@ -53,62 +53,88 @@
# ifndef CRYPTO_H_
# define CRYPTO_H_
# include <netpgp/config.h>
# include "keyring.h"
# include "packet.h"
# include "memory.h"
# include "packet-parse.h"
# ifdef HAVE_OPENSSL_DSA_H
# include <openssl/dsa.h>
# endif
# if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
# include <gskcms.h>
# include <csfbext.h>
# include <csnpdefs.h>
# endif
# define PGP_MIN_HASH_SIZE 16
# define PGP_MIN_HASH_SIZE 16
# if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
unsigned gsk_num_bits ( const gsk_buffer * bn ) ;
# endif
/** pgp_hash_t */
struct pgp_hash_t {
pgp_hash_alg_t alg ; /* algorithm */
size_t size ; /* size */
const char * name ; /* what it's known as */
int ( * init ) ( pgp_hash_t * ) ;
void ( * add ) ( pgp_hash_t * , const uint8_t * , unsigned ) ;
unsigned ( * finish ) ( pgp_hash_t * , uint8_t * ) ;
void * data ; /* blob for data */
pgp_hash_alg_t alg ; /* algorithm */
size_t size ; /* size */
const char * name ; /* what it's known as */
int ( * init ) ( pgp_hash_t * ) ;
void ( * add ) ( pgp_hash_t * , const uint8_t * , unsigned ) ;
unsigned ( * finish ) ( pgp_hash_t * , uint8_t * ) ;
# if defined(HAVE_OPENSSL)
void * data ; /* blob for data */
# elif defined(HAVE_GSKSSL)
CK_SESSION_HANDLE * session ;
# endif
} ;
/** pgp_crypt_t */
struct pgp_crypt_t {
pgp_symm_alg_t alg ;
size_t blocksize ;
size_t keysize ;
void ( * set_iv ) ( pgp_crypt_t * , const uint8_t * ) ;
void ( * set_crypt_key ) ( pgp_crypt_t * , const uint8_t * ) ;
int ( * base_init ) ( pgp_crypt_t * ) ;
void ( * decrypt_resync ) ( pgp_crypt_t * ) ;
/* encrypt/decrypt one block */
void ( * block_encrypt ) ( pgp_crypt_t * , void * , const void * ) ;
void ( * block_decrypt ) ( pgp_crypt_t * , void * , const void * ) ;
/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
void ( * cfb_encrypt ) ( pgp_crypt_t * , void * , const void * , size_t ) ;
void ( * cfb_decrypt ) ( pgp_crypt_t * , void * , const void * , size_t ) ;
void ( * decrypt_finish ) ( pgp_crypt_t * ) ;
uint8_t iv [ PGP_MAX_BLOCK_SIZE ] ;
uint8_t civ [ PGP_MAX_BLOCK_SIZE ] ;
uint8_t siv [ PGP_MAX_BLOCK_SIZE ] ;
/* siv is needed for weird v3 resync */
uint8_t key [ PGP_MAX_KEY_SIZE ] ;
int num ;
/* num is offset - see openssl _encrypt doco */
void * encrypt_key ;
void * decrypt_key ;
pgp_symm_alg_t alg ;
size_t blocksize ;
size_t keysize ;
void ( * set_iv ) ( pgp_crypt_t * , const uint8_t * ) ;
void ( * set_crypt_key ) ( pgp_crypt_t * , const uint8_t * ) ;
int ( * base_init ) ( pgp_crypt_t * ) ;
void ( * decrypt_resync ) ( pgp_crypt_t * ) ;
/* encrypt/decrypt one block */
void ( * block_encrypt ) ( pgp_crypt_t * , void * , const void * ) ;
void ( * block_decrypt ) ( pgp_crypt_t * , void * , const void * ) ;
/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
void ( * cfb_encrypt ) ( pgp_crypt_t * , void * , const void * , size_t ) ;
void ( * cfb_decrypt ) ( pgp_crypt_t * , void * , const void * , size_t ) ;
void ( * decrypt_finish ) ( pgp_crypt_t * ) ;
uint8_t iv [ PGP_MAX_BLOCK_SIZE ] ;
uint8_t civ [ PGP_MAX_BLOCK_SIZE ] ;
uint8_t siv [ PGP_MAX_BLOCK_SIZE ] ;
/* siv is needed for weird v3 resync */
uint8_t key [ PGP_MAX_KEY_SIZE ] ;
int num ;
# if defined(HAVE_OPENSSL)
/* num is offset - see openssl _encrypt doco */
void * encrypt_key ;
void * decrypt_key ;
# elif defined(HAVE_GSKSSL)
CK_SESSION_HANDLE session ;
CK_MECHANISM mechanism ;
CK_KEY_TYPE keyType ;
CK_OBJECT_HANDLE encrypt_key ;
CK_OBJECT_HANDLE decrypt_key ;
# endif
} ;
typedef struct pgp_validation_t {
unsigned validc ;
pgp_sig_info_t * valid_sigs ;
unsigned invalidc ;
pgp_sig_info_t * invalid_sigs ;
unsigned unknownc ;
pgp_sig_info_t * unknown_sigs ;
time_t birthtime ;
time_t duration ;
unsigned validc ;
pgp_sig_info_t * valid_sigs ;
unsigned invalidc ;
pgp_sig_info_t * invalid_sigs ;
unsigned unknownc ;
pgp_sig_info_t * unknown_sigs ;
time_t birthtime ;
time_t duration ;
} pgp_validation_t ;
void pgp_crypto_finish ( void ) ;
@ -127,35 +153,34 @@ unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t);
void pgp_hash_add_int ( pgp_hash_t * , unsigned , unsigned ) ;
unsigned pgp_dsa_verify ( const uint8_t * , size_t ,
const pgp_dsa_sig_t * ,
const pgp_dsa_pubkey_t * ) ;
const pgp_dsa_sig_t * ,
const pgp_dsa_pubkey_t * ) ;
int pgp_rsa_public_decrypt ( uint8_t * , const uint8_t * , size_t ,
const pgp_rsa_pubkey_t * ) ;
const pgp_rsa_pubkey_t * ) ;
int pgp_rsa_public_encrypt ( uint8_t * , const uint8_t * , size_t ,
const pgp_rsa_pubkey_t * ) ;
const pgp_rsa_pubkey_t * ) ;
int pgp_rsa_private_encrypt ( uint8_t * , const uint8_t * , size_t ,
const pgp_rsa_seckey_t * , const pgp_rsa_pubkey_t * ) ;
const pgp_rsa_seckey_t * , const pgp_rsa_pubkey_t * ) ;
int pgp_rsa_private_decrypt ( uint8_t * , const uint8_t * , size_t ,
const pgp_rsa_seckey_t * , const pgp_rsa_pubkey_t * ) ;
const pgp_rsa_seckey_t * , const pgp_rsa_pubkey_t * ) ;
int pgp_rsa_private_check ( const pgp_seckey_t * seckey ) ;
int pgp_dsa_private_check ( const pgp_dsa_seckey_t * seckey ) ;
int pgp_elgamal_private_check ( const pgp_elgamal_seckey_t * seckey ) ;
int pgp_dsa_private_check ( const pgp_seckey_t * seckey ) ;
int pgp_elgamal_private_check ( const pgp_seckey_t * seckey ) ;
int pgp_elgamal_public_encrypt ( uint8_t * , uint8_t * , const uint8_t * , size_t ,
const pgp_elgamal_pubkey_t * ) ;
const pgp_elgamal_pubkey_t * ) ;
int pgp_elgamal_private_decrypt ( uint8_t * , const uint8_t * , const uint8_t * , size_t ,
const pgp_elgamal_seckey_t * , const pgp_elgamal_pubkey_t * ) ;
const pgp_elgamal_seckey_t * , const pgp_elgamal_pubkey_t * ) ;
pgp_symm_alg_t pgp_str_to_cipher ( const char * ) ;
unsigned pgp_block_size ( pgp_symm_alg_t ) ;
unsigned pgp_key_size ( pgp_symm_alg_t ) ;
int pgp_decrypt_data ( pgp_content_enum , pgp_region_t * ,
pgp_stream_t * ) ;
pgp_stream_t * ) ;
int pgp_crypt_any ( pgp_crypt_t * , pgp_symm_alg_t ) ;
void pgp_decrypt_init ( pgp_crypt_t * ) ;
@ -167,107 +192,107 @@ size_t pgp_encrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
unsigned pgp_is_sa_supported ( pgp_symm_alg_t ) ;
void pgp_reader_push_decrypt ( pgp_stream_t * , pgp_crypt_t * ,
pgp_region_t * ) ;
pgp_region_t * ) ;
void pgp_reader_pop_decrypt ( pgp_stream_t * ) ;
/* Hash everything that's read */
void pgp_reader_push_hash ( pgp_stream_t * , pgp_hash_t * ) ;
void pgp_reader_pop_hash ( pgp_stream_t * ) ;
# if defined(HAVE_OPENSSL)
int pgp_decrypt_decode_mpi ( uint8_t * , unsigned , const BIGNUM * ,
const BIGNUM * , const pgp_seckey_t * ) ;
const BIGNUM * , const pgp_seckey_t * ) ;
# elif defined(HAVE_GSKSSL)
int pgp_decrypt_decode_mpi ( uint8_t * , unsigned , const gsk_buffer * ,
const gsk_buffer * , const pgp_seckey_t * ) ;
# endif
unsigned pgp_rsa_encrypt_mpi ( const uint8_t * , const size_t ,
const pgp_pubkey_t * ,
pgp_pk_sesskey_params_t * ) ;
const pgp_pubkey_t * ,
pgp_pk_sesskey_params_t * ) ;
unsigned pgp_elgamal_encrypt_mpi ( const uint8_t * , const size_t ,
const pgp_pubkey_t * ,
pgp_pk_sesskey_params_t * ) ;
const pgp_pubkey_t * ,
pgp_pk_sesskey_params_t * ) ;
/* Encrypt everything that's written */
struct pgp_key_data ;
void pgp_writer_push_encrypt ( pgp_output_t * ,
const struct pgp_key_data * ) ;
unsigned pgp_encrypt_file ( pgp_io_t * , const char * , const char * ,
const pgp_key_t * ,
const unsigned , const unsigned , const char * ) ;
unsigned pgp_decrypt_file ( pgp_io_t * ,
const char * ,
const char * ,
pgp_keyring_t * ,
pgp_keyring_t * ,
const unsigned ,
const unsigned ,
const unsigned ,
void * ,
int ,
pgp_cbfunc_t * ) ;
const struct pgp_key_data * ) ;
pgp_memory_t *
pgp_encrypt_buf ( pgp_io_t * , const void * , const size_t ,
const pgp_keyring_t * ,
const unsigned , const char * , unsigned ) ;
pgp_encrypt_buf (
pgp_io_t * ,
const void * ,
const size_t ,
const pgp_keyring_t * ,
const unsigned ,
const char * ,
unsigned ) ;
pgp_memory_t *
pgp_decrypt_buf ( pgp_io_t * ,
const void * ,
const size_t ,
pgp_keyring_t * ,
pgp_keyring_t * ,
const unsigned ,
const unsigned ,
void * ,
int ,
pgp_cbfunc_t * ) ;
pgp_decrypt_and_validate_buf (
netpgp_t * netpgp ,
pgp_validation_t * result ,
const void * input ,
const size_t insize ,
pgp_keyring_t * secring ,
pgp_keyring_t * pubring ,
const unsigned use_armour ,
key_id_t * * recipients_key_ids ,
unsigned * recipients_count
) ;
pgp_memory_t *
pgp_decrypt_and_validate_buf ( pgp_io_t * io ,
pgp_validation_t * result ,
const void * input ,
const size_t insize ,
pgp_keyring_t * secring ,
pgp_keyring_t * pubring ,
const unsigned use_armour ,
pgp_validate_buf (
netpgp_t * netpgp ,
pgp_validation_t * result ,
const void * input ,
const size_t insize ,
/ / pgp_keyring_t * secring ,
/ / pgp_keyring_t * pubring ,
const unsigned use_armour ,
key_id_t * * recipients_key_ids ,
unsigned * recipients_count ) ;
unsigned * recipients_count
) ;
/* Keys */
pgp_key_t * pgp_rsa_new_selfsign_key ( const int ,
const unsigned long , uint8_t * , const char * ,
const char * ) ;
const unsigned long , uint8_t * , const char * ,
const char * ) ;
unsigned pgp_rsa_generate_keypair ( pgp_key_t * ,
const int ,
const unsigned long ,
const char * ,
const char * ,
const int ,
const unsigned long ,
const char * ,
const char * ,
const uint8_t * ,
const size_t ) ;
int pgp_dsa_size ( const pgp_dsa_pubkey_t * ) ;
pgp_dsa_sig_t * pgp_dsa_sign ( uint8_t * , unsigned ,
const pgp_dsa_seckey_t * ,
const pgp_dsa_pubkey_t * ) ;
const pgp_dsa_seckey_t * ,
const pgp_dsa_pubkey_t * ) ;
/** pgp_reader_t */
struct pgp_reader_t {
pgp_reader_func_t * reader ; /* reader func to get parse data */
pgp_reader_destroyer_t * destroyer ;
void * arg ; /* args to pass to reader function */
unsigned accumulate : 1 ; /* set to gather packet data */
uint8_t * accumulated ; /* the accumulated data */
unsigned asize ; /* size of the buffer */
unsigned alength ; /* used buffer */
unsigned position ; /* reader-specific offset */
pgp_reader_t * next ;
pgp_stream_t * parent ; /* parent parse_info structure */
pgp_reader_func_t * reader ; /* reader func to get parse data */
pgp_reader_destroyer_t * destroyer ;
void * arg ; /* args to pass to reader function */
unsigned accumulate : 1 ; /* set to gather packet data */
uint8_t * accumulated ; /* the accumulated data */
unsigned asize ; /* size of the buffer */
unsigned alength ; /* used buffer */
unsigned position ; /* reader-specific offset */
pgp_reader_t * next ;
pgp_stream_t * parent ; /* parent parse_info structure */
unsigned partial_read : 1 ;
unsigned coalescing : 1 ;
unsigned partial_read : 1 ;
unsigned coalescing : 1 ;
/* used for partial length coalescing */
unsigned virtualc ;
unsigned virtualoff ;
uint8_t * virtualpkt ;
unsigned virtualc ;
unsigned virtualoff ;
uint8_t * virtualpkt ;
} ;
@ -275,37 +300,33 @@ struct pgp_reader_t {
Encrypt / decrypt settings
*/
struct pgp_cryptinfo_t {
char * passphrase ;
pgp_keyring_t * secring ;
pgp_key_t * keydata ;
pgp_cbfunc_t * getpassphrase ;
pgp_keyring_t * pubring ;
DYNARRAY ( key_id_t , recipients_key_ids ) ;
char * passphrase ;
pgp_keyring_t * secring ;
pgp_key_t * keydata ;
pgp_keyring_t * pubring ;
DYNARRAY ( key_id_t , recipients_key_ids ) ;
} ;
/** pgp_cbdata_t */
struct pgp_cbdata_t {
pgp_cbfunc_t * cbfunc ; /* callback function */
void * arg ; /* args to pass to callback func */
pgp_error_t * * errors ; /* address of error stack */
pgp_cbdata_t * next ;
pgp_output_t * output ; /* when writing out parsed info */
pgp_io_t * io ; /* error/output messages */
void * passfp ; /* fp for passphrase input */
pgp_cryptinfo_t cryptinfo ; /* used when decrypting */
pgp_printstate_t printstate ; /* used to keep printing state */
pgp_seckey_t * sshseckey ; /* secret key for ssh */
int numtries ; /* # of passphrase attempts */
int gotpass ; /* when passphrase entered */
pgp_cbfunc_t * cbfunc ; /* callback function */
void * arg ; /* args to pass to callback func */
pgp_error_t * * errors ; /* address of error stack */
pgp_cbdata_t * next ;
pgp_output_t * output ; /* when writing out parsed info */
pgp_io_t * io ; /* error/output messages */
pgp_cryptinfo_t cryptinfo ; /* used when decrypting */
pgp_printstate_t printstate ; /* used to keep printing state */
char * passphrase ;
} ;
/** pgp_hashtype_t */
typedef struct {
pgp_hash_t hash ; /* hashes we should hash data with */
uint8_t keyid [ PGP_KEY_ID_SIZE ] ;
pgp_hash_t hash ; /* hashes we should hash data with */
uint8_t keyid [ PGP_KEY_ID_SIZE ] ;
} pgp_hashtype_t ;
# define NTAGS 0x100 /* == 256 */
# define NTAGS 0x100 /* == 256 */
/** \brief Structure to hold information about a packet parse.
*
@ -330,21 +351,21 @@ typedef struct {
*/
struct pgp_stream_t {
uint8_t ss_raw [ NTAGS / 8 ] ;
/* 1 bit / sig-subpkt type; set to get raw data */
uint8_t ss_parsed [ NTAGS / 8 ] ;
/* 1 bit / sig-subpkt type; set to get parsed data */
pgp_reader_t readinfo ;
pgp_cbdata_t cbinfo ;
pgp_error_t * errors ;
void * io ; /* io streams */
pgp_crypt_t decrypt ;
pgp_cryptinfo_t cryptinfo ;
size_t hashc ;
pgp_hashtype_t * hashes ;
/ / unsigned reading_v3_secret : 1 ;
/ / unsigned reading_mpi_len : 1 ;
/ / unsigned exact_read : 1 ;
uint8_t ss_raw [ NTAGS / 8 ] ;
/* 1 bit / sig-subpkt type; set to get raw data */
uint8_t ss_parsed [ NTAGS / 8 ] ;
/* 1 bit / sig-subpkt type; set to get parsed data */
pgp_reader_t readinfo ;
pgp_cbdata_t cbinfo ;
pgp_error_t * errors ;
void * io ; /* io streams */
pgp_crypt_t decrypt ;
pgp_cryptinfo_t cryptinfo ;
size_t hashc ;
pgp_hashtype_t * hashes ;
/ / unsigned reading_v3_secret : 1 ;
/ / unsigned reading_mpi_len : 1 ;
/ / unsigned exact_read : 1 ;
} ;