity;
+ uschar *identity;
/* (t=) Timestamp of signature creation */
unsigned long created;
uschar *headernames;
/* (z=) */
- char *copiedheaders;
+ uschar *copiedheaders;
/* (b=) Raw signature data, along with its length in bytes */
- blob sigdata;
+ blob sighash;
/* (bh=) Raw body hash data, along with its length in bytes */
blob bodyhash;
Ready for insertion into the message. Note: Folded using CRLFTB,
but final line terminator is NOT included. Note2: This buffer is
free()d when you call pdkim_free_ctx(). */
- char *signature_header;
+ uschar *signature_header;
/* The main verification status. Verification only. One of:
/* Properties below this point are used internally only ------------- */
/* Per-signature helper variables ----------------------------------- */
- hctx body_hash;
+ hctx body_hash_ctx;
unsigned long signed_body_bytes; /* How many body bytes we hashed */
pdkim_stringlist *headers; /* Raw headers included in the sig */
/* Signing specific ------------------------------------------------- */
- char *rsa_privkey; /* Private RSA key */
- char *sign_headers; /* To-be-signed header names */
- char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */
+ uschar * rsa_privkey; /* Private RSA key */
+ uschar * sign_headers; /* To-be-signed header names */
+ uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */
} pdkim_signature;
/* -------------------------------------------------------------------------- */
/* Context to keep state between all operations. */
-#define PDKIM_MODE_SIGN 0
-#define PDKIM_MODE_VERIFY 1
typedef struct pdkim_ctx {
- /* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */
- int mode;
+#define PDKIM_MODE_SIGN BIT(0) /* if unset, mode==verify */
+#define PDKIM_DOT_TERM BIT(1) /* dot termination and unstuffing */
+#define PDKIM_SEEN_CR BIT(2)
+#define PDKIM_SEEN_LF BIT(3)
+#define PDKIM_PAST_HDRS BIT(4)
+#define PDKIM_SEEN_EOD BIT(5)
+ unsigned flags;
/* One (signing) or several chained (verification) signatures */
pdkim_signature *sig;
int(*dns_txt_callback)(char *, char *);
/* Coder's little helpers */
- pdkim_str *cur_header;
+ uschar *cur_header;
+ int cur_header_size;
+ int cur_header_len;
char *linebuf;
int linebuf_offset;
- BOOL seen_lf;
- BOOL seen_eod;
- BOOL past_headers;
int num_buffered_crlf;
int num_headers;
pdkim_stringlist *headers; /* Raw headers for verification */
void pdkim_init (void);
DLLEXPORT
-pdkim_ctx *pdkim_init_sign (char *, char *, char *, int);
+pdkim_ctx *pdkim_init_sign (char *, char *, char *, int,
+ BOOL, int(*)(char *, char *), const uschar **);
DLLEXPORT
-pdkim_ctx *pdkim_init_verify (int(*)(char *, char *));
+pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL);
DLLEXPORT
int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int,
DLLEXPORT
int pdkim_feed (pdkim_ctx *, char *, int);
DLLEXPORT
-int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
+int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **, const uschar **);
DLLEXPORT
void pdkim_free_ctx (pdkim_ctx *);
+
+const uschar * pdkim_errstr(int);
+
#ifdef __cplusplus
}
#endif
git://git.exim.org / users / jgh / exim.git / blobdiff