1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 53 #ifndef CRYPTO_H_ 54 #define CRYPTO_H_ 55 56 #include "keyring.h" 57 #include "packet.h" 58 #include "memory.h" 59 #include "packet-parse.h" 60 61 #include <openssl/dsa.h> 62 63 #define OPS_MIN_HASH_SIZE 16 64 65 typedef int __ops_hash_init_t(__ops_hash_t *); 66 typedef void __ops_hash_add_t(__ops_hash_t *, const uint8_t *, unsigned); 67 typedef unsigned __ops_hash_finish_t(__ops_hash_t *, uint8_t *); 68 69 /** _ops_hash_t */ 70 struct _ops_hash_t { 71 __ops_hash_alg_t alg; /* algorithm */ 72 size_t size; /* size */ 73 const char *name; /* what it's known as */ 74 __ops_hash_init_t *init; /* initialisation func */ 75 __ops_hash_add_t *add; /* add text func */ 76 __ops_hash_finish_t *finish; /* finalise func */ 77 void *data; /* blob for data */ 78 }; 79 80 typedef void __ops_setiv_func_t(__ops_crypt_t *, const uint8_t *); 81 typedef void __ops_setkey_func_t(__ops_crypt_t *, const uint8_t *); 82 typedef void __ops_crypt_init_t(__ops_crypt_t *); 83 typedef void __ops_crypt_resync_t(__ops_crypt_t *); 84 typedef void __ops_blkenc_t(__ops_crypt_t *, void *, const void *); 85 typedef void __ops_blkdec_t(__ops_crypt_t *, void *, const void *); 86 typedef void __ops_crypt_cfb_encrypt_t(__ops_crypt_t *, void *, const void *, 87 size_t); 88 typedef void __ops_crypt_cfb_decrypt_t(__ops_crypt_t *, void *, const void *, 89 size_t); 90 typedef void __ops_crypt_finish_t(__ops_crypt_t *); 91 92 /** _ops_crypt_t */ 93 struct _ops_crypt_t { 94 __ops_symm_alg_t alg; 95 size_t blocksize; 96 size_t keysize; 97 __ops_setiv_func_t *set_iv; 98 __ops_setkey_func_t *set_crypt_key; 99 __ops_crypt_init_t *base_init; 100 __ops_crypt_resync_t *decrypt_resync; 101 /* encrypt/decrypt one block */ 102 __ops_blkenc_t *block_encrypt; 103 __ops_blkdec_t *block_decrypt; 104 /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ 105 __ops_crypt_cfb_encrypt_t *cfb_encrypt; 106 __ops_crypt_cfb_decrypt_t *cfb_decrypt; 107 __ops_crypt_finish_t *decrypt_finish; 108 uint8_t iv[OPS_MAX_BLOCK_SIZE]; 109 uint8_t civ[OPS_MAX_BLOCK_SIZE]; 110 uint8_t siv[OPS_MAX_BLOCK_SIZE]; 111 /* siv is needed for weird v3 resync */ 112 uint8_t key[OPS_MAX_KEY_SIZE]; 113 int num; 114 /* num is offset - see openssl _encrypt doco */ 115 void *encrypt_key; 116 void *decrypt_key; 117 }; 118 119 void __ops_crypto_finish(void); 120 void __ops_hash_md5(__ops_hash_t *); 121 void __ops_hash_sha1(__ops_hash_t *); 122 void __ops_hash_sha256(__ops_hash_t *); 123 void __ops_hash_sha512(__ops_hash_t *); 124 void __ops_hash_sha384(__ops_hash_t *); 125 void __ops_hash_sha224(__ops_hash_t *); 126 void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t); 127 __ops_hash_alg_t __ops_str_to_hash_alg(const char *); 128 const char *__ops_text_from_hash(__ops_hash_t *); 129 unsigned __ops_hash_size(__ops_hash_alg_t); 130 unsigned __ops_hash(uint8_t *, __ops_hash_alg_t, const void *, size_t); 131 132 void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned); 133 134 unsigned __ops_dsa_verify(const uint8_t *, size_t, 135 const __ops_dsa_sig_t *, 136 const __ops_dsa_pubkey_t *); 137 138 int __ops_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t, 139 const __ops_rsa_pubkey_t *); 140 int __ops_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t, 141 const __ops_rsa_pubkey_t *); 142 143 int __ops_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t, 144 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 145 int __ops_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t, 146 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 147 148 unsigned __ops_block_size(__ops_symm_alg_t); 149 unsigned __ops_key_size(__ops_symm_alg_t); 150 151 int __ops_decrypt_data(__ops_content_enum, __ops_region_t *, 152 __ops_stream_t *); 153 154 int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t); 155 void __ops_decrypt_init(__ops_crypt_t *); 156 void __ops_encrypt_init(__ops_crypt_t *); 157 size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t); 158 size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t); 159 size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 160 size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 161 unsigned __ops_is_sa_supported(__ops_symm_alg_t); 162 163 void __ops_reader_push_decrypt(__ops_stream_t *, __ops_crypt_t *, 164 __ops_region_t *); 165 void __ops_reader_pop_decrypt(__ops_stream_t *); 166 167 /* Hash everything that's read */ 168 void __ops_reader_push_hash(__ops_stream_t *, __ops_hash_t *); 169 void __ops_reader_pop_hash(__ops_stream_t *); 170 171 int __ops_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *, 172 const __ops_seckey_t *); 173 unsigned __ops_rsa_encrypt_mpi(const uint8_t *, const size_t, 174 const __ops_pubkey_t *, 175 __ops_pk_sesskey_params_t *); 176 177 /* Encrypt everything that's written */ 178 struct __ops_key_data; 179 void __ops_writer_push_encrypt(__ops_output_t *, 180 const struct __ops_key_data *); 181 182 unsigned __ops_encrypt_file(__ops_io_t *, const char *, const char *, 183 const __ops_key_t *, 184 const unsigned, const unsigned); 185 unsigned __ops_decrypt_file(__ops_io_t *, 186 const char *, 187 const char *, 188 __ops_keyring_t *, 189 __ops_keyring_t *, 190 const unsigned, 191 const unsigned, 192 void *, 193 __ops_cbfunc_t *); 194 195 __ops_memory_t * 196 __ops_encrypt_buf(__ops_io_t *, 197 const void *, 198 const size_t, 199 const __ops_key_t *, 200 const unsigned); 201 __ops_memory_t * 202 __ops_decrypt_buf(__ops_io_t *, 203 const void *, 204 const size_t, 205 __ops_keyring_t *, 206 __ops_keyring_t *, 207 const unsigned, 208 void *, 209 __ops_cbfunc_t *); 210 211 /* Keys */ 212 __ops_key_t *__ops_rsa_new_selfsign_key(const int, 213 const unsigned long, uint8_t *, const char *); 214 215 int __ops_dsa_size(const __ops_dsa_pubkey_t *); 216 DSA_SIG *__ops_dsa_sign(uint8_t *, unsigned, 217 const __ops_dsa_seckey_t *, 218 const __ops_dsa_pubkey_t *); 219 220 int openssl_read_pem_seckey(const char *, __ops_key_t *, const char *, int); 221 222 /** __ops_reader_t */ 223 struct __ops_reader_t { 224 __ops_reader_func_t *reader; /* reader func to get parse data */ 225 __ops_reader_destroyer_t *destroyer; 226 void *arg; /* args to pass to reader function */ 227 unsigned accumulate:1; /* set to gather packet data */ 228 uint8_t *accumulated; /* the accumulated data */ 229 unsigned asize; /* size of the buffer */ 230 unsigned alength;/* used buffer */ 231 unsigned position; /* reader-specific offset */ 232 __ops_reader_t *next; 233 __ops_stream_t *parent;/* parent parse_info structure */ 234 }; 235 236 237 /** __ops_cryptinfo_t 238 Encrypt/decrypt settings 239 */ 240 struct __ops_cryptinfo_t { 241 char *passphrase; 242 __ops_keyring_t *secring; 243 const __ops_key_t *keydata; 244 __ops_cbfunc_t *getpassphrase; 245 __ops_keyring_t *pubring; 246 }; 247 248 /** __ops_cbdata_t */ 249 struct __ops_cbdata_t { 250 __ops_cbfunc_t *cbfunc; /* callback function */ 251 void *arg; /* args to pass to callback func */ 252 __ops_error_t **errors; /* address of error stack */ 253 __ops_cbdata_t *next; 254 __ops_output_t *output;/* used if writing out parsed info */ 255 __ops_io_t *io; /* error/output messages */ 256 void *passfp; /* fp for passphrase input */ 257 __ops_cryptinfo_t cryptinfo; /* used when decrypting */ 258 __ops_printstate_t printstate; /* used to keep state when printing */ 259 }; 260 261 /** __ops_hashtype_t */ 262 typedef struct { 263 __ops_hash_t hash; /* hashes we should hash data with */ 264 uint8_t keyid[OPS_KEY_ID_SIZE]; 265 } __ops_hashtype_t; 266 267 #define NTAGS 0x100 /* == 256 */ 268 269 /** \brief Structure to hold information about a packet parse. 270 * 271 * This information includes options about the parse: 272 * - whether the packet contents should be accumulated or not 273 * - whether signature subpackets should be parsed or left raw 274 * 275 * It contains options specific to the parsing of armoured data: 276 * - whether headers are allowed in armoured data without a gap 277 * - whether a blank line is allowed at the start of the armoured data 278 * 279 * It also specifies : 280 * - the callback function to use and its arguments 281 * - the reader function to use and its arguments 282 * 283 * It also contains information about the current state of the parse: 284 * - offset from the beginning 285 * - the accumulated data, if any 286 * - the size of the buffer, and how much has been used 287 * 288 * It has a linked list of errors. 289 */ 290 291 struct __ops_stream_t { 292 uint8_t ss_raw[NTAGS / 8]; 293 /* 1 bit / sig-subpkt type; set to get raw data */ 294 uint8_t ss_parsed[NTAGS / 8]; 295 /* 1 bit / sig-subpkt type; set to get parsed data */ 296 __ops_reader_t readinfo; 297 __ops_cbdata_t cbinfo; 298 __ops_error_t *errors; 299 void *io; /* io streams */ 300 __ops_crypt_t decrypt; 301 __ops_cryptinfo_t cryptinfo; 302 size_t hashc; 303 __ops_hashtype_t *hashes; 304 unsigned reading_v3_secret:1; 305 unsigned reading_mpi_len:1; 306 unsigned exact_read:1; 307 }; 308 309 #endif /* CRYPTO_H_ */ 310