1 /* opencdk.h - Open Crypto Development Kit (OpenCDK)
2 * Copyright (C) 2001, 2002, 2003, 2006, 2007, 2008, 2010 Free Software
7 * This file is part of OpenCDK.
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
29 #include <stddef.h> /* for size_t */
31 #include <gnutls_int.h>
32 #include <gnutls_mem.h>
33 #include <gnutls/gnutls.h>
34 #include <gnutls_errors.h>
35 #include <gnutls_hash_int.h>
37 /* The OpenCDK version as a string. */
38 #define OPENCDK_VERSION "0.6.6"
40 /* The OpenCDK version as integer components major.minor.path */
41 #define OPENCDK_VERSION_MAJOR 0
42 #define OPENCDK_VERSION_MINOR 6
43 #define OPENCDK_VERSION_PATCH 6
50 /* General contexts */
52 /* 'Session' handle to support the various options and run-time
55 typedef struct cdk_ctx_s *cdk_ctx_t;
57 /* A generic context to store list of strings. */
59 typedef struct cdk_strlist_s *cdk_strlist_t;
61 /* Context used to list keys of a keyring. */
63 typedef struct cdk_listkey_s *cdk_listkey_t;
65 /* Opaque String to Key (S2K) handle. */
67 typedef struct cdk_s2k_s *cdk_s2k_t;
69 /* Abstract I/O object, a stream, which is used for most operations. */
71 typedef struct cdk_stream_s *cdk_stream_t;
73 /* Opaque handle for the user ID preferences. */
74 struct cdk_prefitem_s;
75 typedef struct cdk_prefitem_s *cdk_prefitem_t;
77 /* Node to store a single key node packet. */
79 typedef struct cdk_kbnode_s *cdk_kbnode_t;
81 /* Key database handle. */
82 struct cdk_keydb_hd_s;
83 typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
85 struct cdk_keydb_search_s;
86 typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
88 /* Context to store a list of recipient keys. */
90 typedef struct cdk_keylist_s *cdk_keylist_t;
92 /* Context to encapsulate a single sub packet of a signature. */
94 typedef struct cdk_subpkt_s *cdk_subpkt_t;
96 /* Context used to generate key pairs. */
97 struct cdk_keygen_ctx_s;
98 typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
100 /* Handle for a single designated revoker. */
101 struct cdk_desig_revoker_s;
102 typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
104 /* Alias for backward compatibility. */
105 typedef bigint_t cdk_mpi_t;
108 /* All valid error constants. */
113 CDK_General_Error = 1,
118 CDK_Not_Implemented = 6,
120 CDK_Armor_CRC_Error = 9,
123 CDK_Error_No_Key = 12,
124 CDK_Chksum_Error = 13,
125 CDK_Time_Conflict = 14,
128 CDK_Out_Of_Core = 17,
129 CDK_Wrong_Seckey = 18,
132 CDK_Error_No_Keyring = 21,
133 CDK_Wrong_Format = 22,
134 CDK_Inv_Packet_Ver = 23,
136 CDK_Unusable_Key = 25,
138 CDK_No_Passphrase = 27,
139 CDK_Network_Error = 28
143 enum cdk_control_flags
145 CDK_CTLF_SET = 0, /* Value to set an option */
146 CDK_CTLF_GET = 1, /* Value to get an option */
147 CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
148 CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
149 CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
150 CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
151 CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
152 CDK_CTL_S2K = 16, /* Option to set S2K values. */
153 CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
154 CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
158 /* Specifies all valid log levels. */
161 CDK_LOG_NONE = 0, /* No log message will be shown. */
164 CDK_LOG_DEBUG_PKT = 3
168 /* All valid compression algorithms in OpenPGP */
169 enum cdk_compress_algo_t
171 CDK_COMPRESS_NONE = 0,
172 CDK_COMPRESS_ZIP = 1,
173 CDK_COMPRESS_ZLIB = 2,
174 CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
177 /* All valid public key algorithms valid in OpenPGP */
178 enum cdk_pubkey_algo_t
182 CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
183 CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
188 /* The valid 'String-To-Key' modes */
193 CDK_S2K_ITERSALTED = 3,
194 CDK_S2K_GNU_EXT = 101
195 /* GNU extensions: refer to DETAILS from GnuPG:
196 http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
200 /* The different kind of user ID preferences. */
203 CDK_PREFTYPE_NONE = 0,
204 CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
205 CDK_PREFTYPE_HASH = 2, /* Message digests */
206 CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
210 /* All valid sub packet types. */
211 enum cdk_sig_subpacket_t
213 CDK_SIGSUBPKT_NONE = 0,
214 CDK_SIGSUBPKT_SIG_CREATED = 2,
215 CDK_SIGSUBPKT_SIG_EXPIRE = 3,
216 CDK_SIGSUBPKT_EXPORTABLE = 4,
217 CDK_SIGSUBPKT_TRUST = 5,
218 CDK_SIGSUBPKT_REGEXP = 6,
219 CDK_SIGSUBPKT_REVOCABLE = 7,
220 CDK_SIGSUBPKT_KEY_EXPIRE = 9,
221 CDK_SIGSUBPKT_PREFS_SYM = 11,
222 CDK_SIGSUBPKT_REV_KEY = 12,
223 CDK_SIGSUBPKT_ISSUER = 16,
224 CDK_SIGSUBPKT_NOTATION = 20,
225 CDK_SIGSUBPKT_PREFS_HASH = 21,
226 CDK_SIGSUBPKT_PREFS_ZIP = 22,
227 CDK_SIGSUBPKT_KS_FLAGS = 23,
228 CDK_SIGSUBPKT_PREF_KS = 24,
229 CDK_SIGSUBPKT_PRIMARY_UID = 25,
230 CDK_SIGSUBPKT_POLICY = 26,
231 CDK_SIGSUBPKT_KEY_FLAGS = 27,
232 CDK_SIGSUBPKT_SIGNERS_UID = 28,
233 CDK_SIGSUBPKT_REVOC_REASON = 29,
234 CDK_SIGSUBPKT_FEATURES = 30
238 /* All valid armor types. */
239 enum cdk_armor_type_t
241 CDK_ARMOR_MESSAGE = 0,
242 CDK_ARMOR_PUBKEY = 1,
243 CDK_ARMOR_SECKEY = 2,
244 CDK_ARMOR_SIGNATURE = 3,
245 CDK_ARMOR_CLEARSIG = 4
248 enum cdk_keydb_flag_t
250 /* Valid database search modes */
251 CDK_DBSEARCH_EXACT = 1, /* Exact string search */
252 CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
253 CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
254 CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
255 CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
256 CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
257 CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
258 /* Valid database types */
259 CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
260 CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
261 CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
262 CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */
266 /* All valid modes for cdk_data_transform() */
267 enum cdk_crypto_mode_t
269 CDK_CRYPTYPE_NONE = 0,
270 CDK_CRYPTYPE_ENCRYPT = 1,
271 CDK_CRYPTYPE_DECRYPT = 2,
272 CDK_CRYPTYPE_SIGN = 3,
273 CDK_CRYPTYPE_VERIFY = 4,
274 CDK_CRYPTYPE_EXPORT = 5,
275 CDK_CRYPTYPE_IMPORT = 6
278 #define CDK_KEY_USG_ENCR (CDK_KEY_USG_COMM_ENCR | CDK_KEY_USG_STORAGE_ENCR)
279 #define CDK_KEY_USG_SIGN (CDK_KEY_USG_DATA_SIGN | CDK_KEY_USG_CERT_SIGN)
280 /* A list of valid public key usages. */
283 CDK_KEY_USG_CERT_SIGN = 1,
284 CDK_KEY_USG_DATA_SIGN = 2,
285 CDK_KEY_USG_COMM_ENCR = 4,
286 CDK_KEY_USG_STORAGE_ENCR = 8,
287 CDK_KEY_USG_SPLIT_KEY = 16,
288 CDK_KEY_USG_AUTH = 32,
289 CDK_KEY_USG_SHARED_KEY = 128
293 /* Valid flags for keys. */
297 CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
298 CDK_KEY_EXPIRED = 2, /* Key is expired. */
299 CDK_KEY_REVOKED = 4, /* Key has been revoked. */
304 /* Trust values and flags for keys and user IDs */
305 enum cdk_trust_flag_t
307 CDK_TRUST_UNKNOWN = 0,
308 CDK_TRUST_EXPIRED = 1,
309 CDK_TRUST_UNDEFINED = 2,
311 CDK_TRUST_MARGINAL = 4,
313 CDK_TRUST_ULTIMATE = 6,
315 CDK_TFLAG_REVOKED = 32,
316 CDK_TFLAG_SUB_REVOKED = 64,
317 CDK_TFLAG_DISABLED = 128
321 /* Signature states and the signature modes. */
322 enum cdk_signature_stat_t
324 /* Signature status */
325 CDK_SIGSTAT_NONE = 0,
326 CDK_SIGSTAT_GOOD = 1,
328 CDK_SIGSTAT_NOKEY = 3,
329 CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
330 /* FIXME: We need indicators for revoked/expires signatures. */
332 /* Signature modes */
333 CDK_SIGMODE_NORMAL = 100,
334 CDK_SIGMODE_DETACHED = 101,
335 CDK_SIGMODE_CLEAR = 102
342 CDK_FLAG_KEY_REVOKED = 256,
343 CDK_FLAG_KEY_EXPIRED = 512,
344 CDK_FLAG_SIG_EXPIRED = 1024
348 /* Possible format for the literal data. */
351 CDK_LITFMT_BINARY = 0,
353 CDK_LITFMT_UNICODE = 2
356 /* Valid OpenPGP packet types and their IDs */
359 CDK_PKT_RESERVED = 0,
360 CDK_PKT_PUBKEY_ENC = 1,
361 CDK_PKT_SIGNATURE = 2,
362 CDK_PKT_ONEPASS_SIG = 4,
363 CDK_PKT_SECRET_KEY = 5,
364 CDK_PKT_PUBLIC_KEY = 6,
365 CDK_PKT_SECRET_SUBKEY = 7,
366 CDK_PKT_COMPRESSED = 8,
368 CDK_PKT_LITERAL = 11,
369 CDK_PKT_RING_TRUST = 12,
370 CDK_PKT_USER_ID = 13,
371 CDK_PKT_PUBLIC_SUBKEY = 14,
372 CDK_PKT_OLD_COMMENT = 16,
373 CDK_PKT_ATTRIBUTE = 17,
377 /* Define the maximal number of multiprecion integers for
379 #define MAX_CDK_PK_PARTS 4
381 /* Define the maximal number of multiprecision integers for
382 a signature/encrypted blob issued by a secret key. */
383 #define MAX_CDK_DATA_PARTS 2
386 /* Helper macro to figure out if the packet is encrypted */
387 #define CDK_PKT_IS_ENCRYPTED(pkttype) (\
388 ((pkttype)==CDK_PKT_ENCRYPTED_MDC) \
389 || ((pkttype)==CDK_PKT_ENCRYPTED))
392 struct cdk_pkt_signature_s
394 unsigned char version;
395 unsigned char sig_class;
396 unsigned int timestamp;
397 unsigned int expiredate;
398 unsigned int keyid[2];
399 unsigned char pubkey_algo;
400 unsigned char digest_algo;
401 unsigned char digest_start[2];
402 unsigned short hashed_size;
404 unsigned short unhashed_size;
405 cdk_subpkt_t unhashed;
406 bigint_t mpi[MAX_CDK_DATA_PARTS];
407 cdk_desig_revoker_t revkeys;
410 unsigned exportable:1;
411 unsigned revocable:1;
412 unsigned policy_url:1;
417 unsigned missing_key:1;
419 unsigned int key[2]; /* only valid for key signatures */
421 typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
424 struct cdk_pkt_userid_s
427 unsigned is_primary:1;
428 unsigned is_revoked:1;
429 unsigned mdc_feature:1;
430 cdk_prefitem_t prefs;
432 unsigned char *attrib_img; /* Tag 17 if not null */
434 cdk_pkt_signature_t selfsig;
437 typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
440 struct cdk_pkt_pubkey_s
442 unsigned char version;
443 unsigned char pubkey_algo;
444 unsigned char fpr[20];
445 unsigned int keyid[2];
446 unsigned int main_keyid[2];
447 unsigned int timestamp;
448 unsigned int expiredate;
449 bigint_t mpi[MAX_CDK_PK_PARTS];
450 unsigned is_revoked:1;
451 unsigned is_invalid:1;
452 unsigned has_expired:1;
454 cdk_pkt_userid_t uid;
455 cdk_prefitem_t prefs;
457 cdk_desig_revoker_t revkeys;
459 typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
461 /* Alias to define a generic public key context. */
462 typedef cdk_pkt_pubkey_t cdk_pubkey_t;
465 struct cdk_pkt_seckey_s
468 unsigned int expiredate;
471 unsigned int keyid[2];
472 unsigned int main_keyid[2];
473 unsigned char s2k_usage;
477 unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
479 unsigned char iv[16];
483 bigint_t mpi[MAX_CDK_PK_PARTS];
484 unsigned char *encdata;
486 unsigned char is_protected;
487 unsigned is_primary:1;
488 unsigned has_expired:1;
489 unsigned is_revoked:1;
491 typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
493 /* Alias to define a generic secret key context. */
494 typedef cdk_pkt_seckey_t cdk_seckey_t;
497 struct cdk_pkt_onepass_sig_s
499 unsigned char version;
500 unsigned int keyid[2];
501 unsigned char sig_class;
502 unsigned char digest_algo;
503 unsigned char pubkey_algo;
506 typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
509 struct cdk_pkt_pubkey_enc_s
511 unsigned char version;
512 unsigned int keyid[2];
514 unsigned char pubkey_algo;
515 bigint_t mpi[MAX_CDK_DATA_PARTS];
517 typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
519 struct cdk_pkt_encrypted_s
523 unsigned char mdc_method;
526 typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
531 unsigned char hash[20];
533 typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
536 struct cdk_pkt_literal_s
541 unsigned int timestamp;
545 typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
548 struct cdk_pkt_compressed_s
554 typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
557 /* Structure which represents a single OpenPGP packet. */
560 size_t pktlen; /* real packet length */
561 size_t pktsize; /* length with all headers */
562 int old_ctb; /* 1 if RFC1991 mode is used */
563 cdk_packet_type_t pkttype;
567 cdk_pkt_userid_t user_id;
568 cdk_pkt_pubkey_t public_key;
569 cdk_pkt_seckey_t secret_key;
570 cdk_pkt_signature_t signature;
571 cdk_pkt_pubkey_enc_t pubkey_enc;
572 cdk_pkt_compressed_t compressed;
573 cdk_pkt_encrypted_t encrypted;
574 cdk_pkt_literal_t literal;
575 cdk_pkt_onepass_sig_t onepass_sig;
578 typedef struct cdk_packet_s *cdk_packet_t;
580 /* Session handle routines */
581 cdk_error_t cdk_handle_new (cdk_ctx_t * r_ctx);
582 void cdk_handle_free (cdk_ctx_t c);
584 /* Set the key database handle for the given session handle.
585 The type of the key db handle (public or secret) decides
586 which session key db handle to use. */
587 void cdk_handle_set_keydb (cdk_ctx_t hd, cdk_keydb_hd_t db);
589 /* Convenient function to avoid to open a key db first.
590 The user can directly use the file name, the rest is
592 cdk_error_t cdk_handle_set_keyring (cdk_ctx_t hd, int type,
593 const char *kringname);
595 /* Return keydb handle stored in the session handle. */
596 cdk_keydb_hd_t cdk_handle_get_keydb (cdk_ctx_t hd, int type);
597 int cdk_handle_control (cdk_ctx_t hd, int action, int cmd, ...);
599 /* Set a passphrase callback for the given session handle. */
600 void cdk_handle_set_passphrase_cb (cdk_ctx_t hd,
601 char *(*cb) (void *opa,
605 /* shortcuts for some controls */
607 /* Enable or disable armor output. */
608 #define cdk_handle_set_armor(a, val) \
609 cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_ARMOR, (val))
611 /* Set the compression algorithm and level. 0 means disable compression. */
612 #define cdk_handle_set_compress(a, algo, level) \
613 cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_COMPRESS, (algo), (level))
615 /* Activate partial bodies for the output. This is needed if the length
616 of the data is not known in advance or for the use with sockets
618 #define cdk_handle_set_blockmode(a, val) \
619 cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_BLOCKMODE_ON, (val))
621 /* Set the digest for the PK signing operation. */
622 #define cdk_handle_set_digest(a, val) \
623 cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_DIGEST, (val))
625 /* Set the mode and the digest for the S2K operation. */
626 #define cdk_handle_set_s2k(a, val1, val2) \
627 cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_S2K, (val1), (val2))
628 /* Raw packet routines. */
630 /* Allocate a new packet or a new packet with the given packet type. */
631 cdk_error_t cdk_pkt_new (cdk_packet_t * r_pkt);
632 cdk_error_t cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype);
634 /* Only release the contents of the packet but not @PKT itself. */
635 void cdk_pkt_free (cdk_packet_t pkt);
637 /* Release the packet contents and the packet structure @PKT itself. */
638 void cdk_pkt_release (cdk_packet_t pkt);
640 /* Read or write the given output from or to the stream. */
641 cdk_error_t cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt);
642 cdk_error_t cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt);
644 /* Sub packet routines */
645 cdk_subpkt_t cdk_subpkt_new (size_t size);
646 void cdk_subpkt_free (cdk_subpkt_t ctx);
647 cdk_subpkt_t cdk_subpkt_find (cdk_subpkt_t ctx, size_t type);
648 cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
649 size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
650 cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
652 cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
653 const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
656 void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
659 /* Designated Revoker routines */
660 const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
661 cdk_desig_revoker_t * ctx,
665 #define is_RSA(a) ((a) == CDK_PK_RSA \
666 || (a) == CDK_PK_RSA_E \
667 || (a) == CDK_PK_RSA_S)
668 #define is_ELG(a) ((a) == CDK_PK_ELG_E)
669 #define is_DSA(a) ((a) == CDK_PK_DSA)
671 /* Encrypt the given session key @SK with the public key @PK
672 and write the contents into the packet @PKE. */
673 cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
676 /* Decrypt the given encrypted session key in @PKE with the secret key
677 @SK and store it in @R_SK. */
678 cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
681 /* Sign the given message digest @MD with the secret key @SK and
682 store the signature in the packet @SIG. */
683 cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
684 const unsigned char *md);
686 /* Verify the given signature in @SIG with the public key @PK
687 and compare it against the message digest @MD. */
688 cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
689 const unsigned char *md);
691 /* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
692 multiprecision integers a key consists of. */
694 /* Return a multi precision integer of the public key with the index @IDX
695 in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
696 Optional @R_NBITS may contain the size in bits. */
697 cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
698 unsigned char *buf, size_t buflen,
699 size_t * r_nwritten, size_t * r_nbits);
701 /* Same as the function above but of the secret key. */
702 cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
703 unsigned char *buf, size_t buflen,
704 size_t * r_nwritten, size_t * r_nbits);
706 /* Helper to get the exact number of multi precision integers
707 for the given object. */
708 int cdk_pk_get_nbits (cdk_pubkey_t pk);
709 int cdk_pk_get_npkey (int algo);
710 int cdk_pk_get_nskey (int algo);
711 int cdk_pk_get_nsig (int algo);
712 int cdk_pk_get_nenc (int algo);
714 /* Fingerprint and key ID routines. */
716 /* Calculate the fingerprint of the given public key.
717 the FPR parameter must be at least 20 octets to hold the SHA1 hash. */
718 cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, unsigned char *fpr);
720 /* Same as above, but with additional sanity checks of the buffer size. */
721 cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
722 unsigned char *fpr, size_t fprlen,
725 /* Derive the keyid from the fingerprint. This is only possible for
726 modern, version 4 keys. */
727 unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
729 unsigned int *keyid);
731 /* Various functions to get the keyid from the specific packet type. */
732 unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
733 unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
734 unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
735 unsigned int *keyid);
737 /* Key release functions. */
738 void cdk_pk_release (cdk_pubkey_t pk);
739 void cdk_sk_release (cdk_seckey_t sk);
741 /* Create a public key with the data from the secret key @SK. */
742 cdk_error_t cdk_pk_from_secret_key (cdk_seckey_t sk, cdk_pubkey_t * ret_pk);
744 /* Sexp conversion of keys. */
745 cdk_error_t cdk_pubkey_to_sexp (cdk_pubkey_t pk, char **sexp, size_t * len);
746 cdk_error_t cdk_seckey_to_sexp (cdk_seckey_t sk, char **sexp, size_t * len);
749 /* String to Key routines. */
750 cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
751 const unsigned char *salt);
752 void cdk_s2k_free (cdk_s2k_t s2k);
754 cdk_error_t cdk_file_armor (cdk_ctx_t hd, const char *file,
756 cdk_error_t cdk_file_dearmor (const char *file, const char *output);
757 int cdk_armor_filter_use (cdk_stream_t inp);
759 /* Protect the inbuf with ASCII armor of the specified type.
760 If @outbuf and @outlen are NULL, the function returns the calculated
761 size of the base64 encoded data in @nwritten. */
762 cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
763 size_t inlen, char *outbuf,
764 size_t outlen, size_t * nwritten,
768 /* This context contain user callbacks for different stream operations.
769 Some of these callbacks might be NULL to indicate that the callback
771 struct cdk_stream_cbs_s
773 cdk_error_t (*open) (void *);
774 cdk_error_t (*release) (void *);
775 int (*read) (void *, void *buf, size_t);
776 int (*write) (void *, const void *buf, size_t);
777 int (*seek) (void *, off_t);
779 typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
781 int cdk_stream_is_compressed (cdk_stream_t s);
783 /* Return a stream object which is associated to a socket. */
784 cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
785 cdk_stream_t * ret_out);
787 /* Return a stream object which is associated to an existing file. */
788 cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
790 /* Return a stream object which is associated to a file which will
791 be created when the stream is closed. */
792 cdk_error_t cdk_stream_new (const char *file, cdk_stream_t * ret_s);
794 /* Return a stream object with custom callback functions for the
795 various core operations. */
796 cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
797 cdk_stream_t * ret_s);
798 cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
799 cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
800 cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
801 cdk_stream_t * r_out);
802 void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
803 cdk_error_t cdk_stream_flush (cdk_stream_t s);
804 cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
805 cdk_error_t cdk_stream_filter_disable (cdk_stream_t s, int type);
806 cdk_error_t cdk_stream_close (cdk_stream_t s);
807 off_t cdk_stream_get_length (cdk_stream_t s);
808 int cdk_stream_read (cdk_stream_t s, void *buf, size_t count);
809 int cdk_stream_write (cdk_stream_t s, const void *buf, size_t count);
810 int cdk_stream_putc (cdk_stream_t s, int c);
811 int cdk_stream_getc (cdk_stream_t s);
812 int cdk_stream_eof (cdk_stream_t s);
813 off_t cdk_stream_tell (cdk_stream_t s);
814 cdk_error_t cdk_stream_seek (cdk_stream_t s, off_t offset);
815 cdk_error_t cdk_stream_set_armor_flag (cdk_stream_t s, int type);
817 /* Push the literal filter for the given stream. */
818 cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
819 cdk_lit_format_t mode,
822 cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
824 cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
825 cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
826 cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
827 cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
828 size_t * ret_buflen);
829 cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
830 unsigned char **ret_buf,
831 size_t * ret_buflen);
833 /* Read from the stream but restore the file pointer after reading
834 the requested amount of bytes. */
835 int cdk_stream_peek (cdk_stream_t inp, unsigned char *buf, size_t buflen);
837 /* A wrapper around the various new_from_XXX functions. Because
838 the function does not support all combinations, the dedicated
839 functions should be preferred. */
840 cdk_error_t cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data,
843 /* Create a new key db handle from a memory buffer. */
844 cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
845 const void *data, size_t datlen);
847 /* Create a new key db which uses an existing file. */
848 cdk_error_t cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret,
851 /* Uses a stream as the key db input. For searching it is important
852 that the seek function is supported on the stream. Furthermore,
853 the stream is not closed in cdk_keydb_free(). The caller must do it. */
854 cdk_error_t cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret,
857 /* Check that a secret key with the given key ID is available. */
858 cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
860 /* Prepare the key db search. */
861 cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
862 cdk_keydb_hd_t db, int type,
865 void cdk_keydb_search_release (cdk_keydb_search_t st);
867 /* Return a key which matches a valid description given in
868 cdk_keydb_search_start(). */
869 cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
870 cdk_kbnode_t * ret_key);
872 /* Release the key db handle and all its resources. */
873 void cdk_keydb_free (cdk_keydb_hd_t hd);
875 /* The following functions will try to find a key in the given key
876 db handle either by keyid, by fingerprint or by some pattern. */
877 cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
878 cdk_kbnode_t * ret_pk);
879 cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
880 const unsigned char *fpr,
881 cdk_kbnode_t * ret_pk);
882 cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
883 cdk_kbnode_t * ret_pk);
885 /* These function, in contrast to most other key db functions, only
886 return the public or secret key packet without the additional
887 signatures and user IDs. */
888 cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
889 cdk_pubkey_t * ret_pk);
890 cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
891 cdk_seckey_t * ret_sk);
893 /* Try to read the next key block from the given input stream.
894 The key will be returned in @RET_KEY on success. */
895 cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
896 cdk_kbnode_t * ret_key);
898 /* Rebuild the key db index if possible. */
899 cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
900 cdk_keydb_search_t dbs);
902 /* Export one or more keys from the given key db handle into
903 the stream @OUT. The export is done by substring search and
904 uses the string list @REMUSR for the pattern. */
905 cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
906 cdk_strlist_t remusr);
908 /* Import the given key node @knode into the key db. */
909 cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
912 /* List or enumerate keys from a given key db handle. */
914 /* Start the key list process. Either use @PATT for a pattern search
915 or @FPATT for a list of pattern. */
916 cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
917 const char *patt, cdk_strlist_t fpatt);
918 void cdk_listkey_close (cdk_listkey_t ctx);
920 /* Return the next key which matches the pattern. */
921 cdk_error_t cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key);
923 cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
924 cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
925 const unsigned char *buf,
927 cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
928 unsigned char *buf, size_t * r_nbytes);
929 cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
930 unsigned char **r_buf,
933 void cdk_kbnode_release (cdk_kbnode_t node);
934 void cdk_kbnode_delete (cdk_kbnode_t node);
935 void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
936 cdk_packet_type_t pkttype);
937 int cdk_kbnode_commit (cdk_kbnode_t * root);
938 void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
939 void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
941 cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
943 cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
944 cdk_packet_type_t pkttype);
945 cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
946 cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
947 cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
948 cdk_packet_type_t pkttype);
949 cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
950 cdk_packet_type_t pkttype);
951 cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
952 int is_v4, cdk_packet_type_t pkttype,
955 /* Check each signature in the key node and return a summary of the
956 key status in @r_status. Values of cdk_key_flag_t are used. */
957 cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
960 /* Check the self signature of the key to make sure it is valid. */
961 cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
963 /* Return a matching algorithm from the given public key list.
964 @PREFTYPE can be either sym-cipher/compress/digest. */
965 int cdk_pklist_select_algo (cdk_keylist_t pkl, int preftype);
967 /* Return 0 or 1 if the given key list is able to understand the
969 int cdk_pklist_use_mdc (cdk_keylist_t pkl);
970 cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
971 cdk_strlist_t remusr, int use);
972 void cdk_pklist_release (cdk_keylist_t pkl);
974 /* Secret key lists */
975 cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
976 cdk_keydb_hd_t db, cdk_ctx_t hd,
977 cdk_strlist_t locusr,
978 int unlock, unsigned int use);
979 void cdk_sklist_release (cdk_keylist_t skl);
980 cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
981 digest_hd_st * mdctx, int sigclass,
983 cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
984 int sigclass, int mdalgo);
986 /* Encrypt the given stream @INP with the recipients given in @REMUSR.
987 If @REMUSR is NULL, symmetric encryption will be used. The output
988 will be written to @OUT. */
989 cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
990 cdk_stream_t inp, cdk_stream_t out);
992 /* Decrypt the @INP stream into @OUT. */
993 cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
996 /* Same as the function above but it works on files. */
997 cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
998 const char *file, const char *output);
999 cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
1000 const char *output);
1002 /* Generic function to transform data. The mode can be either sign,
1003 verify, encrypt, decrypt, import or export. The meanings of the
1004 parameters are similar to the functions above.
1005 @OUTBUF will contain the output and @OUTSIZE the length of it. */
1006 cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
1007 cdk_strlist_t locusr, cdk_strlist_t remusr,
1008 const void *inbuf, size_t insize,
1009 unsigned char **outbuf, size_t * outsize,
1012 int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
1014 int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
1015 int *r_val, int *r_flags);
1017 void cdk_strlist_free (cdk_strlist_t sl);
1018 cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
1019 const char *cdk_check_version (const char *req_version);
1021 char *cdk_utf8_encode (const char *string);
1022 char *cdk_utf8_decode (const char *string, size_t length, int delim);
1028 #endif /* OPENCDK_H */