7 * OpenPGP constants and structures from RFC-2440.
9 * Text from RFC-2440 in comments is
10 * Copyright (C) The Internet Society (1998). All Rights Reserved.
13 #if !defined(_BEECRYPT_TYPES_H)
15 typedef unsigned char byte;
17 #endif /* _BEECRYPT_TYPES_H */
21 typedef /*@abstract@*/ struct DIGEST_CTX_s * DIGEST_CTX;
25 typedef const struct pgpValTbl_s {
27 /*@observer@*/ const char * str;
33 * The packet tag denotes what type of packet the body holds. Note that
34 * old format headers can only have tags less than 16, whereas new
35 * format headers can have tags as great as 63.
37 typedef enum pgpTag_e {
38 PGPTAG_RESERVED = 0, /*!< Reserved/Invalid */
39 PGPTAG_PUBLIC_SESSION_KEY = 1, /*!< Public-Key Encrypted Session Key */
40 PGPTAG_SIGNATURE = 2, /*!< Signature */
41 PGPTAG_SYMMETRIC_SESSION_KEY= 3, /*!< Symmetric-Key Encrypted Session Key*/
42 PGPTAG_ONEPASS_SIGNATURE = 4, /*!< One-Pass Signature */
43 PGPTAG_SECRET_KEY = 5, /*!< Secret Key */
44 PGPTAG_PUBLIC_KEY = 6, /*!< Public Key */
45 PGPTAG_SECRET_SUBKEY = 7, /*!< Secret Subkey */
46 PGPTAG_COMPRESSED_DATA = 8, /*!< Compressed Data */
47 PGPTAG_SYMMETRIC_DATA = 9, /*!< Symmetrically Encrypted Data */
48 PGPTAG_MARKER = 10, /*!< Marker */
49 PGPTAG_LITERAL_DATA = 11, /*!< Literal Data */
50 PGPTAG_TRUST = 12, /*!< Trust */
51 PGPTAG_USER_ID = 13, /*!< User ID */
52 PGPTAG_PUBLIC_SUBKEY = 14, /*!< Public Subkey */
53 PGPTAG_COMMENT_OLD = 16, /*!< Comment (from OpenPGP draft) */
54 PGPTAG_PHOTOID = 17, /*!< PGP's photo ID */
55 PGPTAG_ENCRYPTED_MDC = 18, /*!< Integrity protected encrypted data */
56 PGPTAG_MDC = 19, /*!< Manipulaion detection code packet */
57 PGPTAG_PRIVATE_60 = 60, /*!< Private or Experimental Values */
58 PGPTAG_COMMENT = 61, /*!< Comment */
59 PGPTAG_PRIVATE_62 = 62, /*!< Private or Experimental Values */
60 PGPTAG_CONTROL = 63 /*!< Control (GPG) */
65 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
66 extern struct pgpValTbl_s pgpTagTbl[];
69 * 5.1. Public-Key Encrypted Session Key Packets (Tag 1)
71 * A Public-Key Encrypted Session Key packet holds the session key used
72 * to encrypt a message. Zero or more Encrypted Session Key packets
73 * (either Public-Key or Symmetric-Key) may precede a Symmetrically
74 * Encrypted Data Packet, which holds an encrypted message. The message
75 * is encrypted with the session key, and the session key is itself
76 * encrypted and stored in the Encrypted Session Key packet(s). The
77 * Symmetrically Encrypted Data Packet is preceded by one Public-Key
78 * Encrypted Session Key packet for each OpenPGP key to which the
79 * message is encrypted. The recipient of the message finds a session
80 * key that is encrypted to their public key, decrypts the session key,
81 * and then uses the session key to decrypt the message.
83 * The body of this packet consists of:
84 * - A one-octet number giving the version number of the packet type.
85 * The currently defined value for packet version is 3. An
86 * implementation should accept, but not generate a version of 2,
87 * which is equivalent to V3 in all other respects.
88 * - An eight-octet number that gives the key ID of the public key
89 * that the session key is encrypted to.
90 * - A one-octet number giving the public key algorithm used.
91 * - A string of octets that is the encrypted session key. This string
92 * takes up the remainder of the packet, and its contents are
93 * dependent on the public key algorithm used.
95 * Algorithm Specific Fields for RSA encryption
96 * - multiprecision integer (MPI) of RSA encrypted value m**e mod n.
98 * Algorithm Specific Fields for Elgamal encryption:
99 * - MPI of Elgamal (Diffie-Hellman) value g**k mod p.
100 * - MPI of Elgamal (Diffie-Hellman) value m * y**k mod p.
102 typedef struct pgpPktPubkey_s {
103 byte version; /*!< version number (generate 3, accept 2). */
104 byte keyid[8]; /*!< key ID of the public key for session key. */
105 byte algo; /*!< public key algorithm used. */
110 * 5.2.1. Signature Types
112 * There are a number of possible meanings for a signature, which are
113 * specified in a signature type octet in any given signature.
116 typedef enum pgpSigType_e {
117 PGPSIGTYPE_BINARY = 0x00, /*!< Binary document */
118 PGPSIGTYPE_TEXT = 0x01, /*!< Canonical text document */
119 PGPSIGTYPE_STANDALONE = 0x02, /*!< Standalone */
120 PGPSIGTYPE_GENERIC_CERT = 0x10,
121 /*!< Generic certification of a User ID & Public Key */
122 PGPSIGTYPE_PERSONA_CERT = 0x11,
123 /*!< Persona certification of a User ID & Public Key */
124 PGPSIGTYPE_CASUAL_CERT = 0x12,
125 /*!< Casual certification of a User ID & Public Key */
126 PGPSIGTYPE_POSITIVE_CERT = 0x13,
127 /*!< Positive certification of a User ID & Public Key */
128 PGPSIGTYPE_SUBKEY_BINDING = 0x18, /*!< Subkey Binding */
129 PGPSIGTYPE_SIGNED_KEY = 0x1F, /*!< Signature directly on a key */
130 PGPSIGTYPE_KEY_REVOKE = 0x20, /*!< Key revocation */
131 PGPSIGTYPE_SUBKEY_REVOKE = 0x28, /*!< Subkey revocation */
132 PGPSIGTYPE_CERT_REVOKE = 0x30, /*!< Certification revocation */
133 PGPSIGTYPE_TIMESTAMP = 0x40 /*!< Timestamp */
139 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
140 extern struct pgpValTbl_s pgpSigTypeTbl[];
143 * 9.1. Public Key Algorithms
148 1 - RSA (Encrypt or Sign)
151 16 - Elgamal (Encrypt-Only), see [ELGAMAL]
152 17 - DSA (Digital Signature Standard)
153 18 - Reserved for Elliptic Curve
154 19 - Reserved for ECDSA
155 20 - Elgamal (Encrypt or Sign)
156 21 - Reserved for Diffie-Hellman (X9.42,
157 as defined for IETF-S/MIME)
158 100 to 110 - Private/Experimental algorithm.
161 * Implementations MUST implement DSA for signatures, and Elgamal for
162 * encryption. Implementations SHOULD implement RSA keys.
163 * Implementations MAY implement any other algorithm.
166 typedef enum pgpPubkeyAlgo_e {
167 PGPPUBKEYALGO_RSA = 1, /*!< RSA */
168 PGPPUBKEYALGO_RSA_ENCRYPT = 2, /*!< RSA(Encrypt-Only) */
169 PGPPUBKEYALGO_RSA_SIGN = 3, /*!< RSA(Sign-Only) */
170 PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, /*!< Elgamal(Encrypt-Only) */
171 PGPPUBKEYALGO_DSA = 17, /*!< DSA */
172 PGPPUBKEYALGO_EC = 18, /*!< Elliptic Curve */
173 PGPPUBKEYALGO_ECDSA = 19, /*!< ECDSA */
174 PGPPUBKEYALGO_ELGAMAL = 20, /*!< Elgamal */
175 PGPPUBKEYALGO_DH = 21 /*!< Diffie-Hellman (X9.42) */
181 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
182 extern struct pgpValTbl_s pgpPubkeyTbl[];
185 * 9.2. Symmetric Key Algorithms
190 0 - Plaintext or unencrypted data
192 2 - Triple-DES (DES-EDE, as per spec -
193 168 bit key derived from 192)
194 3 - CAST5 (128 bit key, as per RFC 2144)
195 4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
196 5 - SAFER-SK128 (13 rounds) [SAFER]
197 6 - Reserved for DES/SK
198 7 - Reserved for AES with 128-bit key
199 8 - Reserved for AES with 192-bit key
200 9 - Reserved for AES with 256-bit key
201 100 to 110 - Private/Experimental algorithm.
204 * Implementations MUST implement Triple-DES. Implementations SHOULD
205 * implement IDEA and CAST5. Implementations MAY implement any other
209 typedef enum pgpSymkeyAlgo_e {
210 PGPSYMKEYALGO_PLAINTEXT = 0, /*!< Plaintext */
211 PGPSYMKEYALGO_IDEA = 1, /*!< IDEA */
212 PGPSYMKEYALGO_TRIPLE_DES = 2, /*!< 3DES */
213 PGPSYMKEYALGO_CAST5 = 3, /*!< CAST5 */
214 PGPSYMKEYALGO_BLOWFISH = 4, /*!< BLOWFISH */
215 PGPSYMKEYALGO_SAFER = 5, /*!< SAFER */
216 PGPSYMKEYALGO_DES_SK = 6, /*!< DES/SK */
217 PGPSYMKEYALGO_AES_128 = 7, /*!< AES(128-bit key) */
218 PGPSYMKEYALGO_AES_192 = 8, /*!< AES(192-bit key) */
219 PGPSYMKEYALGO_AES_256 = 9, /*!< AES(256-bit key) */
220 PGPSYMKEYALGO_TWOFISH = 10 /*!< TWOFISH */
225 * Symmetric key (string, value) pairs.
227 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
228 extern struct pgpValTbl_s pgpSymkeyTbl[];
231 * 9.3. Compression Algorithms
239 100 to 110 - Private/Experimental algorithm.
242 * Implementations MUST implement uncompressed data. Implementations
243 * SHOULD implement ZIP. Implementations MAY implement ZLIB.
246 typedef enum pgpCompressAlgo_e {
247 PGPCOMPRESSALGO_NONE = 0, /*!< Uncompressed */
248 PGPCOMPRESSALGO_ZIP = 1, /*!< ZIP */
249 PGPCOMPRESSALGO_ZLIB = 2 /*!< ZLIB */
254 * Compression (string, value) pairs.
256 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
257 extern struct pgpValTbl_s pgpCompressionTbl[];
260 * 9.4. Hash Algorithms
263 ID Algorithm Text Name
264 -- --------- ---- ----
267 3 - RIPE-MD/160 "RIPEMD160"
268 4 - Reserved for double-width SHA (experimental)
270 6 - Reserved for TIGER/192 "TIGER192"
271 7 - Reserved for HAVAL (5 pass, 160-bit)
273 100 to 110 - Private/Experimental algorithm.
276 * Implementations MUST implement SHA-1. Implementations SHOULD
280 typedef enum pgpHashAlgo_e {
281 PGPHASHALGO_MD5 = 1, /*!< MD5 */
282 PGPHASHALGO_SHA1 = 2, /*!< SHA1 */
283 PGPHASHALGO_RIPEMD160 = 3, /*!< RIPEMD160 */
284 PGPHASHALGO_MD2 = 5, /*!< MD2 */
285 PGPHASHALGO_TIGER192 = 6, /*!< TIGER192 */
286 PGPHASHALGO_HAVAL_5_160 = 7 /*!< HAVAL-5-160 */
290 * Hash (string, value) pairs.
292 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
293 extern struct pgpValTbl_s pgpHashTbl[];
296 * 5.2.2. Version 3 Signature Packet Format
298 * The body of a version 3 Signature Packet contains:
299 * - One-octet version number (3).
300 * - One-octet length of following hashed material. MUST be 5.
301 * - One-octet signature type.
302 * - Four-octet creation time.
303 * - Eight-octet key ID of signer.
304 * - One-octet public key algorithm.
305 * - One-octet hash algorithm.
306 * - Two-octet field holding left 16 bits of signed hash value.
307 * - One or more multi-precision integers comprising the signature.
309 * Algorithm Specific Fields for RSA signatures:
310 * - multiprecision integer (MPI) of RSA signature value m**d.
312 * Algorithm Specific Fields for DSA signatures:
313 * - MPI of DSA value r.
314 * - MPI of DSA value s.
316 typedef struct pgpPktSigV3_s {
317 byte version; /*!< version number (3). */
318 byte hashlen; /*!< length of following hashed material. MUST be 5. */
319 byte sigtype; /*!< signature type. */
320 byte time[4]; /*!< 4 byte creation time. */
321 byte signid[8]; /*!< key ID of signer. */
322 byte pubkey_algo; /*!< public key algorithm. */
323 byte hash_algo; /*!< hash algorithm. */
324 byte signhash16[2]; /*!< left 16 bits of signed hash value. */
328 * 5.2.3. Version 4 Signature Packet Format
330 * The body of a version 4 Signature Packet contains:
331 * - One-octet version number (4).
332 * - One-octet signature type.
333 * - One-octet public key algorithm.
334 * - One-octet hash algorithm.
335 * - Two-octet scalar octet count for following hashed subpacket
336 * data. Note that this is the length in octets of all of the hashed
337 * subpackets; a pointer incremented by this number will skip over
338 * the hashed subpackets.
339 * - Hashed subpacket data. (zero or more subpackets)
340 * - Two-octet scalar octet count for following unhashed subpacket
341 * data. Note that this is the length in octets of all of the
342 * unhashed subpackets; a pointer incremented by this number will
343 * skip over the unhashed subpackets.
344 * - Unhashed subpacket data. (zero or more subpackets)
345 * - Two-octet field holding left 16 bits of signed hash value.
346 * - One or more multi-precision integers comprising the signature.
348 typedef struct pgpPktSigV4_s {
349 byte version; /*!< version number (4). */
350 byte sigtype; /*!< signature type. */
351 byte pubkey_algo; /*!< public key algorithm. */
352 byte hash_algo; /*!< hash algorithm. */
353 byte hashlen[2]; /*!< length of following hashed material. */
357 * 5.2.3.1. Signature Subpacket Specification
359 * The subpacket fields consist of zero or more signature subpackets.
360 * Each set of subpackets is preceded by a two-octet scalar count of the
361 * length of the set of subpackets.
363 * Each subpacket consists of a subpacket header and a body. The header
365 * - the subpacket length (1, 2, or 5 octets)
366 * - the subpacket type (1 octet)
367 * and is followed by the subpacket specific data.
369 * The length includes the type octet but not this length. Its format is
370 * similar to the "new" format packet header lengths, but cannot have
371 * partial body lengths. That is:
373 if the 1st octet < 192, then
375 subpacketLen = 1st_octet
377 if the 1st octet >= 192 and < 255, then
379 subpacketLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
381 if the 1st octet = 255, then
383 subpacket length = [four-octet scalar starting at 2nd_octet]
386 * The value of the subpacket type octet may be:
389 2 = signature creation time
390 3 = signature expiration time
391 4 = exportable certification
393 6 = regular expression
395 9 = key expiration time
396 10 = placeholder for backward compatibility
397 11 = preferred symmetric algorithms
401 21 = preferred hash algorithms
402 22 = preferred compression algorithms
403 23 = key server preferences
404 24 = preferred key server
408 28 = signer's user id
409 29 = reason for revocation
410 100 to 110 = internal or user-defined
413 * An implementation SHOULD ignore any subpacket of a type that it does
416 * Bit 7 of the subpacket type is the "critical" bit. If set, it
417 * denotes that the subpacket is one that is critical for the evaluator
418 * of the signature to recognize. If a subpacket is encountered that is
419 * marked critical but is unknown to the evaluating software, the
420 * evaluator SHOULD consider the signature to be in error.
423 typedef enum pgpSubType_e {
424 PGPSUBTYPE_SIG_CREATE_TIME = 2, /*!< signature creation time */
425 PGPSUBTYPE_SIG_EXPIRE_TIME = 3, /*!< signature expiration time */
426 PGPSUBTYPE_EXPORTABLE_CERT = 4, /*!< exportable certification */
427 PGPSUBTYPE_TRUST_SIG = 5, /*!< trust signature */
428 PGPSUBTYPE_REGEX = 6, /*!< regular expression */
429 PGPSUBTYPE_REVOCABLE = 7, /*!< revocable */
430 PGPSUBTYPE_KEY_EXPIRE_TIME = 9, /*!< key expiration time */
431 PGPSUBTYPE_BACKWARD_COMPAT = 10, /*!< placeholder for backward compatibility */
432 PGPSUBTYPE_PREFER_SYMKEY = 11, /*!< preferred symmetric algorithms */
433 PGPSUBTYPE_REVOKE_KEY = 12, /*!< revocation key */
434 PGPSUBTYPE_ISSUER_KEYID = 16, /*!< issuer key ID */
435 PGPSUBTYPE_NOTATION = 20, /*!< notation data */
436 PGPSUBTYPE_PREFER_HASH = 21, /*!< preferred hash algorithms */
437 PGPSUBTYPE_PREFER_COMPRESS = 22, /*!< preferred compression algorithms */
438 PGPSUBTYPE_KEYSERVER_PREFERS= 23, /*!< key server preferences */
439 PGPSUBTYPE_PREFER_KEYSERVER = 24, /*!< preferred key server */
440 PGPSUBTYPE_PRIMARY_USERID = 25, /*!< primary user id */
441 PGPSUBTYPE_POLICY_URL = 26, /*!< policy URL */
442 PGPSUBTYPE_KEY_FLAGS = 27, /*!< key flags */
443 PGPSUBTYPE_SIGNER_USERID = 28, /*!< signer's user id */
444 PGPSUBTYPE_REVOKE_REASON = 29, /*!< reason for revocation */
445 PGPSUBTYPE_INTERNAL_100 = 100, /*!< internal or user-defined */
446 PGPSUBTYPE_INTERNAL_101 = 101, /*!< internal or user-defined */
447 PGPSUBTYPE_INTERNAL_102 = 102, /*!< internal or user-defined */
448 PGPSUBTYPE_INTERNAL_103 = 103, /*!< internal or user-defined */
449 PGPSUBTYPE_INTERNAL_104 = 104, /*!< internal or user-defined */
450 PGPSUBTYPE_INTERNAL_105 = 105, /*!< internal or user-defined */
451 PGPSUBTYPE_INTERNAL_106 = 106, /*!< internal or user-defined */
452 PGPSUBTYPE_INTERNAL_107 = 107, /*!< internal or user-defined */
453 PGPSUBTYPE_INTERNAL_108 = 108, /*!< internal or user-defined */
454 PGPSUBTYPE_INTERNAL_109 = 109, /*!< internal or user-defined */
455 PGPSUBTYPE_INTERNAL_110 = 110 /*!< internal or user-defined */
460 * Subtype (string, value) pairs.
462 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
463 extern struct pgpValTbl_s pgpSubTypeTbl[];
466 * 5.2. Signature Packet (Tag 2)
468 * A signature packet describes a binding between some public key and
469 * some data. The most common signatures are a signature of a file or a
470 * block of text, and a signature that is a certification of a user ID.
472 * Two versions of signature packets are defined. Version 3 provides
473 * basic signature information, while version 4 provides an expandable
474 * format with subpackets that can specify more information about the
475 * signature. PGP 2.6.x only accepts version 3 signatures.
477 * Implementations MUST accept V3 signatures. Implementations SHOULD
478 * generate V4 signatures. Implementations MAY generate a V3 signature
479 * that can be verified by PGP 2.6.x.
481 * Note that if an implementation is creating an encrypted and signed
482 * message that is encrypted to a V3 key, it is reasonable to create a
485 typedef union pgpPktSig_u {
486 struct pgpPktSigV3_s v3;
487 struct pgpPktSigV4_s v4;
491 * 5.3. Symmetric-Key Encrypted Session-Key Packets (Tag 3)
493 * The Symmetric-Key Encrypted Session Key packet holds the symmetric-
494 * key encryption of a session key used to encrypt a message. Zero or
495 * more Encrypted Session Key packets and/or Symmetric-Key Encrypted
496 * Session Key packets may precede a Symmetrically Encrypted Data Packet
497 * that holds an encrypted message. The message is encrypted with a
498 * session key, and the session key is itself encrypted and stored in
499 * the Encrypted Session Key packet or the Symmetric-Key Encrypted
500 * Session Key packet.
502 * If the Symmetrically Encrypted Data Packet is preceded by one or more
503 * Symmetric-Key Encrypted Session Key packets, each specifies a
504 * passphrase that may be used to decrypt the message. This allows a
505 * message to be encrypted to a number of public keys, and also to one
506 * or more pass phrases. This packet type is new, and is not generated
507 * by PGP 2.x or PGP 5.0.
509 * The body of this packet consists of:
510 * - A one-octet version number. The only currently defined version
512 * - A one-octet number describing the symmetric algorithm used.
513 * - A string-to-key (S2K) specifier, length as defined above.
514 * - Optionally, the encrypted session key itself, which is decrypted
515 * with the string-to-key object.
518 typedef struct pgpPktSymkey_s {
519 byte version; /*!< version number (4). */
525 * 5.4. One-Pass Signature Packets (Tag 4)
527 * The One-Pass Signature packet precedes the signed data and contains
528 * enough information to allow the receiver to begin calculating any
529 * hashes needed to verify the signature. It allows the Signature
530 * Packet to be placed at the end of the message, so that the signer can
531 * compute the entire signed message in one pass.
533 * A One-Pass Signature does not interoperate with PGP 2.6.x or earlier.
535 * The body of this packet consists of:
536 * - A one-octet version number. The current version is 3.
537 * - A one-octet signature type. Signature types are described in
539 * - A one-octet number describing the hash algorithm used.
540 * - A one-octet number describing the public key algorithm used.
541 * - An eight-octet number holding the key ID of the signing key.
542 * - A one-octet number holding a flag showing whether the signature
543 * is nested. A zero value indicates that the next packet is
544 * another One-Pass Signature packet that describes another
545 * signature to be applied to the same message data.
547 * Note that if a message contains more than one one-pass signature,
548 * then the signature packets bracket the message; that is, the first
549 * signature packet after the message corresponds to the last one-pass
550 * packet and the final signature packet corresponds to the first one-
553 typedef struct pgpPktOnepass_s {
554 byte version; /*!< version number (3). */
555 byte sigtype; /*!< signature type. */
556 byte hash_algo; /*!< hash algorithm. */
557 byte pubkey_algo; /*!< public key algorithm. */
558 byte signid[8]; /*!< key ID of signer. */
563 * 5.5.1. Key Packet Variants
565 * 5.5.1.1. Public Key Packet (Tag 6)
567 * A Public Key packet starts a series of packets that forms an OpenPGP
568 * key (sometimes called an OpenPGP certificate).
570 * 5.5.1.2. Public Subkey Packet (Tag 14)
572 * A Public Subkey packet (tag 14) has exactly the same format as a
573 * Public Key packet, but denotes a subkey. One or more subkeys may be
574 * associated with a top-level key. By convention, the top-level key
575 * provides signature services, and the subkeys provide encryption
578 * Note: in PGP 2.6.x, tag 14 was intended to indicate a comment packet.
579 * This tag was selected for reuse because no previous version of PGP
580 * ever emitted comment packets but they did properly ignore them.
581 * Public Subkey packets are ignored by PGP 2.6.x and do not cause it to
582 * fail, providing a limited degree of backward compatibility.
584 * 5.5.1.3. Secret Key Packet (Tag 5)
586 * A Secret Key packet contains all the information that is found in a
587 * Public Key packet, including the public key material, but also
588 * includes the secret key material after all the public key fields.
590 * 5.5.1.4. Secret Subkey Packet (Tag 7)
592 * A Secret Subkey packet (tag 7) is the subkey analog of the Secret Key
593 * packet, and has exactly the same format.
595 * 5.5.2. Public Key Packet Formats
597 * There are two versions of key-material packets. Version 3 packets
598 * were first generated by PGP 2.6. Version 2 packets are identical in
599 * format to Version 3 packets, but are generated by PGP 2.5 or before.
600 * V2 packets are deprecated and they MUST NOT be generated. PGP 5.0
601 * introduced version 4 packets, with new fields and semantics. PGP
602 * 2.6.x will not accept key-material packets with versions greater than
605 * OpenPGP implementations SHOULD create keys with version 4 format. An
606 * implementation MAY generate a V3 key to ensure interoperability with
607 * old software; note, however, that V4 keys correct some security
608 * deficiencies in V3 keys. These deficiencies are described below. An
609 * implementation MUST NOT create a V3 key with a public key algorithm
612 * A version 3 public key or public subkey packet contains:
613 * - A one-octet version number (3).
614 * - A four-octet number denoting the time that the key was created.
615 * - A two-octet number denoting the time in days that this key is
616 * valid. If this number is zero, then it does not expire.
617 * - A one-octet number denoting the public key algorithm of this key
618 * - A series of multi-precision integers comprising the key
620 * - a multiprecision integer (MPI) of RSA public modulus n;
621 * - an MPI of RSA public encryption exponent e.
623 * V3 keys SHOULD only be used for backward compatibility because of
624 * three weaknesses in them. First, it is relatively easy to construct a
625 * V3 key that has the same key ID as any other key because the key ID
626 * is simply the low 64 bits of the public modulus. Secondly, because
627 * the fingerprint of a V3 key hashes the key material, but not its
628 * length, which increases the opportunity for fingerprint collisions.
629 * Third, there are minor weaknesses in the MD5 hash algorithm that make
630 * developers prefer other algorithms. See below for a fuller discussion
631 * of key IDs and fingerprints.
634 typedef struct pgpPktKeyV3_s {
635 byte version; /*!< version number (3). */
636 byte time[4]; /*!< time that the key was created. */
637 byte valid[2]; /*!< time in days that this key is valid. */
638 byte pubkey_algo; /*!< public key algorithm. */
642 * The version 4 format is similar to the version 3 format except for
643 * the absence of a validity period. This has been moved to the
644 * signature packet. In addition, fingerprints of version 4 keys are
645 * calculated differently from version 3 keys, as described in section
646 * "Enhanced Key Formats."
648 * A version 4 packet contains:
649 * - A one-octet version number (4).
650 * - A four-octet number denoting the time that the key was created.
651 * - A one-octet number denoting the public key algorithm of this key
652 * - A series of multi-precision integers comprising the key
653 * material. This algorithm-specific portion is:
655 * Algorithm Specific Fields for RSA public keys:
656 * - multiprecision integer (MPI) of RSA public modulus n;
657 * - MPI of RSA public encryption exponent e.
659 * Algorithm Specific Fields for DSA public keys:
660 * - MPI of DSA prime p;
661 * - MPI of DSA group order q (q is a prime divisor of p-1);
662 * - MPI of DSA group generator g;
663 * - MPI of DSA public key value y (= g**x where x is secret).
665 * Algorithm Specific Fields for Elgamal public keys:
666 * - MPI of Elgamal prime p;
667 * - MPI of Elgamal group generator g;
668 * - MPI of Elgamal public key value y (= g**x where x is
672 typedef struct pgpPktKeyV4_s {
673 byte version; /*!< version number (4). */
674 byte time[4]; /*!< time that the key was created. */
675 byte pubkey_algo; /*!< public key algorithm. */
679 * 5.5.3. Secret Key Packet Formats
681 * The Secret Key and Secret Subkey packets contain all the data of the
682 * Public Key and Public Subkey packets, with additional algorithm-
683 * specific secret key data appended, in encrypted form.
685 * The packet contains:
686 * - A Public Key or Public Subkey packet, as described above
687 * - One octet indicating string-to-key usage conventions. 0
688 * indicates that the secret key data is not encrypted. 255
689 * indicates that a string-to-key specifier is being given. Any
690 * other value is a symmetric-key encryption algorithm specifier.
691 * - [Optional] If string-to-key usage octet was 255, a one-octet
692 * symmetric encryption algorithm.
693 * - [Optional] If string-to-key usage octet was 255, a string-to-key
694 * specifier. The length of the string-to-key specifier is implied
695 * by its type, as described above.
696 * - [Optional] If secret data is encrypted, eight-octet Initial
698 * - Encrypted multi-precision integers comprising the secret key
699 * data. These algorithm-specific fields are as described below.
700 * - Two-octet checksum of the plaintext of the algorithm-specific
701 * portion (sum of all octets, mod 65536).
703 * Algorithm Specific Fields for RSA secret keys:
704 * - multiprecision integer (MPI) of RSA secret exponent d.
705 * - MPI of RSA secret prime value p.
706 * - MPI of RSA secret prime value q (p < q).
707 * - MPI of u, the multiplicative inverse of p, mod q.
709 * Algorithm Specific Fields for DSA secret keys:
710 * - MPI of DSA secret exponent x.
712 * Algorithm Specific Fields for Elgamal secret keys:
713 * - MPI of Elgamal secret exponent x.
715 * Secret MPI values can be encrypted using a passphrase. If a string-
716 * to-key specifier is given, that describes the algorithm for
717 * converting the passphrase to a key, else a simple MD5 hash of the
718 * passphrase is used. Implementations SHOULD use a string-to-key
719 * specifier; the simple hash is for backward compatibility. The cipher
720 * for encrypting the MPIs is specified in the secret key packet.
722 * Encryption/decryption of the secret data is done in CFB mode using
723 * the key created from the passphrase and the Initial Vector from the
724 * packet. A different mode is used with V3 keys (which are only RSA)
725 * than with other key formats. With V3 keys, the MPI bit count prefix
726 * (i.e., the first two octets) is not encrypted. Only the MPI non-
727 * prefix data is encrypted. Furthermore, the CFB state is
728 * resynchronized at the beginning of each new MPI value, so that the
729 * CFB block boundary is aligned with the start of the MPI data.
731 * With V4 keys, a simpler method is used. All secret MPI values are
732 * encrypted in CFB mode, including the MPI bitcount prefix.
734 * The 16-bit checksum that follows the algorithm-specific portion is
735 * the algebraic sum, mod 65536, of the plaintext of all the algorithm-
736 * specific octets (including MPI prefix and data). With V3 keys, the
737 * checksum is stored in the clear. With V4 keys, the checksum is
738 * encrypted like the algorithm-specific data. This value is used to
739 * check that the passphrase was correct.
742 typedef union pgpPktKey_u {
743 struct pgpPktKeyV3_s v3;
744 struct pgpPktKeyV4_s v4;
748 * 5.6. Compressed Data Packet (Tag 8)
750 * The Compressed Data packet contains compressed data. Typically, this
751 * packet is found as the contents of an encrypted packet, or following
752 * a Signature or One-Pass Signature packet, and contains literal data
755 * The body of this packet consists of:
756 * - One octet that gives the algorithm used to compress the packet.
757 * - The remainder of the packet is compressed data.
759 * A Compressed Data Packet's body contains an block that compresses
760 * some set of packets. See section "Packet Composition" for details on
761 * how messages are formed.
763 * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
764 * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
765 * implementation uses more bits of compression, PGP V2.6 cannot
768 * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
771 typedef struct pgpPktCdata_s {
777 * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
779 * The Symmetrically Encrypted Data packet contains data encrypted with
780 * a symmetric-key algorithm. When it has been decrypted, it will
781 * typically contain other packets (often literal data packets or
782 * compressed data packets).
784 * The body of this packet consists of:
785 * - Encrypted data, the output of the selected symmetric-key cipher
786 * operating in PGP's variant of Cipher Feedback (CFB) mode.
788 * The symmetric cipher used may be specified in an Public-Key or
789 * Symmetric-Key Encrypted Session Key packet that precedes the
790 * Symmetrically Encrypted Data Packet. In that case, the cipher
791 * algorithm octet is prefixed to the session key before it is
792 * encrypted. If no packets of these types precede the encrypted data,
793 * the IDEA algorithm is used with the session key calculated as the MD5
794 * hash of the passphrase.
796 * The data is encrypted in CFB mode, with a CFB shift size equal to the
797 * cipher's block size. The Initial Vector (IV) is specified as all
798 * zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to
799 * the data before it is encrypted. The first eight octets are random,
800 * and the 9th and 10th octets are copies of the 7th and 8th octets,
801 * respectively. After encrypting the first 10 octets, the CFB state is
802 * resynchronized if the cipher block size is 8 octets or less. The
803 * last 8 octets of ciphertext are passed through the cipher and the
804 * block boundary is reset.
806 * The repetition of 16 bits in the 80 bits of random data prefixed to
807 * the message allows the receiver to immediately check whether the
808 * session key is incorrect.
810 typedef struct pgpPktEdata_s {
815 * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
817 * An experimental version of PGP used this packet as the Literal
818 * packet, but no released version of PGP generated Literal packets with
819 * this tag. With PGP 5.x, this packet has been re-assigned and is
820 * reserved for use as the Marker packet.
822 * The body of this packet consists of:
823 * - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
825 * Such a packet MUST be ignored when received. It may be placed at the
826 * beginning of a message that uses features not available in PGP 2.6.x
827 * in order to cause that version to report that newer software is
828 * necessary to process the message.
831 * 5.9. Literal Data Packet (Tag 11)
833 * A Literal Data packet contains the body of a message; data that is
834 * not to be further interpreted.
836 * The body of this packet consists of:
837 * - A one-octet field that describes how the data is formatted.
839 * If it is a 'b' (0x62), then the literal packet contains binary data.
840 * If it is a 't' (0x74), then it contains text data, and thus may need
841 * line ends converted to local form, or other text-mode changes. RFC
842 * 1991 also defined a value of 'l' as a 'local' mode for machine-local
843 * conversions. This use is now deprecated.
844 * - File name as a string (one-octet length, followed by file name),
845 * if the encrypted data should be saved as a file.
847 * If the special name "_CONSOLE" is used, the message is considered to
848 * be "for your eyes only". This advises that the message data is
849 * unusually sensitive, and the receiving program should process it more
850 * carefully, perhaps avoiding storing the received data to disk, for
852 * - A four-octet number that indicates the modification date of the
853 * file, or the creation time of the packet, or a zero that
854 * indicates the present time.
855 * - The remainder of the packet is literal data.
857 * Text data is stored with <CR><LF> text endings (i.e. network-normal
858 * line endings). These should be converted to native line endings by
859 * the receiving software.
861 typedef struct pgpPktLdata_s {
868 * 5.10. Trust Packet (Tag 12)
870 * The Trust packet is used only within keyrings and is not normally
871 * exported. Trust packets contain data that record the user's
872 * specifications of which key holders are trustworthy introducers,
873 * along with other information that implementing software uses for
876 * Trust packets SHOULD NOT be emitted to output streams that are
877 * transferred to other users, and they SHOULD be ignored on any input
878 * other than local keyring files.
880 typedef struct pgpPktTrust_s {
885 * 5.11. User ID Packet (Tag 13)
887 * A User ID packet consists of data that is intended to represent the
888 * name and email address of the key holder. By convention, it includes
889 * an RFC 822 mail name, but there are no restrictions on its content.
890 * The packet length in the header specifies the length of the user id.
891 * If it is text, it is encoded in UTF-8.
894 typedef struct pgpPktUid_s {
901 pgpPktPubkey pubkey; /*!< 5.1. Public-Key Encrypted Session Key */
902 pgpPktSig sig; /*!< 5.2. Signature */
903 pgpPktSymkey symkey; /*!< 5.3. Symmetric-Key Encrypted Session-Key */
904 pgpPktOnepass onepass; /*!< 5.4. One-Pass Signature */
905 pgpPktKey key; /*!< 5.5. Key Material */
906 pgpPktCdata cdata; /*!< 5.6. Compressed Data */
907 pgpPktEdata edata; /*!< 5.7. Symmetrically Encrypted Data */
908 /*!< 5.8. Marker (obsolete) */
909 pgpPktLdata ldata; /*!< 5.9. Literal Data */
910 pgpPktTrust tdata; /*!< 5.10. Trust */
911 pgpPktUid uid; /*!< 5.11. User ID */
917 typedef enum pgpArmor_e {
920 PGPARMOR_MESSAGE = 1, /*!< MESSAGE */
921 PGPARMOR_PUBKEY = 2, /*!< PUBLIC KEY BLOCK */
922 PGPARMOR_SIGNATURE = 3, /*!< SIGNATURE */
923 PGPARMOR_SIGNED_MESSAGE = 4, /*!< SIGNED MESSAGE */
924 PGPARMOR_FILE = 5, /*!< ARMORED FILE */
925 PGPARMOR_PRIVKEY = 6, /*!< PRIVATE KEY BLOCK */
926 PGPARMOR_SECKEY = 7 /*!< SECRET KEY BLOCK */
931 * Armor (string, value) pairs.
933 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
934 extern struct pgpValTbl_s pgpArmorTbl[];
939 typedef enum pgpArmorKey_e {
940 PGPARMORKEY_VERSION = 1, /*!< Version: */
941 PGPARMORKEY_COMMENT = 2, /*!< Comment: */
942 PGPARMORKEY_MESSAGEID = 3, /*!< MessageID: */
943 PGPARMORKEY_HASH = 4, /*!< Hash: */
944 PGPARMORKEY_CHARSET = 5 /*!< Charset: */
949 * Armor key (string, value) pairs.
951 /*@observer@*/ /*@unchecked@*/ /*@unused@*/
952 extern struct pgpValTbl_s pgpArmorKeyTbl[];
955 * Bit(s) to control digest operation.
957 typedef enum rpmDigestFlags_e {
968 * Return (native-endian) integer from big-endian representation.
969 * @param s pointer to big-endian integer
970 * @param nbytes no. of bytes
971 * @return native-endian integer
973 /*@unused@*/ static inline
974 unsigned int pgpGrab(const byte *s, int nbytes)
978 int nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
987 * Return length of an OpenPGP packet.
988 * @param s pointer to packet
989 * @retval *lenp no. of bytes in packet
990 * @return no. of bytes in length prefix
992 /*@unused@*/ static inline
993 int pgpLen(const byte *s, /*@out@*/ unsigned int *lenp)
994 /*@modifies *lenp @*/
1000 } else if (*s < 255) {
1001 (*lenp) = ((((unsigned)s[0]) - 192) << 8) + s[1] + 192;
1004 (*lenp) = pgpGrab(s+1, 4);
1011 * Return no. of bits in a multiprecision integer.
1012 * @param p pointer to multiprecision integer
1013 * @return no. of bits
1015 /*@unused@*/ static inline
1016 unsigned int pgpMpiBits(const byte *p)
1017 /*@requires maxRead(p) >= 1 @*/
1020 return ((p[0] << 8) | p[1]);
1024 * Return no. of bytes in a multiprecision integer.
1025 * @param p pointer to multiprecision integer
1026 * @return no. of bytes
1028 /*@unused@*/ static inline
1029 unsigned int pgpMpiLen(const byte *p)
1030 /*@requires maxRead(p) >= 1 @*/
1033 return (2 + ((pgpMpiBits(p)+7)>>3));
1038 * @param t target buffer (returned)
1039 * @param s source bytes
1040 * @param nbytes no. of bytes
1041 * @return target buffer
1043 /*@unused@*/ static inline
1044 char * pgpHexCvt(/*@returned@*/ char *t, const byte *s, int nbytes)
1047 static char hex[] = "0123456789abcdef";
1049 while (nbytes-- > 0) {
1052 *t++ = hex[ (i >> 4) & 0xf ];
1053 *t++ = hex[ (i ) & 0xf ];
1061 * Return hex formatted representation of bytes.
1062 * @todo Remove static buffer.
1064 * @param plen no. of bytes
1065 * @return hex formatted string
1067 /*@unused@*/ static inline /*@observer@*/
1068 char * pgpHexStr(const byte *p, unsigned int plen)
1071 static char prbuf[2048];
1073 t = pgpHexCvt(t, p, plen);
1078 * Return hex formatted representation of a multiprecision integer.
1079 * @todo Remove static buffer.
1081 * @return hex formatted string
1083 /*@unused@*/ static inline /*@observer@*/
1084 const char * pgpMpiStr(const byte *p)
1085 /*@requires maxRead(p) >= 3 @*/
1088 static char prbuf[2048];
1090 sprintf(t, "[%4u]: ", pgpGrab(p, 2));
1092 t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2);
1097 * Return string representation of am OpenPGP value.
1098 * @param vs table of (string,value) pairs
1099 * @param val byte value to lookup
1100 * @return string value of byte
1102 /*@unused@*/ static inline /*@observer@*/
1103 const char * pgpValStr(pgpValTbl vs, byte val)
1109 } while ((++vs)->val != -1);
1114 * Return value of an OpenPGP string.
1115 * @param vs table of (string,value) pairs
1116 * @param s string token to lookup
1117 * @param se end-of-string address
1118 * @return byte value
1120 /*@unused@*/ static inline
1121 int pgpValTok(pgpValTbl vs, const char * s, const char * se)
1125 int vlen = strlen(vs->str);
1126 if (vlen <= (se-s) && !strncmp(s, vs->str, vlen))
1128 } while ((++vs)->val != -1);
1134 * Print an OpenPGP value.
1135 * @param pre output prefix
1136 * @param vs table of (string,value) pairs
1137 * @param val byte value to print
1139 void pgpPrtVal(const char * pre, pgpValTbl vs, byte val)
1140 /*@globals fileSystem @*/
1141 /*@modifies fileSystem @*/;
1144 * Print/parse an OpenPGP subtype packet.
1146 * @param hlen packet length (no. of bytes)
1147 * @param sigtype signature type
1148 * @return 0 on success
1150 int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype)
1151 /*@globals fileSystem @*/
1152 /*@modifies fileSystem @*/;
1155 * Print/parse an OpenPGP signature packet.
1156 * @param tag packet tag
1157 * @param h packet contents
1158 * @param hlen packet length (no. of bytes)
1159 * @return 0 on success
1161 int pgpPrtSig(pgpTag tag, const byte *h, unsigned int hlen)
1162 /*@globals fileSystem @*/
1163 /*@modifies fileSystem @*/;
1166 * Print/parse an OpenPGP key packet.
1167 * @param tag packet tag
1168 * @param h packet contents
1169 * @param hlen packet length (no. of bytes)
1170 * @return 0 on success
1172 int pgpPrtKey(pgpTag tag, const byte *h, unsigned int hlen)
1173 /*@globals fileSystem @*/
1174 /*@modifies fileSystem @*/;
1177 * Print/parse an OpenPGP userid packet.
1178 * @param tag packet tag
1179 * @param h packet contents
1180 * @param hlen packet length (no. of bytes)
1181 * @return 0 on success
1183 int pgpPrtUserID(pgpTag tag, const byte *h, unsigned int hlen)
1184 /*@globals fileSystem @*/
1185 /*@modifies fileSystem @*/;
1188 * Print/parse an OpenPGP comment packet.
1189 * @param tag packet tag
1190 * @param h packet contents
1191 * @param hlen packet length (no. of bytes)
1192 * @return 0 on success
1194 int pgpPrtComment(pgpTag tag, const byte *h, unsigned int hlen)
1195 /*@globals fileSystem @*/
1196 /*@modifies fileSystem @*/;
1199 * Print/parse next OpenPGP packet.
1200 * @param pkt OpenPGP packet
1201 * @param pleft no. bytes remaining
1202 * @return -1 on error, otherwise this packet length
1204 int pgpPrtPkt(const byte *pkt, unsigned int pleft)
1205 /*@globals fileSystem @*/
1206 /*@modifies fileSystem @*/;
1210 * Print/parse a OpenPGP packet(s).
1211 * @param pkts OpenPGP packet(s)
1212 * @param pktlen OpenPGP packet(s) length (no. of bytes)
1213 * @retval dig parsed output of signature/pubkey packet parameters
1214 * @param printing should packets be printed?
1215 * @return -1 on error, 0 on success
1217 int pgpPrtPkts(const byte *pkts, unsigned int pktlen, pgpDig dig, int printing)
1218 /*@globals fileSystem @*/
1219 /*@modifies fileSystem @*/;
1222 * Parse armored OpenPGP packets from a file.
1223 * @param fn file name
1224 * @retval pkt dearmored OpenPGP packet(s)
1225 * @retval pktlen dearmored OpenPGP packet(s) length in bytes
1226 * @return type of armor found
1228 pgpArmor pgpReadPkts(const char * fn,
1229 /*@out@*/ const byte ** pkt, /*@out@*/ size_t * pktlen)
1230 /*@globals fileSystem, internalState @*/
1231 /*@modifies *pkt, *pktlen, fileSystem, internalState @*/;
1234 * Wrap a OpenPGP packets in ascii armor for transport.
1235 * @param atype type of armor
1236 * @param s binary pkt data
1237 * @param ns binary pkt data length
1238 * @return formatted string
1240 char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
1244 * Create a container for parsed OpenPGP packates.
1248 pgpDig pgpNewDig(void)
1252 * Release (malloc'd) data from container.
1253 * @param dig container
1255 void pgpCleanDig(/*@null@*/ pgpDig dig)
1256 /*@modifies dig @*/;
1259 * Destroy a container for parsed OpenPGP packates.
1260 * @param dig container
1261 * @return NULL always
1263 /*@only@*/ /*@null@*/
1264 pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig)
1265 /*@modifies dig @*/;
1268 * Is buffer at beginning of an OpenPGP packet?
1270 * @return 1 if an OpenPGP packet, 0 otherwise
1272 /*@unused@*/ static inline
1273 int pgpIsPkt(const byte * p)
1277 unsigned int val = *p++;
1282 /* XXX can't deal with these. */
1289 tag = (val >> 2) & 0xf;
1293 case PGPTAG_SYMMETRIC_SESSION_KEY:
1294 case PGPTAG_ONEPASS_SIGNATURE:
1295 case PGPTAG_PUBLIC_KEY:
1296 case PGPTAG_SECRET_KEY:
1297 case PGPTAG_PUBLIC_SESSION_KEY:
1298 case PGPTAG_SIGNATURE:
1299 case PGPTAG_COMMENT:
1300 case PGPTAG_COMMENT_OLD:
1301 case PGPTAG_LITERAL_DATA:
1302 case PGPTAG_COMPRESSED_DATA:
1303 case PGPTAG_SYMMETRIC_DATA:
1306 case PGPTAG_PUBLIC_SUBKEY:
1307 case PGPTAG_SECRET_SUBKEY:
1308 case PGPTAG_USER_ID:
1309 case PGPTAG_RESERVED:
1311 case PGPTAG_PHOTOID:
1312 case PGPTAG_ENCRYPTED_MDC:
1314 case PGPTAG_PRIVATE_60:
1315 case PGPTAG_PRIVATE_62:
1316 case PGPTAG_CONTROL:
1325 #define CRC24_INIT 0xb704ce
1326 #define CRC24_POLY 0x1864cfb
1329 * Return CRC of a buffer.
1330 * @param octets bytes
1331 * @param len no. of bytes
1332 * @return crc of buffer
1334 /*@unused@*/ static inline
1335 unsigned int pgpCRC(const byte *octets, size_t len)
1338 unsigned int crc = CRC24_INIT;
1343 crc ^= (*octets++) << 16;
1345 for (i = 0; i < 8; i++) {
1347 if (crc & 0x1000000)
1351 return crc & 0xffffff;
1355 * Duplicate a digest context.
1356 * @param octx existing digest context
1357 * @return duplicated digest context
1360 DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
1364 * Initialize digest.
1365 * Set bit count to 0 and buffer to mysterious initialization constants.
1366 * @param hashalgo type of digest
1367 * @param flags bit(s) to control digest operation
1368 * @return digest context
1370 /*@only@*/ /*@null@*/
1371 DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
1375 * Update context with next plain text buffer.
1376 * @param ctx digest context
1377 * @param data next data buffer
1378 * @param len no. bytes of data
1379 * @return 0 on success
1381 int rpmDigestUpdate(/*@null@*/ DIGEST_CTX ctx, const void * data, size_t len)
1382 /*@modifies ctx @*/;
1385 * Return digest and destroy context.
1386 * Final wrapup - pad to 64-byte boundary with the bit pattern
1387 * 1 0* (64-bit count of bits processed, MSB-first)
1389 * @param ctx digest context
1390 * @retval datap address of returned digest
1391 * @retval lenp address of digest length
1392 * @param asAscii return digest as ascii string?
1393 * @return 0 on success
1395 int rpmDigestFinal(/*@only@*/ /*@null@*/ DIGEST_CTX ctx,
1396 /*@null@*/ /*@out@*/ void ** datap,
1397 /*@null@*/ /*@out@*/ size_t * lenp, int asAscii)
1398 /*@modifies *datap, *lenp @*/;
1405 #endif /* H_RPMPGP */