rpm  4.10.0
rpmpgp.h
Go to the documentation of this file.
00001 #ifndef H_RPMPGP
00002 #define H_RPMPGP
00003 
00013 #include <string.h>
00014 #include <stdio.h>
00015 #include <stdlib.h>
00016 #include <rpm/rpmtypes.h>
00017 #include <rpm/rpmstring.h>
00018 
00019 #ifdef __cplusplus
00020 extern "C" {
00021 #endif
00022 
00025 typedef struct DIGEST_CTX_s * DIGEST_CTX;
00026 typedef struct rpmDigestBundle_s * rpmDigestBundle;
00027 
00030 typedef struct pgpDig_s * pgpDig;
00031 
00034 typedef struct pgpDigParams_s * pgpDigParams;
00035 
00036 typedef uint8_t pgpKeyID_t[8];
00037 typedef uint8_t pgpTime_t[4];
00038 
00046 typedef enum pgpTag_e {
00047     PGPTAG_RESERVED             =  0, 
00048     PGPTAG_PUBLIC_SESSION_KEY   =  1, 
00049     PGPTAG_SIGNATURE            =  2, 
00050     PGPTAG_SYMMETRIC_SESSION_KEY=  3, 
00051     PGPTAG_ONEPASS_SIGNATURE    =  4, 
00052     PGPTAG_SECRET_KEY           =  5, 
00053     PGPTAG_PUBLIC_KEY           =  6, 
00054     PGPTAG_SECRET_SUBKEY        =  7, 
00055     PGPTAG_COMPRESSED_DATA      =  8, 
00056     PGPTAG_SYMMETRIC_DATA       =  9, 
00057     PGPTAG_MARKER               = 10, 
00058     PGPTAG_LITERAL_DATA         = 11, 
00059     PGPTAG_TRUST                = 12, 
00060     PGPTAG_USER_ID              = 13, 
00061     PGPTAG_PUBLIC_SUBKEY        = 14, 
00062     PGPTAG_COMMENT_OLD          = 16, 
00063     PGPTAG_PHOTOID              = 17, 
00064     PGPTAG_ENCRYPTED_MDC        = 18, 
00065     PGPTAG_MDC                  = 19, 
00066     PGPTAG_PRIVATE_60           = 60, 
00067     PGPTAG_COMMENT              = 61, 
00068     PGPTAG_PRIVATE_62           = 62, 
00069     PGPTAG_CONTROL              = 63  
00070 } pgpTag;
00071 
00106 typedef struct pgpPktPubkey_s {
00107     uint8_t version;    
00108     pgpKeyID_t keyid;   
00109     uint8_t algo;               
00110 } pgpPktPubkey;
00111 
00112 
00119 typedef enum pgpSigType_e {
00120     PGPSIGTYPE_BINARY            = 0x00, 
00121     PGPSIGTYPE_TEXT              = 0x01, 
00122     PGPSIGTYPE_STANDALONE        = 0x02, 
00123     PGPSIGTYPE_GENERIC_CERT      = 0x10,
00125     PGPSIGTYPE_PERSONA_CERT      = 0x11,
00127     PGPSIGTYPE_CASUAL_CERT       = 0x12,
00129     PGPSIGTYPE_POSITIVE_CERT     = 0x13,
00131     PGPSIGTYPE_SUBKEY_BINDING    = 0x18, 
00132     PGPSIGTYPE_SIGNED_KEY        = 0x1F, 
00133     PGPSIGTYPE_KEY_REVOKE        = 0x20, 
00134     PGPSIGTYPE_SUBKEY_REVOKE     = 0x28, 
00135     PGPSIGTYPE_CERT_REVOKE       = 0x30, 
00136     PGPSIGTYPE_TIMESTAMP         = 0x40  
00137 } pgpSigType;
00138 
00162 typedef enum pgpPubkeyAlgo_e {
00163     PGPPUBKEYALGO_RSA           =  1,   
00164     PGPPUBKEYALGO_RSA_ENCRYPT   =  2,   
00165     PGPPUBKEYALGO_RSA_SIGN      =  3,   
00166     PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, 
00167     PGPPUBKEYALGO_DSA           = 17,   
00168     PGPPUBKEYALGO_EC            = 18,   
00169     PGPPUBKEYALGO_ECDSA         = 19,   
00170     PGPPUBKEYALGO_ELGAMAL       = 20,   
00171     PGPPUBKEYALGO_DH            = 21    
00172 } pgpPubkeyAlgo;
00173 
00198 typedef enum pgpSymkeyAlgo_e {
00199     PGPSYMKEYALGO_PLAINTEXT     =  0,   
00200     PGPSYMKEYALGO_IDEA          =  1,   
00201     PGPSYMKEYALGO_TRIPLE_DES    =  2,   
00202     PGPSYMKEYALGO_CAST5         =  3,   
00203     PGPSYMKEYALGO_BLOWFISH      =  4,   
00204     PGPSYMKEYALGO_SAFER         =  5,   
00205     PGPSYMKEYALGO_DES_SK        =  6,   
00206     PGPSYMKEYALGO_AES_128       =  7,   
00207     PGPSYMKEYALGO_AES_192       =  8,   
00208     PGPSYMKEYALGO_AES_256       =  9,   
00209     PGPSYMKEYALGO_TWOFISH       = 10,   
00210     PGPSYMKEYALGO_NOENCRYPT     = 110   
00211 } pgpSymkeyAlgo;
00212 
00228 typedef enum pgpCompressAlgo_e {
00229     PGPCOMPRESSALGO_NONE        =  0,   
00230     PGPCOMPRESSALGO_ZIP         =  1,   
00231     PGPCOMPRESSALGO_ZLIB        =  2,   
00232     PGPCOMPRESSALGO_BZIP2       =  3    
00233 } pgpCompressAlgo;
00234 
00256 typedef enum pgpHashAlgo_e {
00257     PGPHASHALGO_MD5             =  1,   
00258     PGPHASHALGO_SHA1            =  2,   
00259     PGPHASHALGO_RIPEMD160       =  3,   
00260     PGPHASHALGO_MD2             =  5,   
00261     PGPHASHALGO_TIGER192        =  6,   
00262     PGPHASHALGO_HAVAL_5_160     =  7,   
00263     PGPHASHALGO_SHA256          =  8,   
00264     PGPHASHALGO_SHA384          =  9,   
00265     PGPHASHALGO_SHA512          = 10,   
00266     PGPHASHALGO_SHA224          = 11,   
00267 } pgpHashAlgo;
00268 
00290 typedef struct pgpPktSigV3_s {
00291     uint8_t version;    
00292     uint8_t hashlen;    
00293     uint8_t sigtype;    
00294     pgpTime_t time;     
00295     pgpKeyID_t signid;  
00296     uint8_t pubkey_algo;        
00297     uint8_t hash_algo;  
00298     uint8_t signhash16[2];      
00299 } * pgpPktSigV3;
00300 
00322 typedef struct pgpPktSigV4_s {
00323     uint8_t version;    
00324     uint8_t sigtype;    
00325     uint8_t pubkey_algo;        
00326     uint8_t hash_algo;  
00327     uint8_t hashlen[2]; 
00328 } * pgpPktSigV4;
00329 
00396 typedef enum pgpSubType_e {
00397     PGPSUBTYPE_NONE             =   0, 
00398     PGPSUBTYPE_SIG_CREATE_TIME  =   2, 
00399     PGPSUBTYPE_SIG_EXPIRE_TIME  =   3, 
00400     PGPSUBTYPE_EXPORTABLE_CERT  =   4, 
00401     PGPSUBTYPE_TRUST_SIG        =   5, 
00402     PGPSUBTYPE_REGEX            =   6, 
00403     PGPSUBTYPE_REVOCABLE        =   7, 
00404     PGPSUBTYPE_KEY_EXPIRE_TIME  =   9, 
00405     PGPSUBTYPE_ARR              =  10, 
00406     PGPSUBTYPE_PREFER_SYMKEY    =  11, 
00407     PGPSUBTYPE_REVOKE_KEY       =  12, 
00408     PGPSUBTYPE_ISSUER_KEYID     =  16, 
00409     PGPSUBTYPE_NOTATION         =  20, 
00410     PGPSUBTYPE_PREFER_HASH      =  21, 
00411     PGPSUBTYPE_PREFER_COMPRESS  =  22, 
00412     PGPSUBTYPE_KEYSERVER_PREFERS=  23, 
00413     PGPSUBTYPE_PREFER_KEYSERVER =  24, 
00414     PGPSUBTYPE_PRIMARY_USERID   =  25, 
00415     PGPSUBTYPE_POLICY_URL       =  26, 
00416     PGPSUBTYPE_KEY_FLAGS        =  27, 
00417     PGPSUBTYPE_SIGNER_USERID    =  28, 
00418     PGPSUBTYPE_REVOKE_REASON    =  29, 
00419     PGPSUBTYPE_FEATURES         =  30, 
00420     PGPSUBTYPE_EMBEDDED_SIG     =  32, 
00422     PGPSUBTYPE_INTERNAL_100     = 100, 
00423     PGPSUBTYPE_INTERNAL_101     = 101, 
00424     PGPSUBTYPE_INTERNAL_102     = 102, 
00425     PGPSUBTYPE_INTERNAL_103     = 103, 
00426     PGPSUBTYPE_INTERNAL_104     = 104, 
00427     PGPSUBTYPE_INTERNAL_105     = 105, 
00428     PGPSUBTYPE_INTERNAL_106     = 106, 
00429     PGPSUBTYPE_INTERNAL_107     = 107, 
00430     PGPSUBTYPE_INTERNAL_108     = 108, 
00431     PGPSUBTYPE_INTERNAL_109     = 109, 
00432     PGPSUBTYPE_INTERNAL_110     = 110, 
00434     PGPSUBTYPE_CRITICAL         = 128  
00435 } pgpSubType;
00436 
00457 typedef union pgpPktSig_u {
00458     struct pgpPktSigV3_s v3;
00459     struct pgpPktSigV4_s v4;
00460 } * pgpPktSig;
00461 
00490 typedef struct pgpPktSymkey_s {
00491     uint8_t version;    
00492     uint8_t symkey_algo;
00493     uint8_t s2k[1];
00494 } pgpPktSymkey;
00495 
00525 typedef struct pgpPktOnepass_s {
00526     uint8_t version;    
00527     uint8_t sigtype;    
00528     uint8_t hash_algo;  
00529     uint8_t pubkey_algo;        
00530     pgpKeyID_t signid;  
00531     uint8_t nested;
00532 } * pgpPktOnepass;
00533 
00606 typedef struct pgpPktKeyV3_s {
00607     uint8_t version;    
00608     pgpTime_t time;     
00609     uint8_t valid[2];   
00610     uint8_t pubkey_algo;        
00611 } * pgpPktKeyV3;
00612 
00644 typedef struct pgpPktKeyV4_s {
00645     uint8_t version;    
00646     pgpTime_t time;     
00647     uint8_t pubkey_algo;        
00648 } * pgpPktKeyV4;
00649 
00714 typedef union pgpPktKey_u {
00715     struct pgpPktKeyV3_s v3;
00716     struct pgpPktKeyV4_s v4;
00717 } pgpPktKey;
00718 
00719 /* \ingroup rpmpgp
00720  * 5.6. Compressed Data Packet (Tag 8)
00721  *
00722  * The Compressed Data packet contains compressed data. Typically, this
00723  * packet is found as the contents of an encrypted packet, or following
00724  * a Signature or One-Pass Signature packet, and contains literal data
00725  * packets.
00726  *
00727  * The body of this packet consists of:
00728  *   - One octet that gives the algorithm used to compress the packet.
00729  *   - The remainder of the packet is compressed data.
00730  *
00731  * A Compressed Data Packet's body contains an block that compresses
00732  * some set of packets. See section "Packet Composition" for details on
00733  * how messages are formed.
00734  *
00735  * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
00736  * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
00737  * implementation uses more bits of compression, PGP V2.6 cannot
00738  * decompress it.
00739  *
00740  * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
00741  * blocks.
00742  */
00743 typedef struct pgpPktCdata_s {
00744     uint8_t compressalgo;
00745     uint8_t data[1];
00746 } pgpPktCdata;
00747 
00748 /* \ingroup rpmpgp
00749  * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
00750  *
00751  * The Symmetrically Encrypted Data packet contains data encrypted with
00752  * a symmetric-key algorithm. When it has been decrypted, it will
00753  * typically contain other packets (often literal data packets or
00754  * compressed data packets).
00755  *
00756  * The body of this packet consists of:
00757  *   - Encrypted data, the output of the selected symmetric-key cipher
00758  *     operating in PGP's variant of Cipher Feedback (CFB) mode.
00759  *
00760  * The symmetric cipher used may be specified in an Public-Key or
00761  * Symmetric-Key Encrypted Session Key packet that precedes the
00762  * Symmetrically Encrypted Data Packet.  In that case, the cipher
00763  * algorithm octet is prefixed to the session key before it is
00764  * encrypted.  If no packets of these types precede the encrypted data,
00765  * the IDEA algorithm is used with the session key calculated as the MD5
00766  * hash of the passphrase.
00767  *
00768  * The data is encrypted in CFB mode, with a CFB shift size equal to the
00769  * cipher's block size.  The Initial Vector (IV) is specified as all
00770  * zeros.  Instead of using an IV, OpenPGP prefixes a 10-octet string to
00771  * the data before it is encrypted.  The first eight octets are random,
00772  * and the 9th and 10th octets are copies of the 7th and 8th octets,
00773  * respectively. After encrypting the first 10 octets, the CFB state is
00774  * resynchronized if the cipher block size is 8 octets or less.  The
00775  * last 8 octets of ciphertext are passed through the cipher and the
00776  * block boundary is reset.
00777  *
00778  * The repetition of 16 bits in the 80 bits of random data prefixed to
00779  * the message allows the receiver to immediately check whether the
00780  * session key is incorrect.
00781  */
00782 typedef struct pgpPktEdata_s {
00783     uint8_t data[1];
00784 } pgpPktEdata;
00785 
00786 /* \ingroup rpmpgp
00787  * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
00788  *
00789  * An experimental version of PGP used this packet as the Literal
00790  * packet, but no released version of PGP generated Literal packets with
00791  * this tag. With PGP 5.x, this packet has been re-assigned and is
00792  * reserved for use as the Marker packet.
00793  *
00794  * The body of this packet consists of:
00795  *   - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
00796  *
00797  * Such a packet MUST be ignored when received.  It may be placed at the
00798  * beginning of a message that uses features not available in PGP 2.6.x
00799  * in order to cause that version to report that newer software is
00800  * necessary to process the message.
00801  */
00802 /* \ingroup rpmpgp
00803  * 5.9. Literal Data Packet (Tag 11)
00804  *
00805  * A Literal Data packet contains the body of a message; data that is
00806  * not to be further interpreted.
00807  *
00808  * The body of this packet consists of:
00809  *   - A one-octet field that describes how the data is formatted.
00810  *
00811  * If it is a 'b' (0x62), then the literal packet contains binary data.
00812  * If it is a 't' (0x74), then it contains text data, and thus may need
00813  * line ends converted to local form, or other text-mode changes.  RFC
00814  * 1991 also defined a value of 'l' as a 'local' mode for machine-local
00815  * conversions.  This use is now deprecated.
00816  *   - File name as a string (one-octet length, followed by file name),
00817  *     if the encrypted data should be saved as a file.
00818  *
00819  * If the special name "_CONSOLE" is used, the message is considered to
00820  * be "for your eyes only".  This advises that the message data is
00821  * unusually sensitive, and the receiving program should process it more
00822  * carefully, perhaps avoiding storing the received data to disk, for
00823  * example.
00824  *   - A four-octet number that indicates the modification date of the
00825  *     file, or the creation time of the packet, or a zero that
00826  *     indicates the present time.
00827  *   - The remainder of the packet is literal data.
00828  *
00829  * Text data is stored with <CR><LF> text endings (i.e. network-normal
00830  * line endings).  These should be converted to native line endings by
00831  * the receiving software.
00832  */
00833 typedef struct pgpPktLdata_s {
00834     uint8_t format;
00835     uint8_t filenamelen;
00836     uint8_t filename[1];
00837 } pgpPktLdata;
00838 
00839 /* \ingroup rpmpgp
00840  * 5.10. Trust Packet (Tag 12)
00841  *
00842  * The Trust packet is used only within keyrings and is not normally
00843  * exported.  Trust packets contain data that record the user's
00844  * specifications of which key holders are trustworthy introducers,
00845  * along with other information that implementing software uses for
00846  * trust information.
00847  *
00848  * Trust packets SHOULD NOT be emitted to output streams that are
00849  * transferred to other users, and they SHOULD be ignored on any input
00850  * other than local keyring files.
00851  */
00852 typedef struct pgpPktTrust_s {
00853     uint8_t flag;
00854 } pgpPktTrust;
00855 
00856 /* \ingroup rpmpgp
00857  * 5.11. User ID Packet (Tag 13)
00858  *
00859  * A User ID packet consists of data that is intended to represent the
00860  * name and email address of the key holder.  By convention, it includes
00861  * an RFC 822 mail name, but there are no restrictions on its content.
00862  * The packet length in the header specifies the length of the user id.
00863  * If it is text, it is encoded in UTF-8.
00864  *
00865  */
00866 typedef struct pgpPktUid_s {
00867     uint8_t userid[1];
00868 } pgpPktUid;
00869 
00872 union pgpPktPre_u {
00873     pgpPktPubkey pubkey;        
00874     pgpPktSig sig;              
00875     pgpPktSymkey symkey;        
00876     pgpPktOnepass onepass;      
00877     pgpPktKey key;              
00878     pgpPktCdata cdata;          
00879     pgpPktEdata edata;          
00881     pgpPktLdata ldata;          
00882     pgpPktTrust tdata;          
00883     pgpPktUid uid;              
00884 };
00885 
00888 typedef enum pgpArmor_e {
00889     PGPARMOR_ERR_CRC_CHECK              = -7,
00890     PGPARMOR_ERR_BODY_DECODE            = -6,
00891     PGPARMOR_ERR_CRC_DECODE             = -5,
00892     PGPARMOR_ERR_NO_END_PGP             = -4,
00893     PGPARMOR_ERR_UNKNOWN_PREAMBLE_TAG   = -3,
00894     PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE     = -2,
00895     PGPARMOR_ERR_NO_BEGIN_PGP           = -1,
00896 #define PGPARMOR_ERROR  PGPARMOR_ERR_NO_BEGIN_PGP
00897     PGPARMOR_NONE               =  0,
00898     PGPARMOR_MESSAGE            =  1, 
00899     PGPARMOR_PUBKEY             =  2, 
00900     PGPARMOR_SIGNATURE          =  3, 
00901     PGPARMOR_SIGNED_MESSAGE     =  4, 
00902     PGPARMOR_FILE               =  5, 
00903     PGPARMOR_PRIVKEY            =  6, 
00904     PGPARMOR_SECKEY             =  7  
00905 } pgpArmor;
00906 
00909 typedef enum pgpArmorKey_e {
00910     PGPARMORKEY_VERSION         = 1, 
00911     PGPARMORKEY_COMMENT         = 2, 
00912     PGPARMORKEY_MESSAGEID       = 3, 
00913     PGPARMORKEY_HASH            = 4, 
00914     PGPARMORKEY_CHARSET         = 5  
00915 } pgpArmorKey;
00916 
00917 typedef enum pgpValType_e {
00918     PGPVAL_TAG                  = 1,
00919     PGPVAL_ARMORBLOCK           = 2,
00920     PGPVAL_ARMORKEY             = 3,
00921     PGPVAL_SIGTYPE              = 4,
00922     PGPVAL_SUBTYPE              = 5,
00923     PGPVAL_PUBKEYALGO           = 6,
00924     PGPVAL_SYMKEYALGO           = 7,
00925     PGPVAL_COMPRESSALGO         = 8,
00926     PGPVAL_HASHALGO             = 9,
00927     PGPVAL_SERVERPREFS          = 10,
00928 } pgpValType;
00929 
00933 enum rpmDigestFlags_e {
00934     RPMDIGEST_NONE      = 0
00935 };
00936 
00937 typedef rpmFlags rpmDigestFlags;
00938 
00945 const char * pgpValString(pgpValType type, uint8_t val);
00946 
00953 static inline
00954 unsigned int pgpGrab(const uint8_t *s, size_t nbytes)
00955 {
00956     size_t i = 0;
00957     size_t nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
00958     while (nb--)
00959         i = (i << 8) | *s++;
00960     return i;
00961 }
00962 
00969 char * pgpHexStr(const uint8_t *p, size_t plen);
00970 
00979 int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
00980                 pgpKeyID_t keyid);
00981 
00989 int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid);
00990 
00999 int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
01000                  pgpDigParams * ret);
01001 
01010 int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
01011 
01019 pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen);
01020 
01028 pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen);
01029 
01037 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns);
01038 
01043 pgpDig pgpNewDig(void);
01044 
01049 void pgpCleanDig(pgpDig dig);
01050 
01056 pgpDig pgpFreeDig(pgpDig dig);
01057 
01064 pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
01065 
01072 int pgpDigParamsCmp(pgpDigParams p1, pgpDigParams p2);
01073 
01080 unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype);
01081 
01087 pgpDigParams pgpDigParamsFree(pgpDigParams digp);
01088 
01096 rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
01097 
01106 rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx);
01107 
01113 char *pgpIdentItem(pgpDigParams digp);
01114 
01122 int rpmInitCrypto(void);
01123 
01127 int rpmFreeCrypto(void);
01128 
01134 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx);
01135 
01141 size_t rpmDigestLength(int hashalgo);
01142 
01150 DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags);
01151 
01159 int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len);
01160 
01172 int rpmDigestFinal(DIGEST_CTX ctx,
01173         void ** datap,
01174         size_t * lenp, int asAscii);
01175 
01180 rpmDigestBundle rpmDigestBundleNew(void);
01181 
01187 rpmDigestBundle rpmDigestBundleFree(rpmDigestBundle bundle);
01188 
01196 int rpmDigestBundleAdd(rpmDigestBundle bundle, int algo,
01197                         rpmDigestFlags flags);
01198 
01206 int rpmDigestBundleUpdate(rpmDigestBundle bundle, const void *data, size_t len);
01207 
01218 int rpmDigestBundleFinal(rpmDigestBundle bundle,
01219          int algo, void ** datap, size_t * lenp, int asAscii);
01220 
01227 DIGEST_CTX rpmDigestBundleDupCtx(rpmDigestBundle bundle, int algo);
01228 
01229 #ifdef __cplusplus
01230 }
01231 #endif
01232 
01233 #endif  /* H_RPMPGP */