1/* gcrypt.h - GNU Cryptographic Library Interface -*- c -*- 2 Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006 3 2007, 2008, 2009, 2010, 2011, 4 2012 Free Software Foundation, Inc. 5 Copyright (C) 2012, 2013 g10 Code GmbH 6 7 This file is part of Libgcrypt. 8 9 Libgcrypt is free software; you can redistribute it and/or modify 10 it under the terms of the GNU Lesser General Public License as 11 published by the Free Software Foundation; either version 2.1 of 12 the License, or (at your option) any later version. 13 14 Libgcrypt is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU Lesser General Public License for more details. 18 19 You should have received a copy of the GNU Lesser General Public 20 License along with this program; if not, see <http://www.gnu.org/licenses/>. 21 22 File: @configure_input@ */ 23 24#ifndef _GCRYPT_H 25#define _GCRYPT_H 26 27#include <stdlib.h> 28#include <stdarg.h> 29#include <string.h> 30 31#include <gpg-error.h> 32 33#include <sys/types.h> 34 35#if defined _WIN32 || defined __WIN32__ 36# include <winsock2.h> 37# include <ws2tcpip.h> 38# include <time.h> 39# ifndef __GNUC__ 40 typedef long ssize_t; 41 typedef int pid_t; 42# endif /*!__GNUC__*/ 43#else 44# include <sys/socket.h> 45# include <sys/time.h> 46#@INSERT_SYS_SELECT_H@ 47#endif /*!_WIN32*/ 48 49@FALLBACK_SOCKLEN_T@ 50 51/* This is required for error code compatibility. */ 52#define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT 53 54#ifdef __cplusplus 55extern "C" { 56#if 0 /* (Keep Emacsens' auto-indent happy.) */ 57} 58#endif 59#endif 60 61/* The version of this header should match the one of the library. It 62 should not be used by a program because gcry_check_version() should 63 return the same version. The purpose of this macro is to let 64 autoconf (using the AM_PATH_GCRYPT macro) check that this header 65 matches the installed library. */ 66#define GCRYPT_VERSION "@VERSION@" 67 68/* The version number of this header. It may be used to handle minor 69 API incompatibilities. */ 70#define GCRYPT_VERSION_NUMBER @VERSION_NUMBER@ 71 72 73/* Internal: We can't use the convenience macros for the multi 74 precision integer functions when building this library. */ 75#ifdef _GCRYPT_IN_LIBGCRYPT 76#ifndef GCRYPT_NO_MPI_MACROS 77#define GCRYPT_NO_MPI_MACROS 1 78#endif 79#endif 80 81/* We want to use gcc attributes when possible. Warning: Don't use 82 these macros in your programs: As indicated by the leading 83 underscore they are subject to change without notice. */ 84#ifdef __GNUC__ 85 86#define _GCRY_GCC_VERSION (__GNUC__ * 10000 \ 87 + __GNUC_MINOR__ * 100 \ 88 + __GNUC_PATCHLEVEL__) 89 90#if _GCRY_GCC_VERSION >= 30100 91#define _GCRY_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__)) 92#endif 93 94#if _GCRY_GCC_VERSION >= 29600 95#define _GCRY_GCC_ATTR_PURE __attribute__ ((__pure__)) 96#endif 97 98#if _GCRY_GCC_VERSION >= 30200 99#define _GCRY_GCC_ATTR_MALLOC __attribute__ ((__malloc__)) 100#endif 101 102#endif /*__GNUC__*/ 103 104#ifndef _GCRY_GCC_ATTR_DEPRECATED 105#define _GCRY_GCC_ATTR_DEPRECATED 106#endif 107#ifndef _GCRY_GCC_ATTR_PURE 108#define _GCRY_GCC_ATTR_PURE 109#endif 110#ifndef _GCRY_GCC_ATTR_MALLOC 111#define _GCRY_GCC_ATTR_MALLOC 112#endif 113 114/* Make up an attribute to mark functions and types as deprecated but 115 allow internal use by Libgcrypt. */ 116#ifdef _GCRYPT_IN_LIBGCRYPT 117#define _GCRY_ATTR_INTERNAL 118#else 119#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED 120#endif 121 122/* Wrappers for the libgpg-error library. */ 123 124typedef gpg_error_t gcry_error_t; 125typedef gpg_err_code_t gcry_err_code_t; 126typedef gpg_err_source_t gcry_err_source_t; 127 128static GPG_ERR_INLINE gcry_error_t 129gcry_err_make (gcry_err_source_t source, gcry_err_code_t code) 130{ 131 return gpg_err_make (source, code); 132} 133 134/* The user can define GPG_ERR_SOURCE_DEFAULT before including this 135 file to specify a default source for gpg_error. */ 136#ifndef GCRY_ERR_SOURCE_DEFAULT 137#define GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1 138#endif 139 140static GPG_ERR_INLINE gcry_error_t 141gcry_error (gcry_err_code_t code) 142{ 143 return gcry_err_make (GCRY_ERR_SOURCE_DEFAULT, code); 144} 145 146static GPG_ERR_INLINE gcry_err_code_t 147gcry_err_code (gcry_error_t err) 148{ 149 return gpg_err_code (err); 150} 151 152 153static GPG_ERR_INLINE gcry_err_source_t 154gcry_err_source (gcry_error_t err) 155{ 156 return gpg_err_source (err); 157} 158 159/* Return a pointer to a string containing a description of the error 160 code in the error value ERR. */ 161const char *gcry_strerror (gcry_error_t err); 162 163/* Return a pointer to a string containing a description of the error 164 source in the error value ERR. */ 165const char *gcry_strsource (gcry_error_t err); 166 167/* Retrieve the error code for the system error ERR. This returns 168 GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report 169 this). */ 170gcry_err_code_t gcry_err_code_from_errno (int err); 171 172/* Retrieve the system error for the error code CODE. This returns 0 173 if CODE is not a system error code. */ 174int gcry_err_code_to_errno (gcry_err_code_t code); 175 176/* Return an error value with the error source SOURCE and the system 177 error ERR. */ 178gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err); 179 180/* Return an error value with the system error ERR. */ 181gcry_err_code_t gcry_error_from_errno (int err); 182 183 184/* This enum is deprecated; it is only declared for the sake of 185 complete API compatibility. */ 186enum gcry_thread_option 187 { 188 _GCRY_THREAD_OPTION_DUMMY 189 } _GCRY_GCC_ATTR_DEPRECATED; 190 191 192/* Constants defining the thread model to use. Used with the OPTION 193 field of the struct gcry_thread_cbs. */ 194#define GCRY_THREAD_OPTION_DEFAULT 0 195#define GCRY_THREAD_OPTION_USER 1 196#define GCRY_THREAD_OPTION_PTH 2 197#define GCRY_THREAD_OPTION_PTHREAD 3 198 199/* The version number encoded in the OPTION field of the struct 200 gcry_thread_cbs. */ 201#define GCRY_THREAD_OPTION_VERSION 0 202 203/* Wrapper for struct ath_ops. */ 204struct gcry_thread_cbs 205{ 206 /* The OPTION field encodes the thread model and the version number 207 of this structure. 208 Bits 7 - 0 are used for the thread model 209 Bits 15 - 8 are used for the version number. 210 */ 211 unsigned int option; 212 213 int (*init) (void); 214 int (*mutex_init) (void **priv); 215 int (*mutex_destroy) (void **priv); 216 int (*mutex_lock) (void **priv); 217 int (*mutex_unlock) (void **priv); 218 ssize_t (*read) (int fd, void *buf, size_t nbytes); 219 ssize_t (*write) (int fd, const void *buf, size_t nbytes); 220#ifdef _WIN32 221 ssize_t (*select) (int nfd, void *rset, void *wset, void *eset, 222 struct timeval *timeout); 223 ssize_t (*waitpid) (pid_t pid, int *status, int options); 224 int (*accept) (int s, void *addr, int *length_ptr); 225 int (*connect) (int s, void *addr, gcry_socklen_t length); 226 int (*sendmsg) (int s, const void *msg, int flags); 227 int (*recvmsg) (int s, void *msg, int flags); 228#else 229 ssize_t (*select) (int nfd, fd_set *rset, fd_set *wset, fd_set *eset, 230 struct timeval *timeout); 231 ssize_t (*waitpid) (pid_t pid, int *status, int options); 232 int (*accept) (int s, struct sockaddr *addr, gcry_socklen_t *length_ptr); 233 int (*connect) (int s, struct sockaddr *addr, gcry_socklen_t length); 234 int (*sendmsg) (int s, const struct msghdr *msg, int flags); 235 int (*recvmsg) (int s, struct msghdr *msg, int flags); 236#endif 237}; 238 239#ifdef _WIN32 240# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \ 241static ssize_t gcry_pth_select (int nfd, void *rset, void *wset, \ 242 void *eset, struct timeval *timeout) \ 243 { return pth_select (nfd, rset, wset, eset, timeout); } \ 244static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \ 245 { return pth_waitpid (pid, status, options); } \ 246static int gcry_pth_accept (int s, void *addr, \ 247 gcry_socklen_t *length_ptr) \ 248 { return pth_accept (s, addr, length_ptr); } \ 249static int gcry_pth_connect (int s, void *addr, \ 250 gcry_socklen_t length) \ 251 { return pth_connect (s, addr, length); } 252#else /*!_WIN32*/ 253# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \ 254static ssize_t gcry_pth_select (int nfd, fd_set *rset, fd_set *wset, \ 255 fd_set *eset, struct timeval *timeout) \ 256 { return pth_select (nfd, rset, wset, eset, timeout); } \ 257static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \ 258 { return pth_waitpid (pid, status, options); } \ 259static int gcry_pth_accept (int s, struct sockaddr *addr, \ 260 gcry_socklen_t *length_ptr) \ 261 { return pth_accept (s, addr, length_ptr); } \ 262static int gcry_pth_connect (int s, struct sockaddr *addr, \ 263 gcry_socklen_t length) \ 264 { return pth_connect (s, addr, length); } 265#endif /*!_WIN32*/ 266 267 268 269#define GCRY_THREAD_OPTION_PTH_IMPL \ 270static int gcry_pth_init (void) \ 271{ return (pth_init () == FALSE) ? errno : 0; } \ 272static int gcry_pth_mutex_init (void **priv) \ 273{ \ 274 int err = 0; \ 275 pth_mutex_t *lock = malloc (sizeof (pth_mutex_t)); \ 276 \ 277 if (!lock) \ 278 err = ENOMEM; \ 279 if (!err) \ 280 { \ 281 err = pth_mutex_init (lock); \ 282 if (err == FALSE) \ 283 err = errno; \ 284 else \ 285 err = 0; \ 286 if (err) \ 287 free (lock); \ 288 else \ 289 *priv = lock; \ 290 } \ 291 return err; \ 292} \ 293static int gcry_pth_mutex_destroy (void **lock) \ 294 { /* GNU Pth has no destructor function. */ free (*lock); return 0; } \ 295static int gcry_pth_mutex_lock (void **lock) \ 296 { return ((pth_mutex_acquire (*lock, 0, NULL)) == FALSE) \ 297 ? errno : 0; } \ 298static int gcry_pth_mutex_unlock (void **lock) \ 299 { return ((pth_mutex_release (*lock)) == FALSE) \ 300 ? errno : 0; } \ 301static ssize_t gcry_pth_read (int fd, void *buf, size_t nbytes) \ 302 { return pth_read (fd, buf, nbytes); } \ 303static ssize_t gcry_pth_write (int fd, const void *buf, size_t nbytes) \ 304 { return pth_write (fd, buf, nbytes); } \ 305_GCRY_THREAD_OPTION_PTH_IMPL_NET \ 306 \ 307/* Note: GNU Pth is missing pth_sendmsg and pth_recvmsg. */ \ 308static struct gcry_thread_cbs gcry_threads_pth = { \ 309 (GCRY_THREAD_OPTION_PTH | (GCRY_THREAD_OPTION_VERSION << 8)), \ 310 gcry_pth_init, gcry_pth_mutex_init, gcry_pth_mutex_destroy, \ 311 gcry_pth_mutex_lock, gcry_pth_mutex_unlock, gcry_pth_read, gcry_pth_write, \ 312 gcry_pth_select, gcry_pth_waitpid, gcry_pth_accept, gcry_pth_connect, \ 313 NULL, NULL } 314 315 316#define GCRY_THREAD_OPTION_PTHREAD_IMPL \ 317static int gcry_pthread_mutex_init (void **priv) \ 318{ \ 319 int err = 0; \ 320 pthread_mutex_t *lock = (pthread_mutex_t*)malloc (sizeof (pthread_mutex_t));\ 321 \ 322 if (!lock) \ 323 err = ENOMEM; \ 324 if (!err) \ 325 { \ 326 err = pthread_mutex_init (lock, NULL); \ 327 if (err) \ 328 free (lock); \ 329 else \ 330 *priv = lock; \ 331 } \ 332 return err; \ 333} \ 334static int gcry_pthread_mutex_destroy (void **lock) \ 335 { int err = pthread_mutex_destroy ((pthread_mutex_t*)*lock); \ 336 free (*lock); return err; } \ 337static int gcry_pthread_mutex_lock (void **lock) \ 338 { return pthread_mutex_lock ((pthread_mutex_t*)*lock); } \ 339static int gcry_pthread_mutex_unlock (void **lock) \ 340 { return pthread_mutex_unlock ((pthread_mutex_t*)*lock); } \ 341 \ 342static struct gcry_thread_cbs gcry_threads_pthread = { \ 343 (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), \ 344 NULL, gcry_pthread_mutex_init, gcry_pthread_mutex_destroy, \ 345 gcry_pthread_mutex_lock, gcry_pthread_mutex_unlock, \ 346 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } 347 348 349/* The data object used to hold a multi precision integer. */ 350struct gcry_mpi; 351typedef struct gcry_mpi *gcry_mpi_t; 352 353#ifndef GCRYPT_NO_DEPRECATED 354typedef struct gcry_mpi *GCRY_MPI _GCRY_GCC_ATTR_DEPRECATED; 355typedef struct gcry_mpi *GcryMPI _GCRY_GCC_ATTR_DEPRECATED; 356#endif 357 358 359 360/* Check that the library fulfills the version requirement. */ 361const char *gcry_check_version (const char *req_version); 362 363/* Codes for function dispatchers. */ 364 365/* Codes used with the gcry_control function. */ 366enum gcry_ctl_cmds 367 { 368 GCRYCTL_SET_KEY = 1, 369 GCRYCTL_SET_IV = 2, 370 GCRYCTL_CFB_SYNC = 3, 371 GCRYCTL_RESET = 4, /* e.g. for MDs */ 372 GCRYCTL_FINALIZE = 5, 373 GCRYCTL_GET_KEYLEN = 6, 374 GCRYCTL_GET_BLKLEN = 7, 375 GCRYCTL_TEST_ALGO = 8, 376 GCRYCTL_IS_SECURE = 9, 377 GCRYCTL_GET_ASNOID = 10, 378 GCRYCTL_ENABLE_ALGO = 11, 379 GCRYCTL_DISABLE_ALGO = 12, 380 GCRYCTL_DUMP_RANDOM_STATS = 13, 381 GCRYCTL_DUMP_SECMEM_STATS = 14, 382 GCRYCTL_GET_ALGO_NPKEY = 15, 383 GCRYCTL_GET_ALGO_NSKEY = 16, 384 GCRYCTL_GET_ALGO_NSIGN = 17, 385 GCRYCTL_GET_ALGO_NENCR = 18, 386 GCRYCTL_SET_VERBOSITY = 19, 387 GCRYCTL_SET_DEBUG_FLAGS = 20, 388 GCRYCTL_CLEAR_DEBUG_FLAGS = 21, 389 GCRYCTL_USE_SECURE_RNDPOOL= 22, 390 GCRYCTL_DUMP_MEMORY_STATS = 23, 391 GCRYCTL_INIT_SECMEM = 24, 392 GCRYCTL_TERM_SECMEM = 25, 393 GCRYCTL_DISABLE_SECMEM_WARN = 27, 394 GCRYCTL_SUSPEND_SECMEM_WARN = 28, 395 GCRYCTL_RESUME_SECMEM_WARN = 29, 396 GCRYCTL_DROP_PRIVS = 30, 397 GCRYCTL_ENABLE_M_GUARD = 31, 398 GCRYCTL_START_DUMP = 32, 399 GCRYCTL_STOP_DUMP = 33, 400 GCRYCTL_GET_ALGO_USAGE = 34, 401 GCRYCTL_IS_ALGO_ENABLED = 35, 402 GCRYCTL_DISABLE_INTERNAL_LOCKING = 36, 403 GCRYCTL_DISABLE_SECMEM = 37, 404 GCRYCTL_INITIALIZATION_FINISHED = 38, 405 GCRYCTL_INITIALIZATION_FINISHED_P = 39, 406 GCRYCTL_ANY_INITIALIZATION_P = 40, 407 GCRYCTL_SET_CBC_CTS = 41, 408 GCRYCTL_SET_CBC_MAC = 42, 409 GCRYCTL_SET_CTR = 43, 410 GCRYCTL_ENABLE_QUICK_RANDOM = 44, 411 GCRYCTL_SET_RANDOM_SEED_FILE = 45, 412 GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46, 413 GCRYCTL_SET_THREAD_CBS = 47, 414 GCRYCTL_FAST_POLL = 48, 415 GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49, 416 GCRYCTL_USE_RANDOM_DAEMON = 50, 417 GCRYCTL_FAKED_RANDOM_P = 51, 418 GCRYCTL_SET_RNDEGD_SOCKET = 52, 419 GCRYCTL_PRINT_CONFIG = 53, 420 GCRYCTL_OPERATIONAL_P = 54, 421 GCRYCTL_FIPS_MODE_P = 55, 422 GCRYCTL_FORCE_FIPS_MODE = 56, 423 GCRYCTL_SELFTEST = 57, 424 /* Note: 58 .. 62 are used internally. */ 425 GCRYCTL_DISABLE_HWF = 63, 426 GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64 427 }; 428 429/* Perform various operations defined by CMD. */ 430gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...); 431 432 433/* S-expression management. */ 434 435/* The object to represent an S-expression as used with the public key 436 functions. */ 437struct gcry_sexp; 438typedef struct gcry_sexp *gcry_sexp_t; 439 440#ifndef GCRYPT_NO_DEPRECATED 441typedef struct gcry_sexp *GCRY_SEXP _GCRY_GCC_ATTR_DEPRECATED; 442typedef struct gcry_sexp *GcrySexp _GCRY_GCC_ATTR_DEPRECATED; 443#endif 444 445/* The possible values for the S-expression format. */ 446enum gcry_sexp_format 447 { 448 GCRYSEXP_FMT_DEFAULT = 0, 449 GCRYSEXP_FMT_CANON = 1, 450 GCRYSEXP_FMT_BASE64 = 2, 451 GCRYSEXP_FMT_ADVANCED = 3 452 }; 453 454/* Create an new S-expression object from BUFFER of size LENGTH and 455 return it in RETSEXP. With AUTODETECT set to 0 the data in BUFFER 456 is expected to be in canonized format. */ 457gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp, 458 const void *buffer, size_t length, 459 int autodetect); 460 461 /* Same as gcry_sexp_new but allows to pass a FREEFNC which has the 462 effect to transfer ownership of BUFFER to the created object. */ 463gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp, 464 void *buffer, size_t length, 465 int autodetect, void (*freefnc) (void *)); 466 467/* Scan BUFFER and return a new S-expression object in RETSEXP. This 468 function expects a printf like string in BUFFER. */ 469gcry_error_t gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, 470 const char *buffer, size_t length); 471 472/* Same as gcry_sexp_sscan but expects a string in FORMAT and can thus 473 only be used for certain encodings. */ 474gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, 475 const char *format, ...); 476 477/* Like gcry_sexp_build, but uses an array instead of variable 478 function arguments. */ 479gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff, 480 const char *format, void **arg_list); 481 482/* Release the S-expression object SEXP */ 483void gcry_sexp_release (gcry_sexp_t sexp); 484 485/* Calculate the length of an canonized S-expresion in BUFFER and 486 check for a valid encoding. */ 487size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length, 488 size_t *erroff, gcry_error_t *errcode); 489 490/* Copies the S-expression object SEXP into BUFFER using the format 491 specified in MODE. */ 492size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, 493 size_t maxlength); 494 495/* Dumps the S-expression object A in a format suitable for debugging 496 to Libgcrypt's logging stream. */ 497void gcry_sexp_dump (const gcry_sexp_t a); 498 499gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b); 500gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array); 501gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...); 502gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n); 503gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n); 504 505/* Scan the S-expression for a sublist with a type (the car of the 506 list) matching the string TOKEN. If TOKLEN is not 0, the token is 507 assumed to be raw memory of this length. The function returns a 508 newly allocated S-expression consisting of the found sublist or 509 `NULL' when not found. */ 510gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list, 511 const char *tok, size_t toklen); 512/* Return the length of the LIST. For a valid S-expression this 513 should be at least 1. */ 514int gcry_sexp_length (const gcry_sexp_t list); 515 516/* Create and return a new S-expression from the element with index 517 NUMBER in LIST. Note that the first element has the index 0. If 518 there is no such element, `NULL' is returned. */ 519gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number); 520 521/* Create and return a new S-expression from the first element in 522 LIST; this called the "type" and should always exist and be a 523 string. `NULL' is returned in case of a problem. */ 524gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list); 525 526/* Create and return a new list form all elements except for the first 527 one. Note, that this function may return an invalid S-expression 528 because it is not guaranteed, that the type exists and is a string. 529 However, for parsing a complex S-expression it might be useful for 530 intermediate lists. Returns `NULL' on error. */ 531gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list); 532 533gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list); 534 535 536/* This function is used to get data from a LIST. A pointer to the 537 actual data with index NUMBER is returned and the length of this 538 data will be stored to DATALEN. If there is no data at the given 539 index or the index represents another list, `NULL' is returned. 540 *Note:* The returned pointer is valid as long as LIST is not 541 modified or released. */ 542const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number, 543 size_t *datalen); 544 545/* This function is used to get and convert data from a LIST. The 546 data is assumed to be a Nul terminated string. The caller must 547 release the returned value using `gcry_free'. If there is no data 548 at the given index, the index represents a list or the value can't 549 be converted to a string, `NULL' is returned. */ 550char *gcry_sexp_nth_string (gcry_sexp_t list, int number); 551 552/* This function is used to get and convert data from a LIST. This 553 data is assumed to be an MPI stored in the format described by 554 MPIFMT and returned as a standard Libgcrypt MPI. The caller must 555 release this returned value using `gcry_mpi_release'. If there is 556 no data at the given index, the index represents a list or the 557 value can't be converted to an MPI, `NULL' is returned. */ 558gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt); 559 560 561 562/******************************************* 563 * * 564 * Multi Precision Integer Functions * 565 * * 566 *******************************************/ 567 568/* Different formats of external big integer representation. */ 569enum gcry_mpi_format 570 { 571 GCRYMPI_FMT_NONE= 0, 572 GCRYMPI_FMT_STD = 1, /* Twos complement stored without length. */ 573 GCRYMPI_FMT_PGP = 2, /* As used by OpenPGP (unsigned only). */ 574 GCRYMPI_FMT_SSH = 3, /* As used by SSH (like STD but with length). */ 575 GCRYMPI_FMT_HEX = 4, /* Hex format. */ 576 GCRYMPI_FMT_USG = 5 /* Like STD but unsigned. */ 577 }; 578 579/* Flags used for creating big integers. */ 580enum gcry_mpi_flag 581 { 582 GCRYMPI_FLAG_SECURE = 1, /* Allocate the number in "secure" memory. */ 583 GCRYMPI_FLAG_OPAQUE = 2 /* The number is not a real one but just 584 a way to store some bytes. This is 585 useful for encrypted big integers. */ 586 }; 587 588 589/* Allocate a new big integer object, initialize it with 0 and 590 initially allocate memory for a number of at least NBITS. */ 591gcry_mpi_t gcry_mpi_new (unsigned int nbits); 592 593/* Same as gcry_mpi_new() but allocate in "secure" memory. */ 594gcry_mpi_t gcry_mpi_snew (unsigned int nbits); 595 596/* Release the number A and free all associated resources. */ 597void gcry_mpi_release (gcry_mpi_t a); 598 599/* Create a new number with the same value as A. */ 600gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a); 601 602/* Store the big integer value U in W. */ 603gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u); 604 605/* Store the unsigned integer value U in W. */ 606gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u); 607 608/* Swap the values of A and B. */ 609void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b); 610 611/* Compare the big integer number U and V returning 0 for equality, a 612 positive value for U > V and a negative for U < V. */ 613int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v); 614 615/* Compare the big integer number U with the unsigned integer V 616 returning 0 for equality, a positive value for U > V and a negative 617 for U < V. */ 618int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v); 619 620/* Convert the external representation of an integer stored in BUFFER 621 with a length of BUFLEN into a newly create MPI returned in 622 RET_MPI. If NSCANNED is not NULL, it will receive the number of 623 bytes actually scanned after a successful operation. */ 624gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format, 625 const void *buffer, size_t buflen, 626 size_t *nscanned); 627 628/* Convert the big integer A into the external representation 629 described by FORMAT and store it in the provided BUFFER which has 630 been allocated by the user with a size of BUFLEN bytes. NWRITTEN 631 receives the actual length of the external representation unless it 632 has been passed as NULL. */ 633gcry_error_t gcry_mpi_print (enum gcry_mpi_format format, 634 unsigned char *buffer, size_t buflen, 635 size_t *nwritten, 636 const gcry_mpi_t a); 637 638/* Convert the big integer A int the external representation described 639 by FORMAT and store it in a newly allocated buffer which address 640 will be put into BUFFER. NWRITTEN receives the actual lengths of the 641 external representation. */ 642gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format, 643 unsigned char **buffer, size_t *nwritten, 644 const gcry_mpi_t a); 645 646/* Dump the value of A in a format suitable for debugging to 647 Libgcrypt's logging stream. Note that one leading space but no 648 trailing space or linefeed will be printed. It is okay to pass 649 NULL for A. */ 650void gcry_mpi_dump (const gcry_mpi_t a); 651 652 653/* W = U + V. */ 654void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); 655 656/* W = U + V. V is an unsigned integer. */ 657void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v); 658 659/* W = U + V mod M. */ 660void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); 661 662/* W = U - V. */ 663void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); 664 665/* W = U - V. V is an unsigned integer. */ 666void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ); 667 668/* W = U - V mod M */ 669void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); 670 671/* W = U * V. */ 672void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); 673 674/* W = U * V. V is an unsigned integer. */ 675void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ); 676 677/* W = U * V mod M. */ 678void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); 679 680/* W = U * (2 ^ CNT). */ 681void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt); 682 683/* Q = DIVIDEND / DIVISOR, R = DIVIDEND % DIVISOR, 684 Q or R may be passed as NULL. ROUND should be negative or 0. */ 685void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r, 686 gcry_mpi_t dividend, gcry_mpi_t divisor, int round); 687 688/* R = DIVIDEND % DIVISOR */ 689void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor); 690 691/* W = B ^ E mod M. */ 692void gcry_mpi_powm (gcry_mpi_t w, 693 const gcry_mpi_t b, const gcry_mpi_t e, 694 const gcry_mpi_t m); 695 696/* Set G to the greatest common divisor of A and B. 697 Return true if the G is 1. */ 698int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b); 699 700/* Set X to the multiplicative inverse of A mod M. 701 Return true if the value exists. */ 702int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m); 703 704 705/* Return the number of bits required to represent A. */ 706unsigned int gcry_mpi_get_nbits (gcry_mpi_t a); 707 708/* Return true when bit number N (counting from 0) is set in A. */ 709int gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n); 710 711/* Set bit number N in A. */ 712void gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n); 713 714/* Clear bit number N in A. */ 715void gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n); 716 717/* Set bit number N in A and clear all bits greater than N. */ 718void gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n); 719 720/* Clear bit number N in A and all bits greater than N. */ 721void gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n); 722 723/* Shift the value of A by N bits to the right and store the result in X. */ 724void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n); 725 726/* Shift the value of A by N bits to the left and store the result in X. */ 727void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n); 728 729/* Store NBITS of the value P points to in A and mark A as an opaque 730 value. WARNING: Never use an opaque MPI for anything thing else then 731 gcry_mpi_release, gcry_mpi_get_opaque. */ 732gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits); 733 734/* Return a pointer to an opaque value stored in A and return its size 735 in NBITS. Note that the returned pointer is still owned by A and 736 that the function should never be used for an non-opaque MPI. */ 737void *gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits); 738 739/* Set the FLAG for the big integer A. Currently only the flag 740 GCRYMPI_FLAG_SECURE is allowed to convert A into an big intger 741 stored in "secure" memory. */ 742void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); 743 744/* Clear FLAG for the big integer A. Note that this function is 745 currently useless as no flags are allowed. */ 746void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); 747 748/* Return true when the FLAG is set for A. */ 749int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); 750 751/* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of 752 convenience macros for the big integer functions. */ 753#ifndef GCRYPT_NO_MPI_MACROS 754#define mpi_new(n) gcry_mpi_new( (n) ) 755#define mpi_secure_new( n ) gcry_mpi_snew( (n) ) 756#define mpi_release(a) \ 757 do \ 758 { \ 759 gcry_mpi_release ((a)); \ 760 (a) = NULL; \ 761 } \ 762 while (0) 763 764#define mpi_copy( a ) gcry_mpi_copy( (a) ) 765#define mpi_set( w, u) gcry_mpi_set( (w), (u) ) 766#define mpi_set_ui( w, u) gcry_mpi_set_ui( (w), (u) ) 767#define mpi_cmp( u, v ) gcry_mpi_cmp( (u), (v) ) 768#define mpi_cmp_ui( u, v ) gcry_mpi_cmp_ui( (u), (v) ) 769 770#define mpi_add_ui(w,u,v) gcry_mpi_add_ui((w),(u),(v)) 771#define mpi_add(w,u,v) gcry_mpi_add ((w),(u),(v)) 772#define mpi_addm(w,u,v,m) gcry_mpi_addm ((w),(u),(v),(m)) 773#define mpi_sub_ui(w,u,v) gcry_mpi_sub_ui ((w),(u),(v)) 774#define mpi_sub(w,u,v) gcry_mpi_sub ((w),(u),(v)) 775#define mpi_subm(w,u,v,m) gcry_mpi_subm ((w),(u),(v),(m)) 776#define mpi_mul_ui(w,u,v) gcry_mpi_mul_ui ((w),(u),(v)) 777#define mpi_mul_2exp(w,u,v) gcry_mpi_mul_2exp ((w),(u),(v)) 778#define mpi_mul(w,u,v) gcry_mpi_mul ((w),(u),(v)) 779#define mpi_mulm(w,u,v,m) gcry_mpi_mulm ((w),(u),(v),(m)) 780#define mpi_powm(w,b,e,m) gcry_mpi_powm ( (w), (b), (e), (m) ) 781#define mpi_tdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), 0) 782#define mpi_fdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), -1) 783#define mpi_mod(r,a,m) gcry_mpi_mod ((r), (a), (m)) 784#define mpi_gcd(g,a,b) gcry_mpi_gcd ( (g), (a), (b) ) 785#define mpi_invm(g,a,b) gcry_mpi_invm ( (g), (a), (b) ) 786 787#define mpi_get_nbits(a) gcry_mpi_get_nbits ((a)) 788#define mpi_test_bit(a,b) gcry_mpi_test_bit ((a),(b)) 789#define mpi_set_bit(a,b) gcry_mpi_set_bit ((a),(b)) 790#define mpi_set_highbit(a,b) gcry_mpi_set_highbit ((a),(b)) 791#define mpi_clear_bit(a,b) gcry_mpi_clear_bit ((a),(b)) 792#define mpi_clear_highbit(a,b) gcry_mpi_clear_highbit ((a),(b)) 793#define mpi_rshift(a,b,c) gcry_mpi_rshift ((a),(b),(c)) 794#define mpi_lshift(a,b,c) gcry_mpi_lshift ((a),(b),(c)) 795 796#define mpi_set_opaque(a,b,c) gcry_mpi_set_opaque( (a), (b), (c) ) 797#define mpi_get_opaque(a,b) gcry_mpi_get_opaque( (a), (b) ) 798#endif /* GCRYPT_NO_MPI_MACROS */ 799 800 801 802/************************************ 803 * * 804 * Symmetric Cipher Functions * 805 * * 806 ************************************/ 807 808/* The data object used to hold a handle to an encryption object. */ 809struct gcry_cipher_handle; 810typedef struct gcry_cipher_handle *gcry_cipher_hd_t; 811 812#ifndef GCRYPT_NO_DEPRECATED 813typedef struct gcry_cipher_handle *GCRY_CIPHER_HD _GCRY_GCC_ATTR_DEPRECATED; 814typedef struct gcry_cipher_handle *GcryCipherHd _GCRY_GCC_ATTR_DEPRECATED; 815#endif 816 817/* All symmetric encryption algorithms are identified by their IDs. 818 More IDs may be registered at runtime. */ 819enum gcry_cipher_algos 820 { 821 GCRY_CIPHER_NONE = 0, 822 GCRY_CIPHER_IDEA = 1, 823 GCRY_CIPHER_3DES = 2, 824 GCRY_CIPHER_CAST5 = 3, 825 GCRY_CIPHER_BLOWFISH = 4, 826 GCRY_CIPHER_SAFER_SK128 = 5, 827 GCRY_CIPHER_DES_SK = 6, 828 GCRY_CIPHER_AES = 7, 829 GCRY_CIPHER_AES192 = 8, 830 GCRY_CIPHER_AES256 = 9, 831 GCRY_CIPHER_TWOFISH = 10, 832 833 /* Other cipher numbers are above 300 for OpenPGP reasons. */ 834 GCRY_CIPHER_ARCFOUR = 301, /* Fully compatible with RSA's RC4 (tm). */ 835 GCRY_CIPHER_DES = 302, /* Yes, this is single key 56 bit DES. */ 836 GCRY_CIPHER_TWOFISH128 = 303, 837 GCRY_CIPHER_SERPENT128 = 304, 838 GCRY_CIPHER_SERPENT192 = 305, 839 GCRY_CIPHER_SERPENT256 = 306, 840 GCRY_CIPHER_RFC2268_40 = 307, /* Ron's Cipher 2 (40 bit). */ 841 GCRY_CIPHER_RFC2268_128 = 308, /* Ron's Cipher 2 (128 bit). */ 842 GCRY_CIPHER_SEED = 309, /* 128 bit cipher described in RFC4269. */ 843 GCRY_CIPHER_CAMELLIA128 = 310, 844 GCRY_CIPHER_CAMELLIA192 = 311, 845 GCRY_CIPHER_CAMELLIA256 = 312 846 }; 847 848/* The Rijndael algorithm is basically AES, so provide some macros. */ 849#define GCRY_CIPHER_AES128 GCRY_CIPHER_AES 850#define GCRY_CIPHER_RIJNDAEL GCRY_CIPHER_AES 851#define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128 852#define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192 853#define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256 854 855/* The supported encryption modes. Note that not all of them are 856 supported for each algorithm. */ 857enum gcry_cipher_modes 858 { 859 GCRY_CIPHER_MODE_NONE = 0, /* Not yet specified. */ 860 GCRY_CIPHER_MODE_ECB = 1, /* Electronic codebook. */ 861 GCRY_CIPHER_MODE_CFB = 2, /* Cipher feedback. */ 862 GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */ 863 GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */ 864 GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */ 865 GCRY_CIPHER_MODE_CTR = 6, /* Counter. */ 866 GCRY_CIPHER_MODE_AESWRAP= 7 /* AES-WRAP algorithm. */ 867 }; 868 869/* Flags used with the open function. */ 870enum gcry_cipher_flags 871 { 872 GCRY_CIPHER_SECURE = 1, /* Allocate in secure memory. */ 873 GCRY_CIPHER_ENABLE_SYNC = 2, /* Enable CFB sync mode. */ 874 GCRY_CIPHER_CBC_CTS = 4, /* Enable CBC cipher text stealing (CTS). */ 875 GCRY_CIPHER_CBC_MAC = 8 /* Enable CBC message auth. code (MAC). */ 876 }; 877 878 879/* Create a handle for algorithm ALGO to be used in MODE. FLAGS may 880 be given as an bitwise OR of the gcry_cipher_flags values. */ 881gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, 882 int algo, int mode, unsigned int flags); 883 884/* Close the cioher handle H and release all resource. */ 885void gcry_cipher_close (gcry_cipher_hd_t h); 886 887/* Perform various operations on the cipher object H. */ 888gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, 889 size_t buflen); 890 891/* Retrieve various information about the cipher object H. */ 892gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer, 893 size_t *nbytes); 894 895/* Retrieve various information about the cipher algorithm ALGO. */ 896gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer, 897 size_t *nbytes); 898 899/* Map the cipher algorithm whose ID is contained in ALGORITHM to a 900 string representation of the algorithm name. For unknown algorithm 901 IDs this function returns "?". */ 902const char *gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; 903 904/* Map the algorithm name NAME to an cipher algorithm ID. Return 0 if 905 the algorithm name is not known. */ 906int gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE; 907 908/* Given an ASN.1 object identifier in standard IETF dotted decimal 909 format in STRING, return the encryption mode associated with that 910 OID or 0 if not known or applicable. */ 911int gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE; 912 913/* Encrypt the plaintext of size INLEN in IN using the cipher handle H 914 into the buffer OUT which has an allocated length of OUTSIZE. For 915 most algorithms it is possible to pass NULL for in and 0 for INLEN 916 and do a in-place decryption of the data provided in OUT. */ 917gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h, 918 void *out, size_t outsize, 919 const void *in, size_t inlen); 920 921/* The counterpart to gcry_cipher_encrypt. */ 922gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h, 923 void *out, size_t outsize, 924 const void *in, size_t inlen); 925 926/* Set KEY of length KEYLEN bytes for the cipher handle HD. */ 927gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd, 928 const void *key, size_t keylen); 929 930 931/* Set initialization vector IV of length IVLEN for the cipher handle HD. */ 932gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd, 933 const void *iv, size_t ivlen); 934 935 936/* Reset the handle to the state after open. */ 937#define gcry_cipher_reset(h) gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0) 938 939/* Perform the OpenPGP sync operation if this is enabled for the 940 cipher handle H. */ 941#define gcry_cipher_sync(h) gcry_cipher_ctl( (h), GCRYCTL_CFB_SYNC, NULL, 0) 942 943/* Enable or disable CTS in future calls to gcry_encrypt(). CBC mode only. */ 944#define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \ 945 NULL, on ) 946 947/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of 948 block size length, or (NULL,0) to set the CTR to the all-zero block. */ 949gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd, 950 const void *ctr, size_t ctrlen); 951 952/* Retrieve the key length in bytes used with algorithm A. */ 953size_t gcry_cipher_get_algo_keylen (int algo); 954 955/* Retrieve the block length in bytes used with algorithm A. */ 956size_t gcry_cipher_get_algo_blklen (int algo); 957 958/* Return 0 if the algorithm A is available for use. */ 959#define gcry_cipher_test_algo(a) \ 960 gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) 961 962/* Get a list consisting of the IDs of the loaded cipher modules. If 963 LIST is zero, write the number of loaded cipher modules to 964 LIST_LENGTH and return. If LIST is non-zero, the first 965 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of 966 according size. In case there are less cipher modules than 967 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ 968gcry_error_t gcry_cipher_list (int *list, int *list_length); 969 970 971/************************************ 972 * * 973 * Asymmetric Cipher Functions * 974 * * 975 ************************************/ 976 977/* The algorithms and their IDs we support. */ 978enum gcry_pk_algos 979 { 980 GCRY_PK_RSA = 1, 981 GCRY_PK_RSA_E = 2, /* (deprecated) */ 982 GCRY_PK_RSA_S = 3, /* (deprecated) */ 983 GCRY_PK_ELG_E = 16, 984 GCRY_PK_DSA = 17, 985 GCRY_PK_ELG = 20, 986 GCRY_PK_ECDSA = 301, 987 GCRY_PK_ECDH = 302 988 }; 989 990/* Flags describing usage capabilities of a PK algorithm. */ 991#define GCRY_PK_USAGE_SIGN 1 /* Good for signatures. */ 992#define GCRY_PK_USAGE_ENCR 2 /* Good for encryption. */ 993#define GCRY_PK_USAGE_CERT 4 /* Good to certify other keys. */ 994#define GCRY_PK_USAGE_AUTH 8 /* Good for authentication. */ 995#define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */ 996 997/* Encrypt the DATA using the public key PKEY and store the result as 998 a newly created S-expression at RESULT. */ 999gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result, 1000 gcry_sexp_t data, gcry_sexp_t pkey); 1001 1002/* Decrypt the DATA using the private key SKEY and store the result as 1003 a newly created S-expression at RESULT. */ 1004gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result, 1005 gcry_sexp_t data, gcry_sexp_t skey); 1006 1007/* Sign the DATA using the private key SKEY and store the result as 1008 a newly created S-expression at RESULT. */ 1009gcry_error_t gcry_pk_sign (gcry_sexp_t *result, 1010 gcry_sexp_t data, gcry_sexp_t skey); 1011 1012/* Check the signature SIGVAL on DATA using the public key PKEY. */ 1013gcry_error_t gcry_pk_verify (gcry_sexp_t sigval, 1014 gcry_sexp_t data, gcry_sexp_t pkey); 1015 1016/* Check that private KEY is sane. */ 1017gcry_error_t gcry_pk_testkey (gcry_sexp_t key); 1018 1019/* Generate a new key pair according to the parameters given in 1020 S_PARMS. The new key pair is returned in as an S-expression in 1021 R_KEY. */ 1022gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms); 1023 1024/* Catch all function for miscellaneous operations. */ 1025gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen); 1026 1027/* Retrieve information about the public key algorithm ALGO. */ 1028gcry_error_t gcry_pk_algo_info (int algo, int what, 1029 void *buffer, size_t *nbytes); 1030 1031/* Map the public key algorithm whose ID is contained in ALGORITHM to 1032 a string representation of the algorithm name. For unknown 1033 algorithm IDs this functions returns "?". */ 1034const char *gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; 1035 1036/* Map the algorithm NAME to a public key algorithm Id. Return 0 if 1037 the algorithm name is not known. */ 1038int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE; 1039 1040/* Return what is commonly referred as the key length for the given 1041 public or private KEY. */ 1042unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE; 1043 1044/* Please note that keygrip is still experimental and should not be 1045 used without contacting the author. */ 1046unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array); 1047 1048/* Return the name of the curve matching KEY. */ 1049const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator, 1050 unsigned int *r_nbits); 1051 1052/* Return an S-expression with the parameters of the named ECC curve 1053 NAME. ALGO must be set to an ECC algorithm. */ 1054gcry_sexp_t gcry_pk_get_param (int algo, const char *name); 1055 1056/* Return 0 if the public key algorithm A is available for use. */ 1057#define gcry_pk_test_algo(a) \ 1058 gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) 1059 1060/* Get a list consisting of the IDs of the loaded pubkey modules. If 1061 LIST is zero, write the number of loaded pubkey modules to 1062 LIST_LENGTH and return. If LIST is non-zero, the first 1063 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of 1064 according size. In case there are less pubkey modules than 1065 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ 1066gcry_error_t gcry_pk_list (int *list, int *list_length); 1067 1068 1069 1070/************************************ 1071 * * 1072 * Cryptograhic Hash Functions * 1073 * * 1074 ************************************/ 1075 1076/* Algorithm IDs for the hash functions we know about. Not all of them 1077 are implemnted. */ 1078enum gcry_md_algos 1079 { 1080 GCRY_MD_NONE = 0, 1081 GCRY_MD_MD5 = 1, 1082 GCRY_MD_SHA1 = 2, 1083 GCRY_MD_RMD160 = 3, 1084 GCRY_MD_MD2 = 5, 1085 GCRY_MD_TIGER = 6, /* TIGER/192 as used by gpg <= 1.3.2. */ 1086 GCRY_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */ 1087 GCRY_MD_SHA256 = 8, 1088 GCRY_MD_SHA384 = 9, 1089 GCRY_MD_SHA512 = 10, 1090 GCRY_MD_SHA224 = 11, 1091 GCRY_MD_MD4 = 301, 1092 GCRY_MD_CRC32 = 302, 1093 GCRY_MD_CRC32_RFC1510 = 303, 1094 GCRY_MD_CRC24_RFC2440 = 304, 1095 GCRY_MD_WHIRLPOOL = 305, 1096 GCRY_MD_TIGER1 = 306, /* TIGER fixed. */ 1097 GCRY_MD_TIGER2 = 307 /* TIGER2 variant. */ 1098 }; 1099 1100/* Flags used with the open function. */ 1101enum gcry_md_flags 1102 { 1103 GCRY_MD_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */ 1104 GCRY_MD_FLAG_HMAC = 2 /* Make an HMAC out of this algorithm. */ 1105 }; 1106 1107/* (Forward declaration.) */ 1108struct gcry_md_context; 1109 1110/* This object is used to hold a handle to a message digest object. 1111 This structure is private - only to be used by the public gcry_md_* 1112 macros. */ 1113typedef struct gcry_md_handle 1114{ 1115 /* Actual context. */ 1116 struct gcry_md_context *ctx; 1117 1118 /* Buffer management. */ 1119 int bufpos; 1120 int bufsize; 1121 unsigned char buf[1]; 1122} *gcry_md_hd_t; 1123 1124/* Compatibility types, do not use them. */ 1125#ifndef GCRYPT_NO_DEPRECATED 1126typedef struct gcry_md_handle *GCRY_MD_HD _GCRY_GCC_ATTR_DEPRECATED; 1127typedef struct gcry_md_handle *GcryMDHd _GCRY_GCC_ATTR_DEPRECATED; 1128#endif 1129 1130/* Create a message digest object for algorithm ALGO. FLAGS may be 1131 given as an bitwise OR of the gcry_md_flags values. ALGO may be 1132 given as 0 if the algorithms to be used are later set using 1133 gcry_md_enable. */ 1134gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags); 1135 1136/* Release the message digest object HD. */ 1137void gcry_md_close (gcry_md_hd_t hd); 1138 1139/* Add the message digest algorithm ALGO to the digest object HD. */ 1140gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo); 1141 1142/* Create a new digest object as an exact copy of the object HD. */ 1143gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd); 1144 1145/* Reset the digest object HD to its initial state. */ 1146void gcry_md_reset (gcry_md_hd_t hd); 1147 1148/* Perform various operations on the digest object HD. */ 1149gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd, 1150 void *buffer, size_t buflen); 1151 1152/* Pass LENGTH bytes of data in BUFFER to the digest object HD so that 1153 it can update the digest values. This is the actual hash 1154 function. */ 1155void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length); 1156 1157/* Read out the final digest from HD return the digest value for 1158 algorithm ALGO. */ 1159unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo); 1160 1161/* Convenience function to calculate the hash from the data in BUFFER 1162 of size LENGTH using the algorithm ALGO avoiding the creating of a 1163 hash object. The hash is returned in the caller provided buffer 1164 DIGEST which must be large enough to hold the digest of the given 1165 algorithm. */ 1166void gcry_md_hash_buffer (int algo, void *digest, 1167 const void *buffer, size_t length); 1168 1169/* Retrieve the algorithm used with HD. This does not work reliable 1170 if more than one algorithm is enabled in HD. */ 1171int gcry_md_get_algo (gcry_md_hd_t hd); 1172 1173/* Retrieve the length in bytes of the digest yielded by algorithm 1174 ALGO. */ 1175unsigned int gcry_md_get_algo_dlen (int algo); 1176 1177/* Return true if the the algorithm ALGO is enabled in the digest 1178 object A. */ 1179int gcry_md_is_enabled (gcry_md_hd_t a, int algo); 1180 1181/* Return true if the digest object A is allocated in "secure" memory. */ 1182int gcry_md_is_secure (gcry_md_hd_t a); 1183 1184/* Retrieve various information about the object H. */ 1185gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer, 1186 size_t *nbytes); 1187 1188/* Retrieve various information about the algorithm ALGO. */ 1189gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer, 1190 size_t *nbytes); 1191 1192/* Map the digest algorithm id ALGO to a string representation of the 1193 algorithm name. For unknown algorithms this function returns 1194 "?". */ 1195const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE; 1196 1197/* Map the algorithm NAME to a digest algorithm Id. Return 0 if 1198 the algorithm name is not known. */ 1199int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE; 1200 1201/* For use with the HMAC feature, the set MAC key to the KEY of 1202 KEYLEN bytes. */ 1203gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen); 1204 1205/* Start or stop debugging for digest handle HD; i.e. create a file 1206 named dbgmd-<n>.<suffix> while hashing. If SUFFIX is NULL, 1207 debugging stops and the file will be closed. */ 1208void gcry_md_debug (gcry_md_hd_t hd, const char *suffix); 1209 1210 1211/* Update the hash(s) of H with the character C. This is a buffered 1212 version of the gcry_md_write function. */ 1213#define gcry_md_putc(h,c) \ 1214 do { \ 1215 gcry_md_hd_t h__ = (h); \ 1216 if( (h__)->bufpos == (h__)->bufsize ) \ 1217 gcry_md_write( (h__), NULL, 0 ); \ 1218 (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \ 1219 } while(0) 1220 1221/* Finalize the digest calculation. This is not really needed because 1222 gcry_md_read() does this implicitly. */ 1223#define gcry_md_final(a) \ 1224 gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0) 1225 1226/* Return 0 if the algorithm A is available for use. */ 1227#define gcry_md_test_algo(a) \ 1228 gcry_md_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) 1229 1230/* Return an DER encoded ASN.1 OID for the algorithm A in buffer B. N 1231 must point to size_t variable with the available size of buffer B. 1232 After return it will receive the actual size of the returned 1233 OID. */ 1234#define gcry_md_get_asnoid(a,b,n) \ 1235 gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n)) 1236 1237/* Enable debugging for digest object A; i.e. create files named 1238 dbgmd-<n>.<string> while hashing. B is a string used as the suffix 1239 for the filename. This macro is deprecated, use gcry_md_debug. */ 1240#ifndef GCRYPT_NO_DEPRECATED 1241#define gcry_md_start_debug(a,b) \ 1242 gcry_md_ctl( (a), GCRYCTL_START_DUMP, (b), 0 ) 1243 1244/* Disable the debugging of A. This macro is deprecated, use 1245 gcry_md_debug. */ 1246#define gcry_md_stop_debug(a,b) \ 1247 gcry_md_ctl( (a), GCRYCTL_STOP_DUMP, (b), 0 ) 1248#endif 1249 1250/* Get a list consisting of the IDs of the loaded message digest 1251 modules. If LIST is zero, write the number of loaded message 1252 digest modules to LIST_LENGTH and return. If LIST is non-zero, the 1253 first *LIST_LENGTH algorithm IDs are stored in LIST, which must be 1254 of according size. In case there are less message digest modules 1255 than *LIST_LENGTH, *LIST_LENGTH is updated to the correct 1256 number. */ 1257gcry_error_t gcry_md_list (int *list, int *list_length); 1258 1259 1260#if !defined(GCRYPT_NO_DEPRECATED) || defined(_GCRYPT_IN_LIBGCRYPT) 1261/* Alternative interface for asymmetric cryptography. This interface 1262 is deprecated. */ 1263 1264/* The algorithm IDs. */ 1265typedef enum gcry_ac_id 1266 { 1267 GCRY_AC_RSA = 1, 1268 GCRY_AC_DSA = 17, 1269 GCRY_AC_ELG = 20, 1270 GCRY_AC_ELG_E = 16 1271 } 1272gcry_ac_id_t _GCRY_ATTR_INTERNAL; 1273 1274/* Key types. */ 1275typedef enum gcry_ac_key_type 1276 { 1277 GCRY_AC_KEY_SECRET, 1278 GCRY_AC_KEY_PUBLIC 1279 } 1280gcry_ac_key_type_t _GCRY_ATTR_INTERNAL; 1281 1282/* Encoding methods. */ 1283typedef enum gcry_ac_em 1284 { 1285 GCRY_AC_EME_PKCS_V1_5, 1286 GCRY_AC_EMSA_PKCS_V1_5 1287 } 1288gcry_ac_em_t _GCRY_ATTR_INTERNAL; 1289 1290/* Encryption and Signature schemes. */ 1291typedef enum gcry_ac_scheme 1292 { 1293 GCRY_AC_ES_PKCS_V1_5, 1294 GCRY_AC_SSA_PKCS_V1_5 1295 } 1296gcry_ac_scheme_t _GCRY_ATTR_INTERNAL; 1297 1298/* AC data. */ 1299#define GCRY_AC_FLAG_DEALLOC (1 << 0) 1300#define GCRY_AC_FLAG_COPY (1 << 1) 1301#define GCRY_AC_FLAG_NO_BLINDING (1 << 2) 1302 1303/* This type represents a `data set'. */ 1304typedef struct gcry_ac_data *gcry_ac_data_t _GCRY_ATTR_INTERNAL; 1305 1306/* This type represents a single `key', either a secret one or a 1307 public one. */ 1308typedef struct gcry_ac_key *gcry_ac_key_t _GCRY_ATTR_INTERNAL; 1309 1310/* This type represents a `key pair' containing a secret and a public 1311 key. */ 1312typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t _GCRY_ATTR_INTERNAL; 1313 1314/* This type represents a `handle' that is needed by functions 1315 performing cryptographic operations. */ 1316typedef struct gcry_ac_handle *gcry_ac_handle_t _GCRY_ATTR_INTERNAL; 1317 1318typedef gpg_error_t (*gcry_ac_data_read_cb_t) (void *opaque, 1319 unsigned char *buffer, 1320 size_t *buffer_n) 1321 /* */ _GCRY_ATTR_INTERNAL; 1322 1323typedef gpg_error_t (*gcry_ac_data_write_cb_t) (void *opaque, 1324 unsigned char *buffer, 1325 size_t buffer_n) 1326 /* */ _GCRY_ATTR_INTERNAL; 1327 1328typedef enum 1329 { 1330 GCRY_AC_IO_READABLE, 1331 GCRY_AC_IO_WRITABLE 1332 } 1333gcry_ac_io_mode_t _GCRY_ATTR_INTERNAL; 1334 1335typedef enum 1336 { 1337 GCRY_AC_IO_STRING, 1338 GCRY_AC_IO_CALLBACK 1339 } 1340gcry_ac_io_type_t _GCRY_ATTR_INTERNAL; 1341 1342typedef struct gcry_ac_io 1343{ 1344 /* This is an INTERNAL structure, do NOT use manually. */ 1345 gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL; 1346 gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL; 1347 union 1348 { 1349 union 1350 { 1351 struct 1352 { 1353 gcry_ac_data_read_cb_t cb; 1354 void *opaque; 1355 } callback; 1356 struct 1357 { 1358 unsigned char *data; 1359 size_t data_n; 1360 } string; 1361 void *opaque; 1362 } readable; 1363 union 1364 { 1365 struct 1366 { 1367 gcry_ac_data_write_cb_t cb; 1368 void *opaque; 1369 } callback; 1370 struct 1371 { 1372 unsigned char **data; 1373 size_t *data_n; 1374 } string; 1375 void *opaque; 1376 } writable; 1377 } io _GCRY_ATTR_INTERNAL; 1378} 1379gcry_ac_io_t _GCRY_ATTR_INTERNAL; 1380 1381/* The caller of gcry_ac_key_pair_generate can provide one of these 1382 structures in order to influence the key generation process in an 1383 algorithm-specific way. */ 1384typedef struct gcry_ac_key_spec_rsa 1385{ 1386 gcry_mpi_t e; /* E to use. */ 1387} gcry_ac_key_spec_rsa_t _GCRY_ATTR_INTERNAL; 1388 1389/* Structure used for passing data to the implementation of the 1390 `EME-PKCS-V1_5' encoding method. */ 1391typedef struct gcry_ac_eme_pkcs_v1_5 1392{ 1393 size_t key_size; 1394} gcry_ac_eme_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; 1395 1396typedef enum gcry_md_algos gcry_md_algo_t _GCRY_ATTR_INTERNAL; 1397 1398/* Structure used for passing data to the implementation of the 1399 `EMSA-PKCS-V1_5' encoding method. */ 1400typedef struct gcry_ac_emsa_pkcs_v1_5 1401{ 1402 gcry_md_algo_t md; 1403 size_t em_n; 1404} gcry_ac_emsa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; 1405 1406/* Structure used for passing data to the implementation of the 1407 `SSA-PKCS-V1_5' signature scheme. */ 1408typedef struct gcry_ac_ssa_pkcs_v1_5 1409{ 1410 gcry_md_algo_t md; 1411} gcry_ac_ssa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; 1412#endif /* !GCRYPT_NO_DEPRECATED || !_GCRYPT_IN_LIBGCRYPT */ 1413 1414 1415#ifndef GCRYPT_NO_DEPRECATED 1416/* Returns a new, empty data set in DATA. */ 1417gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data) 1418 /* */ _GCRY_ATTR_INTERNAL; 1419 1420/* Destroy the data set DATA. */ 1421void gcry_ac_data_destroy (gcry_ac_data_t data) 1422 /* */ _GCRY_ATTR_INTERNAL; 1423 1424/* Create a copy of the data set DATA and store it in DATA_CP. */ 1425gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp, 1426 gcry_ac_data_t data) 1427 /* */ _GCRY_ATTR_INTERNAL; 1428 1429/* Return the number of named MPI values inside of the data set 1430 DATA. */ 1431unsigned int gcry_ac_data_length (gcry_ac_data_t data) 1432 /* */ _GCRY_ATTR_INTERNAL; 1433 1434/* Destroy any values contained in the data set DATA. */ 1435void gcry_ac_data_clear (gcry_ac_data_t data) 1436 /* */ _GCRY_ATTR_INTERNAL; 1437 1438/* Add the value MPI to DATA with the label NAME. If FLAGS contains 1439 GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME 1440 and MPI. If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or 1441 GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will 1442 be deallocated when they are to be removed from the data set. */ 1443gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags, 1444 const char *name, gcry_mpi_t mpi) 1445 /* */ _GCRY_ATTR_INTERNAL; 1446 1447/* Store the value labelled with NAME found in DATA in MPI. If FLAGS 1448 contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained 1449 in the data set. MPI may be NULL. */ 1450gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, 1451 const char *name, gcry_mpi_t *mpi) 1452 /* */ _GCRY_ATTR_INTERNAL; 1453 1454/* Stores in NAME and MPI the named MPI value contained in the data 1455 set DATA with the index IDX. If FLAGS contains GCRY_AC_FLAG_COPY, 1456 store copies of the values contained in the data set. NAME or MPI 1457 may be NULL. */ 1458gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, 1459 unsigned int idx, 1460 const char **name, gcry_mpi_t *mpi) 1461 /* */ _GCRY_ATTR_INTERNAL; 1462 1463/* Convert the data set DATA into a new S-Expression, which is to be 1464 stored in SEXP, according to the identifiers contained in 1465 IDENTIFIERS. */ 1466gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, 1467 const char **identifiers) 1468 /* */ _GCRY_ATTR_INTERNAL; 1469 1470/* Create a new data set, which is to be stored in DATA_SET, from the 1471 S-Expression SEXP, according to the identifiers contained in 1472 IDENTIFIERS. */ 1473gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp, 1474 const char **identifiers) 1475 /* */ _GCRY_ATTR_INTERNAL; 1476 1477/* Initialize AC_IO according to MODE, TYPE and the variable list of 1478 arguments. The list of variable arguments to specify depends on 1479 the given TYPE. */ 1480void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, 1481 gcry_ac_io_type_t type, ...) 1482 /* */ _GCRY_ATTR_INTERNAL; 1483 1484/* Initialize AC_IO according to MODE, TYPE and the variable list of 1485 arguments AP. The list of variable arguments to specify depends on 1486 the given TYPE. */ 1487void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, 1488 gcry_ac_io_type_t type, va_list ap) 1489 /* */ _GCRY_ATTR_INTERNAL; 1490 1491/* Create a new ac handle. */ 1492gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle, 1493 gcry_ac_id_t algorithm, unsigned int flags) 1494 /* */ _GCRY_ATTR_INTERNAL; 1495 1496/* Destroy an ac handle. */ 1497void gcry_ac_close (gcry_ac_handle_t handle) 1498 /* */ _GCRY_ATTR_INTERNAL; 1499 1500/* Initialize a key from a given data set. */ 1501gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle, 1502 gcry_ac_key_type_t type, gcry_ac_data_t data) 1503 /* */ _GCRY_ATTR_INTERNAL; 1504 1505/* Generates a new key pair via the handle HANDLE of NBITS bits and 1506 stores it in KEY_PAIR. In case non-standard settings are wanted, a 1507 pointer to a structure of type gcry_ac_key_spec_<algorithm>_t, 1508 matching the selected algorithm, can be given as KEY_SPEC. 1509 MISC_DATA is not used yet. */ 1510gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle, 1511 unsigned int nbits, void *spec, 1512 gcry_ac_key_pair_t *key_pair, 1513 gcry_mpi_t **misc_data) 1514 /* */ _GCRY_ATTR_INTERNAL; 1515 1516/* Returns the key of type WHICH out of the key pair KEY_PAIR. */ 1517gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair, 1518 gcry_ac_key_type_t which) 1519 /* */ _GCRY_ATTR_INTERNAL; 1520 1521/* Returns the data set contained in the key KEY. */ 1522gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key) 1523 /* */ _GCRY_ATTR_INTERNAL; 1524 1525/* Verifies that the key KEY is sane via HANDLE. */ 1526gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key) 1527 /* */ _GCRY_ATTR_INTERNAL; 1528 1529/* Stores the number of bits of the key KEY in NBITS via HANDLE. */ 1530gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle, 1531 gcry_ac_key_t key, unsigned int *nbits) 1532 /* */ _GCRY_ATTR_INTERNAL; 1533 1534/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via 1535 HANDLE. */ 1536gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, 1537 unsigned char *key_grip) 1538 /* */ _GCRY_ATTR_INTERNAL; 1539 1540/* Destroy a key. */ 1541void gcry_ac_key_destroy (gcry_ac_key_t key) 1542 /* */ _GCRY_ATTR_INTERNAL; 1543 1544/* Destroy a key pair. */ 1545void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair) 1546 /* */ _GCRY_ATTR_INTERNAL; 1547 1548/* Encodes a message according to the encoding method METHOD. OPTIONS 1549 must be a pointer to a method-specific structure 1550 (gcry_ac_em*_t). */ 1551gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method, 1552 unsigned int flags, void *options, 1553 gcry_ac_io_t *io_read, 1554 gcry_ac_io_t *io_write) 1555 /* */ _GCRY_ATTR_INTERNAL; 1556 1557/* Decodes a message according to the encoding method METHOD. OPTIONS 1558 must be a pointer to a method-specific structure 1559 (gcry_ac_em*_t). */ 1560gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method, 1561 unsigned int flags, void *options, 1562 gcry_ac_io_t *io_read, 1563 gcry_ac_io_t *io_write) 1564 /* */ _GCRY_ATTR_INTERNAL; 1565 1566/* Encrypt the plain text MPI value DATA_PLAIN with the key KEY under 1567 the control of the flags FLAGS and store the resulting data set 1568 into DATA_ENCRYPTED. */ 1569gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle, 1570 unsigned int flags, 1571 gcry_ac_key_t key, 1572 gcry_mpi_t data_plain, 1573 gcry_ac_data_t *data_encrypted) 1574 /* */ _GCRY_ATTR_INTERNAL; 1575 1576/* Decrypt the decrypted data contained in the data set DATA_ENCRYPTED 1577 with the key KEY under the control of the flags FLAGS and store the 1578 resulting plain text MPI value in DATA_PLAIN. */ 1579gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle, 1580 unsigned int flags, 1581 gcry_ac_key_t key, 1582 gcry_mpi_t *data_plain, 1583 gcry_ac_data_t data_encrypted) 1584 /* */ _GCRY_ATTR_INTERNAL; 1585 1586/* Sign the data contained in DATA with the key KEY and store the 1587 resulting signature in the data set DATA_SIGNATURE. */ 1588gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle, 1589 gcry_ac_key_t key, 1590 gcry_mpi_t data, 1591 gcry_ac_data_t *data_signature) 1592 /* */ _GCRY_ATTR_INTERNAL; 1593 1594/* Verify that the signature contained in the data set DATA_SIGNATURE 1595 is indeed the result of signing the data contained in DATA with the 1596 secret key belonging to the public key KEY. */ 1597gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle, 1598 gcry_ac_key_t key, 1599 gcry_mpi_t data, 1600 gcry_ac_data_t data_signature) 1601 /* */ _GCRY_ATTR_INTERNAL; 1602 1603/* Encrypts the plain text readable from IO_MESSAGE through HANDLE 1604 with the public key KEY according to SCHEME, FLAGS and OPTS. If 1605 OPTS is not NULL, it has to be a pointer to a structure specific to 1606 the chosen scheme (gcry_ac_es_*_t). The encrypted message is 1607 written to IO_CIPHER. */ 1608gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle, 1609 gcry_ac_scheme_t scheme, 1610 unsigned int flags, void *opts, 1611 gcry_ac_key_t key, 1612 gcry_ac_io_t *io_message, 1613 gcry_ac_io_t *io_cipher) 1614 /* */ _GCRY_ATTR_INTERNAL; 1615 1616/* Decrypts the cipher text readable from IO_CIPHER through HANDLE 1617 with the secret key KEY according to SCHEME, @var{flags} and OPTS. 1618 If OPTS is not NULL, it has to be a pointer to a structure specific 1619 to the chosen scheme (gcry_ac_es_*_t). The decrypted message is 1620 written to IO_MESSAGE. */ 1621gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle, 1622 gcry_ac_scheme_t scheme, 1623 unsigned int flags, void *opts, 1624 gcry_ac_key_t key, 1625 gcry_ac_io_t *io_cipher, 1626 gcry_ac_io_t *io_message) 1627 /* */ _GCRY_ATTR_INTERNAL; 1628 1629/* Signs the message readable from IO_MESSAGE through HANDLE with the 1630 secret key KEY according to SCHEME, FLAGS and OPTS. If OPTS is not 1631 NULL, it has to be a pointer to a structure specific to the chosen 1632 scheme (gcry_ac_ssa_*_t). The signature is written to 1633 IO_SIGNATURE. */ 1634gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle, 1635 gcry_ac_scheme_t scheme, 1636 unsigned int flags, void *opts, 1637 gcry_ac_key_t key, 1638 gcry_ac_io_t *io_message, 1639 gcry_ac_io_t *io_signature) 1640 /* */ _GCRY_ATTR_INTERNAL; 1641 1642/* Verifies through HANDLE that the signature readable from 1643 IO_SIGNATURE is indeed the result of signing the message readable 1644 from IO_MESSAGE with the secret key belonging to the public key KEY 1645 according to SCHEME and OPTS. If OPTS is not NULL, it has to be an 1646 anonymous structure (gcry_ac_ssa_*_t) specific to the chosen 1647 scheme. */ 1648gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle, 1649 gcry_ac_scheme_t scheme, 1650 unsigned int flags, void *opts, 1651 gcry_ac_key_t key, 1652 gcry_ac_io_t *io_message, 1653 gcry_ac_io_t *io_signature) 1654 /* */ _GCRY_ATTR_INTERNAL; 1655 1656/* Store the textual representation of the algorithm whose id is given 1657 in ALGORITHM in NAME. This function is deprecated; use 1658 gcry_pk_algo_name. */ 1659gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm, 1660 const char **name) 1661 /* */ _GCRY_GCC_ATTR_DEPRECATED; 1662/* Store the numeric ID of the algorithm whose textual representation 1663 is contained in NAME in ALGORITHM. This function is deprecated; 1664 use gcry_pk_map_name. */ 1665gcry_error_t gcry_ac_name_to_id (const char *name, 1666 gcry_ac_id_t *algorithm) 1667 /* */ _GCRY_GCC_ATTR_DEPRECATED; 1668#endif /*GCRYPT_NO_DEPRECATED*/ 1669 1670 1671/****************************** 1672 * * 1673 * Key Derivation Functions * 1674 * * 1675 ******************************/ 1676 1677/* Algorithm IDs for the KDFs. */ 1678enum gcry_kdf_algos 1679 { 1680 GCRY_KDF_NONE = 0, 1681 GCRY_KDF_SIMPLE_S2K = 16, 1682 GCRY_KDF_SALTED_S2K = 17, 1683 GCRY_KDF_ITERSALTED_S2K = 19, 1684 GCRY_KDF_PBKDF1 = 33, 1685 GCRY_KDF_PBKDF2 = 34 1686 }; 1687 1688/* Derive a key from a passphrase. */ 1689gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen, 1690 int algo, int subalgo, 1691 const void *salt, size_t saltlen, 1692 unsigned long iterations, 1693 size_t keysize, void *keybuffer); 1694 1695 1696 1697 1698/************************************ 1699 * * 1700 * Random Generating Functions * 1701 * * 1702 ************************************/ 1703 1704/* The possible values for the random quality. The rule of thumb is 1705 to use STRONG for session keys and VERY_STRONG for key material. 1706 WEAK is usually an alias for STRONG and should not be used anymore 1707 (except with gcry_mpi_randomize); use gcry_create_nonce instead. */ 1708typedef enum gcry_random_level 1709 { 1710 GCRY_WEAK_RANDOM = 0, 1711 GCRY_STRONG_RANDOM = 1, 1712 GCRY_VERY_STRONG_RANDOM = 2 1713 } 1714gcry_random_level_t; 1715 1716/* Fill BUFFER with LENGTH bytes of random, using random numbers of 1717 quality LEVEL. */ 1718void gcry_randomize (void *buffer, size_t length, 1719 enum gcry_random_level level); 1720 1721/* Add the external random from BUFFER with LENGTH bytes into the 1722 pool. QUALITY should either be -1 for unknown or in the range of 0 1723 to 100 */ 1724gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length, 1725 int quality); 1726 1727/* If random numbers are used in an application, this macro should be 1728 called from time to time so that new stuff gets added to the 1729 internal pool of the RNG. */ 1730#define gcry_fast_random_poll() gcry_control (GCRYCTL_FAST_POLL, NULL) 1731 1732 1733/* Return NBYTES of allocated random using a random numbers of quality 1734 LEVEL. */ 1735void *gcry_random_bytes (size_t nbytes, enum gcry_random_level level) 1736 _GCRY_GCC_ATTR_MALLOC; 1737 1738/* Return NBYTES of allocated random using a random numbers of quality 1739 LEVEL. The random numbers are created returned in "secure" 1740 memory. */ 1741void *gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level) 1742 _GCRY_GCC_ATTR_MALLOC; 1743 1744 1745/* Set the big integer W to a random value of NBITS using a random 1746 generator with quality LEVEL. Note that by using a level of 1747 GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */ 1748void gcry_mpi_randomize (gcry_mpi_t w, 1749 unsigned int nbits, enum gcry_random_level level); 1750 1751 1752/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */ 1753void gcry_create_nonce (void *buffer, size_t length); 1754 1755 1756 1757 1758 1759/*******************************/ 1760/* */ 1761/* Prime Number Functions */ 1762/* */ 1763/*******************************/ 1764 1765/* Mode values passed to a gcry_prime_check_func_t. */ 1766#define GCRY_PRIME_CHECK_AT_FINISH 0 1767#define GCRY_PRIME_CHECK_AT_GOT_PRIME 1 1768#define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2 1769 1770/* The function should return 1 if the operation shall continue, 0 to 1771 reject the prime candidate. */ 1772typedef int (*gcry_prime_check_func_t) (void *arg, int mode, 1773 gcry_mpi_t candidate); 1774 1775/* Flags for gcry_prime_generate(): */ 1776 1777/* Allocate prime numbers and factors in secure memory. */ 1778#define GCRY_PRIME_FLAG_SECRET (1 << 0) 1779 1780/* Make sure that at least one prime factor is of size 1781 `FACTOR_BITS'. */ 1782#define GCRY_PRIME_FLAG_SPECIAL_FACTOR (1 << 1) 1783 1784/* Generate a new prime number of PRIME_BITS bits and store it in 1785 PRIME. If FACTOR_BITS is non-zero, one of the prime factors of 1786 (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is 1787 non-zero, allocate a new, NULL-terminated array holding the prime 1788 factors and store it in FACTORS. FLAGS might be used to influence 1789 the prime number generation process. */ 1790gcry_error_t gcry_prime_generate (gcry_mpi_t *prime, 1791 unsigned int prime_bits, 1792 unsigned int factor_bits, 1793 gcry_mpi_t **factors, 1794 gcry_prime_check_func_t cb_func, 1795 void *cb_arg, 1796 gcry_random_level_t random_level, 1797 unsigned int flags); 1798 1799/* Find a generator for PRIME where the factorization of (prime-1) is 1800 in the NULL terminated array FACTORS. Return the generator as a 1801 newly allocated MPI in R_G. If START_G is not NULL, use this as 1802 teh start for the search. */ 1803gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g, 1804 gcry_mpi_t prime, 1805 gcry_mpi_t *factors, 1806 gcry_mpi_t start_g); 1807 1808 1809/* Convenience function to release the FACTORS array. */ 1810void gcry_prime_release_factors (gcry_mpi_t *factors); 1811 1812 1813/* Check wether the number X is prime. */ 1814gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags); 1815 1816 1817 1818/************************************ 1819 * * 1820 * Miscellaneous Stuff * 1821 * * 1822 ************************************/ 1823 1824/* Log levels used by the internal logging facility. */ 1825enum gcry_log_levels 1826 { 1827 GCRY_LOG_CONT = 0, /* (Continue the last log line.) */ 1828 GCRY_LOG_INFO = 10, 1829 GCRY_LOG_WARN = 20, 1830 GCRY_LOG_ERROR = 30, 1831 GCRY_LOG_FATAL = 40, 1832 GCRY_LOG_BUG = 50, 1833 GCRY_LOG_DEBUG = 100 1834 }; 1835 1836/* Type for progress handlers. */ 1837typedef void (*gcry_handler_progress_t) (void *, const char *, int, int, int); 1838 1839/* Type for memory allocation handlers. */ 1840typedef void *(*gcry_handler_alloc_t) (size_t n); 1841 1842/* Type for secure memory check handlers. */ 1843typedef int (*gcry_handler_secure_check_t) (const void *); 1844 1845/* Type for memory reallocation handlers. */ 1846typedef void *(*gcry_handler_realloc_t) (void *p, size_t n); 1847 1848/* Type for memory free handlers. */ 1849typedef void (*gcry_handler_free_t) (void *); 1850 1851/* Type for out-of-memory handlers. */ 1852typedef int (*gcry_handler_no_mem_t) (void *, size_t, unsigned int); 1853 1854/* Type for fatal error handlers. */ 1855typedef void (*gcry_handler_error_t) (void *, int, const char *); 1856 1857/* Type for logging handlers. */ 1858typedef void (*gcry_handler_log_t) (void *, int, const char *, va_list); 1859 1860/* Certain operations can provide progress information. This function 1861 is used to register a handler for retrieving these information. */ 1862void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data); 1863 1864 1865/* Register a custom memory allocation functions. */ 1866void gcry_set_allocation_handler ( 1867 gcry_handler_alloc_t func_alloc, 1868 gcry_handler_alloc_t func_alloc_secure, 1869 gcry_handler_secure_check_t func_secure_check, 1870 gcry_handler_realloc_t func_realloc, 1871 gcry_handler_free_t func_free); 1872 1873/* Register a function used instead of the internal out of memory 1874 handler. */ 1875void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque); 1876 1877/* Register a function used instead of the internal fatal error 1878 handler. */ 1879void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque); 1880 1881/* Register a function used instead of the internal logging 1882 facility. */ 1883void gcry_set_log_handler (gcry_handler_log_t f, void *opaque); 1884 1885/* Reserved for future use. */ 1886void gcry_set_gettext_handler (const char *(*f)(const char*)); 1887 1888/* Libgcrypt uses its own memory allocation. It is important to use 1889 gcry_free () to release memory allocated by libgcrypt. */ 1890void *gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC; 1891void *gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC; 1892void *gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC; 1893void *gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC; 1894void *gcry_realloc (void *a, size_t n); 1895char *gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC; 1896void *gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC; 1897void *gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC; 1898void *gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC; 1899void *gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC; 1900void *gcry_xrealloc (void *a, size_t n); 1901char *gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC; 1902void gcry_free (void *a); 1903 1904/* Return true if A is allocated in "secure" memory. */ 1905int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE; 1906 1907/* Return true if Libgcrypt is in FIPS mode. */ 1908#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0) 1909 1910 1911/* Include support for Libgcrypt modules. */ 1912#include <gcrypt-module.h> 1913 1914#if 0 /* (Keep Emacsens' auto-indent happy.) */ 1915{ 1916#endif 1917#ifdef __cplusplus 1918} 1919#endif 1920#endif /* _GCRYPT_H */ 1921/* 1922@emacs_local_vars_begin@ 1923@emacs_local_vars_read_only@ 1924@emacs_local_vars_end@ 1925*/ 1926