1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * packet related headers. 52 */ 53 54 #ifndef PACKET_H_ 55 #define PACKET_H_ 56 57 #include <time.h> 58 59 #ifdef HAVE_OPENSSL_BN_H 60 #include <openssl/bn.h> 61 #endif 62 63 #include "types.h" 64 #include "errors.h" 65 66 /** General-use structure for variable-length data 67 */ 68 69 typedef struct { 70 size_t len; 71 unsigned char *contents; 72 unsigned char mmapped; /* contents need an munmap(2) */ 73 } __ops_data_t; 74 75 /************************************/ 76 /* Packet Tags - RFC4880, 4.2 */ 77 /************************************/ 78 79 /** Packet Tag - Bit 7 Mask (this bit is always set). 80 * The first byte of a packet is the "Packet Tag". It always 81 * has bit 7 set. This is the mask for it. 82 * 83 * \see RFC4880 4.2 84 */ 85 #define OPS_PTAG_ALWAYS_SET 0x80 86 87 /** Packet Tag - New Format Flag. 88 * Bit 6 of the Packet Tag is the packet format indicator. 89 * If it is set, the new format is used, if cleared the 90 * old format is used. 91 * 92 * \see RFC4880 4.2 93 */ 94 #define OPS_PTAG_NEW_FORMAT 0x40 95 96 97 /** Old Packet Format: Mask for content tag. 98 * In the old packet format bits 5 to 2 (including) 99 * are the content tag. This is the mask to apply 100 * to the packet tag. Note that you need to 101 * shift by #OPS_PTAG_OF_CONTENT_TAG_SHIFT bits. 102 * 103 * \see RFC4880 4.2 104 */ 105 #define OPS_PTAG_OF_CONTENT_TAG_MASK 0x3c 106 /** Old Packet Format: Offset for the content tag. 107 * As described at #OPS_PTAG_OF_CONTENT_TAG_MASK the 108 * content tag needs to be shifted after being masked 109 * out from the Packet Tag. 110 * 111 * \see RFC4880 4.2 112 */ 113 #define OPS_PTAG_OF_CONTENT_TAG_SHIFT 2 114 /** Old Packet Format: Mask for length type. 115 * Bits 1 and 0 of the packet tag are the length type 116 * in the old packet format. 117 * 118 * See #__ops_ptag_of_lt_t for the meaning of the values. 119 * 120 * \see RFC4880 4.2 121 */ 122 #define OPS_PTAG_OF_LENGTH_TYPE_MASK 0x03 123 124 125 /** Old Packet Format Lengths. 126 * Defines the meanings of the 2 bits for length type in the 127 * old packet format. 128 * 129 * \see RFC4880 4.2.1 130 */ 131 typedef enum { 132 OPS_PTAG_OLD_LEN_1 = 0x00, /* Packet has a 1 byte length - 133 * header is 2 bytes long. */ 134 OPS_PTAG_OLD_LEN_2 = 0x01, /* Packet has a 2 byte length - 135 * header is 3 bytes long. */ 136 OPS_PTAG_OLD_LEN_4 = 0x02, /* Packet has a 4 byte 137 * length - header is 5 bytes 138 * long. */ 139 OPS_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* Packet has a 140 * indeterminate length. */ 141 } __ops_ptag_of_lt_t; 142 143 144 /** New Packet Format: Mask for content tag. 145 * In the new packet format the 6 rightmost bits 146 * are the content tag. This is the mask to apply 147 * to the packet tag. Note that you need to 148 * shift by #OPS_PTAG_NF_CONTENT_TAG_SHIFT bits. 149 * 150 * \see RFC4880 4.2 151 */ 152 #define OPS_PTAG_NF_CONTENT_TAG_MASK 0x3f 153 /** New Packet Format: Offset for the content tag. 154 * As described at #OPS_PTAG_NF_CONTENT_TAG_MASK the 155 * content tag needs to be shifted after being masked 156 * out from the Packet Tag. 157 * 158 * \see RFC4880 4.2 159 */ 160 #define OPS_PTAG_NF_CONTENT_TAG_SHIFT 0 161 162 /* PTag Content Tags */ 163 /***************************/ 164 165 /** Package Tags (aka Content Tags) and signature subpacket types. 166 * This enumerates all rfc-defined packet tag values and the 167 * signature subpacket type values that we understand. 168 * 169 * \see RFC4880 4.3 170 * \see RFC4880 5.2.3.1 171 */ 172 typedef enum { 173 OPS_PTAG_CT_RESERVED = 0, /* Reserved - a packet tag must 174 * not have this value */ 175 OPS_PTAG_CT_PK_SESSION_KEY = 1, /* Public-Key Encrypted Session 176 * Key Packet */ 177 OPS_PTAG_CT_SIGNATURE = 2, /* Signature Packet */ 178 OPS_PTAG_CT_SK_SESSION_KEY = 3, /* Symmetric-Key Encrypted Session 179 * Key Packet */ 180 OPS_PTAG_CT_1_PASS_SIG = 4, /* One-Pass Signature 181 * Packet */ 182 OPS_PTAG_CT_SECRET_KEY = 5, /* Secret Key Packet */ 183 OPS_PTAG_CT_PUBLIC_KEY = 6, /* Public Key Packet */ 184 OPS_PTAG_CT_SECRET_SUBKEY = 7, /* Secret Subkey Packet */ 185 OPS_PTAG_CT_COMPRESSED = 8, /* Compressed Data Packet */ 186 OPS_PTAG_CT_SE_DATA = 9,/* Symmetrically Encrypted Data Packet */ 187 OPS_PTAG_CT_MARKER = 10,/* Marker Packet */ 188 OPS_PTAG_CT_LITDATA = 11, /* Literal Data Packet */ 189 OPS_PTAG_CT_TRUST = 12, /* Trust Packet */ 190 OPS_PTAG_CT_USER_ID = 13, /* User ID Packet */ 191 OPS_PTAG_CT_PUBLIC_SUBKEY = 14, /* Public Subkey Packet */ 192 OPS_PTAG_CT_RESERVED2 = 15, /* reserved */ 193 OPS_PTAG_CT_RESERVED3 = 16, /* reserved */ 194 OPS_PTAG_CT_USER_ATTR = 17, /* User Attribute Packet */ 195 OPS_PTAG_CT_SE_IP_DATA = 18, /* Sym. Encrypted and Integrity 196 * Protected Data Packet */ 197 OPS_PTAG_CT_MDC = 19, /* Modification Detection Code Packet */ 198 199 OPS_PARSER_PTAG = 0x100,/* Internal Use: The packet is the "Packet 200 * Tag" itself - used when callback sends 201 * back the PTag. */ 202 OPS_PTAG_RAW_SS = 0x101,/* Internal Use: content is raw sig subtag */ 203 OPS_PTAG_SS_ALL = 0x102,/* Internal Use: select all subtags */ 204 OPS_PARSER_PACKET_END = 0x103, 205 206 /* signature subpackets (0x200-2ff) (type+0x200) */ 207 /* only those we can parse are listed here */ 208 OPS_PTAG_SIG_SUBPKT_BASE = 0x200, /* Base for signature 209 * subpacket types - All 210 * signature type values 211 * are relative to this 212 * value. */ 213 OPS_PTAG_SS_CREATION_TIME = 0x200 + 2, /* signature creation time */ 214 OPS_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* signature 215 * expiration time */ 216 217 OPS_PTAG_SS_EXPORT_CERT = 0x200 + 4, /* exportable certification */ 218 OPS_PTAG_SS_TRUST = 0x200 + 5, /* trust signature */ 219 OPS_PTAG_SS_REGEXP = 0x200 + 6, /* regular expression */ 220 OPS_PTAG_SS_REVOCABLE = 0x200 + 7, /* revocable */ 221 OPS_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration 222 * time */ 223 OPS_PTAG_SS_RESERVED = 0x200 + 10, /* reserved */ 224 OPS_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric 225 * algs */ 226 OPS_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* revocation key */ 227 OPS_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* issuer key ID */ 228 OPS_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* notation data */ 229 OPS_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash 230 * algs */ 231 OPS_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred 232 * compression 233 * algorithms */ 234 OPS_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server 235 * preferences */ 236 OPS_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key 237 * Server */ 238 OPS_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* primary User ID */ 239 OPS_PTAG_SS_POLICY_URI = 0x200 + 26, /* Policy URI */ 240 OPS_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* key flags */ 241 OPS_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* Signer's User ID */ 242 OPS_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* reason for 243 * revocation */ 244 OPS_PTAG_SS_FEATURES = 0x200 + 30, /* features */ 245 OPS_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* signature target */ 246 OPS_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* embedded signature */ 247 248 OPS_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* internal or 249 * user-defined */ 250 OPS_PTAG_SS_USERDEFINED01 = 0x200 + 101, 251 OPS_PTAG_SS_USERDEFINED02 = 0x200 + 102, 252 OPS_PTAG_SS_USERDEFINED03 = 0x200 + 103, 253 OPS_PTAG_SS_USERDEFINED04 = 0x200 + 104, 254 OPS_PTAG_SS_USERDEFINED05 = 0x200 + 105, 255 OPS_PTAG_SS_USERDEFINED06 = 0x200 + 106, 256 OPS_PTAG_SS_USERDEFINED07 = 0x200 + 107, 257 OPS_PTAG_SS_USERDEFINED08 = 0x200 + 108, 258 OPS_PTAG_SS_USERDEFINED09 = 0x200 + 109, 259 OPS_PTAG_SS_USERDEFINED10 = 0x200 + 110, 260 261 /* pseudo content types */ 262 OPS_PTAG_CT_LITDATA_HEADER = 0x300, 263 OPS_PTAG_CT_LITDATA_BODY = 0x300 + 1, 264 OPS_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2, 265 OPS_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3, 266 OPS_PTAG_CT_ARMOUR_HEADER = 0x300 + 4, 267 OPS_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5, 268 OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6, 269 OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7, 270 OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8, 271 OPS_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9, 272 OPS_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10, /* In this case the 273 * algorithm specific 274 * fields will not be 275 * initialised */ 276 OPS_PTAG_CT_SE_DATA_HEADER = 0x300 + 11, 277 OPS_PTAG_CT_SE_DATA_BODY = 0x300 + 12, 278 OPS_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13, 279 OPS_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14, 280 OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15, 281 282 /* commands to the callback */ 283 OPS_GET_PASSPHRASE = 0x400, 284 OPS_GET_SECKEY = 0x400 + 1, 285 286 /* Errors */ 287 OPS_PARSER_ERROR = 0x500, /* Internal Use: Parser Error */ 288 OPS_PARSER_ERRCODE = 0x500 + 1 /* Internal Use: Parser Error 289 * with errcode returned */ 290 } __ops_content_tag_t; 291 292 typedef __ops_content_tag_t __ops_packet_tag_t; 293 typedef __ops_content_tag_t __ops_ss_type_t; 294 295 /** Structure to hold one parse error string. */ 296 typedef struct { 297 const char *error; /* error message. */ 298 } __ops_parser_error_t; 299 300 /** Structure to hold one error code */ 301 typedef struct { 302 __ops_errcode_t errcode; 303 } __ops_parser_errcode_t; 304 305 /** Structure to hold one packet tag. 306 * \see RFC4880 4.2 307 */ 308 typedef struct { 309 unsigned new_format; /* Whether this packet tag is new 310 * (1) or old format (0) */ 311 unsigned type; /* content_tag value - See 312 * #__ops_content_tag_t for meanings */ 313 __ops_ptag_of_lt_t length_type; /* Length type (#__ops_ptag_of_lt_t) 314 * - only if this packet tag is old 315 * format. Set to 0 if new format. */ 316 unsigned length; /* The length of the packet. This value 317 * is set when we read and compute the length 318 * information, not at the same moment we 319 * create the packet tag structure. Only 320 * defined if #readc is set. *//* XXX: Ben, is this correct? */ 321 unsigned position; /* The position (within the 322 * current reader) of the packet */ 323 unsigned size; /* number of bits */ 324 } __ops_ptag_t; 325 326 /** Public Key Algorithm Numbers. 327 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 328 * 329 * This lists algorithm numbers for public key algorithms. 330 * 331 * \see RFC4880 9.1 332 */ 333 typedef enum { 334 OPS_PKA_NOTHING = 0, /* No PKA */ 335 OPS_PKA_RSA = 1, /* RSA (Encrypt or Sign) */ 336 OPS_PKA_RSA_ENCRYPT_ONLY = 2, /* RSA Encrypt-Only (deprecated - 337 * \see RFC4880 13.5) */ 338 OPS_PKA_RSA_SIGN_ONLY = 3, /* RSA Sign-Only (deprecated - 339 * \see RFC4880 13.5) */ 340 OPS_PKA_ELGAMAL = 16, /* Elgamal (Encrypt-Only) */ 341 OPS_PKA_DSA = 17, /* DSA (Digital Signature Algorithm) */ 342 OPS_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* Reserved for Elliptic 343 * Curve */ 344 OPS_PKA_RESERVED_ECDSA = 19, /* Reserved for ECDSA */ 345 OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* Deprecated. */ 346 OPS_PKA_RESERVED_DH = 21, /* Reserved for Diffie-Hellman 347 * (X9.42, as defined for 348 * IETF-S/MIME) */ 349 OPS_PKA_PRIVATE00 = 100,/* Private/Experimental Algorithm */ 350 OPS_PKA_PRIVATE01 = 101,/* Private/Experimental Algorithm */ 351 OPS_PKA_PRIVATE02 = 102,/* Private/Experimental Algorithm */ 352 OPS_PKA_PRIVATE03 = 103,/* Private/Experimental Algorithm */ 353 OPS_PKA_PRIVATE04 = 104,/* Private/Experimental Algorithm */ 354 OPS_PKA_PRIVATE05 = 105,/* Private/Experimental Algorithm */ 355 OPS_PKA_PRIVATE06 = 106,/* Private/Experimental Algorithm */ 356 OPS_PKA_PRIVATE07 = 107,/* Private/Experimental Algorithm */ 357 OPS_PKA_PRIVATE08 = 108,/* Private/Experimental Algorithm */ 358 OPS_PKA_PRIVATE09 = 109,/* Private/Experimental Algorithm */ 359 OPS_PKA_PRIVATE10 = 110 /* Private/Experimental Algorithm */ 360 } __ops_pubkey_alg_t; 361 362 /** Structure to hold one DSA public key params. 363 * 364 * \see RFC4880 5.5.2 365 */ 366 typedef struct { 367 BIGNUM *p; /* DSA prime p */ 368 BIGNUM *q; /* DSA group order q */ 369 BIGNUM *g; /* DSA group generator g */ 370 BIGNUM *y; /* DSA public key value y (= g^x mod p 371 * with x being the secret) */ 372 } __ops_dsa_pubkey_t; 373 374 /** Structure to hold an RSA public key. 375 * 376 * \see RFC4880 5.5.2 377 */ 378 typedef struct { 379 BIGNUM *n; /* RSA public modulus n */ 380 BIGNUM *e; /* RSA public encryption exponent e */ 381 } __ops_rsa_pubkey_t; 382 383 /** Structure to hold an ElGamal public key params. 384 * 385 * \see RFC4880 5.5.2 386 */ 387 typedef struct { 388 BIGNUM *p; /* ElGamal prime p */ 389 BIGNUM *g; /* ElGamal group generator g */ 390 BIGNUM *y; /* ElGamal public key value y (= g^x mod p 391 * with x being the secret) */ 392 } __ops_elgamal_pubkey_t; 393 394 /** Union to hold public key params of any algorithm */ 395 typedef union { 396 __ops_dsa_pubkey_t dsa; /* A DSA public key */ 397 __ops_rsa_pubkey_t rsa; /* An RSA public key */ 398 __ops_elgamal_pubkey_t elgamal; /* An ElGamal public key */ 399 } __ops_pubkey_union_t; 400 401 /** Version. 402 * OpenPGP has two different protocol versions: version 3 and version 4. 403 * 404 * \see RFC4880 5.2 405 */ 406 typedef enum { 407 OPS_V2 = 2, /* Version 2 (essentially the same as v3) */ 408 OPS_V3 = 3, /* Version 3 */ 409 OPS_V4 = 4 /* Version 4 */ 410 } __ops_version_t; 411 412 /** Structure to hold a pgp public key */ 413 typedef struct { 414 __ops_version_t version;/* version of the key (v3, v4...) */ 415 time_t birthtime; 416 /* when the key was created. Note that 417 * interpretation varies with key version. */ 418 unsigned days_valid; 419 /* validity period of the key in days since 420 * creation. A value of 0 has a special meaning 421 * indicating this key does not expire. Only used with 422 * v3 keys. */ 423 __ops_pubkey_alg_t alg; /* Public Key Algorithm type */ 424 __ops_pubkey_union_t key; /* Public Key Parameters */ 425 } __ops_pubkey_t; 426 427 /** Structure to hold data for one RSA secret key 428 */ 429 typedef struct { 430 BIGNUM *d; 431 BIGNUM *p; 432 BIGNUM *q; 433 BIGNUM *u; 434 } __ops_rsa_seckey_t; 435 436 /** __ops_dsa_seckey_t */ 437 typedef struct { 438 BIGNUM *x; 439 } __ops_dsa_seckey_t; 440 441 /** __ops_seckey_union_t */ 442 typedef union { 443 __ops_rsa_seckey_t rsa; 444 __ops_dsa_seckey_t dsa; 445 } __ops_seckey_union_t; 446 447 /** s2k_usage_t 448 */ 449 typedef enum { 450 OPS_S2KU_NONE = 0, 451 OPS_S2KU_ENCRYPTED_AND_HASHED = 254, 452 OPS_S2KU_ENCRYPTED = 255 453 } __ops_s2k_usage_t; 454 455 /** s2k_specifier_t 456 */ 457 typedef enum { 458 OPS_S2KS_SIMPLE = 0, 459 OPS_S2KS_SALTED = 1, 460 OPS_S2KS_ITERATED_AND_SALTED = 3 461 } __ops_s2k_specifier_t; 462 463 /** Symmetric Key Algorithm Numbers. 464 * OpenPGP assigns a unique Algorithm Number to each algorithm that is 465 * part of OpenPGP. 466 * 467 * This lists algorithm numbers for symmetric key algorithms. 468 * 469 * \see RFC4880 9.2 470 */ 471 typedef enum { 472 OPS_SA_PLAINTEXT = 0, /* Plaintext or unencrypted data */ 473 OPS_SA_IDEA = 1, /* IDEA */ 474 OPS_SA_TRIPLEDES = 2, /* TripleDES */ 475 OPS_SA_CAST5 = 3, /* CAST5 */ 476 OPS_SA_BLOWFISH = 4, /* Blowfish */ 477 OPS_SA_AES_128 = 7, /* AES with 128-bit key (AES) */ 478 OPS_SA_AES_192 = 8, /* AES with 192-bit key */ 479 OPS_SA_AES_256 = 9, /* AES with 256-bit key */ 480 OPS_SA_TWOFISH = 10 /* Twofish with 256-bit key (TWOFISH) */ 481 } __ops_symm_alg_t; 482 483 /** Hashing Algorithm Numbers. 484 * OpenPGP assigns a unique Algorithm Number to each algorithm that is 485 * part of OpenPGP. 486 * 487 * This lists algorithm numbers for hash algorithms. 488 * 489 * \see RFC4880 9.4 490 */ 491 typedef enum { 492 OPS_HASH_UNKNOWN = -1, /* used to indicate errors */ 493 OPS_HASH_MD5 = 1, /* MD5 */ 494 OPS_HASH_SHA1 = 2, /* SHA-1 */ 495 OPS_HASH_RIPEMD = 3, /* RIPEMD160 */ 496 497 OPS_HASH_SHA256 = 8, /* SHA256 */ 498 OPS_HASH_SHA384 = 9, /* SHA384 */ 499 OPS_HASH_SHA512 = 10, /* SHA512 */ 500 OPS_HASH_SHA224 = 11 /* SHA224 */ 501 } __ops_hash_alg_t; 502 503 void __ops_calc_mdc_hash(const unsigned char *, 504 const size_t, 505 const unsigned char *, 506 const unsigned int, 507 unsigned char *); 508 unsigned __ops_is_hash_alg_supported(const __ops_hash_alg_t *); 509 510 /* Maximum block size for symmetric crypto */ 511 #define OPS_MAX_BLOCK_SIZE 16 512 513 /* Maximum key size for symmetric crypto */ 514 #define OPS_MAX_KEY_SIZE 32 515 516 /* Salt size for hashing */ 517 #define OPS_SALT_SIZE 8 518 519 /* Max hash size */ 520 #define OPS_MAX_HASH_SIZE 64 521 522 /** __ops_seckey_t 523 */ 524 typedef struct { 525 __ops_pubkey_t pubkey; 526 __ops_s2k_usage_t s2k_usage; 527 __ops_s2k_specifier_t s2k_specifier; 528 __ops_symm_alg_t alg; 529 __ops_hash_alg_t hash_alg; 530 unsigned char salt[OPS_SALT_SIZE]; 531 unsigned octetc; 532 unsigned char iv[OPS_MAX_BLOCK_SIZE]; 533 __ops_seckey_union_t key; 534 unsigned checksum; 535 unsigned char *checkhash; 536 } __ops_seckey_t; 537 538 /** Structure to hold one trust packet's data */ 539 540 typedef struct { 541 __ops_data_t data; /* Trust Packet */ 542 } __ops_trust_t; 543 544 /** Structure to hold one user id */ 545 typedef struct { 546 unsigned char *userid;/* User ID - UTF-8 string */ 547 } __ops_userid_t; 548 549 /** Structure to hold one user attribute */ 550 typedef struct { 551 __ops_data_t data; /* User Attribute */ 552 } __ops_userattr_t; 553 554 /** Signature Type. 555 * OpenPGP defines different signature types that allow giving 556 * different meanings to signatures. Signature types include 0x10 for 557 * generitc User ID certifications (used when Ben signs Weasel's key), 558 * Subkey binding signatures, document signatures, key revocations, 559 * etc. 560 * 561 * Different types are used in different places, and most make only 562 * sense in their intended location (for instance a subkey binding has 563 * no place on a UserID). 564 * 565 * \see RFC4880 5.2.1 566 */ 567 typedef enum { 568 OPS_SIG_BINARY = 0x00, /* Signature of a binary document */ 569 OPS_SIG_TEXT = 0x01, /* Signature of a canonical text document */ 570 OPS_SIG_STANDALONE = 0x02, /* Standalone signature */ 571 572 OPS_CERT_GENERIC = 0x10,/* Generic certification of a User ID and 573 * Public Key packet */ 574 OPS_CERT_PERSONA = 0x11,/* Persona certification of a User ID and 575 * Public Key packet */ 576 OPS_CERT_CASUAL = 0x12, /* Casual certification of a User ID and 577 * Public Key packet */ 578 OPS_CERT_POSITIVE = 0x13, /* Positive certification of a 579 * User ID and Public Key packet */ 580 581 OPS_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */ 582 OPS_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */ 583 OPS_SIG_DIRECT = 0x1f, /* Signature directly on a key */ 584 585 OPS_SIG_REV_KEY = 0x20, /* Key revocation signature */ 586 OPS_SIG_REV_SUBKEY = 0x28, /* Subkey revocation signature */ 587 OPS_SIG_REV_CERT = 0x30,/* Certification revocation signature */ 588 589 OPS_SIG_TIMESTAMP = 0x40, /* Timestamp signature */ 590 591 OPS_SIG_3RD_PARTY = 0x50/* Third-Party Confirmation signature */ 592 } __ops_sig_type_t; 593 594 /** Struct to hold params of an RSA signature */ 595 typedef struct { 596 BIGNUM *sig; /* the signature value (m^d % n) */ 597 } __ops_rsa_sig_t; 598 599 /** Struct to hold params of a DSA signature */ 600 typedef struct { 601 BIGNUM *r; /* DSA value r */ 602 BIGNUM *s; /* DSA value s */ 603 } __ops_dsa_sig_t; 604 605 /** __ops_elgamal_signature_t */ 606 typedef struct { 607 BIGNUM *r; 608 BIGNUM *s; 609 } __ops_elgamal_sig_t; 610 611 /** Struct to hold data for a private/experimental signature */ 612 typedef struct { 613 __ops_data_t data; 614 } __ops_unknown_sig_t; 615 616 /** Union to hold signature params of any algorithm */ 617 typedef union { 618 __ops_rsa_sig_t rsa;/* An RSA Signature */ 619 __ops_dsa_sig_t dsa;/* A DSA Signature */ 620 __ops_elgamal_sig_t elgamal; /* deprecated */ 621 __ops_unknown_sig_t unknown; /* private or experimental */ 622 } __ops_sig_union_t; 623 624 #define OPS_KEY_ID_SIZE 8 625 #define OPS_FINGERPRINT_SIZE 20 626 627 /** Struct to hold a signature packet. 628 * 629 * \see RFC4880 5.2.2 630 * \see RFC4880 5.2.3 631 */ 632 typedef struct { 633 __ops_version_t version;/* signature version number */ 634 __ops_sig_type_t type; /* signature type value */ 635 time_t birthtime; /* creation time of the signature */ 636 unsigned char signer_id[OPS_KEY_ID_SIZE]; /* Eight-octet key ID 637 * of signer */ 638 __ops_pubkey_alg_t key_alg; /* public key 639 * algorithm number */ 640 __ops_hash_alg_t hash_alg; /* hashing algorithm 641 * number */ 642 __ops_sig_union_t sig; /* signature params */ 643 size_t v4_hashlen; 644 unsigned char *v4_hashed; 645 unsigned birthtime_set:1; 646 unsigned signer_id_set:1; 647 } __ops_sig_info_t; 648 649 /** Struct used when parsing a signature */ 650 typedef struct __ops_sig_t { 651 __ops_sig_info_t info; /* The signature information */ 652 /* The following fields are only used while parsing the signature */ 653 unsigned char hash2[2]; /* high 2 bytes of hashed value - 654 * for quick test */ 655 size_t v4_hashstart; /* only valid if accumulate 656 * is set */ 657 __ops_hash_t *hash; /* if set, the hash filled in for the data 658 * so far */ 659 } __ops_sig_t; 660 661 /** The raw bytes of a signature subpacket */ 662 663 typedef struct { 664 __ops_content_tag_t tag; 665 size_t length; 666 unsigned char *raw; 667 } __ops_ss_raw_t; 668 669 /** Signature Subpacket : Trust Level */ 670 671 typedef struct { 672 unsigned char level; /* Trust Level */ 673 unsigned char amount; /* Amount */ 674 } __ops_ss_trust_t; 675 676 /** Signature Subpacket : Revocable */ 677 typedef struct { 678 unsigned revocable; 679 } __ops_ss_revocable_t; 680 681 /** Signature Subpacket : Time */ 682 typedef struct { 683 time_t time; 684 } __ops_ss_time_t; 685 686 /** Signature Subpacket : Key ID */ 687 typedef struct { 688 unsigned char key_id[OPS_KEY_ID_SIZE]; 689 } __ops_ss_key_id_t; 690 691 /** Signature Subpacket : Notation Data */ 692 typedef struct { 693 __ops_data_t flags; 694 __ops_data_t name; 695 __ops_data_t value; 696 } __ops_ss_notation_t; 697 698 /** Signature Subpacket : User Defined */ 699 typedef struct { 700 __ops_data_t data; 701 } __ops_ss_userdef_t; 702 703 /** Signature Subpacket : Unknown */ 704 typedef struct { 705 __ops_data_t data; 706 } __ops_ss_unknown_t; 707 708 /** Signature Subpacket : Preferred Symmetric Key Algorithm */ 709 typedef struct { 710 __ops_data_t data; 711 /* 712 * Note that value 0 may represent the plaintext algorithm so we 713 * cannot expect data->contents to be a null-terminated list 714 */ 715 } __ops_ss_skapref_t; 716 717 /** Signature Subpacket : Preferrred Hash Algorithm */ 718 typedef struct { 719 __ops_data_t data; 720 } __ops_ss_hashpref_t; 721 722 /** Signature Subpacket : Preferred Compression */ 723 typedef struct { 724 __ops_data_t data; 725 } __ops_ss_zpref_t; 726 727 /** Signature Subpacket : Key Flags */ 728 typedef struct { 729 __ops_data_t data; 730 } __ops_ss_key_flags_t; 731 732 /** Signature Subpacket : Key Server Preferences */ 733 typedef struct { 734 __ops_data_t data; 735 } __ops_ss_key_server_prefs_t; 736 737 /** Signature Subpacket : Features */ 738 typedef struct { 739 __ops_data_t data; 740 } __ops_ss_features_t; 741 742 /** Signature Subpacket : Signature Target */ 743 typedef struct { 744 __ops_pubkey_alg_t pka_alg; 745 __ops_hash_alg_t hash_alg; 746 __ops_data_t hash; 747 } __ops_ss_sig_target_t; 748 749 /** Signature Subpacket : Embedded Signature */ 750 typedef struct { 751 __ops_data_t sig; 752 } __ops_ss_embedded_sig_t; 753 754 /** __ops_subpacket_t */ 755 756 typedef struct __ops_subpacket_t { 757 size_t length; 758 unsigned char *raw; 759 } __ops_subpacket_t; 760 761 /** Types of Compression */ 762 typedef enum { 763 OPS_C_NONE = 0, 764 OPS_C_ZIP = 1, 765 OPS_C_ZLIB = 2, 766 OPS_C_BZIP2 = 3 767 } __ops_compression_type_t; 768 769 /* 770 * unlike most structures, this will feed its data as a stream to the 771 * application instead of directly including it 772 */ 773 /** __ops_compressed_t */ 774 typedef struct { 775 __ops_compression_type_t type; 776 } __ops_compressed_t; 777 778 /** __ops_one_pass_sig_t */ 779 typedef struct { 780 unsigned char version; 781 __ops_sig_type_t sig_type; 782 __ops_hash_alg_t hash_alg; 783 __ops_pubkey_alg_t key_alg; 784 unsigned char keyid[OPS_KEY_ID_SIZE]; 785 unsigned nested; 786 } __ops_one_pass_sig_t; 787 788 /** Signature Subpacket : Primary User ID */ 789 typedef struct { 790 unsigned primary_userid; 791 } __ops_ss_primary_userid_t; 792 793 /** Signature Subpacket : Regexp */ 794 typedef struct { 795 char *regexp; 796 } __ops_ss_regexp_t; 797 798 /** Signature Subpacket : Policy URL */ 799 typedef struct { 800 char *url; 801 } __ops_ss_policy_t; 802 803 /** Signature Subpacket : Preferred Key Server */ 804 typedef struct { 805 char *name; 806 } __ops_ss_keyserv_t; 807 808 /** Signature Subpacket : Revocation Key */ 809 typedef struct { 810 unsigned char class; 811 unsigned char algid; 812 unsigned char fingerprint[OPS_FINGERPRINT_SIZE]; 813 } __ops_ss_revocation_key_t; 814 815 /** Signature Subpacket : Revocation Reason */ 816 typedef struct { 817 unsigned char code; 818 char *reason; 819 } __ops_ss_revocation_t; 820 821 /** litdata_type_t */ 822 typedef enum { 823 OPS_LDT_BINARY = 'b', 824 OPS_LDT_TEXT = 't', 825 OPS_LDT_UTF8 = 'u', 826 OPS_LDT_LOCAL = 'l', 827 OPS_LDT_LOCAL2 = '1' 828 } __ops_litdata_type_t; 829 830 /** __ops_litdata_header_t */ 831 typedef struct { 832 __ops_litdata_type_t format; 833 char filename[256]; 834 time_t mtime; 835 } __ops_litdata_header_t; 836 837 /** __ops_litdata_body_t */ 838 typedef struct { 839 unsigned length; 840 unsigned char *data; 841 void *mem; /* __ops_memory_t pointer */ 842 } __ops_litdata_body_t; 843 844 /** __ops_mdc_t */ 845 typedef struct { 846 unsigned length; 847 unsigned char *data; 848 } __ops_mdc_t; 849 850 /** __ops_header_var_t */ 851 typedef struct { 852 char *key; 853 char *value; 854 } __ops_header_var_t; 855 856 /** __ops_headers_t */ 857 typedef struct { 858 __ops_header_var_t *headers; 859 unsigned headerc; 860 } __ops_headers_t; 861 862 /** __ops_armour_header_t */ 863 typedef struct { 864 const char *type; 865 __ops_headers_t headers; 866 } __ops_armour_header_t; 867 868 /** __ops_armour_trailer_t */ 869 typedef struct { 870 const char *type; 871 } __ops_armour_trailer_t; 872 873 /** __ops_cleartext_head_t */ 874 typedef struct { 875 __ops_headers_t headers; 876 } __ops_cleartext_head_t; 877 878 /** __ops_cleartext_body_t */ 879 typedef struct { 880 unsigned length; 881 unsigned char data[8192]; /* \todo fix hard-coded value? */ 882 } __ops_cleartext_body_t; 883 884 /** __ops_cleartext_trailer_t */ 885 typedef struct { 886 struct _ops_hash_t *hash; /* This will not have been 887 * finalised, but will have seen all 888 * the cleartext data in canonical 889 * form */ 890 } __ops_cleartext_trailer_t; 891 892 /** __ops_unarmoured_text_t */ 893 typedef struct { 894 unsigned length; 895 unsigned char *data; 896 } __ops_unarmoured_text_t; 897 898 typedef enum { 899 SE_IP_DATA_VERSION = 1 900 } __ops_se_ip_data_version_t; 901 902 typedef enum { 903 OPS_PKSK_V3 = 3 904 } __ops_pk_sesskey_version_t; 905 906 /** __ops_pk_sesskey_params_rsa_t */ 907 typedef struct { 908 BIGNUM *encrypted_m; 909 BIGNUM *m; 910 } __ops_pk_sesskey_params_rsa_t; 911 912 /** __ops_pk_sesskey_params_elgamal_t */ 913 typedef struct { 914 BIGNUM *g_to_k; 915 BIGNUM *encrypted_m; 916 } __ops_pk_sesskey_params_elgamal_t; 917 918 /** __ops_pk_sesskey_params_t */ 919 typedef union { 920 __ops_pk_sesskey_params_rsa_t rsa; 921 __ops_pk_sesskey_params_elgamal_t elgamal; 922 } __ops_pk_sesskey_params_t; 923 924 /** __ops_pk_sesskey_t */ 925 typedef struct { 926 __ops_pk_sesskey_version_t version; 927 unsigned char key_id[OPS_KEY_ID_SIZE]; 928 __ops_pubkey_alg_t alg; 929 __ops_pk_sesskey_params_t params; 930 __ops_symm_alg_t symm_alg; 931 unsigned char key[OPS_MAX_KEY_SIZE]; 932 unsigned short checksum; 933 } __ops_pk_sesskey_t; 934 935 /** __ops_seckey_passphrase_t */ 936 typedef struct { 937 const __ops_seckey_t *seckey; 938 char **passphrase; /* point somewhere that gets filled 939 * in to work around constness of 940 * content */ 941 } __ops_seckey_passphrase_t; 942 943 typedef enum { 944 OPS_SE_IP_V1 = 1 945 } __ops_se_ip_version_t; 946 947 /** __ops_se_ip_data_header_t */ 948 typedef struct { 949 __ops_se_ip_version_t version; 950 } __ops_se_ip_data_header_t; 951 952 /** __ops_se_ip_data_body_t */ 953 typedef struct { 954 unsigned length; 955 unsigned char *data; /* \todo remember to free this */ 956 } __ops_se_ip_data_body_t; 957 958 /** __ops_se_data_body_t */ 959 typedef struct { 960 unsigned length; 961 unsigned char data[8192]; /* \todo parameterise this! */ 962 } __ops_se_data_body_t; 963 964 /** __ops_get_seckey_t */ 965 typedef struct { 966 const __ops_seckey_t **seckey; 967 const __ops_pk_sesskey_t *pk_sesskey; 968 } __ops_get_seckey_t; 969 970 /** __ops_parser_union_content_t */ 971 typedef union { 972 __ops_parser_error_t error; 973 __ops_parser_errcode_t errcode; 974 __ops_ptag_t ptag; 975 __ops_pubkey_t pubkey; 976 __ops_trust_t trust; 977 __ops_userid_t userid; 978 __ops_userattr_t userattr; 979 __ops_sig_t sig; 980 __ops_ss_raw_t ss_raw; 981 __ops_ss_trust_t ss_trust; 982 __ops_ss_revocable_t ss_revocable; 983 __ops_ss_time_t ss_time; 984 __ops_ss_key_id_t ss_issuer; 985 __ops_ss_notation_t ss_notation; 986 __ops_subpacket_t packet; 987 __ops_compressed_t compressed; 988 __ops_one_pass_sig_t one_pass_sig; 989 __ops_ss_skapref_t ss_skapref; 990 __ops_ss_hashpref_t ss_hashpref; 991 __ops_ss_zpref_t ss_zpref; 992 __ops_ss_key_flags_t ss_key_flags; 993 __ops_ss_key_server_prefs_t ss_key_server_prefs; 994 __ops_ss_primary_userid_t ss_primary_userid; 995 __ops_ss_regexp_t ss_regexp; 996 __ops_ss_policy_t ss_policy; 997 __ops_ss_keyserv_t ss_keyserv; 998 __ops_ss_revocation_key_t ss_revocation_key; 999 __ops_ss_userdef_t ss_userdef; 1000 __ops_ss_unknown_t ss_unknown; 1001 __ops_litdata_header_t litdata_header; 1002 __ops_litdata_body_t litdata_body; 1003 __ops_mdc_t mdc; 1004 __ops_ss_features_t ss_features; 1005 __ops_ss_sig_target_t ss_sig_target; 1006 __ops_ss_embedded_sig_t ss_embedded_sig; 1007 __ops_ss_revocation_t ss_revocation; 1008 __ops_seckey_t seckey; 1009 __ops_userid_t ss_signer; 1010 __ops_armour_header_t armour_header; 1011 __ops_armour_trailer_t armour_trailer; 1012 __ops_cleartext_head_t cleartext_head; 1013 __ops_cleartext_body_t cleartext_body; 1014 __ops_cleartext_trailer_t cleartext_trailer; 1015 __ops_unarmoured_text_t unarmoured_text; 1016 __ops_pk_sesskey_t pk_sesskey; 1017 __ops_seckey_passphrase_t skey_passphrase; 1018 __ops_se_ip_data_header_t se_ip_data_header; 1019 __ops_se_ip_data_body_t se_ip_data_body; 1020 __ops_se_data_body_t se_data_body; 1021 __ops_get_seckey_t get_seckey; 1022 } __ops_contents_t; 1023 1024 /** __ops_packet_t */ 1025 struct __ops_packet_t { 1026 __ops_content_tag_t tag; /* type of contents */ 1027 unsigned char critical; /* for sig subpackets */ 1028 __ops_contents_t u; /* union for contents */ 1029 }; 1030 1031 /** __ops_fingerprint_t */ 1032 typedef struct { 1033 unsigned char fingerprint[OPS_FINGERPRINT_SIZE]; 1034 unsigned length; 1035 } __ops_fingerprint_t; 1036 1037 void __ops_init(void); 1038 void __ops_finish(void); 1039 void __ops_keyid(unsigned char *, const size_t, const __ops_pubkey_t *); 1040 void __ops_fingerprint(__ops_fingerprint_t *, const __ops_pubkey_t *); 1041 void __ops_pubkey_free(__ops_pubkey_t *); 1042 void __ops_userid_free(__ops_userid_t *); 1043 void __ops_userattr_free(__ops_userattr_t *); 1044 void __ops_sig_free(__ops_sig_t *); 1045 void __ops_trust_free(__ops_trust_t *); 1046 void __ops_ss_skapref_free(__ops_ss_skapref_t *); 1047 void __ops_ss_hashpref_free(__ops_ss_hashpref_t *); 1048 void __ops_ss_zpref_free(__ops_ss_zpref_t *); 1049 void __ops_ss_key_flags_free(__ops_ss_key_flags_t *); 1050 void __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *); 1051 void __ops_ss_features_free(__ops_ss_features_t *); 1052 void __ops_ss_notation_free(__ops_ss_notation_t *); 1053 void __ops_ss_policy_free(__ops_ss_policy_t *); 1054 void __ops_ss_keyserv_free(__ops_ss_keyserv_t *); 1055 void __ops_ss_regexp_free(__ops_ss_regexp_t *); 1056 void __ops_ss_userdef_free(__ops_ss_userdef_t *); 1057 void __ops_ss_reserved_free(__ops_ss_unknown_t *); 1058 void __ops_ss_revocation_free(__ops_ss_revocation_t *); 1059 void __ops_ss_sig_target_free(__ops_ss_sig_target_t *); 1060 void __ops_ss_embedded_sig_free(__ops_ss_embedded_sig_t *); 1061 1062 void __ops_subpacket_free(__ops_subpacket_t *); 1063 void __ops_parser_content_free(__ops_packet_t *); 1064 void __ops_seckey_free(__ops_seckey_t *); 1065 void __ops_pk_sesskey_free(__ops_pk_sesskey_t *); 1066 1067 int __ops_print_packet(const __ops_packet_t *); 1068 1069 #define DYNARRAY(type, arr) \ 1070 unsigned arr##c; unsigned arr##vsize; type *arr##s 1071 1072 #define EXPAND_ARRAY(str, arr) do { \ 1073 if (str->arr##c == str->arr##vsize) { \ 1074 void *__newarr; \ 1075 str->arr##vsize = (str->arr##vsize * 2) + 10; \ 1076 if ((__newarr = realloc(str->arr##s, \ 1077 str->arr##vsize * sizeof(*str->arr##s))) == NULL) { \ 1078 (void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \ 1079 } \ 1080 str->arr##s = __newarr; \ 1081 } \ 1082 } while(/*CONSTCOND*/0) 1083 1084 /** __ops_keydata_key_t 1085 */ 1086 typedef union { 1087 __ops_pubkey_t pubkey; 1088 __ops_seckey_t seckey; 1089 } __ops_keydata_key_t; 1090 1091 1092 /** sigpacket_t */ 1093 typedef struct { 1094 __ops_userid_t *userid; 1095 __ops_subpacket_t *packet; 1096 } sigpacket_t; 1097 1098 /* XXX: gonna have to expand this to hold onto subkeys, too... */ 1099 /** \struct __ops_keydata 1100 * \todo expand to hold onto subkeys 1101 */ 1102 struct __ops_key_t { 1103 DYNARRAY(__ops_userid_t, uid); 1104 DYNARRAY(__ops_subpacket_t, packet); 1105 DYNARRAY(sigpacket_t, sig); 1106 unsigned char key_id[OPS_KEY_ID_SIZE]; 1107 __ops_fingerprint_t fingerprint; 1108 __ops_content_tag_t type; 1109 __ops_keydata_key_t key; 1110 }; 1111 1112 #define MDC_PKT_TAG 0xd3 1113 1114 #endif /* PACKET_H_ */ 1115