1 /* 2 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 3 * All rights reserved. 4 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 5 * their moral rights under the UK Copyright Design and Patents Act 1988 to 6 * be recorded as the authors of this copyright work. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 9 * use this file except in compliance with the License. 10 * 11 * You may obtain a copy of the License at 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * 18 * See the License for the specific language governing permissions and 19 * limitations under the License. 20 */ 21 22 /** \file 23 * packet related headers. 24 */ 25 26 #ifndef OPS_PACKET_H 27 #define OPS_PACKET_H 28 29 #include <time.h> 30 #include <openssl/bn.h> 31 #include <openssl/sha.h> 32 33 #include "types.h" 34 #include "errors.h" 35 36 /** General-use structure for variable-length data 37 */ 38 39 typedef struct { 40 size_t len; 41 unsigned char *contents; 42 } __ops_data_t; 43 44 /************************************/ 45 /* Packet Tags - RFC4880, 4.2 */ 46 /************************************/ 47 48 /** Packet Tag - Bit 7 Mask (this bit is always set). 49 * The first byte of a packet is the "Packet Tag". It always 50 * has bit 7 set. This is the mask for it. 51 * 52 * \see RFC4880 4.2 53 */ 54 #define OPS_PTAG_ALWAYS_SET 0x80 55 56 /** Packet Tag - New Format Flag. 57 * Bit 6 of the Packet Tag is the packet format indicator. 58 * If it is set, the new format is used, if cleared the 59 * old format is used. 60 * 61 * \see RFC4880 4.2 62 */ 63 #define OPS_PTAG_NEW_FORMAT 0x40 64 65 66 /** Old Packet Format: Mask for content tag. 67 * In the old packet format bits 5 to 2 (including) 68 * are the content tag. This is the mask to apply 69 * to the packet tag. Note that you need to 70 * shift by #OPS_PTAG_OF_CONTENT_TAG_SHIFT bits. 71 * 72 * \see RFC4880 4.2 73 */ 74 #define OPS_PTAG_OF_CONTENT_TAG_MASK 0x3c 75 /** Old Packet Format: Offset for the content tag. 76 * As described at #OPS_PTAG_OF_CONTENT_TAG_MASK the 77 * content tag needs to be shifted after being masked 78 * out from the Packet Tag. 79 * 80 * \see RFC4880 4.2 81 */ 82 #define OPS_PTAG_OF_CONTENT_TAG_SHIFT 2 83 /** Old Packet Format: Mask for length type. 84 * Bits 1 and 0 of the packet tag are the length type 85 * in the old packet format. 86 * 87 * See #__ops_ptag_of_lt_t for the meaning of the values. 88 * 89 * \see RFC4880 4.2 90 */ 91 #define OPS_PTAG_OF_LENGTH_TYPE_MASK 0x03 92 93 94 /** Old Packet Format Lengths. 95 * Defines the meanings of the 2 bits for length type in the 96 * old packet format. 97 * 98 * \see RFC4880 4.2.1 99 */ 100 typedef enum { 101 OPS_PTAG_OLD_LEN_1 = 0x00, /* !< Packet has a 1 byte length - 102 * header is 2 bytes long. */ 103 OPS_PTAG_OLD_LEN_2 = 0x01, /* !< Packet has a 2 byte length - 104 * header is 3 bytes long. */ 105 OPS_PTAG_OLD_LEN_4 = 0x02, /* !< Packet has a 4 byte 106 * length - header is 5 bytes 107 * long. */ 108 OPS_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* !< Packet has a 109 * indeterminate length. */ 110 } __ops_ptag_of_lt_t; 111 112 113 /** New Packet Format: Mask for content tag. 114 * In the new packet format the 6 rightmost bits 115 * are the content tag. This is the mask to apply 116 * to the packet tag. Note that you need to 117 * shift by #OPS_PTAG_NF_CONTENT_TAG_SHIFT bits. 118 * 119 * \see RFC4880 4.2 120 */ 121 #define OPS_PTAG_NF_CONTENT_TAG_MASK 0x3f 122 /** New Packet Format: Offset for the content tag. 123 * As described at #OPS_PTAG_NF_CONTENT_TAG_MASK the 124 * content tag needs to be shifted after being masked 125 * out from the Packet Tag. 126 * 127 * \see RFC4880 4.2 128 */ 129 #define OPS_PTAG_NF_CONTENT_TAG_SHIFT 0 130 131 /* PTag Content Tags */ 132 /***************************/ 133 134 /** Package Tags (aka Content Tags) and signature subpacket types. 135 * This enumerates all rfc-defined packet tag values and the 136 * signature subpacket type values that we understand. 137 * 138 * \see RFC4880 4.3 139 * \see RFC4880 5.2.3.1 140 */ 141 typedef enum { 142 OPS_PTAG_CT_RESERVED = 0, /* !< Reserved - a packet tag must 143 * not have this value */ 144 OPS_PTAG_CT_PK_SESSION_KEY = 1, /* !< Public-Key Encrypted Session 145 * Key Packet */ 146 OPS_PTAG_CT_SIGNATURE = 2, /* !< Signature Packet */ 147 OPS_PTAG_CT_SK_SESSION_KEY = 3, /* !< Symmetric-Key Encrypted Session 148 * Key Packet */ 149 OPS_PTAG_CT_ONE_PASS_SIGNATURE = 4, /* !< One-Pass Signature 150 * Packet */ 151 OPS_PTAG_CT_SECRET_KEY = 5, /* !< Secret Key Packet */ 152 OPS_PTAG_CT_PUBLIC_KEY = 6, /* !< Public Key Packet */ 153 OPS_PTAG_CT_SECRET_SUBKEY = 7, /* !< Secret Subkey Packet */ 154 OPS_PTAG_CT_COMPRESSED = 8, /* !< Compressed Data Packet */ 155 OPS_PTAG_CT_SE_DATA = 9,/* !< Symmetrically Encrypted Data Packet */ 156 OPS_PTAG_CT_MARKER = 10,/* !< Marker Packet */ 157 OPS_PTAG_CT_LITERAL_DATA = 11, /* !< Literal Data Packet */ 158 OPS_PTAG_CT_TRUST = 12, /* !< Trust Packet */ 159 OPS_PTAG_CT_USER_ID = 13, /* !< User ID Packet */ 160 OPS_PTAG_CT_PUBLIC_SUBKEY = 14, /* !< Public Subkey Packet */ 161 OPS_PTAG_CT_RESERVED2 = 15, /* !< reserved */ 162 OPS_PTAG_CT_RESERVED3 = 16, /* !< reserved */ 163 OPS_PTAG_CT_USER_ATTRIBUTE = 17, /* !< User Attribute Packet */ 164 OPS_PTAG_CT_SE_IP_DATA = 18, /* !< Sym. Encrypted and Integrity 165 * Protected Data Packet */ 166 OPS_PTAG_CT_MDC = 19, /* !< Modification Detection Code Packet */ 167 168 OPS_PARSER_PTAG = 0x100,/* !< Internal Use: The packet is the "Packet 169 * Tag" itself - used when callback sends 170 * back the PTag. */ 171 OPS_PTAG_RAW_SS = 0x101,/* !< Internal Use: content is raw sig subtag */ 172 OPS_PTAG_SS_ALL = 0x102,/* !< Internal Use: select all subtags */ 173 OPS_PARSER_PACKET_END = 0x103, 174 175 /* signature subpackets (0x200-2ff) (type+0x200) */ 176 /* only those we can parse are listed here */ 177 OPS_PTAG_SIGNATURE_SUBPACKET_BASE = 0x200, /* !< Base for signature 178 * subpacket types - All 179 * signature type values 180 * are relative to this 181 * value. */ 182 OPS_PTAG_SS_CREATION_TIME = 0x200 + 2, /* !< signature creation time */ 183 OPS_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* !< signature 184 * expiration time */ 185 186 OPS_PTAG_SS_EXPORTABLE_CERTIFICATION = 0x200 + 4, /* !< exportable 187 * certification */ 188 OPS_PTAG_SS_TRUST = 0x200 + 5, /* !< trust signature */ 189 OPS_PTAG_SS_REGEXP = 0x200 + 6, /* !< regular expression */ 190 OPS_PTAG_SS_REVOCABLE = 0x200 + 7, /* !< revocable */ 191 OPS_PTAG_SS_KEY_EXPIRATION_TIME = 0x200 + 9, /* !< key expiration 192 * time */ 193 OPS_PTAG_SS_RESERVED = 0x200 + 10, /* !< reserved */ 194 OPS_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* !< preferred symmetric 195 * algorithms */ 196 OPS_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* !< revocation key */ 197 OPS_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* !< issuer key ID */ 198 OPS_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* !< notation data */ 199 OPS_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* !< preferred hash 200 * algorithms */ 201 OPS_PTAG_SS_PREFERRED_COMPRESSION = 0x200 + 22, /* !< preferred 202 * compression 203 * algorithms */ 204 OPS_PTAG_SS_KEY_SERVER_PREFS = 0x200 + 23, /* !< key server 205 * preferences */ 206 OPS_PTAG_SS_PREFERRED_KEY_SERVER = 0x200 + 24, /* !< Preferred Key 207 * Server */ 208 OPS_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* !< primary User ID */ 209 OPS_PTAG_SS_POLICY_URI = 0x200 + 26, /* !< Policy URI */ 210 OPS_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* !< key flags */ 211 OPS_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* !< Signer's User ID */ 212 OPS_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* !< reason for 213 * revocation */ 214 OPS_PTAG_SS_FEATURES = 0x200 + 30, /* !< features */ 215 OPS_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* !< signature target */ 216 OPS_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* !< embedded signature */ 217 218 OPS_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* !< internal or 219 * user-defined */ 220 OPS_PTAG_SS_USERDEFINED01 = 0x200 + 101, 221 OPS_PTAG_SS_USERDEFINED02 = 0x200 + 102, 222 OPS_PTAG_SS_USERDEFINED03 = 0x200 + 103, 223 OPS_PTAG_SS_USERDEFINED04 = 0x200 + 104, 224 OPS_PTAG_SS_USERDEFINED05 = 0x200 + 105, 225 OPS_PTAG_SS_USERDEFINED06 = 0x200 + 106, 226 OPS_PTAG_SS_USERDEFINED07 = 0x200 + 107, 227 OPS_PTAG_SS_USERDEFINED08 = 0x200 + 108, 228 OPS_PTAG_SS_USERDEFINED09 = 0x200 + 109, 229 OPS_PTAG_SS_USERDEFINED10 = 0x200 + 110, 230 231 232 /* pseudo content types */ 233 OPS_PTAG_CT_LITERAL_DATA_HEADER = 0x300, 234 OPS_PTAG_CT_LITERAL_DATA_BODY = 0x300 + 1, 235 OPS_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2, 236 OPS_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3, 237 OPS_PTAG_CT_ARMOUR_HEADER = 0x300 + 4, 238 OPS_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5, 239 OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6, 240 OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7, 241 OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8, 242 OPS_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9, 243 OPS_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10, /* In this case the 244 * algorithm specific 245 * fields will not be 246 * initialised */ 247 OPS_PTAG_CT_SE_DATA_HEADER = 0x300 + 11, 248 OPS_PTAG_CT_SE_DATA_BODY = 0x300 + 12, 249 OPS_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13, 250 OPS_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14, 251 OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15, 252 253 /* commands to the callback */ 254 OPS_PARSER_CMD_GET_SK_PASSPHRASE = 0x400, 255 OPS_PARSER_CMD_GET_SECRET_KEY = 0x400 + 1, 256 257 258 /* Errors */ 259 OPS_PARSER_ERROR = 0x500, /* !< Internal Use: Parser Error */ 260 OPS_PARSER_ERRCODE = 0x500 + 1 /* ! < Internal Use: Parser Error 261 * with errcode returned */ 262 } __ops_content_tag_t; 263 264 typedef __ops_content_tag_t __ops_packet_tag_t; 265 typedef __ops_content_tag_t __ops_ss_type_t; 266 267 /** Structure to hold one parse error string. */ 268 typedef struct { 269 const char *error; /* !< error message. */ 270 } __ops_parser_error_t; 271 272 /** Structure to hold one error code */ 273 typedef struct { 274 __ops_errcode_t errcode; 275 } __ops_parser_errcode_t; 276 277 /** Structure to hold one packet tag. 278 * \see RFC4880 4.2 279 */ 280 typedef struct { 281 unsigned new_format; /* !< Whether this packet tag is new 282 * (true) or old format (false) */ 283 unsigned content_tag; /* !< content_tag value - See 284 * #__ops_content_tag_t for meanings */ 285 __ops_ptag_of_lt_t length_type; /* !< Length type (#__ops_ptag_of_lt_t) 286 * - only if this packet tag is old 287 * format. Set to 0 if new format. */ 288 unsigned length; /* !< The length of the packet. This value 289 * is set when we read and compute the length 290 * information, not at the same moment we 291 * create the packet tag structure. Only 292 * defined if #length_read is set. *//* XXX: Ben, is this correct? */ 293 unsigned position; /* !< The position (within the 294 * current reader) of the packet */ 295 } __ops_ptag_t; 296 297 /** Public Key Algorithm Numbers. 298 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 299 * 300 * This lists algorithm numbers for public key algorithms. 301 * 302 * \see RFC4880 9.1 303 */ 304 typedef enum { 305 OPS_PKA_RSA = 1, /* !< RSA (Encrypt or Sign) */ 306 OPS_PKA_RSA_ENCRYPT_ONLY = 2, /* !< RSA Encrypt-Only (deprecated - 307 * \see RFC4880 13.5) */ 308 OPS_PKA_RSA_SIGN_ONLY = 3, /* !< RSA Sign-Only (deprecated - 309 * \see RFC4880 13.5) */ 310 OPS_PKA_ELGAMAL = 16, /* !< Elgamal (Encrypt-Only) */ 311 OPS_PKA_DSA = 17, /* !< DSA (Digital Signature Algorithm) */ 312 OPS_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* !< Reserved for Elliptic 313 * Curve */ 314 OPS_PKA_RESERVED_ECDSA = 19, /* !< Reserved for ECDSA */ 315 OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* !< Deprecated. */ 316 OPS_PKA_RESERVED_DH = 21, /* !< Reserved for Diffie-Hellman 317 * (X9.42, as defined for 318 * IETF-S/MIME) */ 319 OPS_PKA_PRIVATE00 = 100,/* !< Private/Experimental Algorithm */ 320 OPS_PKA_PRIVATE01 = 101,/* !< Private/Experimental Algorithm */ 321 OPS_PKA_PRIVATE02 = 102,/* !< Private/Experimental Algorithm */ 322 OPS_PKA_PRIVATE03 = 103,/* !< Private/Experimental Algorithm */ 323 OPS_PKA_PRIVATE04 = 104,/* !< Private/Experimental Algorithm */ 324 OPS_PKA_PRIVATE05 = 105,/* !< Private/Experimental Algorithm */ 325 OPS_PKA_PRIVATE06 = 106,/* !< Private/Experimental Algorithm */ 326 OPS_PKA_PRIVATE07 = 107,/* !< Private/Experimental Algorithm */ 327 OPS_PKA_PRIVATE08 = 108,/* !< Private/Experimental Algorithm */ 328 OPS_PKA_PRIVATE09 = 109,/* !< Private/Experimental Algorithm */ 329 OPS_PKA_PRIVATE10 = 110 /* !< Private/Experimental Algorithm */ 330 } __ops_public_key_algorithm_t; 331 332 /** Structure to hold one DSA public key parameters. 333 * 334 * \see RFC4880 5.5.2 335 */ 336 typedef struct { 337 BIGNUM *p; /* !< DSA prime p */ 338 BIGNUM *q; /* !< DSA group order q */ 339 BIGNUM *g; /* !< DSA group generator g */ 340 BIGNUM *y; /* !< DSA public key value y (= g^x mod p 341 * with x being the secret) */ 342 } __ops_dsa_public_key_t; 343 344 /** Structure to hold an RSA public key. 345 * 346 * \see RFC4880 5.5.2 347 */ 348 typedef struct { 349 BIGNUM *n; /* !< RSA public modulus n */ 350 BIGNUM *e; /* !< RSA public encryption exponent e */ 351 } __ops_rsa_public_key_t; 352 353 /** Structure to hold an ElGamal public key parameters. 354 * 355 * \see RFC4880 5.5.2 356 */ 357 typedef struct { 358 BIGNUM *p; /* !< ElGamal prime p */ 359 BIGNUM *g; /* !< ElGamal group generator g */ 360 BIGNUM *y; /* !< ElGamal public key value y (= g^x mod p 361 * with x being the secret) */ 362 } __ops_elgamal_public_key_t; 363 364 /** Union to hold public key parameters of any algorithm */ 365 typedef union { 366 __ops_dsa_public_key_t dsa; /* !< A DSA public key */ 367 __ops_rsa_public_key_t rsa; /* !< An RSA public key */ 368 __ops_elgamal_public_key_t elgamal; /* !< An ElGamal public key */ 369 } __ops_public_key_union_t; 370 371 /** Version. 372 * OpenPGP has two different protocol versions: version 3 and version 4. 373 * 374 * \see RFC4880 5.2 375 */ 376 typedef enum { 377 OPS_V2 = 2, /* <! Version 2 (essentially the same as v3) */ 378 OPS_V3 = 3, /* <! Version 3 */ 379 OPS_V4 = 4 /* <! Version 4 */ 380 } __ops_version_t; 381 382 /** Structure to hold a pgp public key */ 383 typedef struct { 384 __ops_version_t version;/* !< version of the key (v3, v4...) */ 385 time_t creation_time; /* !< when the key was created. Note 386 * that interpretation varies with 387 * key version. */ 388 unsigned days_valid; /* !< validity period of the key in 389 * days since creation. A value of 0 390 * has a special meaning indicating 391 * this key does not expire. Only 392 * used with v3 keys. */ 393 __ops_public_key_algorithm_t algorithm; /* !< Public Key Algorithm 394 * type */ 395 __ops_public_key_union_t key; /* !< Public Key Parameters */ 396 } __ops_public_key_t; 397 398 /** Structure to hold data for one RSA secret key 399 */ 400 typedef struct { 401 BIGNUM *d; 402 BIGNUM *p; 403 BIGNUM *q; 404 BIGNUM *u; 405 } __ops_rsa_secret_key_t; 406 407 /** __ops_dsa_secret_key_t */ 408 typedef struct { 409 BIGNUM *x; 410 } __ops_dsa_secret_key_t; 411 412 /** __ops_secret_key_union_t */ 413 typedef struct { 414 __ops_rsa_secret_key_t rsa; 415 __ops_dsa_secret_key_t dsa; 416 } __ops_secret_key_union_t; 417 418 /** s2k_usage_t 419 */ 420 typedef enum { 421 OPS_S2KU_NONE = 0, 422 OPS_S2KU_ENCRYPTED_AND_HASHED = 254, 423 OPS_S2KU_ENCRYPTED = 255 424 } __ops_s2k_usage_t; 425 426 /** s2k_specifier_t 427 */ 428 typedef enum { 429 OPS_S2KS_SIMPLE = 0, 430 OPS_S2KS_SALTED = 1, 431 OPS_S2KS_ITERATED_AND_SALTED = 3 432 } __ops_s2k_specifier_t; 433 434 /** Symmetric Key Algorithm Numbers. 435 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 436 * 437 * This lists algorithm numbers for symmetric key algorithms. 438 * 439 * \see RFC4880 9.2 440 */ 441 typedef enum { 442 OPS_SA_PLAINTEXT = 0, /* !< Plaintext or unencrypted data */ 443 OPS_SA_IDEA = 1, /* !< IDEA */ 444 OPS_SA_TRIPLEDES = 2, /* !< TripleDES */ 445 OPS_SA_CAST5 = 3, /* !< CAST5 */ 446 OPS_SA_BLOWFISH = 4, /* !< Blowfish */ 447 OPS_SA_AES_128 = 7, /* !< AES with 128-bit key (AES) */ 448 OPS_SA_AES_192 = 8, /* !< AES with 192-bit key */ 449 OPS_SA_AES_256 = 9, /* !< AES with 256-bit key */ 450 OPS_SA_TWOFISH = 10 /* !< Twofish with 256-bit key (TWOFISH) */ 451 } __ops_symmetric_algorithm_t; 452 453 /** Hashing Algorithm Numbers. 454 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 455 * 456 * This lists algorithm numbers for hash algorithms. 457 * 458 * \see RFC4880 9.4 459 */ 460 typedef enum { 461 OPS_HASH_UNKNOWN = -1, /* !< used to indicate errors */ 462 OPS_HASH_MD5 = 1, /* !< MD5 */ 463 OPS_HASH_SHA1 = 2, /* !< SHA-1 */ 464 OPS_HASH_RIPEMD = 3, /* !< RIPEMD160 */ 465 466 OPS_HASH_SHA256 = 8, /* !< SHA256 */ 467 OPS_HASH_SHA384 = 9, /* !< SHA384 */ 468 OPS_HASH_SHA512 = 10, /* !< SHA512 */ 469 OPS_HASH_SHA224 = 11 /* !< SHA224 */ 470 } __ops_hash_algorithm_t; 471 472 void __ops_calc_mdc_hash(const unsigned char *, const size_t, const unsigned char *, const unsigned int , unsigned char *); 473 bool __ops_is_hash_alg_supported(const __ops_hash_algorithm_t *); 474 475 /* Maximum block size for symmetric crypto */ 476 #define OPS_MAX_BLOCK_SIZE 16 477 478 /* Maximum key size for symmetric crypto */ 479 #define OPS_MAX_KEY_SIZE 32 480 481 /* Salt size for hashing */ 482 #define OPS_SALT_SIZE 8 483 484 /* Hash size for secret key check */ 485 #define OPS_CHECKHASH_SIZE 20 486 487 /* SHA1 Hash Size \todo is this the same as OPS_CHECKHASH_SIZE?? */ 488 #define OPS_SHA1_HASH_SIZE SHA_DIGEST_LENGTH 489 #define OPS_SHA256_HASH_SIZE SHA256_DIGEST_LENGTH 490 491 /* Max hash size */ 492 #define OPS_MAX_HASH_SIZE 64 493 494 /** __ops_secret_key_t 495 */ 496 typedef struct { 497 __ops_public_key_t public_key; 498 __ops_s2k_usage_t s2k_usage; 499 __ops_s2k_specifier_t s2k_specifier; 500 __ops_symmetric_algorithm_t algorithm; 501 __ops_hash_algorithm_t hash_algorithm; 502 unsigned char salt[OPS_SALT_SIZE]; 503 unsigned octet_count; 504 unsigned char iv[OPS_MAX_BLOCK_SIZE]; 505 __ops_secret_key_union_t key; 506 unsigned checksum; 507 unsigned char checkhash[OPS_CHECKHASH_SIZE]; 508 } __ops_secret_key_t; 509 510 /** Structure to hold one trust packet's data */ 511 512 typedef struct { 513 __ops_data_t data; /* <! Trust Packet */ 514 } __ops_trust_t; 515 516 /** Structure to hold one user id */ 517 typedef struct { 518 unsigned char *user_id;/* !< User ID - UTF-8 string */ 519 } __ops_user_id_t; 520 521 /** Structure to hold one user attribute */ 522 typedef struct { 523 __ops_data_t data; /* !< User Attribute */ 524 } __ops_user_attribute_t; 525 526 /** Signature Type. 527 * OpenPGP defines different signature types that allow giving different meanings to signatures. Signature types 528 * include 0x10 for generitc User ID certifications (used when Ben signs Weasel's key), Subkey binding signatures, 529 * document signatures, key revocations, etc. 530 * 531 * Different types are used in different places, and most make only sense in their intended location (for instance a 532 * subkey binding has no place on a UserID). 533 * 534 * \see RFC4880 5.2.1 535 */ 536 typedef enum { 537 OPS_SIG_BINARY = 0x00, /* <! Signature of a binary document */ 538 OPS_SIG_TEXT = 0x01, /* <! Signature of a canonical text document */ 539 OPS_SIG_STANDALONE = 0x02, /* <! Standalone signature */ 540 541 OPS_CERT_GENERIC = 0x10,/* <! Generic certification of a User ID and 542 * Public Key packet */ 543 OPS_CERT_PERSONA = 0x11,/* <! Persona certification of a User ID and 544 * Public Key packet */ 545 OPS_CERT_CASUAL = 0x12, /* <! Casual certification of a User ID and 546 * Public Key packet */ 547 OPS_CERT_POSITIVE = 0x13, /* <! Positive certification of a 548 * User ID and Public Key packet */ 549 550 OPS_SIG_SUBKEY = 0x18, /* <! Subkey Binding Signature */ 551 OPS_SIG_PRIMARY = 0x19, /* <! Primary Key Binding Signature */ 552 OPS_SIG_DIRECT = 0x1f, /* <! Signature directly on a key */ 553 554 OPS_SIG_REV_KEY = 0x20, /* <! Key revocation signature */ 555 OPS_SIG_REV_SUBKEY = 0x28, /* <! Subkey revocation signature */ 556 OPS_SIG_REV_CERT = 0x30,/* <! Certification revocation signature */ 557 558 OPS_SIG_TIMESTAMP = 0x40, /* <! Timestamp signature */ 559 560 OPS_SIG_3RD_PARTY = 0x50/* <! Third-Party Confirmation signature */ 561 } __ops_sig_type_t; 562 563 /** Struct to hold parameters of an RSA signature */ 564 typedef struct { 565 BIGNUM *sig; /* !< the signature value (m^d % n) */ 566 } __ops_rsa_signature_t; 567 568 /** Struct to hold parameters of a DSA signature */ 569 typedef struct { 570 BIGNUM *r; /* !< DSA value r */ 571 BIGNUM *s; /* !< DSA value s */ 572 } __ops_dsa_signature_t; 573 574 /** __ops_elgamal_signature_t */ 575 typedef struct { 576 BIGNUM *r; 577 BIGNUM *s; 578 } __ops_elgamal_signature_t; 579 580 /** Struct to hold data for a private/experimental signature */ 581 typedef struct { 582 __ops_data_t data; 583 } __ops_unknown_signature_t; 584 585 /** Union to hold signature parameters of any algorithm */ 586 typedef union { 587 __ops_rsa_signature_t rsa;/* !< An RSA Signature */ 588 __ops_dsa_signature_t dsa;/* !< A DSA Signature */ 589 __ops_elgamal_signature_t elgamal; /* deprecated */ 590 __ops_unknown_signature_t unknown; /* private or experimental */ 591 } __ops_signature_union_t; 592 593 #define OPS_KEY_ID_SIZE 8 594 595 /** Struct to hold a signature packet. 596 * 597 * \see RFC4880 5.2.2 598 * \see RFC4880 5.2.3 599 */ 600 typedef struct { 601 __ops_version_t version;/* !< signature version number */ 602 __ops_sig_type_t type; /* !< signature type value */ 603 time_t creation_time; /* !< creation time of the signature */ 604 unsigned char signer_id[OPS_KEY_ID_SIZE]; /* !< Eight-octet key ID 605 * of signer */ 606 __ops_public_key_algorithm_t key_algorithm; /* !< public key 607 * algorithm number */ 608 __ops_hash_algorithm_t hash_algorithm; /* !< hashing algorithm 609 * number */ 610 __ops_signature_union_t signature; /* !< signature parameters */ 611 size_t v4_hashed_data_length; 612 unsigned char *v4_hashed_data; 613 unsigned creation_time_set:1; 614 unsigned signer_id_set:1; 615 } __ops_signature_info_t; 616 617 /** Struct used when parsing a signature */ 618 typedef struct { 619 __ops_signature_info_t info; /* !< The signature information */ 620 /* The following fields are only used while parsing the signature */ 621 unsigned char hash2[2]; /* !< high 2 bytes of hashed value - 622 * for quick test */ 623 size_t v4_hashed_data_start; /* only valid if accumulate 624 * is set */ 625 __ops_hash_t *hash; /* !< if set, the hash filled in for the data 626 * so far */ 627 } __ops_signature_t; 628 629 /** The raw bytes of a signature subpacket */ 630 631 typedef struct { 632 __ops_content_tag_t tag; 633 size_t length; 634 unsigned char *raw; 635 } __ops_ss_raw_t; 636 637 /** Signature Subpacket : Trust Level */ 638 639 typedef struct { 640 unsigned char level; /* <! Trust Level */ 641 unsigned char amount; /* <! Amount */ 642 } __ops_ss_trust_t; 643 644 /** Signature Subpacket : Revocable */ 645 typedef struct { 646 bool revocable; 647 } __ops_ss_revocable_t; 648 649 /** Signature Subpacket : Time */ 650 typedef struct { 651 time_t time; 652 } __ops_ss_time_t; 653 654 /** Signature Subpacket : Key ID */ 655 typedef struct { 656 unsigned char key_id[OPS_KEY_ID_SIZE]; 657 } __ops_ss_key_id_t; 658 659 /** Signature Subpacket : Notation Data */ 660 typedef struct { 661 __ops_data_t flags; 662 __ops_data_t name; 663 __ops_data_t value; 664 } __ops_ss_notation_data_t; 665 666 /** Signature Subpacket : User Defined */ 667 typedef struct { 668 __ops_data_t data; 669 } __ops_ss_userdefined_t; 670 671 /** Signature Subpacket : Unknown */ 672 typedef struct { 673 __ops_data_t data; 674 } __ops_ss_unknown_t; 675 676 /** Signature Subpacket : Preferred Symmetric Key Algorithm */ 677 typedef struct { 678 __ops_data_t data; 679 /* 680 * Note that value 0 may represent the plaintext algorithm so we 681 * cannot expect data->contents to be a null-terminated list 682 */ 683 } __ops_ss_preferred_ska_t; 684 685 /** Signature Subpacket : Preferrred Hash Algorithm */ 686 typedef struct { 687 __ops_data_t data; 688 } __ops_ss_preferred_hash_t; 689 690 /** Signature Subpacket : Preferred Compression */ 691 typedef struct { 692 __ops_data_t data; 693 } __ops_ss_preferred_compression_t; 694 695 /** Signature Subpacket : Key Flags */ 696 typedef struct { 697 __ops_data_t data; 698 } __ops_ss_key_flags_t; 699 700 /** Signature Subpacket : Key Server Preferences */ 701 typedef struct { 702 __ops_data_t data; 703 } __ops_ss_key_server_prefs_t; 704 705 /** Signature Subpacket : Features */ 706 typedef struct { 707 __ops_data_t data; 708 } __ops_ss_features_t; 709 710 /** Signature Subpacket : Signature Target */ 711 typedef struct { 712 __ops_public_key_algorithm_t pka_alg; 713 __ops_hash_algorithm_t hash_alg; 714 __ops_data_t hash; 715 } __ops_ss_signature_target_t; 716 717 /** Signature Subpacket : Embedded Signature */ 718 typedef struct { 719 __ops_data_t sig; 720 } __ops_ss_embedded_signature_t; 721 722 /** __ops_packet_t */ 723 724 typedef struct { 725 size_t length; 726 unsigned char *raw; 727 } __ops_packet_t; 728 729 /** Types of Compression */ 730 typedef enum { 731 OPS_C_NONE = 0, 732 OPS_C_ZIP = 1, 733 OPS_C_ZLIB = 2, 734 OPS_C_BZIP2 = 3 735 } __ops_compression_type_t; 736 737 /* 738 * unlike most structures, this will feed its data as a stream to the 739 * application instead of directly including it 740 */ 741 /** __ops_compressed_t */ 742 typedef struct { 743 __ops_compression_type_t type; 744 } __ops_compressed_t; 745 746 /** __ops_one_pass_signature_t */ 747 typedef struct { 748 unsigned char version; 749 __ops_sig_type_t sig_type; 750 __ops_hash_algorithm_t hash_algorithm; 751 __ops_public_key_algorithm_t key_algorithm; 752 unsigned char keyid[OPS_KEY_ID_SIZE]; 753 bool nested; 754 } __ops_one_pass_signature_t; 755 756 /** Signature Subpacket : Primary User ID */ 757 typedef struct { 758 bool primary_user_id; 759 } __ops_ss_primary_user_id_t; 760 761 /** Signature Subpacket : Regexp */ 762 typedef struct { 763 char *text; 764 } __ops_ss_regexp_t; 765 766 /** Signature Subpacket : Policy URL */ 767 typedef struct { 768 char *text; 769 } __ops_ss_policy_url_t; 770 771 /** Signature Subpacket : Preferred Key Server */ 772 typedef struct { 773 char *text; 774 } __ops_ss_preferred_key_server_t; 775 776 /** Signature Subpacket : Revocation Key */ 777 typedef struct { 778 unsigned char class; 779 unsigned char algid; 780 unsigned char fingerprint[20]; 781 } __ops_ss_revocation_key_t; 782 783 /** Signature Subpacket : Revocation Reason */ 784 typedef struct { 785 unsigned char code; 786 char *text; 787 } __ops_ss_revocation_reason_t; 788 789 /** literal_data_type_t */ 790 typedef enum { 791 OPS_LDT_BINARY = 'b', 792 OPS_LDT_TEXT = 't', 793 OPS_LDT_UTF8 = 'u', 794 OPS_LDT_LOCAL = 'l', 795 OPS_LDT_LOCAL2 = '1' 796 } __ops_literal_data_type_t; 797 798 /** __ops_literal_data_header_t */ 799 typedef struct { 800 __ops_literal_data_type_t format; 801 char filename[256]; 802 time_t modification_time; 803 } __ops_literal_data_header_t; 804 805 /** __ops_literal_data_body_t */ 806 typedef struct { 807 unsigned length; 808 unsigned char *data; 809 void *mem; /* __ops_memory_t pointer */ 810 } __ops_literal_data_body_t; 811 812 /** __ops_mdc_t */ 813 typedef struct { 814 unsigned char data[20]; /* size of SHA1 hash */ 815 } __ops_mdc_t; 816 817 /** __ops_armoured_header_value_t */ 818 typedef struct { 819 char *key; 820 char *value; 821 } __ops_armoured_header_value_t; 822 823 /** __ops_headers_t */ 824 typedef struct { 825 __ops_armoured_header_value_t *headers; 826 unsigned nheaders; 827 } __ops_headers_t; 828 829 /** __ops_armour_header_t */ 830 typedef struct { 831 const char *type; 832 __ops_headers_t headers; 833 } __ops_armour_header_t; 834 835 /** __ops_armour_trailer_t */ 836 typedef struct { 837 const char *type; 838 } __ops_armour_trailer_t; 839 840 /** __ops_signed_cleartext_header_t */ 841 typedef struct { 842 __ops_headers_t headers; 843 } __ops_signed_cleartext_header_t; 844 845 /** __ops_signed_cleartext_body_t */ 846 typedef struct { 847 unsigned length; 848 unsigned char data[8192]; /* \todo fix hard-coded value? */ 849 } __ops_signed_cleartext_body_t; 850 851 /** __ops_signed_cleartext_trailer_t */ 852 typedef struct { 853 struct _ops_hash_t *hash; /* !< This will not have been 854 * finalised, but will have seen all 855 * the cleartext data in canonical 856 * form */ 857 } __ops_signed_cleartext_trailer_t; 858 859 /** __ops_unarmoured_text_t */ 860 typedef struct { 861 unsigned length; 862 unsigned char *data; 863 } __ops_unarmoured_text_t; 864 865 typedef enum { 866 SE_IP_DATA_VERSION = 1 867 } __ops_se_ip_data_version_t; 868 869 typedef enum { 870 OPS_PKSK_V3 = 3 871 } __ops_pk_session_key_version_t; 872 873 /** __ops_pk_session_key_parameters_rsa_t */ 874 typedef struct { 875 BIGNUM *encrypted_m; 876 BIGNUM *m; 877 } __ops_pk_session_key_parameters_rsa_t; 878 879 /** __ops_pk_session_key_parameters_elgamal_t */ 880 typedef struct { 881 BIGNUM *g_to_k; 882 BIGNUM *encrypted_m; 883 } __ops_pk_session_key_parameters_elgamal_t; 884 885 /** __ops_pk_session_key_parameters_t */ 886 typedef union { 887 __ops_pk_session_key_parameters_rsa_t rsa; 888 __ops_pk_session_key_parameters_elgamal_t elgamal; 889 } __ops_pk_session_key_parameters_t; 890 891 /** __ops_pk_session_key_t */ 892 typedef struct { 893 __ops_pk_session_key_version_t version; 894 unsigned char key_id[OPS_KEY_ID_SIZE]; 895 __ops_public_key_algorithm_t algorithm; 896 __ops_pk_session_key_parameters_t parameters; 897 __ops_symmetric_algorithm_t symmetric_algorithm; 898 unsigned char key[OPS_MAX_KEY_SIZE]; 899 unsigned short checksum; 900 } __ops_pk_session_key_t; 901 902 /** __ops_secret_key_passphrase_t */ 903 typedef struct { 904 const __ops_secret_key_t *secret_key; 905 char **passphrase; /* point somewhere that gets filled 906 * in to work around constness of 907 * content */ 908 } __ops_secret_key_passphrase_t; 909 910 typedef enum { 911 OPS_SE_IP_V1 = 1 912 } __ops_se_ip_version_t; 913 914 /** __ops_se_ip_data_header_t */ 915 typedef struct { 916 __ops_se_ip_version_t version; 917 } __ops_se_ip_data_header_t; 918 919 /** __ops_se_ip_data_body_t */ 920 typedef struct { 921 unsigned length; 922 unsigned char *data; /* \todo remember to free this */ 923 } __ops_se_ip_data_body_t; 924 925 /** __ops_se_data_body_t */ 926 typedef struct { 927 unsigned length; 928 unsigned char data[8192]; /* \todo parameterise this! */ 929 } __ops_se_data_body_t; 930 931 /** __ops_get_secret_key_t */ 932 typedef struct { 933 const __ops_secret_key_t **secret_key; 934 const __ops_pk_session_key_t *pk_session_key; 935 } __ops_get_secret_key_t; 936 937 /** __ops_parser_union_content_t */ 938 typedef union { 939 __ops_parser_error_t error; 940 __ops_parser_errcode_t errcode; 941 __ops_ptag_t ptag; 942 __ops_public_key_t public_key; 943 __ops_trust_t trust; 944 __ops_user_id_t user_id; 945 __ops_user_attribute_t user_attribute; 946 __ops_signature_t signature; 947 __ops_ss_raw_t ss_raw; 948 __ops_ss_trust_t ss_trust; 949 __ops_ss_revocable_t ss_revocable; 950 __ops_ss_time_t ss_time; 951 __ops_ss_key_id_t ss_issuer_key_id; 952 __ops_ss_notation_data_t ss_notation_data; 953 __ops_packet_t packet; 954 __ops_compressed_t compressed; 955 __ops_one_pass_signature_t one_pass_signature; 956 __ops_ss_preferred_ska_t ss_preferred_ska; 957 __ops_ss_preferred_hash_t ss_preferred_hash; 958 __ops_ss_preferred_compression_t ss_preferred_compression; 959 __ops_ss_key_flags_t ss_key_flags; 960 __ops_ss_key_server_prefs_t ss_key_server_prefs; 961 __ops_ss_primary_user_id_t ss_primary_user_id; 962 __ops_ss_regexp_t ss_regexp; 963 __ops_ss_policy_url_t ss_policy_url; 964 __ops_ss_preferred_key_server_t ss_preferred_key_server; 965 __ops_ss_revocation_key_t ss_revocation_key; 966 __ops_ss_userdefined_t ss_userdefined; 967 __ops_ss_unknown_t ss_unknown; 968 __ops_literal_data_header_t literal_data_header; 969 __ops_literal_data_body_t literal_data_body; 970 __ops_mdc_t mdc; 971 __ops_ss_features_t ss_features; 972 __ops_ss_signature_target_t ss_signature_target; 973 __ops_ss_embedded_signature_t ss_embedded_signature; 974 __ops_ss_revocation_reason_t ss_revocation_reason; 975 __ops_secret_key_t secret_key; 976 __ops_user_id_t ss_signers_user_id; 977 __ops_armour_header_t armour_header; 978 __ops_armour_trailer_t armour_trailer; 979 __ops_signed_cleartext_header_t signed_cleartext_header; 980 __ops_signed_cleartext_body_t signed_cleartext_body; 981 __ops_signed_cleartext_trailer_t signed_cleartext_trailer; 982 __ops_unarmoured_text_t unarmoured_text; 983 __ops_pk_session_key_t pk_session_key; 984 __ops_secret_key_passphrase_t secret_key_passphrase; 985 __ops_se_ip_data_header_t se_ip_data_header; 986 __ops_se_ip_data_body_t se_ip_data_body; 987 __ops_se_data_body_t se_data_body; 988 __ops_get_secret_key_t get_secret_key; 989 } __ops_parser_content_union_t; 990 991 /** __ops_parser_content_t */ 992 struct __ops_parser_content_t { 993 __ops_content_tag_t tag; /* type of contents */ 994 unsigned char critical; /* for signature subpackets */ 995 __ops_parser_content_union_t u; /* union for contents */ 996 }; 997 998 /** __ops_fingerprint_t */ 999 typedef struct { 1000 unsigned char fingerprint[20]; 1001 unsigned length; 1002 } __ops_fingerprint_t; 1003 1004 void __ops_init(void); 1005 void __ops_finish(void); 1006 void __ops_keyid(unsigned char *, const size_t, const int, 1007 const __ops_public_key_t *); 1008 void __ops_fingerprint(__ops_fingerprint_t *, const __ops_public_key_t *); 1009 void __ops_public_key_free(__ops_public_key_t *); 1010 void __ops_user_id_free(__ops_user_id_t *); 1011 void __ops_user_attribute_free(__ops_user_attribute_t *); 1012 void __ops_signature_free(__ops_signature_t *); 1013 void __ops_trust_free(__ops_trust_t *); 1014 void __ops_ss_preferred_ska_free(__ops_ss_preferred_ska_t *); 1015 void __ops_ss_preferred_hash_free(__ops_ss_preferred_hash_t *); 1016 void __ops_ss_preferred_compression_free(__ops_ss_preferred_compression_t *); 1017 void __ops_ss_key_flags_free(__ops_ss_key_flags_t *); 1018 void __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *); 1019 void __ops_ss_features_free(__ops_ss_features_t *); 1020 void __ops_ss_notation_data_free(__ops_ss_notation_data_t *); 1021 void __ops_ss_policy_url_free(__ops_ss_policy_url_t *); 1022 void __ops_ss_preferred_key_server_free(__ops_ss_preferred_key_server_t *); 1023 void __ops_ss_regexp_free(__ops_ss_regexp_t *); 1024 void __ops_ss_userdefined_free(__ops_ss_userdefined_t *); 1025 void __ops_ss_reserved_free(__ops_ss_unknown_t *); 1026 void __ops_ss_revocation_reason_free(__ops_ss_revocation_reason_t *); 1027 void __ops_ss_signature_target_free(__ops_ss_signature_target_t *); 1028 void __ops_ss_embedded_signature_free(__ops_ss_embedded_signature_t *); 1029 1030 void __ops_packet_free(__ops_packet_t *); 1031 void __ops_parser_content_free(__ops_parser_content_t *); 1032 void __ops_secret_key_free(__ops_secret_key_t *); 1033 void __ops_pk_session_key_free(__ops_pk_session_key_t *); 1034 1035 int __ops_print_packet(const __ops_parser_content_t *); 1036 1037 #endif 1038