1 /*
2  * pgp.h
3  *	  OpenPGP implementation.
4  *
5  * Copyright (c) 2005 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *	  notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *	  notice, this list of conditions and the following disclaimer in the
15  *	  documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/pgp.h
30  */
31 
32 #include "lib/stringinfo.h"
33 
34 #include "mbuf.h"
35 #include "px.h"
36 
37 enum PGP_S2K_TYPE
38 {
39 	PGP_S2K_SIMPLE = 0,
40 	PGP_S2K_SALTED = 1,
41 	PGP_S2K_ISALTED = 3
42 };
43 
44 enum PGP_PKT_TYPE
45 {
46 	PGP_PKT_RESERVED = 0,
47 	PGP_PKT_PUBENCRYPTED_SESSKEY = 1,
48 	PGP_PKT_SIGNATURE = 2,
49 	PGP_PKT_SYMENCRYPTED_SESSKEY = 3,
50 	PGP_PKT_SECRET_KEY = 5,
51 	PGP_PKT_PUBLIC_KEY = 6,
52 	PGP_PKT_SECRET_SUBKEY = 7,
53 	PGP_PKT_COMPRESSED_DATA = 8,
54 	PGP_PKT_SYMENCRYPTED_DATA = 9,
55 	PGP_PKT_MARKER = 10,
56 	PGP_PKT_LITERAL_DATA = 11,
57 	PGP_PKT_TRUST = 12,
58 	PGP_PKT_USER_ID = 13,
59 	PGP_PKT_PUBLIC_SUBKEY = 14,
60 	PGP_PKT_USER_ATTR = 17,
61 	PGP_PKT_SYMENCRYPTED_DATA_MDC = 18,
62 	PGP_PKT_MDC = 19,
63 	PGP_PKT_PRIV_61 = 61		/* occurs in gpg secring */
64 };
65 
66 enum PGP_PUB_ALGO_TYPE
67 {
68 	PGP_PUB_RSA_ENCRYPT_SIGN = 1,
69 	PGP_PUB_RSA_ENCRYPT = 2,
70 	PGP_PUB_RSA_SIGN = 3,
71 	PGP_PUB_ELG_ENCRYPT = 16,
72 	PGP_PUB_DSA_SIGN = 17
73 };
74 
75 enum PGP_SYMENC_TYPE
76 {
77 	PGP_SYM_PLAIN = 0,			/* ?? */
78 	PGP_SYM_IDEA = 1,			/* obsolete, PGP 2.6 compat */
79 	PGP_SYM_DES3 = 2,			/* must */
80 	PGP_SYM_CAST5 = 3,			/* should */
81 	PGP_SYM_BLOWFISH = 4,
82 	PGP_SYM_SAFER_SK128 = 5,	/* obsolete */
83 	PGP_SYM_DES_SK = 6,			/* obsolete */
84 	PGP_SYM_AES_128 = 7,		/* should */
85 	PGP_SYM_AES_192 = 8,
86 	PGP_SYM_AES_256 = 9,
87 	PGP_SYM_TWOFISH = 10
88 };
89 
90 enum PGP_COMPR_TYPE
91 {
92 	PGP_COMPR_NONE = 0,			/* must */
93 	PGP_COMPR_ZIP = 1,			/* should */
94 	PGP_COMPR_ZLIB = 2,
95 	PGP_COMPR_BZIP2 = 3
96 };
97 
98 enum PGP_DIGEST_TYPE
99 {
100 	PGP_DIGEST_MD5 = 1,			/* should, deprecated  */
101 	PGP_DIGEST_SHA1 = 2,		/* must */
102 	PGP_DIGEST_RIPEMD160 = 3,
103 	PGP_DIGEST_XSHA = 4,		/* obsolete */
104 	PGP_DIGEST_MD2 = 5,			/* obsolete */
105 	PGP_DIGEST_TIGER192 = 6,	/* obsolete */
106 	PGP_DIGEST_HAVAL5_160 = 7,	/* obsolete */
107 	PGP_DIGEST_SHA256 = 8,
108 	PGP_DIGEST_SHA384 = 9,
109 	PGP_DIGEST_SHA512 = 10
110 };
111 
112 #define PGP_MAX_KEY    (256/8)
113 #define PGP_MAX_BLOCK  (256/8)
114 #define PGP_MAX_DIGEST (512/8)
115 #define PGP_S2K_SALT   8
116 
117 typedef struct PGP_MPI PGP_MPI;
118 typedef struct PGP_PubKey PGP_PubKey;
119 typedef struct PGP_Context PGP_Context;
120 typedef struct PGP_S2K PGP_S2K;
121 
122 struct PGP_S2K
123 {
124 	uint8		mode;
125 	uint8		digest_algo;
126 	uint8		salt[8];
127 	uint8		iter;			/* encoded (one-octet) count */
128 	/* calculated: */
129 	uint8		key[PGP_MAX_KEY];
130 	uint8		key_len;
131 };
132 
133 
134 struct PGP_Context
135 {
136 	/*
137 	 * parameters
138 	 */
139 	PGP_S2K		s2k;
140 	int			s2k_mode;
141 	int			s2k_count;		/* 4-byte decoded count */
142 	int			s2k_digest_algo;
143 	int			s2k_cipher_algo;
144 	int			cipher_algo;
145 	int			compress_algo;
146 	int			compress_level;
147 	int			disable_mdc;
148 	int			use_sess_key;
149 	int			text_mode;
150 	int			convert_crlf;
151 	int			unicode_mode;
152 
153 	/*
154 	 * internal variables
155 	 */
156 	int			mdc_checked;
157 	int			corrupt_prefix; /* prefix failed RFC 4880 "quick check" */
158 	int			unsupported_compr;	/* has bzip2 compression */
159 	int			unexpected_binary;	/* binary data seen in text_mode */
160 	int			in_mdc_pkt;
161 	int			use_mdcbuf_filter;
162 	PX_MD	   *mdc_ctx;
163 
164 	PGP_PubKey *pub_key;		/* ctx owns it */
165 	const uint8 *sym_key;		/* ctx does not own it */
166 	int			sym_key_len;
167 
168 	/*
169 	 * read or generated data
170 	 */
171 	uint8		sess_key[PGP_MAX_KEY];
172 	unsigned	sess_key_len;
173 };
174 
175 /* from RFC 4880 3.7.1.3 */
176 #define s2k_decode_count(cval) \
177 	(((unsigned) 16 + (cval & 15)) << ((cval >> 4) + 6))
178 
179 struct PGP_MPI
180 {
181 	uint8	   *data;
182 	int			bits;
183 	int			bytes;
184 };
185 
186 struct PGP_PubKey
187 {
188 	uint8		ver;
189 	uint8		time[4];
190 	uint8		algo;
191 
192 	/* public part */
193 	union
194 	{
195 		struct
196 		{
197 			PGP_MPI    *p;
198 			PGP_MPI    *g;
199 			PGP_MPI    *y;
200 		}			elg;
201 		struct
202 		{
203 			PGP_MPI    *n;
204 			PGP_MPI    *e;
205 		}			rsa;
206 		struct
207 		{
208 			PGP_MPI    *p;
209 			PGP_MPI    *q;
210 			PGP_MPI    *g;
211 			PGP_MPI    *y;
212 		}			dsa;
213 	}			pub;
214 
215 	/* secret part */
216 	union
217 	{
218 		struct
219 		{
220 			PGP_MPI    *x;
221 		}			elg;
222 		struct
223 		{
224 			PGP_MPI    *d;
225 			PGP_MPI    *p;
226 			PGP_MPI    *q;
227 			PGP_MPI    *u;
228 		}			rsa;
229 		struct
230 		{
231 			PGP_MPI    *x;
232 		}			dsa;
233 	}			sec;
234 
235 	uint8		key_id[8];
236 	int			can_encrypt;
237 };
238 
239 int			pgp_init(PGP_Context **ctx);
240 int			pgp_encrypt(PGP_Context *ctx, MBuf *src, MBuf *dst);
241 int			pgp_decrypt(PGP_Context *ctx, MBuf *src, MBuf *dst);
242 int			pgp_free(PGP_Context *ctx);
243 
244 int			pgp_get_digest_code(const char *name);
245 int			pgp_get_cipher_code(const char *name);
246 const char *pgp_get_digest_name(int code);
247 const char *pgp_get_cipher_name(int code);
248 
249 int			pgp_set_cipher_algo(PGP_Context *ctx, const char *name);
250 int			pgp_set_s2k_mode(PGP_Context *ctx, int type);
251 int			pgp_set_s2k_count(PGP_Context *ctx, int count);
252 int			pgp_set_s2k_cipher_algo(PGP_Context *ctx, const char *name);
253 int			pgp_set_s2k_digest_algo(PGP_Context *ctx, const char *name);
254 int			pgp_set_convert_crlf(PGP_Context *ctx, int doit);
255 int			pgp_disable_mdc(PGP_Context *ctx, int disable);
256 int			pgp_set_sess_key(PGP_Context *ctx, int use);
257 int			pgp_set_compress_algo(PGP_Context *ctx, int algo);
258 int			pgp_set_compress_level(PGP_Context *ctx, int level);
259 int			pgp_set_text_mode(PGP_Context *ctx, int mode);
260 int			pgp_set_unicode_mode(PGP_Context *ctx, int mode);
261 int			pgp_get_unicode_mode(PGP_Context *ctx);
262 
263 int			pgp_set_symkey(PGP_Context *ctx, const uint8 *key, int klen);
264 int pgp_set_pubkey(PGP_Context *ctx, MBuf *keypkt,
265 			   const uint8 *key, int klen, int pubtype);
266 
267 int			pgp_get_keyid(MBuf *pgp_data, char *dst);
268 
269 /* internal functions */
270 
271 int			pgp_load_digest(int c, PX_MD **res);
272 int			pgp_load_cipher(int c, PX_Cipher **res);
273 int			pgp_get_cipher_key_size(int c);
274 int			pgp_get_cipher_block_size(int c);
275 
276 int			pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count);
277 int			pgp_s2k_read(PullFilter *src, PGP_S2K *s2k);
278 int			pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int klen);
279 
280 typedef struct PGP_CFB PGP_CFB;
281 int pgp_cfb_create(PGP_CFB **ctx_p, int algo,
282 			   const uint8 *key, int key_len, int recync, uint8 *iv);
283 void		pgp_cfb_free(PGP_CFB *ctx);
284 int			pgp_cfb_encrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst);
285 int			pgp_cfb_decrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst);
286 
287 void pgp_armor_encode(const uint8 *src, unsigned len, StringInfo dst,
288 				 int num_headers, char **keys, char **values);
289 int			pgp_armor_decode(const uint8 *src, int len, StringInfo dst);
290 int pgp_extract_armor_headers(const uint8 *src, unsigned len,
291 						  int *nheaders, char ***keys, char ***values);
292 
293 int			pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst);
294 int			pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src);
295 
296 int			pgp_key_alloc(PGP_PubKey **pk_p);
297 void		pgp_key_free(PGP_PubKey *pk);
298 int			_pgp_read_public_key(PullFilter *pkt, PGP_PubKey **pk_p);
299 
300 int			pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt);
301 int pgp_create_pkt_reader(PullFilter **pf_p, PullFilter *src, int len,
302 					  int pkttype, PGP_Context *ctx);
303 int pgp_parse_pkt_hdr(PullFilter *src, uint8 *tag, int *len_p,
304 				  int allow_ctx);
305 
306 int			pgp_skip_packet(PullFilter *pkt);
307 int			pgp_expect_packet_end(PullFilter *pkt);
308 
309 int			pgp_write_pubenc_sesskey(PGP_Context *ctx, PushFilter *dst);
310 int			pgp_create_pkt_writer(PushFilter *dst, int tag, PushFilter **res_p);
311 
312 int			pgp_mpi_alloc(int bits, PGP_MPI **mpi);
313 int			pgp_mpi_create(uint8 *data, int bits, PGP_MPI **mpi);
314 int			pgp_mpi_free(PGP_MPI *mpi);
315 int			pgp_mpi_read(PullFilter *src, PGP_MPI **mpi);
316 int			pgp_mpi_write(PushFilter *dst, PGP_MPI *n);
317 int			pgp_mpi_hash(PX_MD *md, PGP_MPI *n);
318 unsigned	pgp_mpi_cksum(unsigned cksum, PGP_MPI *n);
319 
320 int pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *m,
321 					PGP_MPI **c1, PGP_MPI **c2);
322 int pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *c1, PGP_MPI *c2,
323 					PGP_MPI **m);
324 int			pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *m, PGP_MPI **c);
325 int			pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *c, PGP_MPI **m);
326 
327 extern struct PullFilterOps pgp_decrypt_filter;
328