-# $Cambridge: exim/src/src/pdkim/Makefile,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $
+# $Cambridge: exim/src/src/pdkim/Makefile,v 1.1.2.2 2009/04/09 07:49:10 tom Exp $
OBJ = base64.o bignum.o pdkim.o rsa.o sha1.o sha2.o
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
base64.o: $(HDRS) base64.c
-bignum.o: $(HDRS) base64.c
-pdkim.o: $(HDRS) base64.c
-rsa.o: $(HDRS) base64.c
-sha1.o: $(HDRS) base64.c
-sha2.o: $(HDRS) base64.c
+bignum.o: $(HDRS) bignum.c
+pdkim.o: $(HDRS) pdkim.c
+rsa.o: $(HDRS) rsa.c
+sha1.o: $(HDRS) sha1.c
+sha2.o: $(HDRS) sha2.c
# End
-# $Cambridge: exim/src/src/pdkim/README,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $
+$Cambridge: exim/src/src/pdkim/README,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $
-Preliminary REAME. Please ignore FTTB.
+PDKIM - a RFC4871 (DKIM) implementation
+http://duncanthrax.net/pdkim/
+Copyright (C) 2009 Tom Kistner <tom@duncanthrax.net>
+
+Includes code from the PolarSSL project.
+http://polarssl.org
+Copyright (C) 2009 Paul Bakker <polarssl_maintainer@polarssl.org>
+Copyright (C) 2006-2008 Christophe Devine
+
+This copy of PDKIM is included with Exim. For a standalone distribution,
+visit http://duncanthrax.net/pdkim/.
-/* $Cambridge: exim/src/src/pdkim/base64.c,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/*
* RFC 1521 base64 encoding/decoding
*
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+/* $Cambridge: exim/src/src/pdkim/base64.c,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#include "base64.h"
static const unsigned char base64_enc_map[64] =
-/* $Cambridge: exim/src/src/pdkim/base64.h,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/**
* \file base64.h
*
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
+/* $Cambridge: exim/src/src/pdkim/base64.h,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_BASE64_H
#define POLARSSL_BASE64_H
-/* $Cambridge: exim/src/src/pdkim/bignum.c,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/*
* Multi-precision integer library
*
* http://math.libtomcrypt.com/files/tommath.pdf
*/
+/* $Cambridge: exim/src/src/pdkim/bignum.c,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#include "bignum.h"
#include "bn_mul.h"
-/* $Cambridge: exim/src/src/pdkim/bignum.h,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/**
* \file bignum.h
*
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
+/* $Cambridge: exim/src/src/pdkim/bignum.h,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H
-/* $Cambridge: exim/src/src/pdkim/bn_mul.h,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/**
* \file bn_mul.h
*
* . Alpha . MIPS32
* . C, longlong . C, generic
*/
+
+/* $Cambridge: exim/src/src/pdkim/bn_mul.h,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_BN_MUL_H
#define POLARSSL_BN_MUL_H
-/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.8 2009/03/17 16:20:13 tom Exp $ */
-/* pdkim.c */
+/*
+ * PDKIM - a RFC4871 (DKIM) implementation
+ *
+ * Copyright (C) 2009 Tom Kistner <tom@duncanthrax.net>
+ *
+ * http://duncanthrax.net/pdkim/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.9 2009/04/09 07:49:11 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include <strings.h>
#include <ctype.h>
-#include <unistd.h>
#include "pdkim.h"
#define PDKIM_MAX_HEADERS 512
#define PDKIM_MAX_BODY_LINE_LEN 1024
#define PDKIM_DNS_TXT_MAX_NAMELEN 1024
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
"Message-ID:To:Cc:MIME-Version:Content-Type:"\
"Content-Transfer-Encoding:Content-ID:"\
"List-Id:List-Help:List-Unsubscribe:"\
"List-Subscribe:List-Post:List-Owner:List-Archive"
-
+/* -------------------------------------------------------------------------- */
struct pdkim_stringlist {
char *value;
void *next;
unsigned int allocated;
};
-
-
/* -------------------------------------------------------------------------- */
/* A bunch of list constants */
char *pdkim_querymethods[] = {
for (i=0;i<len;i++) {
int c = p[i];
- fprintf(stream,"%02x ",c);
+ fprintf(stream,"%02x",c);
}
if (lf)
fputc('\n',stream);
/* -------------------------------------------------------------------------- */
-void pdkim_free_ctx(pdkim_ctx *ctx) {
+DLLEXPORT void pdkim_free_ctx(pdkim_ctx *ctx) {
if (ctx) {
pdkim_free_sig(ctx->sig);
pdkim_strfree(ctx->cur_header);
sig = malloc(sizeof(pdkim_signature));
if (sig == NULL) return NULL;
memset(sig,0,sizeof(pdkim_signature));
+ sig->bodylength = -1;
sig->rawsig_no_b_val = malloc(strlen(raw_hdr)+1);
if (sig->rawsig_no_b_val == NULL) {
sig->expires = strtoul(cur_val->str,NULL,10);
break;
case 'l':
- sig->bodylength = strtoul(cur_val->str,NULL,10);
+ sig->bodylength = strtol(cur_val->str,NULL,10);
break;
case 'h':
sig->headernames = strdup(cur_val->str);
}
*q = '\0';
+ /* Chomp raw header. The final newline must not be added to the signature. */
+ q--;
+ while( (q > sig->rawsig_no_b_val) && ((*q == '\r') || (*q == '\n')) ) {
+ *q = '\0'; q--;
+ }
+
#ifdef PDKIM_DEBUG
if (ctx->debug_stream) {
fprintf(ctx->debug_stream,
}
/* Make sure we don't exceed the to-be-signed body length */
- if (sig->bodylength &&
+ if ((sig->bodylength >= 0) &&
((sig->signed_body_bytes+(unsigned long)canon_len) > sig->bodylength))
canon_len = (sig->bodylength - sig->signed_body_bytes);
/* If bodylength limit is set, and we have received less bytes
than the requested amount, effectively remove the limit tag. */
- if (sig->signed_body_bytes < sig->bodylength) sig->bodylength = 0;
+ if (sig->signed_body_bytes < sig->bodylength) sig->bodylength = -1;
}
/* VERIFICATION --------------------------------------------------------- */
else {
/* Traverse all signatures */
while (sig != NULL) {
+ pdkim_stringlist *list;
/* SIGNING -------------------------------------------------------------- */
if (ctx->mode == PDKIM_MODE_SIGN) {
}
/* Add header to the signed headers list */
- pdkim_stringlist *list = pdkim_append_stringlist(sig->headers,
- ctx->cur_header->str);
+ list = pdkim_append_stringlist(sig->headers,
+ ctx->cur_header->str);
if (list == NULL) return PDKIM_ERR_OOM;
sig->headers = list;
(strncasecmp(ctx->cur_header->str,
DKIM_SIGNATURE_HEADERNAME,
strlen(DKIM_SIGNATURE_HEADERNAME)) == 0) ) {
+ pdkim_signature *new_sig;
/* Create and chain new signature block */
#ifdef PDKIM_DEBUG
if (ctx->debug_stream)
fprintf(ctx->debug_stream,
"PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
#endif
- pdkim_signature *new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header->str);
+ new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header->str);
if (new_sig != NULL) {
pdkim_signature *last_sig = ctx->sig;
if (last_sig == NULL) {
/* -------------------------------------------------------------------------- */
#define HEADER_BUFFER_FRAG_SIZE 256
-int pdkim_feed (pdkim_ctx *ctx,
+DLLEXPORT int pdkim_feed (pdkim_ctx *ctx,
char *data,
int len) {
int p;
goto BAIL;
}
}
- if (sig->bodylength > 0) {
+ if (sig->bodylength >= 0) {
if (!( pdkim_strcat(hdr,"l=") &&
pdkim_numcat(hdr,sig->bodylength) &&
pdkim_strcat(hdr,";") ) ) {
/* -------------------------------------------------------------------------- */
-int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures) {
+DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures) {
pdkim_signature *sig = ctx->sig;
pdkim_str *headernames = NULL; /* Collected signed header names */
if (sig->algo == PDKIM_ALGO_RSA_SHA1) {
sha1_update(&(sha1_headers),(unsigned char *)sig_hdr,strlen(sig_hdr));
sha1_finish(&(sha1_headers),(unsigned char *)headerhash);
+ fprintf(ctx->debug_stream, "PDKIM [%s] hh computed: ", sig->domain);
+ pdkim_hexprint(ctx->debug_stream, headerhash, 20, 1);
}
else {
sha2_update(&(sha2_headers),(unsigned char *)sig_hdr,strlen(sig_hdr));
sha2_finish(&(sha2_headers),(unsigned char *)headerhash);
+ fprintf(ctx->debug_stream, "PDKIM [%s] hh computed: ", sig->domain);
+ pdkim_hexprint(ctx->debug_stream, headerhash, 32, 1);
}
free(sig_hdr);
/* -------------------------------------------------------------------------- */
-pdkim_ctx *pdkim_init_verify(int input_mode,
+DLLEXPORT pdkim_ctx *pdkim_init_verify(int input_mode,
int(*dns_txt_callback)(char *, char *)
) {
pdkim_ctx *ctx = malloc(sizeof(pdkim_ctx));
/* -------------------------------------------------------------------------- */
-pdkim_ctx *pdkim_init_sign(int input_mode,
+DLLEXPORT pdkim_ctx *pdkim_init_sign(int input_mode,
char *domain,
char *selector,
char *rsa_privkey) {
pdkim_ctx *ctx;
+ pdkim_signature *sig;
if (!domain || !selector || !rsa_privkey) return NULL;
return NULL;
}
- pdkim_signature *sig = malloc(sizeof(pdkim_signature));
+ sig = malloc(sizeof(pdkim_signature));
if (sig == NULL) {
free(ctx->linebuf);
free(ctx);
return NULL;
}
memset(sig,0,sizeof(pdkim_signature));
+ sig->bodylength = -1;
ctx->mode = PDKIM_MODE_SIGN;
ctx->input_mode = input_mode;
#ifdef PDKIM_DEBUG
/* -------------------------------------------------------------------------- */
-void pdkim_set_debug_stream(pdkim_ctx *ctx,
+DLLEXPORT void pdkim_set_debug_stream(pdkim_ctx *ctx,
FILE *debug_stream) {
ctx->debug_stream = debug_stream;
};
#endif
/* -------------------------------------------------------------------------- */
-int pdkim_set_optional(pdkim_ctx *ctx,
+DLLEXPORT int pdkim_set_optional(pdkim_ctx *ctx,
char *sign_headers,
char *identity,
int canon_headers,
int canon_body,
- unsigned long bodylength,
+ long bodylength,
int algo,
unsigned long created,
unsigned long expires) {
-/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.8 2009/03/17 21:11:56 tom Exp $ */
-/* pdkim.h */
+/*
+ * PDKIM - a RFC4871 (DKIM) implementation
+ *
+ * Copyright (C) 2009 Tom Kistner <tom@duncanthrax.net>
+ *
+ * http://duncanthrax.net/pdkim/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.9 2009/04/09 07:49:11 tom Exp $ */
/* -------------------------------------------------------------------------- */
/* Debugging. This can also be enabled/disabled at run-time. I recommend to
leave it defined. */
#define PDKIM_DEBUG
+/* -------------------------------------------------------------------------- */
+/* Length of the preallocated buffer for the "answer" from the dns/txt
+ callback function. */
+#define PDKIM_DNS_TXT_MAX_RECLEN 4096
+
/* -------------------------------------------------------------------------- */
/* Function success / error codes */
#define PDKIM_OK 0
#define HAVE_SHA1_CONTEXT
#define HAVE_SHA2_CONTEXT
+/* -------------------------------------------------------------------------- */
+/* Some concessions towards Redmond */
+#ifdef WINDOWS
+#define snprintf _snprintf
+#define strcasecmp _stricmp
+#define strncasecmp _strnicmp
+#define DLLEXPORT __declspec(dllexport)
+#else
+#define DLLEXPORT
+#endif
+
+
/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
typedef struct pdkim_pubkey {
/* (x=) Timestamp of expiry of signature */
unsigned long expires;
- /* (l=) Amount of hashed body bytes (after canonicalization) */
- unsigned long bodylength;
+ /* (l=) Amount of hashed body bytes (after canonicalization). Default
+ is -1. Note: a value of 0 means that the body is unsigned! */
+ long bodylength;
/* (h=) Colon-separated list of header names that are included in the
signature */
/* -------------------------------------------------------------------------- */
-/* API functions. Please see pdkim-api.txt for documentation / example code. */
+/* API functions. Please see the sample code in sample/test_sign.c and
+ sample/test_verify.c for documentation.
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
-pdkim_ctx
- *pdkim_init_sign (int, char *, char *, char *);
+DLLEXPORT
+pdkim_ctx *pdkim_init_sign (int, char *, char *, char *);
-pdkim_ctx
- *pdkim_init_verify (int, int(*)(char *, char *));
+DLLEXPORT
+pdkim_ctx *pdkim_init_verify (int, int(*)(char *, char *));
-int pdkim_set_optional (pdkim_ctx *,
- char *, char *,
- int, int,
- unsigned long, int,
+DLLEXPORT
+int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int,
+ long, int,
unsigned long,
unsigned long);
-int pdkim_feed (pdkim_ctx *, char *, int);
-int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
+DLLEXPORT
+int ppdkim_feed (pdkim_ctx *, char *, int);
+DLLEXPORT
+int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
-void pdkim_free_ctx (pdkim_ctx *);
+DLLEXPORT
+void pdkim_free_ctx (pdkim_ctx *);
#ifdef PDKIM_DEBUG
-void pdkim_set_debug_stream (pdkim_ctx *, FILE *);
+DLLEXPORT
+void pdkim_set_debug_stream(pdkim_ctx *, FILE *);
+#endif
+
+#ifdef __cplusplus
+}
#endif
-/* $Cambridge: exim/src/src/pdkim/rsa.c,v 1.1.2.3 2009/03/17 21:11:56 tom Exp $ */
/*
* The RSA public-key cryptosystem
*
* http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
*/
+/* $Cambridge: exim/src/src/pdkim/rsa.c,v 1.1.2.4 2009/04/09 07:49:11 tom Exp $ */
+
#include "rsa.h"
#include "base64.h"
-/* $Cambridge: exim/src/src/pdkim/rsa.h,v 1.1.2.3 2009/03/17 21:11:56 tom Exp $ */
/**
* \file rsa.h
*
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
+/* $Cambridge: exim/src/src/pdkim/rsa.h,v 1.1.2.4 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H
-/* $Cambridge: exim/src/src/pdkim/sha1.c,v 1.1.2.2 2009/02/24 18:43:59 tom Exp $ */
/*
* FIPS-180-1 compliant SHA-1 implementation
*
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/
+/* $Cambridge: exim/src/src/pdkim/sha1.c,v 1.1.2.3 2009/04/09 07:49:11 tom Exp $ */
+
#include "sha1.h"
#include <string.h>
-/* $Cambridge: exim/src/src/pdkim/sha1.h,v 1.1.2.3 2009/03/17 14:56:55 tom Exp $ */
/**
* \file sha1.h
*
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
+/* $Cambridge: exim/src/src/pdkim/sha1.h,v 1.1.2.4 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H
-/* $Cambridge: exim/src/src/pdkim/sha2.c,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
/*
* FIPS-180-2 compliant SHA-256 implementation
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
+/* $Cambridge: exim/src/src/pdkim/sha2.c,v 1.1.2.2 2009/04/09 07:49:11 tom Exp $ */
+
#include "sha2.h"
#include <string.h>
-/* $Cambridge: exim/src/src/pdkim/sha2.h,v 1.1.2.2 2009/03/17 14:56:55 tom Exp $ */
/**
* \file sha2.h
*
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
+/* $Cambridge: exim/src/src/pdkim/sha2.h,v 1.1.2.3 2009/04/09 07:49:11 tom Exp $ */
+
#ifndef POLARSSL_SHA2_H
#define POLARSSL_SHA2_H