1 /*-
2  * Copyright (c) 2009 The NetBSD Foundation, Inc.
3  * All rights reserved.
4  *
5  * This code is derived from software contributed to The NetBSD Foundation
6  * by Alistair Crooks (agc@NetBSD.org)
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27  * POSSIBILITY OF SUCH DAMAGE.
28  */
29 /*
30  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
31  * All rights reserved.
32  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
33  * their moral rights under the UK Copyright Design and Patents Act 1988 to
34  * be recorded as the authors of this copyright work.
35  *
36  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
37  * use this file except in compliance with the License.
38  *
39  * You may obtain a copy of the License at
40  *     http://www.apache.org/licenses/LICENSE-2.0
41  *
42  * Unless required by applicable law or agreed to in writing, software
43  * distributed under the License is distributed on an "AS IS" BASIS,
44  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45  *
46  * See the License for the specific language governing permissions and
47  * limitations under the License.
48  */
49 
50 /** \file
51  * packet related headers.
52  */
53 
54 #ifndef PACKET_H_
55 #define PACKET_H_
56 
57 #include <time.h>
58 
59 #ifdef HAVE_OPENSSL_BN_H
60 #include <openssl/bn.h>
61 #endif
62 
63 #include "types.h"
64 #include "errors.h"
65 
66 /* structure to keep track of printing state variables */
67 typedef struct pgp_printstate_t {
68 	unsigned	unarmoured;
69 	unsigned	skipping;
70 	int		indent;
71 } pgp_printstate_t;
72 
73 /** General-use structure for variable-length data
74  */
75 
76 typedef struct {
77 	size_t           len;
78 	uint8_t		*contents;
79 	uint8_t		 mmapped;	/* contents need an munmap(2) */
80 } pgp_data_t;
81 
82 /************************************/
83 /* Packet Tags - RFC4880, 4.2 */
84 /************************************/
85 
86 /** Packet Tag - Bit 7 Mask (this bit is always set).
87  * The first byte of a packet is the "Packet Tag".  It always
88  * has bit 7 set.  This is the mask for it.
89  *
90  * \see RFC4880 4.2
91  */
92 #define PGP_PTAG_ALWAYS_SET		0x80
93 
94 /** Packet Tag - New Format Flag.
95  * Bit 6 of the Packet Tag is the packet format indicator.
96  * If it is set, the new format is used, if cleared the
97  * old format is used.
98  *
99  * \see RFC4880 4.2
100  */
101 #define PGP_PTAG_NEW_FORMAT		0x40
102 
103 
104 /** Old Packet Format: Mask for content tag.
105  * In the old packet format bits 5 to 2 (including)
106  * are the content tag.  This is the mask to apply
107  * to the packet tag.  Note that you need to
108  * shift by #PGP_PTAG_OF_CONTENT_TAG_SHIFT bits.
109  *
110  * \see RFC4880 4.2
111  */
112 #define PGP_PTAG_OF_CONTENT_TAG_MASK	0x3c
113 /** Old Packet Format: Offset for the content tag.
114  * As described at #PGP_PTAG_OF_CONTENT_TAG_MASK the
115  * content tag needs to be shifted after being masked
116  * out from the Packet Tag.
117  *
118  * \see RFC4880 4.2
119  */
120 #define PGP_PTAG_OF_CONTENT_TAG_SHIFT	2
121 /** Old Packet Format: Mask for length type.
122  * Bits 1 and 0 of the packet tag are the length type
123  * in the old packet format.
124  *
125  * See #pgp_ptag_of_lt_t for the meaning of the values.
126  *
127  * \see RFC4880 4.2
128  */
129 #define PGP_PTAG_OF_LENGTH_TYPE_MASK	0x03
130 
131 
132 /** Old Packet Format Lengths.
133  * Defines the meanings of the 2 bits for length type in the
134  * old packet format.
135  *
136  * \see RFC4880 4.2.1
137  */
138 typedef enum {
139 	PGP_PTAG_OLD_LEN_1 = 0x00,	/* Packet has a 1 byte length -
140 					 * header is 2 bytes long. */
141 	PGP_PTAG_OLD_LEN_2 = 0x01,	/* Packet has a 2 byte length -
142 					 * header is 3 bytes long. */
143 	PGP_PTAG_OLD_LEN_4 = 0x02,	/* Packet has a 4 byte
144 						 * length - header is 5 bytes
145 						 * long. */
146 	PGP_PTAG_OLD_LEN_INDETERMINATE = 0x03	/* Packet has a
147 						 * indeterminate length. */
148 } pgp_ptag_of_lt_t;
149 
150 
151 /** New Packet Format: Mask for content tag.
152  * In the new packet format the 6 rightmost bits
153  * are the content tag.  This is the mask to apply
154  * to the packet tag.  Note that you need to
155  * shift by #PGP_PTAG_NF_CONTENT_TAG_SHIFT bits.
156  *
157  * \see RFC4880 4.2
158  */
159 #define PGP_PTAG_NF_CONTENT_TAG_MASK	0x3f
160 /** New Packet Format: Offset for the content tag.
161  * As described at #PGP_PTAG_NF_CONTENT_TAG_MASK the
162  * content tag needs to be shifted after being masked
163  * out from the Packet Tag.
164  *
165  * \see RFC4880 4.2
166  */
167 #define PGP_PTAG_NF_CONTENT_TAG_SHIFT	0
168 
169 /* PTag Content Tags */
170 /***************************/
171 
172 /** Package Tags (aka Content Tags) and signature subpacket types.
173  * This enumerates all rfc-defined packet tag values and the
174  * signature subpacket type values that we understand.
175  *
176  * \see RFC4880 4.3
177  * \see RFC4880 5.2.3.1
178  */
179 typedef enum {
180 	PGP_PTAG_CT_RESERVED = 0,	/* Reserved - a packet tag must
181 					 * not have this value */
182 	PGP_PTAG_CT_PK_SESSION_KEY = 1,	/* Public-Key Encrypted Session
183 					 * Key Packet */
184 	PGP_PTAG_CT_SIGNATURE = 2,	/* Signature Packet */
185 	PGP_PTAG_CT_SK_SESSION_KEY = 3,	/* Symmetric-Key Encrypted Session
186 					 * Key Packet */
187 	PGP_PTAG_CT_1_PASS_SIG = 4,	/* One-Pass Signature
188 						 * Packet */
189 	PGP_PTAG_CT_SECRET_KEY = 5,	/* Secret Key Packet */
190 	PGP_PTAG_CT_PUBLIC_KEY = 6,	/* Public Key Packet */
191 	PGP_PTAG_CT_SECRET_SUBKEY = 7,	/* Secret Subkey Packet */
192 	PGP_PTAG_CT_COMPRESSED = 8,	/* Compressed Data Packet */
193 	PGP_PTAG_CT_SE_DATA = 9,/* Symmetrically Encrypted Data Packet */
194 	PGP_PTAG_CT_MARKER = 10,/* Marker Packet */
195 	PGP_PTAG_CT_LITDATA = 11,	/* Literal Data Packet */
196 	PGP_PTAG_CT_TRUST = 12,	/* Trust Packet */
197 	PGP_PTAG_CT_USER_ID = 13,	/* User ID Packet */
198 	PGP_PTAG_CT_PUBLIC_SUBKEY = 14,	/* Public Subkey Packet */
199 	PGP_PTAG_CT_RESERVED2 = 15,	/* reserved */
200 	PGP_PTAG_CT_RESERVED3 = 16,	/* reserved */
201 	PGP_PTAG_CT_USER_ATTR = 17,	/* User Attribute Packet */
202 	PGP_PTAG_CT_SE_IP_DATA = 18,	/* Sym. Encrypted and Integrity
203 					 * Protected Data Packet */
204 	PGP_PTAG_CT_MDC = 19,	/* Modification Detection Code Packet */
205 
206 	PGP_PARSER_PTAG = 0x100,/* Internal Use: The packet is the "Packet
207 				 * Tag" itself - used when callback sends
208 				 * back the PTag. */
209 	PGP_PTAG_RAW_SS = 0x101,/* Internal Use: content is raw sig subtag */
210 	PGP_PTAG_SS_ALL = 0x102,/* Internal Use: select all subtags */
211 	PGP_PARSER_PACKET_END = 0x103,
212 
213 	/* signature subpackets (0x200-2ff) (type+0x200) */
214 	/* only those we can parse are listed here */
215 	PGP_PTAG_SIG_SUBPKT_BASE = 0x200,	/* Base for signature
216 							 * subpacket types - All
217 							 * signature type values
218 							 * are relative to this
219 							 * value. */
220 	PGP_PTAG_SS_CREATION_TIME = 0x200 + 2,	/* signature creation time */
221 	PGP_PTAG_SS_EXPIRATION_TIME = 0x200 + 3,	/* signature
222 							 * expiration time */
223 
224 	PGP_PTAG_SS_EXPORT_CERT = 0x200 + 4,	/* exportable certification */
225 	PGP_PTAG_SS_TRUST = 0x200 + 5,	/* trust signature */
226 	PGP_PTAG_SS_REGEXP = 0x200 + 6,	/* regular expression */
227 	PGP_PTAG_SS_REVOCABLE = 0x200 + 7,	/* revocable */
228 	PGP_PTAG_SS_KEY_EXPIRY = 0x200 + 9,	/* key expiration
229 							 * time */
230 	PGP_PTAG_SS_RESERVED = 0x200 + 10,	/* reserved */
231 	PGP_PTAG_SS_PREFERRED_SKA = 0x200 + 11,	/* preferred symmetric
232 						 * algs */
233 	PGP_PTAG_SS_REVOCATION_KEY = 0x200 + 12,	/* revocation key */
234 	PGP_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16,	/* issuer key ID */
235 	PGP_PTAG_SS_NOTATION_DATA = 0x200 + 20,	/* notation data */
236 	PGP_PTAG_SS_PREFERRED_HASH = 0x200 + 21,	/* preferred hash
237 							 * algs */
238 	PGP_PTAG_SS_PREF_COMPRESS = 0x200 + 22,	/* preferred
239 							 * compression
240 							 * algorithms */
241 	PGP_PTAG_SS_KEYSERV_PREFS = 0x200 + 23,	/* key server
242 							 * preferences */
243 	PGP_PTAG_SS_PREF_KEYSERV = 0x200 + 24,	/* Preferred Key
244 							 * Server */
245 	PGP_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25,	/* primary User ID */
246 	PGP_PTAG_SS_POLICY_URI = 0x200 + 26,	/* Policy URI */
247 	PGP_PTAG_SS_KEY_FLAGS = 0x200 + 27,	/* key flags */
248 	PGP_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28,	/* Signer's User ID */
249 	PGP_PTAG_SS_REVOCATION_REASON = 0x200 + 29,	/* reason for
250 							 * revocation */
251 	PGP_PTAG_SS_FEATURES = 0x200 + 30,	/* features */
252 	PGP_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31,	/* signature target */
253 	PGP_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32,	/* embedded signature */
254 
255 	PGP_PTAG_SS_USERDEFINED00 = 0x200 + 100,	/* internal or
256 							 * user-defined */
257 	PGP_PTAG_SS_USERDEFINED01 = 0x200 + 101,
258 	PGP_PTAG_SS_USERDEFINED02 = 0x200 + 102,
259 	PGP_PTAG_SS_USERDEFINED03 = 0x200 + 103,
260 	PGP_PTAG_SS_USERDEFINED04 = 0x200 + 104,
261 	PGP_PTAG_SS_USERDEFINED05 = 0x200 + 105,
262 	PGP_PTAG_SS_USERDEFINED06 = 0x200 + 106,
263 	PGP_PTAG_SS_USERDEFINED07 = 0x200 + 107,
264 	PGP_PTAG_SS_USERDEFINED08 = 0x200 + 108,
265 	PGP_PTAG_SS_USERDEFINED09 = 0x200 + 109,
266 	PGP_PTAG_SS_USERDEFINED10 = 0x200 + 110,
267 
268 	/* pseudo content types */
269 	PGP_PTAG_CT_LITDATA_HEADER = 0x300,
270 	PGP_PTAG_CT_LITDATA_BODY = 0x300 + 1,
271 	PGP_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2,
272 	PGP_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3,
273 	PGP_PTAG_CT_ARMOUR_HEADER = 0x300 + 4,
274 	PGP_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5,
275 	PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6,
276 	PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7,
277 	PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8,
278 	PGP_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9,
279 	PGP_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10,	/* In this case the
280 							 * algorithm specific
281 							 * fields will not be
282 							 * initialised */
283 	PGP_PTAG_CT_SE_DATA_HEADER = 0x300 + 11,
284 	PGP_PTAG_CT_SE_DATA_BODY = 0x300 + 12,
285 	PGP_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13,
286 	PGP_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14,
287 	PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15,
288 
289 	/* commands to the callback */
290 	PGP_GET_PASSPHRASE = 0x400,
291 	PGP_GET_SECKEY = 0x400 + 1,
292 
293 	/* Errors */
294 	PGP_PARSER_ERROR = 0x500,	/* Internal Use: Parser Error */
295 	PGP_PARSER_ERRCODE = 0x500 + 1	/* Internal Use: Parser Error
296 					 * with errcode returned */
297 } pgp_content_enum;
298 
299 enum {
300 	PGP_REVOCATION_NO_REASON	= 0,
301 	PGP_REVOCATION_SUPERSEDED	= 1,
302 	PGP_REVOCATION_COMPROMISED	= 2,
303 	PGP_REVOCATION_RETIRED		= 3,
304 	PGP_REVOCATION_NO_LONGER_VALID	= 0x20
305 };
306 
307 /** Structure to hold one error code */
308 typedef struct {
309 	pgp_errcode_t   errcode;
310 } pgp_parser_errcode_t;
311 
312 /** Structure to hold one packet tag.
313  * \see RFC4880 4.2
314  */
315 typedef struct {
316 	unsigned        new_format;	/* Whether this packet tag is new
317 					 * (1) or old format (0) */
318 	unsigned        type;	/* content_tag value - See
319 					 * #pgp_content_enum for meanings */
320 	pgp_ptag_of_lt_t length_type;	/* Length type (#pgp_ptag_of_lt_t)
321 					 * - only if this packet tag is old
322 					 * format.  Set to 0 if new format. */
323 	unsigned        length;	/* The length of the packet.  This value
324 				 * is set when we read and compute the length
325 				 * information, not at the same moment we
326 				 * create the packet tag structure. Only
327 	 * defined if #readc is set. *//* XXX: Ben, is this correct? */
328 	unsigned        position;	/* The position (within the
329 					 * current reader) of the packet */
330 	unsigned	size;	/* number of bits */
331 } pgp_ptag_t;
332 
333 /** Public Key Algorithm Numbers.
334  * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP.
335  *
336  * This lists algorithm numbers for public key algorithms.
337  *
338  * \see RFC4880 9.1
339  */
340 typedef enum {
341 	PGP_PKA_NOTHING	= 0,	/* No PKA */
342 	PGP_PKA_RSA = 1,	/* RSA (Encrypt or Sign) */
343 	PGP_PKA_RSA_ENCRYPT_ONLY = 2,	/* RSA Encrypt-Only (deprecated -
344 					 * \see RFC4880 13.5) */
345 	PGP_PKA_RSA_SIGN_ONLY = 3,	/* RSA Sign-Only (deprecated -
346 					 * \see RFC4880 13.5) */
347 	PGP_PKA_ELGAMAL = 16,	/* Elgamal (Encrypt-Only) */
348 	PGP_PKA_DSA = 17,	/* DSA (Digital Signature Algorithm) */
349 	PGP_PKA_RESERVED_ELLIPTIC_CURVE = 18,	/* Reserved for Elliptic
350 						 * Curve */
351 	PGP_PKA_RESERVED_ECDSA = 19,	/* Reserved for ECDSA */
352 	PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20,	/* Deprecated. */
353 	PGP_PKA_RESERVED_DH = 21,	/* Reserved for Diffie-Hellman
354 					 * (X9.42, as defined for
355 					 * IETF-S/MIME) */
356 	PGP_PKA_PRIVATE00 = 100,/* Private/Experimental Algorithm */
357 	PGP_PKA_PRIVATE01 = 101,/* Private/Experimental Algorithm */
358 	PGP_PKA_PRIVATE02 = 102,/* Private/Experimental Algorithm */
359 	PGP_PKA_PRIVATE03 = 103,/* Private/Experimental Algorithm */
360 	PGP_PKA_PRIVATE04 = 104,/* Private/Experimental Algorithm */
361 	PGP_PKA_PRIVATE05 = 105,/* Private/Experimental Algorithm */
362 	PGP_PKA_PRIVATE06 = 106,/* Private/Experimental Algorithm */
363 	PGP_PKA_PRIVATE07 = 107,/* Private/Experimental Algorithm */
364 	PGP_PKA_PRIVATE08 = 108,/* Private/Experimental Algorithm */
365 	PGP_PKA_PRIVATE09 = 109,/* Private/Experimental Algorithm */
366 	PGP_PKA_PRIVATE10 = 110	/* Private/Experimental Algorithm */
367 } pgp_pubkey_alg_t;
368 
369 /** Structure to hold one DSA public key params.
370  *
371  * \see RFC4880 5.5.2
372  */
373 typedef struct {
374 	BIGNUM         *p;	/* DSA prime p */
375 	BIGNUM         *q;	/* DSA group order q */
376 	BIGNUM         *g;	/* DSA group generator g */
377 	BIGNUM         *y;	/* DSA public key value y (= g^x mod p
378 				 * with x being the secret) */
379 } pgp_dsa_pubkey_t;
380 
381 /** Structure to hold an RSA public key.
382  *
383  * \see RFC4880 5.5.2
384  */
385 typedef struct {
386 	BIGNUM         *n;	/* RSA public modulus n */
387 	BIGNUM         *e;	/* RSA public encryption exponent e */
388 } pgp_rsa_pubkey_t;
389 
390 /** Structure to hold an ElGamal public key params.
391  *
392  * \see RFC4880 5.5.2
393  */
394 typedef struct {
395 	BIGNUM         *p;	/* ElGamal prime p */
396 	BIGNUM         *g;	/* ElGamal group generator g */
397 	BIGNUM         *y;	/* ElGamal public key value y (= g^x mod p
398 				 * with x being the secret) */
399 } pgp_elgamal_pubkey_t;
400 
401 /** Version.
402  * OpenPGP has two different protocol versions: version 3 and version 4.
403  *
404  * \see RFC4880 5.2
405  */
406 typedef enum {
407 	PGP_V2 = 2,		/* Version 2 (essentially the same as v3) */
408 	PGP_V3 = 3,		/* Version 3 */
409 	PGP_V4 = 4		/* Version 4 */
410 } pgp_version_t;
411 
412 /** Structure to hold a pgp public key */
413 typedef struct {
414 	pgp_version_t		version;/* version of the key (v3, v4...) */
415 	time_t			birthtime;
416 	time_t			duration;
417 		/* validity period of the key in days since
418 		* creation.  A value of 0 has a special meaning
419 		* indicating this key does not expire.  Only used with
420 		* v3 keys.  */
421 	unsigned		days_valid;	/* v4 duration */
422 	pgp_pubkey_alg_t	alg;	/* Public Key Algorithm type */
423 	union {
424 		pgp_dsa_pubkey_t dsa;	/* A DSA public key */
425 		pgp_rsa_pubkey_t rsa;	/* An RSA public key */
426 		pgp_elgamal_pubkey_t elgamal;	/* An ElGamal public key */
427 	}			key;	/* Public Key Parameters */
428 } pgp_pubkey_t;
429 
430 /** Structure to hold data for one RSA secret key
431  */
432 typedef struct {
433 	BIGNUM         *d;
434 	BIGNUM         *p;
435 	BIGNUM         *q;
436 	BIGNUM         *u;
437 } pgp_rsa_seckey_t;
438 
439 /** pgp_dsa_seckey_t */
440 typedef struct {
441 	BIGNUM         *x;
442 } pgp_dsa_seckey_t;
443 
444 /** pgp_elgamal_seckey_t */
445 typedef struct {
446 	BIGNUM         *x;
447 } pgp_elgamal_seckey_t;
448 
449 /** s2k_usage_t
450  */
451 typedef enum {
452 	PGP_S2KU_NONE = 0,
453 	PGP_S2KU_ENCRYPTED_AND_HASHED = 254,
454 	PGP_S2KU_ENCRYPTED = 255
455 } pgp_s2k_usage_t;
456 
457 /** s2k_specifier_t
458  */
459 typedef enum {
460 	PGP_S2KS_SIMPLE = 0,
461 	PGP_S2KS_SALTED = 1,
462 	PGP_S2KS_ITERATED_AND_SALTED = 3
463 } pgp_s2k_specifier_t;
464 
465 /** Symmetric Key Algorithm Numbers.
466  * OpenPGP assigns a unique Algorithm Number to each algorithm that is
467  * part of OpenPGP.
468  *
469  * This lists algorithm numbers for symmetric key algorithms.
470  *
471  * \see RFC4880 9.2
472  */
473 typedef enum {
474 	PGP_SA_PLAINTEXT = 0,	/* Plaintext or unencrypted data */
475 	PGP_SA_IDEA = 1,	/* IDEA */
476 	PGP_SA_TRIPLEDES = 2,	/* TripleDES */
477 	PGP_SA_CAST5 = 3,	/* CAST5 */
478 	PGP_SA_BLOWFISH = 4,	/* Blowfish */
479 	PGP_SA_AES_128 = 7,	/* AES with 128-bit key (AES) */
480 	PGP_SA_AES_192 = 8,	/* AES with 192-bit key */
481 	PGP_SA_AES_256 = 9,	/* AES with 256-bit key */
482 	PGP_SA_TWOFISH = 10,	/* Twofish with 256-bit key (TWOFISH) */
483 	PGP_SA_CAMELLIA_128 = 100,	/* Camellia with 128-bit key (CAMELLIA) */
484 	PGP_SA_CAMELLIA_192 = 101,	/* Camellia with 192-bit key */
485 	PGP_SA_CAMELLIA_256 = 102	/* Camellia with 256-bit key */
486 } pgp_symm_alg_t;
487 
488 #define PGP_SA_DEFAULT_CIPHER	PGP_SA_CAST5
489 
490 /** Hashing Algorithm Numbers.
491  * OpenPGP assigns a unique Algorithm Number to each algorithm that is
492  * part of OpenPGP.
493  *
494  * This lists algorithm numbers for hash algorithms.
495  *
496  * \see RFC4880 9.4
497  */
498 typedef enum {
499 	PGP_HASH_UNKNOWN = -1,	/* used to indicate errors */
500 	PGP_HASH_MD5 = 1,	/* MD5 */
501 	PGP_HASH_SHA1 = 2,	/* SHA-1 */
502 	PGP_HASH_RIPEMD = 3,	/* RIPEMD160 */
503 
504 	PGP_HASH_SHA256 = 8,	/* SHA256 */
505 	PGP_HASH_SHA384 = 9,	/* SHA384 */
506 	PGP_HASH_SHA512 = 10,	/* SHA512 */
507 	PGP_HASH_SHA224 = 11	/* SHA224 */
508 } pgp_hash_alg_t;
509 
510 #define	PGP_DEFAULT_HASH_ALGORITHM	PGP_HASH_SHA256
511 
512 void   pgp_calc_mdc_hash(const uint8_t *,
513 			const size_t,
514 			const uint8_t *,
515 			const unsigned,
516 			uint8_t *);
517 unsigned   pgp_is_hash_alg_supported(const pgp_hash_alg_t *);
518 
519 /* Maximum block size for symmetric crypto */
520 #define PGP_MAX_BLOCK_SIZE	16
521 
522 /* Maximum key size for symmetric crypto */
523 #define PGP_MAX_KEY_SIZE	32
524 
525 /* Salt size for hashing */
526 #define PGP_SALT_SIZE		8
527 
528 /* Max hash size */
529 #define PGP_MAX_HASH_SIZE	64
530 
531 /** pgp_seckey_t
532  */
533 typedef struct pgp_seckey_t {
534 	pgp_pubkey_t			pubkey;		/* public key */
535 	pgp_s2k_usage_t		s2k_usage;
536 	pgp_s2k_specifier_t		s2k_specifier;
537 	pgp_symm_alg_t		alg;		/* symmetric alg */
538 	pgp_hash_alg_t		hash_alg;	/* hash algorithm */
539 	uint8_t				salt[PGP_SALT_SIZE];
540 	unsigned			octetc;
541 	uint8_t				iv[PGP_MAX_BLOCK_SIZE];
542 	union {
543 		pgp_rsa_seckey_t		rsa;
544 		pgp_dsa_seckey_t		dsa;
545 		pgp_elgamal_seckey_t		elgamal;
546 	}				key;
547 	unsigned			checksum;
548 	uint8_t			       *checkhash;
549 } pgp_seckey_t;
550 
551 /** Signature Type.
552  * OpenPGP defines different signature types that allow giving
553  * different meanings to signatures.  Signature types include 0x10 for
554  * generitc User ID certifications (used when Ben signs Weasel's key),
555  * Subkey binding signatures, document signatures, key revocations,
556  * etc.
557  *
558  * Different types are used in different places, and most make only
559  * sense in their intended location (for instance a subkey binding has
560  * no place on a UserID).
561  *
562  * \see RFC4880 5.2.1
563  */
564 typedef enum {
565 	PGP_SIG_BINARY = 0x00,	/* Signature of a binary document */
566 	PGP_SIG_TEXT = 0x01,	/* Signature of a canonical text document */
567 	PGP_SIG_STANDALONE = 0x02,	/* Standalone signature */
568 
569 	PGP_CERT_GENERIC = 0x10,/* Generic certification of a User ID and
570 				 * Public Key packet */
571 	PGP_CERT_PERSONA = 0x11,/* Persona certification of a User ID and
572 				 * Public Key packet */
573 	PGP_CERT_CASUAL = 0x12,	/* Casual certification of a User ID and
574 				 * Public Key packet */
575 	PGP_CERT_POSITIVE = 0x13,	/* Positive certification of a
576 					 * User ID and Public Key packet */
577 
578 	PGP_SIG_SUBKEY = 0x18,	/* Subkey Binding Signature */
579 	PGP_SIG_PRIMARY = 0x19,	/* Primary Key Binding Signature */
580 	PGP_SIG_DIRECT = 0x1f,	/* Signature directly on a key */
581 
582 	PGP_SIG_REV_KEY = 0x20,	/* Key revocation signature */
583 	PGP_SIG_REV_SUBKEY = 0x28,	/* Subkey revocation signature */
584 	PGP_SIG_REV_CERT = 0x30,/* Certification revocation signature */
585 
586 	PGP_SIG_TIMESTAMP = 0x40,	/* Timestamp signature */
587 
588 	PGP_SIG_3RD_PARTY = 0x50/* Third-Party Confirmation signature */
589 } pgp_sig_type_t;
590 
591 /** Struct to hold params of an RSA signature */
592 typedef struct pgp_rsa_sig_t {
593 	BIGNUM         *sig;	/* the signature value (m^d % n) */
594 } pgp_rsa_sig_t;
595 
596 /** Struct to hold params of a DSA signature */
597 typedef struct pgp_dsa_sig_t {
598 	BIGNUM         *r;	/* DSA value r */
599 	BIGNUM         *s;	/* DSA value s */
600 } pgp_dsa_sig_t;
601 
602 /** pgp_elgamal_signature_t */
603 typedef struct pgp_elgamal_sig_t {
604 	BIGNUM         *r;
605 	BIGNUM         *s;
606 } pgp_elgamal_sig_t;
607 
608 #define PGP_KEY_ID_SIZE		8
609 #define PGP_FINGERPRINT_SIZE	20
610 
611 /** Struct to hold a signature packet.
612  *
613  * \see RFC4880 5.2.2
614  * \see RFC4880 5.2.3
615  */
616 typedef struct pgp_sig_info_t {
617 	pgp_version_t   version;/* signature version number */
618 	pgp_sig_type_t  type;	/* signature type value */
619 	time_t          birthtime;	/* creation time of the signature */
620 	time_t          duration;	/* number of seconds it's valid for */
621 	uint8_t		signer_id[PGP_KEY_ID_SIZE];	/* Eight-octet key ID
622 							 * of signer */
623 	pgp_pubkey_alg_t key_alg;	/* public key algorithm number */
624 	pgp_hash_alg_t hash_alg;	/* hashing algorithm number */
625 	union {
626 		pgp_rsa_sig_t	rsa;	/* An RSA Signature */
627 		pgp_dsa_sig_t	dsa;	/* A DSA Signature */
628 		pgp_elgamal_sig_t	elgamal;	/* deprecated */
629 		pgp_data_t	unknown;	/* private or experimental */
630 	}			sig;	/* signature params */
631 	size_t          v4_hashlen;
632 	uint8_t		*v4_hashed;
633 	unsigned	 birthtime_set:1;
634 	unsigned	 signer_id_set:1;
635 	unsigned	 duration_set:1;
636 } pgp_sig_info_t;
637 
638 /** Struct used when parsing a signature */
639 typedef struct pgp_sig_t {
640 	pgp_sig_info_t info;	/* The signature information */
641 	/* The following fields are only used while parsing the signature */
642 	uint8_t		 hash2[2];	/* high 2 bytes of hashed value */
643 	size_t		 v4_hashstart;	/* only valid if accumulate is set */
644 	pgp_hash_t     *hash;	/* the hash filled in for the data so far */
645 } pgp_sig_t;
646 
647 /** The raw bytes of a signature subpacket */
648 
649 typedef struct pgp_ss_raw_t {
650 	pgp_content_enum	 tag;
651 	size_t          	 length;
652 	uint8_t			*raw;
653 } pgp_ss_raw_t;
654 
655 /** Signature Subpacket : Trust Level */
656 
657 typedef struct pgp_ss_trust_t {
658 	uint8_t			 level;		/* Trust Level */
659 	uint8_t			 amount;	/* Amount */
660 } pgp_ss_trust_t;
661 
662 /** Signature Subpacket : Notation Data */
663 typedef struct pgp_ss_notation_t {
664 	pgp_data_t		flags;
665 	pgp_data_t		name;
666 	pgp_data_t		value;
667 } pgp_ss_notation_t;
668 
669 /** Signature Subpacket : Signature Target */
670 typedef struct pgp_ss_sig_target_t {
671 	pgp_pubkey_alg_t	pka_alg;
672 	pgp_hash_alg_t		hash_alg;
673 	pgp_data_t		hash;
674 } pgp_ss_sig_target_t;
675 
676 /** pgp_subpacket_t */
677 typedef struct pgp_subpacket_t {
678 	size_t          	 length;
679 	uint8_t			*raw;
680 } pgp_subpacket_t;
681 
682 /** Types of Compression */
683 typedef enum {
684 	PGP_C_NONE = 0,
685 	PGP_C_ZIP = 1,
686 	PGP_C_ZLIB = 2,
687 	PGP_C_BZIP2 = 3
688 } pgp_compression_type_t;
689 
690 /** pgp_one_pass_sig_t */
691 typedef struct {
692 	uint8_t			version;
693 	pgp_sig_type_t		sig_type;
694 	pgp_hash_alg_t		hash_alg;
695 	pgp_pubkey_alg_t	key_alg;
696 	uint8_t			keyid[PGP_KEY_ID_SIZE];
697 	unsigned		nested;
698 } pgp_one_pass_sig_t;
699 
700 /** Signature Subpacket : Revocation Key */
701 typedef struct {
702 	uint8_t   		class;
703 	uint8_t   		algid;
704 	uint8_t   		fingerprint[PGP_FINGERPRINT_SIZE];
705 } pgp_ss_revocation_key_t;
706 
707 /** Signature Subpacket : Revocation Reason */
708 typedef struct {
709 	uint8_t   		 code;
710 	char			*reason;
711 } pgp_ss_revocation_t;
712 
713 /** litdata_type_t */
714 typedef enum {
715 	PGP_LDT_BINARY = 'b',
716 	PGP_LDT_TEXT = 't',
717 	PGP_LDT_UTF8 = 'u',
718 	PGP_LDT_LOCAL = 'l',
719 	PGP_LDT_LOCAL2 = '1'
720 } pgp_litdata_enum;
721 
722 /** pgp_litdata_header_t */
723 typedef struct {
724 	pgp_litdata_enum	format;
725 	char			filename[256];
726 	time_t			mtime;
727 } pgp_litdata_header_t;
728 
729 /** pgp_litdata_body_t */
730 typedef struct {
731 	unsigned         length;
732 	uint8_t		*data;
733 	void		*mem;		/* pgp_memory_t pointer */
734 } pgp_litdata_body_t;
735 
736 /** pgp_header_var_t */
737 typedef struct {
738 	char           *key;
739 	char           *value;
740 } pgp_header_var_t;
741 
742 /** pgp_headers_t */
743 typedef struct {
744 	pgp_header_var_t	*headers;
745 	unsigned	         headerc;
746 } pgp_headers_t;
747 
748 /** pgp_armour_header_t */
749 typedef struct {
750 	const char	*type;
751 	pgp_headers_t	 headers;
752 } pgp_armour_header_t;
753 
754 /** pgp_fixed_body_t */
755 typedef struct pgp_fixed_body_t {
756 	unsigned        length;
757 	uint8_t		data[8192];	/* \todo fix hard-coded value? */
758 } pgp_fixed_body_t;
759 
760 /** pgp_dyn_body_t */
761 typedef struct pgp_dyn_body_t {
762 	unsigned         length;
763 	uint8_t		*data;
764 } pgp_dyn_body_t;
765 
766 enum {
767 	PGP_SE_IP_DATA_VERSION = 1,
768 	PGP_PKSK_V3 = 3
769 };
770 
771 /** pgp_pk_sesskey_params_rsa_t */
772 typedef struct {
773 	BIGNUM         *encrypted_m;
774 	BIGNUM         *m;
775 } pgp_pk_sesskey_params_rsa_t;
776 
777 /** pgp_pk_sesskey_params_elgamal_t */
778 typedef struct {
779 	BIGNUM         *g_to_k;
780 	BIGNUM         *encrypted_m;
781 } pgp_pk_sesskey_params_elgamal_t;
782 
783 /** pgp_pk_sesskey_params_t */
784 typedef union {
785 	pgp_pk_sesskey_params_rsa_t rsa;
786 	pgp_pk_sesskey_params_elgamal_t elgamal;
787 } pgp_pk_sesskey_params_t;
788 
789 /** pgp_pk_sesskey_t */
790 typedef struct {
791 	unsigned			version;
792 	uint8_t				key_id[PGP_KEY_ID_SIZE];
793 	pgp_pubkey_alg_t		alg;
794 	pgp_pk_sesskey_params_t	params;
795 	pgp_symm_alg_t		symm_alg;
796 	uint8_t				key[PGP_MAX_KEY_SIZE];
797 	uint16_t			checksum;
798 } pgp_pk_sesskey_t;
799 
800 /** pgp_seckey_passphrase_t */
801 typedef struct {
802 	const pgp_seckey_t *seckey;
803 	char          **passphrase;	/* point somewhere that gets filled
804 					 * in to work around constness of
805 					 * content */
806 } pgp_seckey_passphrase_t;
807 
808 /** pgp_get_seckey_t */
809 typedef struct {
810 	const pgp_seckey_t **seckey;
811 	const pgp_pk_sesskey_t *pk_sesskey;
812 } pgp_get_seckey_t;
813 
814 /** pgp_parser_union_content_t */
815 typedef union {
816 	const char 			*error;
817 	pgp_parser_errcode_t		errcode;
818 	pgp_ptag_t			ptag;
819 	pgp_pubkey_t			pubkey;
820 	pgp_data_t			trust;
821 	uint8_t				*userid;
822 	pgp_data_t			userattr;
823 	pgp_sig_t			sig;
824 	pgp_ss_raw_t			ss_raw;
825 	pgp_ss_trust_t		ss_trust;
826 	unsigned			ss_revocable;
827 	time_t				ss_time;
828 	uint8_t				ss_issuer[PGP_KEY_ID_SIZE];
829 	pgp_ss_notation_t		ss_notation;
830 	pgp_subpacket_t		packet;
831 	pgp_compression_type_t	compressed;
832 	pgp_one_pass_sig_t		one_pass_sig;
833 	pgp_data_t			ss_skapref;
834 	pgp_data_t			ss_hashpref;
835 	pgp_data_t			ss_zpref;
836 	pgp_data_t			ss_key_flags;
837 	pgp_data_t			ss_key_server_prefs;
838 	unsigned			ss_primary_userid;
839 	char				*ss_regexp;
840 	char				*ss_policy;
841 	char				*ss_keyserv;
842 	pgp_ss_revocation_key_t	ss_revocation_key;
843 	pgp_data_t			ss_userdef;
844 	pgp_data_t			ss_unknown;
845 	pgp_litdata_header_t		litdata_header;
846 	pgp_litdata_body_t		litdata_body;
847 	pgp_dyn_body_t		mdc;
848 	pgp_data_t			ss_features;
849 	pgp_ss_sig_target_t		ss_sig_target;
850 	pgp_data_t			ss_embedded_sig;
851 	pgp_ss_revocation_t		ss_revocation;
852 	pgp_seckey_t			seckey;
853 	uint8_t				*ss_signer;
854 	pgp_armour_header_t		armour_header;
855 	const char 			*armour_trailer;
856 	pgp_headers_t			cleartext_head;
857 	pgp_fixed_body_t		cleartext_body;
858 	struct pgp_hash_t		*cleartext_trailer;
859 	pgp_dyn_body_t		unarmoured_text;
860 	pgp_pk_sesskey_t		pk_sesskey;
861 	pgp_seckey_passphrase_t	skey_passphrase;
862 	unsigned			se_ip_data_header;
863 	pgp_dyn_body_t		se_ip_data_body;
864 	pgp_fixed_body_t		se_data_body;
865 	pgp_get_seckey_t		get_seckey;
866 } pgp_contents_t;
867 
868 /** pgp_packet_t */
869 struct pgp_packet_t {
870 	pgp_content_enum	tag;		/* type of contents */
871 	uint8_t			critical;	/* for sig subpackets */
872 	pgp_contents_t	u;		/* union for contents */
873 };
874 
875 /** pgp_fingerprint_t */
876 typedef struct {
877 	uint8_t			fingerprint[PGP_FINGERPRINT_SIZE];
878 	unsigned        	length;
879 	pgp_hash_alg_t	hashtype;
880 } pgp_fingerprint_t;
881 
882 int pgp_keyid(uint8_t *, const size_t, const pgp_pubkey_t *, pgp_hash_alg_t);
883 int pgp_fingerprint(pgp_fingerprint_t *, const pgp_pubkey_t *, pgp_hash_alg_t);
884 
885 void pgp_finish(void);
886 void pgp_pubkey_free(pgp_pubkey_t *);
887 void pgp_userid_free(uint8_t **);
888 void pgp_data_free(pgp_data_t *);
889 void pgp_sig_free(pgp_sig_t *);
890 void pgp_ss_notation_free(pgp_ss_notation_t *);
891 void pgp_ss_revocation_free(pgp_ss_revocation_t *);
892 void pgp_ss_sig_target_free(pgp_ss_sig_target_t *);
893 
894 void pgp_subpacket_free(pgp_subpacket_t *);
895 void pgp_parser_content_free(pgp_packet_t *);
896 void pgp_seckey_free(pgp_seckey_t *);
897 void pgp_pk_sesskey_free(pgp_pk_sesskey_t *);
898 
899 int pgp_print_packet(pgp_printstate_t *, const pgp_packet_t *);
900 
901 #define DYNARRAY(type, arr)	\
902 	unsigned arr##c; unsigned arr##vsize; type *arr##s
903 
904 #define EXPAND_ARRAY(str, arr) do {					\
905 	if (str->arr##c == str->arr##vsize) {				\
906 		void	*__newarr;					\
907 		char	*__newarrc;					\
908 		unsigned	__newsize;				\
909 		__newsize = (str->arr##vsize * 2) + 10; 		\
910 		if ((__newarrc = __newarr = realloc(str->arr##s,	\
911 			__newsize * sizeof(*str->arr##s))) == NULL) {	\
912 			(void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \
913 		} else {						\
914 			(void) memset(&__newarrc[str->arr##vsize * sizeof(*str->arr##s)], \
915 				0x0, (__newsize - str->arr##vsize) * sizeof(*str->arr##s)); \
916 			str->arr##s = __newarr;				\
917 			str->arr##vsize = __newsize;			\
918 		}							\
919 	}								\
920 } while(/*CONSTCOND*/0)
921 
922 /** pgp_keydata_key_t
923  */
924 typedef union {
925 	pgp_pubkey_t pubkey;
926 	pgp_seckey_t seckey;
927 } pgp_keydata_key_t;
928 
929 
930 /* sigpacket_t */
931 typedef struct {
932 	uint8_t			**userid;
933 	pgp_subpacket_t	*packet;
934 } sigpacket_t;
935 
936 /* user revocation info */
937 typedef struct pgp_revoke_t {
938 	uint32_t		 uid;		/* index in uid array */
939 	uint8_t			 code;		/* revocation code */
940 	char			*reason;	/* c'mon, spill the beans */
941 } pgp_revoke_t;
942 
943 /** signature subpackets */
944 typedef struct pgp_subsig_t {
945 	uint32_t		uid;		/* index in userid array in key */
946 	pgp_sig_t		sig;		/* trust signature */
947 	uint8_t			trustlevel;	/* level of trust */
948 	uint8_t			trustamount;	/* amount of trust */
949 } pgp_subsig_t;
950 
951 /* describes a user's key */
952 struct pgp_key_t {
953 	DYNARRAY(uint8_t *, uid);		/* array of user ids */
954 	DYNARRAY(pgp_subpacket_t, packet);	/* array of raw subpackets */
955 	DYNARRAY(pgp_subsig_t, subsig);	/* array of signature subkeys */
956 	DYNARRAY(pgp_revoke_t, revoke);	/* array of signature revocations */
957 	pgp_content_enum	type;		/* type of key */
958 	pgp_keydata_key_t	key;		/* pubkey/seckey data */
959 	pgp_pubkey_t		sigkey;		/* signature key */
960 	uint8_t			sigid[PGP_KEY_ID_SIZE];
961 	pgp_fingerprint_t	sigfingerprint;	/* pgp signature fingerprint */
962 	pgp_pubkey_t		enckey;		/* encryption key */
963 	uint8_t			encid[PGP_KEY_ID_SIZE];
964 	pgp_fingerprint_t	encfingerprint;	/* pgp encryption id fingerprint */
965 	uint32_t		uid0;		/* primary uid index in uids array */
966 	uint8_t			revoked;	/* key has been revoked */
967 	pgp_revoke_t		revocation;	/* revocation reason */
968 };
969 
970 #define MDC_PKT_TAG	0xd3
971 
972 #endif /* PACKET_H_ */
973