Revision control
Copy as Markdown
Other Tools
/*
* All rights reserved.
*
* This code is originally derived from software contributed to
* The NetBSD Foundation by Alistair Crooks (agc@netbsd.org), and
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef REPGP_DEF_H_
#define REPGP_DEF_H_
#include <cstdint>
/************************************/
/* Packet Tags - RFC4880, 4.2 */
/************************************/
/** Packet Tag - Bit 7 Mask (this bit is always set).
* The first byte of a packet is the "Packet Tag". It always
* has bit 7 set. This is the mask for it.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_ALWAYS_SET 0x80
/** Packet Tag - New Format Flag.
* Bit 6 of the Packet Tag is the packet format indicator.
* If it is set, the new format is used, if cleared the
* old format is used.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_NEW_FORMAT 0x40
/** Old Packet Format: Mask for content tag.
* In the old packet format bits 5 to 2 (including)
* are the content tag. This is the mask to apply
* to the packet tag. Note that you need to
* shift by #PGP_PTAG_OF_CONTENT_TAG_SHIFT bits.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_OF_CONTENT_TAG_MASK 0x3c
/** Old Packet Format: Offset for the content tag.
* As described at #PGP_PTAG_OF_CONTENT_TAG_MASK the
* content tag needs to be shifted after being masked
* out from the Packet Tag.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_OF_CONTENT_TAG_SHIFT 2
/** Old Packet Format: Mask for length type.
* Bits 1 and 0 of the packet tag are the length type
* in the old packet format.
*
* See #pgp_ptag_of_lt_t for the meaning of the values.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_OF_LENGTH_TYPE_MASK 0x03
/* Maximum block size for symmetric crypto */
#define PGP_MAX_BLOCK_SIZE 16
/* Maximum key size for symmetric crypto */
#define PGP_MAX_KEY_SIZE 32
/* Salt size for hashing */
#define PGP_SALT_SIZE 8
/* Size of the keyid */
#define PGP_KEY_ID_SIZE 8
/* Size of the fingerprint */
#define PGP_FINGERPRINT_SIZE 20
#define PGP_FINGERPRINT_HEX_SIZE (PGP_FINGERPRINT_SIZE * 2) + 1
/* Size of the key grip */
#define PGP_KEY_GRIP_SIZE 20
/* PGP marker packet contents */
#define PGP_MARKER_CONTENTS "PGP"
#define PGP_MARKER_LEN 3
/** Old Packet Format Lengths.
* Defines the meanings of the 2 bits for length type in the
* old packet format.
*
* \see RFC4880 4.2.1
*/
typedef enum {
PGP_PTAG_OLD_LEN_1 = 0x00, /* Packet has a 1 byte length -
* header is 2 bytes long. */
PGP_PTAG_OLD_LEN_2 = 0x01, /* Packet has a 2 byte length -
* header is 3 bytes long. */
PGP_PTAG_OLD_LEN_4 = 0x02, /* Packet has a 4 byte
* length - header is 5 bytes
* long. */
PGP_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* Packet has a
* indeterminate length. */
} pgp_ptag_of_lt_t;
/** New Packet Format: Mask for content tag.
* In the new packet format the 6 rightmost bits
* are the content tag. This is the mask to apply
* to the packet tag. Note that you need to
* shift by #PGP_PTAG_NF_CONTENT_TAG_SHIFT bits.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_NF_CONTENT_TAG_MASK 0x3f
/** New Packet Format: Offset for the content tag.
* As described at #PGP_PTAG_NF_CONTENT_TAG_MASK the
* content tag needs to be shifted after being masked
* out from the Packet Tag.
*
* \see RFC4880 4.2
*/
#define PGP_PTAG_NF_CONTENT_TAG_SHIFT 0
#define MDC_PKT_TAG 0xd3
#define MDC_V1_SIZE 22
typedef enum : uint8_t {
PGP_REVOCATION_NO_REASON = 0,
PGP_REVOCATION_SUPERSEDED = 1,
PGP_REVOCATION_COMPROMISED = 2,
PGP_REVOCATION_RETIRED = 3,
PGP_REVOCATION_NO_LONGER_VALID = 0x20
} pgp_revocation_type_t;
/**
* @brief OpenPGP packet tags. See section 4.3 of RFC4880 for the detailed description.
*
*/
typedef enum : uint8_t {
PGP_PKT_RESERVED = 0, /* Reserved - a packet tag must not have this value */
PGP_PKT_PK_SESSION_KEY = 1, /* Public-Key Encrypted Session Key Packet */
PGP_PKT_SIGNATURE = 2, /* Signature Packet */
PGP_PKT_SK_SESSION_KEY = 3, /* Symmetric-Key Encrypted Session Key Packet */
PGP_PKT_ONE_PASS_SIG = 4, /* One-Pass Signature Packet */
PGP_PKT_SECRET_KEY = 5, /* Secret Key Packet */
PGP_PKT_PUBLIC_KEY = 6, /* Public Key Packet */
PGP_PKT_SECRET_SUBKEY = 7, /* Secret Subkey Packet */
PGP_PKT_COMPRESSED = 8, /* Compressed Data Packet */
PGP_PKT_SE_DATA = 9, /* Symmetrically Encrypted Data Packet */
PGP_PKT_MARKER = 10, /* Marker Packet */
PGP_PKT_LITDATA = 11, /* Literal Data Packet */
PGP_PKT_TRUST = 12, /* Trust Packet */
PGP_PKT_USER_ID = 13, /* User ID Packet */
PGP_PKT_PUBLIC_SUBKEY = 14, /* Public Subkey Packet */
PGP_PKT_RESERVED2 = 15, /* Reserved */
PGP_PKT_RESERVED3 = 16, /* Reserved */
PGP_PKT_USER_ATTR = 17, /* User Attribute Packet */
PGP_PKT_SE_IP_DATA = 18, /* Sym. Encrypted and Integrity Protected Data Packet */
PGP_PKT_MDC = 19, /* Modification Detection Code Packet */
PGP_PKT_AEAD_ENCRYPTED = 20 /* AEAD Encrypted Data Packet, RFC 4880bis */
} pgp_pkt_type_t;
/** Public Key Algorithm Numbers.
* OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP.
*
* This lists algorithm numbers for public key algorithms.
*
* \see RFC4880 9.1
*/
typedef enum : uint8_t {
PGP_PKA_NOTHING = 0, /* No PKA */
PGP_PKA_RSA = 1, /* RSA (Encrypt or Sign) */
PGP_PKA_RSA_ENCRYPT_ONLY = 2, /* RSA Encrypt-Only (deprecated -
* \see RFC4880 13.5) */
PGP_PKA_RSA_SIGN_ONLY = 3, /* RSA Sign-Only (deprecated -
* \see RFC4880 13.5) */
PGP_PKA_ELGAMAL = 16, /* Elgamal (Encrypt-Only) */
PGP_PKA_DSA = 17, /* DSA (Digital Signature Algorithm) */
PGP_PKA_ECDH = 18, /* ECDH public key algorithm */
PGP_PKA_ECDSA = 19, /* ECDSA public key algorithm [FIPS186-3] */
PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* Elgamal Encrypt or Sign. Implementation MUST not
generate such keys and elgamal signatures. */
PGP_PKA_RESERVED_DH = 21, /* Reserved for Diffie-Hellman
* (X9.42, as defined for
* IETF-S/MIME) */
PGP_PKA_EDDSA = 22, /* EdDSA from draft-ietf-openpgp-rfc4880bis */
PGP_PKA_SM2 = 99, /* SM2 encryption/signature schemes */
PGP_PKA_PRIVATE00 = 100, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE01 = 101, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE02 = 102, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE03 = 103, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE04 = 104, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE05 = 105, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE06 = 106, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE07 = 107, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE08 = 108, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE09 = 109, /* Private/Experimental Algorithm */
PGP_PKA_PRIVATE10 = 110 /* Private/Experimental Algorithm */
} pgp_pubkey_alg_t;
/**
* Enumeration of elliptic curves used by PGP.
*
* \see RFC4880-bis01 9.2. ECC Curve OID
*
* Values in this enum correspond to order in ec_curve array (in ec.c)
*/
typedef enum {
PGP_CURVE_UNKNOWN = 0,
PGP_CURVE_NIST_P_256,
PGP_CURVE_NIST_P_384,
PGP_CURVE_NIST_P_521,
PGP_CURVE_ED25519,
PGP_CURVE_25519,
PGP_CURVE_BP256,
PGP_CURVE_BP384,
PGP_CURVE_BP512,
PGP_CURVE_P256K1,
PGP_CURVE_SM2_P_256,
// Keep always last one
PGP_CURVE_MAX
} pgp_curve_t;
/** Symmetric Key Algorithm Numbers.
* OpenPGP assigns a unique Algorithm Number to each algorithm that is
* part of OpenPGP.
*
* This lists algorithm numbers for symmetric key algorithms.
*
* \see RFC4880 9.2
*/
typedef enum {
PGP_SA_PLAINTEXT = 0, /* Plaintext or unencrypted data */
PGP_SA_IDEA = 1, /* IDEA */
PGP_SA_TRIPLEDES = 2, /* TripleDES */
PGP_SA_CAST5 = 3, /* CAST5 */
PGP_SA_BLOWFISH = 4, /* Blowfish */
PGP_SA_AES_128 = 7, /* AES with 128-bit key (AES) */
PGP_SA_AES_192 = 8, /* AES with 192-bit key */
PGP_SA_AES_256 = 9, /* AES with 256-bit key */
PGP_SA_TWOFISH = 10, /* Twofish with 256-bit key (TWOFISH) */
PGP_SA_CAMELLIA_128 = 11, /* Camellia with 128-bit key (CAMELLIA) */
PGP_SA_CAMELLIA_192 = 12, /* Camellia with 192-bit key */
PGP_SA_CAMELLIA_256 = 13, /* Camellia with 256-bit key */
PGP_SA_SM4 = 105, /* RNP extension - SM4 */
PGP_SA_UNKNOWN = 255
} pgp_symm_alg_t;
typedef enum {
PGP_CIPHER_MODE_NONE = 0,
PGP_CIPHER_MODE_CFB = 1,
PGP_CIPHER_MODE_CBC = 2,
PGP_CIPHER_MODE_OCB = 3,
} pgp_cipher_mode_t;
typedef enum {
PGP_AEAD_NONE = 0,
PGP_AEAD_EAX = 1,
PGP_AEAD_OCB = 2,
PGP_AEAD_UNKNOWN = 255
} pgp_aead_alg_t;
/** s2k_usage_t
*/
typedef enum {
PGP_S2KU_NONE = 0,
PGP_S2KU_ENCRYPTED_AND_HASHED = 254,
PGP_S2KU_ENCRYPTED = 255
} pgp_s2k_usage_t;
/** s2k_specifier_t
*/
typedef enum : uint8_t {
PGP_S2KS_SIMPLE = 0,
PGP_S2KS_SALTED = 1,
PGP_S2KS_ITERATED_AND_SALTED = 3,
PGP_S2KS_EXPERIMENTAL = 101
} pgp_s2k_specifier_t;
typedef enum {
PGP_S2K_GPG_NONE = 0,
PGP_S2K_GPG_NO_SECRET = 1,
PGP_S2K_GPG_SMARTCARD = 2
} pgp_s2k_gpg_extension_t;
/** Signature Type.
* OpenPGP defines different signature types that allow giving
* different meanings to signatures. Signature types include 0x10 for
* generitc User ID certifications (used when Ben signs Weasel's key),
* Subkey binding signatures, document signatures, key revocations,
* etc.
*
* Different types are used in different places, and most make only
* sense in their intended location (for instance a subkey binding has
* no place on a UserID).
*
* \see RFC4880 5.2.1
*/
typedef enum : uint8_t {
PGP_SIG_BINARY = 0x00, /* Signature of a binary document */
PGP_SIG_TEXT = 0x01, /* Signature of a canonical text document */
PGP_SIG_STANDALONE = 0x02, /* Standalone signature */
PGP_CERT_GENERIC = 0x10, /* Generic certification of a User ID and
* Public Key packet */
PGP_CERT_PERSONA = 0x11, /* Persona certification of a User ID and
* Public Key packet */
PGP_CERT_CASUAL = 0x12, /* Casual certification of a User ID and
* Public Key packet */
PGP_CERT_POSITIVE = 0x13, /* Positive certification of a
* User ID and Public Key packet */
PGP_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */
PGP_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */
PGP_SIG_DIRECT = 0x1f, /* Signature directly on a key */
PGP_SIG_REV_KEY = 0x20, /* Key revocation signature */
PGP_SIG_REV_SUBKEY = 0x28, /* Subkey revocation signature */
PGP_SIG_REV_CERT = 0x30, /* Certification revocation signature */
PGP_SIG_TIMESTAMP = 0x40, /* Timestamp signature */
PGP_SIG_3RD_PARTY = 0x50 /* Third-Party Confirmation signature */
} pgp_sig_type_t;
/** Signature Subpacket Type
* Signature subpackets contains additional information about the signature
*
* \see RFC4880 5.2.3.1-5.2.3.26
*/
typedef enum {
PGP_SIG_SUBPKT_UNKNOWN = 0,
PGP_SIG_SUBPKT_RESERVED_1 = 1,
PGP_SIG_SUBPKT_CREATION_TIME = 2, /* signature creation time */
PGP_SIG_SUBPKT_EXPIRATION_TIME = 3, /* signature expiration time */
PGP_SIG_SUBPKT_EXPORT_CERT = 4, /* exportable certification */
PGP_SIG_SUBPKT_TRUST = 5, /* trust signature */
PGP_SIG_SUBPKT_REGEXP = 6, /* regular expression */
PGP_SIG_SUBPKT_REVOCABLE = 7, /* revocable */
PGP_SIG_SUBPKT_RESERVED_8 = 8,
PGP_SIG_SUBPKT_KEY_EXPIRY = 9, /* key expiration time */
PGP_SIG_SUBPKT_PLACEHOLDER = 10, /* placeholder for backward compatibility */
PGP_SIG_SUBPKT_PREFERRED_SKA = 11, /* preferred symmetric algs */
PGP_SIG_SUBPKT_REVOCATION_KEY = 12, /* revocation key */
PGP_SIG_SUBPKT_RESERVED_13 = 13,
PGP_SIG_SUBPKT_RESERVED_14 = 14,
PGP_SIG_SUBPKT_RESERVED_15 = 15,
PGP_SIG_SUBPKT_ISSUER_KEY_ID = 16, /* issuer key ID */
PGP_SIG_SUBPKT_RESERVED_17 = 17,
PGP_SIG_SUBPKT_RESERVED_18 = 18,
PGP_SIG_SUBPKT_RESERVED_19 = 19,
PGP_SIG_SUBPKT_NOTATION_DATA = 20, /* notation data */
PGP_SIG_SUBPKT_PREFERRED_HASH = 21, /* preferred hash algs */
PGP_SIG_SUBPKT_PREF_COMPRESS = 22, /* preferred compression algorithms */
PGP_SIG_SUBPKT_KEYSERV_PREFS = 23, /* key server preferences */
PGP_SIG_SUBPKT_PREF_KEYSERV = 24, /* preferred key Server */
PGP_SIG_SUBPKT_PRIMARY_USER_ID = 25, /* primary user ID */
PGP_SIG_SUBPKT_POLICY_URI = 26, /* policy URI */
PGP_SIG_SUBPKT_KEY_FLAGS = 27, /* key flags */
PGP_SIG_SUBPKT_SIGNERS_USER_ID = 28, /* signer's user ID */
PGP_SIG_SUBPKT_REVOCATION_REASON = 29, /* reason for revocation */
PGP_SIG_SUBPKT_FEATURES = 30, /* features */
PGP_SIG_SUBPKT_SIGNATURE_TARGET = 31, /* signature target */
PGP_SIG_SUBPKT_EMBEDDED_SIGNATURE = 32, /* embedded signature */
PGP_SIG_SUBPKT_ISSUER_FPR = 33, /* issuer fingerprint */
PGP_SIG_SUBPKT_PREFERRED_AEAD = 34, /* preferred AEAD algorithms */
PGP_SIG_SUBPKT_PRIVATE_100 = 100, /* private/experimental subpackets */
PGP_SIG_SUBPKT_PRIVATE_101 = 101,
PGP_SIG_SUBPKT_PRIVATE_102 = 102,
PGP_SIG_SUBPKT_PRIVATE_103 = 103,
PGP_SIG_SUBPKT_PRIVATE_104 = 104,
PGP_SIG_SUBPKT_PRIVATE_105 = 105,
PGP_SIG_SUBPKT_PRIVATE_106 = 106,
PGP_SIG_SUBPKT_PRIVATE_107 = 107,
PGP_SIG_SUBPKT_PRIVATE_108 = 108,
PGP_SIG_SUBPKT_PRIVATE_109 = 109,
PGP_SIG_SUBPKT_PRIVATE_110 = 110
} pgp_sig_subpacket_type_t;
/** Key Flags
*
* \see RFC4880 5.2.3.21
*/
typedef enum {
PGP_KF_CERTIFY = 0x01, /* This key may be used to certify other keys. */
PGP_KF_SIGN = 0x02, /* This key may be used to sign data. */
PGP_KF_ENCRYPT_COMMS = 0x04, /* This key may be used to encrypt communications. */
PGP_KF_ENCRYPT_STORAGE = 0x08, /* This key may be used to encrypt storage. */
PGP_KF_SPLIT = 0x10, /* The private component of this key may have been split
by a secret-sharing mechanism. */
PGP_KF_AUTH = 0x20, /* This key may be used for authentication. */
PGP_KF_SHARED = 0x80, /* The private component of this key may be in the
possession of more than one person. */
/* pseudo flags */
PGP_KF_NONE = 0x00,
PGP_KF_ENCRYPT = PGP_KF_ENCRYPT_COMMS | PGP_KF_ENCRYPT_STORAGE,
} pgp_key_flags_t;
typedef enum {
PGP_KEY_FEATURE_MDC = 0x01,
PGP_KEY_FEATURE_AEAD = 0x02,
PGP_KEY_FEATURE_V5 = 0x04
} pgp_key_feature_t;
/** Types of Compression */
typedef enum {
PGP_C_NONE = 0,
PGP_C_ZIP = 1,
PGP_C_ZLIB = 2,
PGP_C_BZIP2 = 3,
PGP_C_UNKNOWN = 255
} pgp_compression_type_t;
enum { PGP_SE_IP_DATA_VERSION = 1, PGP_PKSK_V3 = 3, PGP_SKSK_V4 = 4, PGP_SKSK_V5 = 5 };
/** Version.
* OpenPGP has two different protocol versions: version 3 and version 4.
*
* \see RFC4880 5.2
*/
typedef enum {
PGP_VUNKNOWN = 0,
PGP_V2 = 2, /* Version 2 (essentially the same as v3) */
PGP_V3 = 3, /* Version 3 */
PGP_V4 = 4 /* Version 4 */
} pgp_version_t;
typedef enum pgp_op_t {
PGP_OP_UNKNOWN = 0,
PGP_OP_ADD_SUBKEY = 1, /* adding a subkey, primary key password required */
PGP_OP_SIGN = 2, /* signing file or data */
PGP_OP_DECRYPT = 3, /* decrypting file or data */
PGP_OP_UNLOCK = 4, /* unlocking a key with key->unlock() */
PGP_OP_PROTECT = 5, /* adding protection to a key */
PGP_OP_UNPROTECT = 6, /* removing protection from a (locked) key */
PGP_OP_DECRYPT_SYM = 7, /* symmetric decryption */
PGP_OP_ENCRYPT_SYM = 8, /* symmetric encryption */
PGP_OP_VERIFY = 9, /* signature verification */
PGP_OP_ADD_USERID = 10, /* adding a userid */
PGP_OP_MERGE_INFO = 11, /* merging information from one key to another */
PGP_OP_ENCRYPT = 12, /* public-key encryption */
PGP_OP_CERTIFY = 13 /* key certification */
} pgp_op_t;
/** Hashing Algorithm Numbers.
* OpenPGP assigns a unique Algorithm Number to each algorithm that is
* part of OpenPGP.
*
* This lists algorithm numbers for hash algorithms.
*
* \see RFC4880 9.4
*/
typedef enum : uint8_t {
PGP_HASH_UNKNOWN = 0, /* used to indicate errors */
PGP_HASH_MD5 = 1,
PGP_HASH_SHA1 = 2,
PGP_HASH_RIPEMD = 3,
PGP_HASH_SHA256 = 8,
PGP_HASH_SHA384 = 9,
PGP_HASH_SHA512 = 10,
PGP_HASH_SHA224 = 11,
PGP_HASH_SHA3_256 = 12,
PGP_HASH_SHA3_512 = 14,
/* Private range */
PGP_HASH_SM3 = 105,
} pgp_hash_alg_t;
typedef enum pgp_key_store_format_t {
PGP_KEY_STORE_UNKNOWN = 0,
PGP_KEY_STORE_GPG,
PGP_KEY_STORE_KBX,
PGP_KEY_STORE_G10,
} pgp_key_store_format_t;
namespace rnp {
enum class AuthType { None, MDC, AEADv1 };
}
#endif