1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 53 #ifndef CRYPTO_H_ 54 #define CRYPTO_H_ 55 56 #include "keyring.h" 57 #include "packet.h" 58 #include "memory.h" 59 #include "packet-parse.h" 60 61 #include <openssl/dsa.h> 62 63 #define OPS_MIN_HASH_SIZE 16 64 65 typedef int __ops_hash_init_t(__ops_hash_t *); 66 typedef void __ops_hash_add_t(__ops_hash_t *, const uint8_t *, unsigned); 67 typedef unsigned __ops_hash_finish_t(__ops_hash_t *, uint8_t *); 68 69 /** _ops_hash_t */ 70 struct _ops_hash_t { 71 __ops_hash_alg_t alg; /* algorithm */ 72 size_t size; /* size */ 73 const char *name; /* what it's known as */ 74 __ops_hash_init_t *init; /* initialisation func */ 75 __ops_hash_add_t *add; /* add text func */ 76 __ops_hash_finish_t *finish; /* finalise func */ 77 void *data; /* blob for data */ 78 }; 79 80 typedef void __ops_setiv_func_t(__ops_crypt_t *, const uint8_t *); 81 typedef void __ops_setkey_func_t(__ops_crypt_t *, const uint8_t *); 82 typedef void __ops_crypt_init_t(__ops_crypt_t *); 83 typedef void __ops_crypt_resync_t(__ops_crypt_t *); 84 typedef void __ops_blkenc_t(__ops_crypt_t *, void *, const void *); 85 typedef void __ops_blkdec_t(__ops_crypt_t *, void *, const void *); 86 typedef void __ops_crypt_cfb_encrypt_t(__ops_crypt_t *, void *, const void *, 87 size_t); 88 typedef void __ops_crypt_cfb_decrypt_t(__ops_crypt_t *, void *, const void *, 89 size_t); 90 typedef void __ops_crypt_finish_t(__ops_crypt_t *); 91 92 /** _ops_crypt_t */ 93 struct _ops_crypt_t { 94 __ops_symm_alg_t alg; 95 size_t blocksize; 96 size_t keysize; 97 __ops_setiv_func_t *set_iv; 98 __ops_setkey_func_t *set_crypt_key; 99 __ops_crypt_init_t *base_init; 100 __ops_crypt_resync_t *decrypt_resync; 101 /* encrypt/decrypt one block */ 102 __ops_blkenc_t *block_encrypt; 103 __ops_blkdec_t *block_decrypt; 104 /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ 105 __ops_crypt_cfb_encrypt_t *cfb_encrypt; 106 __ops_crypt_cfb_decrypt_t *cfb_decrypt; 107 __ops_crypt_finish_t *decrypt_finish; 108 uint8_t iv[OPS_MAX_BLOCK_SIZE]; 109 uint8_t civ[OPS_MAX_BLOCK_SIZE]; 110 uint8_t siv[OPS_MAX_BLOCK_SIZE]; 111 /* siv is needed for weird v3 resync */ 112 uint8_t key[OPS_MAX_KEY_SIZE]; 113 int num; 114 /* num is offset - see openssl _encrypt doco */ 115 void *encrypt_key; 116 void *decrypt_key; 117 }; 118 119 void __ops_crypto_finish(void); 120 void __ops_hash_md5(__ops_hash_t *); 121 void __ops_hash_sha1(__ops_hash_t *); 122 void __ops_hash_sha256(__ops_hash_t *); 123 void __ops_hash_sha512(__ops_hash_t *); 124 void __ops_hash_sha384(__ops_hash_t *); 125 void __ops_hash_sha224(__ops_hash_t *); 126 void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t); 127 __ops_hash_alg_t __ops_str_to_hash_alg(const char *); 128 const char *__ops_text_from_hash(__ops_hash_t *); 129 unsigned __ops_hash_size(__ops_hash_alg_t); 130 unsigned __ops_hash(uint8_t *, __ops_hash_alg_t, const void *, size_t); 131 132 void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned); 133 134 unsigned __ops_dsa_verify(const uint8_t *, size_t, 135 const __ops_dsa_sig_t *, 136 const __ops_dsa_pubkey_t *); 137 138 int __ops_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t, 139 const __ops_rsa_pubkey_t *); 140 int __ops_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t, 141 const __ops_rsa_pubkey_t *); 142 143 int __ops_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t, 144 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 145 int __ops_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t, 146 const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 147 148 int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, size_t, 149 const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *); 150 151 unsigned __ops_block_size(__ops_symm_alg_t); 152 unsigned __ops_key_size(__ops_symm_alg_t); 153 154 int __ops_decrypt_data(__ops_content_enum, __ops_region_t *, 155 __ops_stream_t *); 156 157 int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t); 158 void __ops_decrypt_init(__ops_crypt_t *); 159 void __ops_encrypt_init(__ops_crypt_t *); 160 size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t); 161 size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t); 162 size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 163 size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 164 unsigned __ops_is_sa_supported(__ops_symm_alg_t); 165 166 void __ops_reader_push_decrypt(__ops_stream_t *, __ops_crypt_t *, 167 __ops_region_t *); 168 void __ops_reader_pop_decrypt(__ops_stream_t *); 169 170 /* Hash everything that's read */ 171 void __ops_reader_push_hash(__ops_stream_t *, __ops_hash_t *); 172 void __ops_reader_pop_hash(__ops_stream_t *); 173 174 int __ops_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *, 175 const __ops_seckey_t *); 176 unsigned __ops_rsa_encrypt_mpi(const uint8_t *, const size_t, 177 const __ops_pubkey_t *, 178 __ops_pk_sesskey_params_t *); 179 180 /* Encrypt everything that's written */ 181 struct __ops_key_data; 182 void __ops_writer_push_encrypt(__ops_output_t *, 183 const struct __ops_key_data *); 184 185 unsigned __ops_encrypt_file(__ops_io_t *, const char *, const char *, 186 const __ops_key_t *, 187 const unsigned, const unsigned); 188 unsigned __ops_decrypt_file(__ops_io_t *, 189 const char *, 190 const char *, 191 __ops_keyring_t *, 192 __ops_keyring_t *, 193 const unsigned, 194 const unsigned, 195 const unsigned, 196 void *, 197 __ops_cbfunc_t *); 198 199 __ops_memory_t * 200 __ops_encrypt_buf(__ops_io_t *, 201 const void *, 202 const size_t, 203 const __ops_key_t *, 204 const unsigned); 205 __ops_memory_t * 206 __ops_decrypt_buf(__ops_io_t *, 207 const void *, 208 const size_t, 209 __ops_keyring_t *, 210 __ops_keyring_t *, 211 const unsigned, 212 const unsigned, 213 void *, 214 __ops_cbfunc_t *); 215 216 /* Keys */ 217 __ops_key_t *__ops_rsa_new_selfsign_key(const int, 218 const unsigned long, uint8_t *, const char *); 219 220 int __ops_dsa_size(const __ops_dsa_pubkey_t *); 221 DSA_SIG *__ops_dsa_sign(uint8_t *, unsigned, 222 const __ops_dsa_seckey_t *, 223 const __ops_dsa_pubkey_t *); 224 225 int openssl_read_pem_seckey(const char *, __ops_key_t *, const char *, int); 226 227 /** __ops_reader_t */ 228 struct __ops_reader_t { 229 __ops_reader_func_t *reader; /* reader func to get parse data */ 230 __ops_reader_destroyer_t *destroyer; 231 void *arg; /* args to pass to reader function */ 232 unsigned accumulate:1; /* set to gather packet data */ 233 uint8_t *accumulated; /* the accumulated data */ 234 unsigned asize; /* size of the buffer */ 235 unsigned alength;/* used buffer */ 236 unsigned position; /* reader-specific offset */ 237 __ops_reader_t *next; 238 __ops_stream_t *parent;/* parent parse_info structure */ 239 }; 240 241 242 /** __ops_cryptinfo_t 243 Encrypt/decrypt settings 244 */ 245 struct __ops_cryptinfo_t { 246 char *passphrase; 247 __ops_keyring_t *secring; 248 const __ops_key_t *keydata; 249 __ops_cbfunc_t *getpassphrase; 250 __ops_keyring_t *pubring; 251 }; 252 253 /** __ops_cbdata_t */ 254 struct __ops_cbdata_t { 255 __ops_cbfunc_t *cbfunc; /* callback function */ 256 void *arg; /* args to pass to callback func */ 257 __ops_error_t **errors; /* address of error stack */ 258 __ops_cbdata_t *next; 259 __ops_output_t *output;/* used if writing out parsed info */ 260 __ops_io_t *io; /* error/output messages */ 261 void *passfp; /* fp for passphrase input */ 262 __ops_cryptinfo_t cryptinfo; /* used when decrypting */ 263 __ops_printstate_t printstate; /* used to keep state when printing */ 264 __ops_seckey_t *sshseckey; /* secret key for ssh */ 265 }; 266 267 /** __ops_hashtype_t */ 268 typedef struct { 269 __ops_hash_t hash; /* hashes we should hash data with */ 270 uint8_t keyid[OPS_KEY_ID_SIZE]; 271 } __ops_hashtype_t; 272 273 #define NTAGS 0x100 /* == 256 */ 274 275 /** \brief Structure to hold information about a packet parse. 276 * 277 * This information includes options about the parse: 278 * - whether the packet contents should be accumulated or not 279 * - whether signature subpackets should be parsed or left raw 280 * 281 * It contains options specific to the parsing of armoured data: 282 * - whether headers are allowed in armoured data without a gap 283 * - whether a blank line is allowed at the start of the armoured data 284 * 285 * It also specifies : 286 * - the callback function to use and its arguments 287 * - the reader function to use and its arguments 288 * 289 * It also contains information about the current state of the parse: 290 * - offset from the beginning 291 * - the accumulated data, if any 292 * - the size of the buffer, and how much has been used 293 * 294 * It has a linked list of errors. 295 */ 296 297 struct __ops_stream_t { 298 uint8_t ss_raw[NTAGS / 8]; 299 /* 1 bit / sig-subpkt type; set to get raw data */ 300 uint8_t ss_parsed[NTAGS / 8]; 301 /* 1 bit / sig-subpkt type; set to get parsed data */ 302 __ops_reader_t readinfo; 303 __ops_cbdata_t cbinfo; 304 __ops_error_t *errors; 305 void *io; /* io streams */ 306 __ops_crypt_t decrypt; 307 __ops_cryptinfo_t cryptinfo; 308 size_t hashc; 309 __ops_hashtype_t *hashes; 310 unsigned reading_v3_secret:1; 311 unsigned reading_mpi_len:1; 312 unsigned exact_read:1; 313 }; 314 315 #endif /* CRYPTO_H_ */ 316