xref: /netbsd-src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h (revision 10ad5ffa714ce1a679dcc9dd8159648df2d67b5a) 
1 /*-
2  * Copyright (c) 2009 The NetBSD Foundation, Inc.
3  * All rights reserved.
4  *
5  * This code is derived from software contributed to The NetBSD Foundation
6  * by Alistair Crooks (agc@NetBSD.org)
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27  * POSSIBILITY OF SUCH DAMAGE.
28  */
29 /*
30  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
31  * All rights reserved.
32  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
33  * their moral rights under the UK Copyright Design and Patents Act 1988 to
34  * be recorded as the authors of this copyright work.
35  *
36  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
37  * use this file except in compliance with the License.
38  *
39  * You may obtain a copy of the License at
40  *     http://www.apache.org/licenses/LICENSE-2.0
41  *
42  * Unless required by applicable law or agreed to in writing, software
43  * distributed under the License is distributed on an "AS IS" BASIS,
44  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45  *
46  * See the License for the specific language governing permissions and
47  * limitations under the License.
48  */
49 
50 /** \file
51  */
52 
53 #ifndef CRYPTO_H_
54 #define CRYPTO_H_
55 
56 #include "keyring.h"
57 #include "packet.h"
58 #include "packet-parse.h"
59 
60 #include <openssl/dsa.h>
61 
62 #define OPS_MIN_HASH_SIZE	16
63 
64 typedef void __ops_hash_init_t(__ops_hash_t *);
65 typedef void __ops_hash_add_t(__ops_hash_t *, const unsigned char *, unsigned);
66 typedef unsigned __ops_hash_finish_t(__ops_hash_t *, unsigned char *);
67 
68 /** _ops_hash_t */
69 struct _ops_hash_t {
70 	__ops_hash_alg_t	 alg;		/* algorithm */
71 	size_t			 size;		/* size */
72 	const char		*name;		/* what it's known as */
73 	__ops_hash_init_t	*init;		/* initialisation func */
74 	__ops_hash_add_t	*add;		/* add text func */
75 	__ops_hash_finish_t	*finish;	/* finalise func */
76 	void		 	*data;		/* blob for data */
77 };
78 
79 typedef void __ops_setiv_func_t(__ops_crypt_t *, const unsigned char *);
80 typedef void __ops_setkey_func_t(__ops_crypt_t *, const unsigned char *);
81 typedef void __ops_crypt_init_t(__ops_crypt_t *);
82 typedef void __ops_crypt_resync_t(__ops_crypt_t *);
83 typedef void __ops_blkenc_t(__ops_crypt_t *, void *, const void *);
84 typedef void __ops_blkdec_t(__ops_crypt_t *, void *, const void *);
85 typedef void __ops_crypt_cfb_encrypt_t(__ops_crypt_t *, void *, const void *,
86 					size_t);
87 typedef void __ops_crypt_cfb_decrypt_t(__ops_crypt_t *, void *, const void *,
88 					size_t);
89 typedef void __ops_crypt_finish_t(__ops_crypt_t *);
90 
91 /** _ops_crypt_t */
92 struct _ops_crypt_t {
93 	__ops_symm_alg_t		alg;
94 	size_t				blocksize;
95 	size_t				keysize;
96 	__ops_setiv_func_t		*set_iv;
97 	__ops_setkey_func_t		*set_crypt_key;
98 	__ops_crypt_init_t		*base_init;
99 	__ops_crypt_resync_t		*decrypt_resync;
100 	/* encrypt/decrypt one block  */
101 	__ops_blkenc_t			*block_encrypt;
102 	__ops_blkdec_t			*block_decrypt;
103 	/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
104 	__ops_crypt_cfb_encrypt_t	*cfb_encrypt;
105 	__ops_crypt_cfb_decrypt_t	*cfb_decrypt;
106 	__ops_crypt_finish_t		*decrypt_finish;
107 	unsigned char			iv[OPS_MAX_BLOCK_SIZE];
108 	unsigned char			civ[OPS_MAX_BLOCK_SIZE];
109 	unsigned char			siv[OPS_MAX_BLOCK_SIZE];
110 		/* siv is needed for weird v3 resync */
111 	unsigned char			key[OPS_MAX_KEY_SIZE];
112 	int				num;
113 		/* num is offset - see openssl _encrypt doco */
114 	void				*encrypt_key;
115 	void				*decrypt_key;
116 };
117 
118 void __ops_crypto_init(void);
119 void __ops_crypto_finish(void);
120 void __ops_hash_md5(__ops_hash_t *);
121 void __ops_hash_sha1(__ops_hash_t *);
122 void __ops_hash_sha256(__ops_hash_t *);
123 void __ops_hash_sha512(__ops_hash_t *);
124 void __ops_hash_sha384(__ops_hash_t *);
125 void __ops_hash_sha224(__ops_hash_t *);
126 void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t);
127 __ops_hash_alg_t __ops_str_to_hash_alg(const char *);
128 const char *__ops_text_from_hash(__ops_hash_t *);
129 unsigned __ops_hash_size(__ops_hash_alg_t);
130 unsigned __ops_hash(unsigned char *, __ops_hash_alg_t, const void *, size_t);
131 
132 void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned);
133 
134 unsigned __ops_dsa_verify(const unsigned char *, size_t,
135 			const __ops_dsa_sig_t *,
136 			const __ops_dsa_pubkey_t *);
137 
138 int __ops_rsa_public_decrypt(unsigned char *, const unsigned char *, size_t,
139 			const __ops_rsa_pubkey_t *);
140 int __ops_rsa_public_encrypt(unsigned char *, const unsigned char *, size_t,
141 			const __ops_rsa_pubkey_t *);
142 
143 int __ops_rsa_private_encrypt(unsigned char *, const unsigned char *, size_t,
144 			const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *);
145 int __ops_rsa_private_decrypt(unsigned char *, const unsigned char *, size_t,
146 			const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *);
147 
148 unsigned __ops_block_size(__ops_symm_alg_t);
149 unsigned __ops_key_size(__ops_symm_alg_t);
150 
151 int __ops_decrypt_data(__ops_content_tag_t, __ops_region_t *,
152 			__ops_stream_t *);
153 
154 int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t);
155 void __ops_decrypt_init(__ops_crypt_t *);
156 void __ops_encrypt_init(__ops_crypt_t *);
157 size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t);
158 size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t);
159 size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t);
160 size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t);
161 unsigned __ops_is_sa_supported(__ops_symm_alg_t);
162 
163 void __ops_reader_push_decrypt(__ops_stream_t *, __ops_crypt_t *,
164 			__ops_region_t *);
165 void __ops_reader_pop_decrypt(__ops_stream_t *);
166 
167 /* Hash everything that's read */
168 void __ops_reader_push_hash(__ops_stream_t *, __ops_hash_t *);
169 void __ops_reader_pop_hash(__ops_stream_t *);
170 
171 int __ops_decrypt_decode_mpi(unsigned char *, unsigned, const BIGNUM *,
172 			const __ops_seckey_t *);
173 unsigned __ops_rsa_encrypt_mpi(const unsigned char *, const size_t,
174 			const __ops_pubkey_t *,
175 			__ops_pk_sesskey_params_t *);
176 
177 /* Encrypt everything that's written */
178 struct __ops_key_data;
179 void __ops_writer_push_encrypt(__ops_output_t *,
180 			const struct __ops_key_data *);
181 
182 unsigned   __ops_encrypt_file(__ops_io_t *, const char *, const char *,
183 			const __ops_key_t *,
184 			const unsigned, const unsigned);
185 unsigned   __ops_decrypt_file(__ops_io_t *,
186 			const char *,
187 			const char *,
188 			__ops_keyring_t *,
189 			const unsigned,
190 			const unsigned,
191 			void *,
192 			__ops_cbfunc_t *);
193 
194 /* Keys */
195 __ops_key_t  *__ops_rsa_new_selfsign_key(const int,
196 			const unsigned long, __ops_userid_t *);
197 
198 int __ops_dsa_size(const __ops_dsa_pubkey_t *);
199 DSA_SIG *__ops_dsa_sign(unsigned char *, unsigned,
200 				const __ops_dsa_seckey_t *,
201 				const __ops_dsa_pubkey_t *);
202 
203 /** __ops_reader_t */
204 struct __ops_reader_t {
205 	__ops_reader_func_t	*reader; /* reader func to get parse data */
206 	__ops_reader_destroyer_t *destroyer;
207 	void			*arg;	/* args to pass to reader function */
208 	unsigned		 accumulate:1;	/* set to gather packet data */
209 	unsigned char		*accumulated;	/* the accumulated data */
210 	unsigned		 asize;	/* size of the buffer */
211 	unsigned		 alength;/* used buffer */
212 	unsigned		 position;	/* reader-specific offset */
213 	__ops_reader_t		*next;
214 	__ops_stream_t	*parent;/* parent parse_info structure */
215 };
216 
217 
218 /** __ops_cryptinfo_t
219  Encrypt/decrypt settings
220 */
221 struct __ops_cryptinfo_t {
222 	char			*passphrase;
223 	__ops_keyring_t		*keyring;
224 	const __ops_key_t	*keydata;
225 	__ops_cbfunc_t		*getpassphrase;
226 };
227 
228 /** __ops_cbdata_t */
229 struct __ops_cbdata_t {
230 	__ops_cbfunc_t		*cbfunc;	/* callback function */
231 	void			*arg;	/* args to pass to callback func */
232 	__ops_error_t		**errors; /* address of error stack */
233 	__ops_cbdata_t		*next;
234 	__ops_output_t		*output;/* used if writing out parsed info */
235 	__ops_io_t		*io;		/* error/output messages */
236 	void			*passfp;	/* fp for passphrase input */
237 	__ops_cryptinfo_t	 cryptinfo;	/* used when decrypting */
238 };
239 
240 /** __ops_hashtype_t */
241 typedef struct {
242 	__ops_hash_t	hash;	/* hashes we should hash data with */
243 	unsigned char	keyid[OPS_KEY_ID_SIZE];
244 } __ops_hashtype_t;
245 
246 #define NTAGS	0x100	/* == 256 */
247 
248 /** \brief Structure to hold information about a packet parse.
249  *
250  *  This information includes options about the parse:
251  *  - whether the packet contents should be accumulated or not
252  *  - whether signature subpackets should be parsed or left raw
253  *
254  *  It contains options specific to the parsing of armoured data:
255  *  - whether headers are allowed in armoured data without a gap
256  *  - whether a blank line is allowed at the start of the armoured data
257  *
258  *  It also specifies :
259  *  - the callback function to use and its arguments
260  *  - the reader function to use and its arguments
261  *
262  *  It also contains information about the current state of the parse:
263  *  - offset from the beginning
264  *  - the accumulated data, if any
265  *  - the size of the buffer, and how much has been used
266  *
267  *  It has a linked list of errors.
268  */
269 
270 struct __ops_stream_t {
271 	unsigned char		 ss_raw[NTAGS / 8];
272 		/* 1 bit / sig-subpkt type; set to get raw data */
273 	unsigned char		 ss_parsed[NTAGS / 8];
274 		/* 1 bit / sig-subpkt type; set to get parsed data */
275 	__ops_reader_t	 	 readinfo;
276 	__ops_cbdata_t		 cbinfo;
277 	__ops_error_t		*errors;
278 	void			*io;		/* io streams */
279 	__ops_crypt_t		 decrypt;
280 	__ops_cryptinfo_t	 cryptinfo;
281 	size_t			 hashc;
282 	__ops_hashtype_t        *hashes;
283 	unsigned		 reading_v3_secret:1;
284 	unsigned		 reading_mpi_len:1;
285 	unsigned		 exact_read:1;
286 };
287 
288 #endif /* CRYPTO_H_ */
289