[hcoop/debian/exim4.git] / src / pdkim / pdkim.h

/*
 *  PDKIM - a RFC4871 (DKIM) implementation
 *
 *  Copyright (C) 2009 - 2012  Tom Kistner <tom@duncanthrax.net>
 *  Copyright (c) 2016 - 2018  Jeremy Harris
 *
 *  http://duncanthrax.net/pdkim/
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#ifndef PDKIM_H
#define PDKIM_H

#include "../blob.h"
#include "../hash.h"

#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
                             "Message-ID:To:Cc:MIME-Version:Content-Type:"\
                             "Content-Transfer-Encoding:Content-ID:"\
                             "Content-Description:Resent-Date:Resent-From:"\
                             "Resent-Sender:Resent-To:Resent-Cc:"\
                             "Resent-Message-ID:In-Reply-To:References:"\
                             "List-Id:List-Help:List-Unsubscribe:"\
                             "List-Subscribe:List-Post:List-Owner:List-Archive"

/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
   callback function. This should match the maximum RDLENGTH from DNS. */
#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)

/* -------------------------------------------------------------------------- */
/* Function success / error codes */
#define PDKIM_OK                      0
#define PDKIM_FAIL                   -1
#define PDKIM_ERR_RSA_PRIVKEY      -101
#define PDKIM_ERR_RSA_SIGNING      -102
#define PDKIM_ERR_LONG_LINE        -103
#define PDKIM_ERR_BUFFER_TOO_SMALL -104
#define PDKIM_ERR_EXCESS_SIGS	   -105
#define PDKIM_SIGN_PRIVKEY_WRAP    -106
#define PDKIM_SIGN_PRIVKEY_B64D    -107

/* -------------------------------------------------------------------------- */
/* Main/Extended verification status */
#define PDKIM_VERIFY_NONE      0
#define PDKIM_VERIFY_INVALID   1
#define PDKIM_VERIFY_FAIL      2
#define PDKIM_VERIFY_PASS      3
#define PDKIM_VERIFY_POLICY    BIT(31)

#define PDKIM_VERIFY_FAIL_BODY                    1
#define PDKIM_VERIFY_FAIL_MESSAGE                 2
#define PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH	  3
#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE   4
#define PDKIM_VERIFY_INVALID_BUFFER_SIZE          5
#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD     6
#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT        7
#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR      8
#define PDKIM_VERIFY_INVALID_DKIM_VERSION         9

/* -------------------------------------------------------------------------- */
/* Some parameter values */
#define PDKIM_QUERYMETHOD_DNS_TXT 0

/*#define PDKIM_ALGO_RSA_SHA256     0 */
/*#define PDKIM_ALGO_RSA_SHA1       1 */

#define PDKIM_CANON_SIMPLE        0
#define PDKIM_CANON_RELAXED       1

/* -------------------------------------------------------------------------- */
/* Some required forward declarations, please ignore */
typedef struct pdkim_stringlist pdkim_stringlist;
typedef struct pdkim_str pdkim_str;
typedef struct sha1_context sha1_context;
typedef struct sha2_context sha2_context;
#define HAVE_SHA1_CONTEXT
#define HAVE_SHA2_CONTEXT

/* -------------------------------------------------------------------------- */
/* Some concessions towards Redmond */
#ifdef WINDOWS
#define snprintf _snprintf
#define strcasecmp _stricmp
#define strncasecmp _strnicmp
#define DLLEXPORT __declspec(dllexport)
#else
#define DLLEXPORT
#endif


/* -------------------------------------------------------------------------- */
/* Public key as (usually) fetched from DNS */
typedef struct pdkim_pubkey {
  const uschar * version;         /* v=  */
  const uschar *granularity;      /* g=  */

  const uschar * hashes;          /* h=  */
  const uschar * keytype;         /* k=  */
  const uschar * srvtype;         /* s=  */
  uschar *notes;                  /* n=  */

  blob  key;                      /* p=  */
  int   testing;                  /* t=y */
  int   no_subdomaining;          /* t=s */
} pdkim_pubkey;

/* -------------------------------------------------------------------------- */
/* Body-hash to be calculated */
typedef struct pdkim_bodyhash {
  struct pdkim_bodyhash *	next;
  int				hashtype;
  int 				canon_method;
  long				bodylength;

  hctx         			body_hash_ctx;
  unsigned long			signed_body_bytes;	/* done so far */
  int				num_buffered_blanklines;

  blob				bh;			/* completed hash */
} pdkim_bodyhash;

/* -------------------------------------------------------------------------- */
/* Signature as it appears in a DKIM-Signature header */
typedef struct pdkim_signature {
  struct pdkim_signature * next;

  /* Bits stored in a DKIM signature header --------------------------- */

  /* (v=) The version, as an integer. Currently, always "1" */
  int version;

  /* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 */
  int keytype;	/* pdkim_keytypes index */
  int hashtype;	/* pdkim_hashes index */

  /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
     or PDKIM_CANON_RELAXED */
  int canon_headers;

  /* (c=/x) Body canonicalization method. Either PDKIM_CANON_SIMPLE
     or PDKIM_CANON_RELAXED */
  int canon_body;

  /* (q=) Query Method. Currently, only PDKIM_QUERYMETHOD_DNS_TXT
     is specified */
  int querymethod;

  /* (s=) The selector string as given in the signature */
  uschar *selector;

  /* (d=) The domain as given in the signature */
  uschar *domain;

  /* (i=) The identity as given in the signature */
  uschar *identity;

  /* (t=) Timestamp of signature creation */
  unsigned long created;

  /* (x=) Timestamp of expiry of signature */
  unsigned long expires;

  /* (l=) Amount of hashed body bytes (after canonicalization). Default
     is -1. Note: a value of 0 means that the body is unsigned! */
  long bodylength;

  /* (h=) Colon-separated list of header names that are included in the
     signature */
  uschar *headernames;

  /* (z=) */
  uschar *copiedheaders;

  /* (b=) Raw signature data, along with its length in bytes */
  blob sighash;

  /* (bh=) Raw body hash data, along with its length in bytes */
  blob bodyhash;

  /* Folded DKIM-Signature: header. Signing only, NULL for verifying.
     Ready for insertion into the message. Note: Folded using CRLFTB,
     but final line terminator is NOT included. Note2: This buffer is
     free()d when you call pdkim_free_ctx(). */
  uschar *signature_header;

  /* The main verification status. Verification only. One of:

     PDKIM_VERIFY_NONE      Verification was not attempted. This status
                            should not appear.

     PDKIM_VERIFY_INVALID   There was an error while trying to verify
                            the signature. A more precise description
                            is available in verify_ext_status.

     PDKIM_VERIFY_FAIL      Verification failed because either the body
                            hash did not match, or the signature verification
                            failed. This means the message was modified.
                            Check verify_ext_status for the exact reason.

     PDKIM_VERIFY_PASS      Verification succeeded.
  */
  int verify_status;

  /* Extended verification status. Verification only. Depending on the value
     of verify_status, it can contain:

     For verify_status == PDKIM_VERIFY_INVALID:

        PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE
          Unable to retrieve a public key container.

        PDKIM_VERIFY_INVALID_BUFFER_SIZE
          Either the DNS name constructed to retrieve the public key record
          does not fit into PDKIM_DNS_TXT_MAX_NAMELEN bytes, or the retrieved
          record is longer than PDKIM_DNS_TXT_MAX_RECLEN bytes.

        PDKIM_VERIFY_INVALID_PUBKEY_PARSING
          (Syntax) error while parsing the retrieved public key record.


     For verify_status == PDKIM_VERIFY_FAIL:

        PDKIM_VERIFY_FAIL_BODY
          The calculated body hash does not match the advertised body hash
          from the bh= tag of the signature.

        PDKIM_VERIFY_FAIL_MESSAGE
          RSA verification of the signature (b= tag) failed.
  */
  int verify_ext_status;

  /* Pointer to a public key record that was used to verify the signature.
     See pdkim_pubkey declaration above for more information.
     Caution: is NULL if signing or if no record was retrieved. */
  pdkim_pubkey *pubkey;

  /* Properties below this point are used internally only ------------- */

  /* Per-signature helper variables ----------------------------------- */
  pdkim_bodyhash *calc_body_hash;	/* hash to be / being calculated */

  pdkim_stringlist *headers;		/* Raw headers included in the sig */

  /* Signing specific ------------------------------------------------- */
  uschar * privkey;	     /* Private key                                 */
  uschar * sign_headers;    /* To-be-signed header names                   */
  uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */
} pdkim_signature;


/* -------------------------------------------------------------------------- */
/* Context to keep state between all operations. */
typedef struct pdkim_ctx {

#define PDKIM_MODE_SIGN   BIT(0)	/* if unset, mode==verify */
#define PDKIM_DOT_TERM	  BIT(1)	/* dot termination and unstuffing */
#define PDKIM_SEEN_CR	  BIT(2)
#define PDKIM_SEEN_LF	  BIT(3)
#define PDKIM_PAST_HDRS	  BIT(4)
#define PDKIM_SEEN_EOD	  BIT(5)
  unsigned   flags;

  /* One (signing) or several chained (verification) signatures */
  pdkim_signature *sig;

  /* One (signing) or several chained (verification) bodyhashes */
  pdkim_bodyhash *bodyhash;

  /* Callback for dns/txt query method (verification only) */
  uschar * (*dns_txt_callback)(uschar *);

  /* Coder's little helpers */
  gstring   *cur_header;
  uschar    *linebuf;
  int        linebuf_offset;
  int        num_headers;
  pdkim_stringlist *headers; /* Raw headers for verification         */
} pdkim_ctx;


/******************************************************************************/

typedef struct {
  const uschar * dkim_hashname;
  hashmethod	 exim_hashmethod;
} pdkim_hashtype;
extern const pdkim_hashtype pdkim_hashes[];

/******************************************************************************/


/* -------------------------------------------------------------------------- */
/* API functions. Please see the sample code in sample/test_sign.c and
   sample/test_verify.c for documentation.
*/

#ifdef __cplusplus
extern "C" {
#endif

void	   pdkim_init         (void);

void	   pdkim_init_context (pdkim_ctx *, BOOL, uschar * (*)(uschar *));

DLLEXPORT
pdkim_signature *pdkim_init_sign    (pdkim_ctx *,
			       uschar *, uschar *, uschar *, uschar *,
			       const uschar **);

DLLEXPORT
pdkim_ctx *pdkim_init_verify  (uschar * (*)(uschar *), BOOL);

DLLEXPORT
void       pdkim_set_optional (pdkim_signature *, char *, char *,int, int,
                               long,
                               unsigned long,
                               unsigned long);

int		pdkim_hashname_to_hashtype(const uschar *, unsigned);
void		pdkim_cstring_to_canons(const uschar *, unsigned, int *, int *);
pdkim_bodyhash *pdkim_set_bodyhash(pdkim_ctx *, int, int, long);
pdkim_bodyhash *pdkim_set_sig_bodyhash(pdkim_ctx *, pdkim_signature *);

DLLEXPORT
int        pdkim_feed         (pdkim_ctx *, uschar *, int);
DLLEXPORT
int        pdkim_feed_finish  (pdkim_ctx *, pdkim_signature **, const uschar **);

DLLEXPORT
void       pdkim_free_ctx     (pdkim_ctx *);


const uschar *	pdkim_errstr(int);

extern uschar *		pdkim_encode_base64(blob *);
extern void		pdkim_decode_base64(const uschar *, blob *);
extern void		pdkim_hexprint(const uschar *, int);
extern void		pdkim_quoteprint(const uschar *, int);
extern pdkim_pubkey *	pdkim_parse_pubkey_record(const uschar *);
extern uschar *		pdkim_relax_header_n(const uschar *, int, BOOL);
extern uschar *		pdkim_relax_header(const uschar *, BOOL);
extern uschar *		dkim_sig_to_a_tag(const pdkim_signature *);

#ifdef __cplusplus
}
#endif

#endif
Commit	Line	Data
420a0d19 CE	1	/*
	2	* PDKIM - a RFC4871 (DKIM) implementation
	3	*
	4	* Copyright (C) 2009 - 2012 Tom Kistner <tom@duncanthrax.net>
2ea97746	5	* Copyright (c) 2016 - 2018 Jeremy Harris
420a0d19 CE	6	*
	7	* http://duncanthrax.net/pdkim/
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License as published by
	11	* the Free Software Foundation; either version 2 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License along
	20	* with this program; if not, write to the Free Software Foundation, Inc.,
	21	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	22	*/
2ea97746 CE	23	#ifndef PDKIM_H
2ea97746 CE	24	#define PDKIM_H
420a0d19	25
2ea97746 CE	26	#include "../blob.h"
	27	#include "../hash.h"
	28
	29	#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
	30	"Message-ID:To:Cc:MIME-Version:Content-Type:"\
	31	"Content-Transfer-Encoding:Content-ID:"\
	32	"Content-Description:Resent-Date:Resent-From:"\
	33	"Resent-Sender:Resent-To:Resent-Cc:"\
	34	"Resent-Message-ID:In-Reply-To:References:"\
	35	"List-Id:List-Help:List-Unsubscribe:"\
	36	"List-Subscribe:List-Post:List-Owner:List-Archive"
420a0d19 CE	37
	38	/* -------------------------------------------------------------------------- */
	39	/* Length of the preallocated buffer for the "answer" from the dns/txt
	40	callback function. This should match the maximum RDLENGTH from DNS. */
	41	#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
	42
	43	/* -------------------------------------------------------------------------- */
	44	/* Function success / error codes */
	45	#define PDKIM_OK 0
	46	#define PDKIM_FAIL -1
420a0d19 CE	47	#define PDKIM_ERR_RSA_PRIVKEY -101
	48	#define PDKIM_ERR_RSA_SIGNING -102
	49	#define PDKIM_ERR_LONG_LINE -103
	50	#define PDKIM_ERR_BUFFER_TOO_SMALL -104
2ea97746 CE	51	#define PDKIM_ERR_EXCESS_SIGS -105
	52	#define PDKIM_SIGN_PRIVKEY_WRAP -106
	53	#define PDKIM_SIGN_PRIVKEY_B64D -107
420a0d19 CE	54
	55	/* -------------------------------------------------------------------------- */
	56	/* Main/Extended verification status */
	57	#define PDKIM_VERIFY_NONE 0
	58	#define PDKIM_VERIFY_INVALID 1
	59	#define PDKIM_VERIFY_FAIL 2
	60	#define PDKIM_VERIFY_PASS 3
2ea97746 CE	61	#define PDKIM_VERIFY_POLICY BIT(31)
	62
	63	#define PDKIM_VERIFY_FAIL_BODY 1
	64	#define PDKIM_VERIFY_FAIL_MESSAGE 2
	65	#define PDKIM_VERIFY_FAIL_SIG_ALGO_MISMATCH 3
	66	#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 4
	67	#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 5
	68	#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 6
	69	#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 7
	70	#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 8
	71	#define PDKIM_VERIFY_INVALID_DKIM_VERSION 9
420a0d19 CE	72
	73	/* -------------------------------------------------------------------------- */
	74	/* Some parameter values */
	75	#define PDKIM_QUERYMETHOD_DNS_TXT 0
	76
2ea97746 CE	77	/#define PDKIM_ALGO_RSA_SHA256 0 /
2ea97746 CE	78	/#define PDKIM_ALGO_RSA_SHA1 1 /
420a0d19 CE	79
	80	#define PDKIM_CANON_SIMPLE 0
	81	#define PDKIM_CANON_RELAXED 1
	82
420a0d19 CE	83	/* -------------------------------------------------------------------------- */
	84	/* Some required forward declarations, please ignore */
	85	typedef struct pdkim_stringlist pdkim_stringlist;
	86	typedef struct pdkim_str pdkim_str;
	87	typedef struct sha1_context sha1_context;
	88	typedef struct sha2_context sha2_context;
	89	#define HAVE_SHA1_CONTEXT
	90	#define HAVE_SHA2_CONTEXT
	91
	92	/* -------------------------------------------------------------------------- */
	93	/* Some concessions towards Redmond */
	94	#ifdef WINDOWS
	95	#define snprintf _snprintf
	96	#define strcasecmp _stricmp
	97	#define strncasecmp _strnicmp
	98	#define DLLEXPORT __declspec(dllexport)
	99	#else
	100	#define DLLEXPORT
	101	#endif
	102
	103
	104	/* -------------------------------------------------------------------------- */
	105	/* Public key as (usually) fetched from DNS */
	106	typedef struct pdkim_pubkey {
2ea97746 CE	107	const uschar * version; /* v= */
2ea97746 CE	108	const uschar granularity; / g= */
420a0d19	109
2ea97746 CE	110	const uschar * hashes; /* h= */
	111	const uschar * keytype; /* k= */
	112	const uschar * srvtype; /* s= */
	113	uschar notes; / n= */
420a0d19	114
2ea97746	115	blob key; /* p= */
420a0d19 CE	116	int testing; /* t=y */
	117	int no_subdomaining; /* t=s */
	118	} pdkim_pubkey;
	119
2ea97746 CE	120	/* -------------------------------------------------------------------------- */
	121	/* Body-hash to be calculated */
	122	typedef struct pdkim_bodyhash {
	123	struct pdkim_bodyhash * next;
	124	int hashtype;
	125	int canon_method;
	126	long bodylength;
	127
	128	hctx body_hash_ctx;
	129	unsigned long signed_body_bytes; /* done so far */
	130	int num_buffered_blanklines;
	131
	132	blob bh; /* completed hash */
	133	} pdkim_bodyhash;
	134
420a0d19 CE	135	/* -------------------------------------------------------------------------- */
	136	/* Signature as it appears in a DKIM-Signature header */
	137	typedef struct pdkim_signature {
2ea97746	138	struct pdkim_signature * next;
420a0d19 CE	139
	140	/* Bits stored in a DKIM signature header --------------------------- */
	141
	142	/* (v=) The version, as an integer. Currently, always "1" */
	143	int version;
	144
2ea97746 CE	145	/* (a=) The signature algorithm. Either PDKIM_ALGO_RSA_SHA256 */
	146	int keytype; /* pdkim_keytypes index */
	147	int hashtype; /* pdkim_hashes index */
420a0d19 CE	148
	149	/* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE
	150	or PDKIM_CANON_RELAXED */
	151	int canon_headers;
	152
	153	/* (c=/x) Body canonicalization method. Either PDKIM_CANON_SIMPLE
	154	or PDKIM_CANON_RELAXED */
	155	int canon_body;
	156
	157	/* (q=) Query Method. Currently, only PDKIM_QUERYMETHOD_DNS_TXT
	158	is specified */
	159	int querymethod;
	160
	161	/* (s=) The selector string as given in the signature */
2ea97746	162	uschar *selector;
420a0d19 CE	163
420a0d19 CE	164	/* (d=) The domain as given in the signature */
2ea97746	165	uschar *domain;
420a0d19 CE	166
420a0d19 CE	167	/* (i=) The identity as given in the signature */
2ea97746	168	uschar *identity;
420a0d19 CE	169
	170	/* (t=) Timestamp of signature creation */
	171	unsigned long created;
	172
	173	/* (x=) Timestamp of expiry of signature */
	174	unsigned long expires;
	175
	176	/* (l=) Amount of hashed body bytes (after canonicalization). Default
	177	is -1. Note: a value of 0 means that the body is unsigned! */
	178	long bodylength;
	179
	180	/* (h=) Colon-separated list of header names that are included in the
	181	signature */
2ea97746	182	uschar *headernames;
420a0d19 CE	183
420a0d19 CE	184	/* (z=) */
2ea97746	185	uschar *copiedheaders;
420a0d19 CE	186
420a0d19 CE	187	/* (b=) Raw signature data, along with its length in bytes */
2ea97746	188	blob sighash;
420a0d19 CE	189
420a0d19 CE	190	/* (bh=) Raw body hash data, along with its length in bytes */
2ea97746	191	blob bodyhash;
420a0d19	192
2ea97746	193	/* Folded DKIM-Signature: header. Signing only, NULL for verifying.
420a0d19 CE	194	Ready for insertion into the message. Note: Folded using CRLFTB,
	195	but final line terminator is NOT included. Note2: This buffer is
	196	free()d when you call pdkim_free_ctx(). */
2ea97746	197	uschar *signature_header;
420a0d19 CE	198
	199	/* The main verification status. Verification only. One of:
	200
	201	PDKIM_VERIFY_NONE Verification was not attempted. This status
	202	should not appear.
	203
	204	PDKIM_VERIFY_INVALID There was an error while trying to verify
	205	the signature. A more precise description
	206	is available in verify_ext_status.
	207
	208	PDKIM_VERIFY_FAIL Verification failed because either the body
	209	hash did not match, or the signature verification
	210	failed. This means the message was modified.
	211	Check verify_ext_status for the exact reason.
	212
	213	PDKIM_VERIFY_PASS Verification succeeded.
	214	*/
	215	int verify_status;
	216
	217	/* Extended verification status. Verification only. Depending on the value
	218	of verify_status, it can contain:
	219
	220	For verify_status == PDKIM_VERIFY_INVALID:
	221
	222	PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE
	223	Unable to retrieve a public key container.
	224
	225	PDKIM_VERIFY_INVALID_BUFFER_SIZE
	226	Either the DNS name constructed to retrieve the public key record
	227	does not fit into PDKIM_DNS_TXT_MAX_NAMELEN bytes, or the retrieved
	228	record is longer than PDKIM_DNS_TXT_MAX_RECLEN bytes.
	229
	230	PDKIM_VERIFY_INVALID_PUBKEY_PARSING
	231	(Syntax) error while parsing the retrieved public key record.
	232
	233
	234	For verify_status == PDKIM_VERIFY_FAIL:
	235
	236	PDKIM_VERIFY_FAIL_BODY
	237	The calculated body hash does not match the advertised body hash
	238	from the bh= tag of the signature.
	239
	240	PDKIM_VERIFY_FAIL_MESSAGE
	241	RSA verification of the signature (b= tag) failed.
	242	*/
	243	int verify_ext_status;
	244
	245	/* Pointer to a public key record that was used to verify the signature.
	246	See pdkim_pubkey declaration above for more information.
	247	Caution: is NULL if signing or if no record was retrieved. */
	248	pdkim_pubkey *pubkey;
	249
420a0d19 CE	250	/* Properties below this point are used internally only ------------- */
	251
	252	/* Per-signature helper variables ----------------------------------- */
2ea97746 CE	253	pdkim_bodyhash calc_body_hash; / hash to be / being calculated */
	254
	255	pdkim_stringlist headers; / Raw headers included in the sig */
	256
420a0d19	257	/* Signing specific ------------------------------------------------- */
2ea97746 CE	258	uschar * privkey; /* Private key */
	259	uschar * sign_headers; /* To-be-signed header names */
	260	uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */
420a0d19 CE	261	} pdkim_signature;
	262
	263
	264	/* -------------------------------------------------------------------------- */
	265	/* Context to keep state between all operations. */
420a0d19 CE	266	typedef struct pdkim_ctx {
420a0d19 CE	267
2ea97746 CE	268	#define PDKIM_MODE_SIGN BIT(0) /* if unset, mode==verify */
	269	#define PDKIM_DOT_TERM BIT(1) /* dot termination and unstuffing */
	270	#define PDKIM_SEEN_CR BIT(2)
	271	#define PDKIM_SEEN_LF BIT(3)
	272	#define PDKIM_PAST_HDRS BIT(4)
	273	#define PDKIM_SEEN_EOD BIT(5)
	274	unsigned flags;
420a0d19 CE	275
	276	/* One (signing) or several chained (verification) signatures */
	277	pdkim_signature *sig;
	278
2ea97746 CE	279	/* One (signing) or several chained (verification) bodyhashes */
	280	pdkim_bodyhash *bodyhash;
	281
420a0d19	282	/* Callback for dns/txt query method (verification only) */
2ea97746	283	uschar * (dns_txt_callback)(uschar );
420a0d19 CE	284
420a0d19 CE	285	/* Coder's little helpers */
2ea97746 CE	286	gstring *cur_header;
2ea97746 CE	287	uschar *linebuf;
420a0d19	288	int linebuf_offset;
420a0d19 CE	289	int num_headers;
420a0d19 CE	290	pdkim_stringlist headers; / Raw headers for verification */
2ea97746	291	} pdkim_ctx;
420a0d19	292
420a0d19	293
2ea97746 CE	294	/******************************************************************************/
	295
	296	typedef struct {
	297	const uschar * dkim_hashname;
	298	hashmethod exim_hashmethod;
	299	} pdkim_hashtype;
	300	extern const pdkim_hashtype pdkim_hashes[];
	301
	302	/******************************************************************************/
420a0d19 CE	303
	304
	305	/* -------------------------------------------------------------------------- */
	306	/* API functions. Please see the sample code in sample/test_sign.c and
	307	sample/test_verify.c for documentation.
	308	*/
	309
	310	#ifdef __cplusplus
	311	extern "C" {
	312	#endif
	313
2ea97746 CE	314	void pdkim_init (void);
	315
	316	void pdkim_init_context (pdkim_ctx , BOOL, uschar ()(uschar ));
	317
420a0d19	318	DLLEXPORT
2ea97746 CE	319	pdkim_signature pdkim_init_sign (pdkim_ctx ,
	320	uschar , uschar , uschar , uschar ,
	321	const uschar **);
420a0d19 CE	322
420a0d19 CE	323	DLLEXPORT
2ea97746	324	pdkim_ctx pdkim_init_verify (uschar ()(uschar ), BOOL);
420a0d19 CE	325
420a0d19 CE	326	DLLEXPORT
2ea97746 CE	327	void pdkim_set_optional (pdkim_signature , char , char *,int, int,
2ea97746 CE	328	long,
420a0d19 CE	329	unsigned long,
	330	unsigned long);
	331
2ea97746 CE	332	int pdkim_hashname_to_hashtype(const uschar *, unsigned);
	333	void pdkim_cstring_to_canons(const uschar , unsigned, int , int *);
	334	pdkim_bodyhash pdkim_set_bodyhash(pdkim_ctx , int, int, long);
	335	pdkim_bodyhash pdkim_set_sig_bodyhash(pdkim_ctx , pdkim_signature *);
	336
420a0d19	337	DLLEXPORT
2ea97746	338	int pdkim_feed (pdkim_ctx , uschar , int);
420a0d19	339	DLLEXPORT
2ea97746	340	int pdkim_feed_finish (pdkim_ctx , pdkim_signature , const uschar *);
420a0d19 CE	341
	342	DLLEXPORT
	343	void pdkim_free_ctx (pdkim_ctx *);
	344
2ea97746 CE	345
	346	const uschar * pdkim_errstr(int);
	347
	348	extern uschar * pdkim_encode_base64(blob *);
	349	extern void pdkim_decode_base64(const uschar , blob );
	350	extern void pdkim_hexprint(const uschar *, int);
	351	extern void pdkim_quoteprint(const uschar *, int);
	352	extern pdkim_pubkey * pdkim_parse_pubkey_record(const uschar *);
	353	extern uschar * pdkim_relax_header_n(const uschar *, int, BOOL);
	354	extern uschar * pdkim_relax_header(const uschar *, BOOL);
	355	extern uschar * dkim_sig_to_a_tag(const pdkim_signature *);
420a0d19 CE	356
	357	#ifdef __cplusplus
	358	}
	359	#endif
2ea97746 CE	360
2ea97746 CE	361	#endif