1 /* packet.h - OpenPGP packet definitions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
4 * Copyright (C) 2015 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "../common/iobuf.h"
27 #include "../common/strlist.h"
30 #include "../common/openpgpdefs.h"
31 #include "../common/userids.h"
33 #define DEBUG_PARSE_PACKET 1
36 /* Constants to allocate static MPI arrays. */
37 #define PUBKEY_MAX_NPKEY 5
38 #define PUBKEY_MAX_NSKEY 7
39 #define PUBKEY_MAX_NSIG 2
40 #define PUBKEY_MAX_NENC 2
43 #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
44 #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
45 #define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/
46 #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
47 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
48 #define PUBKEY_USAGE_NONE 256 /* No usage given. */
49 #if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
50 | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
51 # error Please choose another value for PUBKEY_USAGE_NONE
55 #define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \
56 || (a)==PUBKEY_ALGO_RSA_S )
57 #define is_ELGAMAL(a) ((a)==PUBKEY_ALGO_ELGAMAL_E)
58 #define is_DSA(a) ((a)==PUBKEY_ALGO_DSA)
60 /* A pointer to the packet object. */
61 typedef struct packet_struct PACKET;
63 /* PKT_GPG_CONTROL types */
65 CTRLPKT_CLEARSIGN_START = 1,
67 CTRLPKT_PLAINTEXT_MARK =3
84 int mode; /* Must be an integer due to the GNU modes 1001 et al. */
92 byte cipher_algo; /* cipher algorithm used */
94 byte seskeylen; /* keylength in byte or 0 for no seskey */
99 u32 keyid[2]; /* 64 bit keyid */
101 byte pubkey_algo; /* algorithm used for public key scheme */
103 gcry_mpi_t data[PUBKEY_MAX_NENC];
108 u32 keyid[2]; /* 64 bit keyid */
109 byte sig_class; /* sig classification */
110 byte digest_algo; /* algorithm used for digest */
111 byte pubkey_algo; /* algorithm used for public key scheme */
112 byte last; /* a stupid flag */
117 size_t size; /* allocated */
118 size_t len; /* used */
122 struct revocation_key {
125 byte fpr[MAX_FINGERPRINT_LEN];
129 /* Object to keep information about a PKA DNS record. */
132 int valid; /* An actual PKA record exists for EMAIL. */
133 int checked; /* Set to true if the FPR has been checked against the
135 char *uri; /* Malloced string with the URI. NULL if the URI is
137 unsigned char fpr[20]; /* The fingerprint as stored in the PKA RR. */
138 char email[1];/* The email address from the notation data. */
142 /* Object to keep information pertaining to a signature. */
147 unsigned checked:1; /* Signature has been checked. */
148 unsigned valid:1; /* Signature is good (if checked is set). */
149 unsigned chosen_selfsig:1; /* A selfsig that is the chosen one. */
150 unsigned unknown_critical:1;
151 unsigned exportable:1;
152 unsigned revocable:1;
153 unsigned policy_url:1; /* At least one policy URL is present */
154 unsigned notation:1; /* At least one notation is present */
155 unsigned pref_ks:1; /* At least one preferred keyserver is present */
157 unsigned pka_tried:1; /* Set if we tried to retrieve the PKA record. */
159 u32 keyid[2]; /* 64 bit keyid */
160 u32 timestamp; /* Signature made (seconds since Epoch). */
161 u32 expiredate; /* Expires at this date or 0 if not at all. */
163 byte sig_class; /* Sig classification, append for MD calculation. */
164 byte pubkey_algo; /* Algorithm used for public key scheme */
165 /* (PUBKEY_ALGO_xxx) */
166 byte digest_algo; /* Algorithm used for digest (DIGEST_ALGO_xxxx). */
169 const byte *trust_regexp;
170 struct revocation_key *revkey;
172 pka_info_t *pka_info; /* Malloced PKA data or NULL if not
173 available. See also flags.pka_tried. */
174 subpktarea_t *hashed; /* All subpackets with hashed data (v4 only). */
175 subpktarea_t *unhashed; /* Ditto for unhashed data. */
176 byte digest_start[2]; /* First 2 bytes of the digest. */
177 gcry_mpi_t data[PUBKEY_MAX_NSIG];
180 #define ATTRIB_IMAGE 1
182 /* This is the cooked form of attributes. */
183 struct user_attribute {
190 /* (See also keybox-search-desc.h) */
191 struct gpg_pkt_user_id_s
193 int ref; /* reference counter */
194 int len; /* length of the name */
195 struct user_attribute *attribs;
197 byte *attrib_data; /* if this is not NULL, the packet is an attribute */
198 unsigned long attrib_len;
203 int help_marginal_count;
204 int is_primary; /* 2 if set via the primary flag, 1 if calculated */
207 u32 expiredate; /* expires at this date or 0 if not at all */
208 prefitem_t *prefs; /* list of preferences (may be NULL)*/
209 u32 created; /* according to the self-signature */
213 /* TODO: Move more flags here */
215 unsigned int ks_modify:1;
216 unsigned int compacted:1;
220 typedef struct gpg_pkt_user_id_s PKT_user_id;
226 /* revoked at this date */
228 /* the keyid of the revoking key (selfsig or designated revoker) */
230 /* the algo of the revoking key */
235 /* Information pertaining to secret keys. */
238 int is_protected:1; /* The secret info is protected and must */
239 /* be decrypted before use, the protected */
240 /* MPIs are simply (void*) pointers to memory */
241 /* and should never be passed to a mpi_xxx() */
242 int sha1chk:1; /* SHA1 is used instead of a 16 bit checksum */
243 u16 csum; /* Checksum for old protection modes. */
244 byte algo; /* Cipher used to protect the secret information. */
245 STRING2KEY s2k; /* S2K parameter. */
246 byte ivlen; /* Used length of the IV. */
247 byte iv[16]; /* Initialization vector for CFB mode. */
252 * We assume that secret keys have the same number of parameters as
253 * the public key and that the public parameters are the first items
254 * in the PKEY array. Thus NPKEY is always less than NSKEY and it is
255 * possible to compare the secret and public keys by comparing the
256 * first NPKEY elements of the PKEY array. Note that since GnuPG 2.1
257 * we don't use secret keys anymore directly because they are managed
258 * by gpg-agent. However for parsing OpenPGP key files we need a way
259 * to temporary store those secret keys. We do this by putting them
260 * into the public key structure and extending the PKEY field to NSKEY
261 * elements; the extra secret key information are stored in the
266 u32 timestamp; /* key made */
267 u32 expiredate; /* expires at this date or 0 if not at all */
268 u32 max_expiredate; /* must not expire past this date */
269 struct revoke_info revoked;
270 byte hdrbytes; /* number of header bytes */
272 byte selfsigversion; /* highest version of all of the self-sigs */
273 byte pubkey_algo; /* algorithm used for public key scheme */
274 byte pubkey_usage; /* for now only used to pass it to getkey() */
275 byte req_usage; /* hack to pass a request to getkey() */
276 u32 has_expired; /* set to the expiration date if expired */
277 u32 main_keyid[2]; /* keyid of the primary key */
278 u32 keyid[2]; /* calculated by keyid_from_pk() */
279 prefitem_t *prefs; /* list of preferences (may be NULL) */
282 unsigned int mdc:1; /* MDC feature set. */
283 unsigned int disabled_valid:1;/* The next flag is valid. */
284 unsigned int disabled:1; /* The key has been disabled. */
285 unsigned int primary:1; /* This is a primary key. */
286 unsigned int revoked:2; /* Key has been revoked.
287 1 = revoked by the owner
288 2 = revoked by designated revoker. */
289 unsigned int maybe_revoked:1; /* A designated revocation is
290 present, but without the key to
292 unsigned int valid:1; /* Key (especially subkey) is valid. */
293 unsigned int dont_cache:1; /* Do not cache this key. */
294 unsigned int backsig:2; /* 0=none, 1=bad, 2=good. */
295 unsigned int serialno_valid:1;/* SERIALNO below is valid. */
297 PKT_user_id *user_id; /* If != NULL: found by that uid. */
298 struct revocation_key *revkey;
303 const byte *trust_regexp;
304 char *serialno; /* Malloced hex string or NULL if it is
305 likely not on a card. See also
306 flags.serialno_valid. */
307 struct seckey_info *seckey_info; /* If not NULL this malloced
308 structure describes a secret
310 gcry_mpi_t pkey[PUBKEY_MAX_NSKEY]; /* Right, NSKEY elements. */
313 /* Evaluates as true if the pk is disabled, and false if it isn't. If
314 there is no disable value cached, fill one in. */
315 #define pk_is_disabled(a) \
316 (((a)->flags.disabled_valid)? \
317 ((a)->flags.disabled):(cache_disabled_value((a))))
321 int len; /* length of data */
326 u32 len; /* reserved */
329 iobuf_t buf; /* IOBUF reference */
333 u32 len; /* Remaining length of encrypted data. */
334 int extralen; /* This is (blocksize+2). Used by build_packet. */
335 byte new_ctb; /* uses a new CTB */
336 byte is_partial; /* partial length encoded */
337 byte mdc_method; /* > 0: integrity protected encrypted data packet */
338 iobuf_t buf; /* IOBUF reference */
346 unsigned int trustval;
347 unsigned int sigcache;
351 u32 len; /* length of encrypted data */
352 iobuf_t buf; /* IOBUF reference */
354 byte is_partial; /* partial length encoded */
367 /* combine all packets into a union */
368 struct packet_struct {
372 PKT_symkey_enc *symkey_enc; /* PKT_SYMKEY_ENC */
373 PKT_pubkey_enc *pubkey_enc; /* PKT_PUBKEY_ENC */
374 PKT_onepass_sig *onepass_sig; /* PKT_ONEPASS_SIG */
375 PKT_signature *signature; /* PKT_SIGNATURE */
376 PKT_public_key *public_key; /* PKT_PUBLIC_[SUB]KEY */
377 PKT_public_key *secret_key; /* PKT_SECRET_[SUB]KEY */
378 PKT_comment *comment; /* PKT_COMMENT */
379 PKT_user_id *user_id; /* PKT_USER_ID */
380 PKT_compressed *compressed; /* PKT_COMPRESSED */
381 PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */
382 PKT_mdc *mdc; /* PKT_MDC */
383 PKT_ring_trust *ring_trust; /* PKT_RING_TRUST */
384 PKT_plaintext *plaintext; /* PKT_PLAINTEXT */
385 PKT_gpg_control *gpg_control; /* PKT_GPG_CONTROL */
389 #define init_packet(a) do { (a)->pkttype = 0; \
390 (a)->pkt.generic = NULL; \
403 unsigned int critical:1;
404 unsigned int ignore:1;
406 struct notation *next;
410 void reset_literals_seen(void);
411 int proc_packets (ctrl_t ctrl, void *ctx, iobuf_t a );
412 int proc_signature_packets (ctrl_t ctrl, void *ctx, iobuf_t a,
413 strlist_t signedfiles, const char *sigfile );
414 int proc_signature_packets_by_fd (ctrl_t ctrl,
415 void *anchor, IOBUF a, int signed_data_fd );
416 int proc_encryption_packets (ctrl_t ctrl, void *ctx, iobuf_t a);
417 int list_packets( iobuf_t a );
419 /*-- parse-packet.c --*/
421 /* Sets the packet list mode to MODE (i.e., whether we are dumping a
422 packet or not). Returns the current mode. This allows for
423 temporarily suspending dumping by doing the following:
425 int saved_mode = set_packet_list_mode (0);
427 set_packet_list_mode (saved_mode);
429 int set_packet_list_mode( int mode );
431 #if DEBUG_PARSE_PACKET
432 /* There are debug functions and should not be used directly. */
433 int dbg_search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid,
434 const char* file, int lineno );
435 int dbg_parse_packet( iobuf_t inp, PACKET *ret_pkt,
436 const char* file, int lineno );
437 int dbg_copy_all_packets( iobuf_t inp, iobuf_t out,
438 const char* file, int lineno );
439 int dbg_copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff,
440 const char* file, int lineno );
441 int dbg_skip_some_packets( iobuf_t inp, unsigned n,
442 const char* file, int lineno );
443 #define search_packet( a,b,c,d ) \
444 dbg_search_packet( (a), (b), (c), (d), __FILE__, __LINE__ )
445 #define parse_packet( a, b ) \
446 dbg_parse_packet( (a), (b), __FILE__, __LINE__ )
447 #define copy_all_packets( a,b ) \
448 dbg_copy_all_packets((a),(b), __FILE__, __LINE__ )
449 #define copy_some_packets( a,b,c ) \
450 dbg_copy_some_packets((a),(b),(c), __FILE__, __LINE__ )
451 #define skip_some_packets( a,b ) \
452 dbg_skip_some_packets((a),(b), __FILE__, __LINE__ )
454 /* Return the next valid OpenPGP packet in *PKT. (This function will
455 skip any packets whose type is 0.)
457 Returns 0 on success, -1 if EOF is reached, and an error code
458 otherwise. In the case of an error, the packet in *PKT may be
459 partially constructed. As such, even if there is an error, it is
460 necessary to free *PKT to avoid a resource leak. To detect what
461 has been allocated, clear *PKT before calling this function. */
462 int parse_packet( iobuf_t inp, PACKET *pkt);
464 /* Return the first OpenPGP packet in *PKT that contains a key (either
465 a public subkey, a public key, a secret subkey or a secret key) or,
466 if WITH_UID is set, a user id.
468 Saves the position in the pipeline of the start of the returned
469 packet (according to iobuf_tell) in RETPOS, if it is not NULL.
471 The return semantics are the same as parse_packet. */
472 int search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid );
474 /* Copy all packets (except invalid packets, i.e., those with a type
475 of 0) from INP to OUT until either an error occurs or EOF is
478 Returns -1 when end of file is reached or an error code, if an
479 error occured. (Note: this function never returns 0, because it
480 effectively keeps going until it gets an EOF.) */
481 int copy_all_packets( iobuf_t inp, iobuf_t out );
483 /* Like copy_all_packets, but stops at the first packet that starts at
484 or after STOPOFF (as indicated by iobuf_tell).
486 Example: if STOPOFF is 100, the first packet in INP goes from 0 to
487 110 and the next packet starts at offset 111, then the packet
488 starting at offset 0 will be completely processed (even though it
489 extends beyond STOPOFF) and the packet starting at offset 111 will
490 not be processed at all. */
491 int copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff );
493 /* Skips the next N packets from INP.
495 If parsing a packet returns an error code, then the function stops
496 immediately and returns the error code. Note: in the case of an
497 error, this function does not indicate how many packets were
498 successfully processed. */
499 int skip_some_packets( iobuf_t inp, unsigned n );
502 /* Parse a signature packet and store it in *SIG.
504 The signature packet is read from INP. The OpenPGP header (the tag
505 and the packet's length) have already been read; the next byte read
506 from INP should be the first byte of the packet's contents. The
507 packet's type (as extract from the tag) must be passed as PKTTYPE
508 and the packet's length must be passed as PKTLEN. This is used as
509 the upper bound on the amount of data read from INP. If the packet
510 is shorter than PKTLEN, the data at the end will be silently
511 skipped. If an error occurs, an error code will be returned. -1
512 means the EOF was encountered. 0 means parsing was successful. */
513 int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
514 PKT_signature *sig );
516 /* Given a subpacket area (typically either PKT_signature.hashed or
517 PKT_signature.unhashed), either:
519 - test whether there are any subpackets with the critical bit set
520 that we don't understand,
522 - list the subpackets, or,
524 - find a subpacket with a specific type.
526 REQTYPE indicates the type of operation.
528 If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
529 whether there are any subpackets that have the critical bit and
530 which GnuPG cannot handle. If GnuPG understands all subpackets
531 whose critical bit is set, then this function returns simply
532 returns SUBPKTS. If there is a subpacket whose critical bit is set
533 and which GnuPG does not understand, then this function returns
534 NULL and, if START is not NULL, sets *START to the 1-based index of
535 the subpacket that violates the constraint.
537 If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
538 packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
539 this function does not check whether the hash is correct; this is
540 merely an indication of the section that the subpackets came from.
542 If REQTYPE is anything else, then this function interprets the
543 values as a subpacket type and looks for the first subpacket with
544 that type. If such a packet is found, *CRITICAL (if not NULL) is
545 set if the critical bit was set, *RET_N is set to the offset of the
546 subpacket's content within the SUBPKTS buffer, *START is set to the
547 1-based index of the subpacket within the buffer, and returns
550 *START is the number of initial subpackets to not consider. Thus,
551 if *START is 2, then the first 2 subpackets are ignored. */
552 const byte *enum_sig_subpkt ( const subpktarea_t *subpkts,
553 sigsubpkttype_t reqtype,
554 size_t *ret_n, int *start, int *critical );
558 enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); */
559 const byte *parse_sig_subpkt ( const subpktarea_t *buffer,
560 sigsubpkttype_t reqtype,
563 /* This calls parse_sig_subpkt first on the hashed signature area in
564 SIG and then, if that returns NULL, calls parse_sig_subpkt on the
565 unhashed subpacket area in SIG. */
566 const byte *parse_sig_subpkt2 ( PKT_signature *sig,
567 sigsubpkttype_t reqtype);
569 /* Returns whether the N byte large buffer BUFFER is sufficient to
570 hold a subpacket of type TYPE. Note: the buffer refers to the
571 contents of the subpacket (not the header) and it must already be
572 initialized: for some subpackets, it checks some internal
575 Returns 0 if the size is acceptable. Returns -2 if the buffer is
576 definately too short. To check for an error, check whether the
577 return value is less than 0. */
578 int parse_one_sig_subpkt( const byte *buffer, size_t n, int type );
580 /* Looks for revocation key subpackets (see RFC 4880 5.2.3.15) in the
581 hashed area of the signature packet. Any that are found are added
582 to SIG->REVKEY and SIG->NUMREVKEYS is updated appropriately. */
583 void parse_revkeys(PKT_signature *sig);
585 /* Extract the attributes from the buffer at UID->ATTRIB_DATA and
586 update UID->ATTRIBS and UID->NUMATTRIBS accordingly. */
587 int parse_attribute_subpkts(PKT_user_id *uid);
589 /* Set the UID->NAME field according to the attributes. MAX_NAMELEN
590 must be at least 71. */
591 void make_attribute_uidname(PKT_user_id *uid, size_t max_namelen);
593 /* Allocate and initialize a new GPG control packet. DATA is the data
594 to save in the packet. */
595 PACKET *create_gpg_control ( ctrlpkttype_t type,
599 /*-- build-packet.c --*/
600 int build_packet( iobuf_t inp, PACKET *pkt );
601 gpg_error_t gpg_mpi_write (iobuf_t out, gcry_mpi_t a);
602 gpg_error_t gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a);
603 u32 calc_packet_length( PACKET *pkt );
604 void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
605 const byte *buffer, size_t buflen );
606 void build_sig_subpkt_from_sig( PKT_signature *sig );
607 int delete_sig_subpkt(subpktarea_t *buffer, sigsubpkttype_t type );
608 void build_attribute_subpkt(PKT_user_id *uid,byte type,
609 const void *buf,u32 buflen,
610 const void *header,u32 headerlen);
611 struct notation *string_to_notation(const char *string,int is_utf8);
612 struct notation *sig_to_notation(PKT_signature *sig);
613 void free_notation(struct notation *notation);
615 /*-- free-packet.c --*/
616 void free_symkey_enc( PKT_symkey_enc *enc );
617 void free_pubkey_enc( PKT_pubkey_enc *enc );
618 void free_seckey_enc( PKT_signature *enc );
619 int digest_algo_from_sig( PKT_signature *sig );
620 void release_public_key_parts( PKT_public_key *pk );
621 void free_public_key( PKT_public_key *key );
622 void free_attributes(PKT_user_id *uid);
623 void free_user_id( PKT_user_id *uid );
624 void free_comment( PKT_comment *rem );
625 void free_packet( PACKET *pkt );
626 prefitem_t *copy_prefs (const prefitem_t *prefs);
627 PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
628 PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s );
629 PKT_user_id *scopy_user_id (PKT_user_id *sd );
630 int cmp_public_keys( PKT_public_key *a, PKT_public_key *b );
631 int cmp_signatures( PKT_signature *a, PKT_signature *b );
632 int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
635 /*-- sig-check.c --*/
636 int signature_check( PKT_signature *sig, gcry_md_hd_t digest );
637 int signature_check2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
638 int *r_expired, int *r_revoked, PKT_public_key *ret_pk );
641 /*-- pubkey-enc.c --*/
642 gpg_error_t get_session_key (PKT_pubkey_enc *k, DEK *dek);
643 gpg_error_t get_override_session_key (DEK *dek, const char *string);
646 int handle_compressed (ctrl_t ctrl, void *ctx, PKT_compressed *cd,
647 int (*callback)(iobuf_t, void *), void *passthru );
649 /*-- encr-data.c --*/
650 int decrypt_data (ctrl_t ctrl, void *ctx, PKT_encrypted *ed, DEK *dek );
652 /*-- plaintext.c --*/
653 int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
654 int nooutput, int clearsig );
655 int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
656 const char *inname, int textmode );
659 int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
660 PKT_user_id *uid, PKT_public_key *subpk,
661 PKT_public_key *pksk, int sigclass, int digest_algo,
662 u32 timestamp, u32 duration,
663 int (*mksubpkt)(PKT_signature *, void *),
665 const char *cache_nonce);
666 gpg_error_t update_keysig_packet (PKT_signature **ret_sig,
667 PKT_signature *orig_sig,
670 PKT_public_key *subpk,
671 PKT_public_key *pksk,
672 int (*mksubpkt)(PKT_signature *, void *),
676 PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr);
678 #endif /*G10_PACKET_H*/