2009-09-30 17:28:38 +02:00
|
|
|
|
/* keyblob.h - Defs to describe a keyblob
|
|
|
|
|
* Copyright (C) 2009 Free Software Foundation, Inc.
|
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2009-09-30 17:28:38 +02:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef G13_KEYBLOB_H
|
|
|
|
|
#define G13_KEYBLOB_H
|
|
|
|
|
|
2015-10-21 08:38:10 +02:00
|
|
|
|
/* The setup area (header block) is the actual core of G13. Here is
|
|
|
|
|
the format:
|
2009-09-30 17:28:38 +02:00
|
|
|
|
|
|
|
|
|
u8 Packet type. Value is 61 (0x3d).
|
|
|
|
|
u8 Constant value 255 (0xff).
|
|
|
|
|
u32 Length of the following structure
|
|
|
|
|
b10 Value: "GnuPG/G13\x00".
|
|
|
|
|
u8 Version. Value is 1.
|
|
|
|
|
u8 reserved
|
|
|
|
|
u8 reserved
|
2015-10-21 08:38:10 +02:00
|
|
|
|
u8 OS Flag: 0 = unspecified, 1 = Linux
|
2009-09-30 17:28:38 +02:00
|
|
|
|
u32 Length of the entire header. This includes all bytes
|
|
|
|
|
starting at the packet type and ending with the last
|
|
|
|
|
padding byte of the header.
|
2011-02-04 12:57:53 +01:00
|
|
|
|
u8 Number of copies of this header (1..255).
|
|
|
|
|
u8 Number of copies of this header at the end of the
|
2009-09-30 17:28:38 +02:00
|
|
|
|
container (usually 0).
|
|
|
|
|
b6 reserved
|
2015-10-21 08:38:10 +02:00
|
|
|
|
n bytes: OpenPGP encrypted and optionally signed keyblob.
|
|
|
|
|
n bytes: CMS encrypted and optionally signed keyblob. Such a CMS
|
|
|
|
|
packet will be enclosed in a private flagged OpenPGP
|
2009-09-30 17:28:38 +02:00
|
|
|
|
packet. Either the OpenPGP encrypted packet as described
|
|
|
|
|
above, the CMS encrypted or both packets must exist. The
|
|
|
|
|
encapsulation packet has this structure:
|
|
|
|
|
u8 Packet type. Value is 61 (0x3d).
|
|
|
|
|
u8 Constant value 255 (0xff).
|
|
|
|
|
u32 Length of the following structure
|
|
|
|
|
b10 Value: "GnuPG/CMS\x00".
|
|
|
|
|
b(n) Regular CMS structure.
|
|
|
|
|
n bytes: Padding. The structure resembles an OpenPGP packet.
|
|
|
|
|
u8 Packet type. Value is 61 (0x3d).
|
|
|
|
|
u8 Constant value 255 (0xff).
|
|
|
|
|
u32 Length of the following structure
|
|
|
|
|
b10 Value: "GnuPG/PAD\x00".
|
|
|
|
|
b(n) Padding stuff.
|
2015-10-21 08:38:10 +02:00
|
|
|
|
(repeat the above value
|
|
|
|
|
or if the remaining N < 10, all 0x00).
|
2009-09-30 17:28:38 +02:00
|
|
|
|
Given this structure the minimum padding is 16 bytes.
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2009-09-30 17:28:38 +02:00
|
|
|
|
n bytes: File system container.
|
|
|
|
|
(optionally followed by copies on the header).
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_BLOBVERSION 0
|
|
|
|
|
/* This tag is used to describe the version of the keyblob. It must
|
2009-10-13 21:17:24 +02:00
|
|
|
|
be the first tag in a keyblob and may only occur once. Its value
|
|
|
|
|
is a single byte giving the blob version. The only defined version
|
|
|
|
|
is 1. */
|
2009-09-30 17:28:38 +02:00
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_CONTTYPE 1
|
|
|
|
|
/* This tag gives the type of the container. The value is a two byte
|
|
|
|
|
big endian integer giving the type of the container as described by
|
|
|
|
|
the CONTTYPE_ constants. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_DETACHED 2
|
|
|
|
|
/* Indicates that the actual storage is not in the same file as the
|
|
|
|
|
keyblob. If a value is given it is expected to be the GUID of the
|
|
|
|
|
partition. */
|
|
|
|
|
|
2015-10-21 08:38:10 +02:00
|
|
|
|
#define KEYBLOB_TAG_CREATED 3
|
|
|
|
|
/* This is an ISO 8601 time string with the date the container was
|
|
|
|
|
created. */
|
|
|
|
|
|
2016-02-11 13:59:19 +01:00
|
|
|
|
#define KEYBLOB_TAG_CONT_NSEC 7
|
|
|
|
|
/* Number of 512-byte sectors of the entire container including all
|
|
|
|
|
copies of the setup area. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_ENC_NSEC 8
|
|
|
|
|
#define KEYBLOB_TAG_ENC_OFF 9
|
|
|
|
|
/* Number of 512-byte sectors used for the encrypted data and its
|
|
|
|
|
start offset in 512-byte sectors from the begin of the container.
|
|
|
|
|
Note that these information can also be deduced from the
|
|
|
|
|
unencrypted part of the setup area. */
|
|
|
|
|
|
2015-10-21 08:38:10 +02:00
|
|
|
|
#define KEYBLOB_TAG_ALGOSTR 10
|
|
|
|
|
/* For a dm-crypt container this is the used algorithm string. For
|
|
|
|
|
example: "aes-cbc-essiv:sha256". */
|
|
|
|
|
|
2009-09-30 17:28:38 +02:00
|
|
|
|
#define KEYBLOB_TAG_KEYNO 16
|
|
|
|
|
/* This tag indicates a new key. The value is a 4 byte big endian
|
|
|
|
|
integer giving the key number. If the container type does only
|
|
|
|
|
need one key this key number should be 0. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_ENCALGO 17
|
|
|
|
|
/* Describes the algorithm of the key. It must follow a KEYNO tag.
|
|
|
|
|
The value is a 2 byte big endian algorithm number. The algorithm
|
|
|
|
|
numbers used are those from Libgcrypt (e.g. AES 128 is described by
|
|
|
|
|
the value 7). This tag is optional. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_ENCKEY 18
|
|
|
|
|
/* This tag gives the actual encryption key. It must follow a KEYNO
|
|
|
|
|
tag. The value is the plain key. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_MACALGO 19
|
|
|
|
|
/* Describes the MAC algorithm. It must follow a KEYNO tag. The
|
|
|
|
|
value is a 2 byte big endian algorithm number describing the MAC
|
|
|
|
|
algorithm with a value of 1 indicating HMAC. It is followed by
|
|
|
|
|
data specific to the MAC algorithm. In case of HMAC this data is a
|
|
|
|
|
2 byte big endian integer with the Libgcrypt algorithm id of the
|
|
|
|
|
hash algorithm. */
|
|
|
|
|
|
|
|
|
|
#define KEYBLOB_TAG_MACKEY 20
|
|
|
|
|
/* This tag gives the actual MACing key. It must follow a KEYNO tag.
|
|
|
|
|
The value is the key used for MACing. */
|
|
|
|
|
|
|
|
|
|
|
2015-10-21 08:38:10 +02:00
|
|
|
|
#define KEYBLOB_TAG_HDRCOPY 21
|
|
|
|
|
/* The value of this tag is a copy of the setup area prefix header
|
|
|
|
|
block (packet 61 with marker "GnuPG/G13\x00". We use it to allow
|
|
|
|
|
signing of that cleartext data. */
|
|
|
|
|
|
2009-09-30 17:28:38 +02:00
|
|
|
|
#define KEYBLOB_TAG_FILLER 0xffff
|
2015-10-21 08:38:10 +02:00
|
|
|
|
/* This tag may be used for alignment and padding purposes. The value
|
2009-09-30 17:28:38 +02:00
|
|
|
|
has no meaning. */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define CONTTYPE_ENCFS 1
|
|
|
|
|
/* A EncFS based backend. This requires a whole directory which
|
|
|
|
|
includes the encrypted files. Metadata is not encrypted. */
|
|
|
|
|
|
2015-09-09 15:14:20 +02:00
|
|
|
|
#define CONTTYPE_DM_CRYPT 2
|
|
|
|
|
/* A DM-Crypt based backend. */
|
|
|
|
|
|
2009-09-30 17:28:38 +02:00
|
|
|
|
|
|
|
|
|
#define CONTTYPE_TRUECRYPT 21571
|
|
|
|
|
/* A Truecrypt (www.truecrypt.org) based container. Due to the design
|
|
|
|
|
of truecrypt this requires a second datafile because it is not
|
2015-09-09 15:14:20 +02:00
|
|
|
|
possible to prepend a truecrypt container with our keyblob. */
|
2009-09-30 17:28:38 +02:00
|
|
|
|
|
|
|
|
|
|
2016-02-23 14:32:46 +01:00
|
|
|
|
|
|
|
|
|
/*-- keyblob.c --*/
|
|
|
|
|
gpg_error_t g13_is_container (ctrl_t ctrl, const char *filename);
|
|
|
|
|
gpg_error_t g13_keyblob_read (const char *filename,
|
|
|
|
|
void **r_enckeyblob, size_t *r_enckeybloblen);
|
|
|
|
|
|
2009-09-30 17:28:38 +02:00
|
|
|
|
|
|
|
|
|
#endif /*G13_KEYBLOB_H*/
|