rpm: rpmpgp.h Source File

00001 #ifndef H_RPMPGP
00002 #define H_RPMPGP
00003 
00013 #include <string.h>
00014 #include <stdio.h>
00015 #include <stdlib.h>
00016 #include <rpm/rpmtypes.h>
00017 #include <rpm/rpmstring.h>
00018 
00019 #ifdef __cplusplus
00020 extern "C" {
00021 #endif
00022 
00025 typedef struct DIGEST_CTX_s * DIGEST_CTX;
00026 
00029 typedef struct pgpDig_s * pgpDig;
00030 
00033 typedef struct pgpDigParams_s * pgpDigParams;
00034 
00035 typedef uint8_t pgpKeyID_t[8];
00036 typedef uint8_t pgpTime_t[4];
00037 
00040 typedef const struct pgpValTbl_s {
00041     int val;
00042     char const * const str;
00043 } * pgpValTbl;
00044  
00052 typedef enum pgpTag_e {
00053     PGPTAG_RESERVED             =  0, 
00054     PGPTAG_PUBLIC_SESSION_KEY   =  1, 
00055     PGPTAG_SIGNATURE            =  2, 
00056     PGPTAG_SYMMETRIC_SESSION_KEY=  3, 
00057     PGPTAG_ONEPASS_SIGNATURE    =  4, 
00058     PGPTAG_SECRET_KEY           =  5, 
00059     PGPTAG_PUBLIC_KEY           =  6, 
00060     PGPTAG_SECRET_SUBKEY        =  7, 
00061     PGPTAG_COMPRESSED_DATA      =  8, 
00062     PGPTAG_SYMMETRIC_DATA       =  9, 
00063     PGPTAG_MARKER               = 10, 
00064     PGPTAG_LITERAL_DATA         = 11, 
00065     PGPTAG_TRUST                = 12, 
00066     PGPTAG_USER_ID              = 13, 
00067     PGPTAG_PUBLIC_SUBKEY        = 14, 
00068     PGPTAG_COMMENT_OLD          = 16, 
00069     PGPTAG_PHOTOID              = 17, 
00070     PGPTAG_ENCRYPTED_MDC        = 18, 
00071     PGPTAG_MDC                  = 19, 
00072     PGPTAG_PRIVATE_60           = 60, 
00073     PGPTAG_COMMENT              = 61, 
00074     PGPTAG_PRIVATE_62           = 62, 
00075     PGPTAG_CONTROL              = 63  
00076 } pgpTag;
00077 
00112 typedef struct pgpPktPubkey_s {
00113     uint8_t version;    
00114     pgpKeyID_t keyid;   
00115     uint8_t algo;               
00116 } pgpPktPubkey;
00117 
00118 
00125 typedef enum pgpSigType_e {
00126     PGPSIGTYPE_BINARY            = 0x00, 
00127     PGPSIGTYPE_TEXT              = 0x01, 
00128     PGPSIGTYPE_STANDALONE        = 0x02, 
00129     PGPSIGTYPE_GENERIC_CERT      = 0x10,
00131     PGPSIGTYPE_PERSONA_CERT      = 0x11,
00133     PGPSIGTYPE_CASUAL_CERT       = 0x12,
00135     PGPSIGTYPE_POSITIVE_CERT     = 0x13,
00137     PGPSIGTYPE_SUBKEY_BINDING    = 0x18, 
00138     PGPSIGTYPE_SIGNED_KEY        = 0x1F, 
00139     PGPSIGTYPE_KEY_REVOKE        = 0x20, 
00140     PGPSIGTYPE_SUBKEY_REVOKE     = 0x28, 
00141     PGPSIGTYPE_CERT_REVOKE       = 0x30, 
00142     PGPSIGTYPE_TIMESTAMP         = 0x40  
00143 } pgpSigType;
00144 
00168 typedef enum pgpPubkeyAlgo_e {
00169     PGPPUBKEYALGO_RSA           =  1,   
00170     PGPPUBKEYALGO_RSA_ENCRYPT   =  2,   
00171     PGPPUBKEYALGO_RSA_SIGN      =  3,   
00172     PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, 
00173     PGPPUBKEYALGO_DSA           = 17,   
00174     PGPPUBKEYALGO_EC            = 18,   
00175     PGPPUBKEYALGO_ECDSA         = 19,   
00176     PGPPUBKEYALGO_ELGAMAL       = 20,   
00177     PGPPUBKEYALGO_DH            = 21    
00178 } pgpPubkeyAlgo;
00179 
00204 typedef enum pgpSymkeyAlgo_e {
00205     PGPSYMKEYALGO_PLAINTEXT     =  0,   
00206     PGPSYMKEYALGO_IDEA          =  1,   
00207     PGPSYMKEYALGO_TRIPLE_DES    =  2,   
00208     PGPSYMKEYALGO_CAST5         =  3,   
00209     PGPSYMKEYALGO_BLOWFISH      =  4,   
00210     PGPSYMKEYALGO_SAFER         =  5,   
00211     PGPSYMKEYALGO_DES_SK        =  6,   
00212     PGPSYMKEYALGO_AES_128       =  7,   
00213     PGPSYMKEYALGO_AES_192       =  8,   
00214     PGPSYMKEYALGO_AES_256       =  9,   
00215     PGPSYMKEYALGO_TWOFISH       = 10,   
00216     PGPSYMKEYALGO_NOENCRYPT     = 110   
00217 } pgpSymkeyAlgo;
00218 
00234 typedef enum pgpCompressAlgo_e {
00235     PGPCOMPRESSALGO_NONE        =  0,   
00236     PGPCOMPRESSALGO_ZIP         =  1,   
00237     PGPCOMPRESSALGO_ZLIB        =  2,   
00238     PGPCOMPRESSALGO_BZIP2       =  3    
00239 } pgpCompressAlgo;
00240 
00262 typedef enum pgpHashAlgo_e {
00263     PGPHASHALGO_MD5             =  1,   
00264     PGPHASHALGO_SHA1            =  2,   
00265     PGPHASHALGO_RIPEMD160       =  3,   
00266     PGPHASHALGO_MD2             =  5,   
00267     PGPHASHALGO_TIGER192        =  6,   
00268     PGPHASHALGO_HAVAL_5_160     =  7,   
00269     PGPHASHALGO_SHA256          =  8,   
00270     PGPHASHALGO_SHA384          =  9,   
00271     PGPHASHALGO_SHA512          = 10,   
00272 } pgpHashAlgo;
00273 
00295 typedef struct pgpPktSigV3_s {
00296     uint8_t version;    
00297     uint8_t hashlen;    
00298     uint8_t sigtype;    
00299     pgpTime_t time;     
00300     pgpKeyID_t signid;  
00301     uint8_t pubkey_algo;        
00302     uint8_t hash_algo;  
00303     uint8_t signhash16[2];      
00304 } * pgpPktSigV3;
00305 
00327 typedef struct pgpPktSigV4_s {
00328     uint8_t version;    
00329     uint8_t sigtype;    
00330     uint8_t pubkey_algo;        
00331     uint8_t hash_algo;  
00332     uint8_t hashlen[2]; 
00333 } * pgpPktSigV4;
00334 
00401 typedef enum pgpSubType_e {
00402     PGPSUBTYPE_NONE             =   0, 
00403     PGPSUBTYPE_SIG_CREATE_TIME  =   2, 
00404     PGPSUBTYPE_SIG_EXPIRE_TIME  =   3, 
00405     PGPSUBTYPE_EXPORTABLE_CERT  =   4, 
00406     PGPSUBTYPE_TRUST_SIG        =   5, 
00407     PGPSUBTYPE_REGEX            =   6, 
00408     PGPSUBTYPE_REVOCABLE        =   7, 
00409     PGPSUBTYPE_KEY_EXPIRE_TIME  =   9, 
00410     PGPSUBTYPE_ARR              =  10, 
00411     PGPSUBTYPE_PREFER_SYMKEY    =  11, 
00412     PGPSUBTYPE_REVOKE_KEY       =  12, 
00413     PGPSUBTYPE_ISSUER_KEYID     =  16, 
00414     PGPSUBTYPE_NOTATION         =  20, 
00415     PGPSUBTYPE_PREFER_HASH      =  21, 
00416     PGPSUBTYPE_PREFER_COMPRESS  =  22, 
00417     PGPSUBTYPE_KEYSERVER_PREFERS=  23, 
00418     PGPSUBTYPE_PREFER_KEYSERVER =  24, 
00419     PGPSUBTYPE_PRIMARY_USERID   =  25, 
00420     PGPSUBTYPE_POLICY_URL       =  26, 
00421     PGPSUBTYPE_KEY_FLAGS        =  27, 
00422     PGPSUBTYPE_SIGNER_USERID    =  28, 
00423     PGPSUBTYPE_REVOKE_REASON    =  29, 
00424     PGPSUBTYPE_FEATURES         =  30, 
00425     PGPSUBTYPE_EMBEDDED_SIG     =  32, 
00427     PGPSUBTYPE_INTERNAL_100     = 100, 
00428     PGPSUBTYPE_INTERNAL_101     = 101, 
00429     PGPSUBTYPE_INTERNAL_102     = 102, 
00430     PGPSUBTYPE_INTERNAL_103     = 103, 
00431     PGPSUBTYPE_INTERNAL_104     = 104, 
00432     PGPSUBTYPE_INTERNAL_105     = 105, 
00433     PGPSUBTYPE_INTERNAL_106     = 106, 
00434     PGPSUBTYPE_INTERNAL_107     = 107, 
00435     PGPSUBTYPE_INTERNAL_108     = 108, 
00436     PGPSUBTYPE_INTERNAL_109     = 109, 
00437     PGPSUBTYPE_INTERNAL_110     = 110, 
00439     PGPSUBTYPE_CRITICAL         = 128  
00440 } pgpSubType;
00441 
00462 typedef union pgpPktSig_u {
00463     struct pgpPktSigV3_s v3;
00464     struct pgpPktSigV4_s v4;
00465 } * pgpPktSig;
00466 
00495 typedef struct pgpPktSymkey_s {
00496     uint8_t version;    
00497     uint8_t symkey_algo;
00498     uint8_t s2k[1];
00499 } pgpPktSymkey;
00500 
00530 typedef struct pgpPktOnepass_s {
00531     uint8_t version;    
00532     uint8_t sigtype;    
00533     uint8_t hash_algo;  
00534     uint8_t pubkey_algo;        
00535     pgpKeyID_t signid;  
00536     uint8_t nested;
00537 } * pgpPktOnepass;
00538 
00611 typedef struct pgpPktKeyV3_s {
00612     uint8_t version;    
00613     pgpTime_t time;     
00614     uint8_t valid[2];   
00615     uint8_t pubkey_algo;        
00616 } * pgpPktKeyV3;
00617 
00649 typedef struct pgpPktKeyV4_s {
00650     uint8_t version;    
00651     pgpTime_t time;     
00652     uint8_t pubkey_algo;        
00653 } * pgpPktKeyV4;
00654 
00719 typedef union pgpPktKey_u {
00720     struct pgpPktKeyV3_s v3;
00721     struct pgpPktKeyV4_s v4;
00722 } pgpPktKey;
00723 
00724 /* \ingroup rpmpgp
00725  * 5.6. Compressed Data Packet (Tag 8)
00726  *
00727  * The Compressed Data packet contains compressed data. Typically, this
00728  * packet is found as the contents of an encrypted packet, or following
00729  * a Signature or One-Pass Signature packet, and contains literal data
00730  * packets.
00731  *
00732  * The body of this packet consists of:
00733  *   - One octet that gives the algorithm used to compress the packet.
00734  *   - The remainder of the packet is compressed data.
00735  *
00736  * A Compressed Data Packet's body contains an block that compresses
00737  * some set of packets. See section "Packet Composition" for details on
00738  * how messages are formed.
00739  *
00740  * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
00741  * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
00742  * implementation uses more bits of compression, PGP V2.6 cannot
00743  * decompress it.
00744  *
00745  * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
00746  * blocks.
00747  */
00748 typedef struct pgpPktCdata_s {
00749     uint8_t compressalgo;
00750     uint8_t data[1];
00751 } pgpPktCdata;
00752 
00753 /* \ingroup rpmpgp
00754  * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
00755  *
00756  * The Symmetrically Encrypted Data packet contains data encrypted with
00757  * a symmetric-key algorithm. When it has been decrypted, it will
00758  * typically contain other packets (often literal data packets or
00759  * compressed data packets).
00760  *
00761  * The body of this packet consists of:
00762  *   - Encrypted data, the output of the selected symmetric-key cipher
00763  *     operating in PGP's variant of Cipher Feedback (CFB) mode.
00764  *
00765  * The symmetric cipher used may be specified in an Public-Key or
00766  * Symmetric-Key Encrypted Session Key packet that precedes the
00767  * Symmetrically Encrypted Data Packet.  In that case, the cipher
00768  * algorithm octet is prefixed to the session key before it is
00769  * encrypted.  If no packets of these types precede the encrypted data,
00770  * the IDEA algorithm is used with the session key calculated as the MD5
00771  * hash of the passphrase.
00772  *
00773  * The data is encrypted in CFB mode, with a CFB shift size equal to the
00774  * cipher's block size.  The Initial Vector (IV) is specified as all
00775  * zeros.  Instead of using an IV, OpenPGP prefixes a 10-octet string to
00776  * the data before it is encrypted.  The first eight octets are random,
00777  * and the 9th and 10th octets are copies of the 7th and 8th octets,
00778  * respectively. After encrypting the first 10 octets, the CFB state is
00779  * resynchronized if the cipher block size is 8 octets or less.  The
00780  * last 8 octets of ciphertext are passed through the cipher and the
00781  * block boundary is reset.
00782  *
00783  * The repetition of 16 bits in the 80 bits of random data prefixed to
00784  * the message allows the receiver to immediately check whether the
00785  * session key is incorrect.
00786  */
00787 typedef struct pgpPktEdata_s {
00788     uint8_t data[1];
00789 } pgpPktEdata;
00790 
00791 /* \ingroup rpmpgp
00792  * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
00793  *
00794  * An experimental version of PGP used this packet as the Literal
00795  * packet, but no released version of PGP generated Literal packets with
00796  * this tag. With PGP 5.x, this packet has been re-assigned and is
00797  * reserved for use as the Marker packet.
00798  *
00799  * The body of this packet consists of:
00800  *   - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
00801  *
00802  * Such a packet MUST be ignored when received.  It may be placed at the
00803  * beginning of a message that uses features not available in PGP 2.6.x
00804  * in order to cause that version to report that newer software is
00805  * necessary to process the message.
00806  */
00807 /* \ingroup rpmpgp
00808  * 5.9. Literal Data Packet (Tag 11)
00809  *
00810  * A Literal Data packet contains the body of a message; data that is
00811  * not to be further interpreted.
00812  *
00813  * The body of this packet consists of:
00814  *   - A one-octet field that describes how the data is formatted.
00815  *
00816  * If it is a 'b' (0x62), then the literal packet contains binary data.
00817  * If it is a 't' (0x74), then it contains text data, and thus may need
00818  * line ends converted to local form, or other text-mode changes.  RFC
00819  * 1991 also defined a value of 'l' as a 'local' mode for machine-local
00820  * conversions.  This use is now deprecated.
00821  *   - File name as a string (one-octet length, followed by file name),
00822  *     if the encrypted data should be saved as a file.
00823  *
00824  * If the special name "_CONSOLE" is used, the message is considered to
00825  * be "for your eyes only".  This advises that the message data is
00826  * unusually sensitive, and the receiving program should process it more
00827  * carefully, perhaps avoiding storing the received data to disk, for
00828  * example.
00829  *   - A four-octet number that indicates the modification date of the
00830  *     file, or the creation time of the packet, or a zero that
00831  *     indicates the present time.
00832  *   - The remainder of the packet is literal data.
00833  *
00834  * Text data is stored with <CR><LF> text endings (i.e. network-normal
00835  * line endings).  These should be converted to native line endings by
00836  * the receiving software.
00837  */
00838 typedef struct pgpPktLdata_s {
00839     uint8_t format;
00840     uint8_t filenamelen;
00841     uint8_t filename[1];
00842 } pgpPktLdata;
00843 
00844 /* \ingroup rpmpgp
00845  * 5.10. Trust Packet (Tag 12)
00846  *
00847  * The Trust packet is used only within keyrings and is not normally
00848  * exported.  Trust packets contain data that record the user's
00849  * specifications of which key holders are trustworthy introducers,
00850  * along with other information that implementing software uses for
00851  * trust information.
00852  *
00853  * Trust packets SHOULD NOT be emitted to output streams that are
00854  * transferred to other users, and they SHOULD be ignored on any input
00855  * other than local keyring files.
00856  */
00857 typedef struct pgpPktTrust_s {
00858     uint8_t flag;
00859 } pgpPktTrust;
00860 
00861 /* \ingroup rpmpgp
00862  * 5.11. User ID Packet (Tag 13)
00863  *
00864  * A User ID packet consists of data that is intended to represent the
00865  * name and email address of the key holder.  By convention, it includes
00866  * an RFC 822 mail name, but there are no restrictions on its content.
00867  * The packet length in the header specifies the length of the user id.
00868  * If it is text, it is encoded in UTF-8.
00869  *
00870  */
00871 typedef struct pgpPktUid_s {
00872     uint8_t userid[1];
00873 } pgpPktUid;
00874 
00877 union pgpPktPre_u {
00878     pgpPktPubkey pubkey;        
00879     pgpPktSig sig;              
00880     pgpPktSymkey symkey;        
00881     pgpPktOnepass onepass;      
00882     pgpPktKey key;              
00883     pgpPktCdata cdata;          
00884     pgpPktEdata edata;          
00886     pgpPktLdata ldata;          
00887     pgpPktTrust tdata;          
00888     pgpPktUid uid;              
00889 };
00890 
00893 typedef enum pgpArmor_e {
00894     PGPARMOR_ERR_CRC_CHECK              = -7,
00895     PGPARMOR_ERR_BODY_DECODE            = -6,
00896     PGPARMOR_ERR_CRC_DECODE             = -5,
00897     PGPARMOR_ERR_NO_END_PGP             = -4,
00898     PGPARMOR_ERR_UNKNOWN_PREAMBLE_TAG   = -3,
00899     PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE     = -2,
00900     PGPARMOR_ERR_NO_BEGIN_PGP           = -1,
00901 #define PGPARMOR_ERROR  PGPARMOR_ERR_NO_BEGIN_PGP
00902     PGPARMOR_NONE               =  0,
00903     PGPARMOR_MESSAGE            =  1, 
00904     PGPARMOR_PUBKEY             =  2, 
00905     PGPARMOR_SIGNATURE          =  3, 
00906     PGPARMOR_SIGNED_MESSAGE     =  4, 
00907     PGPARMOR_FILE               =  5, 
00908     PGPARMOR_PRIVKEY            =  6, 
00909     PGPARMOR_SECKEY             =  7  
00910 } pgpArmor;
00911 
00914 typedef enum pgpArmorKey_e {
00915     PGPARMORKEY_VERSION         = 1, 
00916     PGPARMORKEY_COMMENT         = 2, 
00917     PGPARMORKEY_MESSAGEID       = 3, 
00918     PGPARMORKEY_HASH            = 4, 
00919     PGPARMORKEY_CHARSET         = 5  
00920 } pgpArmorKey;
00921 
00925 typedef enum rpmDigestFlags_e {
00926     RPMDIGEST_NONE      = 0
00927 } rpmDigestFlags;
00928 
00929 
00936 static inline
00937 unsigned int pgpGrab(const uint8_t *s, size_t nbytes)
00938 {
00939     size_t i = 0;
00940     size_t nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
00941     while (nb--)
00942         i = (i << 8) | *s++;
00943     return i;
00944 }
00945 
00952 static inline
00953 size_t pgpLen(const uint8_t *s, size_t * lenp)
00954 {
00955     if (*s < 192) {
00956         (*lenp) = *s++;
00957         return 1;
00958     } else if (*s < 255) {
00959         (*lenp) = ((((unsigned)s[0]) - 192) << 8) + s[1] + 192;
00960         return 2;
00961     } else {
00962         (*lenp) = pgpGrab(s+1, (size_t) 4);
00963         return 5;
00964     }
00965 }
00966 
00973 char * pgpHexStr(const uint8_t *p, size_t plen);
00974 
00983 int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
00984                 pgpKeyID_t keyid);
00985 
00993 int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid);
00994 
01003 int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
01004 
01012 pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen);
01013 
01021 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns);
01022 
01027 pgpDig pgpNewDig(void);
01028 
01033 void pgpCleanDig(pgpDig dig);
01034 
01040 pgpDig pgpFreeDig(pgpDig dig);
01041 
01049 int rpmInitCrypto(void);
01050 
01054 int rpmFreeCrypto(void);
01055 
01061 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx);
01062 
01068 size_t rpmDigestLength(pgpHashAlgo hashalgo);
01069 
01077 DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags);
01078 
01086 int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len);
01087 
01099 int rpmDigestFinal(DIGEST_CTX ctx,
01100         void ** datap,
01101         size_t * lenp, int asAscii);
01102 
01103 #ifdef __cplusplus
01104 }
01105 #endif
01106 
01107 #endif  /* H_RPMPGP */