src/misc/update.h

   1 /*****************************************************************************
   2  * update.h: VLC PGP update private API
   3  *****************************************************************************
   4  * Copyright © 2007-2008 VLC authors and VideoLAN
   5  *
   6  * Authors: Rafaël Carré <funman@videolanorg>
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU Lesser General Public License as published by
  10  * the Free Software Foundation; either release 2 of the License, or
  11  * (at your option) any later release.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public License
  19  * along with this program; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  21  *****************************************************************************/
  22
  23 /* Go reading the rfc 4880 ! NOW !! */
  24
  25 /*
  26  * XXX
  27  *  When PGP-signing a file, we only sign a SHA-1 hash of this file
  28  *  The DSA key size requires that we use an algorithm which produce
  29  *  a 160 bits long hash
  30  *  An alternative is RIPEMD160 , which you can use by giving the option
  31  *      --digest-algo RIPEMD160 to GnuPG
  32  *
  33  *  As soon as SHA-1 is broken, this method is not secure anymore, because an
  34  *  attacker could generate a file with the same SHA-1 hash.
  35  *
  36  *  Whenever this happens, we need to use another algorithm / type of key.
  37  * XXX
  38  */
  39
  40 #include <vlc_update.h>
  41 #include <vlc_atomic.h>
  42
  43 enum    /* Public key algorithms */
  44 {
  45     /* we will only use DSA public keys */
  46     PUBLIC_KEY_ALGO_DSA = 0x11
  47 };
  48
  49 enum    /* Digest algorithms */
  50 {
  51     /* and DSA use SHA-1 digest */
  52     DIGEST_ALGO_SHA1    = 0x02
  53 };
  54
  55 enum    /* Packet types */
  56 {
  57     SIGNATURE_PACKET    = 0x02,
  58     PUBLIC_KEY_PACKET   = 0x06,
  59     USER_ID_PACKET      = 0x0d
  60 };
  61
  62 enum    /* Signature types */
  63 {
  64     BINARY_SIGNATURE        = 0x00,
  65     TEXT_SIGNATURE          = 0x01,
  66
  67     /* Public keys signatures */
  68     GENERIC_KEY_SIGNATURE   = 0x10, /* No assumption of verification */
  69     PERSONA_KEY_SIGNATURE   = 0x11, /* No verification has been made */
  70     CASUAL_KEY_SIGNATURE    = 0x12, /* Some casual verification */
  71     POSITIVE_KEY_SIGNATURE  = 0x13  /* Substantial verification */
  72 };
  73
  74 enum    /* Signature subpacket types */
  75 {
  76     ISSUER_SUBPACKET    = 0x10
  77 };
  78
  79 struct public_key_packet_t
  80 { /* a public key packet (DSA/SHA-1) is 418 bytes */
  81
  82     uint8_t version;      /* we use only version 4 */
  83     uint8_t timestamp[4]; /* creation time of the key */
  84     uint8_t algo;         /* we only use DSA */
  85     /* the multi precision integers, with their 2 bytes length header */
  86     uint8_t p[2+128];
  87     uint8_t q[2+20];
  88     uint8_t g[2+128];
  89     uint8_t y[2+128];
  90 };
  91
  92 /* used for public key and file signatures */
  93 struct signature_packet_t
  94 {
  95     uint8_t version; /* 3 or 4 */
  96
  97     uint8_t type;
  98     uint8_t public_key_algo;    /* DSA only */
  99     uint8_t digest_algo;        /* SHA-1 only */
 100
 101     uint8_t hash_verification[2];
 102     uint8_t issuer_longid[8];
 103
 104     union   /* version specific data */
 105     {
 106         struct
 107         {
 108             uint8_t hashed_data_len[2];     /* scalar number */
 109             uint8_t *hashed_data;           /* hashed_data_len bytes */
 110             uint8_t unhashed_data_len[2];   /* scalar number */
 111             uint8_t *unhashed_data;         /* unhashed_data_len bytes */
 112         } v4;
 113         struct
 114         {
 115             uint8_t hashed_data_len;    /* MUST be 5 */
 116             uint8_t timestamp[4];       /* 4 bytes scalar number */
 117         } v3;
 118     } specific;
 119
 120 /* The part below is made of consecutive MPIs, their number and size being
 121  * public-key-algorithm dependent.
 122  *
 123  * Since we use DSA signatures only, there is 2 integers, r & s, made of:
 124  *      2 bytes for the integer length (scalar number)
 125  *      160 bits (20 bytes) for the integer itself
 126  *
 127  * Note: the integers may be less than 160 significant bits
 128  */
 129     uint8_t r[2+20];
 130     uint8_t s[2+20];
 131 };
 132
 133 typedef struct public_key_packet_t public_key_packet_t;
 134 typedef struct signature_packet_t signature_packet_t;
 135
 136 struct public_key_t
 137 {
 138     uint8_t longid[8];       /* Long id */
 139     uint8_t *psz_username;    /* USER ID */
 140
 141     public_key_packet_t key;       /* Public key packet */
 142
 143     signature_packet_t sig;     /* Signature packet, by the embedded key */
 144 };
 145
 146 typedef struct public_key_t public_key_t;
 147
 148 /**
 149  * Non blocking binary download
 150  */
 151 typedef struct
 152 {
 153     VLC_COMMON_MEMBERS
 154
 155     vlc_thread_t thread;
 156     atomic_bool aborted;
 157     update_t *p_update;
 158     char *psz_destdir;
 159 } update_download_thread_t;
 160
 161 /**
 162  * Non blocking update availability verification
 163  */
 164 typedef struct
 165 {
 166     vlc_thread_t thread;
 167
 168     update_t *p_update;
 169     void (*pf_callback)( void *, bool );
 170     void *p_data;
 171 } update_check_thread_t;
 172
 173 /**
 174  * The update object. Stores (and caches) all information relative to updates
 175  */
 176 struct update_t
 177 {
 178     libvlc_int_t *p_libvlc;
 179     vlc_mutex_t lock;
 180     struct update_release_t release;    ///< Release (version)
 181     public_key_t *p_pkey;
 182     update_download_thread_t *p_download;
 183     update_check_thread_t *p_check;
 184 };
 185
 186 /*
 187  * download a public key (the last one) from videolan server, and parse it
 188  */
 189 public_key_t *
 190 download_key(
 191         vlc_object_t *p_this, const uint8_t *p_longid,
 192         const uint8_t *p_signature_issuer );
 193
 194 /*
 195  * fill a public_key_t with public key data, including:
 196  *   * public key packet
 197  *   * signature packet issued by key which long id is p_sig_issuer
 198  *   * user id packet
 199  */
 200 int
 201 parse_public_key(
 202         const uint8_t *p_key_data, size_t i_key_len, public_key_t *p_key,
 203         const uint8_t *p_sig_issuer );
 204
 205 /*
 206  * Verify an OpenPGP signature made on some SHA-1 hash, with some DSA public key
 207  */
 208 int
 209 verify_signature(
 210         uint8_t *p_r, uint8_t *p_s, public_key_packet_t *p_key,
 211         uint8_t *p_hash );
 212
 213 /*
 214  * Download the signature associated to a document or a binary file.
 215  * We're given the file's url, we just append ".asc" to it and download
 216  */
 217 int
 218 download_signature(
 219         vlc_object_t *p_this, signature_packet_t *p_sig, const char *psz_url );
 220
 221 /*
 222  * return a sha1 hash of a text
 223  */
 224 uint8_t *
 225 hash_sha1_from_text(
 226         const char *psz_text, signature_packet_t *p_sig );
 227
 228 /*
 229  * return a sha1 hash of a file
 230  */
 231 uint8_t *
 232 hash_sha1_from_file(
 233         const char *psz_file, signature_packet_t *p_sig );
 234
 235 /*
 236  * return a sha1 hash of a public key
 237  */
 238 uint8_t *
 239 hash_sha1_from_public_key( public_key_t *p_pkey );
 240