X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/5b12ca9a7b9e95b39512836fd0e43ed7c880fbbd..a6885fb494fd12134b6dd434de1ceddbf1815be9:/src/src/pdkim/pdkim.h

diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 8463312b6..3f7a2dfb4 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -1,30 +1,12 @@
-/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.5 2009/03/17 12:57:37 tom Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.8 2009/03/17 21:11:56 tom Exp $ */
 /* pdkim.h */
 
-#include "sha1.h"
-#include "sha2.h"
-#include "rsa.h"
-#include "base64.h"
-
-#define PDKIM_SIGNATURE_VERSION     "1"
-#define PDKIM_PUB_RECORD_VERSION    "DKIM1"
-
-#define PDKIM_MAX_HEADER_LEN        65536
-#define PDKIM_MAX_HEADERS           512
-#define PDKIM_MAX_BODY_LINE_LEN     1024
-#define PDKIM_DNS_TXT_MAX_NAMELEN   1024
-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
+/* -------------------------------------------------------------------------- */
+/* Debugging. This can also be enabled/disabled at run-time. I recommend to
+   leave it defined. */
 #define PDKIM_DEBUG
-#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
-                             "Message-ID:To:Cc:MIME-Version:Content-Type:"\
-                             "Content-Transfer-Encoding:Content-ID:"\
-                             "Content-Description:Resent-Date:Resent-From:"\
-                             "Resent-Sender:Resent-To:Resent-Cc:"\
-                             "Resent-Message-ID:In-Reply-To:References:"\
-                             "List-Id:List-Help:List-Unsubscribe:"\
-                             "List-Subscribe:List-Post:List-Owner:List-Archive"
-
 
+/* -------------------------------------------------------------------------- */
 /* Function success / error codes */
 #define PDKIM_OK                      0
 #define PDKIM_FAIL                   -1
@@ -34,43 +16,21 @@
 #define PDKIM_ERR_LONG_LINE        -103
 #define PDKIM_ERR_BUFFER_TOO_SMALL -104
 
-/* Main verification status */
+/* -------------------------------------------------------------------------- */
+/* Main/Extended verification status */
 #define PDKIM_VERIFY_NONE      0
 #define PDKIM_VERIFY_INVALID   1
 #define PDKIM_VERIFY_FAIL      2
 #define PDKIM_VERIFY_PASS      3
 
-/* Extended verification status */
-#define PDKIM_VERIFY_FAIL_BODY    1
-#define PDKIM_VERIFY_FAIL_MESSAGE 2
-
+#define PDKIM_VERIFY_FAIL_BODY                  1
+#define PDKIM_VERIFY_FAIL_MESSAGE               2
 #define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3
 #define PDKIM_VERIFY_INVALID_BUFFER_SIZE        4
 #define PDKIM_VERIFY_INVALID_PUBKEY_PARSING     5
 
-
-#ifdef PDKIM_DEBUG
-void pdkim_quoteprint(FILE *, char *, int, int);
-#endif
-
-typedef struct pdkim_stringlist {
-  char *value;
-  void *next;
-} pdkim_stringlist;
-pdkim_stringlist *pdkim_append_stringlist(pdkim_stringlist *, char *);
-
-
-#define PDKIM_STR_ALLOC_FRAG 256
-typedef struct pdkim_str {
-  char         *str;
-  unsigned int  len;
-  unsigned int  allocated;
-} pdkim_str;
-pdkim_str *pdkim_strnew (char *);
-char      *pdkim_strcat (pdkim_str *, char *);
-char      *pdkim_strncat(pdkim_str *, char *, int);
-void       pdkim_strfree(pdkim_str *);
-
+/* -------------------------------------------------------------------------- */
+/* Some parameter values */
 #define PDKIM_QUERYMETHOD_DNS_TXT 0
 
 #define PDKIM_ALGO_RSA_SHA256     0
@@ -84,6 +44,14 @@ void       pdkim_strfree(pdkim_str *);
 
 #define PDKIM_KEYTYPE_RSA         0
 
+/* -------------------------------------------------------------------------- */
+/* Some required forward declarations, please ignore */
+typedef struct pdkim_stringlist pdkim_stringlist;
+typedef struct pdkim_str pdkim_str;
+typedef struct sha1_context sha1_context;
+typedef struct sha2_context sha2_context;
+#define HAVE_SHA1_CONTEXT
+#define HAVE_SHA2_CONTEXT
 
 /* -------------------------------------------------------------------------- */
 /* Public key as (usually) fetched from DNS */
@@ -153,15 +121,21 @@ typedef struct pdkim_signature {
   /* (z=) */
   char *copiedheaders;
 
-  /* (b=) Decoded raw signature data, along with its length in bytes */
+  /* (b=) Raw signature data, along with its length in bytes */
   char *sigdata;
   int   sigdata_len;
 
-  /* (bh=) Decoded raw body hash data, along with its length in bytes */
+  /* (bh=) Raw body hash data, along with its length in bytes */
   char *bodyhash;
   int   bodyhash_len;
 
-  /* The main verification status. One of:
+  /* Folded DKIM-Signature: header. Singing only, NULL for verifying.
+     Ready for insertion into the message. Note: Folded using CRLFTB,
+     but final line terminator is NOT included. Note2: This buffer is
+     free()d when you call pdkim_free_ctx(). */
+  char *signature_header;
+
+  /* The main verification status. Verification only. One of:
 
      PDKIM_VERIFY_NONE      Verification was not attempted. This status
                             should not appear.
@@ -172,17 +146,15 @@ typedef struct pdkim_signature {
 
      PDKIM_VERIFY_FAIL      Verification failed because either the body
                             hash did not match, or the signature verification
-                            failed. This probably means the message was
-                            modified. Check verify_ext_status for the
-                            exact reason.
+                            failed. This means the message was modified.
+                            Check verify_ext_status for the exact reason.
 
      PDKIM_VERIFY_PASS      Verification succeeded.
   */
   int verify_status;
 
-
-  /* Extended verification status. Depending on the value of verify_status,
-     it can contain:
+  /* Extended verification status. Verification only. Depending on the value
+     of verify_status, it can contain:
 
      For verify_status == PDKIM_VERIFY_INVALID:
 
@@ -201,22 +173,30 @@ typedef struct pdkim_signature {
      For verify_status == PDKIM_VERIFY_FAIL:
 
         PDKIM_VERIFY_FAIL_BODY
-        PDKIM_VERIFY_FAIL_MESSAGE
-
+          The calculated body hash does not match the advertised body hash
+          from the bh= tag of the signature.
 
+        PDKIM_VERIFY_FAIL_MESSAGE
+          RSA verification of the signature (b= tag) failed.
   */
   int verify_ext_status;
 
+  /* Pointer to a public key record that was used to verify the signature.
+     See pdkim_pubkey declaration above for more information.
+     Caution: is NULL if signing or if no record was retrieved. */
+  pdkim_pubkey *pubkey;
 
+  /* Pointer to the next pdkim_signature signature. NULL if signing or if
+     this is the last signature. */
+  void *next;
 
-  pdkim_pubkey *pubkey;  /* Public key used to verify this signature.   */
-  void *next;            /* Pointer to next signature in list.          */
+  /* Properties below this point are used internally only ------------- */
 
   /* Per-signature helper variables ----------------------------------- */
-  sha1_context sha1_body;
-  sha2_context sha2_body;
-  unsigned long signed_body_bytes;
-  pdkim_stringlist *headers;
+  sha1_context *sha1_body; /* SHA1 block                                */
+  sha2_context *sha2_body; /* SHA256 block                              */
+  unsigned long signed_body_bytes; /* How many body bytes we hashed     */
+  pdkim_stringlist *headers; /* Raw headers included in the sig         */
   /* Signing specific ------------------------------------------------- */
   char *rsa_privkey;     /* Private RSA key                             */
   char *sign_headers;    /* To-be-signed header names                   */
@@ -227,13 +207,11 @@ typedef struct pdkim_signature {
 
 
 /* -------------------------------------------------------------------------- */
-/* Context to keep state between all operations */
-
+/* Context to keep state between all operations. */
 #define PDKIM_MODE_SIGN     0
 #define PDKIM_MODE_VERIFY   1
 #define PDKIM_INPUT_NORMAL  0
 #define PDKIM_INPUT_SMTP    1
-
 typedef struct pdkim_ctx {
 
   /* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */
@@ -250,7 +228,7 @@ typedef struct pdkim_ctx {
 
   /* Coder's little helpers */
   pdkim_str *cur_header;
-  char       linebuf[PDKIM_MAX_BODY_LINE_LEN];
+  char      *linebuf;
   int        linebuf_offset;
   int        seen_lf;
   int        seen_eod;
@@ -267,25 +245,14 @@ typedef struct pdkim_ctx {
 } pdkim_ctx;
 
 
-int   header_name_match       (char *, char *, int);
-char *pdkim_relax_header      (char *, int);
-
-int   pdkim_update_bodyhash   (pdkim_ctx *, char *, int);
-int   pdkim_finish_bodyhash   (pdkim_ctx *);
-
-int   pdkim_bodyline_complete (pdkim_ctx *);
-int   pdkim_header_complete   (pdkim_ctx *);
-
-int   pdkim_feed              (pdkim_ctx *, char *, int);
-int   pdkim_feed_finish       (pdkim_ctx *, char **);
-
-char *pdkim_create_header     (pdkim_signature *, int);
+/* -------------------------------------------------------------------------- */
+/* API functions. Please see pdkim-api.txt for documentation / example code.  */
 
 pdkim_ctx
      *pdkim_init_sign         (int, char *, char *, char *);
 
 pdkim_ctx
-     *pdkim_init_verify       (int, int(*dns_txt_callback)(char *, char *));
+     *pdkim_init_verify       (int, int(*)(char *, char *));
 
 int   pdkim_set_optional      (pdkim_ctx *,
                                char *, char *,
@@ -294,10 +261,10 @@ int   pdkim_set_optional      (pdkim_ctx *,
                                unsigned long,
                                unsigned long);
 
-void  pdkim_free_pubkey       (pdkim_pubkey *);
-void  pdkim_free_sig          (pdkim_signature *);
-void  pdkim_free_ctx          (pdkim_ctx *);
+int   pdkim_feed              (pdkim_ctx *, char *, int);
+int   pdkim_feed_finish       (pdkim_ctx *, pdkim_signature **);
 
+void  pdkim_free_ctx          (pdkim_ctx *);
 
 #ifdef PDKIM_DEBUG
 void  pdkim_set_debug_stream  (pdkim_ctx *, FILE *);