1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 53 #ifndef CRYPTO_H_ 54 #define CRYPTO_H_ 55 56 #include "keyring.h" 57 #include "packet.h" 58 #include "memory.h" 59 #include "packet-parse.h" 60 61 #include <openssl/evp.h> 62 #include <openssl/dsa.h> 63 #include <openssl/ecdsa.h> 64 65 #define PGP_MIN_HASH_SIZE 16 66 67 /** pgp_hash_t */ 68 struct pgp_hash_t { 69 pgp_hash_alg_t alg; /* algorithm */ 70 size_t size; /* size */ 71 const char *name; /* what it's known as */ 72 int (*init)(pgp_hash_t *); 73 void (*add)(pgp_hash_t *, const uint8_t *, unsigned); 74 unsigned (*finish)(pgp_hash_t *, uint8_t *); 75 void *data; /* blob for data */ 76 }; 77 78 /** pgp_crypt_t */ 79 struct pgp_crypt_t { 80 pgp_symm_alg_t alg; 81 size_t blocksize; 82 size_t keysize; 83 void (*set_iv)(pgp_crypt_t *, const uint8_t *); 84 void (*set_crypt_key)(pgp_crypt_t *, const uint8_t *); 85 int (*base_init)(pgp_crypt_t *); 86 void (*decrypt_resync)(pgp_crypt_t *); 87 /* encrypt/decrypt one block */ 88 void (*block_encrypt)(pgp_crypt_t *, void *, const void *); 89 void (*block_decrypt)(pgp_crypt_t *, void *, const void *); 90 /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ 91 void (*cfb_encrypt)(pgp_crypt_t *, void *, const void *, size_t); 92 void (*cfb_decrypt)(pgp_crypt_t *, void *, const void *, size_t); 93 void (*decrypt_finish)(pgp_crypt_t *); 94 uint8_t iv[PGP_MAX_BLOCK_SIZE]; 95 uint8_t civ[PGP_MAX_BLOCK_SIZE]; 96 uint8_t siv[PGP_MAX_BLOCK_SIZE]; 97 /* siv is needed for weird v3 resync */ 98 uint8_t key[PGP_MAX_KEY_SIZE]; 99 int num; 100 /* num is offset - see openssl _encrypt doco */ 101 void *encrypt_key; 102 void *decrypt_key; 103 }; 104 105 void pgp_crypto_finish(void); 106 void pgp_hash_md5(pgp_hash_t *); 107 void pgp_hash_sha1(pgp_hash_t *); 108 void pgp_hash_sha256(pgp_hash_t *); 109 void pgp_hash_sha512(pgp_hash_t *); 110 void pgp_hash_sha384(pgp_hash_t *); 111 void pgp_hash_sha224(pgp_hash_t *); 112 void pgp_hash_any(pgp_hash_t *, pgp_hash_alg_t); 113 pgp_hash_alg_t pgp_str_to_hash_alg(const char *); 114 const char *pgp_text_from_hash(pgp_hash_t *); 115 unsigned pgp_hash_size(pgp_hash_alg_t); 116 unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t); 117 118 void pgp_hash_add_int(pgp_hash_t *, unsigned, unsigned); 119 120 unsigned pgp_dsa_verify(const uint8_t *, size_t, 121 const pgp_dsa_sig_t *, 122 const pgp_dsa_pubkey_t *); 123 124 unsigned pgp_ecdsa_verify(const uint8_t *, size_t, 125 const pgp_ecdsa_sig_t *, 126 const pgp_ecdsa_pubkey_t *); 127 128 int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t, 129 const pgp_rsa_pubkey_t *); 130 int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t, 131 const pgp_rsa_pubkey_t *); 132 133 int pgp_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t, 134 const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *); 135 int pgp_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t, 136 const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *); 137 138 int pgp_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t, 139 const pgp_elgamal_pubkey_t *); 140 int pgp_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t, 141 const pgp_elgamal_seckey_t *, const pgp_elgamal_pubkey_t *); 142 143 pgp_symm_alg_t pgp_str_to_cipher(const char *); 144 unsigned pgp_block_size(pgp_symm_alg_t); 145 unsigned pgp_key_size(pgp_symm_alg_t); 146 147 int pgp_decrypt_data(pgp_content_enum, pgp_region_t *, 148 pgp_stream_t *); 149 150 int pgp_crypt_any(pgp_crypt_t *, pgp_symm_alg_t); 151 void pgp_decrypt_init(pgp_crypt_t *); 152 void pgp_encrypt_init(pgp_crypt_t *); 153 size_t pgp_decrypt_se(pgp_crypt_t *, void *, const void *, size_t); 154 size_t pgp_encrypt_se(pgp_crypt_t *, void *, const void *, size_t); 155 size_t pgp_decrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t); 156 size_t pgp_encrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t); 157 unsigned pgp_is_sa_supported(pgp_symm_alg_t); 158 159 void pgp_reader_push_decrypt(pgp_stream_t *, pgp_crypt_t *, 160 pgp_region_t *); 161 void pgp_reader_pop_decrypt(pgp_stream_t *); 162 163 /* Hash everything that's read */ 164 void pgp_reader_push_hash(pgp_stream_t *, pgp_hash_t *); 165 void pgp_reader_pop_hash(pgp_stream_t *); 166 167 int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *, 168 const BIGNUM *, const pgp_seckey_t *); 169 170 unsigned pgp_rsa_encrypt_mpi(const uint8_t *, const size_t, 171 const pgp_pubkey_t *, 172 pgp_pk_sesskey_params_t *); 173 unsigned pgp_elgamal_encrypt_mpi(const uint8_t *, const size_t, 174 const pgp_pubkey_t *, 175 pgp_pk_sesskey_params_t *); 176 177 /* Encrypt everything that's written */ 178 struct pgp_key_data; 179 void pgp_writer_push_encrypt(pgp_output_t *, 180 const struct pgp_key_data *); 181 182 unsigned pgp_encrypt_file(pgp_io_t *, const char *, const char *, 183 const pgp_key_t *, 184 const unsigned, const unsigned, const char *); 185 unsigned pgp_decrypt_file(pgp_io_t *, 186 const char *, 187 const char *, 188 pgp_keyring_t *, 189 pgp_keyring_t *, 190 const unsigned, 191 const unsigned, 192 const unsigned, 193 void *, 194 int, 195 pgp_cbfunc_t *); 196 197 pgp_memory_t * 198 pgp_encrypt_buf(pgp_io_t *, const void *, const size_t, 199 const pgp_key_t *, 200 const unsigned, const char *); 201 pgp_memory_t * 202 pgp_decrypt_buf(pgp_io_t *, 203 const void *, 204 const size_t, 205 pgp_keyring_t *, 206 pgp_keyring_t *, 207 const unsigned, 208 const unsigned, 209 void *, 210 int, 211 pgp_cbfunc_t *); 212 213 /* Keys */ 214 pgp_key_t *pgp_rsa_new_selfsign_key(const int, 215 const unsigned long, uint8_t *, const char *, 216 const char *); 217 218 int pgp_dsa_size(const pgp_dsa_pubkey_t *); 219 DSA_SIG *pgp_dsa_sign(uint8_t *, unsigned, 220 const pgp_dsa_seckey_t *, 221 const pgp_dsa_pubkey_t *); 222 223 ECDSA_SIG *pgp_ecdsa_sign(uint8_t *, unsigned, 224 const pgp_ecdsa_seckey_t *, 225 const pgp_ecdsa_pubkey_t *); 226 227 int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int); 228 229 /** pgp_reader_t */ 230 struct pgp_reader_t { 231 pgp_reader_func_t *reader; /* reader func to get parse data */ 232 pgp_reader_destroyer_t *destroyer; 233 void *arg; /* args to pass to reader function */ 234 unsigned accumulate:1; /* set to gather packet data */ 235 uint8_t *accumulated; /* the accumulated data */ 236 unsigned asize; /* size of the buffer */ 237 unsigned alength;/* used buffer */ 238 unsigned position; /* reader-specific offset */ 239 pgp_reader_t *next; 240 pgp_stream_t *parent;/* parent parse_info structure */ 241 }; 242 243 244 /** pgp_cryptinfo_t 245 Encrypt/decrypt settings 246 */ 247 struct pgp_cryptinfo_t { 248 char *passphrase; 249 pgp_keyring_t *secring; 250 const pgp_key_t *keydata; 251 pgp_cbfunc_t *getpassphrase; 252 pgp_keyring_t *pubring; 253 }; 254 255 /** pgp_cbdata_t */ 256 struct pgp_cbdata_t { 257 pgp_cbfunc_t *cbfunc; /* callback function */ 258 void *arg; /* args to pass to callback func */ 259 pgp_error_t **errors; /* address of error stack */ 260 pgp_cbdata_t *next; 261 pgp_output_t *output; /* when writing out parsed info */ 262 pgp_io_t *io; /* error/output messages */ 263 void *passfp; /* fp for passphrase input */ 264 pgp_cryptinfo_t cryptinfo; /* used when decrypting */ 265 pgp_printstate_t printstate; /* used to keep printing state */ 266 pgp_seckey_t *sshseckey; /* secret key for ssh */ 267 int numtries; /* # of passphrase attempts */ 268 int gotpass; /* when passphrase entered */ 269 }; 270 271 /** pgp_hashtype_t */ 272 typedef struct { 273 pgp_hash_t hash; /* hashes we should hash data with */ 274 uint8_t keyid[PGP_KEY_ID_SIZE]; 275 } pgp_hashtype_t; 276 277 #define NTAGS 0x100 /* == 256 */ 278 279 /** \brief Structure to hold information about a packet parse. 280 * 281 * This information includes options about the parse: 282 * - whether the packet contents should be accumulated or not 283 * - whether signature subpackets should be parsed or left raw 284 * 285 * It contains options specific to the parsing of armoured data: 286 * - whether headers are allowed in armoured data without a gap 287 * - whether a blank line is allowed at the start of the armoured data 288 * 289 * It also specifies : 290 * - the callback function to use and its arguments 291 * - the reader function to use and its arguments 292 * 293 * It also contains information about the current state of the parse: 294 * - offset from the beginning 295 * - the accumulated data, if any 296 * - the size of the buffer, and how much has been used 297 * 298 * It has a linked list of errors. 299 */ 300 301 struct pgp_stream_t { 302 uint8_t ss_raw[NTAGS / 8]; 303 /* 1 bit / sig-subpkt type; set to get raw data */ 304 uint8_t ss_parsed[NTAGS / 8]; 305 /* 1 bit / sig-subpkt type; set to get parsed data */ 306 pgp_reader_t readinfo; 307 pgp_cbdata_t cbinfo; 308 pgp_error_t *errors; 309 void *io; /* io streams */ 310 pgp_crypt_t decrypt; 311 pgp_cryptinfo_t cryptinfo; 312 size_t hashc; 313 pgp_hashtype_t *hashes; 314 unsigned reading_v3_secret:1; 315 unsigned reading_mpi_len:1; 316 unsigned exact_read:1; 317 unsigned partial_read:1; 318 unsigned coalescing:1; 319 /* used for partial length coalescing */ 320 unsigned virtualc; 321 unsigned virtualoff; 322 uint8_t *virtualpkt; 323 }; 324 325 #endif /* CRYPTO_H_ */ 326