From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Roberto Sassu" <roberto.sassu@huaweicloud.com>,
<dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <linux-kernel@vger.kernel.org>, <keyrings@vger.kernel.org>,
<linux-crypto@vger.kernel.org>, <zohar@linux.ibm.com>,
<linux-integrity@vger.kernel.org>,
<torvalds@linux-foundation.org>,
"Roberto Sassu" <roberto.sassu@huawei.com>
Subject: Re: [PATCH v3 03/14] PGPLIB: PGP definitions (RFC 9580)
Date: Thu, 12 Sep 2024 16:54:23 +0300 [thread overview]
Message-ID: <D44CUG76DIBS.31UGN7S3KFK74@kernel.org> (raw)
In-Reply-To: <20240911122911.1381864-4-roberto.sassu@huaweicloud.com>
On Wed Sep 11, 2024 at 3:29 PM EEST, Roberto Sassu wrote:
> From: David Howells <dhowells@redhat.com>
>
> Provide some useful PGP definitions from RFC 9580. These describe details
> of public key crypto as used by crypto keys for things like signature
> verification.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> crypto/asymmetric_keys/pgp.h | 216 +++++++++++++++++++++++++++++++++++
> 1 file changed, 216 insertions(+)
> create mode 100644 crypto/asymmetric_keys/pgp.h
>
> diff --git a/crypto/asymmetric_keys/pgp.h b/crypto/asymmetric_keys/pgp.h
> new file mode 100644
> index 000000000000..eaf0ab8e0373
> --- /dev/null
> +++ b/crypto/asymmetric_keys/pgp.h
> @@ -0,0 +1,216 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/* PGP definitions (RFC 9580)
> + *
> + * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
> + * Written by David Howells (dhowells@redhat.com)
> + */
> +
> +#include <linux/types.h>
> +
> +struct pgp_key_ID {
> + u8 id[8];
> +} __packed;
> +
> +struct pgp_time {
> + u8 time[4];
> +} __packed;
> +
> +/*
> + * PGP public-key algorithm identifiers [RFC 9580: 9.1]
Nicely done documentation, which is rare, i.e. tells what the thing is
and gives an easy to access reference. 0x1F44D for that.
> + */
> +enum pgp_pubkey_algo {
> + PGP_PUBKEY_RSA_ENC_OR_SIG = 1,
> + PGP_PUBKEY_RSA_ENC_ONLY = 2,
> + PGP_PUBKEY_RSA_SIG_ONLY = 3,
> + PGP_PUBKEY_ELGAMAL = 16,
> + PGP_PUBKEY_DSA = 17,
> + PGP_PUBKEY_ECDH = 18,
> + PGP_PUBKEY_ECDSA = 19,
> + PGP_PUBKEY_EDDSA_LEGACY = 22,
> + PGP_PUBKEY_X25519 = 25,
> + PGP_PUBKEY_X448 = 26,
> + PGP_PUBKEY_ED25519 = 27,
> + PGP_PUBKEY_ED448 = 28,
> + PGP_PUBKEY__LAST
> +};
> +
> +/*
> + * PGP symmetric-key algorithm identifiers [RFC 9580: 9.3]
> + */
> +enum pgp_symkey_algo {
> + PGP_SYMKEY_PLAINTEXT = 0,
> + PGP_SYMKEY_IDEA = 1,
> + PGP_SYMKEY_3DES = 2,
> + PGP_SYMKEY_CAST5 = 3,
> + PGP_SYMKEY_BLOWFISH = 4,
> + PGP_SYMKEY_AES_128KEY = 7,
> + PGP_SYMKEY_AES_192KEY = 8,
> + PGP_SYMKEY_AES_256KEY = 9,
> + PGP_SYMKEY_TWOFISH_256KEY = 10,
> + PGP_SYMKEY_CAMELIA_128KEY = 11,
> + PGP_SYMKEY_CAMELIA_192KEY = 12,
> + PGP_SYMKEY_CAMELIA_256KEY = 13,
> + PGP_SYMKEY__LAST
> +};
> +
> +/*
> + * PGP compression algorithm identifiers [RFC 9580: 9.4]
> + */
> +enum pgp_compr_algo {
> + PGP_COMPR_UNCOMPRESSED = 0,
> + PGP_COMPR_ZIP = 1,
> + PGP_COMPR_ZLIB = 2,
> + PGP_COMPR_BZIP2 = 3,
> + PGP_COMPR__LAST
> +};
> +
> +/*
> + * PGP hash algorithm identifiers [RFC 9580: 9.4]
> + */
> +enum pgp_hash_algo {
> + PGP_HASH_MD5 = 1,
> + PGP_HASH_SHA1 = 2,
> + PGP_HASH_RIPE_MD_160 = 3,
> + PGP_HASH_SHA256 = 8,
> + PGP_HASH_SHA384 = 9,
> + PGP_HASH_SHA512 = 10,
> + PGP_HASH_SHA224 = 11,
> + PGP_HASH_SHA3_256 = 12,
> + PGP_HASH_SHA3_512 = 14,
> + PGP_HASH__LAST
> +};
> +
/*
* doc
*/
> +extern const char *const pgp_hash_algorithms[PGP_HASH__LAST];
> +
> +/*
> + * PGP packet type tags [RFC 9580: 5].
> + */
> +enum pgp_packet_tag {
> + PGP_PKT_RESERVED = 0,
> + PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1,
> + PGP_PKT_SIGNATURE = 2,
> + PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3,
> + PGP_PKT_ONEPASS_SIGNATURE = 4,
> + PGP_PKT_SECRET_KEY = 5,
> + PGP_PKT_PUBLIC_KEY = 6,
> + PGP_PKT_SECRET_SUBKEY = 7,
> + PGP_PKT_COMPRESSED_DATA = 8,
> + PGP_PKT_SYM_ENC_DATA = 9,
> + PGP_PKT_MARKER = 10,
> + PGP_PKT_LITERAL_DATA = 11,
> + PGP_PKT_TRUST = 12,
> + PGP_PKT_USER_ID = 13,
> + PGP_PKT_PUBLIC_SUBKEY = 14,
> + PGP_PKT_USER_ATTRIBUTE = 17,
> + PGP_PKT_SYM_ENC_AND_INTEG_DATA = 18,
> + PGP_PKT_MODIFY_DETECT_CODE = 19,
> + PGP_PKT_PRIVATE_0 = 60,
> + PGP_PKT_PRIVATE_3 = 63,
> + PGP_PKT__HIGHEST = 63
> +};
> +
> +/*
> + * Signature (tag 2) packet [RFC 9580: 5.2].
> + */
> +enum pgp_signature_version {
> + PGP_SIG_VERSION_3 = 3,
> + PGP_SIG_VERSION_4 = 4,
> +};
> +
> +/*
> + * Signature types [RFC 9580: 5.2.1].
> + */
> +enum pgp_signature_type {
> + PGP_SIG_BINARY_DOCUMENT_SIG = 0x00,
> + PGP_SIG_CANONICAL_TEXT_DOCUMENT_SIG = 0x01,
> + PGP_SIG_STANDALONE_SIG = 0x02,
> + PGP_SIG_GENERAL_CERT_OF_UID_PUBKEY = 0x10,
> + PGP_SIG_PERSONAL_CERT_OF_UID_PUBKEY = 0x11,
> + PGP_SIG_CASUAL_CERT_OF_UID_PUBKEY = 0x12,
> + PGP_SIG_POSTITIVE_CERT_OF_UID_PUBKEY = 0x13,
> + PGP_SIG_SUBKEY_BINDING_SIG = 0x18,
> + PGP_SIG_PRIMARY_KEY_BINDING_SIG = 0x19,
> + PGP_SIG_DIRECTLY_ON_KEY = 0x1F,
> + PGP_SIG_KEY_REVOCATION_SIG = 0x20,
> + PGP_SIG_SUBKEY_REVOCATION_SIG = 0x28,
> + PGP_SIG_CERT_REVOCATION_SIG = 0x30,
> + PGP_SIG_TIMESTAMP_SIG = 0x40,
> + PGP_SIG_THIRD_PARTY_CONFIRM_SIG = 0x50,
> +};
> +
/*
* doc
*/
> +struct pgp_signature_v3_packet {
> + enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_3 */
> + u8 length_of_hashed; /* == 5 */
> + struct {
> + enum pgp_signature_type signature_type : 8;
> + struct pgp_time creation_time;
> + } __packed hashed;
> + struct pgp_key_ID issuer;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + enum pgp_hash_algo hash_algo : 8;
> +} __packed;
> +
/*
* doc
*/
> +struct pgp_signature_v4_packet {
> + enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_4 */
> + enum pgp_signature_type signature_type : 8;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + enum pgp_hash_algo hash_algo : 8;
> +} __packed;
> +
> +/*
> + * V4 signature subpacket types [RFC 9580: 5.2.3.7].
> + */
> +enum pgp_sig_subpkt_type {
> + PGP_SIG_CREATION_TIME = 2,
> + PGP_SIG_EXPIRATION_TIME = 3,
> + PGP_SIG_EXPORTABLE_CERT = 4,
> + PGP_SIG_TRUST_SIG = 5,
> + PGP_SIG_REGEXP = 6,
> + PGP_SIG_REVOCABLE = 7,
> + PGP_SIG_KEY_EXPIRATION_TIME = 9,
> + PGP_SIG_PREF_SYM_ALGO = 11,
> + PGP_SIG_REVOCATION_KEY = 12,
> + PGP_SIG_ISSUER = 16,
> + PGP_SIG_NOTATION_DATA = 20,
> + PGP_SIG_PREF_HASH_ALGO = 21,
> + PGP_SIG_PREF_COMPR_ALGO = 22,
> + PGP_SIG_KEY_SERVER_PREFS = 23,
> + PGP_SIG_PREF_KEY_SERVER = 24,
> + PGP_SIG_PRIMARY_USER_ID = 25,
> + PGP_SIG_POLICY_URI = 26,
> + PGP_SIG_KEY_FLAGS = 27,
> + PGP_SIG_SIGNERS_USER_ID = 28,
> + PGP_SIG_REASON_FOR_REVOCATION = 29,
> + PGP_SIG_FEATURES = 30,
> + PGP_SIG_TARGET = 31,
> + PGP_SIG_EMBEDDED_SIG = 32,
> + PGP_SIG_ISSUER_FINGERPRINT = 33,
> + PGP_SIG_INTENDED_RECIPIENT_FINGERPRINT = 35,
> + PGP_SIG_PREFERRED_AEAD_CIPHERS = 39,
> + PGP_SIG__LAST
> +};
> +
/*
* Documentation what is the critical mask.
*/
> +#define PGP_SIG_SUBPKT_TYPE_CRITICAL_MASK 0x80
> +
> +/*
> + * Key (tag 5, 6, 7 and 14) packet
> + */
> +enum pgp_key_version {
> + PGP_KEY_VERSION_4 = 4,
> +};
> +
/*
* doc
*/
> +struct pgp_key_v4_packet {
> + enum pgp_key_version version : 8;
> + struct pgp_time creation_time;
> + enum pgp_pubkey_algo pubkey_algo : 8;
> + u8 key_material[];
> +} __packed;
> +
> +/*
> + * Literal Data (tag 11) packet
> + */
> +enum pgp_literal_data_format {
> + PGP_LIT_FORMAT_BINARY = 0x62,
> + PGP_LIT_FORMAT_TEXT = 0x74,
> + PGP_LIT_FORMAT_TEXT_UTF8 = 0x75,
> +};
BR, Jarkko
next prev parent reply other threads:[~2024-09-12 13:54 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 12:28 [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Roberto Sassu
2024-09-11 12:28 ` [PATCH v3 01/14] mpi: Introduce mpi_key_length() Roberto Sassu
2024-09-12 13:26 ` Jarkko Sakkinen
2024-09-11 12:28 ` [PATCH v3 02/14] rsa: add parser of raw format Roberto Sassu
2024-09-12 13:33 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 03/14] PGPLIB: PGP definitions (RFC 9580) Roberto Sassu
2024-09-12 13:54 ` Jarkko Sakkinen [this message]
2024-09-11 12:29 ` [PATCH v3 04/14] PGPLIB: Basic packet parser Roberto Sassu
2024-09-12 13:57 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 05/14] PGPLIB: Signature parser Roberto Sassu
2024-09-12 13:58 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 06/14] KEYS: PGP data parser Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 07/14] KEYS: Provide PGP key description autogeneration Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 08/14] KEYS: PGP-based public key signature verification Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 09/14] KEYS: Retry asym key search with partial ID in restrict_link_by_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 10/14] KEYS: Calculate key digest and get signature of the key Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 11/14] verification: introduce verify_pgp_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 12/14] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 13/14] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 14/14] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2024-09-13 4:45 ` [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Herbert Xu
2024-09-13 8:30 ` Roberto Sassu
2024-09-13 9:00 ` Herbert Xu
2024-09-15 7:11 ` Linus Torvalds
2024-09-15 8:07 ` Herbert Xu
2024-09-15 8:40 ` Linus Torvalds
2024-09-15 9:15 ` Herbert Xu
2024-09-15 9:31 ` Herbert Xu
2024-09-15 17:52 ` Roberto Sassu
2024-09-17 11:27 ` Dr. Greg
2024-09-26 9:41 ` Roberto Sassu
2024-09-27 1:25 ` Dr. Greg
2024-10-04 10:42 ` Roberto Sassu
2024-09-15 10:51 ` Roberto Sassu
2024-09-13 9:32 ` David Howells
2024-09-13 10:46 ` Ard Biesheuvel
2024-09-14 11:29 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D44CUG76DIBS.31UGN7S3KFK74@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).