search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
removed unused variables.
[gnutls.git] / lib / opencdk / opencdk.h
blob757feb3ba889466efe9a5d336577806e31781808
1 /* opencdk.h - Open Crypto Development Kit (OpenCDK)
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Timo Schulz
5 *
6 * This file is part of OpenCDK.
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifndef OPENCDK_H
24 #define OPENCDK_H
25
26 #include <config.h>
27 #include <gnutls_int.h>
28 #include <stddef.h> /* for size_t */
29 #include <stdarg.h>
30 #include <gnutls_mem.h>
31 #include <gnutls/gnutls.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_hash_int.h>
34
35 /* The OpenCDK version as a string. */
36 #define OPENCDK_VERSION "0.6.6"
37
38 /* The OpenCDK version as integer components major.minor.path */
39 #define OPENCDK_VERSION_MAJOR 0
40 #define OPENCDK_VERSION_MINOR 6
41 #define OPENCDK_VERSION_PATCH 6
42
43 #ifdef __cplusplus
44 extern "C"
45 {
46 #endif
47
48 /* General contexts */
49
50 /* 'Session' handle to support the various options and run-time
51 information. */
52 struct cdk_ctx_s;
53 typedef struct cdk_ctx_s *cdk_ctx_t;
54
55 /* A generic context to store list of strings. */
56 struct cdk_strlist_s;
57 typedef struct cdk_strlist_s *cdk_strlist_t;
58
59 /* Context used to list keys of a keyring. */
60 struct cdk_listkey_s;
61 typedef struct cdk_listkey_s *cdk_listkey_t;
62
63 /* Opaque String to Key (S2K) handle. */
64 struct cdk_s2k_s;
65 typedef struct cdk_s2k_s *cdk_s2k_t;
66
67 /* Abstract I/O object, a stream, which is used for most operations. */
68 struct cdk_stream_s;
69 typedef struct cdk_stream_s *cdk_stream_t;
70
71 /* Opaque handle for the user ID preferences. */
72 struct cdk_prefitem_s;
73 typedef struct cdk_prefitem_s *cdk_prefitem_t;
74
75 /* Node to store a single key node packet. */
76 struct cdk_kbnode_s;
77 typedef struct cdk_kbnode_s *cdk_kbnode_t;
78
79 /* Key database handle. */
80 struct cdk_keydb_hd_s;
81 typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
82
83 struct cdk_keydb_search_s;
84 typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
85
86 /* Context to store a list of recipient keys. */
87 struct cdk_keylist_s;
88 typedef struct cdk_keylist_s *cdk_keylist_t;
89
90 /* Context to encapsulate a single sub packet of a signature. */
91 struct cdk_subpkt_s;
92 typedef struct cdk_subpkt_s *cdk_subpkt_t;
93
94 /* Context used to generate key pairs. */
95 struct cdk_keygen_ctx_s;
96 typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
97
98 /* Handle for a single designated revoker. */
99 struct cdk_desig_revoker_s;
100 typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
101
102 /* Alias for backward compatibility. */
103 typedef bigint_t cdk_mpi_t;
104
105
106 /* All valid error constants. */
107 typedef enum
108 {
109 CDK_EOF = -1,
110 CDK_Success = 0,
111 CDK_General_Error = 1,
112 CDK_File_Error = 2,
113 CDK_Bad_Sig = 3,
114 CDK_Inv_Packet = 4,
115 CDK_Inv_Algo = 5,
116 CDK_Not_Implemented = 6,
117 CDK_Armor_Error = 8,
118 CDK_Armor_CRC_Error = 9,
119 CDK_MPI_Error = 10,
120 CDK_Inv_Value = 11,
121 CDK_Error_No_Key = 12,
122 CDK_Chksum_Error = 13,
123 CDK_Time_Conflict = 14,
124 CDK_Zlib_Error = 15,
125 CDK_Weak_Key = 16,
126 CDK_Out_Of_Core = 17,
127 CDK_Wrong_Seckey = 18,
128 CDK_Bad_MDC = 19,
129 CDK_Inv_Mode = 20,
130 CDK_Error_No_Keyring = 21,
131 CDK_Wrong_Format = 22,
132 CDK_Inv_Packet_Ver = 23,
133 CDK_Too_Short = 24,
134 CDK_Unusable_Key = 25,
135 CDK_No_Data = 26,
136 CDK_No_Passphrase = 27,
137 CDK_Network_Error = 28
138 } cdk_error_t;
139
140
141 enum cdk_control_flags
142 {
143 CDK_CTLF_SET = 0, /* Value to set an option */
144 CDK_CTLF_GET = 1, /* Value to get an option */
145 CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
146 CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
147 CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
148 CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
149 CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
150 CDK_CTL_S2K = 16, /* Option to set S2K values. */
151 CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
152 CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
153 };
154
155
156 /* Specifies all valid log levels. */
157 enum cdk_log_level_t
158 {
159 CDK_LOG_NONE = 0, /* No log message will be shown. */
160 CDK_LOG_INFO = 1,
161 CDK_LOG_DEBUG = 2,
162 CDK_LOG_DEBUG_PKT = 3
163 };
164
165
166 /* All valid compression algorithms in OpenPGP */
167 enum cdk_compress_algo_t
168 {
169 CDK_COMPRESS_NONE = 0,
170 CDK_COMPRESS_ZIP = 1,
171 CDK_COMPRESS_ZLIB = 2,
172 CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
173 };
174
175 /* All valid public key algorithms valid in OpenPGP */
176 enum cdk_pubkey_algo_t
177 {
178 CDK_PK_UNKNOWN = 0,
179 CDK_PK_RSA = 1,
180 CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
181 CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
182 CDK_PK_ELG_E = 16,
183 CDK_PK_DSA = 17
184 };
185
186 /* The valid 'String-To-Key' modes */
187 enum cdk_s2k_type_t
188 {
189 CDK_S2K_SIMPLE = 0,
190 CDK_S2K_SALTED = 1,
191 CDK_S2K_ITERSALTED = 3,
192 CDK_S2K_GNU_EXT = 101
193 /* GNU extensions: refer to DETAILS from GnuPG:
194 http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
195 */
196 };
197
198 /* The different kind of user ID preferences. */
199 enum cdk_pref_type_t
200 {
201 CDK_PREFTYPE_NONE = 0,
202 CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
203 CDK_PREFTYPE_HASH = 2, /* Message digests */
204 CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
205 };
206
207
208 /* All valid sub packet types. */
209 enum cdk_sig_subpacket_t
210 {
211 CDK_SIGSUBPKT_NONE = 0,
212 CDK_SIGSUBPKT_SIG_CREATED = 2,
213 CDK_SIGSUBPKT_SIG_EXPIRE = 3,
214 CDK_SIGSUBPKT_EXPORTABLE = 4,
215 CDK_SIGSUBPKT_TRUST = 5,
216 CDK_SIGSUBPKT_REGEXP = 6,
217 CDK_SIGSUBPKT_REVOCABLE = 7,
218 CDK_SIGSUBPKT_KEY_EXPIRE = 9,
219 CDK_SIGSUBPKT_PREFS_SYM = 11,
220 CDK_SIGSUBPKT_REV_KEY = 12,
221 CDK_SIGSUBPKT_ISSUER = 16,
222 CDK_SIGSUBPKT_NOTATION = 20,
223 CDK_SIGSUBPKT_PREFS_HASH = 21,
224 CDK_SIGSUBPKT_PREFS_ZIP = 22,
225 CDK_SIGSUBPKT_KS_FLAGS = 23,
226 CDK_SIGSUBPKT_PREF_KS = 24,
227 CDK_SIGSUBPKT_PRIMARY_UID = 25,
228 CDK_SIGSUBPKT_POLICY = 26,
229 CDK_SIGSUBPKT_KEY_FLAGS = 27,
230 CDK_SIGSUBPKT_SIGNERS_UID = 28,
231 CDK_SIGSUBPKT_REVOC_REASON = 29,
232 CDK_SIGSUBPKT_FEATURES = 30
233 };
234
235
236 /* All valid armor types. */
237 enum cdk_armor_type_t
238 {
239 CDK_ARMOR_MESSAGE = 0,
240 CDK_ARMOR_PUBKEY = 1,
241 CDK_ARMOR_SECKEY = 2,
242 CDK_ARMOR_SIGNATURE = 3,
243 CDK_ARMOR_CLEARSIG = 4
244 };
245
246 enum cdk_keydb_flag_t
247 {
248 /* Valid database search modes */
249 CDK_DBSEARCH_EXACT = 1, /* Exact string search */
250 CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
251 CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
252 CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
253 CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
254 CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
255 CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
256 /* Valid database types */
257 CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
258 CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
259 CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
260 };
261
262
263 /* All valid modes for cdk_data_transform() */
264 enum cdk_crypto_mode_t
265 {
266 CDK_CRYPTYPE_NONE = 0,
267 CDK_CRYPTYPE_ENCRYPT = 1,
268 CDK_CRYPTYPE_DECRYPT = 2,
269 CDK_CRYPTYPE_SIGN = 3,
270 CDK_CRYPTYPE_VERIFY = 4,
271 CDK_CRYPTYPE_EXPORT = 5,
272 CDK_CRYPTYPE_IMPORT = 6
273 };
274
275 #define CDK_KEY_USG_ENCR (CDK_KEY_USG_COMM_ENCR | CDK_KEY_USG_STORAGE_ENCR)
276 #define CDK_KEY_USG_SIGN (CDK_KEY_USG_DATA_SIGN | CDK_KEY_USG_CERT_SIGN)
277 /* A list of valid public key usages. */
278 enum cdk_key_usage_t
279 {
280 CDK_KEY_USG_CERT_SIGN = 1,
281 CDK_KEY_USG_DATA_SIGN = 2,
282 CDK_KEY_USG_COMM_ENCR = 4,
283 CDK_KEY_USG_STORAGE_ENCR = 8,
284 CDK_KEY_USG_SPLIT_KEY = 16,
285 CDK_KEY_USG_AUTH = 32,
286 CDK_KEY_USG_SHARED_KEY = 128
287 };
288
289
290 /* Valid flags for keys. */
291 enum cdk_key_flag_t
292 {
293 CDK_KEY_VALID = 0,
294 CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
295 CDK_KEY_EXPIRED = 2, /* Key is expired. */
296 CDK_KEY_REVOKED = 4, /* Key has been revoked. */
297 CDK_KEY_NOSIGNER = 8
298 };
299
300
301 /* Trust values and flags for keys and user IDs */
302 enum cdk_trust_flag_t
303 {
304 CDK_TRUST_UNKNOWN = 0,
305 CDK_TRUST_EXPIRED = 1,
306 CDK_TRUST_UNDEFINED = 2,
307 CDK_TRUST_NEVER = 3,
308 CDK_TRUST_MARGINAL = 4,
309 CDK_TRUST_FULLY = 5,
310 CDK_TRUST_ULTIMATE = 6,
311 /* trust flags */
312 CDK_TFLAG_REVOKED = 32,
313 CDK_TFLAG_SUB_REVOKED = 64,
314 CDK_TFLAG_DISABLED = 128
315 };
316
317
318 /* Signature states and the signature modes. */
319 enum cdk_signature_stat_t
320 {
321 /* Signature status */
322 CDK_SIGSTAT_NONE = 0,
323 CDK_SIGSTAT_GOOD = 1,
324 CDK_SIGSTAT_BAD = 2,
325 CDK_SIGSTAT_NOKEY = 3,
326 CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
327 /* FIXME: We need indicators for revoked/expires signatures. */
328
329 /* Signature modes */
330 CDK_SIGMODE_NORMAL = 100,
331 CDK_SIGMODE_DETACHED = 101,
332 CDK_SIGMODE_CLEAR = 102
333 };
334
335
336 /* Key flags. */
337 typedef enum
338 {
339 CDK_FLAG_KEY_REVOKED = 256,
340 CDK_FLAG_KEY_EXPIRED = 512,
341 CDK_FLAG_SIG_EXPIRED = 1024
342 } cdk_key_flags_t;
343
344
345 /* Possible format for the literal data. */
346 typedef enum
347 {
348 CDK_LITFMT_BINARY = 0,
349 CDK_LITFMT_TEXT = 1,
350 CDK_LITFMT_UNICODE = 2
351 } cdk_lit_format_t;
352
353 /* Valid OpenPGP packet types and their IDs */
354 typedef enum
355 {
356 CDK_PKT_RESERVED = 0,
357 CDK_PKT_PUBKEY_ENC = 1,
358 CDK_PKT_SIGNATURE = 2,
359 CDK_PKT_ONEPASS_SIG = 4,
360 CDK_PKT_SECRET_KEY = 5,
361 CDK_PKT_PUBLIC_KEY = 6,
362 CDK_PKT_SECRET_SUBKEY = 7,
363 CDK_PKT_COMPRESSED = 8,
364 CDK_PKT_MARKER = 10,
365 CDK_PKT_LITERAL = 11,
366 CDK_PKT_RING_TRUST = 12,
367 CDK_PKT_USER_ID = 13,
368 CDK_PKT_PUBLIC_SUBKEY = 14,
369 CDK_PKT_OLD_COMMENT = 16,
370 CDK_PKT_ATTRIBUTE = 17,
371 CDK_PKT_MDC = 19
372 } cdk_packet_type_t;
373
374 /* Define the maximal number of multiprecion integers for
375 a public key. */
376 #define MAX_CDK_PK_PARTS 4
377
378 /* Define the maximal number of multiprecision integers for
379 a signature/encrypted blob issued by a secret key. */
380 #define MAX_CDK_DATA_PARTS 2
381
382
383 /* Helper macro to figure out if the packet is encrypted */
384 #define CDK_PKT_IS_ENCRYPTED(pkttype) (\
385 ((pkttype)==CDK_PKT_ENCRYPTED_MDC) \
386 || ((pkttype)==CDK_PKT_ENCRYPTED))
387
388
389 struct cdk_pkt_signature_s
390 {
391 unsigned char version;
392 unsigned char sig_class;
393 unsigned int timestamp;
394 unsigned int expiredate;
395 unsigned int keyid[2];
396 unsigned char pubkey_algo;
397 unsigned char digest_algo;
398 unsigned char digest_start[2];
399 unsigned short hashed_size;
400 cdk_subpkt_t hashed;
401 unsigned short unhashed_size;
402 cdk_subpkt_t unhashed;
403 bigint_t mpi[MAX_CDK_DATA_PARTS];
404 cdk_desig_revoker_t revkeys;
405 struct
406 {
407 unsigned exportable:1;
408 unsigned revocable:1;
409 unsigned policy_url:1;
410 unsigned notation:1;
411 unsigned expired:1;
412 unsigned checked:1;
413 unsigned valid:1;
414 unsigned missing_key:1;
415 } flags;
416 unsigned int key[2]; /* only valid for key signatures */
417 };
418 typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
419
420
421 struct cdk_pkt_userid_s
422 {
423 unsigned int len;
424 unsigned is_primary:1;
425 unsigned is_revoked:1;
426 unsigned mdc_feature:1;
427 cdk_prefitem_t prefs;
428 size_t prefs_size;
429 unsigned char *attrib_img; /* Tag 17 if not null */
430 size_t attrib_len;
431 cdk_pkt_signature_t selfsig;
432 char *name;
433 };
434 typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
435
436
437 struct cdk_pkt_pubkey_s
438 {
439 unsigned char version;
440 unsigned char pubkey_algo;
441 unsigned char fpr[20];
442 unsigned int keyid[2];
443 unsigned int main_keyid[2];
444 unsigned int timestamp;
445 unsigned int expiredate;
446 bigint_t mpi[MAX_CDK_PK_PARTS];
447 unsigned is_revoked:1;
448 unsigned is_invalid:1;
449 unsigned has_expired:1;
450 int pubkey_usage;
451 cdk_pkt_userid_t uid;
452 cdk_prefitem_t prefs;
453 size_t prefs_size;
454 cdk_desig_revoker_t revkeys;
455 };
456 typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
457
458 /* Alias to define a generic public key context. */
459 typedef cdk_pkt_pubkey_t cdk_pubkey_t;
460
461
462 struct cdk_pkt_seckey_s
463 {
464 cdk_pkt_pubkey_t pk;
465 unsigned int expiredate;
466 int version;
467 int pubkey_algo;
468 unsigned int keyid[2];
469 unsigned int main_keyid[2];
470 unsigned char s2k_usage;
471 struct
472 {
473 unsigned char algo;
474 unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
475 cdk_s2k_t s2k;
476 unsigned char iv[16];
477 unsigned char ivlen;
478 } protect;
479 unsigned short csum;
480 bigint_t mpi[MAX_CDK_PK_PARTS];
481 unsigned char *encdata;
482 size_t enclen;
483 unsigned char is_protected;
484 unsigned is_primary:1;
485 unsigned has_expired:1;
486 unsigned is_revoked:1;
487 };
488 typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
489
490 /* Alias to define a generic secret key context. */
491 typedef cdk_pkt_seckey_t cdk_seckey_t;
492
493
494 struct cdk_pkt_onepass_sig_s
495 {
496 unsigned char version;
497 unsigned int keyid[2];
498 unsigned char sig_class;
499 unsigned char digest_algo;
500 unsigned char pubkey_algo;
501 unsigned char last;
502 };
503 typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
504
505
506 struct cdk_pkt_pubkey_enc_s
507 {
508 unsigned char version;
509 unsigned int keyid[2];
510 int throw_keyid;
511 unsigned char pubkey_algo;
512 bigint_t mpi[MAX_CDK_DATA_PARTS];
513 };
514 typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
515
516 struct cdk_pkt_encrypted_s
517 {
518 unsigned int len;
519 int extralen;
520 unsigned char mdc_method;
521 cdk_stream_t buf;
522 };
523 typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
524
525
526 struct cdk_pkt_mdc_s
527 {
528 unsigned char hash[20];
529 };
530 typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
531
532
533 struct cdk_pkt_literal_s
534 {
535 unsigned int len;
536 cdk_stream_t buf;
537 int mode;
538 unsigned int timestamp;
539 int namelen;
540 char *name;
541 };
542 typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
543
544
545 struct cdk_pkt_compressed_s
546 {
547 unsigned int len;
548 int algorithm;
549 cdk_stream_t buf;
550 };
551 typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
552
553
554 /* Structure which represents a single OpenPGP packet. */
555 struct cdk_packet_s
556 {
557 size_t pktlen; /* real packet length */
558 size_t pktsize; /* length with all headers */
559 int old_ctb; /* 1 if RFC1991 mode is used */
560 cdk_packet_type_t pkttype;
561 union
562 {
563 cdk_pkt_mdc_t mdc;
564 cdk_pkt_userid_t user_id;
565 cdk_pkt_pubkey_t public_key;
566 cdk_pkt_seckey_t secret_key;
567 cdk_pkt_signature_t signature;
568 cdk_pkt_pubkey_enc_t pubkey_enc;
569 cdk_pkt_compressed_t compressed;
570 cdk_pkt_encrypted_t encrypted;
571 cdk_pkt_literal_t literal;
572 cdk_pkt_onepass_sig_t onepass_sig;
573 } pkt;
574 };
575 typedef struct cdk_packet_s *cdk_packet_t;
576
577 /* Allocate a new packet or a new packet with the given packet type. */
578 cdk_error_t cdk_pkt_new (cdk_packet_t * r_pkt);
579 cdk_error_t cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype);
580
581 /* Only release the contents of the packet but not @PKT itself. */
582 void cdk_pkt_free (cdk_packet_t pkt);
583
584 /* Release the packet contents and the packet structure @PKT itself. */
585 void cdk_pkt_release (cdk_packet_t pkt);
586
587 /* Read or write the given output from or to the stream. */
588 cdk_error_t cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt);
589 cdk_error_t cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt);
590
591 /* Sub packet routines */
592 cdk_subpkt_t cdk_subpkt_new (size_t size);
593 void cdk_subpkt_free (cdk_subpkt_t ctx);
594 cdk_subpkt_t cdk_subpkt_find (cdk_subpkt_t ctx, size_t type);
595 cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
596 size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
597 cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
598 size_t index);
599 cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
600 const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
601 size_t * r_type,
602 size_t * r_nbytes);
603 void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
604 size_t buflen);
605
606 /* Designated Revoker routines */
607 const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
608 cdk_desig_revoker_t * ctx,
609 int *r_class,
610 int *r_algid);
611
612 #define is_RSA(a) ((a) == CDK_PK_RSA \
613 || (a) == CDK_PK_RSA_E \
614 || (a) == CDK_PK_RSA_S)
615 #define is_ELG(a) ((a) == CDK_PK_ELG_E)
616 #define is_DSA(a) ((a) == CDK_PK_DSA)
617
618 /* Encrypt the given session key @SK with the public key @PK
619 and write the contents into the packet @PKE. */
620 cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
621 bigint_t sk);
622
623 /* Decrypt the given encrypted session key in @PKE with the secret key
624 @SK and store it in @R_SK. */
625 cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
626 bigint_t * r_sk);
627
628 /* Sign the given message digest @MD with the secret key @SK and
629 store the signature in the packet @SIG. */
630 cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
631 const unsigned char *md);
632
633 /* Verify the given signature in @SIG with the public key @PK
634 and compare it against the message digest @MD. */
635 cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
636 const unsigned char *md);
637
638 /* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
639 multiprecision integers a key consists of. */
640
641 /* Return a multi precision integer of the public key with the index @IDX
642 in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
643 Optional @R_NBITS may contain the size in bits. */
644 cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
645 unsigned char *buf, size_t buflen,
646 size_t * r_nwritten, size_t * r_nbits);
647
648 /* Same as the function above but of the secret key. */
649 cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
650 unsigned char *buf, size_t buflen,
651 size_t * r_nwritten, size_t * r_nbits);
652
653 /* Helper to get the exact number of multi precision integers
654 for the given object. */
655 int cdk_pk_get_nbits (cdk_pubkey_t pk);
656 int cdk_pk_get_npkey (int algo);
657 int cdk_pk_get_nskey (int algo);
658 int cdk_pk_get_nsig (int algo);
659 int cdk_pk_get_nenc (int algo);
660
661 /* Fingerprint and key ID routines. */
662
663 /* Calculate the fingerprint of the given public key.
664 the FPR parameter must be at least 20 octets to hold the SHA1 hash. */
665 cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, unsigned char *fpr);
666
667 /* Same as above, but with additional sanity checks of the buffer size. */
668 cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
669 unsigned char *fpr, size_t fprlen,
670 size_t * r_nout);
671
672 /* Derive the keyid from the fingerprint. This is only possible for
673 modern, version 4 keys. */
674 unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
675 size_t fprlen,
676 unsigned int *keyid);
677
678 /* Various functions to get the keyid from the specific packet type. */
679 unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
680 unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
681 unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
682 unsigned int *keyid);
683
684 /* Key release functions. */
685 void cdk_pk_release (cdk_pubkey_t pk);
686 void cdk_sk_release (cdk_seckey_t sk);
687
688 /* Create a public key with the data from the secret key @SK. */
689 cdk_error_t cdk_pk_from_secret_key (cdk_seckey_t sk, cdk_pubkey_t * ret_pk);
690
691 /* Sexp conversion of keys. */
692 cdk_error_t cdk_pubkey_to_sexp (cdk_pubkey_t pk, char **sexp, size_t * len);
693 cdk_error_t cdk_seckey_to_sexp (cdk_seckey_t sk, char **sexp, size_t * len);
694
695
696 /* String to Key routines. */
697 cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
698 const unsigned char *salt);
699 void cdk_s2k_free (cdk_s2k_t s2k);
700
701 /* Protect the inbuf with ASCII armor of the specified type.
702 If @outbuf and @outlen are NULL, the function returns the calculated
703 size of the base64 encoded data in @nwritten. */
704 cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
705 size_t inlen, char *outbuf,
706 size_t outlen, size_t * nwritten,
707 int type);
708
709
710 /* This context contain user callbacks for different stream operations.
711 Some of these callbacks might be NULL to indicate that the callback
712 is not used. */
713 struct cdk_stream_cbs_s
714 {
715 cdk_error_t (*open) (void *);
716 cdk_error_t (*release) (void *);
717 int (*read) (void *, void *buf, size_t);
718 int (*write) (void *, const void *buf, size_t);
719 int (*seek) (void *, off_t);
720 };
721 typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
722
723 int cdk_stream_is_compressed (cdk_stream_t s);
724
725 /* Return a stream object which is associated to a socket. */
726 cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
727 cdk_stream_t * ret_out);
728
729 /* Return a stream object which is associated to an existing file. */
730 cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
731
732 /* Return a stream object which is associated to a file which will
733 be created when the stream is closed. */
734 cdk_error_t cdk_stream_new (const char *file, cdk_stream_t * ret_s);
735
736 /* Return a stream object with custom callback functions for the
737 various core operations. */
738 cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
739 cdk_stream_t * ret_s);
740 cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
741 cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
742 cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
743 cdk_stream_t * r_out);
744 void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
745 cdk_error_t cdk_stream_flush (cdk_stream_t s);
746 cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
747 cdk_error_t cdk_stream_filter_disable (cdk_stream_t s, int type);
748 cdk_error_t cdk_stream_close (cdk_stream_t s);
749 off_t cdk_stream_get_length (cdk_stream_t s);
750 int cdk_stream_read (cdk_stream_t s, void *buf, size_t count);
751 int cdk_stream_write (cdk_stream_t s, const void *buf, size_t count);
752 int cdk_stream_putc (cdk_stream_t s, int c);
753 int cdk_stream_getc (cdk_stream_t s);
754 int cdk_stream_eof (cdk_stream_t s);
755 off_t cdk_stream_tell (cdk_stream_t s);
756 cdk_error_t cdk_stream_seek (cdk_stream_t s, off_t offset);
757 cdk_error_t cdk_stream_set_armor_flag (cdk_stream_t s, int type);
758
759 /* Push the literal filter for the given stream. */
760 cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
761 cdk_lit_format_t mode,
762 const char *fname);
763
764 cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
765 int level);
766 cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
767 cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
768 cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
769 cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
770 size_t * ret_buflen);
771 cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
772 unsigned char **ret_buf,
773 size_t * ret_buflen);
774
775 /* Read from the stream but restore the file pointer after reading
776 the requested amount of bytes. */
777 int cdk_stream_peek (cdk_stream_t inp, unsigned char *buf, size_t buflen);
778
779 /* Create a new key db handle from a memory buffer. */
780 cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
781 int armor,
782 const void *data, size_t datlen);
783
784 /* Check that a secret key with the given key ID is available. */
785 cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
786
787 /* Prepare the key db search. */
788 cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
789 cdk_keydb_hd_t db, int type,
790 void *desc);
791
792 void cdk_keydb_search_release (cdk_keydb_search_t st);
793
794 /* Return a key which matches a valid description given in
795 cdk_keydb_search_start(). */
796 cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
797 cdk_kbnode_t * ret_key);
798
799 /* Release the key db handle and all its resources. */
800 void cdk_keydb_free (cdk_keydb_hd_t hd);
801
802 /* The following functions will try to find a key in the given key
803 db handle either by keyid, by fingerprint or by some pattern. */
804 cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
805 cdk_kbnode_t * ret_pk);
806 cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
807 const unsigned char *fpr,
808 cdk_kbnode_t * ret_pk);
809 cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
810 cdk_kbnode_t * ret_pk);
811
812 /* These function, in contrast to most other key db functions, only
813 return the public or secret key packet without the additional
814 signatures and user IDs. */
815 cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
816 cdk_pubkey_t * ret_pk);
817 cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
818 cdk_seckey_t * ret_sk);
819
820 /* Try to read the next key block from the given input stream.
821 The key will be returned in @RET_KEY on success. */
822 cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
823 cdk_kbnode_t * ret_key);
824
825 /* Rebuild the key db index if possible. */
826 cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
827 cdk_keydb_search_t dbs);
828
829 /* Export one or more keys from the given key db handle into
830 the stream @OUT. The export is done by substring search and
831 uses the string list @REMUSR for the pattern. */
832 cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
833 cdk_strlist_t remusr);
834
835 /* Import the given key node @knode into the key db. */
836 cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
837
838
839 /* List or enumerate keys from a given key db handle. */
840
841 /* Start the key list process. Either use @PATT for a pattern search
842 or @FPATT for a list of pattern. */
843 cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
844 const char *patt, cdk_strlist_t fpatt);
845 void cdk_listkey_close (cdk_listkey_t ctx);
846
847 /* Return the next key which matches the pattern. */
848 cdk_error_t cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key);
849
850 cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
851 cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
852 int armor,
853 const unsigned char *buf,
854 size_t buflen);
855 cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
856 unsigned char *buf, size_t * r_nbytes);
857 cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
858 unsigned char **r_buf,
859 size_t * r_buflen);
860
861 void cdk_kbnode_release (cdk_kbnode_t node);
862 void cdk_kbnode_delete (cdk_kbnode_t node);
863 void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
864 cdk_packet_type_t pkttype);
865 int cdk_kbnode_commit (cdk_kbnode_t * root);
866 void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
867 void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
868 cdk_kbnode_t where);
869 cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
870 int all);
871 cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
872 cdk_packet_type_t pkttype);
873 cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
874 cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
875 cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
876 cdk_packet_type_t pkttype);
877 cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
878 cdk_packet_type_t pkttype);
879 cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
880 int is_v4, cdk_packet_type_t pkttype,
881 int flags);
882
883 /* Check each signature in the key node and return a summary of the
884 key status in @r_status. Values of cdk_key_flag_t are used. */
885 cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
886 int *r_status);
887
888 /* Check the self signature of the key to make sure it is valid. */
889 cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
890
891 /* Return a matching algorithm from the given public key list.
892 @PREFTYPE can be either sym-cipher/compress/digest. */
893 int cdk_pklist_select_algo (cdk_keylist_t pkl, int preftype);
894
895 /* Return 0 or 1 if the given key list is able to understand the
896 MDC feature. */
897 int cdk_pklist_use_mdc (cdk_keylist_t pkl);
898 cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
899 cdk_strlist_t remusr, int use);
900 void cdk_pklist_release (cdk_keylist_t pkl);
901
902 /* Secret key lists */
903 cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
904 cdk_keydb_hd_t db, cdk_ctx_t hd,
905 cdk_strlist_t locusr,
906 int unlock, unsigned int use);
907 void cdk_sklist_release (cdk_keylist_t skl);
908 cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
909 digest_hd_st * mdctx, int sigclass,
910 int sigver);
911 cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
912 int sigclass, int mdalgo);
913
914 /* Encrypt the given stream @INP with the recipients given in @REMUSR.
915 If @REMUSR is NULL, symmetric encryption will be used. The output
916 will be written to @OUT. */
917 cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
918 cdk_stream_t inp, cdk_stream_t out);
919
920 /* Decrypt the @INP stream into @OUT. */
921 cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
922 cdk_stream_t out);
923
924 /* Same as the function above but it works on files. */
925 cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
926 const char *file, const char *output);
927 cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
928 const char *output);
929
930 /* Generic function to transform data. The mode can be either sign,
931 verify, encrypt, decrypt, import or export. The meanings of the
932 parameters are similar to the functions above.
933 @OUTBUF will contain the output and @OUTSIZE the length of it. */
934 cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
935 cdk_strlist_t locusr, cdk_strlist_t remusr,
936 const void *inbuf, size_t insize,
937 unsigned char **outbuf, size_t * outsize,
938 int modval);
939
940 int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
941 int *r_val);
942 int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
943 int *r_val, int *r_flags);
944
945 void cdk_strlist_free (cdk_strlist_t sl);
946 cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
947 const char *cdk_check_version (const char *req_version);
948 /* UTF8 */
949 char *cdk_utf8_encode (const char *string);
950 char *cdk_utf8_decode (const char *string, size_t length, int delim);
951
952 #ifdef __cplusplus
953 }
954 #endif
955
956 #endif /* OPENCDK_H */
Implementation of the SSL/TLS protocol