1/* gcrypt.h - GNU Cryptographic Library Interface -*- c -*-
2 Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006
3 2007, 2008, 2009, 2010, 2011,
4 2012 Free Software Foundation, Inc.
5 Copyright (C) 2012, 2013 g10 Code GmbH
6
7 This file is part of Libgcrypt.
8
9 Libgcrypt is free software; you can redistribute it and/or modify
10 it under the terms of the GNU Lesser General Public License as
11 published by the Free Software Foundation; either version 2.1 of
12 the License, or (at your option) any later version.
13
14 Libgcrypt is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this program; if not, see <http://www.gnu.org/licenses/>.
21
22 File: @configure_input@ */
23
24#ifndef _GCRYPT_H
25#define _GCRYPT_H
26
27#include <stdlib.h>
28#include <stdarg.h>
29#include <string.h>
30
31#include <gpg-error.h>
32
33#include <sys/types.h>
34
35#if defined _WIN32 || defined __WIN32__
36# include <winsock2.h>
37# include <ws2tcpip.h>
38# include <time.h>
39# ifndef __GNUC__
40 typedef long ssize_t;
41 typedef int pid_t;
42# endif /*!__GNUC__*/
43#else
44# include <sys/socket.h>
45# include <sys/time.h>
46#@INSERT_SYS_SELECT_H@
47#endif /*!_WIN32*/
48
49@FALLBACK_SOCKLEN_T@
50
51/* This is required for error code compatibility. */
52#define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT
53
54#ifdef __cplusplus
55extern "C" {
56#if 0 /* (Keep Emacsens' auto-indent happy.) */
57}
58#endif
59#endif
60
61/* The version of this header should match the one of the library. It
62 should not be used by a program because gcry_check_version() should
63 return the same version. The purpose of this macro is to let
64 autoconf (using the AM_PATH_GCRYPT macro) check that this header
65 matches the installed library. */
66#define GCRYPT_VERSION "@VERSION@"
67
68/* The version number of this header. It may be used to handle minor
69 API incompatibilities. */
70#define GCRYPT_VERSION_NUMBER @VERSION_NUMBER@
71
72
73/* Internal: We can't use the convenience macros for the multi
74 precision integer functions when building this library. */
75#ifdef _GCRYPT_IN_LIBGCRYPT
76#ifndef GCRYPT_NO_MPI_MACROS
77#define GCRYPT_NO_MPI_MACROS 1
78#endif
79#endif
80
81/* We want to use gcc attributes when possible. Warning: Don't use
82 these macros in your programs: As indicated by the leading
83 underscore they are subject to change without notice. */
84#ifdef __GNUC__
85
86#define _GCRY_GCC_VERSION (__GNUC__ * 10000 \
87 + __GNUC_MINOR__ * 100 \
88 + __GNUC_PATCHLEVEL__)
89
90#if _GCRY_GCC_VERSION >= 30100
91#define _GCRY_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
92#endif
93
94#if _GCRY_GCC_VERSION >= 29600
95#define _GCRY_GCC_ATTR_PURE __attribute__ ((__pure__))
96#endif
97
98#if _GCRY_GCC_VERSION >= 30200
99#define _GCRY_GCC_ATTR_MALLOC __attribute__ ((__malloc__))
100#endif
101
102#endif /*__GNUC__*/
103
104#ifndef _GCRY_GCC_ATTR_DEPRECATED
105#define _GCRY_GCC_ATTR_DEPRECATED
106#endif
107#ifndef _GCRY_GCC_ATTR_PURE
108#define _GCRY_GCC_ATTR_PURE
109#endif
110#ifndef _GCRY_GCC_ATTR_MALLOC
111#define _GCRY_GCC_ATTR_MALLOC
112#endif
113
114/* Make up an attribute to mark functions and types as deprecated but
115 allow internal use by Libgcrypt. */
116#ifdef _GCRYPT_IN_LIBGCRYPT
117#define _GCRY_ATTR_INTERNAL
118#else
119#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED
120#endif
121
122/* Wrappers for the libgpg-error library. */
123
124typedef gpg_error_t gcry_error_t;
125typedef gpg_err_code_t gcry_err_code_t;
126typedef gpg_err_source_t gcry_err_source_t;
127
128static GPG_ERR_INLINE gcry_error_t
129gcry_err_make (gcry_err_source_t source, gcry_err_code_t code)
130{
131 return gpg_err_make (source, code);
132}
133
134/* The user can define GPG_ERR_SOURCE_DEFAULT before including this
135 file to specify a default source for gpg_error. */
136#ifndef GCRY_ERR_SOURCE_DEFAULT
137#define GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1
138#endif
139
140static GPG_ERR_INLINE gcry_error_t
141gcry_error (gcry_err_code_t code)
142{
143 return gcry_err_make (GCRY_ERR_SOURCE_DEFAULT, code);
144}
145
146static GPG_ERR_INLINE gcry_err_code_t
147gcry_err_code (gcry_error_t err)
148{
149 return gpg_err_code (err);
150}
151
152
153static GPG_ERR_INLINE gcry_err_source_t
154gcry_err_source (gcry_error_t err)
155{
156 return gpg_err_source (err);
157}
158
159/* Return a pointer to a string containing a description of the error
160 code in the error value ERR. */
161const char *gcry_strerror (gcry_error_t err);
162
163/* Return a pointer to a string containing a description of the error
164 source in the error value ERR. */
165const char *gcry_strsource (gcry_error_t err);
166
167/* Retrieve the error code for the system error ERR. This returns
168 GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
169 this). */
170gcry_err_code_t gcry_err_code_from_errno (int err);
171
172/* Retrieve the system error for the error code CODE. This returns 0
173 if CODE is not a system error code. */
174int gcry_err_code_to_errno (gcry_err_code_t code);
175
176/* Return an error value with the error source SOURCE and the system
177 error ERR. */
178gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err);
179
180/* Return an error value with the system error ERR. */
181gcry_err_code_t gcry_error_from_errno (int err);
182
183�
184/* This enum is deprecated; it is only declared for the sake of
185 complete API compatibility. */
186enum gcry_thread_option
187 {
188 _GCRY_THREAD_OPTION_DUMMY
189 } _GCRY_GCC_ATTR_DEPRECATED;
190
191
192/* Constants defining the thread model to use. Used with the OPTION
193 field of the struct gcry_thread_cbs. */
194#define GCRY_THREAD_OPTION_DEFAULT 0
195#define GCRY_THREAD_OPTION_USER 1
196#define GCRY_THREAD_OPTION_PTH 2
197#define GCRY_THREAD_OPTION_PTHREAD 3
198
199/* The version number encoded in the OPTION field of the struct
200 gcry_thread_cbs. */
201#define GCRY_THREAD_OPTION_VERSION 0
202
203/* Wrapper for struct ath_ops. */
204struct gcry_thread_cbs
205{
206 /* The OPTION field encodes the thread model and the version number
207 of this structure.
208 Bits 7 - 0 are used for the thread model
209 Bits 15 - 8 are used for the version number.
210 */
211 unsigned int option;
212
213 int (*init) (void);
214 int (*mutex_init) (void **priv);
215 int (*mutex_destroy) (void **priv);
216 int (*mutex_lock) (void **priv);
217 int (*mutex_unlock) (void **priv);
218 ssize_t (*read) (int fd, void *buf, size_t nbytes);
219 ssize_t (*write) (int fd, const void *buf, size_t nbytes);
220#ifdef _WIN32
221 ssize_t (*select) (int nfd, void *rset, void *wset, void *eset,
222 struct timeval *timeout);
223 ssize_t (*waitpid) (pid_t pid, int *status, int options);
224 int (*accept) (int s, void *addr, int *length_ptr);
225 int (*connect) (int s, void *addr, gcry_socklen_t length);
226 int (*sendmsg) (int s, const void *msg, int flags);
227 int (*recvmsg) (int s, void *msg, int flags);
228#else
229 ssize_t (*select) (int nfd, fd_set *rset, fd_set *wset, fd_set *eset,
230 struct timeval *timeout);
231 ssize_t (*waitpid) (pid_t pid, int *status, int options);
232 int (*accept) (int s, struct sockaddr *addr, gcry_socklen_t *length_ptr);
233 int (*connect) (int s, struct sockaddr *addr, gcry_socklen_t length);
234 int (*sendmsg) (int s, const struct msghdr *msg, int flags);
235 int (*recvmsg) (int s, struct msghdr *msg, int flags);
236#endif
237};
238
239#ifdef _WIN32
240# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \
241static ssize_t gcry_pth_select (int nfd, void *rset, void *wset, \
242 void *eset, struct timeval *timeout) \
243 { return pth_select (nfd, rset, wset, eset, timeout); } \
244static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \
245 { return pth_waitpid (pid, status, options); } \
246static int gcry_pth_accept (int s, void *addr, \
247 gcry_socklen_t *length_ptr) \
248 { return pth_accept (s, addr, length_ptr); } \
249static int gcry_pth_connect (int s, void *addr, \
250 gcry_socklen_t length) \
251 { return pth_connect (s, addr, length); }
252#else /*!_WIN32*/
253# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \
254static ssize_t gcry_pth_select (int nfd, fd_set *rset, fd_set *wset, \
255 fd_set *eset, struct timeval *timeout) \
256 { return pth_select (nfd, rset, wset, eset, timeout); } \
257static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \
258 { return pth_waitpid (pid, status, options); } \
259static int gcry_pth_accept (int s, struct sockaddr *addr, \
260 gcry_socklen_t *length_ptr) \
261 { return pth_accept (s, addr, length_ptr); } \
262static int gcry_pth_connect (int s, struct sockaddr *addr, \
263 gcry_socklen_t length) \
264 { return pth_connect (s, addr, length); }
265#endif /*!_WIN32*/
266
267
268
269#define GCRY_THREAD_OPTION_PTH_IMPL \
270static int gcry_pth_init (void) \
271{ return (pth_init () == FALSE) ? errno : 0; } \
272static int gcry_pth_mutex_init (void **priv) \
273{ \
274 int err = 0; \
275 pth_mutex_t *lock = malloc (sizeof (pth_mutex_t)); \
276 \
277 if (!lock) \
278 err = ENOMEM; \
279 if (!err) \
280 { \
281 err = pth_mutex_init (lock); \
282 if (err == FALSE) \
283 err = errno; \
284 else \
285 err = 0; \
286 if (err) \
287 free (lock); \
288 else \
289 *priv = lock; \
290 } \
291 return err; \
292} \
293static int gcry_pth_mutex_destroy (void **lock) \
294 { /* GNU Pth has no destructor function. */ free (*lock); return 0; } \
295static int gcry_pth_mutex_lock (void **lock) \
296 { return ((pth_mutex_acquire (*lock, 0, NULL)) == FALSE) \
297 ? errno : 0; } \
298static int gcry_pth_mutex_unlock (void **lock) \
299 { return ((pth_mutex_release (*lock)) == FALSE) \
300 ? errno : 0; } \
301static ssize_t gcry_pth_read (int fd, void *buf, size_t nbytes) \
302 { return pth_read (fd, buf, nbytes); } \
303static ssize_t gcry_pth_write (int fd, const void *buf, size_t nbytes) \
304 { return pth_write (fd, buf, nbytes); } \
305_GCRY_THREAD_OPTION_PTH_IMPL_NET \
306 \
307/* Note: GNU Pth is missing pth_sendmsg and pth_recvmsg. */ \
308static struct gcry_thread_cbs gcry_threads_pth = { \
309 (GCRY_THREAD_OPTION_PTH | (GCRY_THREAD_OPTION_VERSION << 8)), \
310 gcry_pth_init, gcry_pth_mutex_init, gcry_pth_mutex_destroy, \
311 gcry_pth_mutex_lock, gcry_pth_mutex_unlock, gcry_pth_read, gcry_pth_write, \
312 gcry_pth_select, gcry_pth_waitpid, gcry_pth_accept, gcry_pth_connect, \
313 NULL, NULL }
314
315
316#define GCRY_THREAD_OPTION_PTHREAD_IMPL \
317static int gcry_pthread_mutex_init (void **priv) \
318{ \
319 int err = 0; \
320 pthread_mutex_t *lock = (pthread_mutex_t*)malloc (sizeof (pthread_mutex_t));\
321 \
322 if (!lock) \
323 err = ENOMEM; \
324 if (!err) \
325 { \
326 err = pthread_mutex_init (lock, NULL); \
327 if (err) \
328 free (lock); \
329 else \
330 *priv = lock; \
331 } \
332 return err; \
333} \
334static int gcry_pthread_mutex_destroy (void **lock) \
335 { int err = pthread_mutex_destroy ((pthread_mutex_t*)*lock); \
336 free (*lock); return err; } \
337static int gcry_pthread_mutex_lock (void **lock) \
338 { return pthread_mutex_lock ((pthread_mutex_t*)*lock); } \
339static int gcry_pthread_mutex_unlock (void **lock) \
340 { return pthread_mutex_unlock ((pthread_mutex_t*)*lock); } \
341 \
342static struct gcry_thread_cbs gcry_threads_pthread = { \
343 (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), \
344 NULL, gcry_pthread_mutex_init, gcry_pthread_mutex_destroy, \
345 gcry_pthread_mutex_lock, gcry_pthread_mutex_unlock, \
346 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
347
348�
349/* The data object used to hold a multi precision integer. */
350struct gcry_mpi;
351typedef struct gcry_mpi *gcry_mpi_t;
352
353#ifndef GCRYPT_NO_DEPRECATED
354typedef struct gcry_mpi *GCRY_MPI _GCRY_GCC_ATTR_DEPRECATED;
355typedef struct gcry_mpi *GcryMPI _GCRY_GCC_ATTR_DEPRECATED;
356#endif
357
358�
359
360/* Check that the library fulfills the version requirement. */
361const char *gcry_check_version (const char *req_version);
362
363/* Codes for function dispatchers. */
364
365/* Codes used with the gcry_control function. */
366enum gcry_ctl_cmds
367 {
368 GCRYCTL_SET_KEY = 1,
369 GCRYCTL_SET_IV = 2,
370 GCRYCTL_CFB_SYNC = 3,
371 GCRYCTL_RESET = 4, /* e.g. for MDs */
372 GCRYCTL_FINALIZE = 5,
373 GCRYCTL_GET_KEYLEN = 6,
374 GCRYCTL_GET_BLKLEN = 7,
375 GCRYCTL_TEST_ALGO = 8,
376 GCRYCTL_IS_SECURE = 9,
377 GCRYCTL_GET_ASNOID = 10,
378 GCRYCTL_ENABLE_ALGO = 11,
379 GCRYCTL_DISABLE_ALGO = 12,
380 GCRYCTL_DUMP_RANDOM_STATS = 13,
381 GCRYCTL_DUMP_SECMEM_STATS = 14,
382 GCRYCTL_GET_ALGO_NPKEY = 15,
383 GCRYCTL_GET_ALGO_NSKEY = 16,
384 GCRYCTL_GET_ALGO_NSIGN = 17,
385 GCRYCTL_GET_ALGO_NENCR = 18,
386 GCRYCTL_SET_VERBOSITY = 19,
387 GCRYCTL_SET_DEBUG_FLAGS = 20,
388 GCRYCTL_CLEAR_DEBUG_FLAGS = 21,
389 GCRYCTL_USE_SECURE_RNDPOOL= 22,
390 GCRYCTL_DUMP_MEMORY_STATS = 23,
391 GCRYCTL_INIT_SECMEM = 24,
392 GCRYCTL_TERM_SECMEM = 25,
393 GCRYCTL_DISABLE_SECMEM_WARN = 27,
394 GCRYCTL_SUSPEND_SECMEM_WARN = 28,
395 GCRYCTL_RESUME_SECMEM_WARN = 29,
396 GCRYCTL_DROP_PRIVS = 30,
397 GCRYCTL_ENABLE_M_GUARD = 31,
398 GCRYCTL_START_DUMP = 32,
399 GCRYCTL_STOP_DUMP = 33,
400 GCRYCTL_GET_ALGO_USAGE = 34,
401 GCRYCTL_IS_ALGO_ENABLED = 35,
402 GCRYCTL_DISABLE_INTERNAL_LOCKING = 36,
403 GCRYCTL_DISABLE_SECMEM = 37,
404 GCRYCTL_INITIALIZATION_FINISHED = 38,
405 GCRYCTL_INITIALIZATION_FINISHED_P = 39,
406 GCRYCTL_ANY_INITIALIZATION_P = 40,
407 GCRYCTL_SET_CBC_CTS = 41,
408 GCRYCTL_SET_CBC_MAC = 42,
409 GCRYCTL_SET_CTR = 43,
410 GCRYCTL_ENABLE_QUICK_RANDOM = 44,
411 GCRYCTL_SET_RANDOM_SEED_FILE = 45,
412 GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46,
413 GCRYCTL_SET_THREAD_CBS = 47,
414 GCRYCTL_FAST_POLL = 48,
415 GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
416 GCRYCTL_USE_RANDOM_DAEMON = 50,
417 GCRYCTL_FAKED_RANDOM_P = 51,
418 GCRYCTL_SET_RNDEGD_SOCKET = 52,
419 GCRYCTL_PRINT_CONFIG = 53,
420 GCRYCTL_OPERATIONAL_P = 54,
421 GCRYCTL_FIPS_MODE_P = 55,
422 GCRYCTL_FORCE_FIPS_MODE = 56,
423 GCRYCTL_SELFTEST = 57,
424 /* Note: 58 .. 62 are used internally. */
425 GCRYCTL_DISABLE_HWF = 63,
426 GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64
427 };
428
429/* Perform various operations defined by CMD. */
430gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...);
431
432�
433/* S-expression management. */
434
435/* The object to represent an S-expression as used with the public key
436 functions. */
437struct gcry_sexp;
438typedef struct gcry_sexp *gcry_sexp_t;
439
440#ifndef GCRYPT_NO_DEPRECATED
441typedef struct gcry_sexp *GCRY_SEXP _GCRY_GCC_ATTR_DEPRECATED;
442typedef struct gcry_sexp *GcrySexp _GCRY_GCC_ATTR_DEPRECATED;
443#endif
444
445/* The possible values for the S-expression format. */
446enum gcry_sexp_format
447 {
448 GCRYSEXP_FMT_DEFAULT = 0,
449 GCRYSEXP_FMT_CANON = 1,
450 GCRYSEXP_FMT_BASE64 = 2,
451 GCRYSEXP_FMT_ADVANCED = 3
452 };
453
454/* Create an new S-expression object from BUFFER of size LENGTH and
455 return it in RETSEXP. With AUTODETECT set to 0 the data in BUFFER
456 is expected to be in canonized format. */
457gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp,
458 const void *buffer, size_t length,
459 int autodetect);
460
461 /* Same as gcry_sexp_new but allows to pass a FREEFNC which has the
462 effect to transfer ownership of BUFFER to the created object. */
463gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp,
464 void *buffer, size_t length,
465 int autodetect, void (*freefnc) (void *));
466
467/* Scan BUFFER and return a new S-expression object in RETSEXP. This
468 function expects a printf like string in BUFFER. */
469gcry_error_t gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
470 const char *buffer, size_t length);
471
472/* Same as gcry_sexp_sscan but expects a string in FORMAT and can thus
473 only be used for certain encodings. */
474gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
475 const char *format, ...);
476
477/* Like gcry_sexp_build, but uses an array instead of variable
478 function arguments. */
479gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
480 const char *format, void **arg_list);
481
482/* Release the S-expression object SEXP */
483void gcry_sexp_release (gcry_sexp_t sexp);
484
485/* Calculate the length of an canonized S-expresion in BUFFER and
486 check for a valid encoding. */
487size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
488 size_t *erroff, gcry_error_t *errcode);
489
490/* Copies the S-expression object SEXP into BUFFER using the format
491 specified in MODE. */
492size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
493 size_t maxlength);
494
495/* Dumps the S-expression object A in a format suitable for debugging
496 to Libgcrypt's logging stream. */
497void gcry_sexp_dump (const gcry_sexp_t a);
498
499gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
500gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array);
501gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...);
502gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
503gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);
504
505/* Scan the S-expression for a sublist with a type (the car of the
506 list) matching the string TOKEN. If TOKLEN is not 0, the token is
507 assumed to be raw memory of this length. The function returns a
508 newly allocated S-expression consisting of the found sublist or
509 `NULL' when not found. */
510gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list,
511 const char *tok, size_t toklen);
512/* Return the length of the LIST. For a valid S-expression this
513 should be at least 1. */
514int gcry_sexp_length (const gcry_sexp_t list);
515
516/* Create and return a new S-expression from the element with index
517 NUMBER in LIST. Note that the first element has the index 0. If
518 there is no such element, `NULL' is returned. */
519gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number);
520
521/* Create and return a new S-expression from the first element in
522 LIST; this called the "type" and should always exist and be a
523 string. `NULL' is returned in case of a problem. */
524gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list);
525
526/* Create and return a new list form all elements except for the first
527 one. Note, that this function may return an invalid S-expression
528 because it is not guaranteed, that the type exists and is a string.
529 However, for parsing a complex S-expression it might be useful for
530 intermediate lists. Returns `NULL' on error. */
531gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list);
532
533gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list);
534
535
536/* This function is used to get data from a LIST. A pointer to the
537 actual data with index NUMBER is returned and the length of this
538 data will be stored to DATALEN. If there is no data at the given
539 index or the index represents another list, `NULL' is returned.
540 *Note:* The returned pointer is valid as long as LIST is not
541 modified or released. */
542const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number,
543 size_t *datalen);
544
545/* This function is used to get and convert data from a LIST. The
546 data is assumed to be a Nul terminated string. The caller must
547 release the returned value using `gcry_free'. If there is no data
548 at the given index, the index represents a list or the value can't
549 be converted to a string, `NULL' is returned. */
550char *gcry_sexp_nth_string (gcry_sexp_t list, int number);
551
552/* This function is used to get and convert data from a LIST. This
553 data is assumed to be an MPI stored in the format described by
554 MPIFMT and returned as a standard Libgcrypt MPI. The caller must
555 release this returned value using `gcry_mpi_release'. If there is
556 no data at the given index, the index represents a list or the
557 value can't be converted to an MPI, `NULL' is returned. */
558gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
559
560
561�
562/*******************************************
563 * *
564 * Multi Precision Integer Functions *
565 * *
566 *******************************************/
567
568/* Different formats of external big integer representation. */
569enum gcry_mpi_format
570 {
571 GCRYMPI_FMT_NONE= 0,
572 GCRYMPI_FMT_STD = 1, /* Twos complement stored without length. */
573 GCRYMPI_FMT_PGP = 2, /* As used by OpenPGP (unsigned only). */
574 GCRYMPI_FMT_SSH = 3, /* As used by SSH (like STD but with length). */
575 GCRYMPI_FMT_HEX = 4, /* Hex format. */
576 GCRYMPI_FMT_USG = 5 /* Like STD but unsigned. */
577 };
578
579/* Flags used for creating big integers. */
580enum gcry_mpi_flag
581 {
582 GCRYMPI_FLAG_SECURE = 1, /* Allocate the number in "secure" memory. */
583 GCRYMPI_FLAG_OPAQUE = 2 /* The number is not a real one but just
584 a way to store some bytes. This is
585 useful for encrypted big integers. */
586 };
587
588
589/* Allocate a new big integer object, initialize it with 0 and
590 initially allocate memory for a number of at least NBITS. */
591gcry_mpi_t gcry_mpi_new (unsigned int nbits);
592
593/* Same as gcry_mpi_new() but allocate in "secure" memory. */
594gcry_mpi_t gcry_mpi_snew (unsigned int nbits);
595
596/* Release the number A and free all associated resources. */
597void gcry_mpi_release (gcry_mpi_t a);
598
599/* Create a new number with the same value as A. */
600gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a);
601
602/* Store the big integer value U in W. */
603gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);
604
605/* Store the unsigned integer value U in W. */
606gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);
607
608/* Swap the values of A and B. */
609void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);
610
611/* Compare the big integer number U and V returning 0 for equality, a
612 positive value for U > V and a negative for U < V. */
613int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);
614
615/* Compare the big integer number U with the unsigned integer V
616 returning 0 for equality, a positive value for U > V and a negative
617 for U < V. */
618int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);
619
620/* Convert the external representation of an integer stored in BUFFER
621 with a length of BUFLEN into a newly create MPI returned in
622 RET_MPI. If NSCANNED is not NULL, it will receive the number of
623 bytes actually scanned after a successful operation. */
624gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
625 const void *buffer, size_t buflen,
626 size_t *nscanned);
627
628/* Convert the big integer A into the external representation
629 described by FORMAT and store it in the provided BUFFER which has
630 been allocated by the user with a size of BUFLEN bytes. NWRITTEN
631 receives the actual length of the external representation unless it
632 has been passed as NULL. */
633gcry_error_t gcry_mpi_print (enum gcry_mpi_format format,
634 unsigned char *buffer, size_t buflen,
635 size_t *nwritten,
636 const gcry_mpi_t a);
637
638/* Convert the big integer A int the external representation described
639 by FORMAT and store it in a newly allocated buffer which address
640 will be put into BUFFER. NWRITTEN receives the actual lengths of the
641 external representation. */
642gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format,
643 unsigned char **buffer, size_t *nwritten,
644 const gcry_mpi_t a);
645
646/* Dump the value of A in a format suitable for debugging to
647 Libgcrypt's logging stream. Note that one leading space but no
648 trailing space or linefeed will be printed. It is okay to pass
649 NULL for A. */
650void gcry_mpi_dump (const gcry_mpi_t a);
651
652
653/* W = U + V. */
654void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
655
656/* W = U + V. V is an unsigned integer. */
657void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);
658
659/* W = U + V mod M. */
660void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
661
662/* W = U - V. */
663void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
664
665/* W = U - V. V is an unsigned integer. */
666void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
667
668/* W = U - V mod M */
669void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
670
671/* W = U * V. */
672void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
673
674/* W = U * V. V is an unsigned integer. */
675void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
676
677/* W = U * V mod M. */
678void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
679
680/* W = U * (2 ^ CNT). */
681void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);
682
683/* Q = DIVIDEND / DIVISOR, R = DIVIDEND % DIVISOR,
684 Q or R may be passed as NULL. ROUND should be negative or 0. */
685void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
686 gcry_mpi_t dividend, gcry_mpi_t divisor, int round);
687
688/* R = DIVIDEND % DIVISOR */
689void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);
690
691/* W = B ^ E mod M. */
692void gcry_mpi_powm (gcry_mpi_t w,
693 const gcry_mpi_t b, const gcry_mpi_t e,
694 const gcry_mpi_t m);
695
696/* Set G to the greatest common divisor of A and B.
697 Return true if the G is 1. */
698int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);
699
700/* Set X to the multiplicative inverse of A mod M.
701 Return true if the value exists. */
702int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);
703
704
705/* Return the number of bits required to represent A. */
706unsigned int gcry_mpi_get_nbits (gcry_mpi_t a);
707
708/* Return true when bit number N (counting from 0) is set in A. */
709int gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);
710
711/* Set bit number N in A. */
712void gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);
713
714/* Clear bit number N in A. */
715void gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);
716
717/* Set bit number N in A and clear all bits greater than N. */
718void gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);
719
720/* Clear bit number N in A and all bits greater than N. */
721void gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);
722
723/* Shift the value of A by N bits to the right and store the result in X. */
724void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
725
726/* Shift the value of A by N bits to the left and store the result in X. */
727void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
728
729/* Store NBITS of the value P points to in A and mark A as an opaque
730 value. WARNING: Never use an opaque MPI for anything thing else then
731 gcry_mpi_release, gcry_mpi_get_opaque. */
732gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
733
734/* Return a pointer to an opaque value stored in A and return its size
735 in NBITS. Note that the returned pointer is still owned by A and
736 that the function should never be used for an non-opaque MPI. */
737void *gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits);
738
739/* Set the FLAG for the big integer A. Currently only the flag
740 GCRYMPI_FLAG_SECURE is allowed to convert A into an big intger
741 stored in "secure" memory. */
742void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
743
744/* Clear FLAG for the big integer A. Note that this function is
745 currently useless as no flags are allowed. */
746void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
747
748/* Return true when the FLAG is set for A. */
749int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
750
751/* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of
752 convenience macros for the big integer functions. */
753#ifndef GCRYPT_NO_MPI_MACROS
754#define mpi_new(n) gcry_mpi_new( (n) )
755#define mpi_secure_new( n ) gcry_mpi_snew( (n) )
756#define mpi_release(a) \
757 do \
758 { \
759 gcry_mpi_release ((a)); \
760 (a) = NULL; \
761 } \
762 while (0)
763
764#define mpi_copy( a ) gcry_mpi_copy( (a) )
765#define mpi_set( w, u) gcry_mpi_set( (w), (u) )
766#define mpi_set_ui( w, u) gcry_mpi_set_ui( (w), (u) )
767#define mpi_cmp( u, v ) gcry_mpi_cmp( (u), (v) )
768#define mpi_cmp_ui( u, v ) gcry_mpi_cmp_ui( (u), (v) )
769
770#define mpi_add_ui(w,u,v) gcry_mpi_add_ui((w),(u),(v))
771#define mpi_add(w,u,v) gcry_mpi_add ((w),(u),(v))
772#define mpi_addm(w,u,v,m) gcry_mpi_addm ((w),(u),(v),(m))
773#define mpi_sub_ui(w,u,v) gcry_mpi_sub_ui ((w),(u),(v))
774#define mpi_sub(w,u,v) gcry_mpi_sub ((w),(u),(v))
775#define mpi_subm(w,u,v,m) gcry_mpi_subm ((w),(u),(v),(m))
776#define mpi_mul_ui(w,u,v) gcry_mpi_mul_ui ((w),(u),(v))
777#define mpi_mul_2exp(w,u,v) gcry_mpi_mul_2exp ((w),(u),(v))
778#define mpi_mul(w,u,v) gcry_mpi_mul ((w),(u),(v))
779#define mpi_mulm(w,u,v,m) gcry_mpi_mulm ((w),(u),(v),(m))
780#define mpi_powm(w,b,e,m) gcry_mpi_powm ( (w), (b), (e), (m) )
781#define mpi_tdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), 0)
782#define mpi_fdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), -1)
783#define mpi_mod(r,a,m) gcry_mpi_mod ((r), (a), (m))
784#define mpi_gcd(g,a,b) gcry_mpi_gcd ( (g), (a), (b) )
785#define mpi_invm(g,a,b) gcry_mpi_invm ( (g), (a), (b) )
786
787#define mpi_get_nbits(a) gcry_mpi_get_nbits ((a))
788#define mpi_test_bit(a,b) gcry_mpi_test_bit ((a),(b))
789#define mpi_set_bit(a,b) gcry_mpi_set_bit ((a),(b))
790#define mpi_set_highbit(a,b) gcry_mpi_set_highbit ((a),(b))
791#define mpi_clear_bit(a,b) gcry_mpi_clear_bit ((a),(b))
792#define mpi_clear_highbit(a,b) gcry_mpi_clear_highbit ((a),(b))
793#define mpi_rshift(a,b,c) gcry_mpi_rshift ((a),(b),(c))
794#define mpi_lshift(a,b,c) gcry_mpi_lshift ((a),(b),(c))
795
796#define mpi_set_opaque(a,b,c) gcry_mpi_set_opaque( (a), (b), (c) )
797#define mpi_get_opaque(a,b) gcry_mpi_get_opaque( (a), (b) )
798#endif /* GCRYPT_NO_MPI_MACROS */
799
800
801�
802/************************************
803 * *
804 * Symmetric Cipher Functions *
805 * *
806 ************************************/
807
808/* The data object used to hold a handle to an encryption object. */
809struct gcry_cipher_handle;
810typedef struct gcry_cipher_handle *gcry_cipher_hd_t;
811
812#ifndef GCRYPT_NO_DEPRECATED
813typedef struct gcry_cipher_handle *GCRY_CIPHER_HD _GCRY_GCC_ATTR_DEPRECATED;
814typedef struct gcry_cipher_handle *GcryCipherHd _GCRY_GCC_ATTR_DEPRECATED;
815#endif
816
817/* All symmetric encryption algorithms are identified by their IDs.
818 More IDs may be registered at runtime. */
819enum gcry_cipher_algos
820 {
821 GCRY_CIPHER_NONE = 0,
822 GCRY_CIPHER_IDEA = 1,
823 GCRY_CIPHER_3DES = 2,
824 GCRY_CIPHER_CAST5 = 3,
825 GCRY_CIPHER_BLOWFISH = 4,
826 GCRY_CIPHER_SAFER_SK128 = 5,
827 GCRY_CIPHER_DES_SK = 6,
828 GCRY_CIPHER_AES = 7,
829 GCRY_CIPHER_AES192 = 8,
830 GCRY_CIPHER_AES256 = 9,
831 GCRY_CIPHER_TWOFISH = 10,
832
833 /* Other cipher numbers are above 300 for OpenPGP reasons. */
834 GCRY_CIPHER_ARCFOUR = 301, /* Fully compatible with RSA's RC4 (tm). */
835 GCRY_CIPHER_DES = 302, /* Yes, this is single key 56 bit DES. */
836 GCRY_CIPHER_TWOFISH128 = 303,
837 GCRY_CIPHER_SERPENT128 = 304,
838 GCRY_CIPHER_SERPENT192 = 305,
839 GCRY_CIPHER_SERPENT256 = 306,
840 GCRY_CIPHER_RFC2268_40 = 307, /* Ron's Cipher 2 (40 bit). */
841 GCRY_CIPHER_RFC2268_128 = 308, /* Ron's Cipher 2 (128 bit). */
842 GCRY_CIPHER_SEED = 309, /* 128 bit cipher described in RFC4269. */
843 GCRY_CIPHER_CAMELLIA128 = 310,
844 GCRY_CIPHER_CAMELLIA192 = 311,
845 GCRY_CIPHER_CAMELLIA256 = 312
846 };
847
848/* The Rijndael algorithm is basically AES, so provide some macros. */
849#define GCRY_CIPHER_AES128 GCRY_CIPHER_AES
850#define GCRY_CIPHER_RIJNDAEL GCRY_CIPHER_AES
851#define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128
852#define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192
853#define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256
854
855/* The supported encryption modes. Note that not all of them are
856 supported for each algorithm. */
857enum gcry_cipher_modes
858 {
859 GCRY_CIPHER_MODE_NONE = 0, /* Not yet specified. */
860 GCRY_CIPHER_MODE_ECB = 1, /* Electronic codebook. */
861 GCRY_CIPHER_MODE_CFB = 2, /* Cipher feedback. */
862 GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */
863 GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */
864 GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */
865 GCRY_CIPHER_MODE_CTR = 6, /* Counter. */
866 GCRY_CIPHER_MODE_AESWRAP= 7 /* AES-WRAP algorithm. */
867 };
868
869/* Flags used with the open function. */
870enum gcry_cipher_flags
871 {
872 GCRY_CIPHER_SECURE = 1, /* Allocate in secure memory. */
873 GCRY_CIPHER_ENABLE_SYNC = 2, /* Enable CFB sync mode. */
874 GCRY_CIPHER_CBC_CTS = 4, /* Enable CBC cipher text stealing (CTS). */
875 GCRY_CIPHER_CBC_MAC = 8 /* Enable CBC message auth. code (MAC). */
876 };
877
878
879/* Create a handle for algorithm ALGO to be used in MODE. FLAGS may
880 be given as an bitwise OR of the gcry_cipher_flags values. */
881gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle,
882 int algo, int mode, unsigned int flags);
883
884/* Close the cioher handle H and release all resource. */
885void gcry_cipher_close (gcry_cipher_hd_t h);
886
887/* Perform various operations on the cipher object H. */
888gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
889 size_t buflen);
890
891/* Retrieve various information about the cipher object H. */
892gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
893 size_t *nbytes);
894
895/* Retrieve various information about the cipher algorithm ALGO. */
896gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer,
897 size_t *nbytes);
898
899/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
900 string representation of the algorithm name. For unknown algorithm
901 IDs this function returns "?". */
902const char *gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
903
904/* Map the algorithm name NAME to an cipher algorithm ID. Return 0 if
905 the algorithm name is not known. */
906int gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
907
908/* Given an ASN.1 object identifier in standard IETF dotted decimal
909 format in STRING, return the encryption mode associated with that
910 OID or 0 if not known or applicable. */
911int gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;
912
913/* Encrypt the plaintext of size INLEN in IN using the cipher handle H
914 into the buffer OUT which has an allocated length of OUTSIZE. For
915 most algorithms it is possible to pass NULL for in and 0 for INLEN
916 and do a in-place decryption of the data provided in OUT. */
917gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h,
918 void *out, size_t outsize,
919 const void *in, size_t inlen);
920
921/* The counterpart to gcry_cipher_encrypt. */
922gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h,
923 void *out, size_t outsize,
924 const void *in, size_t inlen);
925
926/* Set KEY of length KEYLEN bytes for the cipher handle HD. */
927gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
928 const void *key, size_t keylen);
929
930
931/* Set initialization vector IV of length IVLEN for the cipher handle HD. */
932gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
933 const void *iv, size_t ivlen);
934
935
936/* Reset the handle to the state after open. */
937#define gcry_cipher_reset(h) gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
938
939/* Perform the OpenPGP sync operation if this is enabled for the
940 cipher handle H. */
941#define gcry_cipher_sync(h) gcry_cipher_ctl( (h), GCRYCTL_CFB_SYNC, NULL, 0)
942
943/* Enable or disable CTS in future calls to gcry_encrypt(). CBC mode only. */
944#define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \
945 NULL, on )
946
947/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
948 block size length, or (NULL,0) to set the CTR to the all-zero block. */
949gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
950 const void *ctr, size_t ctrlen);
951
952/* Retrieve the key length in bytes used with algorithm A. */
953size_t gcry_cipher_get_algo_keylen (int algo);
954
955/* Retrieve the block length in bytes used with algorithm A. */
956size_t gcry_cipher_get_algo_blklen (int algo);
957
958/* Return 0 if the algorithm A is available for use. */
959#define gcry_cipher_test_algo(a) \
960 gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
961
962/* Get a list consisting of the IDs of the loaded cipher modules. If
963 LIST is zero, write the number of loaded cipher modules to
964 LIST_LENGTH and return. If LIST is non-zero, the first
965 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
966 according size. In case there are less cipher modules than
967 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
968gcry_error_t gcry_cipher_list (int *list, int *list_length);
969
970�
971/************************************
972 * *
973 * Asymmetric Cipher Functions *
974 * *
975 ************************************/
976
977/* The algorithms and their IDs we support. */
978enum gcry_pk_algos
979 {
980 GCRY_PK_RSA = 1,
981 GCRY_PK_RSA_E = 2, /* (deprecated) */
982 GCRY_PK_RSA_S = 3, /* (deprecated) */
983 GCRY_PK_ELG_E = 16,
984 GCRY_PK_DSA = 17,
985 GCRY_PK_ELG = 20,
986 GCRY_PK_ECDSA = 301,
987 GCRY_PK_ECDH = 302
988 };
989
990/* Flags describing usage capabilities of a PK algorithm. */
991#define GCRY_PK_USAGE_SIGN 1 /* Good for signatures. */
992#define GCRY_PK_USAGE_ENCR 2 /* Good for encryption. */
993#define GCRY_PK_USAGE_CERT 4 /* Good to certify other keys. */
994#define GCRY_PK_USAGE_AUTH 8 /* Good for authentication. */
995#define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */
996
997/* Encrypt the DATA using the public key PKEY and store the result as
998 a newly created S-expression at RESULT. */
999gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result,
1000 gcry_sexp_t data, gcry_sexp_t pkey);
1001
1002/* Decrypt the DATA using the private key SKEY and store the result as
1003 a newly created S-expression at RESULT. */
1004gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result,
1005 gcry_sexp_t data, gcry_sexp_t skey);
1006
1007/* Sign the DATA using the private key SKEY and store the result as
1008 a newly created S-expression at RESULT. */
1009gcry_error_t gcry_pk_sign (gcry_sexp_t *result,
1010 gcry_sexp_t data, gcry_sexp_t skey);
1011
1012/* Check the signature SIGVAL on DATA using the public key PKEY. */
1013gcry_error_t gcry_pk_verify (gcry_sexp_t sigval,
1014 gcry_sexp_t data, gcry_sexp_t pkey);
1015
1016/* Check that private KEY is sane. */
1017gcry_error_t gcry_pk_testkey (gcry_sexp_t key);
1018
1019/* Generate a new key pair according to the parameters given in
1020 S_PARMS. The new key pair is returned in as an S-expression in
1021 R_KEY. */
1022gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);
1023
1024/* Catch all function for miscellaneous operations. */
1025gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen);
1026
1027/* Retrieve information about the public key algorithm ALGO. */
1028gcry_error_t gcry_pk_algo_info (int algo, int what,
1029 void *buffer, size_t *nbytes);
1030
1031/* Map the public key algorithm whose ID is contained in ALGORITHM to
1032 a string representation of the algorithm name. For unknown
1033 algorithm IDs this functions returns "?". */
1034const char *gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
1035
1036/* Map the algorithm NAME to a public key algorithm Id. Return 0 if
1037 the algorithm name is not known. */
1038int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
1039
1040/* Return what is commonly referred as the key length for the given
1041 public or private KEY. */
1042unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;
1043
1044/* Please note that keygrip is still experimental and should not be
1045 used without contacting the author. */
1046unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array);
1047
1048/* Return the name of the curve matching KEY. */
1049const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator,
1050 unsigned int *r_nbits);
1051
1052/* Return an S-expression with the parameters of the named ECC curve
1053 NAME. ALGO must be set to an ECC algorithm. */
1054gcry_sexp_t gcry_pk_get_param (int algo, const char *name);
1055
1056/* Return 0 if the public key algorithm A is available for use. */
1057#define gcry_pk_test_algo(a) \
1058 gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
1059
1060/* Get a list consisting of the IDs of the loaded pubkey modules. If
1061 LIST is zero, write the number of loaded pubkey modules to
1062 LIST_LENGTH and return. If LIST is non-zero, the first
1063 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
1064 according size. In case there are less pubkey modules than
1065 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
1066gcry_error_t gcry_pk_list (int *list, int *list_length);
1067
1068�
1069
1070/************************************
1071 * *
1072 * Cryptograhic Hash Functions *
1073 * *
1074 ************************************/
1075
1076/* Algorithm IDs for the hash functions we know about. Not all of them
1077 are implemnted. */
1078enum gcry_md_algos
1079 {
1080 GCRY_MD_NONE = 0,
1081 GCRY_MD_MD5 = 1,
1082 GCRY_MD_SHA1 = 2,
1083 GCRY_MD_RMD160 = 3,
1084 GCRY_MD_MD2 = 5,
1085 GCRY_MD_TIGER = 6, /* TIGER/192 as used by gpg <= 1.3.2. */
1086 GCRY_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */
1087 GCRY_MD_SHA256 = 8,
1088 GCRY_MD_SHA384 = 9,
1089 GCRY_MD_SHA512 = 10,
1090 GCRY_MD_SHA224 = 11,
1091 GCRY_MD_MD4 = 301,
1092 GCRY_MD_CRC32 = 302,
1093 GCRY_MD_CRC32_RFC1510 = 303,
1094 GCRY_MD_CRC24_RFC2440 = 304,
1095 GCRY_MD_WHIRLPOOL = 305,
1096 GCRY_MD_TIGER1 = 306, /* TIGER fixed. */
1097 GCRY_MD_TIGER2 = 307 /* TIGER2 variant. */
1098 };
1099
1100/* Flags used with the open function. */
1101enum gcry_md_flags
1102 {
1103 GCRY_MD_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */
1104 GCRY_MD_FLAG_HMAC = 2 /* Make an HMAC out of this algorithm. */
1105 };
1106
1107/* (Forward declaration.) */
1108struct gcry_md_context;
1109
1110/* This object is used to hold a handle to a message digest object.
1111 This structure is private - only to be used by the public gcry_md_*
1112 macros. */
1113typedef struct gcry_md_handle
1114{
1115 /* Actual context. */
1116 struct gcry_md_context *ctx;
1117
1118 /* Buffer management. */
1119 int bufpos;
1120 int bufsize;
1121 unsigned char buf[1];
1122} *gcry_md_hd_t;
1123
1124/* Compatibility types, do not use them. */
1125#ifndef GCRYPT_NO_DEPRECATED
1126typedef struct gcry_md_handle *GCRY_MD_HD _GCRY_GCC_ATTR_DEPRECATED;
1127typedef struct gcry_md_handle *GcryMDHd _GCRY_GCC_ATTR_DEPRECATED;
1128#endif
1129
1130/* Create a message digest object for algorithm ALGO. FLAGS may be
1131 given as an bitwise OR of the gcry_md_flags values. ALGO may be
1132 given as 0 if the algorithms to be used are later set using
1133 gcry_md_enable. */
1134gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);
1135
1136/* Release the message digest object HD. */
1137void gcry_md_close (gcry_md_hd_t hd);
1138
1139/* Add the message digest algorithm ALGO to the digest object HD. */
1140gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo);
1141
1142/* Create a new digest object as an exact copy of the object HD. */
1143gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);
1144
1145/* Reset the digest object HD to its initial state. */
1146void gcry_md_reset (gcry_md_hd_t hd);
1147
1148/* Perform various operations on the digest object HD. */
1149gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd,
1150 void *buffer, size_t buflen);
1151
1152/* Pass LENGTH bytes of data in BUFFER to the digest object HD so that
1153 it can update the digest values. This is the actual hash
1154 function. */
1155void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
1156
1157/* Read out the final digest from HD return the digest value for
1158 algorithm ALGO. */
1159unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo);
1160
1161/* Convenience function to calculate the hash from the data in BUFFER
1162 of size LENGTH using the algorithm ALGO avoiding the creating of a
1163 hash object. The hash is returned in the caller provided buffer
1164 DIGEST which must be large enough to hold the digest of the given
1165 algorithm. */
1166void gcry_md_hash_buffer (int algo, void *digest,
1167 const void *buffer, size_t length);
1168
1169/* Retrieve the algorithm used with HD. This does not work reliable
1170 if more than one algorithm is enabled in HD. */
1171int gcry_md_get_algo (gcry_md_hd_t hd);
1172
1173/* Retrieve the length in bytes of the digest yielded by algorithm
1174 ALGO. */
1175unsigned int gcry_md_get_algo_dlen (int algo);
1176
1177/* Return true if the the algorithm ALGO is enabled in the digest
1178 object A. */
1179int gcry_md_is_enabled (gcry_md_hd_t a, int algo);
1180
1181/* Return true if the digest object A is allocated in "secure" memory. */
1182int gcry_md_is_secure (gcry_md_hd_t a);
1183
1184/* Retrieve various information about the object H. */
1185gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
1186 size_t *nbytes);
1187
1188/* Retrieve various information about the algorithm ALGO. */
1189gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer,
1190 size_t *nbytes);
1191
1192/* Map the digest algorithm id ALGO to a string representation of the
1193 algorithm name. For unknown algorithms this function returns
1194 "?". */
1195const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;
1196
1197/* Map the algorithm NAME to a digest algorithm Id. Return 0 if
1198 the algorithm name is not known. */
1199int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
1200
1201/* For use with the HMAC feature, the set MAC key to the KEY of
1202 KEYLEN bytes. */
1203gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen);
1204
1205/* Start or stop debugging for digest handle HD; i.e. create a file
1206 named dbgmd-<n>.<suffix> while hashing. If SUFFIX is NULL,
1207 debugging stops and the file will be closed. */
1208void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
1209
1210
1211/* Update the hash(s) of H with the character C. This is a buffered
1212 version of the gcry_md_write function. */
1213#define gcry_md_putc(h,c) \
1214 do { \
1215 gcry_md_hd_t h__ = (h); \
1216 if( (h__)->bufpos == (h__)->bufsize ) \
1217 gcry_md_write( (h__), NULL, 0 ); \
1218 (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
1219 } while(0)
1220
1221/* Finalize the digest calculation. This is not really needed because
1222 gcry_md_read() does this implicitly. */
1223#define gcry_md_final(a) \
1224 gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
1225
1226/* Return 0 if the algorithm A is available for use. */
1227#define gcry_md_test_algo(a) \
1228 gcry_md_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
1229
1230/* Return an DER encoded ASN.1 OID for the algorithm A in buffer B. N
1231 must point to size_t variable with the available size of buffer B.
1232 After return it will receive the actual size of the returned
1233 OID. */
1234#define gcry_md_get_asnoid(a,b,n) \
1235 gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
1236
1237/* Enable debugging for digest object A; i.e. create files named
1238 dbgmd-<n>.<string> while hashing. B is a string used as the suffix
1239 for the filename. This macro is deprecated, use gcry_md_debug. */
1240#ifndef GCRYPT_NO_DEPRECATED
1241#define gcry_md_start_debug(a,b) \
1242 gcry_md_ctl( (a), GCRYCTL_START_DUMP, (b), 0 )
1243
1244/* Disable the debugging of A. This macro is deprecated, use
1245 gcry_md_debug. */
1246#define gcry_md_stop_debug(a,b) \
1247 gcry_md_ctl( (a), GCRYCTL_STOP_DUMP, (b), 0 )
1248#endif
1249
1250/* Get a list consisting of the IDs of the loaded message digest
1251 modules. If LIST is zero, write the number of loaded message
1252 digest modules to LIST_LENGTH and return. If LIST is non-zero, the
1253 first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
1254 of according size. In case there are less message digest modules
1255 than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
1256 number. */
1257gcry_error_t gcry_md_list (int *list, int *list_length);
1258
1259�
1260#if !defined(GCRYPT_NO_DEPRECATED) || defined(_GCRYPT_IN_LIBGCRYPT)
1261/* Alternative interface for asymmetric cryptography. This interface
1262 is deprecated. */
1263
1264/* The algorithm IDs. */
1265typedef enum gcry_ac_id
1266 {
1267 GCRY_AC_RSA = 1,
1268 GCRY_AC_DSA = 17,
1269 GCRY_AC_ELG = 20,
1270 GCRY_AC_ELG_E = 16
1271 }
1272gcry_ac_id_t _GCRY_ATTR_INTERNAL;
1273
1274/* Key types. */
1275typedef enum gcry_ac_key_type
1276 {
1277 GCRY_AC_KEY_SECRET,
1278 GCRY_AC_KEY_PUBLIC
1279 }
1280gcry_ac_key_type_t _GCRY_ATTR_INTERNAL;
1281
1282/* Encoding methods. */
1283typedef enum gcry_ac_em
1284 {
1285 GCRY_AC_EME_PKCS_V1_5,
1286 GCRY_AC_EMSA_PKCS_V1_5
1287 }
1288gcry_ac_em_t _GCRY_ATTR_INTERNAL;
1289
1290/* Encryption and Signature schemes. */
1291typedef enum gcry_ac_scheme
1292 {
1293 GCRY_AC_ES_PKCS_V1_5,
1294 GCRY_AC_SSA_PKCS_V1_5
1295 }
1296gcry_ac_scheme_t _GCRY_ATTR_INTERNAL;
1297
1298/* AC data. */
1299#define GCRY_AC_FLAG_DEALLOC (1 << 0)
1300#define GCRY_AC_FLAG_COPY (1 << 1)
1301#define GCRY_AC_FLAG_NO_BLINDING (1 << 2)
1302
1303/* This type represents a `data set'. */
1304typedef struct gcry_ac_data *gcry_ac_data_t _GCRY_ATTR_INTERNAL;
1305
1306/* This type represents a single `key', either a secret one or a
1307 public one. */
1308typedef struct gcry_ac_key *gcry_ac_key_t _GCRY_ATTR_INTERNAL;
1309
1310/* This type represents a `key pair' containing a secret and a public
1311 key. */
1312typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t _GCRY_ATTR_INTERNAL;
1313
1314/* This type represents a `handle' that is needed by functions
1315 performing cryptographic operations. */
1316typedef struct gcry_ac_handle *gcry_ac_handle_t _GCRY_ATTR_INTERNAL;
1317
1318typedef gpg_error_t (*gcry_ac_data_read_cb_t) (void *opaque,
1319 unsigned char *buffer,
1320 size_t *buffer_n)
1321 /* */ _GCRY_ATTR_INTERNAL;
1322
1323typedef gpg_error_t (*gcry_ac_data_write_cb_t) (void *opaque,
1324 unsigned char *buffer,
1325 size_t buffer_n)
1326 /* */ _GCRY_ATTR_INTERNAL;
1327
1328typedef enum
1329 {
1330 GCRY_AC_IO_READABLE,
1331 GCRY_AC_IO_WRITABLE
1332 }
1333gcry_ac_io_mode_t _GCRY_ATTR_INTERNAL;
1334
1335typedef enum
1336 {
1337 GCRY_AC_IO_STRING,
1338 GCRY_AC_IO_CALLBACK
1339 }
1340gcry_ac_io_type_t _GCRY_ATTR_INTERNAL;
1341
1342typedef struct gcry_ac_io
1343{
1344 /* This is an INTERNAL structure, do NOT use manually. */
1345 gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
1346 gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
1347 union
1348 {
1349 union
1350 {
1351 struct
1352 {
1353 gcry_ac_data_read_cb_t cb;
1354 void *opaque;
1355 } callback;
1356 struct
1357 {
1358 unsigned char *data;
1359 size_t data_n;
1360 } string;
1361 void *opaque;
1362 } readable;
1363 union
1364 {
1365 struct
1366 {
1367 gcry_ac_data_write_cb_t cb;
1368 void *opaque;
1369 } callback;
1370 struct
1371 {
1372 unsigned char **data;
1373 size_t *data_n;
1374 } string;
1375 void *opaque;
1376 } writable;
1377 } io _GCRY_ATTR_INTERNAL;
1378}
1379gcry_ac_io_t _GCRY_ATTR_INTERNAL;
1380
1381/* The caller of gcry_ac_key_pair_generate can provide one of these
1382 structures in order to influence the key generation process in an
1383 algorithm-specific way. */
1384typedef struct gcry_ac_key_spec_rsa
1385{
1386 gcry_mpi_t e; /* E to use. */
1387} gcry_ac_key_spec_rsa_t _GCRY_ATTR_INTERNAL;
1388
1389/* Structure used for passing data to the implementation of the
1390 `EME-PKCS-V1_5' encoding method. */
1391typedef struct gcry_ac_eme_pkcs_v1_5
1392{
1393 size_t key_size;
1394} gcry_ac_eme_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
1395
1396typedef enum gcry_md_algos gcry_md_algo_t _GCRY_ATTR_INTERNAL;
1397
1398/* Structure used for passing data to the implementation of the
1399 `EMSA-PKCS-V1_5' encoding method. */
1400typedef struct gcry_ac_emsa_pkcs_v1_5
1401{
1402 gcry_md_algo_t md;
1403 size_t em_n;
1404} gcry_ac_emsa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
1405
1406/* Structure used for passing data to the implementation of the
1407 `SSA-PKCS-V1_5' signature scheme. */
1408typedef struct gcry_ac_ssa_pkcs_v1_5
1409{
1410 gcry_md_algo_t md;
1411} gcry_ac_ssa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
1412#endif /* !GCRYPT_NO_DEPRECATED || !_GCRYPT_IN_LIBGCRYPT */
1413
1414
1415#ifndef GCRYPT_NO_DEPRECATED
1416/* Returns a new, empty data set in DATA. */
1417gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data)
1418 /* */ _GCRY_ATTR_INTERNAL;
1419
1420/* Destroy the data set DATA. */
1421void gcry_ac_data_destroy (gcry_ac_data_t data)
1422 /* */ _GCRY_ATTR_INTERNAL;
1423
1424/* Create a copy of the data set DATA and store it in DATA_CP. */
1425gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp,
1426 gcry_ac_data_t data)
1427 /* */ _GCRY_ATTR_INTERNAL;
1428
1429/* Return the number of named MPI values inside of the data set
1430 DATA. */
1431unsigned int gcry_ac_data_length (gcry_ac_data_t data)
1432 /* */ _GCRY_ATTR_INTERNAL;
1433
1434/* Destroy any values contained in the data set DATA. */
1435void gcry_ac_data_clear (gcry_ac_data_t data)
1436 /* */ _GCRY_ATTR_INTERNAL;
1437
1438/* Add the value MPI to DATA with the label NAME. If FLAGS contains
1439 GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME
1440 and MPI. If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or
1441 GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will
1442 be deallocated when they are to be removed from the data set. */
1443gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
1444 const char *name, gcry_mpi_t mpi)
1445 /* */ _GCRY_ATTR_INTERNAL;
1446
1447/* Store the value labelled with NAME found in DATA in MPI. If FLAGS
1448 contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained
1449 in the data set. MPI may be NULL. */
1450gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
1451 const char *name, gcry_mpi_t *mpi)
1452 /* */ _GCRY_ATTR_INTERNAL;
1453
1454/* Stores in NAME and MPI the named MPI value contained in the data
1455 set DATA with the index IDX. If FLAGS contains GCRY_AC_FLAG_COPY,
1456 store copies of the values contained in the data set. NAME or MPI
1457 may be NULL. */
1458gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
1459 unsigned int idx,
1460 const char **name, gcry_mpi_t *mpi)
1461 /* */ _GCRY_ATTR_INTERNAL;
1462
1463/* Convert the data set DATA into a new S-Expression, which is to be
1464 stored in SEXP, according to the identifiers contained in
1465 IDENTIFIERS. */
1466gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
1467 const char **identifiers)
1468 /* */ _GCRY_ATTR_INTERNAL;
1469
1470/* Create a new data set, which is to be stored in DATA_SET, from the
1471 S-Expression SEXP, according to the identifiers contained in
1472 IDENTIFIERS. */
1473gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp,
1474 const char **identifiers)
1475 /* */ _GCRY_ATTR_INTERNAL;
1476
1477/* Initialize AC_IO according to MODE, TYPE and the variable list of
1478 arguments. The list of variable arguments to specify depends on
1479 the given TYPE. */
1480void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
1481 gcry_ac_io_type_t type, ...)
1482 /* */ _GCRY_ATTR_INTERNAL;
1483
1484/* Initialize AC_IO according to MODE, TYPE and the variable list of
1485 arguments AP. The list of variable arguments to specify depends on
1486 the given TYPE. */
1487void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
1488 gcry_ac_io_type_t type, va_list ap)
1489 /* */ _GCRY_ATTR_INTERNAL;
1490
1491/* Create a new ac handle. */
1492gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle,
1493 gcry_ac_id_t algorithm, unsigned int flags)
1494 /* */ _GCRY_ATTR_INTERNAL;
1495
1496/* Destroy an ac handle. */
1497void gcry_ac_close (gcry_ac_handle_t handle)
1498 /* */ _GCRY_ATTR_INTERNAL;
1499
1500/* Initialize a key from a given data set. */
1501gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
1502 gcry_ac_key_type_t type, gcry_ac_data_t data)
1503 /* */ _GCRY_ATTR_INTERNAL;
1504
1505/* Generates a new key pair via the handle HANDLE of NBITS bits and
1506 stores it in KEY_PAIR. In case non-standard settings are wanted, a
1507 pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
1508 matching the selected algorithm, can be given as KEY_SPEC.
1509 MISC_DATA is not used yet. */
1510gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle,
1511 unsigned int nbits, void *spec,
1512 gcry_ac_key_pair_t *key_pair,
1513 gcry_mpi_t **misc_data)
1514 /* */ _GCRY_ATTR_INTERNAL;
1515
1516/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
1517gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
1518 gcry_ac_key_type_t which)
1519 /* */ _GCRY_ATTR_INTERNAL;
1520
1521/* Returns the data set contained in the key KEY. */
1522gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key)
1523 /* */ _GCRY_ATTR_INTERNAL;
1524
1525/* Verifies that the key KEY is sane via HANDLE. */
1526gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
1527 /* */ _GCRY_ATTR_INTERNAL;
1528
1529/* Stores the number of bits of the key KEY in NBITS via HANDLE. */
1530gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
1531 gcry_ac_key_t key, unsigned int *nbits)
1532 /* */ _GCRY_ATTR_INTERNAL;
1533
1534/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
1535 HANDLE. */
1536gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key,
1537 unsigned char *key_grip)
1538 /* */ _GCRY_ATTR_INTERNAL;
1539
1540/* Destroy a key. */
1541void gcry_ac_key_destroy (gcry_ac_key_t key)
1542 /* */ _GCRY_ATTR_INTERNAL;
1543
1544/* Destroy a key pair. */
1545void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
1546 /* */ _GCRY_ATTR_INTERNAL;
1547
1548/* Encodes a message according to the encoding method METHOD. OPTIONS
1549 must be a pointer to a method-specific structure
1550 (gcry_ac_em*_t). */
1551gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method,
1552 unsigned int flags, void *options,
1553 gcry_ac_io_t *io_read,
1554 gcry_ac_io_t *io_write)
1555 /* */ _GCRY_ATTR_INTERNAL;
1556
1557/* Decodes a message according to the encoding method METHOD. OPTIONS
1558 must be a pointer to a method-specific structure
1559 (gcry_ac_em*_t). */
1560gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method,
1561 unsigned int flags, void *options,
1562 gcry_ac_io_t *io_read,
1563 gcry_ac_io_t *io_write)
1564 /* */ _GCRY_ATTR_INTERNAL;
1565
1566/* Encrypt the plain text MPI value DATA_PLAIN with the key KEY under
1567 the control of the flags FLAGS and store the resulting data set
1568 into DATA_ENCRYPTED. */
1569gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle,
1570 unsigned int flags,
1571 gcry_ac_key_t key,
1572 gcry_mpi_t data_plain,
1573 gcry_ac_data_t *data_encrypted)
1574 /* */ _GCRY_ATTR_INTERNAL;
1575
1576/* Decrypt the decrypted data contained in the data set DATA_ENCRYPTED
1577 with the key KEY under the control of the flags FLAGS and store the
1578 resulting plain text MPI value in DATA_PLAIN. */
1579gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle,
1580 unsigned int flags,
1581 gcry_ac_key_t key,
1582 gcry_mpi_t *data_plain,
1583 gcry_ac_data_t data_encrypted)
1584 /* */ _GCRY_ATTR_INTERNAL;
1585
1586/* Sign the data contained in DATA with the key KEY and store the
1587 resulting signature in the data set DATA_SIGNATURE. */
1588gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle,
1589 gcry_ac_key_t key,
1590 gcry_mpi_t data,
1591 gcry_ac_data_t *data_signature)
1592 /* */ _GCRY_ATTR_INTERNAL;
1593
1594/* Verify that the signature contained in the data set DATA_SIGNATURE
1595 is indeed the result of signing the data contained in DATA with the
1596 secret key belonging to the public key KEY. */
1597gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle,
1598 gcry_ac_key_t key,
1599 gcry_mpi_t data,
1600 gcry_ac_data_t data_signature)
1601 /* */ _GCRY_ATTR_INTERNAL;
1602
1603/* Encrypts the plain text readable from IO_MESSAGE through HANDLE
1604 with the public key KEY according to SCHEME, FLAGS and OPTS. If
1605 OPTS is not NULL, it has to be a pointer to a structure specific to
1606 the chosen scheme (gcry_ac_es_*_t). The encrypted message is
1607 written to IO_CIPHER. */
1608gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
1609 gcry_ac_scheme_t scheme,
1610 unsigned int flags, void *opts,
1611 gcry_ac_key_t key,
1612 gcry_ac_io_t *io_message,
1613 gcry_ac_io_t *io_cipher)
1614 /* */ _GCRY_ATTR_INTERNAL;
1615
1616/* Decrypts the cipher text readable from IO_CIPHER through HANDLE
1617 with the secret key KEY according to SCHEME, @var{flags} and OPTS.
1618 If OPTS is not NULL, it has to be a pointer to a structure specific
1619 to the chosen scheme (gcry_ac_es_*_t). The decrypted message is
1620 written to IO_MESSAGE. */
1621gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
1622 gcry_ac_scheme_t scheme,
1623 unsigned int flags, void *opts,
1624 gcry_ac_key_t key,
1625 gcry_ac_io_t *io_cipher,
1626 gcry_ac_io_t *io_message)
1627 /* */ _GCRY_ATTR_INTERNAL;
1628
1629/* Signs the message readable from IO_MESSAGE through HANDLE with the
1630 secret key KEY according to SCHEME, FLAGS and OPTS. If OPTS is not
1631 NULL, it has to be a pointer to a structure specific to the chosen
1632 scheme (gcry_ac_ssa_*_t). The signature is written to
1633 IO_SIGNATURE. */
1634gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
1635 gcry_ac_scheme_t scheme,
1636 unsigned int flags, void *opts,
1637 gcry_ac_key_t key,
1638 gcry_ac_io_t *io_message,
1639 gcry_ac_io_t *io_signature)
1640 /* */ _GCRY_ATTR_INTERNAL;
1641
1642/* Verifies through HANDLE that the signature readable from
1643 IO_SIGNATURE is indeed the result of signing the message readable
1644 from IO_MESSAGE with the secret key belonging to the public key KEY
1645 according to SCHEME and OPTS. If OPTS is not NULL, it has to be an
1646 anonymous structure (gcry_ac_ssa_*_t) specific to the chosen
1647 scheme. */
1648gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
1649 gcry_ac_scheme_t scheme,
1650 unsigned int flags, void *opts,
1651 gcry_ac_key_t key,
1652 gcry_ac_io_t *io_message,
1653 gcry_ac_io_t *io_signature)
1654 /* */ _GCRY_ATTR_INTERNAL;
1655
1656/* Store the textual representation of the algorithm whose id is given
1657 in ALGORITHM in NAME. This function is deprecated; use
1658 gcry_pk_algo_name. */
1659gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm,
1660 const char **name)
1661 /* */ _GCRY_GCC_ATTR_DEPRECATED;
1662/* Store the numeric ID of the algorithm whose textual representation
1663 is contained in NAME in ALGORITHM. This function is deprecated;
1664 use gcry_pk_map_name. */
1665gcry_error_t gcry_ac_name_to_id (const char *name,
1666 gcry_ac_id_t *algorithm)
1667 /* */ _GCRY_GCC_ATTR_DEPRECATED;
1668#endif /*GCRYPT_NO_DEPRECATED*/
1669
1670�
1671/******************************
1672 * *
1673 * Key Derivation Functions *
1674 * *
1675 ******************************/
1676
1677/* Algorithm IDs for the KDFs. */
1678enum gcry_kdf_algos
1679 {
1680 GCRY_KDF_NONE = 0,
1681 GCRY_KDF_SIMPLE_S2K = 16,
1682 GCRY_KDF_SALTED_S2K = 17,
1683 GCRY_KDF_ITERSALTED_S2K = 19,
1684 GCRY_KDF_PBKDF1 = 33,
1685 GCRY_KDF_PBKDF2 = 34
1686 };
1687
1688/* Derive a key from a passphrase. */
1689gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen,
1690 int algo, int subalgo,
1691 const void *salt, size_t saltlen,
1692 unsigned long iterations,
1693 size_t keysize, void *keybuffer);
1694
1695
1696
1697�
1698/************************************
1699 * *
1700 * Random Generating Functions *
1701 * *
1702 ************************************/
1703
1704/* The possible values for the random quality. The rule of thumb is
1705 to use STRONG for session keys and VERY_STRONG for key material.
1706 WEAK is usually an alias for STRONG and should not be used anymore
1707 (except with gcry_mpi_randomize); use gcry_create_nonce instead. */
1708typedef enum gcry_random_level
1709 {
1710 GCRY_WEAK_RANDOM = 0,
1711 GCRY_STRONG_RANDOM = 1,
1712 GCRY_VERY_STRONG_RANDOM = 2
1713 }
1714gcry_random_level_t;
1715
1716/* Fill BUFFER with LENGTH bytes of random, using random numbers of
1717 quality LEVEL. */
1718void gcry_randomize (void *buffer, size_t length,
1719 enum gcry_random_level level);
1720
1721/* Add the external random from BUFFER with LENGTH bytes into the
1722 pool. QUALITY should either be -1 for unknown or in the range of 0
1723 to 100 */
1724gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length,
1725 int quality);
1726
1727/* If random numbers are used in an application, this macro should be
1728 called from time to time so that new stuff gets added to the
1729 internal pool of the RNG. */
1730#define gcry_fast_random_poll() gcry_control (GCRYCTL_FAST_POLL, NULL)
1731
1732
1733/* Return NBYTES of allocated random using a random numbers of quality
1734 LEVEL. */
1735void *gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
1736 _GCRY_GCC_ATTR_MALLOC;
1737
1738/* Return NBYTES of allocated random using a random numbers of quality
1739 LEVEL. The random numbers are created returned in "secure"
1740 memory. */
1741void *gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
1742 _GCRY_GCC_ATTR_MALLOC;
1743
1744
1745/* Set the big integer W to a random value of NBITS using a random
1746 generator with quality LEVEL. Note that by using a level of
1747 GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */
1748void gcry_mpi_randomize (gcry_mpi_t w,
1749 unsigned int nbits, enum gcry_random_level level);
1750
1751
1752/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
1753void gcry_create_nonce (void *buffer, size_t length);
1754
1755
1756
1757
1758�
1759/*******************************/
1760/* */
1761/* Prime Number Functions */
1762/* */
1763/*******************************/
1764
1765/* Mode values passed to a gcry_prime_check_func_t. */
1766#define GCRY_PRIME_CHECK_AT_FINISH 0
1767#define GCRY_PRIME_CHECK_AT_GOT_PRIME 1
1768#define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2
1769
1770/* The function should return 1 if the operation shall continue, 0 to
1771 reject the prime candidate. */
1772typedef int (*gcry_prime_check_func_t) (void *arg, int mode,
1773 gcry_mpi_t candidate);
1774
1775/* Flags for gcry_prime_generate(): */
1776
1777/* Allocate prime numbers and factors in secure memory. */
1778#define GCRY_PRIME_FLAG_SECRET (1 << 0)
1779
1780/* Make sure that at least one prime factor is of size
1781 `FACTOR_BITS'. */
1782#define GCRY_PRIME_FLAG_SPECIAL_FACTOR (1 << 1)
1783
1784/* Generate a new prime number of PRIME_BITS bits and store it in
1785 PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
1786 (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
1787 non-zero, allocate a new, NULL-terminated array holding the prime
1788 factors and store it in FACTORS. FLAGS might be used to influence
1789 the prime number generation process. */
1790gcry_error_t gcry_prime_generate (gcry_mpi_t *prime,
1791 unsigned int prime_bits,
1792 unsigned int factor_bits,
1793 gcry_mpi_t **factors,
1794 gcry_prime_check_func_t cb_func,
1795 void *cb_arg,
1796 gcry_random_level_t random_level,
1797 unsigned int flags);
1798
1799/* Find a generator for PRIME where the factorization of (prime-1) is
1800 in the NULL terminated array FACTORS. Return the generator as a
1801 newly allocated MPI in R_G. If START_G is not NULL, use this as
1802 teh start for the search. */
1803gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g,
1804 gcry_mpi_t prime,
1805 gcry_mpi_t *factors,
1806 gcry_mpi_t start_g);
1807
1808
1809/* Convenience function to release the FACTORS array. */
1810void gcry_prime_release_factors (gcry_mpi_t *factors);
1811
1812
1813/* Check wether the number X is prime. */
1814gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
1815
1816
1817�
1818/************************************
1819 * *
1820 * Miscellaneous Stuff *
1821 * *
1822 ************************************/
1823
1824/* Log levels used by the internal logging facility. */
1825enum gcry_log_levels
1826 {
1827 GCRY_LOG_CONT = 0, /* (Continue the last log line.) */
1828 GCRY_LOG_INFO = 10,
1829 GCRY_LOG_WARN = 20,
1830 GCRY_LOG_ERROR = 30,
1831 GCRY_LOG_FATAL = 40,
1832 GCRY_LOG_BUG = 50,
1833 GCRY_LOG_DEBUG = 100
1834 };
1835
1836/* Type for progress handlers. */
1837typedef void (*gcry_handler_progress_t) (void *, const char *, int, int, int);
1838
1839/* Type for memory allocation handlers. */
1840typedef void *(*gcry_handler_alloc_t) (size_t n);
1841
1842/* Type for secure memory check handlers. */
1843typedef int (*gcry_handler_secure_check_t) (const void *);
1844
1845/* Type for memory reallocation handlers. */
1846typedef void *(*gcry_handler_realloc_t) (void *p, size_t n);
1847
1848/* Type for memory free handlers. */
1849typedef void (*gcry_handler_free_t) (void *);
1850
1851/* Type for out-of-memory handlers. */
1852typedef int (*gcry_handler_no_mem_t) (void *, size_t, unsigned int);
1853
1854/* Type for fatal error handlers. */
1855typedef void (*gcry_handler_error_t) (void *, int, const char *);
1856
1857/* Type for logging handlers. */
1858typedef void (*gcry_handler_log_t) (void *, int, const char *, va_list);
1859
1860/* Certain operations can provide progress information. This function
1861 is used to register a handler for retrieving these information. */
1862void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);
1863
1864
1865/* Register a custom memory allocation functions. */
1866void gcry_set_allocation_handler (
1867 gcry_handler_alloc_t func_alloc,
1868 gcry_handler_alloc_t func_alloc_secure,
1869 gcry_handler_secure_check_t func_secure_check,
1870 gcry_handler_realloc_t func_realloc,
1871 gcry_handler_free_t func_free);
1872
1873/* Register a function used instead of the internal out of memory
1874 handler. */
1875void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);
1876
1877/* Register a function used instead of the internal fatal error
1878 handler. */
1879void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);
1880
1881/* Register a function used instead of the internal logging
1882 facility. */
1883void gcry_set_log_handler (gcry_handler_log_t f, void *opaque);
1884
1885/* Reserved for future use. */
1886void gcry_set_gettext_handler (const char *(*f)(const char*));
1887
1888/* Libgcrypt uses its own memory allocation. It is important to use
1889 gcry_free () to release memory allocated by libgcrypt. */
1890void *gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
1891void *gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
1892void *gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
1893void *gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
1894void *gcry_realloc (void *a, size_t n);
1895char *gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
1896void *gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
1897void *gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
1898void *gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
1899void *gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
1900void *gcry_xrealloc (void *a, size_t n);
1901char *gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
1902void gcry_free (void *a);
1903
1904/* Return true if A is allocated in "secure" memory. */
1905int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
1906
1907/* Return true if Libgcrypt is in FIPS mode. */
1908#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
1909
1910
1911/* Include support for Libgcrypt modules. */
1912#include <gcrypt-module.h>
1913
1914#if 0 /* (Keep Emacsens' auto-indent happy.) */
1915{
1916#endif
1917#ifdef __cplusplus
1918}
1919#endif
1920#endif /* _GCRYPT_H */
1921/*
1922@emacs_local_vars_begin@
1923@emacs_local_vars_read_only@
1924@emacs_local_vars_end@
1925*/
1926