rpm  4.8.1
rpmpgp.h
Go to the documentation of this file.
1 #ifndef H_RPMPGP
2 #define H_RPMPGP
3 
13 #include <string.h>
14 #include <stdio.h>
15 #include <stdlib.h>
16 #include <rpm/rpmtypes.h>
17 #include <rpm/rpmstring.h>
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
25 typedef struct DIGEST_CTX_s * DIGEST_CTX;
26 typedef struct rpmDigestBundle_s * rpmDigestBundle;
27 
30 typedef struct pgpDig_s * pgpDig;
31 
34 typedef struct pgpDigParams_s * pgpDigParams;
35 
36 typedef uint8_t pgpKeyID_t[8];
37 typedef uint8_t pgpTime_t[4];
38 
41 typedef const struct pgpValTbl_s {
42  int val;
43  char const * const str;
44 } * pgpValTbl;
45 
53 typedef enum pgpTag_e {
66  PGPTAG_TRUST = 12,
72  PGPTAG_MDC = 19,
77 } pgpTag;
78 
113 typedef struct pgpPktPubkey_s {
114  uint8_t version;
115  pgpKeyID_t keyid;
116  uint8_t algo;
117 } pgpPktPubkey;
118 
119 
126 typedef enum pgpSigType_e {
144 } pgpSigType;
145 
169 typedef enum pgpPubkeyAlgo_e {
179 } pgpPubkeyAlgo;
180 
205 typedef enum pgpSymkeyAlgo_e {
218 } pgpSymkeyAlgo;
219 
235 typedef enum pgpCompressAlgo_e {
241 
263 typedef enum pgpHashAlgo_e {
273 } pgpHashAlgo;
274 
296 typedef struct pgpPktSigV3_s {
297  uint8_t version;
298  uint8_t hashlen;
299  uint8_t sigtype;
300  pgpTime_t time;
301  pgpKeyID_t signid;
302  uint8_t pubkey_algo;
303  uint8_t hash_algo;
304  uint8_t signhash16[2];
305 } * pgpPktSigV3;
306 
328 typedef struct pgpPktSigV4_s {
329  uint8_t version;
330  uint8_t sigtype;
331  uint8_t pubkey_algo;
332  uint8_t hash_algo;
333  uint8_t hashlen[2];
334 } * pgpPktSigV4;
335 
402 typedef enum pgpSubType_e {
441 } pgpSubType;
442 
463 typedef union pgpPktSig_u {
464  struct pgpPktSigV3_s v3;
465  struct pgpPktSigV4_s v4;
466 } * pgpPktSig;
467 
496 typedef struct pgpPktSymkey_s {
497  uint8_t version;
498  uint8_t symkey_algo;
499  uint8_t s2k[1];
500 } pgpPktSymkey;
501 
531 typedef struct pgpPktOnepass_s {
532  uint8_t version;
533  uint8_t sigtype;
534  uint8_t hash_algo;
535  uint8_t pubkey_algo;
536  pgpKeyID_t signid;
537  uint8_t nested;
538 } * pgpPktOnepass;
539 
612 typedef struct pgpPktKeyV3_s {
613  uint8_t version;
614  pgpTime_t time;
615  uint8_t valid[2];
616  uint8_t pubkey_algo;
617 } * pgpPktKeyV3;
618 
650 typedef struct pgpPktKeyV4_s {
651  uint8_t version;
652  pgpTime_t time;
653  uint8_t pubkey_algo;
654 } * pgpPktKeyV4;
655 
720 typedef union pgpPktKey_u {
721  struct pgpPktKeyV3_s v3;
722  struct pgpPktKeyV4_s v4;
723 } pgpPktKey;
724 
725 /* \ingroup rpmpgp
726  * 5.6. Compressed Data Packet (Tag 8)
727  *
728  * The Compressed Data packet contains compressed data. Typically, this
729  * packet is found as the contents of an encrypted packet, or following
730  * a Signature or One-Pass Signature packet, and contains literal data
731  * packets.
732  *
733  * The body of this packet consists of:
734  * - One octet that gives the algorithm used to compress the packet.
735  * - The remainder of the packet is compressed data.
736  *
737  * A Compressed Data Packet's body contains an block that compresses
738  * some set of packets. See section "Packet Composition" for details on
739  * how messages are formed.
740  *
741  * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
742  * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
743  * implementation uses more bits of compression, PGP V2.6 cannot
744  * decompress it.
745  *
746  * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
747  * blocks.
748  */
749 typedef struct pgpPktCdata_s {
750  uint8_t compressalgo;
751  uint8_t data[1];
752 } pgpPktCdata;
753 
754 /* \ingroup rpmpgp
755  * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
756  *
757  * The Symmetrically Encrypted Data packet contains data encrypted with
758  * a symmetric-key algorithm. When it has been decrypted, it will
759  * typically contain other packets (often literal data packets or
760  * compressed data packets).
761  *
762  * The body of this packet consists of:
763  * - Encrypted data, the output of the selected symmetric-key cipher
764  * operating in PGP's variant of Cipher Feedback (CFB) mode.
765  *
766  * The symmetric cipher used may be specified in an Public-Key or
767  * Symmetric-Key Encrypted Session Key packet that precedes the
768  * Symmetrically Encrypted Data Packet. In that case, the cipher
769  * algorithm octet is prefixed to the session key before it is
770  * encrypted. If no packets of these types precede the encrypted data,
771  * the IDEA algorithm is used with the session key calculated as the MD5
772  * hash of the passphrase.
773  *
774  * The data is encrypted in CFB mode, with a CFB shift size equal to the
775  * cipher's block size. The Initial Vector (IV) is specified as all
776  * zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to
777  * the data before it is encrypted. The first eight octets are random,
778  * and the 9th and 10th octets are copies of the 7th and 8th octets,
779  * respectively. After encrypting the first 10 octets, the CFB state is
780  * resynchronized if the cipher block size is 8 octets or less. The
781  * last 8 octets of ciphertext are passed through the cipher and the
782  * block boundary is reset.
783  *
784  * The repetition of 16 bits in the 80 bits of random data prefixed to
785  * the message allows the receiver to immediately check whether the
786  * session key is incorrect.
787  */
788 typedef struct pgpPktEdata_s {
789  uint8_t data[1];
790 } pgpPktEdata;
791 
792 /* \ingroup rpmpgp
793  * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
794  *
795  * An experimental version of PGP used this packet as the Literal
796  * packet, but no released version of PGP generated Literal packets with
797  * this tag. With PGP 5.x, this packet has been re-assigned and is
798  * reserved for use as the Marker packet.
799  *
800  * The body of this packet consists of:
801  * - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
802  *
803  * Such a packet MUST be ignored when received. It may be placed at the
804  * beginning of a message that uses features not available in PGP 2.6.x
805  * in order to cause that version to report that newer software is
806  * necessary to process the message.
807  */
808 /* \ingroup rpmpgp
809  * 5.9. Literal Data Packet (Tag 11)
810  *
811  * A Literal Data packet contains the body of a message; data that is
812  * not to be further interpreted.
813  *
814  * The body of this packet consists of:
815  * - A one-octet field that describes how the data is formatted.
816  *
817  * If it is a 'b' (0x62), then the literal packet contains binary data.
818  * If it is a 't' (0x74), then it contains text data, and thus may need
819  * line ends converted to local form, or other text-mode changes. RFC
820  * 1991 also defined a value of 'l' as a 'local' mode for machine-local
821  * conversions. This use is now deprecated.
822  * - File name as a string (one-octet length, followed by file name),
823  * if the encrypted data should be saved as a file.
824  *
825  * If the special name "_CONSOLE" is used, the message is considered to
826  * be "for your eyes only". This advises that the message data is
827  * unusually sensitive, and the receiving program should process it more
828  * carefully, perhaps avoiding storing the received data to disk, for
829  * example.
830  * - A four-octet number that indicates the modification date of the
831  * file, or the creation time of the packet, or a zero that
832  * indicates the present time.
833  * - The remainder of the packet is literal data.
834  *
835  * Text data is stored with <CR><LF> text endings (i.e. network-normal
836  * line endings). These should be converted to native line endings by
837  * the receiving software.
838  */
839 typedef struct pgpPktLdata_s {
840  uint8_t format;
841  uint8_t filenamelen;
842  uint8_t filename[1];
843 } pgpPktLdata;
844 
845 /* \ingroup rpmpgp
846  * 5.10. Trust Packet (Tag 12)
847  *
848  * The Trust packet is used only within keyrings and is not normally
849  * exported. Trust packets contain data that record the user's
850  * specifications of which key holders are trustworthy introducers,
851  * along with other information that implementing software uses for
852  * trust information.
853  *
854  * Trust packets SHOULD NOT be emitted to output streams that are
855  * transferred to other users, and they SHOULD be ignored on any input
856  * other than local keyring files.
857  */
858 typedef struct pgpPktTrust_s {
859  uint8_t flag;
860 } pgpPktTrust;
861 
862 /* \ingroup rpmpgp
863  * 5.11. User ID Packet (Tag 13)
864  *
865  * A User ID packet consists of data that is intended to represent the
866  * name and email address of the key holder. By convention, it includes
867  * an RFC 822 mail name, but there are no restrictions on its content.
868  * The packet length in the header specifies the length of the user id.
869  * If it is text, it is encoded in UTF-8.
870  *
871  */
872 typedef struct pgpPktUid_s {
873  uint8_t userid[1];
874 } pgpPktUid;
875 
878 union pgpPktPre_u {
880  pgpPktSig sig;
883  pgpPktKey key;
890 };
891 
894 typedef enum pgpArmor_e {
902 #define PGPARMOR_ERROR PGPARMOR_ERR_NO_BEGIN_PGP
911 } pgpArmor;
912 
915 typedef enum pgpArmorKey_e {
921 } pgpArmorKey;
922 
923 typedef enum pgpValType_e {
934 } pgpValType;
935 
939 typedef enum rpmDigestFlags_e {
942 
949 const char * pgpValString(pgpValType type, uint8_t val);
950 
957 static inline
958 unsigned int pgpGrab(const uint8_t *s, size_t nbytes)
959 {
960  size_t i = 0;
961  size_t nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
962  while (nb--)
963  i = (i << 8) | *s++;
964  return i;
965 }
966 
973 static inline
974 size_t pgpLen(const uint8_t *s, size_t * lenp)
975 {
976  if (*s < 192) {
977  (*lenp) = *s++;
978  return 1;
979  } else if (*s < 255) {
980  (*lenp) = ((((unsigned)s[0]) - 192) << 8) + s[1] + 192;
981  return 2;
982  } else {
983  (*lenp) = pgpGrab(s+1, (size_t) 4);
984  return 5;
985  }
986 }
987 
994 char * pgpHexStr(const uint8_t *p, size_t plen);
995 
1004 int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
1005  pgpKeyID_t keyid);
1006 
1014 int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid);
1015 
1024 int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
1025 
1033 pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen);
1034 
1042 pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen);
1043 
1051 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns);
1052 
1057 pgpDig pgpNewDig(void);
1058 
1063 void pgpCleanDig(pgpDig dig);
1064 
1070 pgpDig pgpFreeDig(pgpDig dig);
1071 
1078 rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx);
1079 
1085 char *pgpIdentItem(pgpDigParams digp);
1086 
1094 int rpmInitCrypto(void);
1095 
1099 int rpmFreeCrypto(void);
1100 
1106 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx);
1107 
1113 size_t rpmDigestLength(pgpHashAlgo hashalgo);
1114 
1122 DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags);
1123 
1131 int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len);
1132 
1144 int rpmDigestFinal(DIGEST_CTX ctx,
1145  void ** datap,
1146  size_t * lenp, int asAscii);
1147 
1152 rpmDigestBundle rpmDigestBundleNew(void);
1153 
1159 rpmDigestBundle rpmDigestBundleFree(rpmDigestBundle bundle);
1160 
1168 int rpmDigestBundleAdd(rpmDigestBundle bundle, pgpHashAlgo algo,
1169  rpmDigestFlags flags);
1170 
1178 int rpmDigestBundleUpdate(rpmDigestBundle bundle, const void *data, size_t len);
1179 
1190 int rpmDigestBundleFinal(rpmDigestBundle bundle,
1191  pgpHashAlgo algo, void ** datap, size_t * lenp, int asAscii);
1192 
1199 DIGEST_CTX rpmDigestBundleDupCtx(rpmDigestBundle bundle, pgpHashAlgo algo);
1200 
1201 #ifdef __cplusplus
1202 }
1203 #endif
1204 
1205 #endif /* H_RPMPGP */
int rpmInitCrypto(void)
Perform cryptography initialization.
5.5.1.
Definition: rpmpgp.h:612
uint8_t hash_algo
Definition: rpmpgp.h:332
uint8_t hash_algo
Definition: rpmpgp.h:534
enum pgpHashAlgo_e pgpHashAlgo
9.4.
pgpPubkeyAlgo_e
9.1.
Definition: rpmpgp.h:169
struct pgpPktPubkey_s pgpPktPubkey
5.1.
static size_t pgpLen(const uint8_t *s, size_t *lenp)
Return length of an OpenPGP packet.
Definition: rpmpgp.h:974
pgpSymkeyAlgo_e
9.2.
Definition: rpmpgp.h:205
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest.
enum pgpCompressAlgo_e pgpCompressAlgo
9.3.
pgpCompressAlgo_e
9.3.
Definition: rpmpgp.h:235
pgpPktCdata cdata
Definition: rpmpgp.h:884
int rpmDigestBundleAdd(rpmDigestBundle bundle, pgpHashAlgo algo, rpmDigestFlags flags)
Add a new type of digest to a bundle.
uint8_t pubkey_algo
Definition: rpmpgp.h:653
int pgpPubkeyFingerprint(const uint8_t *pkt, size_t pktlen, pgpKeyID_t keyid)
Calculate OpenPGP public key fingerprint.
enum pgpSubType_e pgpSubType
5.2.3.1.
pgpValType_e
Definition: rpmpgp.h:923
pgpPktOnepass onepass
Definition: rpmpgp.h:882
int rpmFreeCrypto(void)
Shutdown cryptography.
struct pgpDig_s * pgpDig
Definition: rpmpgp.h:30
pgpTime_t time
Definition: rpmpgp.h:652
pgpSigType_e
5.2.1.
Definition: rpmpgp.h:126
rpmDigestBundle rpmDigestBundleFree(rpmDigestBundle bundle)
Free a digest bundle and all contained digest contexts.
uint8_t version
Definition: rpmpgp.h:297
uint8_t version
Definition: rpmpgp.h:613
union pgpPktKey_u pgpPktKey
5.5.3.
uint8_t version
Definition: rpmpgp.h:532
char * pgpArmorWrap(int atype, const unsigned char *s, size_t ns)
Wrap a OpenPGP packets in ascii armor for transport.
5.2.3.
Definition: rpmpgp.h:328
enum pgpSigType_e pgpSigType
5.2.1.
uint8_t version
Definition: rpmpgp.h:114
size_t rpmDigestLength(pgpHashAlgo hashalgo)
Obtain digest length in bytes.
pgpPktSig sig
Definition: rpmpgp.h:880
uint8_t version
Definition: rpmpgp.h:329
uint8_t pubkey_algo
Definition: rpmpgp.h:535
uint8_t flag
Definition: rpmpgp.h:859
pgpArmor pgpParsePkts(const char *armor, uint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from memory.
5.2.2.
Definition: rpmpgp.h:296
5.5.3.
Definition: rpmpgp.h:720
struct pgpPktTrust_s pgpPktTrust
struct pgpPktEdata_s pgpPktEdata
char const *const str
Definition: rpmpgp.h:43
uint8_t pgpKeyID_t[8]
Definition: rpmpgp.h:36
struct rpmDigestBundle_s * rpmDigestBundle
Definition: rpmpgp.h:26
uint8_t pubkey_algo
Definition: rpmpgp.h:331
struct pgpPktSigV4_s * pgpPktSigV4
5.2.3.
const char * pgpValString(pgpValType type, uint8_t val)
Return string representation of am OpenPGP value.
struct pgpPktLdata_s pgpPktLdata
pgpSubType_e
5.2.3.1.
Definition: rpmpgp.h:402
pgpPktPubkey pubkey
Definition: rpmpgp.h:879
int rpmDigestBundleFinal(rpmDigestBundle bundle, pgpHashAlgo algo, void **datap, size_t *lenp, int asAscii)
Return digest from a bundle and destroy context, see rpmDigestFinal().
DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
Duplicate a digest context.
char * pgpIdentItem(pgpDigParams digp)
Return a string identification of a PGP signature/pubkey.
enum pgpValType_e pgpValType
uint8_t version
Definition: rpmpgp.h:497
struct pgpPktUid_s pgpPktUid
uint8_t symkey_algo
Definition: rpmpgp.h:498
uint8_t format
Definition: rpmpgp.h:840
uint8_t sigtype
Definition: rpmpgp.h:330
int rpmDigestBundleUpdate(rpmDigestBundle bundle, const void *data, size_t len)
Update contexts within bundle with next plain text buffer.
uint8_t hash_algo
Definition: rpmpgp.h:303
enum pgpArmorKey_e pgpArmorKey
pgpPktKey key
Definition: rpmpgp.h:883
int rpmDigestFinal(DIGEST_CTX ctx, void **datap, size_t *lenp, int asAscii)
Return digest and destroy context.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
pgpHashAlgo_e
9.4.
Definition: rpmpgp.h:263
struct pgpPktCdata_s pgpPktCdata
enum rpmDigestFlags_e rpmDigestFlags
Bit(s) to control digest operation.
struct pgpPktKeyV4_s * pgpPktKeyV4
The version 4 format is similar to the version 3 format except for the absence of a validity period...
uint8_t algo
Definition: rpmpgp.h:116
pgpTime_t time
Definition: rpmpgp.h:614
pgpPktLdata ldata
Definition: rpmpgp.h:887
uint8_t nested
Definition: rpmpgp.h:537
union pgpPktSig_u * pgpPktSig
5.2.
uint8_t compressalgo
Definition: rpmpgp.h:750
pgpTime_t time
Definition: rpmpgp.h:300
pgpKeyID_t signid
Definition: rpmpgp.h:301
enum pgpPubkeyAlgo_e pgpPubkeyAlgo
9.1.
pgpArmor pgpReadPkts(const char *fn, uint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
pgpPktUid uid
Definition: rpmpgp.h:889
uint8_t pgpTime_t[4]
Definition: rpmpgp.h:37
uint8_t version
Definition: rpmpgp.h:651
uint8_t pubkey_algo
Definition: rpmpgp.h:616
pgpDig pgpFreeDig(pgpDig dig)
Destroy a container for parsed OpenPGP packet(s).
pgpPktEdata edata
Definition: rpmpgp.h:885
uint8_t hashlen
Definition: rpmpgp.h:298
struct pgpPktSigV3_s * pgpPktSigV3
5.2.2.
pgpPktTrust tdata
Definition: rpmpgp.h:888
uint8_t pubkey_algo
Definition: rpmpgp.h:302
5.2.
Definition: rpmpgp.h:463
enum pgpSymkeyAlgo_e pgpSymkeyAlgo
9.2.
rpmDigestBundle rpmDigestBundleNew(void)
Create a new digest bundle.
pgpKeyID_t keyid
Definition: rpmpgp.h:115
struct DIGEST_CTX_s * DIGEST_CTX
Definition: rpmpgp.h:25
enum pgpArmor_e pgpArmor
rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
Verify a PGP signature.
rpmDigestFlags_e
Bit(s) to control digest operation.
Definition: rpmpgp.h:939
enum pgpTag_e pgpTag
4.3.
const struct pgpValTbl_s * pgpValTbl
pgpDig pgpNewDig(void)
Create a container for parsed OpenPGP packet(s).
struct pgpPktSymkey_s pgpPktSymkey
5.3.
int val
Definition: rpmpgp.h:42
pgpArmorKey_e
Definition: rpmpgp.h:915
static unsigned int pgpGrab(const uint8_t *s, size_t nbytes)
Return (native-endian) integer from big-endian representation.
Definition: rpmpgp.h:958
enum rpmRC_e rpmRC
Package read return codes.
char * pgpHexStr(const uint8_t *p, size_t plen)
Return hex formatted representation of bytes.
uint8_t sigtype
Definition: rpmpgp.h:299
DIGEST_CTX rpmDigestBundleDupCtx(rpmDigestBundle bundle, pgpHashAlgo algo)
Duplicate a digest context from a bundle.
int pgpExtractPubkeyFingerprint(const char *b64pkt, pgpKeyID_t keyid)
Extract OpenPGP public key fingerprint from base64 encoded packet.
struct pgpPktKeyV3_s * pgpPktKeyV3
5.5.1.
int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing)
Print/parse a OpenPGP packet(s).
The version 4 format is similar to the version 3 format except for the absence of a validity period...
Definition: rpmpgp.h:650
uint8_t sigtype
Definition: rpmpgp.h:533
pgpKeyID_t signid
Definition: rpmpgp.h:536
struct pgpPktOnepass_s * pgpPktOnepass
5.4.
void pgpCleanDig(pgpDig dig)
Release (malloc&#39;d) data from container.
uint8_t filenamelen
Definition: rpmpgp.h:841
pgpPktSymkey symkey
Definition: rpmpgp.h:881
pgpTag_e
4.3.
Definition: rpmpgp.h:53
pgpArmor_e
Definition: rpmpgp.h:894
struct pgpDigParams_s * pgpDigParams
Definition: rpmpgp.h:34