From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Roberto Sassu" <roberto.sassu@huaweicloud.com>,
<dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <linux-kernel@vger.kernel.org>, <keyrings@vger.kernel.org>,
<linux-crypto@vger.kernel.org>, <zohar@linux.ibm.com>,
<linux-integrity@vger.kernel.org>,
<torvalds@linux-foundation.org>,
"Roberto Sassu" <roberto.sassu@huawei.com>
Subject: Re: [PATCH v3 03/14] PGPLIB: PGP definitions (RFC 9580)
Date: Thu, 12 Sep 2024 16:54:23 +0300 [thread overview]
Message-ID: <D44CUG76DIBS.31UGN7S3KFK74@kernel.org> (raw)
In-Reply-To: <20240911122911.1381864-4-roberto.sassu@huaweicloud.com>
On Wed Sep 11, 2024 at 3:29 PM EEST, Roberto Sassu wrote:
> From: David Howells <dhowells@redhat.com>
>
> Provide some useful PGP definitions from RFC 9580. These describe details
> of public key crypto as used by crypto keys for things like signature
> verification.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> crypto/asymmetric_keys/pgp.h | 216 +++++++++++++++++++++++++++++++++++
> 1 file changed, 216 insertions(+)
> create mode 100644 crypto/asymmetric_keys/pgp.h
>
> diff --git a/crypto/asymmetric_keys/pgp.h b/crypto/asymmetric_keys/pgp.h
> new file mode 100644
> index 000000000000..eaf0ab8e0373
> --- /dev/null
> +++ b/crypto/asymmetric_keys/pgp.h
> @@ -0,0 +1,216 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/* PGP definitions (RFC 9580)
> + *
> + * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
> + * Written by David Howells (dhowells@redhat.com)
> + */
> +
> +#include <linux/types.h>
> +
> +struct pgp_key_ID {
> + u8 id[8];
> +} __packed;
> +
> +struct pgp_time {
> + u8 time[4];
> +} __packed;
> +
> +/*
> + * PGP public-key algorithm identifiers [RFC 9580: 9.1]
Nicely done documentation, which is rare, i.e. tells what the thing is
and gives an easy to access reference. 0x1F44D for that.
> + */
> +enum pgp_pubkey_algo {
> + PGP_PUBKEY_RSA_ENC_OR_SIG = 1,
> + PGP_PUBKEY_RSA_ENC_ONLY = 2,
> + PGP_PUBKEY_RSA_SIG_ONLY = 3,
> + PGP_PUBKEY_ELGAMAL = 16,
> + PGP_PUBKEY_DSA = 17,
> + PGP_PUBKEY_ECDH = 18,
> + PGP_PUBKEY_ECDSA = 19,
> + PGP_PUBKEY_EDDSA_LEGACY = 22,
> + PGP_PUBKEY_X25519 = 25,
> + PGP_PUBKEY_X448 = 26,
> + PGP_PUBKEY_ED25519 = 27,
> + PGP_PUBKEY_ED448 = 28,
> + PGP_PUBKEY__LAST
> +};
> +
> +/*
> + * PGP symmetric-key algorithm identifiers [RFC 9580: 9.3]
> + */
> +enum pgp_symkey_algo {
> + PGP_SYMKEY_PLAINTEXT = 0,
> + PGP_SYMKEY_IDEA = 1,
> + PGP_SYMKEY_3DES = 2,
> + PGP_SYMKEY_CAST5 = 3,
> + PGP_SYMKEY_BLOWFISH = 4,
> + PGP_SYMKEY_AES_128KEY = 7,
> + PGP_SYMKEY_AES_192KEY = 8,
> + PGP_SYMKEY_AES_256KEY = 9,
> + PGP_SYMKEY_TWOFISH_256KEY = 10,
> + PGP_SYMKEY_CAMELIA_128KEY = 11,
> + PGP_SYMKEY_CAMELIA_192KEY = 12,
> + PGP_SYMKEY_CAMELIA_256KEY = 13,
> + PGP_SYMKEY__LAST
> +};
> +
> +/*
> + * PGP compression algorithm identifiers [RFC 9580: 9.4]
> + */
> +enum pgp_compr_algo {
> + PGP_COMPR_UNCOMPRESSED = 0,
> + PGP_COMPR_ZIP = 1,
> + PGP_COMPR_ZLIB = 2,
> + PGP_COMPR_BZIP2 = 3,
> + PGP_COMPR__LAST
> +};
> +
> +/*
> + * PGP hash algorithm identifiers [RFC 9580: 9.4]
> + */
> +enum pgp_hash_algo {
> + PGP_HASH_MD5 = 1,
> + PGP_HASH_SHA1 = 2,
> + PGP_HASH_RIPE_MD_160 = 3,
> + PGP_HASH_SHA256 = 8,
> + PGP_HASH_SHA384 = 9,
> + PGP_HASH_SHA512 = 10,
> + PGP_HASH_SHA224 = 11,
> + PGP_HASH_SHA3_256 = 12,
> + PGP_HASH_SHA3_512 = 14,
> + PGP_HASH__LAST
> +};
> +
/*
* doc
*/
> +extern const char *const pgp_hash_algorithms[PGP_HASH__LAST];
> +
> +/*
> + * PGP packet type tags [RFC 9580: 5].
> + */
> +enum pgp_packet_tag {
> + PGP_PKT_RESERVED = 0,
> + PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1,
> + PGP_PKT_SIGNATURE = 2,
> + PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3,
> + PGP_PKT_ONEPASS_SIGNATURE = 4,
> + PGP_PKT_SECRET_KEY = 5,
> + PGP_PKT_PUBLIC_KEY = 6,
> + PGP_PKT_SECRET_SUBKEY = 7,
> + PGP_PKT_COMPRESSED_DATA = 8,
> + PGP_PKT_SYM_ENC_DATA = 9,
> + PGP_PKT_MARKER = 10,
> + PGP_PKT_LITERAL_DATA = 11,
> + PGP_PKT_TRUST = 12,
> + PGP_PKT_USER_ID = 13,
> + PGP_PKT_PUBLIC_SUBKEY = 14,
> + PGP_PKT_USER_ATTRIBUTE = 17,
> + PGP_PKT_SYM_ENC_AND_INTEG_DATA = 18,
> + PGP_PKT_MODIFY_DETECT_CODE = 19,
> + PGP_PKT_PRIVATE_0 = 60,
> + PGP_PKT_PRIVATE_3 = 63,
> + PGP_PKT__HIGHEST = 63
> +};
> +
> +/*
> + * Signature (tag 2) packet [RFC 9580: 5.2].
> + */
> +enum pgp_signature_version {
> + PGP_SIG_VERSION_3 = 3,
> + PGP_SIG_VERSION_4 = 4,
> +};
> +
> +/*
> + * Signature types [RFC 9580: 5.2.1].
> + */
> +enum pgp_signature_type {
> + PGP_SIG_BINARY_DOCUMENT_SIG = 0x00,
> + PGP_SIG_CANONICAL_TEXT_DOCUMENT_SIG = 0x01,
> + PGP_SIG_STANDALONE_SIG = 0x02,
> + PGP_SIG_GENERAL_CERT_OF_UID_PUBKEY = 0x10,
> + PGP_SIG_PERSONAL_CERT_OF_UID_PUBKEY = 0x11,
> + PGP_SIG_CASUAL_CERT_OF_UID_PUBKEY = 0x12,
> + PGP_SIG_POSTITIVE_CERT_OF_UID_PUBKEY = 0x13,
> + PGP_SIG_SUBKEY_BINDING_SIG = 0x18,
> + PGP_SIG_PRIMARY_KEY_BINDING_SIG = 0x19,
> + PGP_SIG_DIRECTLY_ON_KEY = 0x1F,
> + PGP_SIG_KEY_REVOCATION_SIG = 0x20,
> + PGP_SIG_SUBKEY_REVOCATION_SIG = 0x28,
> + PGP_SIG_CERT_REVOCATION_SIG = 0x30,
> + PGP_SIG_TIMESTAMP_SIG = 0x40,
> + PGP_SIG_THIRD_PARTY_CONFIRM_SIG = 0x50,
> +};
> +
/*
* doc
*/
> +struct pgp_signature_v3_packet {
> + enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_3 */
> + u8 length_of_hashed; /* == 5 */
> + struct {
> + enum pgp_signature_type signature_type : 8;
> + struct pgp_time creation_time;
> + } __packed hashed;
> + struct pgp_key_ID issuer;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + enum pgp_hash_algo hash_algo : 8;
> +} __packed;
> +
/*
* doc
*/
> +struct pgp_signature_v4_packet {
> + enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_4 */
> + enum pgp_signature_type signature_type : 8;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + enum pgp_hash_algo hash_algo : 8;
> +} __packed;
> +
> +/*
> + * V4 signature subpacket types [RFC 9580: 5.2.3.7].
> + */
> +enum pgp_sig_subpkt_type {
> + PGP_SIG_CREATION_TIME = 2,
> + PGP_SIG_EXPIRATION_TIME = 3,
> + PGP_SIG_EXPORTABLE_CERT = 4,
> + PGP_SIG_TRUST_SIG = 5,
> + PGP_SIG_REGEXP = 6,
> + PGP_SIG_REVOCABLE = 7,
> + PGP_SIG_KEY_EXPIRATION_TIME = 9,
> + PGP_SIG_PREF_SYM_ALGO = 11,
> + PGP_SIG_REVOCATION_KEY = 12,
> + PGP_SIG_ISSUER = 16,
> + PGP_SIG_NOTATION_DATA = 20,
> + PGP_SIG_PREF_HASH_ALGO = 21,
> + PGP_SIG_PREF_COMPR_ALGO = 22,
> + PGP_SIG_KEY_SERVER_PREFS = 23,
> + PGP_SIG_PREF_KEY_SERVER = 24,
> + PGP_SIG_PRIMARY_USER_ID = 25,
> + PGP_SIG_POLICY_URI = 26,
> + PGP_SIG_KEY_FLAGS = 27,
> + PGP_SIG_SIGNERS_USER_ID = 28,
> + PGP_SIG_REASON_FOR_REVOCATION = 29,
> + PGP_SIG_FEATURES = 30,
> + PGP_SIG_TARGET = 31,
> + PGP_SIG_EMBEDDED_SIG = 32,
> + PGP_SIG_ISSUER_FINGERPRINT = 33,
> + PGP_SIG_INTENDED_RECIPIENT_FINGERPRINT = 35,
> + PGP_SIG_PREFERRED_AEAD_CIPHERS = 39,
> + PGP_SIG__LAST
> +};
> +
/*
* Documentation what is the critical mask.
*/
> +#define PGP_SIG_SUBPKT_TYPE_CRITICAL_MASK 0x80
> +
> +/*
> + * Key (tag 5, 6, 7 and 14) packet
> + */
> +enum pgp_key_version {
> + PGP_KEY_VERSION_4 = 4,
> +};
> +
/*
* doc
*/
> +struct pgp_key_v4_packet {
> + enum pgp_key_version version : 8;
> + struct pgp_time creation_time;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + u8 key_material[];
> +} __packed;
> +
> +/*
> + * Literal Data (tag 11) packet
> + */
> +enum pgp_literal_data_format {
> + PGP_LIT_FORMAT_BINARY = 0x62,
> + PGP_LIT_FORMAT_TEXT = 0x74,
> + PGP_LIT_FORMAT_TEXT_UTF8 = 0x75,
> +};
BR, Jarkko
next prev parent reply other threads:[~2024-09-12 13:54 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 12:28 [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Roberto Sassu
2024-09-11 12:28 ` [PATCH v3 01/14] mpi: Introduce mpi_key_length() Roberto Sassu
2024-09-12 13:26 ` Jarkko Sakkinen
2024-09-11 12:28 ` [PATCH v3 02/14] rsa: add parser of raw format Roberto Sassu
2024-09-12 13:33 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 03/14] PGPLIB: PGP definitions (RFC 9580) Roberto Sassu
2024-09-12 13:54 ` Jarkko Sakkinen [this message]
2024-09-11 12:29 ` [PATCH v3 04/14] PGPLIB: Basic packet parser Roberto Sassu
2024-09-12 13:57 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 05/14] PGPLIB: Signature parser Roberto Sassu
2024-09-12 13:58 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 06/14] KEYS: PGP data parser Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 07/14] KEYS: Provide PGP key description autogeneration Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 08/14] KEYS: PGP-based public key signature verification Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 09/14] KEYS: Retry asym key search with partial ID in restrict_link_by_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 10/14] KEYS: Calculate key digest and get signature of the key Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 11/14] verification: introduce verify_pgp_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 12/14] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 13/14] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 14/14] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2024-09-13 4:45 ` [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Herbert Xu
2024-09-13 8:30 ` Roberto Sassu
2024-09-13 9:00 ` Herbert Xu
2024-09-15 7:11 ` Linus Torvalds
2024-09-15 8:07 ` Herbert Xu
2024-09-15 8:40 ` Linus Torvalds
2024-09-15 9:15 ` Herbert Xu
2024-09-15 9:31 ` Herbert Xu
2024-09-15 17:52 ` Roberto Sassu
2024-09-17 11:27 ` Dr. Greg
2024-09-26 9:41 ` Roberto Sassu
2024-09-27 1:25 ` Dr. Greg
2024-10-04 10:42 ` Roberto Sassu
2024-09-15 10:51 ` Roberto Sassu
2024-09-13 9:32 ` David Howells
2024-09-13 10:46 ` Ard Biesheuvel
2024-09-14 11:29 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D44CUG76DIBS.31UGN7S3KFK74@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.