xref: /netbsd-src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h (revision 0294a66b694d2a57b43f64b66c7a4aee89316c4e) 
12232f800Sagc /*-
22232f800Sagc  * Copyright (c) 2009 The NetBSD Foundation, Inc.
32232f800Sagc  * All rights reserved.
42232f800Sagc  *
52232f800Sagc  * This code is derived from software contributed to The NetBSD Foundation
62232f800Sagc  * by Alistair Crooks (agc@NetBSD.org)
72232f800Sagc  *
82232f800Sagc  * Redistribution and use in source and binary forms, with or without
92232f800Sagc  * modification, are permitted provided that the following conditions
102232f800Sagc  * are met:
112232f800Sagc  * 1. Redistributions of source code must retain the above copyright
122232f800Sagc  *    notice, this list of conditions and the following disclaimer.
132232f800Sagc  * 2. Redistributions in binary form must reproduce the above copyright
142232f800Sagc  *    notice, this list of conditions and the following disclaimer in the
152232f800Sagc  *    documentation and/or other materials provided with the distribution.
162232f800Sagc  *
172232f800Sagc  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
182232f800Sagc  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
192232f800Sagc  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
202232f800Sagc  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
212232f800Sagc  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
222232f800Sagc  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
232232f800Sagc  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
242232f800Sagc  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
252232f800Sagc  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
262232f800Sagc  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
272232f800Sagc  * POSSIBILITY OF SUCH DAMAGE.
282232f800Sagc  */
2993bf6008Sagc /*
3093bf6008Sagc  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
3193bf6008Sagc  * All rights reserved.
3293bf6008Sagc  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
3393bf6008Sagc  * their moral rights under the UK Copyright Design and Patents Act 1988 to
3493bf6008Sagc  * be recorded as the authors of this copyright work.
3593bf6008Sagc  *
3693bf6008Sagc  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
3793bf6008Sagc  * use this file except in compliance with the License.
3893bf6008Sagc  *
3993bf6008Sagc  * You may obtain a copy of the License at
4093bf6008Sagc  *     http://www.apache.org/licenses/LICENSE-2.0
4193bf6008Sagc  *
4293bf6008Sagc  * Unless required by applicable law or agreed to in writing, software
4393bf6008Sagc  * distributed under the License is distributed on an "AS IS" BASIS,
4493bf6008Sagc  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4593bf6008Sagc  *
4693bf6008Sagc  * See the License for the specific language governing permissions and
4793bf6008Sagc  * limitations under the License.
4893bf6008Sagc  */
4993bf6008Sagc 
5093bf6008Sagc /** \file
5193bf6008Sagc  */
5293bf6008Sagc 
534b3a3e18Sagc #ifndef CRYPTO_H_
544b3a3e18Sagc #define CRYPTO_H_
5593bf6008Sagc 
5693bf6008Sagc #include "keyring.h"
5793bf6008Sagc #include "packet.h"
58d369874eSagc #include "memory.h"
5993bf6008Sagc #include "packet-parse.h"
6093bf6008Sagc 
61*0294a66bSjhigh #include <openssl/evp.h>
6293bf6008Sagc #include <openssl/dsa.h>
63*0294a66bSjhigh #include <openssl/ecdsa.h>
6493bf6008Sagc 
65fc1f8641Sagc #define PGP_MIN_HASH_SIZE	16
6693bf6008Sagc 
676b3f1171Sagc /** pgp_hash_t */
686b3f1171Sagc struct pgp_hash_t {
69fc1f8641Sagc 	pgp_hash_alg_t		 alg;		/* algorithm */
700df5e957Sagc 	size_t			 size;		/* size */
710df5e957Sagc 	const char		*name;		/* what it's known as */
72fc1f8641Sagc 	int			(*init)(pgp_hash_t *);
73fc1f8641Sagc 	void			(*add)(pgp_hash_t *, const uint8_t *, unsigned);
74fc1f8641Sagc 	unsigned		(*finish)(pgp_hash_t *, uint8_t *);
750df5e957Sagc 	void		 	*data;		/* blob for data */
7693bf6008Sagc };
7793bf6008Sagc 
786b3f1171Sagc /** pgp_crypt_t */
796b3f1171Sagc struct pgp_crypt_t {
80fc1f8641Sagc 	pgp_symm_alg_t	alg;
8193bf6008Sagc 	size_t			blocksize;
8293bf6008Sagc 	size_t			keysize;
83fc1f8641Sagc 	void 			(*set_iv)(pgp_crypt_t *, const uint8_t *);
84fc1f8641Sagc 	void			(*set_crypt_key)(pgp_crypt_t *, const uint8_t *);
85fc1f8641Sagc 	int			(*base_init)(pgp_crypt_t *);
86fc1f8641Sagc 	void			(*decrypt_resync)(pgp_crypt_t *);
8793bf6008Sagc 	/* encrypt/decrypt one block */
88fc1f8641Sagc 	void			(*block_encrypt)(pgp_crypt_t *, void *, const void *);
89fc1f8641Sagc 	void			(*block_decrypt)(pgp_crypt_t *, void *, const void *);
9093bf6008Sagc 	/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
91fc1f8641Sagc 	void 			(*cfb_encrypt)(pgp_crypt_t *, void *, const void *, size_t);
92fc1f8641Sagc 	void			(*cfb_decrypt)(pgp_crypt_t *, void *, const void *, size_t);
93fc1f8641Sagc 	void			(*decrypt_finish)(pgp_crypt_t *);
94fc1f8641Sagc 	uint8_t			iv[PGP_MAX_BLOCK_SIZE];
95fc1f8641Sagc 	uint8_t			civ[PGP_MAX_BLOCK_SIZE];
96fc1f8641Sagc 	uint8_t			siv[PGP_MAX_BLOCK_SIZE];
9757324b9fSagc 		/* siv is needed for weird v3 resync */
98fc1f8641Sagc 	uint8_t			key[PGP_MAX_KEY_SIZE];
9957324b9fSagc 	int			num;
10057324b9fSagc 		/* num is offset - see openssl _encrypt doco */
10193bf6008Sagc 	void			*encrypt_key;
10293bf6008Sagc 	void			*decrypt_key;
10393bf6008Sagc };
10493bf6008Sagc 
105fc1f8641Sagc void pgp_crypto_finish(void);
106fc1f8641Sagc void pgp_hash_md5(pgp_hash_t *);
107fc1f8641Sagc void pgp_hash_sha1(pgp_hash_t *);
108fc1f8641Sagc void pgp_hash_sha256(pgp_hash_t *);
109fc1f8641Sagc void pgp_hash_sha512(pgp_hash_t *);
110fc1f8641Sagc void pgp_hash_sha384(pgp_hash_t *);
111fc1f8641Sagc void pgp_hash_sha224(pgp_hash_t *);
112fc1f8641Sagc void pgp_hash_any(pgp_hash_t *, pgp_hash_alg_t);
113fc1f8641Sagc pgp_hash_alg_t pgp_str_to_hash_alg(const char *);
114fc1f8641Sagc const char *pgp_text_from_hash(pgp_hash_t *);
115fc1f8641Sagc unsigned pgp_hash_size(pgp_hash_alg_t);
116fc1f8641Sagc unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t);
11793bf6008Sagc 
118fc1f8641Sagc void pgp_hash_add_int(pgp_hash_t *, unsigned, unsigned);
11993bf6008Sagc 
120fc1f8641Sagc unsigned pgp_dsa_verify(const uint8_t *, size_t,
121fc1f8641Sagc 			const pgp_dsa_sig_t *,
122fc1f8641Sagc 			const pgp_dsa_pubkey_t *);
12393bf6008Sagc 
124*0294a66bSjhigh unsigned pgp_ecdsa_verify(const uint8_t *, size_t,
125*0294a66bSjhigh 			  const pgp_ecdsa_sig_t *,
126*0294a66bSjhigh 			  const pgp_ecdsa_pubkey_t *);
127*0294a66bSjhigh 
128fc1f8641Sagc int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
129fc1f8641Sagc 			const pgp_rsa_pubkey_t *);
130fc1f8641Sagc int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
131fc1f8641Sagc 			const pgp_rsa_pubkey_t *);
13293bf6008Sagc 
133fc1f8641Sagc int pgp_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t,
134fc1f8641Sagc 			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
135fc1f8641Sagc int pgp_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t,
136fc1f8641Sagc 			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
13793bf6008Sagc 
138fc1f8641Sagc int pgp_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t,
139fc1f8641Sagc 			const pgp_elgamal_pubkey_t *);
140fc1f8641Sagc int pgp_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t,
141fc1f8641Sagc 			const pgp_elgamal_seckey_t *, const pgp_elgamal_pubkey_t *);
14273f34b00Sagc 
143fc1f8641Sagc pgp_symm_alg_t pgp_str_to_cipher(const char *);
144fc1f8641Sagc unsigned pgp_block_size(pgp_symm_alg_t);
145fc1f8641Sagc unsigned pgp_key_size(pgp_symm_alg_t);
14693bf6008Sagc 
147fc1f8641Sagc int pgp_decrypt_data(pgp_content_enum, pgp_region_t *,
148fc1f8641Sagc 			pgp_stream_t *);
14993bf6008Sagc 
150fc1f8641Sagc int pgp_crypt_any(pgp_crypt_t *, pgp_symm_alg_t);
151fc1f8641Sagc void pgp_decrypt_init(pgp_crypt_t *);
152fc1f8641Sagc void pgp_encrypt_init(pgp_crypt_t *);
153fc1f8641Sagc size_t pgp_decrypt_se(pgp_crypt_t *, void *, const void *, size_t);
154fc1f8641Sagc size_t pgp_encrypt_se(pgp_crypt_t *, void *, const void *, size_t);
155fc1f8641Sagc size_t pgp_decrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
156fc1f8641Sagc size_t pgp_encrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
157fc1f8641Sagc unsigned pgp_is_sa_supported(pgp_symm_alg_t);
15893bf6008Sagc 
159fc1f8641Sagc void pgp_reader_push_decrypt(pgp_stream_t *, pgp_crypt_t *,
160fc1f8641Sagc 			pgp_region_t *);
161fc1f8641Sagc void pgp_reader_pop_decrypt(pgp_stream_t *);
16293bf6008Sagc 
16393bf6008Sagc /* Hash everything that's read */
164fc1f8641Sagc void pgp_reader_push_hash(pgp_stream_t *, pgp_hash_t *);
165fc1f8641Sagc void pgp_reader_pop_hash(pgp_stream_t *);
16693bf6008Sagc 
167fc1f8641Sagc int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *,
168fc1f8641Sagc 			const BIGNUM *, const pgp_seckey_t *);
169c2430ca2Sagc 
170fc1f8641Sagc unsigned pgp_rsa_encrypt_mpi(const uint8_t *, const size_t,
171fc1f8641Sagc 			const pgp_pubkey_t *,
172fc1f8641Sagc 			pgp_pk_sesskey_params_t *);
173fc1f8641Sagc unsigned pgp_elgamal_encrypt_mpi(const uint8_t *, const size_t,
174fc1f8641Sagc 			const pgp_pubkey_t *,
175fc1f8641Sagc 			pgp_pk_sesskey_params_t *);
17693bf6008Sagc 
17793bf6008Sagc /* Encrypt everything that's written */
178fc1f8641Sagc struct pgp_key_data;
179fc1f8641Sagc void pgp_writer_push_encrypt(pgp_output_t *,
180fc1f8641Sagc 			const struct pgp_key_data *);
18193bf6008Sagc 
182fc1f8641Sagc unsigned   pgp_encrypt_file(pgp_io_t *, const char *, const char *,
183fc1f8641Sagc 			const pgp_key_t *,
184f7745f84Sagc 			const unsigned, const unsigned, const char *);
185fc1f8641Sagc unsigned   pgp_decrypt_file(pgp_io_t *,
186d21b929eSagc 			const char *,
187d21b929eSagc 			const char *,
188fc1f8641Sagc 			pgp_keyring_t *,
189fc1f8641Sagc 			pgp_keyring_t *,
190d21b929eSagc 			const unsigned,
191d21b929eSagc 			const unsigned,
19273f34b00Sagc 			const unsigned,
19341335e2dSagc 			void *,
194ea162599Sagc 			int,
195fc1f8641Sagc 			pgp_cbfunc_t *);
19693bf6008Sagc 
197fc1f8641Sagc pgp_memory_t *
198fc1f8641Sagc pgp_encrypt_buf(pgp_io_t *, const void *, const size_t,
199fc1f8641Sagc 			const pgp_key_t *,
200f7745f84Sagc 			const unsigned, const char *);
201fc1f8641Sagc pgp_memory_t *
202fc1f8641Sagc pgp_decrypt_buf(pgp_io_t *,
203d369874eSagc 			const void *,
204d369874eSagc 			const size_t,
205fc1f8641Sagc 			pgp_keyring_t *,
206fc1f8641Sagc 			pgp_keyring_t *,
207d369874eSagc 			const unsigned,
20873f34b00Sagc 			const unsigned,
209d369874eSagc 			void *,
210ea162599Sagc 			int,
211fc1f8641Sagc 			pgp_cbfunc_t *);
212d369874eSagc 
21393bf6008Sagc /* Keys */
214fc1f8641Sagc pgp_key_t  *pgp_rsa_new_selfsign_key(const int,
2153dc7aea1Sagc 			const unsigned long, uint8_t *, const char *,
2163dc7aea1Sagc 			const char *);
21793bf6008Sagc 
218fc1f8641Sagc int pgp_dsa_size(const pgp_dsa_pubkey_t *);
219fc1f8641Sagc DSA_SIG *pgp_dsa_sign(uint8_t *, unsigned,
220fc1f8641Sagc 				const pgp_dsa_seckey_t *,
221fc1f8641Sagc 				const pgp_dsa_pubkey_t *);
22293bf6008Sagc 
223*0294a66bSjhigh ECDSA_SIG *pgp_ecdsa_sign(uint8_t *, unsigned,
224*0294a66bSjhigh 			  const pgp_ecdsa_seckey_t *,
225*0294a66bSjhigh 			  const pgp_ecdsa_pubkey_t *);
226*0294a66bSjhigh 
227fc1f8641Sagc int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int);
22891c29c74Sagc 
229fc1f8641Sagc /** pgp_reader_t */
230fc1f8641Sagc struct pgp_reader_t {
231fc1f8641Sagc 	pgp_reader_func_t	*reader; /* reader func to get parse data */
232fc1f8641Sagc 	pgp_reader_destroyer_t	*destroyer;
23357324b9fSagc 	void			*arg;	/* args to pass to reader function */
23457324b9fSagc 	unsigned		 accumulate:1;	/* set to gather packet data */
235b15ec256Sagc 	uint8_t			*accumulated;	/* the accumulated data */
23657324b9fSagc 	unsigned		 asize;	/* size of the buffer */
23757324b9fSagc 	unsigned		 alength;/* used buffer */
23857324b9fSagc 	unsigned		 position;	/* reader-specific offset */
239fc1f8641Sagc 	pgp_reader_t		*next;
240fc1f8641Sagc 	pgp_stream_t		*parent;/* parent parse_info structure */
2414b3a3e18Sagc };
2424b3a3e18Sagc 
2434b3a3e18Sagc 
244fc1f8641Sagc /** pgp_cryptinfo_t
2454b3a3e18Sagc  Encrypt/decrypt settings
2464b3a3e18Sagc */
247fc1f8641Sagc struct pgp_cryptinfo_t {
24857324b9fSagc 	char			*passphrase;
249fc1f8641Sagc 	pgp_keyring_t		*secring;
250fc1f8641Sagc 	const pgp_key_t		*keydata;
251fc1f8641Sagc 	pgp_cbfunc_t		*getpassphrase;
252fc1f8641Sagc 	pgp_keyring_t		*pubring;
2534b3a3e18Sagc };
2544b3a3e18Sagc 
255fc1f8641Sagc /** pgp_cbdata_t */
256fc1f8641Sagc struct pgp_cbdata_t {
257fc1f8641Sagc 	pgp_cbfunc_t		*cbfunc;	/* callback function */
25857324b9fSagc 	void			*arg;	/* args to pass to callback func */
259fc1f8641Sagc 	pgp_error_t		**errors; /* address of error stack */
260fc1f8641Sagc 	pgp_cbdata_t		*next;
261ea162599Sagc 	pgp_output_t		*output;	/* when writing out parsed info */
262fc1f8641Sagc 	pgp_io_t		*io;		/* error/output messages */
26341335e2dSagc 	void			*passfp;	/* fp for passphrase input */
264fc1f8641Sagc 	pgp_cryptinfo_t		 cryptinfo;	/* used when decrypting */
265ea162599Sagc 	pgp_printstate_t	 printstate;	/* used to keep printing state */
266fc1f8641Sagc 	pgp_seckey_t		*sshseckey;	/* secret key for ssh */
267ea162599Sagc 	int			 numtries;	/* # of passphrase attempts */
268ea162599Sagc 	int			 gotpass;	/* when passphrase entered */
2694b3a3e18Sagc };
2704b3a3e18Sagc 
271fc1f8641Sagc /** pgp_hashtype_t */
2724b3a3e18Sagc typedef struct {
273fc1f8641Sagc 	pgp_hash_t	hash;	/* hashes we should hash data with */
274fc1f8641Sagc 	uint8_t	keyid[PGP_KEY_ID_SIZE];
275fc1f8641Sagc } pgp_hashtype_t;
2764b3a3e18Sagc 
27757324b9fSagc #define NTAGS	0x100	/* == 256 */
27857324b9fSagc 
2794b3a3e18Sagc /** \brief Structure to hold information about a packet parse.
2804b3a3e18Sagc  *
2814b3a3e18Sagc  *  This information includes options about the parse:
2824b3a3e18Sagc  *  - whether the packet contents should be accumulated or not
2834b3a3e18Sagc  *  - whether signature subpackets should be parsed or left raw
2844b3a3e18Sagc  *
2854b3a3e18Sagc  *  It contains options specific to the parsing of armoured data:
2864b3a3e18Sagc  *  - whether headers are allowed in armoured data without a gap
2874b3a3e18Sagc  *  - whether a blank line is allowed at the start of the armoured data
2884b3a3e18Sagc  *
2894b3a3e18Sagc  *  It also specifies :
2904b3a3e18Sagc  *  - the callback function to use and its arguments
2914b3a3e18Sagc  *  - the reader function to use and its arguments
2924b3a3e18Sagc  *
2934b3a3e18Sagc  *  It also contains information about the current state of the parse:
2944b3a3e18Sagc  *  - offset from the beginning
2954b3a3e18Sagc  *  - the accumulated data, if any
2964b3a3e18Sagc  *  - the size of the buffer, and how much has been used
2974b3a3e18Sagc  *
2984b3a3e18Sagc  *  It has a linked list of errors.
2994b3a3e18Sagc  */
3004b3a3e18Sagc 
301fc1f8641Sagc struct pgp_stream_t {
302b15ec256Sagc 	uint8_t		 	ss_raw[NTAGS / 8];
303d21b929eSagc 		/* 1 bit / sig-subpkt type; set to get raw data */
304b15ec256Sagc 	uint8_t		 	ss_parsed[NTAGS / 8];
305d21b929eSagc 		/* 1 bit / sig-subpkt type; set to get parsed data */
306fc1f8641Sagc 	pgp_reader_t	 	 readinfo;
307fc1f8641Sagc 	pgp_cbdata_t		 cbinfo;
308fc1f8641Sagc 	pgp_error_t		*errors;
309d21b929eSagc 	void			*io;		/* io streams */
310fc1f8641Sagc 	pgp_crypt_t		 decrypt;
311fc1f8641Sagc 	pgp_cryptinfo_t		 cryptinfo;
31241335e2dSagc 	size_t			 hashc;
313fc1f8641Sagc 	pgp_hashtype_t		*hashes;
3144b3a3e18Sagc 	unsigned		 reading_v3_secret:1;
3154b3a3e18Sagc 	unsigned		 reading_mpi_len:1;
3164b3a3e18Sagc 	unsigned		 exact_read:1;
317b0df0a22Sagc 	unsigned		 partial_read:1;
318b0df0a22Sagc 	unsigned		 coalescing:1;
319b0df0a22Sagc 	/* used for partial length coalescing */
320b0df0a22Sagc 	unsigned		 virtualc;
321b0df0a22Sagc 	unsigned		 virtualoff;
322b0df0a22Sagc 	uint8_t			*virtualpkt;
3234b3a3e18Sagc };
3244b3a3e18Sagc 
3254b3a3e18Sagc #endif /* CRYPTO_H_ */
326