1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * packet related headers. 52 */ 53 54 #ifndef OPS_PACKET_H 55 #define OPS_PACKET_H 56 57 #include <time.h> 58 #include <openssl/bn.h> 59 #include <openssl/sha.h> 60 61 #include "types.h" 62 #include "errors.h" 63 64 /** General-use structure for variable-length data 65 */ 66 67 typedef struct { 68 size_t len; 69 unsigned char *contents; 70 } __ops_data_t; 71 72 /************************************/ 73 /* Packet Tags - RFC4880, 4.2 */ 74 /************************************/ 75 76 /** Packet Tag - Bit 7 Mask (this bit is always set). 77 * The first byte of a packet is the "Packet Tag". It always 78 * has bit 7 set. This is the mask for it. 79 * 80 * \see RFC4880 4.2 81 */ 82 #define OPS_PTAG_ALWAYS_SET 0x80 83 84 /** Packet Tag - New Format Flag. 85 * Bit 6 of the Packet Tag is the packet format indicator. 86 * If it is set, the new format is used, if cleared the 87 * old format is used. 88 * 89 * \see RFC4880 4.2 90 */ 91 #define OPS_PTAG_NEW_FORMAT 0x40 92 93 94 /** Old Packet Format: Mask for content tag. 95 * In the old packet format bits 5 to 2 (including) 96 * are the content tag. This is the mask to apply 97 * to the packet tag. Note that you need to 98 * shift by #OPS_PTAG_OF_CONTENT_TAG_SHIFT bits. 99 * 100 * \see RFC4880 4.2 101 */ 102 #define OPS_PTAG_OF_CONTENT_TAG_MASK 0x3c 103 /** Old Packet Format: Offset for the content tag. 104 * As described at #OPS_PTAG_OF_CONTENT_TAG_MASK the 105 * content tag needs to be shifted after being masked 106 * out from the Packet Tag. 107 * 108 * \see RFC4880 4.2 109 */ 110 #define OPS_PTAG_OF_CONTENT_TAG_SHIFT 2 111 /** Old Packet Format: Mask for length type. 112 * Bits 1 and 0 of the packet tag are the length type 113 * in the old packet format. 114 * 115 * See #__ops_ptag_of_lt_t for the meaning of the values. 116 * 117 * \see RFC4880 4.2 118 */ 119 #define OPS_PTAG_OF_LENGTH_TYPE_MASK 0x03 120 121 122 /** Old Packet Format Lengths. 123 * Defines the meanings of the 2 bits for length type in the 124 * old packet format. 125 * 126 * \see RFC4880 4.2.1 127 */ 128 typedef enum { 129 OPS_PTAG_OLD_LEN_1 = 0x00, /* !< Packet has a 1 byte length - 130 * header is 2 bytes long. */ 131 OPS_PTAG_OLD_LEN_2 = 0x01, /* !< Packet has a 2 byte length - 132 * header is 3 bytes long. */ 133 OPS_PTAG_OLD_LEN_4 = 0x02, /* !< Packet has a 4 byte 134 * length - header is 5 bytes 135 * long. */ 136 OPS_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* !< Packet has a 137 * indeterminate length. */ 138 } __ops_ptag_of_lt_t; 139 140 141 /** New Packet Format: Mask for content tag. 142 * In the new packet format the 6 rightmost bits 143 * are the content tag. This is the mask to apply 144 * to the packet tag. Note that you need to 145 * shift by #OPS_PTAG_NF_CONTENT_TAG_SHIFT bits. 146 * 147 * \see RFC4880 4.2 148 */ 149 #define OPS_PTAG_NF_CONTENT_TAG_MASK 0x3f 150 /** New Packet Format: Offset for the content tag. 151 * As described at #OPS_PTAG_NF_CONTENT_TAG_MASK the 152 * content tag needs to be shifted after being masked 153 * out from the Packet Tag. 154 * 155 * \see RFC4880 4.2 156 */ 157 #define OPS_PTAG_NF_CONTENT_TAG_SHIFT 0 158 159 /* PTag Content Tags */ 160 /***************************/ 161 162 /** Package Tags (aka Content Tags) and signature subpacket types. 163 * This enumerates all rfc-defined packet tag values and the 164 * signature subpacket type values that we understand. 165 * 166 * \see RFC4880 4.3 167 * \see RFC4880 5.2.3.1 168 */ 169 typedef enum { 170 OPS_PTAG_CT_RESERVED = 0, /* !< Reserved - a packet tag must 171 * not have this value */ 172 OPS_PTAG_CT_PK_SESSION_KEY = 1, /* !< Public-Key Encrypted Session 173 * Key Packet */ 174 OPS_PTAG_CT_SIGNATURE = 2, /* !< Signature Packet */ 175 OPS_PTAG_CT_SK_SESSION_KEY = 3, /* !< Symmetric-Key Encrypted Session 176 * Key Packet */ 177 OPS_PTAG_CT_ONE_PASS_SIGNATURE = 4, /* !< One-Pass Signature 178 * Packet */ 179 OPS_PTAG_CT_SECRET_KEY = 5, /* !< Secret Key Packet */ 180 OPS_PTAG_CT_PUBLIC_KEY = 6, /* !< Public Key Packet */ 181 OPS_PTAG_CT_SECRET_SUBKEY = 7, /* !< Secret Subkey Packet */ 182 OPS_PTAG_CT_COMPRESSED = 8, /* !< Compressed Data Packet */ 183 OPS_PTAG_CT_SE_DATA = 9,/* !< Symmetrically Encrypted Data Packet */ 184 OPS_PTAG_CT_MARKER = 10,/* !< Marker Packet */ 185 OPS_PTAG_CT_LITERAL_DATA = 11, /* !< Literal Data Packet */ 186 OPS_PTAG_CT_TRUST = 12, /* !< Trust Packet */ 187 OPS_PTAG_CT_USER_ID = 13, /* !< User ID Packet */ 188 OPS_PTAG_CT_PUBLIC_SUBKEY = 14, /* !< Public Subkey Packet */ 189 OPS_PTAG_CT_RESERVED2 = 15, /* !< reserved */ 190 OPS_PTAG_CT_RESERVED3 = 16, /* !< reserved */ 191 OPS_PTAG_CT_USER_ATTRIBUTE = 17, /* !< User Attribute Packet */ 192 OPS_PTAG_CT_SE_IP_DATA = 18, /* !< Sym. Encrypted and Integrity 193 * Protected Data Packet */ 194 OPS_PTAG_CT_MDC = 19, /* !< Modification Detection Code Packet */ 195 196 OPS_PARSER_PTAG = 0x100,/* !< Internal Use: The packet is the "Packet 197 * Tag" itself - used when callback sends 198 * back the PTag. */ 199 OPS_PTAG_RAW_SS = 0x101,/* !< Internal Use: content is raw sig subtag */ 200 OPS_PTAG_SS_ALL = 0x102,/* !< Internal Use: select all subtags */ 201 OPS_PARSER_PACKET_END = 0x103, 202 203 /* signature subpackets (0x200-2ff) (type+0x200) */ 204 /* only those we can parse are listed here */ 205 OPS_PTAG_SIGNATURE_SUBPACKET_BASE = 0x200, /* !< Base for signature 206 * subpacket types - All 207 * signature type values 208 * are relative to this 209 * value. */ 210 OPS_PTAG_SS_CREATION_TIME = 0x200 + 2, /* !< signature creation time */ 211 OPS_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* !< signature 212 * expiration time */ 213 214 OPS_PTAG_SS_EXPORTABLE_CERTIFICATION = 0x200 + 4, /* !< exportable 215 * certification */ 216 OPS_PTAG_SS_TRUST = 0x200 + 5, /* !< trust signature */ 217 OPS_PTAG_SS_REGEXP = 0x200 + 6, /* !< regular expression */ 218 OPS_PTAG_SS_REVOCABLE = 0x200 + 7, /* !< revocable */ 219 OPS_PTAG_SS_KEY_EXPIRATION_TIME = 0x200 + 9, /* !< key expiration 220 * time */ 221 OPS_PTAG_SS_RESERVED = 0x200 + 10, /* !< reserved */ 222 OPS_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* !< preferred symmetric 223 * algs */ 224 OPS_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* !< revocation key */ 225 OPS_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* !< issuer key ID */ 226 OPS_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* !< notation data */ 227 OPS_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* !< preferred hash 228 * algs */ 229 OPS_PTAG_SS_PREFERRED_COMPRESSION = 0x200 + 22, /* !< preferred 230 * compression 231 * algorithms */ 232 OPS_PTAG_SS_KEY_SERVER_PREFS = 0x200 + 23, /* !< key server 233 * preferences */ 234 OPS_PTAG_SS_PREFERRED_KEY_SERVER = 0x200 + 24, /* !< Preferred Key 235 * Server */ 236 OPS_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* !< primary User ID */ 237 OPS_PTAG_SS_POLICY_URI = 0x200 + 26, /* !< Policy URI */ 238 OPS_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* !< key flags */ 239 OPS_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* !< Signer's User ID */ 240 OPS_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* !< reason for 241 * revocation */ 242 OPS_PTAG_SS_FEATURES = 0x200 + 30, /* !< features */ 243 OPS_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* !< signature target */ 244 OPS_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* !< embedded signature */ 245 246 OPS_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* !< internal or 247 * user-defined */ 248 OPS_PTAG_SS_USERDEFINED01 = 0x200 + 101, 249 OPS_PTAG_SS_USERDEFINED02 = 0x200 + 102, 250 OPS_PTAG_SS_USERDEFINED03 = 0x200 + 103, 251 OPS_PTAG_SS_USERDEFINED04 = 0x200 + 104, 252 OPS_PTAG_SS_USERDEFINED05 = 0x200 + 105, 253 OPS_PTAG_SS_USERDEFINED06 = 0x200 + 106, 254 OPS_PTAG_SS_USERDEFINED07 = 0x200 + 107, 255 OPS_PTAG_SS_USERDEFINED08 = 0x200 + 108, 256 OPS_PTAG_SS_USERDEFINED09 = 0x200 + 109, 257 OPS_PTAG_SS_USERDEFINED10 = 0x200 + 110, 258 259 260 /* pseudo content types */ 261 OPS_PTAG_CT_LITERAL_DATA_HEADER = 0x300, 262 OPS_PTAG_CT_LITERAL_DATA_BODY = 0x300 + 1, 263 OPS_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2, 264 OPS_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3, 265 OPS_PTAG_CT_ARMOUR_HEADER = 0x300 + 4, 266 OPS_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5, 267 OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6, 268 OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7, 269 OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8, 270 OPS_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9, 271 OPS_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10, /* In this case the 272 * algorithm specific 273 * fields will not be 274 * initialised */ 275 OPS_PTAG_CT_SE_DATA_HEADER = 0x300 + 11, 276 OPS_PTAG_CT_SE_DATA_BODY = 0x300 + 12, 277 OPS_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13, 278 OPS_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14, 279 OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15, 280 281 /* commands to the callback */ 282 OPS_PARSER_CMD_GET_SK_PASSPHRASE = 0x400, 283 OPS_PARSER_CMD_GET_SECRET_KEY = 0x400 + 1, 284 285 286 /* Errors */ 287 OPS_PARSER_ERROR = 0x500, /* !< Internal Use: Parser Error */ 288 OPS_PARSER_ERRCODE = 0x500 + 1 /* ! < Internal Use: Parser Error 289 * with errcode returned */ 290 } __ops_content_tag_t; 291 292 typedef __ops_content_tag_t __ops_packet_tag_t; 293 typedef __ops_content_tag_t __ops_ss_type_t; 294 295 /** Structure to hold one parse error string. */ 296 typedef struct { 297 const char *error; /* !< error message. */ 298 } __ops_parser_error_t; 299 300 /** Structure to hold one error code */ 301 typedef struct { 302 __ops_errcode_t errcode; 303 } __ops_parser_errcode_t; 304 305 /** Structure to hold one packet tag. 306 * \see RFC4880 4.2 307 */ 308 typedef struct { 309 unsigned new_format; /* !< Whether this packet tag is new 310 * (true) or old format (false) */ 311 unsigned type; /* !< content_tag value - See 312 * #__ops_content_tag_t for meanings */ 313 __ops_ptag_of_lt_t length_type; /* !< Length type (#__ops_ptag_of_lt_t) 314 * - only if this packet tag is old 315 * format. Set to 0 if new format. */ 316 unsigned length; /* !< The length of the packet. This value 317 * is set when we read and compute the length 318 * information, not at the same moment we 319 * create the packet tag structure. Only 320 * defined if #length_read is set. *//* XXX: Ben, is this correct? */ 321 unsigned position; /* !< The position (within the 322 * current reader) of the packet */ 323 unsigned size; /* number of bits */ 324 } __ops_ptag_t; 325 326 /** Public Key Algorithm Numbers. 327 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 328 * 329 * This lists algorithm numbers for public key algorithms. 330 * 331 * \see RFC4880 9.1 332 */ 333 typedef enum { 334 OPS_PKA_RSA = 1, /* !< RSA (Encrypt or Sign) */ 335 OPS_PKA_RSA_ENCRYPT_ONLY = 2, /* !< RSA Encrypt-Only (deprecated - 336 * \see RFC4880 13.5) */ 337 OPS_PKA_RSA_SIGN_ONLY = 3, /* !< RSA Sign-Only (deprecated - 338 * \see RFC4880 13.5) */ 339 OPS_PKA_ELGAMAL = 16, /* !< Elgamal (Encrypt-Only) */ 340 OPS_PKA_DSA = 17, /* !< DSA (Digital Signature Algorithm) */ 341 OPS_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* !< Reserved for Elliptic 342 * Curve */ 343 OPS_PKA_RESERVED_ECDSA = 19, /* !< Reserved for ECDSA */ 344 OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* !< Deprecated. */ 345 OPS_PKA_RESERVED_DH = 21, /* !< Reserved for Diffie-Hellman 346 * (X9.42, as defined for 347 * IETF-S/MIME) */ 348 OPS_PKA_PRIVATE00 = 100,/* !< Private/Experimental Algorithm */ 349 OPS_PKA_PRIVATE01 = 101,/* !< Private/Experimental Algorithm */ 350 OPS_PKA_PRIVATE02 = 102,/* !< Private/Experimental Algorithm */ 351 OPS_PKA_PRIVATE03 = 103,/* !< Private/Experimental Algorithm */ 352 OPS_PKA_PRIVATE04 = 104,/* !< Private/Experimental Algorithm */ 353 OPS_PKA_PRIVATE05 = 105,/* !< Private/Experimental Algorithm */ 354 OPS_PKA_PRIVATE06 = 106,/* !< Private/Experimental Algorithm */ 355 OPS_PKA_PRIVATE07 = 107,/* !< Private/Experimental Algorithm */ 356 OPS_PKA_PRIVATE08 = 108,/* !< Private/Experimental Algorithm */ 357 OPS_PKA_PRIVATE09 = 109,/* !< Private/Experimental Algorithm */ 358 OPS_PKA_PRIVATE10 = 110 /* !< Private/Experimental Algorithm */ 359 } __ops_pubkey_alg_t; 360 361 /** Structure to hold one DSA public key parameters. 362 * 363 * \see RFC4880 5.5.2 364 */ 365 typedef struct { 366 BIGNUM *p; /* !< DSA prime p */ 367 BIGNUM *q; /* !< DSA group order q */ 368 BIGNUM *g; /* !< DSA group generator g */ 369 BIGNUM *y; /* !< DSA public key value y (= g^x mod p 370 * with x being the secret) */ 371 } __ops_dsa_pubkey_t; 372 373 /** Structure to hold an RSA public key. 374 * 375 * \see RFC4880 5.5.2 376 */ 377 typedef struct { 378 BIGNUM *n; /* !< RSA public modulus n */ 379 BIGNUM *e; /* !< RSA public encryption exponent e */ 380 } __ops_rsa_pubkey_t; 381 382 /** Structure to hold an ElGamal public key parameters. 383 * 384 * \see RFC4880 5.5.2 385 */ 386 typedef struct { 387 BIGNUM *p; /* !< ElGamal prime p */ 388 BIGNUM *g; /* !< ElGamal group generator g */ 389 BIGNUM *y; /* !< ElGamal public key value y (= g^x mod p 390 * with x being the secret) */ 391 } __ops_elgamal_pubkey_t; 392 393 /** Union to hold public key parameters of any algorithm */ 394 typedef union { 395 __ops_dsa_pubkey_t dsa; /* !< A DSA public key */ 396 __ops_rsa_pubkey_t rsa; /* !< An RSA public key */ 397 __ops_elgamal_pubkey_t elgamal; /* !< An ElGamal public key */ 398 } __ops_pubkey_union_t; 399 400 /** Version. 401 * OpenPGP has two different protocol versions: version 3 and version 4. 402 * 403 * \see RFC4880 5.2 404 */ 405 typedef enum { 406 OPS_V2 = 2, /* <! Version 2 (essentially the same as v3) */ 407 OPS_V3 = 3, /* <! Version 3 */ 408 OPS_V4 = 4 /* <! Version 4 */ 409 } __ops_version_t; 410 411 /** Structure to hold a pgp public key */ 412 typedef struct { 413 __ops_version_t version;/* !< version of the key (v3, v4...) */ 414 time_t birthtime; 415 /* !< when the key was created. Note that 416 * interpretation varies with key version. */ 417 unsigned days_valid; 418 /* !< validity period of the key in days since 419 * creation. A value of 0 has a special meaning 420 * indicating this key does not expire. Only used with 421 * v3 keys. */ 422 __ops_pubkey_alg_t alg; /* !< Public Key Algorithm type */ 423 __ops_pubkey_union_t key; /* !< Public Key Parameters */ 424 } __ops_pubkey_t; 425 426 /** Structure to hold data for one RSA secret key 427 */ 428 typedef struct { 429 BIGNUM *d; 430 BIGNUM *p; 431 BIGNUM *q; 432 BIGNUM *u; 433 } __ops_rsa_seckey_t; 434 435 /** __ops_dsa_seckey_t */ 436 typedef struct { 437 BIGNUM *x; 438 } __ops_dsa_seckey_t; 439 440 /** __ops_seckey_union_t */ 441 typedef struct { 442 __ops_rsa_seckey_t rsa; 443 __ops_dsa_seckey_t dsa; 444 } __ops_seckey_union_t; 445 446 /** s2k_usage_t 447 */ 448 typedef enum { 449 OPS_S2KU_NONE = 0, 450 OPS_S2KU_ENCRYPTED_AND_HASHED = 254, 451 OPS_S2KU_ENCRYPTED = 255 452 } __ops_s2k_usage_t; 453 454 /** s2k_specifier_t 455 */ 456 typedef enum { 457 OPS_S2KS_SIMPLE = 0, 458 OPS_S2KS_SALTED = 1, 459 OPS_S2KS_ITERATED_AND_SALTED = 3 460 } __ops_s2k_specifier_t; 461 462 /** Symmetric Key Algorithm Numbers. 463 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 464 * 465 * This lists algorithm numbers for symmetric key algorithms. 466 * 467 * \see RFC4880 9.2 468 */ 469 typedef enum { 470 OPS_SA_PLAINTEXT = 0, /* !< Plaintext or unencrypted data */ 471 OPS_SA_IDEA = 1, /* !< IDEA */ 472 OPS_SA_TRIPLEDES = 2, /* !< TripleDES */ 473 OPS_SA_CAST5 = 3, /* !< CAST5 */ 474 OPS_SA_BLOWFISH = 4, /* !< Blowfish */ 475 OPS_SA_AES_128 = 7, /* !< AES with 128-bit key (AES) */ 476 OPS_SA_AES_192 = 8, /* !< AES with 192-bit key */ 477 OPS_SA_AES_256 = 9, /* !< AES with 256-bit key */ 478 OPS_SA_TWOFISH = 10 /* !< Twofish with 256-bit key (TWOFISH) */ 479 } __ops_symm_alg_t; 480 481 /** Hashing Algorithm Numbers. 482 * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. 483 * 484 * This lists algorithm numbers for hash algorithms. 485 * 486 * \see RFC4880 9.4 487 */ 488 typedef enum { 489 OPS_HASH_UNKNOWN = -1, /* !< used to indicate errors */ 490 OPS_HASH_MD5 = 1, /* !< MD5 */ 491 OPS_HASH_SHA1 = 2, /* !< SHA-1 */ 492 OPS_HASH_RIPEMD = 3, /* !< RIPEMD160 */ 493 494 OPS_HASH_SHA256 = 8, /* !< SHA256 */ 495 OPS_HASH_SHA384 = 9, /* !< SHA384 */ 496 OPS_HASH_SHA512 = 10, /* !< SHA512 */ 497 OPS_HASH_SHA224 = 11 /* !< SHA224 */ 498 } __ops_hash_alg_t; 499 500 void __ops_calc_mdc_hash(const unsigned char *, 501 const size_t, 502 const unsigned char *, 503 const unsigned int, 504 unsigned char *); 505 bool __ops_is_hash_alg_supported(const __ops_hash_alg_t *); 506 507 /* Maximum block size for symmetric crypto */ 508 #define OPS_MAX_BLOCK_SIZE 16 509 510 /* Maximum key size for symmetric crypto */ 511 #define OPS_MAX_KEY_SIZE 32 512 513 /* Salt size for hashing */ 514 #define OPS_SALT_SIZE 8 515 516 /* SHA1 Hash Size \todo is this the same as OPS_CHECKHASH_SIZE?? */ 517 #define OPS_SHA1_HASH_SIZE SHA_DIGEST_LENGTH 518 #define OPS_SHA256_HASH_SIZE SHA256_DIGEST_LENGTH 519 520 /* Hash size for secret key check */ 521 #define OPS_CHECKHASH_SIZE OPS_SHA1_HASH_SIZE 522 523 /* Max hash size */ 524 #define OPS_MAX_HASH_SIZE 64 525 526 /** __ops_seckey_t 527 */ 528 typedef struct { 529 __ops_pubkey_t pubkey; 530 __ops_s2k_usage_t s2k_usage; 531 __ops_s2k_specifier_t s2k_specifier; 532 __ops_symm_alg_t alg; 533 __ops_hash_alg_t hash_alg; 534 unsigned char salt[OPS_SALT_SIZE]; 535 unsigned octetc; 536 unsigned char iv[OPS_MAX_BLOCK_SIZE]; 537 __ops_seckey_union_t key; 538 unsigned checksum; 539 unsigned char checkhash[OPS_CHECKHASH_SIZE]; 540 } __ops_seckey_t; 541 542 /** Structure to hold one trust packet's data */ 543 544 typedef struct { 545 __ops_data_t data; /* <! Trust Packet */ 546 } __ops_trust_t; 547 548 /** Structure to hold one user id */ 549 typedef struct { 550 unsigned char *user_id;/* !< User ID - UTF-8 string */ 551 } __ops_user_id_t; 552 553 /** Structure to hold one user attribute */ 554 typedef struct { 555 __ops_data_t data; /* !< User Attribute */ 556 } __ops_user_attribute_t; 557 558 /** Signature Type. 559 * OpenPGP defines different signature types that allow giving 560 * different meanings to signatures. Signature types include 0x10 for 561 * generitc User ID certifications (used when Ben signs Weasel's key), 562 * Subkey binding signatures, document signatures, key revocations, 563 * etc. 564 * 565 * Different types are used in different places, and most make only 566 * sense in their intended location (for instance a subkey binding has 567 * no place on a UserID). 568 * 569 * \see RFC4880 5.2.1 570 */ 571 typedef enum { 572 OPS_SIG_BINARY = 0x00, /* <! Signature of a binary document */ 573 OPS_SIG_TEXT = 0x01, /* <! Signature of a canonical text document */ 574 OPS_SIG_STANDALONE = 0x02, /* <! Standalone signature */ 575 576 OPS_CERT_GENERIC = 0x10,/* <! Generic certification of a User ID and 577 * Public Key packet */ 578 OPS_CERT_PERSONA = 0x11,/* <! Persona certification of a User ID and 579 * Public Key packet */ 580 OPS_CERT_CASUAL = 0x12, /* <! Casual certification of a User ID and 581 * Public Key packet */ 582 OPS_CERT_POSITIVE = 0x13, /* <! Positive certification of a 583 * User ID and Public Key packet */ 584 585 OPS_SIG_SUBKEY = 0x18, /* <! Subkey Binding Signature */ 586 OPS_SIG_PRIMARY = 0x19, /* <! Primary Key Binding Signature */ 587 OPS_SIG_DIRECT = 0x1f, /* <! Signature directly on a key */ 588 589 OPS_SIG_REV_KEY = 0x20, /* <! Key revocation signature */ 590 OPS_SIG_REV_SUBKEY = 0x28, /* <! Subkey revocation signature */ 591 OPS_SIG_REV_CERT = 0x30,/* <! Certification revocation signature */ 592 593 OPS_SIG_TIMESTAMP = 0x40, /* <! Timestamp signature */ 594 595 OPS_SIG_3RD_PARTY = 0x50/* <! Third-Party Confirmation signature */ 596 } __ops_sig_type_t; 597 598 /** Struct to hold parameters of an RSA signature */ 599 typedef struct { 600 BIGNUM *sig; /* !< the signature value (m^d % n) */ 601 } __ops_rsa_sig_t; 602 603 /** Struct to hold parameters of a DSA signature */ 604 typedef struct { 605 BIGNUM *r; /* !< DSA value r */ 606 BIGNUM *s; /* !< DSA value s */ 607 } __ops_dsa_sig_t; 608 609 /** __ops_elgamal_signature_t */ 610 typedef struct { 611 BIGNUM *r; 612 BIGNUM *s; 613 } __ops_elgamal_sig_t; 614 615 /** Struct to hold data for a private/experimental signature */ 616 typedef struct { 617 __ops_data_t data; 618 } __ops_unknown_sig_t; 619 620 /** Union to hold signature parameters of any algorithm */ 621 typedef union { 622 __ops_rsa_sig_t rsa;/* !< An RSA Signature */ 623 __ops_dsa_sig_t dsa;/* !< A DSA Signature */ 624 __ops_elgamal_sig_t elgamal; /* deprecated */ 625 __ops_unknown_sig_t unknown; /* private or experimental */ 626 } __ops_sig_union_t; 627 628 #define OPS_KEY_ID_SIZE 8 629 630 /** Struct to hold a signature packet. 631 * 632 * \see RFC4880 5.2.2 633 * \see RFC4880 5.2.3 634 */ 635 typedef struct { 636 __ops_version_t version;/* !< signature version number */ 637 __ops_sig_type_t type; /* !< signature type value */ 638 time_t birthtime; /* !< creation time of the signature */ 639 unsigned char signer_id[OPS_KEY_ID_SIZE]; /* !< Eight-octet key ID 640 * of signer */ 641 __ops_pubkey_alg_t key_alg; /* !< public key 642 * algorithm number */ 643 __ops_hash_alg_t hash_alg; /* !< hashing algorithm 644 * number */ 645 __ops_sig_union_t sig; /* !< signature parameters */ 646 size_t v4_hashed_data_length; 647 unsigned char *v4_hashed_data; 648 unsigned birthtime_set:1; 649 unsigned signer_id_set:1; 650 } __ops_sig_info_t; 651 652 /** Struct used when parsing a signature */ 653 typedef struct { 654 __ops_sig_info_t info; /* !< The signature information */ 655 /* The following fields are only used while parsing the signature */ 656 unsigned char hash2[2]; /* !< high 2 bytes of hashed value - 657 * for quick test */ 658 size_t v4_hashed_data_start; /* only valid if accumulate 659 * is set */ 660 __ops_hash_t *hash; /* !< if set, the hash filled in for the data 661 * so far */ 662 } __ops_sig_t; 663 664 /** The raw bytes of a signature subpacket */ 665 666 typedef struct { 667 __ops_content_tag_t tag; 668 size_t length; 669 unsigned char *raw; 670 } __ops_ss_raw_t; 671 672 /** Signature Subpacket : Trust Level */ 673 674 typedef struct { 675 unsigned char level; /* <! Trust Level */ 676 unsigned char amount; /* <! Amount */ 677 } __ops_ss_trust_t; 678 679 /** Signature Subpacket : Revocable */ 680 typedef struct { 681 bool revocable; 682 } __ops_ss_revocable_t; 683 684 /** Signature Subpacket : Time */ 685 typedef struct { 686 time_t time; 687 } __ops_ss_time_t; 688 689 /** Signature Subpacket : Key ID */ 690 typedef struct { 691 unsigned char key_id[OPS_KEY_ID_SIZE]; 692 } __ops_ss_key_id_t; 693 694 /** Signature Subpacket : Notation Data */ 695 typedef struct { 696 __ops_data_t flags; 697 __ops_data_t name; 698 __ops_data_t value; 699 } __ops_ss_notation_data_t; 700 701 /** Signature Subpacket : User Defined */ 702 typedef struct { 703 __ops_data_t data; 704 } __ops_ss_userdefined_t; 705 706 /** Signature Subpacket : Unknown */ 707 typedef struct { 708 __ops_data_t data; 709 } __ops_ss_unknown_t; 710 711 /** Signature Subpacket : Preferred Symmetric Key Algorithm */ 712 typedef struct { 713 __ops_data_t data; 714 /* 715 * Note that value 0 may represent the plaintext algorithm so we 716 * cannot expect data->contents to be a null-terminated list 717 */ 718 } __ops_ss_skapref_t; 719 720 /** Signature Subpacket : Preferrred Hash Algorithm */ 721 typedef struct { 722 __ops_data_t data; 723 } __ops_ss_hashpref_t; 724 725 /** Signature Subpacket : Preferred Compression */ 726 typedef struct { 727 __ops_data_t data; 728 } __ops_ss_zpref_t; 729 730 /** Signature Subpacket : Key Flags */ 731 typedef struct { 732 __ops_data_t data; 733 } __ops_ss_key_flags_t; 734 735 /** Signature Subpacket : Key Server Preferences */ 736 typedef struct { 737 __ops_data_t data; 738 } __ops_ss_key_server_prefs_t; 739 740 /** Signature Subpacket : Features */ 741 typedef struct { 742 __ops_data_t data; 743 } __ops_ss_features_t; 744 745 /** Signature Subpacket : Signature Target */ 746 typedef struct { 747 __ops_pubkey_alg_t pka_alg; 748 __ops_hash_alg_t hash_alg; 749 __ops_data_t hash; 750 } __ops_ss_sig_target_t; 751 752 /** Signature Subpacket : Embedded Signature */ 753 typedef struct { 754 __ops_data_t sig; 755 } __ops_ss_embedded_sig_t; 756 757 /** __ops_packet_t */ 758 759 typedef struct __ops_subpacket_t { 760 size_t length; 761 unsigned char *raw; 762 } __ops_subpacket_t; 763 764 /** Types of Compression */ 765 typedef enum { 766 OPS_C_NONE = 0, 767 OPS_C_ZIP = 1, 768 OPS_C_ZLIB = 2, 769 OPS_C_BZIP2 = 3 770 } __ops_compression_type_t; 771 772 /* 773 * unlike most structures, this will feed its data as a stream to the 774 * application instead of directly including it 775 */ 776 /** __ops_compressed_t */ 777 typedef struct { 778 __ops_compression_type_t type; 779 } __ops_compressed_t; 780 781 /** __ops_one_pass_sig_t */ 782 typedef struct { 783 unsigned char version; 784 __ops_sig_type_t sig_type; 785 __ops_hash_alg_t hash_alg; 786 __ops_pubkey_alg_t key_alg; 787 unsigned char keyid[OPS_KEY_ID_SIZE]; 788 bool nested; 789 } __ops_one_pass_sig_t; 790 791 /** Signature Subpacket : Primary User ID */ 792 typedef struct { 793 bool primary_user_id; 794 } __ops_ss_primary_user_id_t; 795 796 /** Signature Subpacket : Regexp */ 797 typedef struct { 798 char *regexp; 799 } __ops_ss_regexp_t; 800 801 /** Signature Subpacket : Policy URL */ 802 typedef struct { 803 char *url; 804 } __ops_ss_policy_t; 805 806 /** Signature Subpacket : Preferred Key Server */ 807 typedef struct { 808 char *name; 809 } __ops_ss_pref_keyserv_t; 810 811 /** Signature Subpacket : Revocation Key */ 812 typedef struct { 813 unsigned char class; 814 unsigned char algid; 815 unsigned char fingerprint[20]; 816 } __ops_ss_revocation_key_t; 817 818 /** Signature Subpacket : Revocation Reason */ 819 typedef struct { 820 unsigned char code; 821 char *reason; 822 } __ops_ss_revocation_t; 823 824 /** litdata_type_t */ 825 typedef enum { 826 OPS_LDT_BINARY = 'b', 827 OPS_LDT_TEXT = 't', 828 OPS_LDT_UTF8 = 'u', 829 OPS_LDT_LOCAL = 'l', 830 OPS_LDT_LOCAL2 = '1' 831 } __ops_litdata_type_t; 832 833 /** __ops_litdata_header_t */ 834 typedef struct { 835 __ops_litdata_type_t format; 836 char filename[256]; 837 time_t mtime; 838 } __ops_litdata_header_t; 839 840 /** __ops_litdata_body_t */ 841 typedef struct { 842 unsigned length; 843 unsigned char *data; 844 void *mem; /* __ops_memory_t pointer */ 845 } __ops_litdata_body_t; 846 847 /** __ops_mdc_t */ 848 typedef struct { 849 unsigned char data[20]; /* size of SHA1 hash */ 850 } __ops_mdc_t; 851 852 /** __ops_header_var_t */ 853 typedef struct { 854 char *key; 855 char *value; 856 } __ops_header_var_t; 857 858 /** __ops_headers_t */ 859 typedef struct { 860 __ops_header_var_t *headers; 861 unsigned headerc; 862 } __ops_headers_t; 863 864 /** __ops_armour_header_t */ 865 typedef struct { 866 const char *type; 867 __ops_headers_t headers; 868 } __ops_armour_header_t; 869 870 /** __ops_armour_trailer_t */ 871 typedef struct { 872 const char *type; 873 } __ops_armour_trailer_t; 874 875 /** __ops_cleartext_head_t */ 876 typedef struct { 877 __ops_headers_t headers; 878 } __ops_cleartext_head_t; 879 880 /** __ops_cleartext_body_t */ 881 typedef struct { 882 unsigned length; 883 unsigned char data[8192]; /* \todo fix hard-coded value? */ 884 } __ops_cleartext_body_t; 885 886 /** __ops_cleartext_trailer_t */ 887 typedef struct { 888 struct _ops_hash_t *hash; /* !< This will not have been 889 * finalised, but will have seen all 890 * the cleartext data in canonical 891 * form */ 892 } __ops_cleartext_trailer_t; 893 894 /** __ops_unarmoured_text_t */ 895 typedef struct { 896 unsigned length; 897 unsigned char *data; 898 } __ops_unarmoured_text_t; 899 900 typedef enum { 901 SE_IP_DATA_VERSION = 1 902 } __ops_se_ip_data_version_t; 903 904 typedef enum { 905 OPS_PKSK_V3 = 3 906 } __ops_pk_sesskey_version_t; 907 908 /** __ops_pk_sesskey_parameters_rsa_t */ 909 typedef struct { 910 BIGNUM *encrypted_m; 911 BIGNUM *m; 912 } __ops_pk_sesskey_parameters_rsa_t; 913 914 /** __ops_pk_sesskey_parameters_elgamal_t */ 915 typedef struct { 916 BIGNUM *g_to_k; 917 BIGNUM *encrypted_m; 918 } __ops_pk_sesskey_parameters_elgamal_t; 919 920 /** __ops_pk_sesskey_parameters_t */ 921 typedef union { 922 __ops_pk_sesskey_parameters_rsa_t rsa; 923 __ops_pk_sesskey_parameters_elgamal_t elgamal; 924 } __ops_pk_sesskey_parameters_t; 925 926 /** __ops_pk_sesskey_t */ 927 typedef struct { 928 __ops_pk_sesskey_version_t version; 929 unsigned char key_id[OPS_KEY_ID_SIZE]; 930 __ops_pubkey_alg_t alg; 931 __ops_pk_sesskey_parameters_t parameters; 932 __ops_symm_alg_t symm_alg; 933 unsigned char key[OPS_MAX_KEY_SIZE]; 934 unsigned short checksum; 935 } __ops_pk_sesskey_t; 936 937 /** __ops_seckey_passphrase_t */ 938 typedef struct { 939 const __ops_seckey_t *seckey; 940 char **passphrase; /* point somewhere that gets filled 941 * in to work around constness of 942 * content */ 943 } __ops_seckey_passphrase_t; 944 945 typedef enum { 946 OPS_SE_IP_V1 = 1 947 } __ops_se_ip_version_t; 948 949 /** __ops_se_ip_data_header_t */ 950 typedef struct { 951 __ops_se_ip_version_t version; 952 } __ops_se_ip_data_header_t; 953 954 /** __ops_se_ip_data_body_t */ 955 typedef struct { 956 unsigned length; 957 unsigned char *data; /* \todo remember to free this */ 958 } __ops_se_ip_data_body_t; 959 960 /** __ops_se_data_body_t */ 961 typedef struct { 962 unsigned length; 963 unsigned char data[8192]; /* \todo parameterise this! */ 964 } __ops_se_data_body_t; 965 966 /** __ops_get_seckey_t */ 967 typedef struct { 968 const __ops_seckey_t **seckey; 969 const __ops_pk_sesskey_t *pk_sesskey; 970 } __ops_get_seckey_t; 971 972 /** __ops_parser_union_content_t */ 973 typedef union { 974 __ops_parser_error_t error; 975 __ops_parser_errcode_t errcode; 976 __ops_ptag_t ptag; 977 __ops_pubkey_t pubkey; 978 __ops_trust_t trust; 979 __ops_user_id_t user_id; 980 __ops_user_attribute_t user_attribute; 981 __ops_sig_t sig; 982 __ops_ss_raw_t ss_raw; 983 __ops_ss_trust_t ss_trust; 984 __ops_ss_revocable_t ss_revocable; 985 __ops_ss_time_t ss_time; 986 __ops_ss_key_id_t ss_issuer_key_id; 987 __ops_ss_notation_data_t ss_notation_data; 988 __ops_subpacket_t packet; 989 __ops_compressed_t compressed; 990 __ops_one_pass_sig_t one_pass_sig; 991 __ops_ss_skapref_t ss_skapref; 992 __ops_ss_hashpref_t ss_hashpref; 993 __ops_ss_zpref_t ss_zpref; 994 __ops_ss_key_flags_t ss_key_flags; 995 __ops_ss_key_server_prefs_t ss_key_server_prefs; 996 __ops_ss_primary_user_id_t ss_primary_user_id; 997 __ops_ss_regexp_t ss_regexp; 998 __ops_ss_policy_t ss_policy; 999 __ops_ss_pref_keyserv_t ss_pref_keyserv; 1000 __ops_ss_revocation_key_t ss_revocation_key; 1001 __ops_ss_userdefined_t ss_userdefined; 1002 __ops_ss_unknown_t ss_unknown; 1003 __ops_litdata_header_t litdata_header; 1004 __ops_litdata_body_t litdata_body; 1005 __ops_mdc_t mdc; 1006 __ops_ss_features_t ss_features; 1007 __ops_ss_sig_target_t ss_sig_target; 1008 __ops_ss_embedded_sig_t ss_embedded_sig; 1009 __ops_ss_revocation_t ss_revocation; 1010 __ops_seckey_t seckey; 1011 __ops_user_id_t ss_signer; 1012 __ops_armour_header_t armour_header; 1013 __ops_armour_trailer_t armour_trailer; 1014 __ops_cleartext_head_t cleartext_head; 1015 __ops_cleartext_body_t cleartext_body; 1016 __ops_cleartext_trailer_t cleartext_trailer; 1017 __ops_unarmoured_text_t unarmoured_text; 1018 __ops_pk_sesskey_t pk_sesskey; 1019 __ops_seckey_passphrase_t skey_passphrase; 1020 __ops_se_ip_data_header_t se_ip_data_header; 1021 __ops_se_ip_data_body_t se_ip_data_body; 1022 __ops_se_data_body_t se_data_body; 1023 __ops_get_seckey_t get_seckey; 1024 } __ops_parser_content_union_t; 1025 1026 /** __ops_packet_t */ 1027 struct __ops_packet_t { 1028 __ops_content_tag_t tag; /* type of contents */ 1029 unsigned char critical; /* for sig subpackets */ 1030 __ops_parser_content_union_t u; /* union for contents */ 1031 }; 1032 1033 /** __ops_fingerprint_t */ 1034 typedef struct { 1035 unsigned char fingerprint[20]; 1036 unsigned length; 1037 } __ops_fingerprint_t; 1038 1039 void __ops_init(void); 1040 void __ops_finish(void); 1041 void __ops_keyid(unsigned char *, const size_t, const int, 1042 const __ops_pubkey_t *); 1043 void __ops_fingerprint(__ops_fingerprint_t *, const __ops_pubkey_t *); 1044 void __ops_pubkey_free(__ops_pubkey_t *); 1045 void __ops_user_id_free(__ops_user_id_t *); 1046 void __ops_user_attribute_free(__ops_user_attribute_t *); 1047 void __ops_sig_free(__ops_sig_t *); 1048 void __ops_trust_free(__ops_trust_t *); 1049 void __ops_ss_skapref_free(__ops_ss_skapref_t *); 1050 void __ops_ss_hashpref_free(__ops_ss_hashpref_t *); 1051 void __ops_ss_zpref_free(__ops_ss_zpref_t *); 1052 void __ops_ss_key_flags_free(__ops_ss_key_flags_t *); 1053 void __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *); 1054 void __ops_ss_features_free(__ops_ss_features_t *); 1055 void __ops_ss_notation_data_free(__ops_ss_notation_data_t *); 1056 void __ops_ss_policy_free(__ops_ss_policy_t *); 1057 void __ops_ss_pref_keyserv_free(__ops_ss_pref_keyserv_t *); 1058 void __ops_ss_regexp_free(__ops_ss_regexp_t *); 1059 void __ops_ss_userdefined_free(__ops_ss_userdefined_t *); 1060 void __ops_ss_reserved_free(__ops_ss_unknown_t *); 1061 void __ops_ss_revocation_free(__ops_ss_revocation_t *); 1062 void __ops_ss_sig_target_free(__ops_ss_sig_target_t *); 1063 void __ops_ss_embedded_sig_free(__ops_ss_embedded_sig_t *); 1064 1065 void __ops_subpacket_free(__ops_subpacket_t *); 1066 void __ops_parser_content_free(__ops_packet_t *); 1067 void __ops_seckey_free(__ops_seckey_t *); 1068 void __ops_pk_sesskey_free(__ops_pk_sesskey_t *); 1069 1070 int __ops_print_packet(const __ops_packet_t *); 1071 1072 #endif 1073