1 /**************************************************************************** 2 * * 3 * PGP Definitions Header File * 4 * Copyright Peter Gutmann 1996-2013 * 5 * * 6 ****************************************************************************/ 7 8 #ifndef _PGP_DEFINED 9 10 #define _PGP_DEFINED 11 12 #ifndef _STREAM_DEFINED 13 #if defined( INC_ALL ) 14 #include "stream.h" 15 #else 16 #include "io/stream.h" 17 #endif /* Compiler-specific includes */ 18 #endif /* _STREAM_DEFINED */ 19 20 /* PGP packet types, encoded into the CTB */ 21 22 typedef enum { 23 PGP_PACKET_NONE, /* No packet type */ 24 PGP_PACKET_PKE, /* PKC-encrypted session key */ 25 PGP_PACKET_SIGNATURE, /* Signature */ 26 PGP_PACKET_SKE, /* Secret-key-encrypted session key */ 27 PGP_PACKET_SIGNATURE_ONEPASS,/* One-pass signature */ 28 PGP_PACKET_SECKEY, /* Secret key */ 29 PGP_PACKET_PUBKEY, /* Public key */ 30 PGP_PACKET_SECKEY_SUB, /* Secret key subkey */ 31 PGP_PACKET_COPR, /* Compressed data */ 32 PGP_PACKET_ENCR, /* Encrypted data */ 33 PGP_PACKET_MARKER, /* Obsolete marker packet */ 34 PGP_PACKET_DATA, /* Raw data */ 35 PGP_PACKET_TRUST, /* Trust information */ 36 PGP_PACKET_USERID, /* Userid */ 37 PGP_PACKET_PUBKEY_SUB, /* Public key subkey */ 38 PGP_PACKET_DUMMY1, PGP_PACKET_DUMMY2, /* 15, 16 unused */ 39 PGP_PACKET_USERATTR, /* User attributes */ 40 PGP_PACKET_ENCR_MDC, /* Encrypted data with MDC */ 41 PGP_PACKET_MDC, /* MDC */ 42 PGP_PACKET_LAST /* Last possible PGP packet type */ 43 } PGP_PACKET_TYPE; 44 45 /* PGP signature subpacket types */ 46 47 typedef enum { 48 PGP_SUBPACKET_RESERVED_0, /* Reserved */ 49 PGP_SUBPACKET_RESERVED_1, /* Reserved */ 50 PGP_SUBPACKET_TIME, /* Signing time */ 51 PGP_SUBPACKET_EXPIRY_TIME, /* Signature expiry time */ 52 PGP_SUBPACKET_EXP_CERT, /* Exportable certification */ 53 PGP_SUBPACKET_TRUST_SIG, /* Trust signature */ 54 PGP_SUBPACKET_REGEX, /* Regular expression */ 55 PGP_SUBPACKET_REVOCABLE, /* Revocable */ 56 PGP_SUBPACKET_RESERVED_8, /* Reserved */ 57 PGP_SUBPACKET_KEY_EXP, /* Key expiration time */ 58 PGP_SUBPACKET_PLACEHOLDER, /* Placeholder */ 59 PGP_SUBPACKET_PREF_SYM, /* Preferred symmetric algorithms */ 60 PGP_SUBPACKET_REV_KEY, /* Revocation key */ 61 PGP_SUBPACKET_RESERVED_13, /* Reserved */ 62 PGP_SUBPACKET_RESERVED_14, /* Reserved */ 63 PGP_SUBPACKET_RESERVED_15, /* Reserved */ 64 PGP_SUBPACKET_KEYID, /* Issuer key ID */ 65 PGP_SUBPACKET_RESERVED_17, /* Reserved */ 66 PGP_SUBPACKET_RESERVED_18, /* Reserved */ 67 PGP_SUBPACKET_RESERVED_19, /* Reserved */ 68 PGP_SUBPACKET_TYPEANDVALUE, /* Type-and-value pairs */ 69 PGP_SUBPACKET_PREF_HASH, /* Preferred hash algorithms */ 70 PGP_SUBPACKET_PREF_COPR, /* Preferred compression algorithms */ 71 PGP_SUBPACKET_KEYSVR_PREF, /* Key server preferences */ 72 PGP_SUBPACKET_PREF_KEY_SVR, /* Preferred key server */ 73 PGP_SUBPACKET_PRIMARY_USERID, /* Primary userID */ 74 PGP_SUBPACKET_POLICY_URI, /* Policy URI */ 75 PGP_SUBPACKET_KEY_FLAGS, /* Key flags */ 76 PGP_SUBPACKET_SIGNER_USERID, /* Signer's userID */ 77 PGP_SUBPACKET_REV_REASON, /* Reason for revocation */ 78 PGP_SUBPACKET_FEATURES, /* Features */ 79 PGP_SUBPACKET_SIG_TARGET, /* Signature target */ 80 PGP_SUBPACKET_EMBED_SIGNATURE, /* Embedded signature */ 81 PGP_SUBPACKET_LAST /* Last valid subpacket type */ 82 } PGP_SUBPACKET_TYPE; 83 84 /* A special-case packet type that denotes a signature that follows on from 85 a one-pass signature packet. When generating a signature of this type PGP 86 splits the information in the normal signature packet across the one-pass 87 signature packet and the signature packet itself, so we have to read the 88 data on two parts, with half the information in the one-pass packet and 89 the other half in the signature packet */ 90 91 #define PGP_PACKET_SIGNATURE_SPECIAL 1000 92 93 /* The PGP packet format (via the CTB) is: 94 95 +---------------+ 96 |7 6 5 4 3 2 1 0| 97 +---------------+ 98 99 Bit 7: Always one 100 Bit 6: OpenPGP (new) format if set 101 102 PGP 2.x: OpenPGP: 103 Bits 5-2: Packet type Bits 5-0: Packet type 104 Bits 1-0: Length type 105 106 All CTBs have the MSB set, and OpenPGP CTBs have the next-to-MSB set. We 107 also have a special-case CTB that's used for indefinite-length compressed 108 data */ 109 110 #define PGP_CTB 0x80 /* PGP 2.x CTB template */ 111 #define PGP_CTB_OPENPGP 0xC0 /* OpenPGP CTB template */ 112 #define PGP_CTB_COMPRESSED 0xA3 /* Compressed indef-length data */ 113 114 /* Macros to extract packet information from the CTB */ 115 116 #define pgpIsCTB( ctb ) ( ( ctb ) & PGP_CTB ) 117 #define pgpGetPacketVersion( ctb ) \ 118 ( ( ( ( ctb ) & PGP_CTB_OPENPGP ) == PGP_CTB_OPENPGP ) ? \ 119 PGP_VERSION_OPENPGP : PGP_VERSION_2 ) 120 #define pgpGetPacketType( ctb ) \ 121 ( ( ( ( ctb ) & PGP_CTB_OPENPGP ) == PGP_CTB_OPENPGP ) ? \ 122 ( ( ctb ) & 0x3F ) : ( ( ( ctb ) >> 2 ) & 0x0F ) ) 123 #define pgpIsReservedPacket( type ) ( ( type ) >= 60 && ( type ) <= 63 ) 124 125 /* Version information */ 126 127 #define PGP_VERSION_2 2 /* Version number byte for PGP 2.0 */ 128 #define PGP_VERSION_3 3 /* Version number byte for legal-kludged PGP 2.0 */ 129 #define PGP_VERSION_OPENPGP 4 /* Version number for OpenPGP */ 130 131 /* Public-key algorithms */ 132 133 #define PGP_ALGO_RSA 1 /* RSA */ 134 #define PGP_ALGO_RSA_ENCRYPT 2 /* RSA encrypt-only */ 135 #define PGP_ALGO_RSA_SIGN 3 /* RSA sign-only */ 136 #define PGP_ALGO_ELGAMAL 16 /* ElGamal */ 137 #define PGP_ALGO_DSA 17 /* DSA */ 138 #define PGP_ALGO_ECDH 18 /* RFC 4880: Rsvd.for "ECC", RFC 6637: ECDH */ 139 #define PGP_ALGO_ECDSA 19 /* RFC 4880: Rsvd.for ECDSA, RFC 6637: ECDSA */ 140 #define PGP_ALGO_PKC_RES1 20 /* Reserved, formerly Elgamal sign */ 141 #define PGP_ALGO_PKC_RES2 21 /* Reserved for "X9.42" */ 142 143 /* Conventional encryption algorithms */ 144 145 #define PGP_ALGO_NONE 0 /* No CKE algorithm */ 146 #define PGP_ALGO_IDEA 1 /* IDEA */ 147 #define PGP_ALGO_3DES 2 /* Triple DES */ 148 #define PGP_ALGO_CAST5 3 /* CAST-128 */ 149 #define PGP_ALGO_BLOWFISH 4 /* Blowfish */ 150 #define PGP_ALGO_ENC_RES1 5 /* Reserved, formerly Safer-SK */ 151 #define PGP_ALGO_ENC_RES2 6 /* Reserved */ 152 #define PGP_ALGO_AES_128 7 /* AES with 128-bit key */ 153 #define PGP_ALGO_AES_192 8 /* AES with 192-bit key */ 154 #define PGP_ALGO_AES_256 9 /* AES with 256-bit key */ 155 #define PGP_ALGO_TWOFISH 10 /* Twofish */ 156 157 /* Hash algorithms */ 158 159 #define PGP_ALGO_MD5 1 /* MD5 */ 160 #define PGP_ALGO_SHA 2 /* SHA-1 */ 161 #define PGP_ALGO_RIPEMD160 3 /* RIPEMD-160 */ 162 #define PGP_ALGO_HASH_RES1 4 /* Reserved */ 163 #define PGP_ALGO_HASH_RES2 5 /* Reserved, formerly MD2 */ 164 #define PGP_ALGO_HASH_RES3 6 /* Reserved, formerly Tiger/192 */ 165 #define PGP_ALGO_HASH_RES4 7 /* Reserved, formerly Haval */ 166 #define PGP_ALGO_SHA2_256 8 /* SHA-2 256bit */ 167 #define PGP_ALGO_SHA2_384 9 /* SHA-2 384bit */ 168 #define PGP_ALGO_SHA2_512 10 /* SHA-2 512bit */ 169 #define PGP_ALGO_SHA2_224 11 /* SHA-2 224bit */ 170 #define PGP_ALGO_SHAng 99 /* Future SHA-nextgen standard */ 171 172 /* Compression algorithms */ 173 174 #define PGP_ALGO_ZIP 1 /* ZIP compression */ 175 #define PGP_ALGO_ZLIB 2 /* zlib compression */ 176 #define PGP_ALGO_BZIP2 3 /* Bzip2 compression */ 177 178 /* Highest possible algorithm value used by cryptlib, for range checking */ 179 180 #define PGP_ALGO_LAST PGP_ALGO_ECDSA 181 182 /* S2K specifier */ 183 184 #define PGP_S2K 0xFF /* Standard S2K */ 185 #define PGP_S2K_HASHED 0xFE /* S2K with hashed key */ 186 187 /* Signature types */ 188 189 #define PGP_SIG_NONE 0x00 /* Same as PGP_SIG_DATA, for range chk.*/ 190 #define PGP_SIG_DATA 0x00 /* Binary data */ 191 #define PGP_SIG_TEXT 0x01 /* Canonicalised text data */ 192 #define PGP_SIG_STANDALONE 0x02 /* Unknown purpose, from RFC 4880 */ 193 #define PGP_SIG_CERT0 0x10 /* Key certificate, unknown assurance */ 194 #define PGP_SIG_CERT1 0x11 /* Key certificate, no assurance */ 195 #define PGP_SIG_CERT2 0x12 /* Key certificate, casual assurance */ 196 #define PGP_SIG_CERT3 0x13 /* Key certificate, strong assurance */ 197 #define PGP_SIG_SUBKEY 0x18 /* Subkey binding signature */ 198 #define PGP_SIG_PRIMKEY 0x19 /* Primary key binding signature */ 199 #define PGP_SIG_DIRECTKEY 0x1F /* Key self-signature */ 200 #define PGP_SIG_KEYREV 0x20 /* Key revocation */ 201 #define PGP_SIG_SUBKEYREV 0x28 /* Subkey revocation */ 202 #define PGP_SIG_CRL 0x30 /* Certificate revocation */ 203 #define PGP_SIG_TS 0x40 /* Timestamp signature */ 204 #define PGP_SIG_COUNTERSIG 0x50 /* Third-party countersignature */ 205 #define PGP_SIG_LAST 0x51 /* Last possible signature type */ 206 207 /* The size of the PGP version ID and algorithm ID */ 208 209 #define PGP_VERSION_SIZE 1 210 #define PGP_ALGOID_SIZE 1 211 212 /* The maximum size of a PGP user ID. Note that this is larger than the 213 cryptlib-wide maximum user ID size */ 214 215 #define PGP_MAX_USERIDSIZE 256 216 217 /* The size of the salt used for password hashing and the number of 218 setup "iterations". This isn't a true iteration count but the number of 219 salt+password bytes hashed, and in fact it isn't even that but the 220 actual count scaled by dividing it by 64, which is how PGP encodes the 221 count in the data packet */ 222 223 #define PGP_SALTSIZE 8 224 #define PGP_ITERATIONS 1024 225 226 /* Various PGP packet header sizes, used to estimate how much data we still 227 need to process */ 228 229 #define PGP_MIN_HEADER_SIZE 2 /* CTB + length */ 230 #define PGP_MAX_HEADER_SIZE 6 /* CTB + 0xFF + 4-byte length */ 231 #define PGP_DATA_HEADER "b\x00\x00\x00\x00\x00" 232 #define PGP_DATA_HEADER_SIZE ( 1 + 1 + 4 ) 233 #define PGP_MDC_PACKET_SIZE ( 1 + 1 + 20 ) /* Size of MDC packet */ 234 235 /* Since PGP only provides a subset of cryptlib's algorithm types and uses 236 different identifiers, we have to both check that there's a mapping 237 possible and map from one to the other. When going from PGP -> cryptlib 238 we specify both the algorithm ID and the algorithm class we expect to 239 find it in to allow type checking */ 240 241 typedef enum { 242 PGP_ALGOCLASS_NONE, /* No algorithm class */ 243 PGP_ALGOCLASS_CRYPT, /* Conventional encryption algorithms */ 244 PGP_ALGOCLASS_PWCRYPT, /* Password-based encryption algorithms */ 245 PGP_ALGOCLASS_PKCCRYPT, /* PKC algorithms */ 246 PGP_ALGOCLASS_SIGN, /* Signature algorithms */ 247 PGP_ALGOCLASS_HASH, /* Hash algorithms */ 248 PGP_ALGOCLASS_LAST /* Last possible algorithm class */ 249 } PGP_ALGOCLASS_TYPE; 250 251 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \ 252 int pgpToCryptlibAlgo( IN_RANGE( PGP_ALGO_NONE, 0xFF ) const int pgpAlgo, 253 IN_ENUM( PGP_ALGOCLASS ) \ 254 const PGP_ALGOCLASS_TYPE pgpAlgoClass, 255 OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo, 256 OUT_OPT_INT_Z int *cryptAlgoParam ); 257 CHECK_RETVAL STDC_NONNULL_ARG( ( 2 ) ) \ 258 int cryptlibToPgpAlgo( IN_ALGO const CRYPT_ALGO_TYPE cryptlibAlgo, 259 OUT_RANGE( PGP_ALGO_NONE, PGP_ALGO_LAST ) \ 260 int *pgpAlgo ); 261 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 262 int readPgpAlgo( INOUT STREAM *stream, 263 OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo, 264 OUT_OPT_INT_Z int *cryptAlgoParam, 265 IN_ENUM( PGP_ALGOCLASS ) \ 266 const PGP_ALGOCLASS_TYPE pgpAlgoClass ); 267 268 /* Prototypes for functions in pgp_misc.c */ 269 270 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \ 271 int pgpPasswordToKey( IN_HANDLE const CRYPT_CONTEXT iCryptContext, 272 IN_LENGTH_SHORT_OPT const int optKeyLength, 273 IN_BUFFER( passwordLength ) const char *password, 274 IN_DATALENGTH const int passwordLength, 275 IN_ALGO const CRYPT_ALGO_TYPE hashAlgo, 276 IN_BUFFER_OPT( saltSize ) const BYTE *salt, 277 IN_RANGE( 0, CRYPT_MAX_HASHSIZE ) const int saltSize, 278 IN_INT const int iterations ); 279 CHECK_RETVAL STDC_NONNULL_ARG( ( 2 ) ) \ 280 int pgpProcessIV( IN_HANDLE const CRYPT_CONTEXT iCryptContext, 281 INOUT_BUFFER_FIXED( ivInfoSize ) BYTE *ivInfo, 282 IN_RANGE( 8 + 2, CRYPT_MAX_IVSIZE + 2 ) \ 283 const int ivInfoSize, 284 IN_LENGTH_IV const int ivDataSize, 285 IN_HANDLE_OPT const CRYPT_CONTEXT iMdcContext, 286 const BOOLEAN isEncrypt ); 287 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4, 6 ) ) \ 288 int readPgpS2K( INOUT STREAM *stream, 289 OUT_ALGO_Z CRYPT_ALGO_TYPE *hashAlgo, 290 OUT_INT_Z int *hashAlgoParam, 291 OUT_BUFFER( saltMaxLen, *saltLen ) BYTE *salt, 292 IN_LENGTH_SHORT_MIN( PGP_SALTSIZE ) const int saltMaxLen, 293 OUT_LENGTH_BOUNDED_Z( saltMaxLen ) int *saltLen, 294 OUT_INT_SHORT_Z int *iterations ); 295 296 #endif /* _PGP_DEFINED */ 297