1 #ifndef H_RPMPGP
2 #define H_RPMPGP
3
4 /** \ingroup rpmpgp
5 * \file rpmio/rpmpgp.h
6 *
7 * OpenPGP constants and structures from RFC-2440.
8 *
9 * Text from RFC-2440 in comments is
10 * Copyright (C) The Internet Society (1998). All Rights Reserved.
11 *
12 * EdDSA algorithm identifier value taken from
13 * https://datatracker.ietf.org/doc/draft-ietf-openpgp-rfc4880bis/
14 * This value is used in gnupg since version 2.1.0
15 */
16
17 #include <string.h>
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <rpm/rpmtypes.h>
21 #include <rpm/rpmstring.h>
22
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26
27 /** \ingroup rpmpgp
28 */
29 typedef struct DIGEST_CTX_s * DIGEST_CTX;
30 typedef struct rpmDigestBundle_s * rpmDigestBundle;
31
32 /** \ingroup rpmpgp
33 */
34 typedef struct pgpDig_s * pgpDig;
35
36 /** \ingroup rpmpgp
37 */
38 typedef struct pgpDigParams_s * pgpDigParams;
39
40 typedef uint8_t pgpKeyID_t[8];
41 typedef uint8_t pgpTime_t[4];
42
43 /** \ingroup rpmpgp
44 * 4.3. Packet Tags
45 *
46 * The packet tag denotes what type of packet the body holds. Note that
47 * old format headers can only have tags less than 16, whereas new
48 * format headers can have tags as great as 63.
49 */
50 typedef enum pgpTag_e {
51 PGPTAG_RESERVED = 0, /*!< Reserved/Invalid */
52 PGPTAG_PUBLIC_SESSION_KEY = 1, /*!< Public-Key Encrypted Session Key */
53 PGPTAG_SIGNATURE = 2, /*!< Signature */
54 PGPTAG_SYMMETRIC_SESSION_KEY= 3, /*!< Symmetric-Key Encrypted Session Key*/
55 PGPTAG_ONEPASS_SIGNATURE = 4, /*!< One-Pass Signature */
56 PGPTAG_SECRET_KEY = 5, /*!< Secret Key */
57 PGPTAG_PUBLIC_KEY = 6, /*!< Public Key */
58 PGPTAG_SECRET_SUBKEY = 7, /*!< Secret Subkey */
59 PGPTAG_COMPRESSED_DATA = 8, /*!< Compressed Data */
60 PGPTAG_SYMMETRIC_DATA = 9, /*!< Symmetrically Encrypted Data */
61 PGPTAG_MARKER = 10, /*!< Marker */
62 PGPTAG_LITERAL_DATA = 11, /*!< Literal Data */
63 PGPTAG_TRUST = 12, /*!< Trust */
64 PGPTAG_USER_ID = 13, /*!< User ID */
65 PGPTAG_PUBLIC_SUBKEY = 14, /*!< Public Subkey */
66 PGPTAG_COMMENT_OLD = 16, /*!< Comment (from OpenPGP draft) */
67 PGPTAG_PHOTOID = 17, /*!< PGP's photo ID */
68 PGPTAG_ENCRYPTED_MDC = 18, /*!< Integrity protected encrypted data */
69 PGPTAG_MDC = 19, /*!< Manipulaion detection code packet */
70 PGPTAG_PRIVATE_60 = 60, /*!< Private or Experimental Values */
71 PGPTAG_COMMENT = 61, /*!< Comment */
72 PGPTAG_PRIVATE_62 = 62, /*!< Private or Experimental Values */
73 PGPTAG_CONTROL = 63 /*!< Control (GPG) */
74 } pgpTag;
75
76 /** \ingroup rpmpgp
77 * 5.1. Public-Key Encrypted Session Key Packets (Tag 1)
78 *
79 * A Public-Key Encrypted Session Key packet holds the session key used
80 * to encrypt a message. Zero or more Encrypted Session Key packets
81 * (either Public-Key or Symmetric-Key) may precede a Symmetrically
82 * Encrypted Data Packet, which holds an encrypted message. The message
83 * is encrypted with the session key, and the session key is itself
84 * encrypted and stored in the Encrypted Session Key packet(s). The
85 * Symmetrically Encrypted Data Packet is preceded by one Public-Key
86 * Encrypted Session Key packet for each OpenPGP key to which the
87 * message is encrypted. The recipient of the message finds a session
88 * key that is encrypted to their public key, decrypts the session key,
89 * and then uses the session key to decrypt the message.
90 *
91 * The body of this packet consists of:
92 * - A one-octet number giving the version number of the packet type.
93 * The currently defined value for packet version is 3. An
94 * implementation should accept, but not generate a version of 2,
95 * which is equivalent to V3 in all other respects.
96 * - An eight-octet number that gives the key ID of the public key
97 * that the session key is encrypted to.
98 * - A one-octet number giving the public key algorithm used.
99 * - A string of octets that is the encrypted session key. This string
100 * takes up the remainder of the packet, and its contents are
101 * dependent on the public key algorithm used.
102 *
103 * Algorithm Specific Fields for RSA encryption
104 * - multiprecision integer (MPI) of RSA encrypted value m**e mod n.
105 *
106 * Algorithm Specific Fields for Elgamal encryption:
107 * - MPI of Elgamal (Diffie-Hellman) value g**k mod p.
108 * - MPI of Elgamal (Diffie-Hellman) value m * y**k mod p.
109 */
110 typedef struct pgpPktPubkey_s {
111 uint8_t version; /*!< version number (generate 3, accept 2). */
112 pgpKeyID_t keyid; /*!< key ID of the public key for session key. */
113 uint8_t algo; /*!< public key algorithm used. */
114 } pgpPktPubkey;
115
116
117 /** \ingroup rpmpgp
118 * 5.2.1. Signature Types
119 *
120 * There are a number of possible meanings for a signature, which are
121 * specified in a signature type octet in any given signature.
122 */
123 typedef enum pgpSigType_e {
124 PGPSIGTYPE_BINARY = 0x00, /*!< Binary document */
125 PGPSIGTYPE_TEXT = 0x01, /*!< Canonical text document */
126 PGPSIGTYPE_STANDALONE = 0x02, /*!< Standalone */
127 PGPSIGTYPE_GENERIC_CERT = 0x10,
128 /*!< Generic certification of a User ID & Public Key */
129 PGPSIGTYPE_PERSONA_CERT = 0x11,
130 /*!< Persona certification of a User ID & Public Key */
131 PGPSIGTYPE_CASUAL_CERT = 0x12,
132 /*!< Casual certification of a User ID & Public Key */
133 PGPSIGTYPE_POSITIVE_CERT = 0x13,
134 /*!< Positive certification of a User ID & Public Key */
135 PGPSIGTYPE_SUBKEY_BINDING = 0x18, /*!< Subkey Binding */
136 PGPSIGTYPE_SIGNED_KEY = 0x1F, /*!< Signature directly on a key */
137 PGPSIGTYPE_KEY_REVOKE = 0x20, /*!< Key revocation */
138 PGPSIGTYPE_SUBKEY_REVOKE = 0x28, /*!< Subkey revocation */
139 PGPSIGTYPE_CERT_REVOKE = 0x30, /*!< Certification revocation */
140 PGPSIGTYPE_TIMESTAMP = 0x40 /*!< Timestamp */
141 } pgpSigType;
142
143 /** \ingroup rpmpgp
144 * 9.1. Public Key Algorithms
145 *
146 \verbatim
147 ID Algorithm
148 -- ---------
149 1 - RSA (Encrypt or Sign)
150 2 - RSA Encrypt-Only
151 3 - RSA Sign-Only
152 16 - Elgamal (Encrypt-Only), see [ELGAMAL]
153 17 - DSA (Digital Signature Standard)
154 18 - Reserved for Elliptic Curve
155 19 - Reserved for ECDSA
156 20 - Elgamal (Encrypt or Sign)
157 21 - Reserved for Diffie-Hellman (X9.42,
158 as defined for IETF-S/MIME)
159 22 - EdDSA
160 100 to 110 - Private/Experimental algorithm.
161 \endverbatim
162 *
163 * Implementations MUST implement DSA for signatures, and Elgamal for
164 * encryption. Implementations SHOULD implement RSA keys.
165 * Implementations MAY implement any other algorithm.
166 */
167 typedef enum pgpPubkeyAlgo_e {
168 PGPPUBKEYALGO_RSA = 1, /*!< RSA */
169 PGPPUBKEYALGO_RSA_ENCRYPT = 2, /*!< RSA(Encrypt-Only) */
170 PGPPUBKEYALGO_RSA_SIGN = 3, /*!< RSA(Sign-Only) */
171 PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, /*!< Elgamal(Encrypt-Only) */
172 PGPPUBKEYALGO_DSA = 17, /*!< DSA */
173 PGPPUBKEYALGO_EC = 18, /*!< Elliptic Curve */
174 PGPPUBKEYALGO_ECDSA = 19, /*!< ECDSA */
175 PGPPUBKEYALGO_ELGAMAL = 20, /*!< Elgamal */
176 PGPPUBKEYALGO_DH = 21, /*!< Diffie-Hellman (X9.42) */
177 PGPPUBKEYALGO_EDDSA = 22 /*!< EdDSA */
178 } pgpPubkeyAlgo;
179
180 /** \ingroup rpmpgp
181 * 9.2. Symmetric Key Algorithms
182 *
183 \verbatim
184 ID Algorithm
185 -- ---------
186 0 - Plaintext or unencrypted data
187 1 - IDEA [IDEA]
188 2 - Triple-DES (DES-EDE, as per spec -
189 168 bit key derived from 192)
190 3 - CAST5 (128 bit key, as per RFC 2144)
191 4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
192 5 - SAFER-SK128 (13 rounds) [SAFER]
193 6 - Reserved for DES/SK
194 7 - Reserved for AES with 128-bit key
195 8 - Reserved for AES with 192-bit key
196 9 - Reserved for AES with 256-bit key
197 100 to 110 - Private/Experimental algorithm.
198 \endverbatim
199 *
200 * Implementations MUST implement Triple-DES. Implementations SHOULD
201 * implement IDEA and CAST5. Implementations MAY implement any other
202 * algorithm.
203 */
204 typedef enum pgpSymkeyAlgo_e {
205 PGPSYMKEYALGO_PLAINTEXT = 0, /*!< Plaintext */
206 PGPSYMKEYALGO_IDEA = 1, /*!< IDEA */
207 PGPSYMKEYALGO_TRIPLE_DES = 2, /*!< 3DES */
208 PGPSYMKEYALGO_CAST5 = 3, /*!< CAST5 */
209 PGPSYMKEYALGO_BLOWFISH = 4, /*!< BLOWFISH */
210 PGPSYMKEYALGO_SAFER = 5, /*!< SAFER */
211 PGPSYMKEYALGO_DES_SK = 6, /*!< DES/SK */
212 PGPSYMKEYALGO_AES_128 = 7, /*!< AES(128-bit key) */
213 PGPSYMKEYALGO_AES_192 = 8, /*!< AES(192-bit key) */
214 PGPSYMKEYALGO_AES_256 = 9, /*!< AES(256-bit key) */
215 PGPSYMKEYALGO_TWOFISH = 10, /*!< TWOFISH(256-bit key) */
216 PGPSYMKEYALGO_NOENCRYPT = 110 /*!< no encryption */
217 } pgpSymkeyAlgo;
218
219 /** \ingroup rpmpgp
220 * 9.3. Compression Algorithms
221 *
222 \verbatim
223 ID Algorithm
224 -- ---------
225 0 - Uncompressed
226 1 - ZIP (RFC 1951)
227 2 - ZLIB (RFC 1950)
228 100 to 110 - Private/Experimental algorithm.
229 \endverbatim
230 *
231 * Implementations MUST implement uncompressed data. Implementations
232 * SHOULD implement ZIP. Implementations MAY implement ZLIB.
233 */
234 typedef enum pgpCompressAlgo_e {
235 PGPCOMPRESSALGO_NONE = 0, /*!< Uncompressed */
236 PGPCOMPRESSALGO_ZIP = 1, /*!< ZIP */
237 PGPCOMPRESSALGO_ZLIB = 2, /*!< ZLIB */
238 PGPCOMPRESSALGO_BZIP2 = 3 /*!< BZIP2 */
239 } pgpCompressAlgo;
240
241 /** \ingroup rpmpgp
242 * 9.4. Hash Algorithms
243 *
244 \verbatim
245 ID Algorithm Text Name
246 -- --------- ---- ----
247 1 - MD5 "MD5"
248 2 - SHA-1 "SHA1"
249 3 - RIPE-MD/160 "RIPEMD160"
250 4 - Reserved for double-width SHA (experimental)
251 5 - MD2 "MD2"
252 6 - Reserved for TIGER/192 "TIGER192"
253 7 - Reserved for HAVAL (5 pass, 160-bit) "HAVAL-5-160"
254 8 - SHA-256 "SHA256"
255 9 - SHA-384 "SHA384"
256 10 - SHA-512 "SHA512"
257 11 - SHA-224 "SHA224"
258 100 to 110 - Private/Experimental algorithm.
259 \endverbatim
260 *
261 * Implementations MUST implement SHA-1. Implementations SHOULD
262 * implement MD5.
263 */
264 typedef enum pgpHashAlgo_e {
265 PGPHASHALGO_MD5 = 1, /*!< MD5 */
266 PGPHASHALGO_SHA1 = 2, /*!< SHA1 */
267 PGPHASHALGO_RIPEMD160 = 3, /*!< RIPEMD160 */
268 PGPHASHALGO_MD2 = 5, /*!< MD2 */
269 PGPHASHALGO_TIGER192 = 6, /*!< TIGER192 */
270 PGPHASHALGO_HAVAL_5_160 = 7, /*!< HAVAL-5-160 */
271 PGPHASHALGO_SHA256 = 8, /*!< SHA256 */
272 PGPHASHALGO_SHA384 = 9, /*!< SHA384 */
273 PGPHASHALGO_SHA512 = 10, /*!< SHA512 */
274 PGPHASHALGO_SHA224 = 11, /*!< SHA224 */
275 } pgpHashAlgo;
276
277 /** \ingroup rpmpgp
278 * ECC Curves
279 *
280 * The following curve ids are private to rpm. PGP uses
281 * oids to identify a curve.
282 */
283 typedef enum pgpCurveId_e {
284 PGPCURVE_NIST_P_256 = 1, /*!< NIST P-256 */
285 PGPCURVE_NIST_P_384 = 2, /*!< NIST P-384 */
286 PGPCURVE_NIST_P_521 = 3, /*!< NIST P-521 */
287 PGPCURVE_BRAINPOOL_P256R1 = 4, /*!< brainpoolP256r1 */
288 PGPCURVE_BRAINPOOL_P512R1 = 5, /*!< brainpoolP512r1 */
289 PGPCURVE_ED25519 = 6, /*!< Ed25519 */
290 PGPCURVE_CURVE25519 = 7, /*!< Curve25519 */
291 } pgpCurveId;
292
293 /** \ingroup rpmpgp
294 * 5.2.2. Version 3 Signature Packet Format
295 *
296 * The body of a version 3 Signature Packet contains:
297 * - One-octet version number (3).
298 * - One-octet length of following hashed material. MUST be 5.
299 * - One-octet signature type.
300 * - Four-octet creation time.
301 * - Eight-octet key ID of signer.
302 * - One-octet public key algorithm.
303 * - One-octet hash algorithm.
304 * - Two-octet field holding left 16 bits of signed hash value.
305 * - One or more multi-precision integers comprising the signature.
306 *
307 * Algorithm Specific Fields for RSA signatures:
308 * - multiprecision integer (MPI) of RSA signature value m**d.
309 *
310 * Algorithm Specific Fields for DSA and EdDSA signatures:
311 * - MPI of DSA value r.
312 * - MPI of DSA value s.
313 */
314 typedef struct pgpPktSigV3_s {
315 uint8_t version; /*!< version number (3). */
316 uint8_t hashlen; /*!< length of following hashed material. MUST be 5. */
317 uint8_t sigtype; /*!< signature type. */
318 pgpTime_t time; /*!< 4 byte creation time. */
319 pgpKeyID_t signid; /*!< key ID of signer. */
320 uint8_t pubkey_algo; /*!< public key algorithm. */
321 uint8_t hash_algo; /*!< hash algorithm. */
322 uint8_t signhash16[2]; /*!< left 16 bits of signed hash value. */
323 } * pgpPktSigV3;
324
325 /** \ingroup rpmpgp
326 * 5.2.3. Version 4 Signature Packet Format
327 *
328 * The body of a version 4 Signature Packet contains:
329 * - One-octet version number (4).
330 * - One-octet signature type.
331 * - One-octet public key algorithm.
332 * - One-octet hash algorithm.
333 * - Two-octet scalar octet count for following hashed subpacket
334 * data. Note that this is the length in octets of all of the hashed
335 * subpackets; a pointer incremented by this number will skip over
336 * the hashed subpackets.
337 * - Hashed subpacket data. (zero or more subpackets)
338 * - Two-octet scalar octet count for following unhashed subpacket
339 * data. Note that this is the length in octets of all of the
340 * unhashed subpackets; a pointer incremented by this number will
341 * skip over the unhashed subpackets.
342 * - Unhashed subpacket data. (zero or more subpackets)
343 * - Two-octet field holding left 16 bits of signed hash value.
344 * - One or more multi-precision integers comprising the signature.
345 */
346 typedef struct pgpPktSigV4_s {
347 uint8_t version; /*!< version number (4). */
348 uint8_t sigtype; /*!< signature type. */
349 uint8_t pubkey_algo; /*!< public key algorithm. */
350 uint8_t hash_algo; /*!< hash algorithm. */
351 uint8_t hashlen[2]; /*!< length of following hashed material. */
352 } * pgpPktSigV4;
353
354 /** \ingroup rpmpgp
355 * 5.2.3.1. Signature Subpacket Specification
356 *
357 * The subpacket fields consist of zero or more signature subpackets.
358 * Each set of subpackets is preceded by a two-octet scalar count of the
359 * length of the set of subpackets.
360 *
361 * Each subpacket consists of a subpacket header and a body. The header
362 * consists of:
363 * - the subpacket length (1, 2, or 5 octets)
364 * - the subpacket type (1 octet)
365 * and is followed by the subpacket specific data.
366 *
367 * The length includes the type octet but not this length. Its format is
368 * similar to the "new" format packet header lengths, but cannot have
369 * partial body lengths. That is:
370 \verbatim
371 if the 1st octet < 192, then
372 lengthOfLength = 1
373 subpacketLen = 1st_octet
374
375 if the 1st octet >= 192 and < 255, then
376 lengthOfLength = 2
377 subpacketLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
378
379 if the 1st octet = 255, then
380 lengthOfLength = 5
381 subpacket length = [four-octet scalar starting at 2nd_octet]
382 \endverbatim
383 *
384 * The value of the subpacket type octet may be:
385 *
386 \verbatim
387 2 = signature creation time
388 3 = signature expiration time
389 4 = exportable certification
390 5 = trust signature
391 6 = regular expression
392 7 = revocable
393 9 = key expiration time
394 10 = placeholder for backward compatibility
395 11 = preferred symmetric algorithms
396 12 = revocation key
397 16 = issuer key ID
398 20 = notation data
399 21 = preferred hash algorithms
400 22 = preferred compression algorithms
401 23 = key server preferences
402 24 = preferred key server
403 25 = primary user id
404 26 = policy URL
405 27 = key flags
406 28 = signer's user id
407 29 = reason for revocation
408 100 to 110 = internal or user-defined
409 \endverbatim
410 *
411 * An implementation SHOULD ignore any subpacket of a type that it does
412 * not recognize.
413 *
414 * Bit 7 of the subpacket type is the "critical" bit. If set, it
415 * denotes that the subpacket is one that is critical for the evaluator
416 * of the signature to recognize. If a subpacket is encountered that is
417 * marked critical but is unknown to the evaluating software, the
418 * evaluator SHOULD consider the signature to be in error.
419 */
420 typedef enum pgpSubType_e {
421 PGPSUBTYPE_NONE = 0, /*!< none */
422 PGPSUBTYPE_SIG_CREATE_TIME = 2, /*!< signature creation time */
423 PGPSUBTYPE_SIG_EXPIRE_TIME = 3, /*!< signature expiration time */
424 PGPSUBTYPE_EXPORTABLE_CERT = 4, /*!< exportable certification */
425 PGPSUBTYPE_TRUST_SIG = 5, /*!< trust signature */
426 PGPSUBTYPE_REGEX = 6, /*!< regular expression */
427 PGPSUBTYPE_REVOCABLE = 7, /*!< revocable */
428 PGPSUBTYPE_KEY_EXPIRE_TIME = 9, /*!< key expiration time */
429 PGPSUBTYPE_ARR = 10, /*!< additional recipient request */
430 PGPSUBTYPE_PREFER_SYMKEY = 11, /*!< preferred symmetric algorithms */
431 PGPSUBTYPE_REVOKE_KEY = 12, /*!< revocation key */
432 PGPSUBTYPE_ISSUER_KEYID = 16, /*!< issuer key ID */
433 PGPSUBTYPE_NOTATION = 20, /*!< notation data */
434 PGPSUBTYPE_PREFER_HASH = 21, /*!< preferred hash algorithms */
435 PGPSUBTYPE_PREFER_COMPRESS = 22, /*!< preferred compression algorithms */
436 PGPSUBTYPE_KEYSERVER_PREFERS= 23, /*!< key server preferences */
437 PGPSUBTYPE_PREFER_KEYSERVER = 24, /*!< preferred key server */
438 PGPSUBTYPE_PRIMARY_USERID = 25, /*!< primary user id */
439 PGPSUBTYPE_POLICY_URL = 26, /*!< policy URL */
440 PGPSUBTYPE_KEY_FLAGS = 27, /*!< key flags */
441 PGPSUBTYPE_SIGNER_USERID = 28, /*!< signer's user id */
442 PGPSUBTYPE_REVOKE_REASON = 29, /*!< reason for revocation */
443 PGPSUBTYPE_FEATURES = 30, /*!< feature flags (gpg) */
444 PGPSUBTYPE_EMBEDDED_SIG = 32, /*!< embedded signature (gpg) */
445
446 PGPSUBTYPE_INTERNAL_100 = 100, /*!< internal or user-defined */
447 PGPSUBTYPE_INTERNAL_101 = 101, /*!< internal or user-defined */
448 PGPSUBTYPE_INTERNAL_102 = 102, /*!< internal or user-defined */
449 PGPSUBTYPE_INTERNAL_103 = 103, /*!< internal or user-defined */
450 PGPSUBTYPE_INTERNAL_104 = 104, /*!< internal or user-defined */
451 PGPSUBTYPE_INTERNAL_105 = 105, /*!< internal or user-defined */
452 PGPSUBTYPE_INTERNAL_106 = 106, /*!< internal or user-defined */
453 PGPSUBTYPE_INTERNAL_107 = 107, /*!< internal or user-defined */
454 PGPSUBTYPE_INTERNAL_108 = 108, /*!< internal or user-defined */
455 PGPSUBTYPE_INTERNAL_109 = 109, /*!< internal or user-defined */
456 PGPSUBTYPE_INTERNAL_110 = 110, /*!< internal or user-defined */
457
458 PGPSUBTYPE_CRITICAL = 128 /*!< critical subpacket marker */
459 } pgpSubType;
460
461 /** \ingroup rpmpgp
462 * 5.2. Signature Packet (Tag 2)
463 *
464 * A signature packet describes a binding between some public key and
465 * some data. The most common signatures are a signature of a file or a
466 * block of text, and a signature that is a certification of a user ID.
467 *
468 * Two versions of signature packets are defined. Version 3 provides
469 * basic signature information, while version 4 provides an expandable
470 * format with subpackets that can specify more information about the
471 * signature. PGP 2.6.x only accepts version 3 signatures.
472 *
473 * Implementations MUST accept V3 signatures. Implementations SHOULD
474 * generate V4 signatures. Implementations MAY generate a V3 signature
475 * that can be verified by PGP 2.6.x.
476 *
477 * Note that if an implementation is creating an encrypted and signed
478 * message that is encrypted to a V3 key, it is reasonable to create a
479 * V3 signature.
480 */
481 typedef union pgpPktSig_u {
482 struct pgpPktSigV3_s v3;
483 struct pgpPktSigV4_s v4;
484 } * pgpPktSig;
485
486 /**
487 * 5.3. Symmetric-Key Encrypted Session-Key Packets (Tag 3)
488 *
489 * The Symmetric-Key Encrypted Session Key packet holds the symmetric-
490 * key encryption of a session key used to encrypt a message. Zero or
491 * more Encrypted Session Key packets and/or Symmetric-Key Encrypted
492 * Session Key packets may precede a Symmetrically Encrypted Data Packet
493 * that holds an encrypted message. The message is encrypted with a
494 * session key, and the session key is itself encrypted and stored in
495 * the Encrypted Session Key packet or the Symmetric-Key Encrypted
496 * Session Key packet.
497 *
498 * If the Symmetrically Encrypted Data Packet is preceded by one or more
499 * Symmetric-Key Encrypted Session Key packets, each specifies a
500 * passphrase that may be used to decrypt the message. This allows a
501 * message to be encrypted to a number of public keys, and also to one
502 * or more pass phrases. This packet type is new, and is not generated
503 * by PGP 2.x or PGP 5.0.
504 *
505 * The body of this packet consists of:
506 * - A one-octet version number. The only currently defined version
507 * is 4.
508 * - A one-octet number describing the symmetric algorithm used.
509 * - A string-to-key (S2K) specifier, length as defined above.
510 * - Optionally, the encrypted session key itself, which is decrypted
511 * with the string-to-key object.
512 *
513 */
514 typedef struct pgpPktSymkey_s {
515 uint8_t version; /*!< version number (4). */
516 uint8_t symkey_algo;
517 uint8_t s2k[1];
518 } pgpPktSymkey;
519
520 /** \ingroup rpmpgp
521 * 5.4. One-Pass Signature Packets (Tag 4)
522 *
523 * The One-Pass Signature packet precedes the signed data and contains
524 * enough information to allow the receiver to begin calculating any
525 * hashes needed to verify the signature. It allows the Signature
526 * Packet to be placed at the end of the message, so that the signer can
527 * compute the entire signed message in one pass.
528 *
529 * A One-Pass Signature does not interoperate with PGP 2.6.x or earlier.
530 *
531 * The body of this packet consists of:
532 * - A one-octet version number. The current version is 3.
533 * - A one-octet signature type. Signature types are described in
534 * section 5.2.1.
535 * - A one-octet number describing the hash algorithm used.
536 * - A one-octet number describing the public key algorithm used.
537 * - An eight-octet number holding the key ID of the signing key.
538 * - A one-octet number holding a flag showing whether the signature
539 * is nested. A zero value indicates that the next packet is
540 * another One-Pass Signature packet that describes another
541 * signature to be applied to the same message data.
542 *
543 * Note that if a message contains more than one one-pass signature,
544 * then the signature packets bracket the message; that is, the first
545 * signature packet after the message corresponds to the last one-pass
546 * packet and the final signature packet corresponds to the first one-
547 * pass packet.
548 */
549 typedef struct pgpPktOnepass_s {
550 uint8_t version; /*!< version number (3). */
551 uint8_t sigtype; /*!< signature type. */
552 uint8_t hash_algo; /*!< hash algorithm. */
553 uint8_t pubkey_algo; /*!< public key algorithm. */
554 pgpKeyID_t signid; /*!< key ID of signer. */
555 uint8_t nested;
556 } * pgpPktOnepass;
557
558 /** \ingroup rpmpgp
559 * 5.5.1. Key Packet Variants
560 *
561 * 5.5.1.1. Public Key Packet (Tag 6)
562 *
563 * A Public Key packet starts a series of packets that forms an OpenPGP
564 * key (sometimes called an OpenPGP certificate).
565 *
566 * 5.5.1.2. Public Subkey Packet (Tag 14)
567 *
568 * A Public Subkey packet (tag 14) has exactly the same format as a
569 * Public Key packet, but denotes a subkey. One or more subkeys may be
570 * associated with a top-level key. By convention, the top-level key
571 * provides signature services, and the subkeys provide encryption
572 * services.
573 *
574 * Note: in PGP 2.6.x, tag 14 was intended to indicate a comment packet.
575 * This tag was selected for reuse because no previous version of PGP
576 * ever emitted comment packets but they did properly ignore them.
577 * Public Subkey packets are ignored by PGP 2.6.x and do not cause it to
578 * fail, providing a limited degree of backward compatibility.
579 *
580 * 5.5.1.3. Secret Key Packet (Tag 5)
581 *
582 * A Secret Key packet contains all the information that is found in a
583 * Public Key packet, including the public key material, but also
584 * includes the secret key material after all the public key fields.
585 *
586 * 5.5.1.4. Secret Subkey Packet (Tag 7)
587 *
588 * A Secret Subkey packet (tag 7) is the subkey analog of the Secret Key
589 * packet, and has exactly the same format.
590 *
591 * 5.5.2. Public Key Packet Formats
592 *
593 * There are two versions of key-material packets. Version 3 packets
594 * were first generated by PGP 2.6. Version 2 packets are identical in
595 * format to Version 3 packets, but are generated by PGP 2.5 or before.
596 * V2 packets are deprecated and they MUST NOT be generated. PGP 5.0
597 * introduced version 4 packets, with new fields and semantics. PGP
598 * 2.6.x will not accept key-material packets with versions greater than
599 * 3.
600 *
601 * OpenPGP implementations SHOULD create keys with version 4 format. An
602 * implementation MAY generate a V3 key to ensure interoperability with
603 * old software; note, however, that V4 keys correct some security
604 * deficiencies in V3 keys. These deficiencies are described below. An
605 * implementation MUST NOT create a V3 key with a public key algorithm
606 * other than RSA.
607 *
608 * A version 3 public key or public subkey packet contains:
609 * - A one-octet version number (3).
610 * - A four-octet number denoting the time that the key was created.
611 * - A two-octet number denoting the time in days that this key is
612 * valid. If this number is zero, then it does not expire.
613 * - A one-octet number denoting the public key algorithm of this key
614 * - A series of multi-precision integers comprising the key
615 * material:
616 * - a multiprecision integer (MPI) of RSA public modulus n;
617 * - an MPI of RSA public encryption exponent e.
618 *
619 * V3 keys SHOULD only be used for backward compatibility because of
620 * three weaknesses in them. First, it is relatively easy to construct a
621 * V3 key that has the same key ID as any other key because the key ID
622 * is simply the low 64 bits of the public modulus. Secondly, because
623 * the fingerprint of a V3 key hashes the key material, but not its
624 * length, which increases the opportunity for fingerprint collisions.
625 * Third, there are minor weaknesses in the MD5 hash algorithm that make
626 * developers prefer other algorithms. See below for a fuller discussion
627 * of key IDs and fingerprints.
628 *
629 */
630 typedef struct pgpPktKeyV3_s {
631 uint8_t version; /*!< version number (3). */
632 pgpTime_t time; /*!< time that the key was created. */
633 uint8_t valid[2]; /*!< time in days that this key is valid. */
634 uint8_t pubkey_algo; /*!< public key algorithm. */
635 } * pgpPktKeyV3;
636
637 /** \ingroup rpmpgp
638 * The version 4 format is similar to the version 3 format except for
639 * the absence of a validity period. This has been moved to the
640 * signature packet. In addition, fingerprints of version 4 keys are
641 * calculated differently from version 3 keys, as described in section
642 * "Enhanced Key Formats."
643 *
644 * A version 4 packet contains:
645 * - A one-octet version number (4).
646 * - A four-octet number denoting the time that the key was created.
647 * - A one-octet number denoting the public key algorithm of this key
648 * - A series of multi-precision integers comprising the key
649 * material. This algorithm-specific portion is:
650 *
651 * Algorithm Specific Fields for RSA public keys:
652 * - multiprecision integer (MPI) of RSA public modulus n;
653 * - MPI of RSA public encryption exponent e.
654 *
655 * Algorithm Specific Fields for DSA public keys:
656 * - MPI of DSA prime p;
657 * - MPI of DSA group order q (q is a prime divisor of p-1);
658 * - MPI of DSA group generator g;
659 * - MPI of DSA public key value y (= g**x where x is secret).
660 *
661 * Algorithm Specific Fields for Elgamal public keys:
662 * - MPI of Elgamal prime p;
663 * - MPI of Elgamal group generator g;
664 * - MPI of Elgamal public key value y (= g**x where x is
665 * secret).
666 *
667 * Algorithm Specific Fields for EdDSA public keys:
668 * - variable length field containing a curve OID
669 * - MPI of an EC point representing a public key Q
670 * (a compressed point prefixed with the octet 0x40)
671 *
672 */
673 typedef struct pgpPktKeyV4_s {
674 uint8_t version; /*!< version number (4). */
675 pgpTime_t time; /*!< time that the key was created. */
676 uint8_t pubkey_algo; /*!< public key algorithm. */
677 } * pgpPktKeyV4;
678
679 /** \ingroup rpmpgp
680 * 5.5.3. Secret Key Packet Formats
681 *
682 * The Secret Key and Secret Subkey packets contain all the data of the
683 * Public Key and Public Subkey packets, with additional algorithm-
684 * specific secret key data appended, in encrypted form.
685 *
686 * The packet contains:
687 * - A Public Key or Public Subkey packet, as described above
688 * - One octet indicating string-to-key usage conventions. 0
689 * indicates that the secret key data is not encrypted. 255
690 * indicates that a string-to-key specifier is being given. Any
691 * other value is a symmetric-key encryption algorithm specifier.
692 * - [Optional] If string-to-key usage octet was 255, a one-octet
693 * symmetric encryption algorithm.
694 * - [Optional] If string-to-key usage octet was 255, a string-to-key
695 * specifier. The length of the string-to-key specifier is implied
696 * by its type, as described above.
697 * - [Optional] If secret data is encrypted, eight-octet Initial
698 * Vector (IV).
699 * - Encrypted multi-precision integers comprising the secret key
700 * data. These algorithm-specific fields are as described below.
701 * - Two-octet checksum of the plaintext of the algorithm-specific
702 * portion (sum of all octets, mod 65536).
703 *
704 * Algorithm Specific Fields for RSA secret keys:
705 * - multiprecision integer (MPI) of RSA secret exponent d.
706 * - MPI of RSA secret prime value p.
707 * - MPI of RSA secret prime value q (p < q).
708 * - MPI of u, the multiplicative inverse of p, mod q.
709 *
710 * Algorithm Specific Fields for DSA secret keys:
711 * - MPI of DSA secret exponent x.
712 *
713 * Algorithm Specific Fields for Elgamal secret keys:
714 * - MPI of Elgamal secret exponent x.
715 *
716 * Secret MPI values can be encrypted using a passphrase. If a string-
717 * to-key specifier is given, that describes the algorithm for
718 * converting the passphrase to a key, else a simple MD5 hash of the
719 * passphrase is used. Implementations SHOULD use a string-to-key
720 * specifier; the simple hash is for backward compatibility. The cipher
721 * for encrypting the MPIs is specified in the secret key packet.
722 *
723 * Encryption/decryption of the secret data is done in CFB mode using
724 * the key created from the passphrase and the Initial Vector from the
725 * packet. A different mode is used with V3 keys (which are only RSA)
726 * than with other key formats. With V3 keys, the MPI bit count prefix
727 * (i.e., the first two octets) is not encrypted. Only the MPI non-
728 * prefix data is encrypted. Furthermore, the CFB state is
729 * resynchronized at the beginning of each new MPI value, so that the
730 * CFB block boundary is aligned with the start of the MPI data.
731 *
732 * With V4 keys, a simpler method is used. All secret MPI values are
733 * encrypted in CFB mode, including the MPI bitcount prefix.
734 *
735 * The 16-bit checksum that follows the algorithm-specific portion is
736 * the algebraic sum, mod 65536, of the plaintext of all the algorithm-
737 * specific octets (including MPI prefix and data). With V3 keys, the
738 * checksum is stored in the clear. With V4 keys, the checksum is
739 * encrypted like the algorithm-specific data. This value is used to
740 * check that the passphrase was correct.
741 *
742 */
743 typedef union pgpPktKey_u {
744 struct pgpPktKeyV3_s v3;
745 struct pgpPktKeyV4_s v4;
746 } pgpPktKey;
747
748 /** \ingroup rpmpgp
749 * 5.6. Compressed Data Packet (Tag 8)
750 *
751 * The Compressed Data packet contains compressed data. Typically, this
752 * packet is found as the contents of an encrypted packet, or following
753 * a Signature or One-Pass Signature packet, and contains literal data
754 * packets.
755 *
756 * The body of this packet consists of:
757 * - One octet that gives the algorithm used to compress the packet.
758 * - The remainder of the packet is compressed data.
759 *
760 * A Compressed Data Packet's body contains an block that compresses
761 * some set of packets. See section "Packet Composition" for details on
762 * how messages are formed.
763 *
764 * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
765 * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
766 * implementation uses more bits of compression, PGP V2.6 cannot
767 * decompress it.
768 *
769 * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
770 * blocks.
771 */
772 typedef struct pgpPktCdata_s {
773 uint8_t compressalgo;
774 uint8_t data[1];
775 } pgpPktCdata;
776
777 /** \ingroup rpmpgp
778 * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
779 *
780 * The Symmetrically Encrypted Data packet contains data encrypted with
781 * a symmetric-key algorithm. When it has been decrypted, it will
782 * typically contain other packets (often literal data packets or
783 * compressed data packets).
784 *
785 * The body of this packet consists of:
786 * - Encrypted data, the output of the selected symmetric-key cipher
787 * operating in PGP's variant of Cipher Feedback (CFB) mode.
788 *
789 * The symmetric cipher used may be specified in an Public-Key or
790 * Symmetric-Key Encrypted Session Key packet that precedes the
791 * Symmetrically Encrypted Data Packet. In that case, the cipher
792 * algorithm octet is prefixed to the session key before it is
793 * encrypted. If no packets of these types precede the encrypted data,
794 * the IDEA algorithm is used with the session key calculated as the MD5
795 * hash of the passphrase.
796 *
797 * The data is encrypted in CFB mode, with a CFB shift size equal to the
798 * cipher's block size. The Initial Vector (IV) is specified as all
799 * zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to
800 * the data before it is encrypted. The first eight octets are random,
801 * and the 9th and 10th octets are copies of the 7th and 8th octets,
802 * respectively. After encrypting the first 10 octets, the CFB state is
803 * resynchronized if the cipher block size is 8 octets or less. The
804 * last 8 octets of ciphertext are passed through the cipher and the
805 * block boundary is reset.
806 *
807 * The repetition of 16 bits in the 80 bits of random data prefixed to
808 * the message allows the receiver to immediately check whether the
809 * session key is incorrect.
810 */
811 typedef struct pgpPktEdata_s {
812 uint8_t data[1];
813 } pgpPktEdata;
814
815 /** \ingroup rpmpgp
816 * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
817 *
818 * An experimental version of PGP used this packet as the Literal
819 * packet, but no released version of PGP generated Literal packets with
820 * this tag. With PGP 5.x, this packet has been re-assigned and is
821 * reserved for use as the Marker packet.
822 *
823 * The body of this packet consists of:
824 * - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
825 *
826 * Such a packet MUST be ignored when received. It may be placed at the
827 * beginning of a message that uses features not available in PGP 2.6.x
828 * in order to cause that version to report that newer software is
829 * necessary to process the message.
830 */
831 /** \ingroup rpmpgp
832 * 5.9. Literal Data Packet (Tag 11)
833 *
834 * A Literal Data packet contains the body of a message; data that is
835 * not to be further interpreted.
836 *
837 * The body of this packet consists of:
838 * - A one-octet field that describes how the data is formatted.
839 *
840 * If it is a 'b' (0x62), then the literal packet contains binary data.
841 * If it is a 't' (0x74), then it contains text data, and thus may need
842 * line ends converted to local form, or other text-mode changes. RFC
843 * 1991 also defined a value of 'l' as a 'local' mode for machine-local
844 * conversions. This use is now deprecated.
845 * - File name as a string (one-octet length, followed by file name),
846 * if the encrypted data should be saved as a file.
847 *
848 * If the special name "_CONSOLE" is used, the message is considered to
849 * be "for your eyes only". This advises that the message data is
850 * unusually sensitive, and the receiving program should process it more
851 * carefully, perhaps avoiding storing the received data to disk, for
852 * example.
853 * - A four-octet number that indicates the modification date of the
854 * file, or the creation time of the packet, or a zero that
855 * indicates the present time.
856 * - The remainder of the packet is literal data.
857 *
858 * Text data is stored with <CR><LF> text endings (i.e. network-normal
859 * line endings). These should be converted to native line endings by
860 * the receiving software.
861 */
862 typedef struct pgpPktLdata_s {
863 uint8_t format;
864 uint8_t filenamelen;
865 uint8_t filename[1];
866 } pgpPktLdata;
867
868 /** \ingroup rpmpgp
869 * 5.10. Trust Packet (Tag 12)
870 *
871 * The Trust packet is used only within keyrings and is not normally
872 * exported. Trust packets contain data that record the user's
873 * specifications of which key holders are trustworthy introducers,
874 * along with other information that implementing software uses for
875 * trust information.
876 *
877 * Trust packets SHOULD NOT be emitted to output streams that are
878 * transferred to other users, and they SHOULD be ignored on any input
879 * other than local keyring files.
880 */
881 typedef struct pgpPktTrust_s {
882 uint8_t flag;
883 } pgpPktTrust;
884
885 /** \ingroup rpmpgp
886 * 5.11. User ID Packet (Tag 13)
887 *
888 * A User ID packet consists of data that is intended to represent the
889 * name and email address of the key holder. By convention, it includes
890 * an RFC 822 mail name, but there are no restrictions on its content.
891 * The packet length in the header specifies the length of the user id.
892 * If it is text, it is encoded in UTF-8.
893 *
894 */
895 typedef struct pgpPktUid_s {
896 uint8_t userid[1];
897 } pgpPktUid;
898
899 /** \ingroup rpmpgp
900 */
901 union pgpPktPre_u {
902 pgpPktPubkey pubkey; /*!< 5.1. Public-Key Encrypted Session Key */
903 pgpPktSig sig; /*!< 5.2. Signature */
904 pgpPktSymkey symkey; /*!< 5.3. Symmetric-Key Encrypted Session-Key */
905 pgpPktOnepass onepass; /*!< 5.4. One-Pass Signature */
906 pgpPktKey key; /*!< 5.5. Key Material */
907 pgpPktCdata cdata; /*!< 5.6. Compressed Data */
908 pgpPktEdata edata; /*!< 5.7. Symmetrically Encrypted Data */
909 /*!< 5.8. Marker (obsolete) */
910 pgpPktLdata ldata; /*!< 5.9. Literal Data */
911 pgpPktTrust tdata; /*!< 5.10. Trust */
912 pgpPktUid uid; /*!< 5.11. User ID */
913 };
914
915 /** \ingroup rpmpgp
916 */
917 typedef enum pgpArmor_e {
918 PGPARMOR_ERR_CRC_CHECK = -7,
919 PGPARMOR_ERR_BODY_DECODE = -6,
920 PGPARMOR_ERR_CRC_DECODE = -5,
921 PGPARMOR_ERR_NO_END_PGP = -4,
922 PGPARMOR_ERR_UNKNOWN_PREAMBLE_TAG = -3,
923 PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE = -2,
924 PGPARMOR_ERR_NO_BEGIN_PGP = -1,
925 #define PGPARMOR_ERROR PGPARMOR_ERR_NO_BEGIN_PGP
926 PGPARMOR_NONE = 0,
927 PGPARMOR_MESSAGE = 1, /*!< MESSAGE */
928 PGPARMOR_PUBKEY = 2, /*!< PUBLIC KEY BLOCK */
929 PGPARMOR_SIGNATURE = 3, /*!< SIGNATURE */
930 PGPARMOR_SIGNED_MESSAGE = 4, /*!< SIGNED MESSAGE */
931 PGPARMOR_FILE = 5, /*!< ARMORED FILE */
932 PGPARMOR_PRIVKEY = 6, /*!< PRIVATE KEY BLOCK */
933 PGPARMOR_SECKEY = 7 /*!< SECRET KEY BLOCK */
934 } pgpArmor;
935
936 /** \ingroup rpmpgp
937 */
938 typedef enum pgpArmorKey_e {
939 PGPARMORKEY_VERSION = 1, /*!< Version: */
940 PGPARMORKEY_COMMENT = 2, /*!< Comment: */
941 PGPARMORKEY_MESSAGEID = 3, /*!< MessageID: */
942 PGPARMORKEY_HASH = 4, /*!< Hash: */
943 PGPARMORKEY_CHARSET = 5 /*!< Charset: */
944 } pgpArmorKey;
945
946 typedef enum pgpValType_e {
947 PGPVAL_TAG = 1,
948 PGPVAL_ARMORBLOCK = 2,
949 PGPVAL_ARMORKEY = 3,
950 PGPVAL_SIGTYPE = 4,
951 PGPVAL_SUBTYPE = 5,
952 PGPVAL_PUBKEYALGO = 6,
953 PGPVAL_SYMKEYALGO = 7,
954 PGPVAL_COMPRESSALGO = 8,
955 PGPVAL_HASHALGO = 9,
956 PGPVAL_SERVERPREFS = 10,
957 } pgpValType;
958
959 /** \ingroup rpmpgp
960 * Bit(s) to control digest operation.
961 */
962 enum rpmDigestFlags_e {
963 RPMDIGEST_NONE = 0
964 };
965
966 typedef rpmFlags rpmDigestFlags;
967
968 /** \ingroup rpmpgp
969 * Return string representation of am OpenPGP value.
970 * @param type type of value
971 * @param val byte value to lookup
972 * @return string value of byte
973 */
974 const char * pgpValString(pgpValType type, uint8_t val);
975
976 /** \ingroup rpmpgp
977 * Return (native-endian) integer from big-endian representation.
978 * @param s pointer to big-endian integer
979 * @param nbytes no. of bytes
980 * @return native-endian integer
981 */
982 static inline
pgpGrab(const uint8_t * s,size_t nbytes)983 unsigned int pgpGrab(const uint8_t *s, size_t nbytes)
984 {
985 size_t i = 0;
986 size_t nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
987 while (nb--)
988 i = (i << 8) | *s++;
989 return i;
990 }
991
992 /** \ingroup rpmpgp
993 * Return hex formatted representation of bytes.
994 * @param p bytes
995 * @param plen no. of bytes
996 * @return hex formatted string (malloc'ed)
997 */
998 char * pgpHexStr(const uint8_t *p, size_t plen);
999
1000 /** \ingroup rpmpgp
1001 * Calculate OpenPGP public key fingerprint.
1002 * @param pkt OpenPGP packet (i.e. PGPTAG_PUBLIC_KEY)
1003 * @param pktlen OpenPGP packet length (no. of bytes)
1004 * @retval fp public key fingerprint
1005 * @retval fplen public key fingerprint length
1006 * @return 0 on success, else -1
1007 */
1008 int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
1009 uint8_t **fp, size_t *fplen);
1010
1011 /** \ingroup rpmpgp
1012 * Calculate OpenPGP public key Key ID
1013 * @param pkt OpenPGP packet (i.e. PGPTAG_PUBLIC_KEY)
1014 * @param pktlen OpenPGP packet length (no. of bytes)
1015 * @retval keyid public key Key ID
1016 * @return 0 on success, else -1
1017 */
1018 int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
1019
1020 /** \ingroup rpmpgp
1021 * Parse a OpenPGP packet(s).
1022 * @param pkts OpenPGP packet(s)
1023 * @param pktlen OpenPGP packet(s) length (no. of bytes)
1024 * @param pkttype Expected packet type (signature/key) or 0 for any
1025 * @retval ret signature/pubkey packet parameters on success (alloced)
1026 * @return -1 on error, 0 on success
1027 */
1028 int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
1029 pgpDigParams * ret);
1030
1031 /** \ingroup rpmpgp
1032 * Parse subkey parameters from OpenPGP packet(s).
1033 * @param pkts OpenPGP packet(s)
1034 * @param pktlen OpenPGP packet(s) length (no. of bytes)
1035 * @param mainkey parameters of main key
1036 * @param subkeys array of subkey parameters (alloced)
1037 * @param subkeysCount count of subkeys
1038 * @return -1 on error, 0 on success
1039 */
1040 int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
1041 pgpDigParams mainkey, pgpDigParams **subkeys,
1042 int *subkeysCount);
1043 /** \ingroup rpmpgp
1044 * Print/parse a OpenPGP packet(s).
1045 * @param pkts OpenPGP packet(s)
1046 * @param pktlen OpenPGP packet(s) length (no. of bytes)
1047 * @retval dig parsed output of signature/pubkey packet parameters
1048 * @param printing should packets be printed?
1049 * @return -1 on error, 0 on success
1050 */
1051 int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
1052
1053 /** \ingroup rpmpgp
1054 * Parse armored OpenPGP packets from a file.
1055 * @param fn file name
1056 * @retval pkt dearmored OpenPGP packet(s) (malloced)
1057 * @retval pktlen dearmored OpenPGP packet(s) length in bytes
1058 * @return type of armor found
1059 */
1060 pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen);
1061
1062 /** \ingroup rpmpgp
1063 * Parse armored OpenPGP packets from memory.
1064 * @param armor armored OpenPGP packet string
1065 * @retval pkt dearmored OpenPGP packet(s) (malloced)
1066 * @retval pktlen dearmored OpenPGP packet(s) length in bytes
1067 * @return type of armor found
1068 */
1069 pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen);
1070
1071 /** \ingroup rpmpgp
1072 * Return a length of the first public key certificate in a buffer given
1073 * by pkts that contains one or more certificates. A public key certificate
1074 * consits of packets like Public key packet, User ID packet and so on.
1075 * In a buffer every certificate starts with Public key packet and it ends
1076 * with the start of the next certificate or with the end of the buffer.
1077 *
1078 * @param pkts pointer to a buffer with certificates
1079 * @param pktslen length of the buffer with certificates
1080 * @param certlen length of the first certificate in the buffer
1081 * @return 0 on success
1082 */
1083 int pgpPubKeyCertLen(const uint8_t *pkts, size_t pktslen, size_t *certlen);
1084
1085 /** \ingroup rpmpgp
1086 * Wrap a OpenPGP packets in ascii armor for transport.
1087 * @param atype type of armor
1088 * @param s binary pkt data
1089 * @param ns binary pkt data length
1090 * @return formatted string
1091 */
1092 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns);
1093
1094 /** \ingroup rpmpgp
1095 * Create a container for parsed OpenPGP packet(s).
1096 * @return container
1097 */
1098 pgpDig pgpNewDig(void);
1099
1100 /** \ingroup rpmpgp
1101 * Release (malloc'd) data from container.
1102 * @param dig container
1103 */
1104 void pgpCleanDig(pgpDig dig);
1105
1106 /** \ingroup rpmpgp
1107 * Destroy a container for parsed OpenPGP packet(s).
1108 * @param dig container
1109 * @return NULL always
1110 */
1111 pgpDig pgpFreeDig(pgpDig dig);
1112
1113 /** \ingroup rpmpgp
1114 * Retrieve parameters for parsed OpenPGP packet(s).
1115 * @param dig container
1116 * @param pkttype type of params to retrieve (signature / pubkey)
1117 * @return pointer to OpenPGP parameters, NULL on error/not found
1118 */
1119 pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
1120
1121 /** \ingroup rpmpgp
1122 * Compare OpenPGP packet parameters
1123 * param p1 1st parameter container
1124 * param p2 2nd parameter container
1125 * return 1 if the parameters differ, 0 otherwise
1126 */
1127 int pgpDigParamsCmp(pgpDigParams p1, pgpDigParams p2);
1128
1129 /** \ingroup rpmpgp
1130 * Retrieve OpenPGP algorithm parameters
1131 * param digp parameter container
1132 * param algotype PGPVAL_HASHALGO / PGPVAL_PUBKEYALGO
1133 * return algorithm value, 0 on error
1134 */
1135 unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype);
1136
1137 /** \ingroup rpmpgp
1138 * Destroy parsed OpenPGP packet parameter(s).
1139 * @param digp parameter container
1140 * @return NULL always
1141 */
1142 pgpDigParams pgpDigParamsFree(pgpDigParams digp);
1143
1144 /** \ingroup rpmpgp
1145 * Verify a PGP signature.
1146 * @param key public key
1147 * @param sig signature
1148 * @param hashctx digest context
1149 * @return RPMRC_OK on success
1150 */
1151 rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
1152
1153 /** \ingroup rpmpgp
1154 * Verify a PGP signature.
1155 * @deprecated use pgpVerifySignature() instead
1156 *
1157 * @param dig container
1158 * @param hashctx digest context
1159 * @return RPMRC_OK on success
1160 */
1161 rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx);
1162
1163 /** \ingroup rpmpgp
1164 * Return a string identification of a PGP signature/pubkey.
1165 * @param digp signature/pubkey container
1166 * @return string describing the item and parameters
1167 */
1168 char *pgpIdentItem(pgpDigParams digp);
1169
1170 /** \ingroup rpmpgp
1171 * Perform cryptography initialization.
1172 * It must be called before any cryptography can be used within rpm.
1173 * It's not normally necessary to call it directly as it's called in
1174 * general rpm initialization routines.
1175 * @return 0 on success, -1 on failure
1176 */
1177 int rpmInitCrypto(void);
1178
1179 /** \ingroup rpmpgp
1180 * Shutdown cryptography
1181 */
1182 int rpmFreeCrypto(void);
1183
1184 /** \ingroup rpmpgp
1185 * Duplicate a digest context.
1186 * @param octx existing digest context
1187 * @return duplicated digest context
1188 */
1189 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx);
1190
1191 /** \ingroup rpmpgp
1192 * Obtain digest length in bytes.
1193 * @param hashalgo type of digest
1194 * @return digest length, zero on invalid algorithm
1195 */
1196 size_t rpmDigestLength(int hashalgo);
1197
1198 /** \ingroup rpmpgp
1199 * Initialize digest.
1200 * Set bit count to 0 and buffer to mysterious initialization constants.
1201 * @param hashalgo type of digest
1202 * @param flags bit(s) to control digest operation
1203 * @return digest context
1204 */
1205 DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags);
1206
1207 /** \ingroup rpmpgp
1208 * Update context with next plain text buffer.
1209 * @param ctx digest context
1210 * @param data next data buffer
1211 * @param len no. bytes of data
1212 * @return 0 on success
1213 */
1214 int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len);
1215
1216 /** \ingroup rpmpgp
1217 * Return digest and destroy context.
1218 * Final wrapup - pad to 64-byte boundary with the bit pattern
1219 * 1 0* (64-bit count of bits processed, MSB-first)
1220 *
1221 * @param ctx digest context
1222 * @retval datap address of returned digest
1223 * @retval lenp address of digest length
1224 * @param asAscii return digest as ascii string?
1225 * @return 0 on success
1226 */
1227 int rpmDigestFinal(DIGEST_CTX ctx,
1228 void ** datap,
1229 size_t * lenp, int asAscii);
1230
1231 /** \ingroup rpmpgp
1232 * Create a new digest bundle.
1233 * @return New digest bundle
1234 */
1235 rpmDigestBundle rpmDigestBundleNew(void);
1236
1237 /** \ingroup rpmpgp
1238 * Free a digest bundle and all contained digest contexts.
1239 * @param bundle digest bundle
1240 * @return NULL always
1241 */
1242 rpmDigestBundle rpmDigestBundleFree(rpmDigestBundle bundle);
1243
1244 /** \ingroup rpmpgp
1245 * Add a new type of digest to a bundle. Same as calling
1246 * rpmDigestBundleAddID() with algo == id value.
1247 * @param bundle digest bundle
1248 * @param algo type of digest
1249 * @param flags bit(s) to control digest operation
1250 * @return 0 on success
1251 */
1252 int rpmDigestBundleAdd(rpmDigestBundle bundle, int algo,
1253 rpmDigestFlags flags);
1254
1255 /** \ingroup rpmpgp
1256 * Add a new type of digest to a bundle.
1257 * @param bundle digest bundle
1258 * @param algo type of digest
1259 * @param id id of digest (arbitrary, must be > 0)
1260 * @param flags bit(s) to control digest operation
1261 * @return 0 on success
1262 */
1263 int rpmDigestBundleAddID(rpmDigestBundle bundle, int algo, int id,
1264 rpmDigestFlags flags);
1265
1266 /** \ingroup rpmpgp
1267 * Update contexts within bundle with next plain text buffer.
1268 * @param bundle digest bundle
1269 * @param data next data buffer
1270 * @param len no. bytes of data
1271 * @return 0 on success
1272 */
1273 int rpmDigestBundleUpdate(rpmDigestBundle bundle, const void *data, size_t len);
1274
1275 /** \ingroup rpmpgp
1276 * Return digest from a bundle and destroy context, see rpmDigestFinal().
1277 *
1278 * @param bundle digest bundle
1279 * @param id id of digest to return
1280 * @retval datap address of returned digest
1281 * @retval lenp address of digest length
1282 * @param asAscii return digest as ascii string?
1283 * @return 0 on success
1284 */
1285 int rpmDigestBundleFinal(rpmDigestBundle bundle, int id,
1286 void ** datap, size_t * lenp, int asAscii);
1287
1288 /** \ingroup rpmpgp
1289 * Duplicate a digest context from a bundle.
1290 * @param bundle digest bundle
1291 * @param id id of digest to dup
1292 * @return duplicated digest context
1293 */
1294 DIGEST_CTX rpmDigestBundleDupCtx(rpmDigestBundle bundle, int id);
1295
1296 #ifdef __cplusplus
1297 }
1298 #endif
1299
1300 #endif /* H_RPMPGP */
1301