rpm 4.9.1
|
00001 #ifndef H_RPMPGP 00002 #define H_RPMPGP 00003 00013 #include <string.h> 00014 #include <stdio.h> 00015 #include <stdlib.h> 00016 #include <rpm/rpmtypes.h> 00017 #include <rpm/rpmstring.h> 00018 00019 #ifdef __cplusplus 00020 extern "C" { 00021 #endif 00022 00025 typedef struct DIGEST_CTX_s * DIGEST_CTX; 00026 typedef struct rpmDigestBundle_s * rpmDigestBundle; 00027 00030 typedef struct pgpDig_s * pgpDig; 00031 00034 typedef struct pgpDigParams_s * pgpDigParams; 00035 00036 typedef uint8_t pgpKeyID_t[8]; 00037 typedef uint8_t pgpTime_t[4]; 00038 00046 typedef enum pgpTag_e { 00047 PGPTAG_RESERVED = 0, 00048 PGPTAG_PUBLIC_SESSION_KEY = 1, 00049 PGPTAG_SIGNATURE = 2, 00050 PGPTAG_SYMMETRIC_SESSION_KEY= 3, 00051 PGPTAG_ONEPASS_SIGNATURE = 4, 00052 PGPTAG_SECRET_KEY = 5, 00053 PGPTAG_PUBLIC_KEY = 6, 00054 PGPTAG_SECRET_SUBKEY = 7, 00055 PGPTAG_COMPRESSED_DATA = 8, 00056 PGPTAG_SYMMETRIC_DATA = 9, 00057 PGPTAG_MARKER = 10, 00058 PGPTAG_LITERAL_DATA = 11, 00059 PGPTAG_TRUST = 12, 00060 PGPTAG_USER_ID = 13, 00061 PGPTAG_PUBLIC_SUBKEY = 14, 00062 PGPTAG_COMMENT_OLD = 16, 00063 PGPTAG_PHOTOID = 17, 00064 PGPTAG_ENCRYPTED_MDC = 18, 00065 PGPTAG_MDC = 19, 00066 PGPTAG_PRIVATE_60 = 60, 00067 PGPTAG_COMMENT = 61, 00068 PGPTAG_PRIVATE_62 = 62, 00069 PGPTAG_CONTROL = 63 00070 } pgpTag; 00071 00106 typedef struct pgpPktPubkey_s { 00107 uint8_t version; 00108 pgpKeyID_t keyid; 00109 uint8_t algo; 00110 } pgpPktPubkey; 00111 00112 00119 typedef enum pgpSigType_e { 00120 PGPSIGTYPE_BINARY = 0x00, 00121 PGPSIGTYPE_TEXT = 0x01, 00122 PGPSIGTYPE_STANDALONE = 0x02, 00123 PGPSIGTYPE_GENERIC_CERT = 0x10, 00125 PGPSIGTYPE_PERSONA_CERT = 0x11, 00127 PGPSIGTYPE_CASUAL_CERT = 0x12, 00129 PGPSIGTYPE_POSITIVE_CERT = 0x13, 00131 PGPSIGTYPE_SUBKEY_BINDING = 0x18, 00132 PGPSIGTYPE_SIGNED_KEY = 0x1F, 00133 PGPSIGTYPE_KEY_REVOKE = 0x20, 00134 PGPSIGTYPE_SUBKEY_REVOKE = 0x28, 00135 PGPSIGTYPE_CERT_REVOKE = 0x30, 00136 PGPSIGTYPE_TIMESTAMP = 0x40 00137 } pgpSigType; 00138 00162 typedef enum pgpPubkeyAlgo_e { 00163 PGPPUBKEYALGO_RSA = 1, 00164 PGPPUBKEYALGO_RSA_ENCRYPT = 2, 00165 PGPPUBKEYALGO_RSA_SIGN = 3, 00166 PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, 00167 PGPPUBKEYALGO_DSA = 17, 00168 PGPPUBKEYALGO_EC = 18, 00169 PGPPUBKEYALGO_ECDSA = 19, 00170 PGPPUBKEYALGO_ELGAMAL = 20, 00171 PGPPUBKEYALGO_DH = 21 00172 } pgpPubkeyAlgo; 00173 00198 typedef enum pgpSymkeyAlgo_e { 00199 PGPSYMKEYALGO_PLAINTEXT = 0, 00200 PGPSYMKEYALGO_IDEA = 1, 00201 PGPSYMKEYALGO_TRIPLE_DES = 2, 00202 PGPSYMKEYALGO_CAST5 = 3, 00203 PGPSYMKEYALGO_BLOWFISH = 4, 00204 PGPSYMKEYALGO_SAFER = 5, 00205 PGPSYMKEYALGO_DES_SK = 6, 00206 PGPSYMKEYALGO_AES_128 = 7, 00207 PGPSYMKEYALGO_AES_192 = 8, 00208 PGPSYMKEYALGO_AES_256 = 9, 00209 PGPSYMKEYALGO_TWOFISH = 10, 00210 PGPSYMKEYALGO_NOENCRYPT = 110 00211 } pgpSymkeyAlgo; 00212 00228 typedef enum pgpCompressAlgo_e { 00229 PGPCOMPRESSALGO_NONE = 0, 00230 PGPCOMPRESSALGO_ZIP = 1, 00231 PGPCOMPRESSALGO_ZLIB = 2, 00232 PGPCOMPRESSALGO_BZIP2 = 3 00233 } pgpCompressAlgo; 00234 00256 typedef enum pgpHashAlgo_e { 00257 PGPHASHALGO_MD5 = 1, 00258 PGPHASHALGO_SHA1 = 2, 00259 PGPHASHALGO_RIPEMD160 = 3, 00260 PGPHASHALGO_MD2 = 5, 00261 PGPHASHALGO_TIGER192 = 6, 00262 PGPHASHALGO_HAVAL_5_160 = 7, 00263 PGPHASHALGO_SHA256 = 8, 00264 PGPHASHALGO_SHA384 = 9, 00265 PGPHASHALGO_SHA512 = 10, 00266 PGPHASHALGO_SHA224 = 11, 00267 } pgpHashAlgo; 00268 00290 typedef struct pgpPktSigV3_s { 00291 uint8_t version; 00292 uint8_t hashlen; 00293 uint8_t sigtype; 00294 pgpTime_t time; 00295 pgpKeyID_t signid; 00296 uint8_t pubkey_algo; 00297 uint8_t hash_algo; 00298 uint8_t signhash16[2]; 00299 } * pgpPktSigV3; 00300 00322 typedef struct pgpPktSigV4_s { 00323 uint8_t version; 00324 uint8_t sigtype; 00325 uint8_t pubkey_algo; 00326 uint8_t hash_algo; 00327 uint8_t hashlen[2]; 00328 } * pgpPktSigV4; 00329 00396 typedef enum pgpSubType_e { 00397 PGPSUBTYPE_NONE = 0, 00398 PGPSUBTYPE_SIG_CREATE_TIME = 2, 00399 PGPSUBTYPE_SIG_EXPIRE_TIME = 3, 00400 PGPSUBTYPE_EXPORTABLE_CERT = 4, 00401 PGPSUBTYPE_TRUST_SIG = 5, 00402 PGPSUBTYPE_REGEX = 6, 00403 PGPSUBTYPE_REVOCABLE = 7, 00404 PGPSUBTYPE_KEY_EXPIRE_TIME = 9, 00405 PGPSUBTYPE_ARR = 10, 00406 PGPSUBTYPE_PREFER_SYMKEY = 11, 00407 PGPSUBTYPE_REVOKE_KEY = 12, 00408 PGPSUBTYPE_ISSUER_KEYID = 16, 00409 PGPSUBTYPE_NOTATION = 20, 00410 PGPSUBTYPE_PREFER_HASH = 21, 00411 PGPSUBTYPE_PREFER_COMPRESS = 22, 00412 PGPSUBTYPE_KEYSERVER_PREFERS= 23, 00413 PGPSUBTYPE_PREFER_KEYSERVER = 24, 00414 PGPSUBTYPE_PRIMARY_USERID = 25, 00415 PGPSUBTYPE_POLICY_URL = 26, 00416 PGPSUBTYPE_KEY_FLAGS = 27, 00417 PGPSUBTYPE_SIGNER_USERID = 28, 00418 PGPSUBTYPE_REVOKE_REASON = 29, 00419 PGPSUBTYPE_FEATURES = 30, 00420 PGPSUBTYPE_EMBEDDED_SIG = 32, 00422 PGPSUBTYPE_INTERNAL_100 = 100, 00423 PGPSUBTYPE_INTERNAL_101 = 101, 00424 PGPSUBTYPE_INTERNAL_102 = 102, 00425 PGPSUBTYPE_INTERNAL_103 = 103, 00426 PGPSUBTYPE_INTERNAL_104 = 104, 00427 PGPSUBTYPE_INTERNAL_105 = 105, 00428 PGPSUBTYPE_INTERNAL_106 = 106, 00429 PGPSUBTYPE_INTERNAL_107 = 107, 00430 PGPSUBTYPE_INTERNAL_108 = 108, 00431 PGPSUBTYPE_INTERNAL_109 = 109, 00432 PGPSUBTYPE_INTERNAL_110 = 110, 00434 PGPSUBTYPE_CRITICAL = 128 00435 } pgpSubType; 00436 00457 typedef union pgpPktSig_u { 00458 struct pgpPktSigV3_s v3; 00459 struct pgpPktSigV4_s v4; 00460 } * pgpPktSig; 00461 00490 typedef struct pgpPktSymkey_s { 00491 uint8_t version; 00492 uint8_t symkey_algo; 00493 uint8_t s2k[1]; 00494 } pgpPktSymkey; 00495 00525 typedef struct pgpPktOnepass_s { 00526 uint8_t version; 00527 uint8_t sigtype; 00528 uint8_t hash_algo; 00529 uint8_t pubkey_algo; 00530 pgpKeyID_t signid; 00531 uint8_t nested; 00532 } * pgpPktOnepass; 00533 00606 typedef struct pgpPktKeyV3_s { 00607 uint8_t version; 00608 pgpTime_t time; 00609 uint8_t valid[2]; 00610 uint8_t pubkey_algo; 00611 } * pgpPktKeyV3; 00612 00644 typedef struct pgpPktKeyV4_s { 00645 uint8_t version; 00646 pgpTime_t time; 00647 uint8_t pubkey_algo; 00648 } * pgpPktKeyV4; 00649 00714 typedef union pgpPktKey_u { 00715 struct pgpPktKeyV3_s v3; 00716 struct pgpPktKeyV4_s v4; 00717 } pgpPktKey; 00718 00719 /* \ingroup rpmpgp 00720 * 5.6. Compressed Data Packet (Tag 8) 00721 * 00722 * The Compressed Data packet contains compressed data. Typically, this 00723 * packet is found as the contents of an encrypted packet, or following 00724 * a Signature or One-Pass Signature packet, and contains literal data 00725 * packets. 00726 * 00727 * The body of this packet consists of: 00728 * - One octet that gives the algorithm used to compress the packet. 00729 * - The remainder of the packet is compressed data. 00730 * 00731 * A Compressed Data Packet's body contains an block that compresses 00732 * some set of packets. See section "Packet Composition" for details on 00733 * how messages are formed. 00734 * 00735 * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE 00736 * blocks. Note that PGP V2.6 uses 13 bits of compression. If an 00737 * implementation uses more bits of compression, PGP V2.6 cannot 00738 * decompress it. 00739 * 00740 * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style 00741 * blocks. 00742 */ 00743 typedef struct pgpPktCdata_s { 00744 uint8_t compressalgo; 00745 uint8_t data[1]; 00746 } pgpPktCdata; 00747 00748 /* \ingroup rpmpgp 00749 * 5.7. Symmetrically Encrypted Data Packet (Tag 9) 00750 * 00751 * The Symmetrically Encrypted Data packet contains data encrypted with 00752 * a symmetric-key algorithm. When it has been decrypted, it will 00753 * typically contain other packets (often literal data packets or 00754 * compressed data packets). 00755 * 00756 * The body of this packet consists of: 00757 * - Encrypted data, the output of the selected symmetric-key cipher 00758 * operating in PGP's variant of Cipher Feedback (CFB) mode. 00759 * 00760 * The symmetric cipher used may be specified in an Public-Key or 00761 * Symmetric-Key Encrypted Session Key packet that precedes the 00762 * Symmetrically Encrypted Data Packet. In that case, the cipher 00763 * algorithm octet is prefixed to the session key before it is 00764 * encrypted. If no packets of these types precede the encrypted data, 00765 * the IDEA algorithm is used with the session key calculated as the MD5 00766 * hash of the passphrase. 00767 * 00768 * The data is encrypted in CFB mode, with a CFB shift size equal to the 00769 * cipher's block size. The Initial Vector (IV) is specified as all 00770 * zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to 00771 * the data before it is encrypted. The first eight octets are random, 00772 * and the 9th and 10th octets are copies of the 7th and 8th octets, 00773 * respectively. After encrypting the first 10 octets, the CFB state is 00774 * resynchronized if the cipher block size is 8 octets or less. The 00775 * last 8 octets of ciphertext are passed through the cipher and the 00776 * block boundary is reset. 00777 * 00778 * The repetition of 16 bits in the 80 bits of random data prefixed to 00779 * the message allows the receiver to immediately check whether the 00780 * session key is incorrect. 00781 */ 00782 typedef struct pgpPktEdata_s { 00783 uint8_t data[1]; 00784 } pgpPktEdata; 00785 00786 /* \ingroup rpmpgp 00787 * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10) 00788 * 00789 * An experimental version of PGP used this packet as the Literal 00790 * packet, but no released version of PGP generated Literal packets with 00791 * this tag. With PGP 5.x, this packet has been re-assigned and is 00792 * reserved for use as the Marker packet. 00793 * 00794 * The body of this packet consists of: 00795 * - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). 00796 * 00797 * Such a packet MUST be ignored when received. It may be placed at the 00798 * beginning of a message that uses features not available in PGP 2.6.x 00799 * in order to cause that version to report that newer software is 00800 * necessary to process the message. 00801 */ 00802 /* \ingroup rpmpgp 00803 * 5.9. Literal Data Packet (Tag 11) 00804 * 00805 * A Literal Data packet contains the body of a message; data that is 00806 * not to be further interpreted. 00807 * 00808 * The body of this packet consists of: 00809 * - A one-octet field that describes how the data is formatted. 00810 * 00811 * If it is a 'b' (0x62), then the literal packet contains binary data. 00812 * If it is a 't' (0x74), then it contains text data, and thus may need 00813 * line ends converted to local form, or other text-mode changes. RFC 00814 * 1991 also defined a value of 'l' as a 'local' mode for machine-local 00815 * conversions. This use is now deprecated. 00816 * - File name as a string (one-octet length, followed by file name), 00817 * if the encrypted data should be saved as a file. 00818 * 00819 * If the special name "_CONSOLE" is used, the message is considered to 00820 * be "for your eyes only". This advises that the message data is 00821 * unusually sensitive, and the receiving program should process it more 00822 * carefully, perhaps avoiding storing the received data to disk, for 00823 * example. 00824 * - A four-octet number that indicates the modification date of the 00825 * file, or the creation time of the packet, or a zero that 00826 * indicates the present time. 00827 * - The remainder of the packet is literal data. 00828 * 00829 * Text data is stored with <CR><LF> text endings (i.e. network-normal 00830 * line endings). These should be converted to native line endings by 00831 * the receiving software. 00832 */ 00833 typedef struct pgpPktLdata_s { 00834 uint8_t format; 00835 uint8_t filenamelen; 00836 uint8_t filename[1]; 00837 } pgpPktLdata; 00838 00839 /* \ingroup rpmpgp 00840 * 5.10. Trust Packet (Tag 12) 00841 * 00842 * The Trust packet is used only within keyrings and is not normally 00843 * exported. Trust packets contain data that record the user's 00844 * specifications of which key holders are trustworthy introducers, 00845 * along with other information that implementing software uses for 00846 * trust information. 00847 * 00848 * Trust packets SHOULD NOT be emitted to output streams that are 00849 * transferred to other users, and they SHOULD be ignored on any input 00850 * other than local keyring files. 00851 */ 00852 typedef struct pgpPktTrust_s { 00853 uint8_t flag; 00854 } pgpPktTrust; 00855 00856 /* \ingroup rpmpgp 00857 * 5.11. User ID Packet (Tag 13) 00858 * 00859 * A User ID packet consists of data that is intended to represent the 00860 * name and email address of the key holder. By convention, it includes 00861 * an RFC 822 mail name, but there are no restrictions on its content. 00862 * The packet length in the header specifies the length of the user id. 00863 * If it is text, it is encoded in UTF-8. 00864 * 00865 */ 00866 typedef struct pgpPktUid_s { 00867 uint8_t userid[1]; 00868 } pgpPktUid; 00869 00872 union pgpPktPre_u { 00873 pgpPktPubkey pubkey; 00874 pgpPktSig sig; 00875 pgpPktSymkey symkey; 00876 pgpPktOnepass onepass; 00877 pgpPktKey key; 00878 pgpPktCdata cdata; 00879 pgpPktEdata edata; 00881 pgpPktLdata ldata; 00882 pgpPktTrust tdata; 00883 pgpPktUid uid; 00884 }; 00885 00888 typedef enum pgpArmor_e { 00889 PGPARMOR_ERR_CRC_CHECK = -7, 00890 PGPARMOR_ERR_BODY_DECODE = -6, 00891 PGPARMOR_ERR_CRC_DECODE = -5, 00892 PGPARMOR_ERR_NO_END_PGP = -4, 00893 PGPARMOR_ERR_UNKNOWN_PREAMBLE_TAG = -3, 00894 PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE = -2, 00895 PGPARMOR_ERR_NO_BEGIN_PGP = -1, 00896 #define PGPARMOR_ERROR PGPARMOR_ERR_NO_BEGIN_PGP 00897 PGPARMOR_NONE = 0, 00898 PGPARMOR_MESSAGE = 1, 00899 PGPARMOR_PUBKEY = 2, 00900 PGPARMOR_SIGNATURE = 3, 00901 PGPARMOR_SIGNED_MESSAGE = 4, 00902 PGPARMOR_FILE = 5, 00903 PGPARMOR_PRIVKEY = 6, 00904 PGPARMOR_SECKEY = 7 00905 } pgpArmor; 00906 00909 typedef enum pgpArmorKey_e { 00910 PGPARMORKEY_VERSION = 1, 00911 PGPARMORKEY_COMMENT = 2, 00912 PGPARMORKEY_MESSAGEID = 3, 00913 PGPARMORKEY_HASH = 4, 00914 PGPARMORKEY_CHARSET = 5 00915 } pgpArmorKey; 00916 00917 typedef enum pgpValType_e { 00918 PGPVAL_TAG = 1, 00919 PGPVAL_ARMORBLOCK = 2, 00920 PGPVAL_ARMORKEY = 3, 00921 PGPVAL_SIGTYPE = 4, 00922 PGPVAL_SUBTYPE = 5, 00923 PGPVAL_PUBKEYALGO = 6, 00924 PGPVAL_SYMKEYALGO = 7, 00925 PGPVAL_COMPRESSALGO = 8, 00926 PGPVAL_HASHALGO = 9, 00927 PGPVAL_SERVERPREFS = 10, 00928 } pgpValType; 00929 00933 enum rpmDigestFlags_e { 00934 RPMDIGEST_NONE = 0 00935 }; 00936 00937 typedef rpmFlags rpmDigestFlags; 00938 00945 const char * pgpValString(pgpValType type, uint8_t val); 00946 00953 static inline 00954 unsigned int pgpGrab(const uint8_t *s, size_t nbytes) 00955 { 00956 size_t i = 0; 00957 size_t nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i)); 00958 while (nb--) 00959 i = (i << 8) | *s++; 00960 return i; 00961 } 00962 00969 static inline 00970 size_t pgpLen(const uint8_t *s, size_t * lenp) 00971 { 00972 if (*s < 192) { 00973 (*lenp) = *s++; 00974 return 1; 00975 } else if (*s < 255) { 00976 (*lenp) = ((((unsigned)s[0]) - 192) << 8) + s[1] + 192; 00977 return 2; 00978 } else { 00979 (*lenp) = pgpGrab(s+1, (size_t) 4); 00980 return 5; 00981 } 00982 } 00983 00990 char * pgpHexStr(const uint8_t *p, size_t plen); 00991 01000 int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen, 01001 pgpKeyID_t keyid); 01002 01010 int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid); 01011 01020 int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing); 01021 01029 pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen); 01030 01038 pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen); 01039 01047 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns); 01048 01053 pgpDig pgpNewDig(void); 01054 01059 void pgpCleanDig(pgpDig dig); 01060 01066 pgpDig pgpFreeDig(pgpDig dig); 01067 01074 rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx); 01075 01081 char *pgpIdentItem(pgpDigParams digp); 01082 01090 int rpmInitCrypto(void); 01091 01095 int rpmFreeCrypto(void); 01096 01102 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx); 01103 01109 size_t rpmDigestLength(int hashalgo); 01110 01118 DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags); 01119 01127 int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len); 01128 01140 int rpmDigestFinal(DIGEST_CTX ctx, 01141 void ** datap, 01142 size_t * lenp, int asAscii); 01143 01148 rpmDigestBundle rpmDigestBundleNew(void); 01149 01155 rpmDigestBundle rpmDigestBundleFree(rpmDigestBundle bundle); 01156 01164 int rpmDigestBundleAdd(rpmDigestBundle bundle, int algo, 01165 rpmDigestFlags flags); 01166 01174 int rpmDigestBundleUpdate(rpmDigestBundle bundle, const void *data, size_t len); 01175 01186 int rpmDigestBundleFinal(rpmDigestBundle bundle, 01187 int algo, void ** datap, size_t * lenp, int asAscii); 01188 01195 DIGEST_CTX rpmDigestBundleDupCtx(rpmDigestBundle bundle, int algo); 01196 01197 #ifdef __cplusplus 01198 } 01199 #endif 01200 01201 #endif /* H_RPMPGP */