1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 53 #ifndef CRYPTO_H_ 54 #define CRYPTO_H_ 55 56 #include "keyring.h" 57 #include "packet.h" 58 #include "memory.h" 59 #include "packet-parse.h" 60 61 #include <openssl/dsa.h> 62 63 #define OPS_MIN_HASH_SIZE 16 64 65 typedef int __ops_hash_init_t(__ops_hash_t *); 66 typedef void __ops_hash_add_t(__ops_hash_t *, const unsigned char *, unsigned); 67 typedef unsigned __ops_hash_finish_t(__ops_hash_t *, unsigned char *); 68 69 /** _ops_hash_t */ 70 struct _ops_hash_t { 71 __ops_hash_alg_t alg; /* algorithm */ 72 size_t size; /* size */ 73 const char *name; /* what it's known as */ 74 __ops_hash_init_t *init; /* initialisation func */ 75 __ops_hash_add_t *add; /* add text func */ 76 __ops_hash_finish_t *finish; /* finalise func */ 77 void *data; /* blob for data */ 78 }; 79 80 typedef void __ops_setiv_func_t(__ops_crypt_t *, const unsigned char *); 81 typedef void __ops_setkey_func_t(__ops_crypt_t *, const unsigned char *); 82 typedef void __ops_crypt_init_t(__ops_crypt_t *); 83 typedef void __ops_crypt_resync_t(__ops_crypt_t *); 84 typedef void __ops_blkenc_t(__ops_crypt_t *, void *, const void *); 85 typedef void __ops_blkdec_t(__ops_crypt_t *, void *, const void *); 86 typedef void __ops_crypt_cfb_encrypt_t(__ops_crypt_t *, void *, const void *, 87 size_t); 88 typedef void __ops_crypt_cfb_decrypt_t(__ops_crypt_t *, void *, const void *, 89 size_t); 90 typedef void __ops_crypt_finish_t(__ops_crypt_t *); 91 92 /** _ops_crypt_t */ 93 struct _ops_crypt_t { 94 __ops_symm_alg_t alg; 95 size_t blocksize; 96 size_t keysize; 97 __ops_setiv_func_t *set_iv; 98 __ops_setkey_func_t *set_crypt_key; 99 __ops_crypt_init_t *base_init; 100 __ops_crypt_resync_t *decrypt_resync; 101 /* encrypt/decrypt one block */ 102 __ops_blkenc_t *block_encrypt; 103 __ops_blkdec_t *block_decrypt; 104 /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ 105 __ops_crypt_cfb_encrypt_t *cfb_encrypt; 106 __ops_crypt_cfb_decrypt_t *cfb_decrypt; 107 __ops_crypt_finish_t *decrypt_finish; 108 unsigned char iv[OPS_MAX_BLOCK_SIZE]; 109 unsigned char civ[OPS_MAX_BLOCK_SIZE]; 110 unsigned char siv[OPS_MAX_BLOCK_SIZE]; 111 /* siv is needed for weird v3 resync */ 112 unsigned char key[OPS_MAX_KEY_SIZE]; 113 int num; 114 /* num is offset - see openssl _encrypt doco */ 115 void *encrypt_key; 116 void *decrypt_key; 117 }; 118 119 void __ops_crypto_init(void); 120 void __ops_crypto_finish(void); 121 void __ops_hash_md5(__ops_hash_t *); 122 void __ops_hash_sha1(__ops_hash_t *); 123 void __ops_hash_sha256(__ops_hash_t *); 124 void __ops_hash_sha512(__ops_hash_t *); 125 void __ops_hash_sha384(__ops_hash_t *); 126 void __ops_hash_sha224(__ops_hash_t *); 127 void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t); 128 __ops_hash_alg_t __ops_str_to_hash_alg(const char *); 129 const char *__ops_text_from_hash(__ops_hash_t *); 130 unsigned __ops_hash_size(__ops_hash_alg_t); 131 unsigned __ops_hash(unsigned char *, __ops_hash_alg_t, const void *, size_t); 132 133 void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned); 134 135 unsigned __ops_dsa_verify(const unsigned char *, size_t, 136 const __ops_dsa_sig_t *, 137 const __ops_dsa_pubkey_t *); 138 139 int __ops_rsa_public_decrypt(unsigned char *, const unsigned char *, size_t, 140 const __ops_rsa_pubkey_t *); 141 int __ops_rsa_public_encrypt(unsigned char *, const unsigned char *, size_t, 142 const __ops_rsa_pubkey_t *); 143 144 int __ops_rsa_private_encrypt(unsigned char *, const unsigned char *, size_t, 145 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 146 int __ops_rsa_private_decrypt(unsigned char *, const unsigned char *, size_t, 147 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 148 149 unsigned __ops_block_size(__ops_symm_alg_t); 150 unsigned __ops_key_size(__ops_symm_alg_t); 151 152 int __ops_decrypt_data(__ops_content_tag_t, __ops_region_t *, 153 __ops_stream_t *); 154 155 int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t); 156 void __ops_decrypt_init(__ops_crypt_t *); 157 void __ops_encrypt_init(__ops_crypt_t *); 158 size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t); 159 size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t); 160 size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 161 size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 162 unsigned __ops_is_sa_supported(__ops_symm_alg_t); 163 164 void __ops_reader_push_decrypt(__ops_stream_t *, __ops_crypt_t *, 165 __ops_region_t *); 166 void __ops_reader_pop_decrypt(__ops_stream_t *); 167 168 /* Hash everything that's read */ 169 void __ops_reader_push_hash(__ops_stream_t *, __ops_hash_t *); 170 void __ops_reader_pop_hash(__ops_stream_t *); 171 172 int __ops_decrypt_decode_mpi(unsigned char *, unsigned, const BIGNUM *, 173 const __ops_seckey_t *); 174 unsigned __ops_rsa_encrypt_mpi(const unsigned char *, const size_t, 175 const __ops_pubkey_t *, 176 __ops_pk_sesskey_params_t *); 177 178 /* Encrypt everything that's written */ 179 struct __ops_key_data; 180 void __ops_writer_push_encrypt(__ops_output_t *, 181 const struct __ops_key_data *); 182 183 unsigned __ops_encrypt_file(__ops_io_t *, const char *, const char *, 184 const __ops_key_t *, 185 const unsigned, const unsigned); 186 unsigned __ops_decrypt_file(__ops_io_t *, 187 const char *, 188 const char *, 189 __ops_keyring_t *, 190 const unsigned, 191 const unsigned, 192 void *, 193 __ops_cbfunc_t *); 194 195 __ops_memory_t * 196 __ops_encrypt_buf(__ops_io_t *, 197 const void *, 198 const size_t, 199 const __ops_key_t *, 200 const unsigned); 201 __ops_memory_t * 202 __ops_decrypt_buf(__ops_io_t *, 203 const void *, 204 const size_t, 205 __ops_keyring_t *, 206 const unsigned, 207 void *, 208 __ops_cbfunc_t *); 209 210 /* Keys */ 211 __ops_key_t *__ops_rsa_new_selfsign_key(const int, 212 const unsigned long, __ops_userid_t *); 213 214 int __ops_dsa_size(const __ops_dsa_pubkey_t *); 215 DSA_SIG *__ops_dsa_sign(unsigned char *, unsigned, 216 const __ops_dsa_seckey_t *, 217 const __ops_dsa_pubkey_t *); 218 219 int openssl_read_pem_seckey(const char *, __ops_key_t *, const char *, int); 220 221 /** __ops_reader_t */ 222 struct __ops_reader_t { 223 __ops_reader_func_t *reader; /* reader func to get parse data */ 224 __ops_reader_destroyer_t *destroyer; 225 void *arg; /* args to pass to reader function */ 226 unsigned accumulate:1; /* set to gather packet data */ 227 unsigned char *accumulated; /* the accumulated data */ 228 unsigned asize; /* size of the buffer */ 229 unsigned alength;/* used buffer */ 230 unsigned position; /* reader-specific offset */ 231 __ops_reader_t *next; 232 __ops_stream_t *parent;/* parent parse_info structure */ 233 }; 234 235 236 /** __ops_cryptinfo_t 237 Encrypt/decrypt settings 238 */ 239 struct __ops_cryptinfo_t { 240 char *passphrase; 241 __ops_keyring_t *keyring; 242 const __ops_key_t *keydata; 243 __ops_cbfunc_t *getpassphrase; 244 }; 245 246 /** __ops_cbdata_t */ 247 struct __ops_cbdata_t { 248 __ops_cbfunc_t *cbfunc; /* callback function */ 249 void *arg; /* args to pass to callback func */ 250 __ops_error_t **errors; /* address of error stack */ 251 __ops_cbdata_t *next; 252 __ops_output_t *output;/* used if writing out parsed info */ 253 __ops_io_t *io; /* error/output messages */ 254 void *passfp; /* fp for passphrase input */ 255 __ops_cryptinfo_t cryptinfo; /* used when decrypting */ 256 __ops_printstate_t printstate; /* used to keep state when printing */ 257 }; 258 259 /** __ops_hashtype_t */ 260 typedef struct { 261 __ops_hash_t hash; /* hashes we should hash data with */ 262 unsigned char keyid[OPS_KEY_ID_SIZE]; 263 } __ops_hashtype_t; 264 265 #define NTAGS 0x100 /* == 256 */ 266 267 /** \brief Structure to hold information about a packet parse. 268 * 269 * This information includes options about the parse: 270 * - whether the packet contents should be accumulated or not 271 * - whether signature subpackets should be parsed or left raw 272 * 273 * It contains options specific to the parsing of armoured data: 274 * - whether headers are allowed in armoured data without a gap 275 * - whether a blank line is allowed at the start of the armoured data 276 * 277 * It also specifies : 278 * - the callback function to use and its arguments 279 * - the reader function to use and its arguments 280 * 281 * It also contains information about the current state of the parse: 282 * - offset from the beginning 283 * - the accumulated data, if any 284 * - the size of the buffer, and how much has been used 285 * 286 * It has a linked list of errors. 287 */ 288 289 struct __ops_stream_t { 290 unsigned char ss_raw[NTAGS / 8]; 291 /* 1 bit / sig-subpkt type; set to get raw data */ 292 unsigned char ss_parsed[NTAGS / 8]; 293 /* 1 bit / sig-subpkt type; set to get parsed data */ 294 __ops_reader_t readinfo; 295 __ops_cbdata_t cbinfo; 296 __ops_error_t *errors; 297 void *io; /* io streams */ 298 __ops_crypt_t decrypt; 299 __ops_cryptinfo_t cryptinfo; 300 size_t hashc; 301 __ops_hashtype_t *hashes; 302 unsigned reading_v3_secret:1; 303 unsigned reading_mpi_len:1; 304 unsigned exact_read:1; 305 }; 306 307 #endif /* CRYPTO_H_ */ 308