1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * packet related headers. 52 */ 53 54 #ifndef PACKET_H_ 55 #define PACKET_H_ 56 57 #include <time.h> 58 59 #ifdef HAVE_OPENSSL_BN_H 60 #include <openssl/bn.h> 61 #endif 62 63 #include "types.h" 64 #include "errors.h" 65 66 /* structure to keep track of printing state variables */ 67 typedef struct pgp_printstate_t { 68 unsigned unarmoured; 69 unsigned skipping; 70 int indent; 71 } pgp_printstate_t; 72 73 /** General-use structure for variable-length data 74 */ 75 76 typedef struct { 77 size_t len; 78 uint8_t *contents; 79 uint8_t mmapped; /* contents need an munmap(2) */ 80 } pgp_data_t; 81 82 /************************************/ 83 /* Packet Tags - RFC4880, 4.2 */ 84 /************************************/ 85 86 /** Packet Tag - Bit 7 Mask (this bit is always set). 87 * The first byte of a packet is the "Packet Tag". It always 88 * has bit 7 set. This is the mask for it. 89 * 90 * \see RFC4880 4.2 91 */ 92 #define PGP_PTAG_ALWAYS_SET 0x80 93 94 /** Packet Tag - New Format Flag. 95 * Bit 6 of the Packet Tag is the packet format indicator. 96 * If it is set, the new format is used, if cleared the 97 * old format is used. 98 * 99 * \see RFC4880 4.2 100 */ 101 #define PGP_PTAG_NEW_FORMAT 0x40 102 103 104 /** Old Packet Format: Mask for content tag. 105 * In the old packet format bits 5 to 2 (including) 106 * are the content tag. This is the mask to apply 107 * to the packet tag. Note that you need to 108 * shift by #PGP_PTAG_OF_CONTENT_TAG_SHIFT bits. 109 * 110 * \see RFC4880 4.2 111 */ 112 #define PGP_PTAG_OF_CONTENT_TAG_MASK 0x3c 113 /** Old Packet Format: Offset for the content tag. 114 * As described at #PGP_PTAG_OF_CONTENT_TAG_MASK the 115 * content tag needs to be shifted after being masked 116 * out from the Packet Tag. 117 * 118 * \see RFC4880 4.2 119 */ 120 #define PGP_PTAG_OF_CONTENT_TAG_SHIFT 2 121 /** Old Packet Format: Mask for length type. 122 * Bits 1 and 0 of the packet tag are the length type 123 * in the old packet format. 124 * 125 * See #pgp_ptag_of_lt_t for the meaning of the values. 126 * 127 * \see RFC4880 4.2 128 */ 129 #define PGP_PTAG_OF_LENGTH_TYPE_MASK 0x03 130 131 132 /** Old Packet Format Lengths. 133 * Defines the meanings of the 2 bits for length type in the 134 * old packet format. 135 * 136 * \see RFC4880 4.2.1 137 */ 138 typedef enum { 139 PGP_PTAG_OLD_LEN_1 = 0x00, /* Packet has a 1 byte length - 140 * header is 2 bytes long. */ 141 PGP_PTAG_OLD_LEN_2 = 0x01, /* Packet has a 2 byte length - 142 * header is 3 bytes long. */ 143 PGP_PTAG_OLD_LEN_4 = 0x02, /* Packet has a 4 byte 144 * length - header is 5 bytes 145 * long. */ 146 PGP_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* Packet has a 147 * indeterminate length. */ 148 } pgp_ptag_of_lt_t; 149 150 151 /** New Packet Format: Mask for content tag. 152 * In the new packet format the 6 rightmost bits 153 * are the content tag. This is the mask to apply 154 * to the packet tag. Note that you need to 155 * shift by #PGP_PTAG_NF_CONTENT_TAG_SHIFT bits. 156 * 157 * \see RFC4880 4.2 158 */ 159 #define PGP_PTAG_NF_CONTENT_TAG_MASK 0x3f 160 /** New Packet Format: Offset for the content tag. 161 * As described at #PGP_PTAG_NF_CONTENT_TAG_MASK the 162 * content tag needs to be shifted after being masked 163 * out from the Packet Tag. 164 * 165 * \see RFC4880 4.2 166 */ 167 #define PGP_PTAG_NF_CONTENT_TAG_SHIFT 0 168 169 /* PTag Content Tags */ 170 /***************************/ 171 172 /** Package Tags (aka Content Tags) and signature subpacket types. 173 * This enumerates all rfc-defined packet tag values and the 174 * signature subpacket type values that we understand. 175 * 176 * \see RFC4880 4.3 177 * \see RFC4880 5.2.3.1 178 */ 179 typedef enum { 180 PGP_PTAG_CT_RESERVED = 0, /* Reserved - a packet tag must 181 * not have this value */ 182 PGP_PTAG_CT_PK_SESSION_KEY = 1, /* Public-Key Encrypted Session 183 * Key Packet */ 184 PGP_PTAG_CT_SIGNATURE = 2, /* Signature Packet */ 185 PGP_PTAG_CT_SK_SESSION_KEY = 3, /* Symmetric-Key Encrypted Session 186 * Key Packet */ 187 PGP_PTAG_CT_1_PASS_SIG = 4, /* One-Pass Signature 188 * Packet */ 189 PGP_PTAG_CT_SECRET_KEY = 5, /* Secret Key Packet */ 190 PGP_PTAG_CT_PUBLIC_KEY = 6, /* Public Key Packet */ 191 PGP_PTAG_CT_SECRET_SUBKEY = 7, /* Secret Subkey Packet */ 192 PGP_PTAG_CT_COMPRESSED = 8, /* Compressed Data Packet */ 193 PGP_PTAG_CT_SE_DATA = 9,/* Symmetrically Encrypted Data Packet */ 194 PGP_PTAG_CT_MARKER = 10,/* Marker Packet */ 195 PGP_PTAG_CT_LITDATA = 11, /* Literal Data Packet */ 196 PGP_PTAG_CT_TRUST = 12, /* Trust Packet */ 197 PGP_PTAG_CT_USER_ID = 13, /* User ID Packet */ 198 PGP_PTAG_CT_PUBLIC_SUBKEY = 14, /* Public Subkey Packet */ 199 PGP_PTAG_CT_RESERVED2 = 15, /* reserved */ 200 PGP_PTAG_CT_RESERVED3 = 16, /* reserved */ 201 PGP_PTAG_CT_USER_ATTR = 17, /* User Attribute Packet */ 202 PGP_PTAG_CT_SE_IP_DATA = 18, /* Sym. Encrypted and Integrity 203 * Protected Data Packet */ 204 PGP_PTAG_CT_MDC = 19, /* Modification Detection Code Packet */ 205 206 PGP_PARSER_PTAG = 0x100,/* Internal Use: The packet is the "Packet 207 * Tag" itself - used when callback sends 208 * back the PTag. */ 209 PGP_PTAG_RAW_SS = 0x101,/* Internal Use: content is raw sig subtag */ 210 PGP_PTAG_SS_ALL = 0x102,/* Internal Use: select all subtags */ 211 PGP_PARSER_PACKET_END = 0x103, 212 213 /* signature subpackets (0x200-2ff) (type+0x200) */ 214 /* only those we can parse are listed here */ 215 PGP_PTAG_SIG_SUBPKT_BASE = 0x200, /* Base for signature 216 * subpacket types - All 217 * signature type values 218 * are relative to this 219 * value. */ 220 PGP_PTAG_SS_CREATION_TIME = 0x200 + 2, /* signature creation time */ 221 PGP_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* signature 222 * expiration time */ 223 224 PGP_PTAG_SS_EXPORT_CERT = 0x200 + 4, /* exportable certification */ 225 PGP_PTAG_SS_TRUST = 0x200 + 5, /* trust signature */ 226 PGP_PTAG_SS_REGEXP = 0x200 + 6, /* regular expression */ 227 PGP_PTAG_SS_REVOCABLE = 0x200 + 7, /* revocable */ 228 PGP_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration 229 * time */ 230 PGP_PTAG_SS_RESERVED = 0x200 + 10, /* reserved */ 231 PGP_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric 232 * algs */ 233 PGP_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* revocation key */ 234 PGP_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* issuer key ID */ 235 PGP_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* notation data */ 236 PGP_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash 237 * algs */ 238 PGP_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred 239 * compression 240 * algorithms */ 241 PGP_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server 242 * preferences */ 243 PGP_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key 244 * Server */ 245 PGP_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* primary User ID */ 246 PGP_PTAG_SS_POLICY_URI = 0x200 + 26, /* Policy URI */ 247 PGP_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* key flags */ 248 PGP_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* Signer's User ID */ 249 PGP_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* reason for 250 * revocation */ 251 PGP_PTAG_SS_FEATURES = 0x200 + 30, /* features */ 252 PGP_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* signature target */ 253 PGP_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* embedded signature */ 254 PGP_PTAG_SS_ISSUER_FINGERPRINT = 0x200 + 33, /* issuer fingerprint */ 255 PGP_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* internal or 256 * user-defined */ 257 PGP_PTAG_SS_USERDEFINED01 = 0x200 + 101, 258 PGP_PTAG_SS_USERDEFINED02 = 0x200 + 102, 259 PGP_PTAG_SS_USERDEFINED03 = 0x200 + 103, 260 PGP_PTAG_SS_USERDEFINED04 = 0x200 + 104, 261 PGP_PTAG_SS_USERDEFINED05 = 0x200 + 105, 262 PGP_PTAG_SS_USERDEFINED06 = 0x200 + 106, 263 PGP_PTAG_SS_USERDEFINED07 = 0x200 + 107, 264 PGP_PTAG_SS_USERDEFINED08 = 0x200 + 108, 265 PGP_PTAG_SS_USERDEFINED09 = 0x200 + 109, 266 PGP_PTAG_SS_USERDEFINED10 = 0x200 + 110, 267 268 /* pseudo content types */ 269 PGP_PTAG_CT_LITDATA_HEADER = 0x300, 270 PGP_PTAG_CT_LITDATA_BODY = 0x300 + 1, 271 PGP_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2, 272 PGP_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3, 273 PGP_PTAG_CT_ARMOUR_HEADER = 0x300 + 4, 274 PGP_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5, 275 PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6, 276 PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7, 277 PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8, 278 PGP_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9, 279 PGP_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10, /* In this case the 280 * algorithm specific 281 * fields will not be 282 * initialised */ 283 PGP_PTAG_CT_SE_DATA_HEADER = 0x300 + 11, 284 PGP_PTAG_CT_SE_DATA_BODY = 0x300 + 12, 285 PGP_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13, 286 PGP_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14, 287 PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15, 288 289 /* commands to the callback */ 290 PGP_GET_PASSPHRASE = 0x400, 291 PGP_GET_SECKEY = 0x400 + 1, 292 293 /* Errors */ 294 PGP_PARSER_ERROR = 0x500, /* Internal Use: Parser Error */ 295 PGP_PARSER_ERRCODE = 0x500 + 1 /* Internal Use: Parser Error 296 * with errcode returned */ 297 } pgp_content_enum; 298 299 enum { 300 PGP_REVOCATION_NO_REASON = 0, 301 PGP_REVOCATION_SUPERSEDED = 1, 302 PGP_REVOCATION_COMPROMISED = 2, 303 PGP_REVOCATION_RETIRED = 3, 304 PGP_REVOCATION_NO_LONGER_VALID = 0x20 305 }; 306 307 /** Structure to hold one error code */ 308 typedef struct { 309 pgp_errcode_t errcode; 310 } pgp_parser_errcode_t; 311 312 /** Structure to hold one packet tag. 313 * \see RFC4880 4.2 314 */ 315 typedef struct { 316 unsigned new_format; /* Whether this packet tag is new 317 * (1) or old format (0) */ 318 unsigned type; /* content_tag value - See 319 * #pgp_content_enum for meanings */ 320 pgp_ptag_of_lt_t length_type; /* Length type (#pgp_ptag_of_lt_t) 321 * - only if this packet tag is old 322 * format. Set to 0 if new format. */ 323 unsigned length; /* The length of the packet. This value 324 * is set when we read and compute the length 325 * information, not at the same moment we 326 * create the packet tag structure. Only 327 * defined if #readc is set. *//* XXX: Ben, is this correct? */ 328 unsigned position; /* The position (within the 329 * current reader) of the packet */ 330 unsigned size; /* number of bits */ 331 } pgp_ptag_t; 332 333 /** Public Key Algorithm Numbers. 334 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 335 * 336 * This lists algorithm numbers for public key algorithms. 337 * 338 * \see RFC4880 9.1 339 */ 340 typedef enum { 341 PGP_PKA_NOTHING = 0, /* No PKA */ 342 PGP_PKA_RSA = 1, /* RSA (Encrypt or Sign) */ 343 PGP_PKA_RSA_ENCRYPT_ONLY = 2, /* RSA Encrypt-Only (deprecated - 344 * \see RFC4880 13.5) */ 345 PGP_PKA_RSA_SIGN_ONLY = 3, /* RSA Sign-Only (deprecated - 346 * \see RFC4880 13.5) */ 347 PGP_PKA_ELGAMAL = 16, /* Elgamal (Encrypt-Only) */ 348 PGP_PKA_DSA = 17, /* DSA (Digital Signature Algorithm) */ 349 PGP_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* Reserved for Elliptic 350 * Curve */ 351 PGP_PKA_ECDSA = 19, /* ECDSA */ 352 PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* Deprecated. */ 353 PGP_PKA_RESERVED_DH = 21, /* Reserved for Diffie-Hellman 354 * (X9.42, as defined for 355 * IETF-S/MIME) */ 356 PGP_PKA_PRIVATE00 = 100,/* Private/Experimental Algorithm */ 357 PGP_PKA_PRIVATE01 = 101,/* Private/Experimental Algorithm */ 358 PGP_PKA_PRIVATE02 = 102,/* Private/Experimental Algorithm */ 359 PGP_PKA_PRIVATE03 = 103,/* Private/Experimental Algorithm */ 360 PGP_PKA_PRIVATE04 = 104,/* Private/Experimental Algorithm */ 361 PGP_PKA_PRIVATE05 = 105,/* Private/Experimental Algorithm */ 362 PGP_PKA_PRIVATE06 = 106,/* Private/Experimental Algorithm */ 363 PGP_PKA_PRIVATE07 = 107,/* Private/Experimental Algorithm */ 364 PGP_PKA_PRIVATE08 = 108,/* Private/Experimental Algorithm */ 365 PGP_PKA_PRIVATE09 = 109,/* Private/Experimental Algorithm */ 366 PGP_PKA_PRIVATE10 = 110 /* Private/Experimental Algorithm */ 367 } pgp_pubkey_alg_t; 368 369 /** Structure to hold one DSA public key params. 370 * 371 * \see RFC4880 5.5.2 372 */ 373 typedef struct { 374 BIGNUM *p; /* DSA prime p */ 375 BIGNUM *q; /* DSA group order q */ 376 BIGNUM *g; /* DSA group generator g */ 377 BIGNUM *y; /* DSA public key value y (= g^x mod p 378 * with x being the secret) */ 379 } pgp_dsa_pubkey_t; 380 381 /** Structure to hold one ECDSA public key params. 382 * 383 * \see RFC6637 9 384 */ 385 typedef struct { 386 uint8_t len; 387 uint8_t oid[8]; 388 BIGNUM *p; 389 } pgp_ecdsa_pubkey_t; 390 391 /** Structure to hold an RSA public key. 392 * 393 * \see RFC4880 5.5.2 394 */ 395 typedef struct { 396 BIGNUM *n; /* RSA public modulus n */ 397 BIGNUM *e; /* RSA public encryption exponent e */ 398 } pgp_rsa_pubkey_t; 399 400 /** Structure to hold an ElGamal public key params. 401 * 402 * \see RFC4880 5.5.2 403 */ 404 typedef struct { 405 BIGNUM *p; /* ElGamal prime p */ 406 BIGNUM *g; /* ElGamal group generator g */ 407 BIGNUM *y; /* ElGamal public key value y (= g^x mod p 408 * with x being the secret) */ 409 } pgp_elgamal_pubkey_t; 410 411 /** Version. 412 * OpenPGP has two different protocol versions: version 3 and version 4. 413 * 414 * \see RFC4880 5.2 415 */ 416 typedef enum { 417 PGP_V2 = 2, /* Version 2 (essentially the same as v3) */ 418 PGP_V3 = 3, /* Version 3 */ 419 PGP_V4 = 4 /* Version 4 */ 420 } pgp_version_t; 421 422 /** Structure to hold a pgp public key */ 423 typedef struct { 424 pgp_version_t version;/* version of the key (v3, v4...) */ 425 time_t birthtime; 426 time_t duration; 427 /* validity period of the key in days since 428 * creation. A value of 0 has a special meaning 429 * indicating this key does not expire. Only used with 430 * v3 keys. */ 431 unsigned days_valid; /* v4 duration */ 432 pgp_pubkey_alg_t alg; /* Public Key Algorithm type */ 433 union { 434 pgp_dsa_pubkey_t dsa; /* A DSA public key */ 435 pgp_ecdsa_pubkey_t ecdsa; /* An ECDSA public key */ 436 pgp_rsa_pubkey_t rsa; /* An RSA public key */ 437 pgp_elgamal_pubkey_t elgamal; /* An ElGamal public key */ 438 } key; /* Public Key Parameters */ 439 } pgp_pubkey_t; 440 441 /** Structure to hold data for one RSA secret key 442 */ 443 typedef struct { 444 BIGNUM *d; 445 BIGNUM *p; 446 BIGNUM *q; 447 BIGNUM *u; 448 } pgp_rsa_seckey_t; 449 450 /** pgp_dsa_seckey_t */ 451 typedef struct { 452 BIGNUM *x; 453 } pgp_dsa_seckey_t; 454 455 /** pgp_ecdsa_seckey_t */ 456 typedef struct { 457 BIGNUM *x; 458 } pgp_ecdsa_seckey_t; 459 460 /** pgp_elgamal_seckey_t */ 461 typedef struct { 462 BIGNUM *x; 463 } pgp_elgamal_seckey_t; 464 465 /** s2k_usage_t 466 */ 467 typedef enum { 468 PGP_S2KU_NONE = 0, 469 PGP_S2KU_ENCRYPTED_AND_HASHED = 254, 470 PGP_S2KU_ENCRYPTED = 255 471 } pgp_s2k_usage_t; 472 473 /** s2k_specifier_t 474 */ 475 typedef enum { 476 PGP_S2KS_SIMPLE = 0, 477 PGP_S2KS_SALTED = 1, 478 PGP_S2KS_ITERATED_AND_SALTED = 3 479 } pgp_s2k_specifier_t; 480 481 /** Symmetric Key Algorithm Numbers. 482 * OpenPGP assigns a unique Algorithm Number to each algorithm that is 483 * part of OpenPGP. 484 * 485 * This lists algorithm numbers for symmetric key algorithms. 486 * 487 * \see RFC4880 9.2 488 */ 489 typedef enum { 490 PGP_SA_PLAINTEXT = 0, /* Plaintext or unencrypted data */ 491 PGP_SA_IDEA = 1, /* IDEA */ 492 PGP_SA_TRIPLEDES = 2, /* TripleDES */ 493 PGP_SA_CAST5 = 3, /* CAST5 */ 494 PGP_SA_BLOWFISH = 4, /* Blowfish */ 495 PGP_SA_AES_128 = 7, /* AES with 128-bit key (AES) */ 496 PGP_SA_AES_192 = 8, /* AES with 192-bit key */ 497 PGP_SA_AES_256 = 9, /* AES with 256-bit key */ 498 PGP_SA_TWOFISH = 10, /* Twofish with 256-bit key (TWOFISH) */ 499 PGP_SA_CAMELLIA_128 = 100, /* Camellia with 128-bit key (CAMELLIA) */ 500 PGP_SA_CAMELLIA_192 = 101, /* Camellia with 192-bit key */ 501 PGP_SA_CAMELLIA_256 = 102 /* Camellia with 256-bit key */ 502 } pgp_symm_alg_t; 503 504 #define PGP_SA_DEFAULT_CIPHER PGP_SA_CAST5 505 506 /** Hashing Algorithm Numbers. 507 * OpenPGP assigns a unique Algorithm Number to each algorithm that is 508 * part of OpenPGP. 509 * 510 * This lists algorithm numbers for hash algorithms. 511 * 512 * \see RFC4880 9.4 513 */ 514 typedef enum { 515 PGP_HASH_UNKNOWN = -1, /* used to indicate errors */ 516 PGP_HASH_MD5 = 1, /* MD5 */ 517 PGP_HASH_SHA1 = 2, /* SHA-1 */ 518 PGP_HASH_RIPEMD = 3, /* RIPEMD160 */ 519 520 PGP_HASH_SHA256 = 8, /* SHA256 */ 521 PGP_HASH_SHA384 = 9, /* SHA384 */ 522 PGP_HASH_SHA512 = 10, /* SHA512 */ 523 PGP_HASH_SHA224 = 11 /* SHA224 */ 524 } pgp_hash_alg_t; 525 526 #define PGP_DEFAULT_HASH_ALGORITHM PGP_HASH_SHA256 527 528 void pgp_calc_mdc_hash(const uint8_t *, 529 const size_t, 530 const uint8_t *, 531 const unsigned, 532 uint8_t *); 533 unsigned pgp_is_hash_alg_supported(const pgp_hash_alg_t *); 534 535 /* Maximum block size for symmetric crypto */ 536 #define PGP_MAX_BLOCK_SIZE 16 537 538 /* Maximum key size for symmetric crypto */ 539 #define PGP_MAX_KEY_SIZE 32 540 541 /* Salt size for hashing */ 542 #define PGP_SALT_SIZE 8 543 544 /* Max hash size */ 545 #define PGP_MAX_HASH_SIZE 64 546 547 /** pgp_seckey_t 548 */ 549 typedef struct pgp_seckey_t { 550 pgp_pubkey_t pubkey; /* public key */ 551 pgp_s2k_usage_t s2k_usage; 552 pgp_s2k_specifier_t s2k_specifier; 553 pgp_symm_alg_t alg; /* symmetric alg */ 554 pgp_hash_alg_t hash_alg; /* hash algorithm */ 555 uint8_t salt[PGP_SALT_SIZE]; 556 unsigned octetc; 557 uint8_t iv[PGP_MAX_BLOCK_SIZE]; 558 union { 559 pgp_rsa_seckey_t rsa; 560 pgp_dsa_seckey_t dsa; 561 pgp_ecdsa_seckey_t ecdsa; 562 pgp_elgamal_seckey_t elgamal; 563 } key; 564 unsigned checksum; 565 uint8_t *checkhash; 566 } pgp_seckey_t; 567 568 /** Signature Type. 569 * OpenPGP defines different signature types that allow giving 570 * different meanings to signatures. Signature types include 0x10 for 571 * generitc User ID certifications (used when Ben signs Weasel's key), 572 * Subkey binding signatures, document signatures, key revocations, 573 * etc. 574 * 575 * Different types are used in different places, and most make only 576 * sense in their intended location (for instance a subkey binding has 577 * no place on a UserID). 578 * 579 * \see RFC4880 5.2.1 580 */ 581 typedef enum { 582 PGP_SIG_BINARY = 0x00, /* Signature of a binary document */ 583 PGP_SIG_TEXT = 0x01, /* Signature of a canonical text document */ 584 PGP_SIG_STANDALONE = 0x02, /* Standalone signature */ 585 586 PGP_CERT_GENERIC = 0x10,/* Generic certification of a User ID and 587 * Public Key packet */ 588 PGP_CERT_PERSONA = 0x11,/* Persona certification of a User ID and 589 * Public Key packet */ 590 PGP_CERT_CASUAL = 0x12, /* Casual certification of a User ID and 591 * Public Key packet */ 592 PGP_CERT_POSITIVE = 0x13, /* Positive certification of a 593 * User ID and Public Key packet */ 594 595 PGP_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */ 596 PGP_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */ 597 PGP_SIG_DIRECT = 0x1f, /* Signature directly on a key */ 598 599 PGP_SIG_REV_KEY = 0x20, /* Key revocation signature */ 600 PGP_SIG_REV_SUBKEY = 0x28, /* Subkey revocation signature */ 601 PGP_SIG_REV_CERT = 0x30,/* Certification revocation signature */ 602 603 PGP_SIG_TIMESTAMP = 0x40, /* Timestamp signature */ 604 605 PGP_SIG_3RD_PARTY = 0x50/* Third-Party Confirmation signature */ 606 } pgp_sig_type_t; 607 608 /** Struct to hold params of an RSA signature */ 609 typedef struct pgp_rsa_sig_t { 610 BIGNUM *sig; /* the signature value (m^d % n) */ 611 } pgp_rsa_sig_t; 612 613 /** Struct to hold params of a DSA signature */ 614 typedef struct pgp_dsa_sig_t { 615 BIGNUM *r; /* DSA value r */ 616 BIGNUM *s; /* DSA value s */ 617 } pgp_dsa_sig_t; 618 619 /** Struct to hold params of an ECDSA signature */ 620 typedef struct pgp_ecdsa_sig_t { 621 BIGNUM *r; /* ECDSA value r */ 622 BIGNUM *s; /* ECDSA value s */ 623 } pgp_ecdsa_sig_t; 624 625 /** pgp_elgamal_signature_t */ 626 typedef struct pgp_elgamal_sig_t { 627 BIGNUM *r; 628 BIGNUM *s; 629 } pgp_elgamal_sig_t; 630 631 #define PGP_KEY_ID_SIZE 8 632 #define PGP_FINGERPRINT_SIZE 20 633 634 /** Struct to hold a signature packet. 635 * 636 * \see RFC4880 5.2.2 637 * \see RFC4880 5.2.3 638 */ 639 typedef struct pgp_sig_info_t { 640 pgp_version_t version;/* signature version number */ 641 pgp_sig_type_t type; /* signature type value */ 642 time_t birthtime; /* creation time of the signature */ 643 time_t duration; /* number of seconds it's valid for */ 644 uint8_t signer_id[PGP_KEY_ID_SIZE]; /* Eight-octet key ID 645 * of signer */ 646 pgp_pubkey_alg_t key_alg; /* public key algorithm number */ 647 pgp_hash_alg_t hash_alg; /* hashing algorithm number */ 648 union { 649 pgp_rsa_sig_t rsa; /* An RSA Signature */ 650 pgp_dsa_sig_t dsa; /* A DSA Signature */ 651 pgp_ecdsa_sig_t ecdsa; /* An ECDSA Signature */ 652 pgp_elgamal_sig_t elgamal; /* deprecated */ 653 pgp_data_t unknown; /* private or experimental */ 654 } sig; /* signature params */ 655 size_t v4_hashlen; 656 uint8_t *v4_hashed; 657 unsigned birthtime_set:1; 658 unsigned signer_id_set:1; 659 unsigned duration_set:1; 660 } pgp_sig_info_t; 661 662 /** Struct used when parsing a signature */ 663 typedef struct pgp_sig_t { 664 pgp_sig_info_t info; /* The signature information */ 665 /* The following fields are only used while parsing the signature */ 666 uint8_t hash2[2]; /* high 2 bytes of hashed value */ 667 size_t v4_hashstart; /* only valid if accumulate is set */ 668 pgp_hash_t *hash; /* the hash filled in for the data so far */ 669 } pgp_sig_t; 670 671 /** The raw bytes of a signature subpacket */ 672 673 typedef struct pgp_ss_raw_t { 674 pgp_content_enum tag; 675 size_t length; 676 uint8_t *raw; 677 } pgp_ss_raw_t; 678 679 /** Signature Subpacket : Trust Level */ 680 681 typedef struct pgp_ss_trust_t { 682 uint8_t level; /* Trust Level */ 683 uint8_t amount; /* Amount */ 684 } pgp_ss_trust_t; 685 686 typedef struct pgp_ss_issuer_fingerprint { 687 uint8_t len; /* 20 or 32 */ 688 uint8_t fingerprint[32]; /* max 32 */ 689 } pgp_ss_issuer_fingerprint; 690 691 /** Signature Subpacket : Notation Data */ 692 typedef struct pgp_ss_notation_t { 693 pgp_data_t flags; 694 pgp_data_t name; 695 pgp_data_t value; 696 } pgp_ss_notation_t; 697 698 /** Signature Subpacket : Signature Target */ 699 typedef struct pgp_ss_sig_target_t { 700 pgp_pubkey_alg_t pka_alg; 701 pgp_hash_alg_t hash_alg; 702 pgp_data_t hash; 703 } pgp_ss_sig_target_t; 704 705 /** pgp_subpacket_t */ 706 typedef struct pgp_subpacket_t { 707 pgp_content_enum tag; 708 size_t length; 709 uint8_t *raw; 710 } pgp_subpacket_t; 711 712 /** Types of Compression */ 713 typedef enum { 714 PGP_C_NONE = 0, 715 PGP_C_ZIP = 1, 716 PGP_C_ZLIB = 2, 717 PGP_C_BZIP2 = 3 718 } pgp_compression_type_t; 719 720 /** pgp_one_pass_sig_t */ 721 typedef struct { 722 uint8_t version; 723 pgp_sig_type_t sig_type; 724 pgp_hash_alg_t hash_alg; 725 pgp_pubkey_alg_t key_alg; 726 uint8_t keyid[PGP_KEY_ID_SIZE]; 727 unsigned nested; 728 } pgp_one_pass_sig_t; 729 730 /** Signature Subpacket : Revocation Key */ 731 typedef struct { 732 uint8_t class; 733 uint8_t algid; 734 uint8_t fingerprint[PGP_FINGERPRINT_SIZE]; 735 } pgp_ss_revocation_key_t; 736 737 /** Signature Subpacket : Revocation Reason */ 738 typedef struct { 739 uint8_t code; 740 char *reason; 741 } pgp_ss_revocation_t; 742 743 /** litdata_type_t */ 744 typedef enum { 745 PGP_LDT_BINARY = 'b', 746 PGP_LDT_TEXT = 't', 747 PGP_LDT_UTF8 = 'u', 748 PGP_LDT_LOCAL = 'l', 749 PGP_LDT_LOCAL2 = '1' 750 } pgp_litdata_enum; 751 752 /** pgp_litdata_header_t */ 753 typedef struct { 754 pgp_litdata_enum format; 755 char filename[256]; 756 time_t mtime; 757 } pgp_litdata_header_t; 758 759 /** pgp_litdata_body_t */ 760 typedef struct { 761 unsigned length; 762 uint8_t *data; 763 void *mem; /* pgp_memory_t pointer */ 764 } pgp_litdata_body_t; 765 766 /** pgp_header_var_t */ 767 typedef struct { 768 char *key; 769 char *value; 770 } pgp_header_var_t; 771 772 /** pgp_headers_t */ 773 typedef struct { 774 pgp_header_var_t *headers; 775 unsigned headerc; 776 } pgp_headers_t; 777 778 /** pgp_armour_header_t */ 779 typedef struct { 780 const char *type; 781 pgp_headers_t headers; 782 } pgp_armour_header_t; 783 784 /** pgp_fixed_body_t */ 785 typedef struct pgp_fixed_body_t { 786 unsigned length; 787 uint8_t data[8192]; /* \todo fix hard-coded value? */ 788 } pgp_fixed_body_t; 789 790 /** pgp_dyn_body_t */ 791 typedef struct pgp_dyn_body_t { 792 unsigned length; 793 uint8_t *data; 794 } pgp_dyn_body_t; 795 796 enum { 797 PGP_SE_IP_DATA_VERSION = 1, 798 PGP_PKSK_V3 = 3 799 }; 800 801 /** pgp_pk_sesskey_params_rsa_t */ 802 typedef struct { 803 BIGNUM *encrypted_m; 804 BIGNUM *m; 805 } pgp_pk_sesskey_params_rsa_t; 806 807 /** pgp_pk_sesskey_params_elgamal_t */ 808 typedef struct { 809 BIGNUM *g_to_k; 810 BIGNUM *encrypted_m; 811 } pgp_pk_sesskey_params_elgamal_t; 812 813 /** pgp_pk_sesskey_params_t */ 814 typedef union { 815 pgp_pk_sesskey_params_rsa_t rsa; 816 pgp_pk_sesskey_params_elgamal_t elgamal; 817 } pgp_pk_sesskey_params_t; 818 819 /** pgp_pk_sesskey_t */ 820 typedef struct { 821 unsigned version; 822 uint8_t key_id[PGP_KEY_ID_SIZE]; 823 pgp_pubkey_alg_t alg; 824 pgp_pk_sesskey_params_t params; 825 pgp_symm_alg_t symm_alg; 826 uint8_t key[PGP_MAX_KEY_SIZE]; 827 uint16_t checksum; 828 } pgp_pk_sesskey_t; 829 830 /** pgp_seckey_passphrase_t */ 831 typedef struct { 832 const pgp_seckey_t *seckey; 833 char **passphrase; /* point somewhere that gets filled 834 * in to work around constness of 835 * content */ 836 } pgp_seckey_passphrase_t; 837 838 /** pgp_get_seckey_t */ 839 typedef struct { 840 const pgp_seckey_t **seckey; 841 const pgp_pk_sesskey_t *pk_sesskey; 842 } pgp_get_seckey_t; 843 844 /** pgp_parser_union_content_t */ 845 typedef union { 846 const char *error; 847 pgp_parser_errcode_t errcode; 848 pgp_ptag_t ptag; 849 pgp_pubkey_t pubkey; 850 pgp_data_t trust; 851 uint8_t *userid; 852 pgp_data_t userattr; 853 pgp_sig_t sig; 854 pgp_ss_raw_t ss_raw; 855 pgp_ss_trust_t ss_trust; 856 pgp_ss_issuer_fingerprint ss_issuer_fingerprint; 857 unsigned ss_revocable; 858 time_t ss_time; 859 uint8_t ss_issuer[PGP_KEY_ID_SIZE]; 860 pgp_ss_notation_t ss_notation; 861 pgp_subpacket_t packet; 862 pgp_compression_type_t compressed; 863 pgp_one_pass_sig_t one_pass_sig; 864 pgp_data_t ss_skapref; 865 pgp_data_t ss_hashpref; 866 pgp_data_t ss_zpref; 867 pgp_data_t ss_key_flags; 868 pgp_data_t ss_key_server_prefs; 869 unsigned ss_primary_userid; 870 char *ss_regexp; 871 char *ss_policy; 872 char *ss_keyserv; 873 pgp_ss_revocation_key_t ss_revocation_key; 874 pgp_data_t ss_userdef; 875 pgp_data_t ss_unknown; 876 pgp_litdata_header_t litdata_header; 877 pgp_litdata_body_t litdata_body; 878 pgp_dyn_body_t mdc; 879 pgp_data_t ss_features; 880 pgp_ss_sig_target_t ss_sig_target; 881 pgp_data_t ss_embedded_sig; 882 pgp_ss_revocation_t ss_revocation; 883 pgp_seckey_t seckey; 884 uint8_t *ss_signer; 885 pgp_armour_header_t armour_header; 886 const char *armour_trailer; 887 pgp_headers_t cleartext_head; 888 pgp_fixed_body_t cleartext_body; 889 struct pgp_hash_t *cleartext_trailer; 890 pgp_dyn_body_t unarmoured_text; 891 pgp_pk_sesskey_t pk_sesskey; 892 pgp_seckey_passphrase_t skey_passphrase; 893 unsigned se_ip_data_header; 894 pgp_dyn_body_t se_ip_data_body; 895 pgp_fixed_body_t se_data_body; 896 pgp_get_seckey_t get_seckey; 897 } pgp_contents_t; 898 899 /** pgp_packet_t */ 900 struct pgp_packet_t { 901 pgp_content_enum tag; /* type of contents */ 902 uint8_t critical; /* for sig subpackets */ 903 pgp_contents_t u; /* union for contents */ 904 }; 905 906 /** pgp_fingerprint_t */ 907 typedef struct { 908 uint8_t fingerprint[PGP_FINGERPRINT_SIZE]; 909 unsigned length; 910 pgp_hash_alg_t hashtype; 911 } pgp_fingerprint_t; 912 913 int pgp_keyid(uint8_t *, const size_t, const pgp_pubkey_t *, pgp_hash_alg_t); 914 int pgp_fingerprint(pgp_fingerprint_t *, const pgp_pubkey_t *, pgp_hash_alg_t); 915 916 void pgp_finish(void); 917 void pgp_pubkey_free(pgp_pubkey_t *); 918 void pgp_userid_free(uint8_t **); 919 void pgp_data_free(pgp_data_t *); 920 void pgp_sig_free(pgp_sig_t *); 921 void pgp_ss_notation_free(pgp_ss_notation_t *); 922 void pgp_ss_revocation_free(pgp_ss_revocation_t *); 923 void pgp_ss_sig_target_free(pgp_ss_sig_target_t *); 924 925 void pgp_subpacket_free(pgp_subpacket_t *); 926 void pgp_parser_content_free(pgp_packet_t *); 927 void pgp_seckey_free(pgp_seckey_t *); 928 void pgp_pk_sesskey_free(pgp_pk_sesskey_t *); 929 930 int pgp_print_packet(pgp_printstate_t *, const pgp_packet_t *); 931 932 #define DYNARRAY(type, arr) \ 933 unsigned arr##c; unsigned arr##vsize; type *arr##s 934 935 #define EXPAND_ARRAY(str, arr) do { \ 936 if (str->arr##c == str->arr##vsize) { \ 937 void *__newarr; \ 938 char *__newarrc; \ 939 unsigned __newsize; \ 940 __newsize = (str->arr##vsize * 2) + 10; \ 941 if ((__newarrc = __newarr = realloc(str->arr##s, \ 942 __newsize * sizeof(*str->arr##s))) == NULL) { \ 943 (void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \ 944 } else { \ 945 (void) memset(&__newarrc[str->arr##vsize * sizeof(*str->arr##s)], \ 946 0x0, (__newsize - str->arr##vsize) * sizeof(*str->arr##s)); \ 947 str->arr##s = __newarr; \ 948 str->arr##vsize = __newsize; \ 949 } \ 950 } \ 951 } while(/*CONSTCOND*/0) 952 953 /** pgp_keydata_key_t 954 */ 955 typedef union { 956 pgp_pubkey_t pubkey; 957 pgp_seckey_t seckey; 958 } pgp_keydata_key_t; 959 960 961 /* sigpacket_t */ 962 typedef struct { 963 uint8_t **userid; 964 pgp_subpacket_t *packet; 965 } sigpacket_t; 966 967 /* user revocation info */ 968 typedef struct pgp_revoke_t { 969 uint32_t uid; /* index in uid array */ 970 uint8_t code; /* revocation code */ 971 char *reason; /* c'mon, spill the beans */ 972 } pgp_revoke_t; 973 974 /** signature subpackets */ 975 typedef struct pgp_subsig_t { 976 uint32_t uid; /* index in userid array in key */ 977 pgp_sig_t sig; /* trust signature */ 978 uint8_t trustlevel; /* level of trust */ 979 uint8_t trustamount; /* amount of trust */ 980 } pgp_subsig_t; 981 982 /* describes a user's key */ 983 struct pgp_key_t { 984 DYNARRAY(uint8_t *, uid); /* array of user ids */ 985 DYNARRAY(pgp_subpacket_t, packet); /* array of raw subpackets */ 986 DYNARRAY(pgp_subsig_t, subsig); /* array of signature subkeys */ 987 DYNARRAY(pgp_revoke_t, revoke); /* array of signature revocations */ 988 pgp_content_enum type; /* type of key */ 989 pgp_keydata_key_t key; /* pubkey/seckey data */ 990 pgp_pubkey_t sigkey; /* signature key */ 991 uint8_t sigid[PGP_KEY_ID_SIZE]; 992 pgp_fingerprint_t sigfingerprint; /* pgp signature fingerprint */ 993 pgp_pubkey_t enckey; /* encryption key */ 994 uint8_t encid[PGP_KEY_ID_SIZE]; 995 pgp_fingerprint_t encfingerprint; /* pgp encryption id fingerprint */ 996 uint32_t uid0; /* primary uid index in uids array */ 997 uint8_t revoked; /* key has been revoked */ 998 pgp_revoke_t revocation; /* revocation reason */ 999 }; 1000 1001 #define MDC_PKT_TAG 0xd3 1002 1003 #endif /* PACKET_H_ */ 1004