1 /*-
2  * Copyright (c) 2009 The NetBSD Foundation, Inc.
3  * All rights reserved.
4  *
5  * This code is derived from software contributed to The NetBSD Foundation
6  * by Alistair Crooks (agc@NetBSD.org)
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27  * POSSIBILITY OF SUCH DAMAGE.
28  */
29 /*
30  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
31  * All rights reserved.
32  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
33  * their moral rights under the UK Copyright Design and Patents Act 1988 to
34  * be recorded as the authors of this copyright work.
35  *
36  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
37  * use this file except in compliance with the License.
38  *
39  * You may obtain a copy of the License at
40  *     http://www.apache.org/licenses/LICENSE-2.0
41  *
42  * Unless required by applicable law or agreed to in writing, software
43  * distributed under the License is distributed on an "AS IS" BASIS,
44  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45  *
46  * See the License for the specific language governing permissions and
47  * limitations under the License.
48  */
49 
50 /** \file
51  */
52 
53 #ifndef CRYPTO_H_
54 #define CRYPTO_H_
55 
56 #include "keyring.h"
57 #include "packet.h"
58 #include "memory.h"
59 #include "packet-parse.h"
60 
61 #include <openssl/dsa.h>
62 
63 #define PGP_MIN_HASH_SIZE	16
64 
65 /** pgp_hash_t */
66 struct pgp_hash_t {
67 	pgp_hash_alg_t		 alg;		/* algorithm */
68 	size_t			 size;		/* size */
69 	const char		*name;		/* what it's known as */
70 	int			(*init)(pgp_hash_t *);
71 	void			(*add)(pgp_hash_t *, const uint8_t *, unsigned);
72 	unsigned		(*finish)(pgp_hash_t *, uint8_t *);
73 	void		 	*data;		/* blob for data */
74 };
75 
76 /** pgp_crypt_t */
77 struct pgp_crypt_t {
78 	pgp_symm_alg_t	alg;
79 	size_t			blocksize;
80 	size_t			keysize;
81 	void 			(*set_iv)(pgp_crypt_t *, const uint8_t *);
82 	void			(*set_crypt_key)(pgp_crypt_t *, const uint8_t *);
83 	int			(*base_init)(pgp_crypt_t *);
84 	void			(*decrypt_resync)(pgp_crypt_t *);
85 	/* encrypt/decrypt one block */
86 	void			(*block_encrypt)(pgp_crypt_t *, void *, const void *);
87 	void			(*block_decrypt)(pgp_crypt_t *, void *, const void *);
88 	/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
89 	void 			(*cfb_encrypt)(pgp_crypt_t *, void *, const void *, size_t);
90 	void			(*cfb_decrypt)(pgp_crypt_t *, void *, const void *, size_t);
91 	void			(*decrypt_finish)(pgp_crypt_t *);
92 	uint8_t			iv[PGP_MAX_BLOCK_SIZE];
93 	uint8_t			civ[PGP_MAX_BLOCK_SIZE];
94 	uint8_t			siv[PGP_MAX_BLOCK_SIZE];
95 		/* siv is needed for weird v3 resync */
96 	uint8_t			key[PGP_MAX_KEY_SIZE];
97 	int			num;
98 		/* num is offset - see openssl _encrypt doco */
99 	void			*encrypt_key;
100 	void			*decrypt_key;
101 };
102 
103 void pgp_crypto_finish(void);
104 void pgp_hash_md5(pgp_hash_t *);
105 void pgp_hash_sha1(pgp_hash_t *);
106 void pgp_hash_sha256(pgp_hash_t *);
107 void pgp_hash_sha512(pgp_hash_t *);
108 void pgp_hash_sha384(pgp_hash_t *);
109 void pgp_hash_sha224(pgp_hash_t *);
110 void pgp_hash_any(pgp_hash_t *, pgp_hash_alg_t);
111 pgp_hash_alg_t pgp_str_to_hash_alg(const char *);
112 const char *pgp_text_from_hash(pgp_hash_t *);
113 unsigned pgp_hash_size(pgp_hash_alg_t);
114 unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t);
115 
116 void pgp_hash_add_int(pgp_hash_t *, unsigned, unsigned);
117 
118 unsigned pgp_dsa_verify(const uint8_t *, size_t,
119 			const pgp_dsa_sig_t *,
120 			const pgp_dsa_pubkey_t *);
121 
122 int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
123 			const pgp_rsa_pubkey_t *);
124 int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
125 			const pgp_rsa_pubkey_t *);
126 
127 int pgp_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t,
128 			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
129 int pgp_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t,
130 			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
131 
132 int pgp_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t,
133 			const pgp_elgamal_pubkey_t *);
134 int pgp_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t,
135 			const pgp_elgamal_seckey_t *, const pgp_elgamal_pubkey_t *);
136 
137 pgp_symm_alg_t pgp_str_to_cipher(const char *);
138 unsigned pgp_block_size(pgp_symm_alg_t);
139 unsigned pgp_key_size(pgp_symm_alg_t);
140 
141 int pgp_decrypt_data(pgp_content_enum, pgp_region_t *,
142 			pgp_stream_t *);
143 
144 int pgp_crypt_any(pgp_crypt_t *, pgp_symm_alg_t);
145 void pgp_decrypt_init(pgp_crypt_t *);
146 void pgp_encrypt_init(pgp_crypt_t *);
147 size_t pgp_decrypt_se(pgp_crypt_t *, void *, const void *, size_t);
148 size_t pgp_encrypt_se(pgp_crypt_t *, void *, const void *, size_t);
149 size_t pgp_decrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
150 size_t pgp_encrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
151 unsigned pgp_is_sa_supported(pgp_symm_alg_t);
152 
153 void pgp_reader_push_decrypt(pgp_stream_t *, pgp_crypt_t *,
154 			pgp_region_t *);
155 void pgp_reader_pop_decrypt(pgp_stream_t *);
156 
157 /* Hash everything that's read */
158 void pgp_reader_push_hash(pgp_stream_t *, pgp_hash_t *);
159 void pgp_reader_pop_hash(pgp_stream_t *);
160 
161 int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *,
162 			const BIGNUM *, const pgp_seckey_t *);
163 
164 unsigned pgp_rsa_encrypt_mpi(const uint8_t *, const size_t,
165 			const pgp_pubkey_t *,
166 			pgp_pk_sesskey_params_t *);
167 unsigned pgp_elgamal_encrypt_mpi(const uint8_t *, const size_t,
168 			const pgp_pubkey_t *,
169 			pgp_pk_sesskey_params_t *);
170 
171 /* Encrypt everything that's written */
172 struct pgp_key_data;
173 void pgp_writer_push_encrypt(pgp_output_t *,
174 			const struct pgp_key_data *);
175 
176 unsigned   pgp_encrypt_file(pgp_io_t *, const char *, const char *,
177 			const pgp_key_t *,
178 			const unsigned, const unsigned, const char *);
179 unsigned   pgp_decrypt_file(pgp_io_t *,
180 			const char *,
181 			const char *,
182 			pgp_keyring_t *,
183 			pgp_keyring_t *,
184 			const unsigned,
185 			const unsigned,
186 			const unsigned,
187 			void *,
188 			int,
189 			pgp_cbfunc_t *);
190 
191 pgp_memory_t *
192 pgp_encrypt_buf(pgp_io_t *, const void *, const size_t,
193 			const pgp_key_t *,
194 			const unsigned, const char *);
195 pgp_memory_t *
196 pgp_decrypt_buf(pgp_io_t *,
197 			const void *,
198 			const size_t,
199 			pgp_keyring_t *,
200 			pgp_keyring_t *,
201 			const unsigned,
202 			const unsigned,
203 			void *,
204 			int,
205 			pgp_cbfunc_t *);
206 
207 /* Keys */
208 pgp_key_t  *pgp_rsa_new_selfsign_key(const int,
209 			const unsigned long, uint8_t *, const char *,
210 			const char *);
211 
212 int pgp_dsa_size(const pgp_dsa_pubkey_t *);
213 DSA_SIG *pgp_dsa_sign(uint8_t *, unsigned,
214 				const pgp_dsa_seckey_t *,
215 				const pgp_dsa_pubkey_t *);
216 
217 int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int);
218 
219 /** pgp_reader_t */
220 struct pgp_reader_t {
221 	pgp_reader_func_t	*reader; /* reader func to get parse data */
222 	pgp_reader_destroyer_t	*destroyer;
223 	void			*arg;	/* args to pass to reader function */
224 	unsigned		 accumulate:1;	/* set to gather packet data */
225 	uint8_t			*accumulated;	/* the accumulated data */
226 	unsigned		 asize;	/* size of the buffer */
227 	unsigned		 alength;/* used buffer */
228 	unsigned		 position;	/* reader-specific offset */
229 	pgp_reader_t		*next;
230 	pgp_stream_t		*parent;/* parent parse_info structure */
231 };
232 
233 
234 /** pgp_cryptinfo_t
235  Encrypt/decrypt settings
236 */
237 struct pgp_cryptinfo_t {
238 	char			*passphrase;
239 	pgp_keyring_t		*secring;
240 	const pgp_key_t		*keydata;
241 	pgp_cbfunc_t		*getpassphrase;
242 	pgp_keyring_t		*pubring;
243 };
244 
245 /** pgp_cbdata_t */
246 struct pgp_cbdata_t {
247 	pgp_cbfunc_t		*cbfunc;	/* callback function */
248 	void			*arg;	/* args to pass to callback func */
249 	pgp_error_t		**errors; /* address of error stack */
250 	pgp_cbdata_t		*next;
251 	pgp_output_t		*output;	/* when writing out parsed info */
252 	pgp_io_t		*io;		/* error/output messages */
253 	void			*passfp;	/* fp for passphrase input */
254 	pgp_cryptinfo_t		 cryptinfo;	/* used when decrypting */
255 	pgp_printstate_t	 printstate;	/* used to keep printing state */
256 	pgp_seckey_t		*sshseckey;	/* secret key for ssh */
257 	int			 numtries;	/* # of passphrase attempts */
258 	int			 gotpass;	/* when passphrase entered */
259 };
260 
261 /** pgp_hashtype_t */
262 typedef struct {
263 	pgp_hash_t	hash;	/* hashes we should hash data with */
264 	uint8_t	keyid[PGP_KEY_ID_SIZE];
265 } pgp_hashtype_t;
266 
267 #define NTAGS	0x100	/* == 256 */
268 
269 /** \brief Structure to hold information about a packet parse.
270  *
271  *  This information includes options about the parse:
272  *  - whether the packet contents should be accumulated or not
273  *  - whether signature subpackets should be parsed or left raw
274  *
275  *  It contains options specific to the parsing of armoured data:
276  *  - whether headers are allowed in armoured data without a gap
277  *  - whether a blank line is allowed at the start of the armoured data
278  *
279  *  It also specifies :
280  *  - the callback function to use and its arguments
281  *  - the reader function to use and its arguments
282  *
283  *  It also contains information about the current state of the parse:
284  *  - offset from the beginning
285  *  - the accumulated data, if any
286  *  - the size of the buffer, and how much has been used
287  *
288  *  It has a linked list of errors.
289  */
290 
291 struct pgp_stream_t {
292 	uint8_t		 	ss_raw[NTAGS / 8];
293 		/* 1 bit / sig-subpkt type; set to get raw data */
294 	uint8_t		 	ss_parsed[NTAGS / 8];
295 		/* 1 bit / sig-subpkt type; set to get parsed data */
296 	pgp_reader_t	 	 readinfo;
297 	pgp_cbdata_t		 cbinfo;
298 	pgp_error_t		*errors;
299 	void			*io;		/* io streams */
300 	pgp_crypt_t		 decrypt;
301 	pgp_cryptinfo_t		 cryptinfo;
302 	size_t			 hashc;
303 	pgp_hashtype_t		*hashes;
304 	unsigned		 reading_v3_secret:1;
305 	unsigned		 reading_mpi_len:1;
306 	unsigned		 exact_read:1;
307 	unsigned		 partial_read:1;
308 	unsigned		 coalescing:1;
309 	/* used for partial length coalescing */
310 	unsigned		 virtualc;
311 	unsigned		 virtualoff;
312 	uint8_t			*virtualpkt;
313 };
314 
315 #endif /* CRYPTO_H_ */
316