1 #ifndef SEQUOIA_OPENPGP_H 2 #define SEQUOIA_OPENPGP_H 3 4 #include <stddef.h> 5 #include <stdint.h> 6 #include <stdbool.h> 7 #include <limits.h> 8 #include <time.h> 9 10 #include <sequoia/io.h> 11 #include <sequoia/openpgp/types.h> 12 #include <sequoia/openpgp/error.h> 13 #include <sequoia/openpgp/crypto.h> 14 #include <sequoia/openpgp/packet.h> 15 #include <sequoia/openpgp/serialize.h> 16 17 /* sequoia::openpgp::KeyID. */ 18 19 /*/ 20 /// Reads a binary key ID. 21 /*/ 22 pgp_keyid_t pgp_keyid_from_bytes (const uint8_t *id); 23 24 /*/ 25 /// Reads a hex-encoded Key ID. 26 /*/ 27 pgp_keyid_t pgp_keyid_from_hex (const char *id); 28 29 /*/ 30 /// Frees a pgp_keyid_t. 31 /*/ 32 void pgp_keyid_free (pgp_keyid_t keyid); 33 34 /*/ 35 /// Clones the KeyID. 36 /*/ 37 pgp_keyid_t pgp_keyid_clone (pgp_keyid_t keyid); 38 39 /*/ 40 /// Hashes the KeyID. 41 /*/ 42 uint64_t pgp_keyid_hash (pgp_keyid_t keyid); 43 44 /*/ 45 /// Converts the KeyID to its standard representation. 46 /*/ 47 char *pgp_keyid_to_string (const pgp_keyid_t fp); 48 49 /*/ 50 /// Returns a human readable description of this object suitable for 51 /// debugging. 52 /*/ 53 char *pgp_keyid_debug (const pgp_keyid_t fp); 54 55 /*/ 56 /// Converts the KeyID to a hexadecimal number. 57 /*/ 58 char *pgp_keyid_to_hex (const pgp_keyid_t keyid); 59 60 /*/ 61 /// Compares KeyIDs. 62 /*/ 63 bool pgp_keyid_equal (const pgp_keyid_t a, const pgp_keyid_t b); 64 65 66 /* sequoia::openpgp::Fingerprint. */ 67 68 /*/ 69 /// Reads a binary fingerprint. 70 /*/ 71 pgp_fingerprint_t pgp_fingerprint_from_bytes (const uint8_t *buf, size_t len); 72 73 /*/ 74 /// Reads a hexadecimal fingerprint. 75 /*/ 76 pgp_fingerprint_t pgp_fingerprint_from_hex (const char *hex); 77 78 /*/ 79 /// Frees a pgp_fingerprint_t. 80 /*/ 81 void pgp_fingerprint_free (pgp_fingerprint_t fp); 82 83 /*/ 84 /// Clones the Fingerprint. 85 /*/ 86 pgp_fingerprint_t pgp_fingerprint_clone (pgp_fingerprint_t fingerprint); 87 88 /*/ 89 /// Hashes the Fingerprint. 90 /*/ 91 uint64_t pgp_fingerprint_hash (pgp_fingerprint_t fingerprint); 92 93 /*/ 94 /// Returns a reference to the raw Fingerprint. 95 /// 96 /// This returns a reference to the internal buffer that is valid as 97 /// long as the fingerprint is. 98 /*/ 99 uint8_t *pgp_fingerprint_as_bytes (const pgp_fingerprint_t fp, size_t *fp_len); 100 101 /*/ 102 /// Converts the fingerprint to its standard representation. 103 /*/ 104 char *pgp_fingerprint_to_string (const pgp_fingerprint_t fp); 105 106 /*/ 107 /// Returns a human readable description of this object suitable for 108 /// debugging. 109 /*/ 110 char *pgp_fingerprint_debug (const pgp_fingerprint_t fp); 111 112 /*/ 113 /// Converts the fingerprint to a hexadecimal number. 114 /*/ 115 char *pgp_fingerprint_to_hex (const pgp_fingerprint_t fp); 116 117 /*/ 118 /// Converts the fingerprint to a key ID. 119 /*/ 120 pgp_keyid_t pgp_fingerprint_to_keyid (const pgp_fingerprint_t fp); 121 122 /*/ 123 /// Compares Fingerprints. 124 /*/ 125 bool pgp_fingerprint_equal (const pgp_fingerprint_t a, const pgp_fingerprint_t b); 126 127 /* sequoia::openpgp::RevocationStatus. */ 128 129 /*/ 130 /// Returns the revocation status's variant. 131 /*/ 132 pgp_revocation_status_variant_t pgp_revocation_status_variant ( 133 pgp_revocation_status_t rs); 134 135 /*/ 136 /// Frees the revocation status. 137 /*/ 138 void pgp_revocation_status_free (pgp_revocation_status_t rs); 139 140 /*/ 141 /// Returns a human readable description of this object suitable for 142 /// debugging. 143 /*/ 144 char *pgp_revocation_status_debug (const pgp_revocation_status_t); 145 146 /* openpgp::armor. */ 147 148 /*/ 149 /// Constructs a new filter for the given type of data. 150 /// 151 /// A filter that strips ASCII Armor from a stream of data. 152 /*/ 153 pgp_reader_t pgp_armor_reader_new (pgp_reader_t inner, pgp_armor_kind_t kind); 154 155 /*/ 156 /// Creates a `Reader` from a file. 157 /*/ 158 pgp_reader_t pgp_armor_reader_from_file (pgp_error_t *errp, 159 const char *filename, 160 pgp_armor_kind_t kind); 161 162 /*/ 163 /// Creates a `Reader` from a buffer. 164 /*/ 165 pgp_reader_t pgp_armor_reader_from_bytes (const uint8_t *b, size_t len, 166 pgp_armor_kind_t kind); 167 168 169 /*/ 170 /// Returns the kind of data this reader is for. 171 /// 172 /// Useful if the kind of data is not known in advance. If the header 173 /// has not been encountered yet (try reading some data first!), this 174 /// function returns PGP_ARMOR_KIND_ANY. 175 /*/ 176 pgp_armor_kind_t pgp_armor_reader_kind (pgp_reader_t reader); 177 178 /*/ 179 /// Returns the armored headers. 180 /// 181 /// The tuples contain a key and a value. 182 /// 183 /// Note: if a key occurs multiple times, then there are multiple 184 /// entries in the vector with the same key; values with the same 185 /// key are *not* combined. 186 /// 187 /// The returned array and the strings in the headers have been 188 /// allocated with `malloc`, and the caller is responsible for freeing 189 /// both the array and the strings. 190 /*/ 191 pgp_armor_header_t pgp_armor_reader_headers (pgp_error_t *errp, 192 pgp_reader_t reader, 193 size_t *len); 194 195 196 /*/ 197 /// Constructs a new filter for the given type of data. 198 /// 199 /// A filter that applies ASCII Armor to the data written to it. 200 /// 201 /// Note: You must call `pgp_armor_writer_finalize` to deallocate this 202 /// writer. 203 /*/ 204 pgp_writer_t pgp_armor_writer_new (pgp_error_t *errp, pgp_writer_t inner, 205 pgp_armor_kind_t kind, 206 pgp_armor_header_t header, size_t header_len); 207 208 /*/ 209 /// Finalizes the armor writer. 210 /// 211 /// Consumes the writer. No further deallocation of the writer is 212 /// required. 213 /*/ 214 pgp_status_t pgp_armor_writer_finalize (pgp_error_t *errp, pgp_writer_t writer); 215 216 /* openpgp::PacketPile. */ 217 218 /*/ 219 /// Deserializes the OpenPGP message stored in a `std::io::Read` 220 /// object. 221 /// 222 /// Although this method is easier to use to parse an OpenPGP 223 /// packet pile than a `PacketParser` or a `PacketPileParser`, this 224 /// interface buffers the whole packet pile in memory. Thus, the 225 /// caller must be certain that the *deserialized* packet pile is not 226 /// too large. 227 /// 228 /// Note: this interface *does* buffer the contents of packets. 229 /*/ 230 pgp_packet_pile_t pgp_packet_pile_from_reader (pgp_error_t *errp, 231 pgp_reader_t reader); 232 233 /*/ 234 /// Deserializes the OpenPGP packet pile stored in the file named by 235 /// `filename`. 236 /// 237 /// See `pgp_packet_pile_from_reader` for more details and caveats. 238 /*/ 239 pgp_packet_pile_t pgp_packet_pile_from_file (pgp_error_t *errp, 240 const char *filename); 241 242 /*/ 243 /// Deserializes the OpenPGP packet pile stored in the provided buffer. 244 /// 245 /// See `pgp_packet_pile_from_reader` for more details and caveats. 246 /*/ 247 pgp_packet_pile_t pgp_packet_pile_from_bytes (pgp_error_t *errp, 248 const uint8_t *b, size_t len); 249 250 /*/ 251 /// Frees the packet pile. 252 /*/ 253 void pgp_packet_pile_free (pgp_packet_pile_t message); 254 255 /*/ 256 /// Clones the packet pile. 257 /*/ 258 pgp_packet_pile_t pgp_packet_pile_clone (pgp_packet_pile_t message); 259 260 /*/ 261 /// Returns a human readable description of this object suitable for 262 /// debugging. 263 /*/ 264 char *pgp_packet_pile_debug (const pgp_packet_pile_t); 265 266 /*/ 267 /// Compares Packet Piles. 268 /*/ 269 bool pgp_packet_pile_equal (const pgp_packet_pile_t a, 270 const pgp_packet_pile_t b); 271 272 /*/ 273 /// Serializes the packet pile. 274 /*/ 275 pgp_status_t pgp_packet_pile_serialize (pgp_error_t *errp, 276 const pgp_packet_pile_t message, 277 pgp_writer_t writer); 278 279 /*/ 280 /// Frees the signature. 281 /*/ 282 void pgp_signature_free (pgp_signature_t signature); 283 284 /*/ 285 /// Clones the Signature. 286 /*/ 287 pgp_signature_t pgp_signature_clone (pgp_signature_t signature); 288 289 /*/ 290 /// Returns a human readable description of this object suitable for 291 /// debugging. 292 /*/ 293 char *pgp_signature_debug (const pgp_signature_t signature); 294 295 /*/ 296 /// Compares Signatures. 297 /*/ 298 bool pgp_signature_equal (const pgp_signature_t a, 299 const pgp_signature_t b); 300 301 /*/ 302 /// Parses an object from the given reader. 303 /*/ 304 pgp_signature_t pgp_signature_from_reader (pgp_error_t *errp, 305 pgp_reader_t reader); 306 307 /*/ 308 /// Parses an object from the given file. 309 /*/ 310 pgp_signature_t pgp_signature_from_file (pgp_error_t *errp, 311 const char *filename); 312 313 /*/ 314 /// Parses an object from the given buffer. 315 /*/ 316 pgp_signature_t pgp_signature_from_bytes (pgp_error_t *errp, 317 const uint8_t *b, size_t len); 318 319 /*/ 320 /// Converts the signature to a packet. 321 /*/ 322 pgp_packet_t pgp_signature_into_packet (pgp_signature_t signature); 323 324 /*/ 325 /// Returns the value of the `Signature` packet's Issuer subpacket. 326 /// 327 /// If there is no Issuer subpacket, this returns NULL. Note: if 328 /// there is no Issuer subpacket, but there is an IssuerFingerprint 329 /// subpacket, this still returns NULL. 330 /*/ 331 pgp_keyid_t pgp_signature_issuer(pgp_signature_t sig); 332 333 /*/ 334 /// Returns the value of the `Signature` packet's IssuerFingerprint subpacket. 335 /// 336 /// If there is no IssuerFingerprint subpacket, this returns NULL. 337 /// Note: if there is no IssuerFingerprint subpacket, but there is an 338 /// Issuer subpacket, this still returns NULL. 339 /*/ 340 pgp_fingerprint_t pgp_signature_issuer_fingerprint(pgp_signature_t sig); 341 342 /*/ 343 /// Returns whether the KeyFlags indicates that the key can be used to 344 /// make certifications. 345 /*/ 346 bool pgp_signature_for_certification(pgp_signature_t signature); 347 348 /*/ 349 /// Returns whether the KeyFlags indicates that the key can be used to 350 /// make signatures. 351 /*/ 352 bool pgp_signature_for_signing(pgp_signature_t signature); 353 354 /*/ 355 /// Returns whether the KeyFlags indicates that the key can be used to 356 /// encrypt data for transport. 357 /*/ 358 bool pgp_signature_for_transport_encryption(pgp_signature_t signature); 359 360 /*/ 361 /// Returns whether the KeyFlags indicates that the key can be used to 362 /// encrypt data at rest. 363 /*/ 364 bool pgp_signature_for_storage_encryption(pgp_signature_t signature); 365 366 /*/ 367 /// Returns whether the KeyFlags indicates that the key can be used 368 /// for authentication. 369 /*/ 370 bool pgp_signature_for_authentication(pgp_signature_t signature); 371 372 /*/ 373 /// Returns whether the KeyFlags indicates that the key is a split 374 /// key. 375 /*/ 376 bool pgp_signature_is_split_key(pgp_signature_t signature); 377 378 /*/ 379 /// Returns whether the KeyFlags indicates that the key is a group 380 /// key. 381 /*/ 382 bool pgp_signature_is_group_key(pgp_signature_t signature); 383 384 /*/ 385 /// Returns whether the signature is alive at the specified time. 386 /// 387 /// A signature is considered to be alive if `creation time - 388 /// tolerance <= time` and `time <= expiration time`. 389 /// 390 /// If `time` is 0, uses the current time. 391 /// 392 /// This function uses the default tolerance. If you want to specify 393 /// a different tolerance (or no tolerance), then use 394 /// `pgp_signature_alive_with_tolerance`. 395 /// 396 /// Some tolerance for clock skew is sometimes necessary, because 397 /// although most computers synchronize their clock with a time 398 /// server, up to a few seconds of clock skew are not unusual in 399 /// practice. And, even worse, several minutes of clock skew appear 400 /// to be not uncommon on virtual machines. 401 /// 402 /// Not accounting for clock skew can result in signatures being 403 /// unexpectedly considered invalid. Consider: computer A sends a 404 /// message to computer B at 9:00, but computer B, whose clock says 405 /// the current time is 8:59, rejects it, because the signature 406 /// appears to have been made in the future. This is particularly 407 /// problematic for low-latency protocols built on top of OpenPGP, 408 /// e.g., state synchronization between two MUAs via a shared IMAP 409 /// folder. 410 /// 411 /// Being tolerant to potential clock skew is not always appropriate. 412 /// For instance, when determining a User ID's current self signature 413 /// at time `t`, we don't ever want to consider a self-signature made 414 /// after `t` to be valid, even if it was made just a few moments 415 /// after `t`. This goes doubly so for soft revocation certificates: 416 /// the user might send a message that she is retiring, and then 417 /// immediately create a soft revocation. The soft revocation should 418 /// not invalidate the message. 419 /// 420 /// Unfortunately, in many cases, whether we should account for clock 421 /// skew or not depends on application-specific context. As a rule of 422 /// thumb, if the time and the timestamp come from different sources, 423 /// you probably want to account for clock skew. 424 /// 425 /// Note that [Section 5.2.3.4 of RFC 4880] states that "[[A Signature 426 /// Creation Time subpacket]] MUST be present in the hashed area." 427 /// Consequently, if such a packet does not exist, but a "Signature 428 /// Expiration Time" subpacket exists, we conservatively treat the 429 /// signature as expired, because there is no way to evaluate the 430 /// expiration time. 431 /// 432 /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 433 /*/ 434 pgp_status_t pgp_signature_alive(pgp_error_t *errp, 435 pgp_signature_t signature, time_t when); 436 437 /*/ 438 /// Returns whether the signature is alive at the specified time. 439 /// 440 /// A signature is considered to be alive if `creation time - 441 /// tolerance <= time` and `time <= expiration time`. 442 /// 443 /// If `time` is 0, uses the current time. 444 /// 445 /// If `tolerance` is 0, uses no tolerance. To ensure consistency 446 /// across callers, you should use the default tolerance (i.e., use 447 /// `pgp_signature_alive`). 448 /// 449 /// Some tolerance for clock skew is sometimes necessary, because 450 /// although most computers synchronize their clock with a time 451 /// server, up to a few seconds of clock skew are not unusual in 452 /// practice. And, even worse, several minutes of clock skew appear 453 /// to be not uncommon on virtual machines. 454 /// 455 /// Not accounting for clock skew can result in signatures being 456 /// unexpectedly considered invalid. Consider: computer A sends a 457 /// message to computer B at 9:00, but computer B, whose clock says 458 /// the current time is 8:59, rejects it, because the signature 459 /// appears to have been made in the future. This is particularly 460 /// problematic for low-latency protocols built on top of OpenPGP, 461 /// e.g., state synchronization between two MUAs via a shared IMAP 462 /// folder. 463 /// 464 /// Being tolerant to potential clock skew is not always appropriate. 465 /// For instance, when determining a User ID's current self signature 466 /// at time `t`, we don't ever want to consider a self-signature made 467 /// after `t` to be valid, even if it was made just a few moments 468 /// after `t`. This goes doubly so for soft revocation certificates: 469 /// the user might send a message that she is retiring, and then 470 /// immediately create a soft revocation. The soft revocation should 471 /// not invalidate the message. 472 /// 473 /// Unfortunately, in many cases, whether we should account for clock 474 /// skew or not depends on application-specific context. As a rule of 475 /// thumb, if the time and the timestamp come from different sources, 476 /// you probably want to account for clock skew. 477 /// 478 /// Note that [Section 5.2.3.4 of RFC 4880] states that "[[A Signature 479 /// Creation Time subpacket]] MUST be present in the hashed area." 480 /// Consequently, if such a packet does not exist, but a "Signature 481 /// Expiration Time" subpacket exists, we conservatively treat the 482 /// signature as expired, because there is no way to evaluate the 483 /// expiration time. 484 /// 485 /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 486 /*/ 487 pgp_status_t pgp_signature_alive_with_tolerance(pgp_error_t *errp, 488 pgp_signature_t signature, 489 time_t time, 490 unsigned int tolerance); 491 492 /*/ 493 /// Returns whether the signature is alive at the specified time. 494 /// 495 /// A signature is alive if the creation date is in the past, and the 496 /// signature has not expired at the specified time. 497 /// 498 /// If `when` is 0, then the current time is used. 499 /*/ 500 pgp_status_t pgp_signature_key_alive(pgp_error_t *errp, 501 pgp_signature_t signature, pgp_key_t key, 502 time_t when); 503 504 /*/ 505 /// Returns the PKESK's recipient. 506 /// 507 /// The return value is a reference to a `KeyID`. The caller must not 508 /// modify or free it. 509 /*/ 510 pgp_keyid_t pgp_pkesk_recipient(pgp_pkesk_t pkesk); 511 512 /*/ 513 /// Returns the session key. 514 /// 515 /// `key` of size `key_len` must be a buffer large enough to hold the 516 /// session key. If `key` is NULL, or not large enough, then the key 517 /// is not written to it. Either way, `key_len` is set to the size of 518 /// the session key. 519 /*/ 520 pgp_status_t pgp_pkesk_decrypt (pgp_error_t *errp, pgp_pkesk_t pkesk, 521 pgp_key_t secret_key, 522 uint8_t *algo, /* XXX */ 523 uint8_t *key, size_t *key_len); 524 525 526 /*/ 527 /// Returns the filename as a c string. 528 /// 529 /// If the filename is not set, returns NULL. 530 /// 531 /// Note: the filename is *not* protected by any signature and thus 532 /// can be modified in transit without detection. 533 /// 534 /// Note: the filename may contain embedded NULs. This function 535 /// returns NULL in such cases. 536 /*/ 537 char *pgp_literal_filename (pgp_literal_t literal); 538 539 /*/ 540 /// Returns a human readable description of this object suitable for 541 /// debugging. 542 /*/ 543 char *pgp_literal_debug (const pgp_literal_t literal); 544 545 /*/ 546 /// Parses an object from the given reader. 547 /*/ 548 pgp_literal_t pgp_literal_from_reader (pgp_error_t *errp, 549 pgp_reader_t reader); 550 551 /*/ 552 /// Parses an object from the given file. 553 /*/ 554 pgp_literal_t pgp_literal_from_file (pgp_error_t *errp, 555 const char *filename); 556 557 /*/ 558 /// Parses an object from the given buffer. 559 /*/ 560 pgp_literal_t pgp_literal_from_bytes (pgp_error_t *errp, 561 const uint8_t *b, size_t len); 562 563 /*/ 564 /// Converts the literal to a packet. 565 /*/ 566 pgp_packet_t pgp_literal_into_packet (pgp_literal_t literal); 567 568 /*/ 569 /// Frees the literal data packet. 570 /*/ 571 void pgp_literal_free (pgp_literal_t literal); 572 573 /* openpgp::amalgamation::UserIDAmalgamation. */ 574 575 /*/ 576 /// Returns a copy of the user id. 577 /// 578 /// The caller must free the returned value. 579 /*/ 580 pgp_packet_t pgp_user_id_amalgamation_user_id (pgp_user_id_amalgamation_t ua); 581 582 /*/ 583 /// Frees the User ID Amalgamation. 584 /*/ 585 void pgp_user_id_amalgamation_free (pgp_user_id_amalgamation_t ua); 586 587 /*/ 588 /// Clones the UserID Amalgamation. 589 /*/ 590 pgp_user_id_amalgamation_t pgp_user_id_amalgamation_clone (pgp_user_id_amalgamation_t ua); 591 592 /*/ 593 /// Returns a human readable description of this object suitable for 594 /// debugging. 595 /*/ 596 char *pgp_user_id_amalgamation_debug (const pgp_user_id_amalgamation_t ua); 597 598 /*/ 599 /// Returns a copy of the user id. 600 /// 601 /// The caller must free the returned value. 602 /*/ 603 pgp_packet_t pgp_valid_user_id_amalgamation_user_id 604 (pgp_valid_user_id_amalgamation_t ua); 605 606 /*/ 607 /// Returns the Valid UserID Amalgamation's revocation status. 608 /*/ 609 pgp_revocation_status_t pgp_valid_user_id_amalgamation_revocation_status 610 (pgp_valid_user_id_amalgamation_t ua); 611 612 /*/ 613 /// Returns a reference to the self-signature. 614 /*/ 615 pgp_signature_t pgp_valid_user_id_amalgamation_binding_signature 616 (pgp_valid_user_id_amalgamation_t ua); 617 618 /*/ 619 /// Changes the policy applied to the `ValidUserIDAmalgamation`. 620 /// 621 /// This consumes the UserID amalgamation. 622 /*/ 623 pgp_valid_user_id_amalgamation_t pgp_valid_user_id_amalgamation_with_policy 624 (pgp_error_t *errp, 625 pgp_valid_user_id_amalgamation_t ua, 626 pgp_policy_t policy, 627 time_t time); 628 629 /*/ 630 /// Frees the User ID Amalgamation. 631 /*/ 632 void pgp_valid_user_id_amalgamation_free (pgp_valid_user_id_amalgamation_t ua); 633 634 /*/ 635 /// Clones the UserID Amalgamation. 636 /*/ 637 pgp_valid_user_id_amalgamation_t pgp_valid_user_id_amalgamation_clone (pgp_valid_user_id_amalgamation_t ua); 638 639 /*/ 640 /// Returns a human readable description of this object suitable for 641 /// debugging. 642 /*/ 643 char *pgp_valid_user_id_amalgamation_debug (const pgp_valid_user_id_amalgamation_t ua); 644 645 /* openpgp::cert::UserIDIter. */ 646 647 /*/ 648 /// Returns the next element in the iterator. 649 /*/ 650 pgp_user_id_amalgamation_t pgp_cert_user_id_iter_next (pgp_cert_user_id_iter_t iter); 651 652 /*/ 653 /// Sets a policy. 654 /// 655 /// Only User IDs that are valid according to the policy at the 656 /// specified time are returned. 657 /*/ 658 pgp_cert_valid_user_id_iter_t pgp_cert_user_id_iter_policy 659 (pgp_cert_user_id_iter_t iter, pgp_policy_t policy, time_t when); 660 661 /*/ 662 /// Frees a pgp_cert_user_id_iter_t. 663 /*/ 664 void pgp_cert_user_id_iter_free (pgp_cert_user_id_iter_t iter); 665 666 /*/ 667 /// Returns the next element in the iterator. 668 /*/ 669 pgp_valid_user_id_amalgamation_t pgp_cert_valid_user_id_iter_next (pgp_cert_valid_user_id_iter_t iter); 670 671 /*/ 672 /// Frees a pgp_cert_valid_user_id_iter_t. 673 /*/ 674 void pgp_cert_valid_user_id_iter_free (pgp_cert_valid_user_id_iter_t iter); 675 676 /* openpgp::cert::KeyAmalgamationIter. */ 677 678 /*/ 679 /// Changes the iterator to only return keys that have secret keys. 680 /// 681 /// Note: you may not call this function after starting to iterate. 682 /*/ 683 void pgp_cert_key_iter_secret (pgp_cert_key_iter_t iter); 684 685 /*/ 686 /// Changes the iterator to only return keys that have unencrypted 687 /// secret keys. 688 /// 689 /// Note: you may not call this function after starting to iterate. 690 /*/ 691 void pgp_cert_key_iter_unencrypted_secret (pgp_cert_key_iter_t iter); 692 693 /*/ 694 /// Sets a policy. 695 /// 696 /// Only keys that are valid according to the policy at the specified 697 /// time are returned. 698 /*/ 699 pgp_cert_valid_key_iter_t pgp_cert_key_iter_policy 700 (pgp_cert_key_iter_t iter, pgp_policy_t policy, time_t when); 701 702 /*/ 703 /// Returns a key amalgamation for the next key. Returns NULL if there are no 704 /// more elements. 705 /*/ 706 pgp_key_amalgamation_t pgp_cert_key_iter_next (pgp_cert_key_iter_t iter); 707 708 /*/ 709 /// Frees an pgp_cert_key_iter_t. 710 /*/ 711 void pgp_cert_key_iter_free (pgp_cert_key_iter_t iter); 712 713 /*/ 714 /// Changes the iterator to only return keys that are certification 715 /// capable. 716 /// 717 /// If you call this function and, e.g., the `for_signing` 718 /// function, the *union* of the values is used. That is, the 719 /// iterator will return keys that are certification capable *or* 720 /// signing capable. 721 /// 722 /// Note: you may not call this function after starting to iterate. 723 /*/ 724 void pgp_cert_valid_key_iter_for_certification (pgp_cert_valid_key_iter_t iter); 725 726 /*/ 727 /// Changes the iterator to only return keys that are certification 728 /// capable. 729 /// 730 /// If you call this function and, e.g., the `for_signing` 731 /// function, the *union* of the values is used. That is, the 732 /// iterator will return keys that are certification capable *or* 733 /// signing capable. 734 /// 735 /// Note: you may not call this function after starting to iterate. 736 /*/ 737 void pgp_cert_valid_key_iter_for_signing (pgp_cert_valid_key_iter_t iter); 738 739 /*/ 740 /// Changes the iterator to only return keys that are capable of 741 /// encrypting data at rest. 742 /// 743 /// If you call this function and, e.g., the `for_signing` 744 /// function, the *union* of the values is used. That is, the 745 /// iterator will return keys that are certification capable *or* 746 /// signing capable. 747 /// 748 /// Note: you may not call this function after starting to iterate. 749 /*/ 750 void pgp_cert_valid_key_iter_for_storage_encryption (pgp_cert_valid_key_iter_t); 751 752 /*/ 753 /// Changes the iterator to only return keys that are capable of 754 /// encrypting data for transport. 755 /// 756 /// If you call this function and, e.g., the `for_signing` 757 /// function, the *union* of the values is used. That is, the 758 /// iterator will return keys that are certification capable *or* 759 /// signing capable. 760 /// 761 /// Note: you may not call this function after starting to iterate. 762 /*/ 763 void pgp_cert_valid_key_iter_for_transport_encryption (pgp_cert_valid_key_iter_t); 764 765 /*/ 766 /// Changes the iterator to only return keys that are alive. 767 /// 768 /// If you call this function, only the last value is used. 769 /// 770 /// Note: you may not call this function after starting to iterate. 771 /*/ 772 void pgp_cert_valid_key_iter_alive (pgp_cert_valid_key_iter_t iter); 773 774 /*/ 775 /// Changes the iterator to only return keys that are revoked. 776 /// 777 /// Note: you may not call this function after starting to iterate. 778 /*/ 779 void pgp_cert_valid_key_iter_revoked (pgp_cert_valid_key_iter_t iter, bool revoked); 780 781 /*/ 782 /// Changes the iterator to only return keys that are not revoked. 783 /// 784 /// Note: you may not call this function after starting to iterate. 785 /*/ 786 void pgp_cert_valid_key_iter_secret (pgp_cert_valid_key_iter_t iter); 787 788 /*/ 789 /// Changes the iterator to only return keys that have unencrypted 790 /// secret keys. 791 /// 792 /// Note: you may not call this function after starting to iterate. 793 /*/ 794 void pgp_cert_valid_key_iter_unencrypted_secret (pgp_cert_valid_key_iter_t iter); 795 796 /*/ 797 /// Returns a key amalgamation to the next key. Returns NULL if there are no 798 /// more elements. 799 /// 800 /// If signature is not NULL, stores the current self-signature (if 801 /// any) in *signature. (Note: subkeys always have signatures, but a 802 /// primary key may not have a direct signature, and there might not 803 /// be any user ids.) 804 /// 805 /// If rev is not NULL, this stores the key's revocation status in 806 /// *rev. 807 /*/ 808 pgp_valid_key_amalgamation_t pgp_cert_valid_key_iter_next 809 (pgp_cert_valid_key_iter_t iter, 810 pgp_signature_t *signature, 811 pgp_revocation_status_t *rev); 812 813 /*/ 814 /// Frees an pgp_cert_valid_key_iter_t. 815 /*/ 816 void pgp_cert_valid_key_iter_free (pgp_cert_valid_key_iter_t iter); 817 818 /* openpgp::cert. */ 819 820 /*/ 821 /// Returns the first Cert encountered in the reader. 822 /*/ 823 pgp_cert_t pgp_cert_from_reader (pgp_error_t *errp, 824 pgp_reader_t reader); 825 826 /*/ 827 /// Returns the first Cert encountered in the file. 828 /*/ 829 pgp_cert_t pgp_cert_from_file (pgp_error_t *errp, 830 const char *filename); 831 832 /*/ 833 /// Returns the first Cert found in `m`. 834 /// 835 /// Consumes `m`. 836 /*/ 837 pgp_cert_t pgp_cert_from_packet_pile (pgp_error_t *errp, 838 pgp_packet_pile_t m); 839 840 /*/ 841 /// Returns the first Cert found in `buf`. 842 /// 843 /// `buf` must be an OpenPGP-encoded Cert. 844 /*/ 845 pgp_cert_t pgp_cert_from_bytes (pgp_error_t *errp, 846 const uint8_t *b, size_t len); 847 848 /*/ 849 /// Returns the first Cert found in the packet parser. 850 /// 851 /// Consumes the packet parser result. 852 /*/ 853 pgp_cert_t pgp_cert_from_packet_parser (pgp_error_t *errp, 854 pgp_packet_parser_result_t ppr); 855 856 /*/ 857 /// Frees the Cert. 858 /*/ 859 void pgp_cert_free (pgp_cert_t cert); 860 861 /*/ 862 /// Clones the Cert. 863 /*/ 864 pgp_cert_t pgp_cert_clone (pgp_cert_t cert); 865 866 /*/ 867 /// Compares Certs. 868 /*/ 869 bool pgp_cert_equal (const pgp_cert_t a, const pgp_cert_t b); 870 871 /*/ 872 /// Returns a human readable description of this object intended for 873 /// communication with end users. 874 /*/ 875 char *pgp_cert_to_string (const pgp_cert_t fp); 876 877 /*/ 878 /// Returns a human readable description of this object suitable for 879 /// debugging. 880 /*/ 881 char *pgp_cert_debug (const pgp_cert_t cert); 882 883 /*/ 884 /// Serializes the Cert. 885 /*/ 886 pgp_status_t pgp_cert_serialize (pgp_error_t *errp, 887 const pgp_cert_t cert, 888 pgp_writer_t writer); 889 890 /*/ 891 /// Merges `other` into `cert`. 892 /// 893 /// If `other` is a different key, then nothing is merged into 894 /// `cert`, but `cert` is still canonicalized. 895 /// 896 /// Consumes `cert` and `other`. 897 /*/ 898 pgp_cert_t pgp_cert_merge (pgp_error_t *errp, 899 pgp_cert_t cert, 900 pgp_cert_t other); 901 902 /*/ 903 /// Adds packets to the Cert. 904 /// 905 /// This recanonicalizes the Cert. If the packets are invalid, they 906 /// are dropped. 907 /// 908 /// Consumes `cert` and the packets in `packets`. The buffer, however, 909 /// must be freed by the caller. 910 /*/ 911 pgp_cert_t pgp_cert_merge_packets (pgp_error_t *errp, 912 pgp_cert_t cert, 913 pgp_packet_t *packets, 914 size_t packets_len); 915 916 /*/ 917 /// Returns the fingerprint. 918 /*/ 919 pgp_fingerprint_t pgp_cert_fingerprint (const pgp_cert_t cert); 920 921 922 /*/ 923 /// Derive a [`TSK`] object from this key. 924 /// 925 /// This object writes out secret keys during serialization. 926 /// 927 /// [`TSK`]: cert/struct.TSK.html 928 /*/ 929 pgp_tsk_t pgp_cert_as_tsk (pgp_cert_t cert); 930 931 /*/ 932 /// Returns a reference to the Cert's primary key. 933 /// 934 /// The cert still owns the key. The caller should neither modify nor 935 /// free the key. 936 /*/ 937 pgp_key_t pgp_cert_primary_key (pgp_cert_t cert); 938 939 /*/ 940 /// Returns the Cert's revocation status at the specified time. 941 /// 942 /// Note: this only returns whether the Cert has been revoked, and does 943 /// not reflect whether an individual user id, user attribute or 944 /// subkey has been revoked. 945 /// 946 /// If `when` is 0, then returns the Cert's revocation status as of the 947 /// time of the call. 948 /*/ 949 pgp_revocation_status_t pgp_cert_revocation_status (pgp_cert_t cert, 950 pgp_policy_t policy, time_t when); 951 952 /*/ 953 /// Returns a new revocation certificate for the Cert. 954 /// 955 /// This function does *not* consume `cert`. 956 /*/ 957 pgp_signature_t pgp_cert_revoke (pgp_error_t *errp, 958 pgp_cert_t cert, 959 pgp_signer_t primary_signer, 960 pgp_reason_for_revocation_t code, 961 const char *reason); 962 963 /*/ 964 /// Returns a new revocation certificate for the Cert. 965 /// 966 /// This function consumes `cert` and returns a new `Cert`. 967 /*/ 968 pgp_cert_t pgp_cert_revoke_in_place (pgp_error_t *errp, 969 pgp_cert_t cert, 970 pgp_signer_t primary_signer, 971 pgp_reason_for_revocation_t code, 972 const char *reason); 973 974 /*/ 975 /// Returns whether the Cert is alive at the specified time. 976 /// 977 /// If `when` is 0, then the current time is used. 978 /*/ 979 pgp_status_t pgp_cert_alive(pgp_error_t *errp, pgp_cert_t cert, 980 pgp_policy_t policy, time_t when); 981 982 /*/ 983 /// Sets the key to expire at the given time. 984 /// 985 /// This function consumes `cert` and returns a new `Cert`. 986 /*/ 987 pgp_cert_t pgp_cert_set_expiration_time(pgp_error_t *errp, 988 pgp_cert_t cert, 989 pgp_policy_t policy, 990 pgp_signer_t signer, 991 time_t expiry); 992 993 /*/ 994 /// Returns whether the Cert includes any secret key material. 995 /*/ 996 int pgp_cert_is_tsk(pgp_cert_t cert); 997 998 /*/ 999 /// Returns an iterator over the `UserID`s. 1000 /*/ 1001 pgp_cert_user_id_iter_t pgp_cert_user_id_iter (pgp_cert_t cert); 1002 1003 /*/ 1004 /// Returns an iterator over the valid `UserID`s. 1005 /*/ 1006 pgp_cert_valid_user_id_iter_t pgp_cert_valid_user_id_iter (pgp_cert_t cert, 1007 pgp_policy_t policy, 1008 time_t when); 1009 1010 /*/ 1011 /// Returns an iterator over all `Key`s in a Cert. 1012 /// 1013 /// That is, this returns an iterator over the primary key and any 1014 /// subkeys. 1015 /*/ 1016 pgp_cert_key_iter_t pgp_cert_key_iter (pgp_cert_t cert); 1017 1018 /*/ 1019 /// Returns an iterator over all valid `Key`s in a Cert. 1020 /// 1021 /// That is, this returns an iterator over the primary key and any 1022 /// subkeys that are valid (i.e., have a self-signature at time 1023 /// `when`). 1024 /*/ 1025 pgp_cert_valid_key_iter_t pgp_cert_valid_key_iter 1026 (pgp_cert_t cert, pgp_policy_t policy, time_t when); 1027 1028 /*/ 1029 /// Returns the Cert's primary user id (if any). 1030 /*/ 1031 char *pgp_cert_primary_user_id(pgp_cert_t cert, pgp_policy_t policy, 1032 time_t when); 1033 1034 /*/ 1035 /// Returns a CertParser. 1036 /// 1037 /// A Cert parser parses a keyring, which is simply zero or more Certs 1038 /// concatenated together. 1039 /*/ 1040 pgp_cert_parser_t pgp_cert_parser_from_bytes(pgp_error_t *errp, 1041 char *buf, size_t len); 1042 1043 /*/ 1044 /// Returns a CertParser. 1045 /// 1046 /// A Cert parser parses a keyring, which is simply zero or more Certs 1047 /// concatenated together. 1048 /*/ 1049 pgp_cert_parser_t pgp_cert_parser_from_packet_parser(pgp_packet_parser_result_t ppr); 1050 1051 /*/ 1052 /// Returns the next Cert, if any. 1053 /// 1054 /// If there is an error parsing the Cert, it is returned in *errp. 1055 /// 1056 /// If this function returns NULL and does not set *errp, then the end 1057 /// of the file was reached. 1058 /*/ 1059 pgp_cert_t pgp_cert_parser_next(pgp_error_t *errp, pgp_cert_parser_t parser); 1060 1061 /*/ 1062 /// Frees an pgp_cert_parser_t. 1063 /*/ 1064 void pgp_cert_parser_free (pgp_cert_parser_t parser); 1065 1066 /* CertBuilder */ 1067 1068 /*/ 1069 /// Creates a new `pgp_cert_builder_t`. 1070 /// 1071 /// The returned CertBuilder is setup to only create a 1072 /// certification-capable primary key using the default cipher suite. 1073 /// You'll almost certainly want to add subkeys, and user ids. 1074 /*/ 1075 pgp_cert_builder_t pgp_cert_builder_new(void); 1076 1077 /*/ 1078 /// Generates a general-purpose key. 1079 /// 1080 /// The key's primary key is certification- and signature-capable. 1081 /// The key has one subkey, an encryption-capable subkey. 1082 /*/ 1083 pgp_cert_builder_t pgp_cert_builder_general_purpose(pgp_cert_cipher_suite_t cs, 1084 const char *uid); 1085 1086 /*/ 1087 /// Frees an `pgp_cert_builder_t`. 1088 /*/ 1089 void pgp_cert_builder_free(pgp_cert_builder_t certb); 1090 1091 /*/ 1092 /// Sets the encryption and signature algorithms for primary and all 1093 /// subkeys. 1094 /*/ 1095 void pgp_cert_builder_set_cipher_suite(pgp_cert_builder_t *certb, 1096 pgp_cert_cipher_suite_t cs); 1097 1098 /*/ 1099 /// Sets the password for primary and all subkeys. 1100 /// 1101 /// `password` is a byte array. `password_len` is its length. 1102 /*/ 1103 void pgp_cert_builder_set_password(pgp_cert_builder_t *certb, 1104 const uint8_t *password, 1105 size_t password_len); 1106 1107 /*/ 1108 /// Adds a new user ID. The first user ID added replaces the default 1109 /// ID that is just the empty string. 1110 /*/ 1111 void pgp_cert_builder_add_userid(pgp_cert_builder_t *certb, const char *uid); 1112 1113 /*/ 1114 /// Adds a signing capable subkey. 1115 /*/ 1116 void pgp_cert_builder_add_signing_subkey(pgp_cert_builder_t *certb); 1117 1118 /*/ 1119 /// Adds an encryption capable subkey. 1120 /*/ 1121 void pgp_cert_builder_add_transport_encryption_subkey(pgp_cert_builder_t *certb); 1122 1123 /*/ 1124 /// Adds an certification capable subkey. 1125 /*/ 1126 void pgp_cert_builder_add_certification_subkey(pgp_cert_builder_t *certb); 1127 1128 /*/ 1129 /// Sets the creation time. 1130 /*/ 1131 void pgp_cert_builder_set_creation_time(pgp_cert_builder_t *certb, 1132 time_t when); 1133 1134 /*/ 1135 /// Generates the actual Cert. 1136 /// 1137 /// Consumes `certb`. 1138 /*/ 1139 pgp_status_t pgp_cert_builder_generate(pgp_error_t *errp, 1140 pgp_cert_builder_t certb, 1141 pgp_cert_t *cert, 1142 pgp_signature_t *revocation); 1143 1144 1145 /* KeyAmalgamation */ 1146 1147 /*/ 1148 /// Returns a reference to the Key Amalgamation's `Key`. 1149 /*/ 1150 pgp_key_t pgp_key_amalgamation_key (pgp_key_amalgamation_t ka); 1151 1152 /*/ 1153 /// Frees the Key Amalgamation. 1154 /*/ 1155 void pgp_key_amalgamation_free (pgp_key_amalgamation_t ka); 1156 1157 /*/ 1158 /// Clones the Key Amalgamation. 1159 /*/ 1160 pgp_key_amalgamation_t pgp_key_amalgamation_clone (pgp_key_amalgamation_t ka); 1161 1162 /*/ 1163 /// Returns a human readable description of this object suitable for 1164 /// debugging. 1165 /*/ 1166 char *pgp_key_amalgamation_debug (const pgp_key_amalgamation_t ka); 1167 1168 1169 /* ValidKeyAmalgamation */ 1170 1171 /*/ 1172 /// Returns a reference to the Valid Key Amalgamation's `Key`. 1173 /*/ 1174 pgp_key_t pgp_valid_key_amalgamation_key (pgp_valid_key_amalgamation_t ka); 1175 1176 /*/ 1177 /// Returns the Valid Key Amalgamation's revocation status. 1178 /*/ 1179 pgp_revocation_status_t pgp_valid_key_amalgamation_revocation_status (pgp_valid_key_amalgamation_t ka); 1180 1181 /*/ 1182 /// Returns a reference to the Valid Key Amalgamation's binding signature. 1183 /*/ 1184 pgp_signature_t pgp_valid_key_amalgamation_binding_signature (pgp_valid_key_amalgamation_t ka); 1185 1186 /*/ 1187 /// Creates one or more self-signatures that when merged with the 1188 /// certificate cause the key to expire at the specified time. 1189 /// 1190 /// The returned buffer must be freed using libc's allocator. 1191 /*/ 1192 pgp_status_t pgp_valid_key_amalgamation_set_expiration_time 1193 (pgp_error_t *errp, 1194 pgp_valid_key_amalgamation_t ka, 1195 pgp_signer_t signer, 1196 time_t time, 1197 pgp_signature_t **sigs, 1198 size_t *sig_count); 1199 1200 /*/ 1201 /// Changes the policy applied to the `ValidKeyAmalgamation`. 1202 /// 1203 /// This consumes the key amalgamation. 1204 /*/ 1205 pgp_valid_key_amalgamation_t pgp_valid_key_amalgamation_with_policy 1206 (pgp_error_t *errp, 1207 pgp_valid_key_amalgamation_t ka, 1208 pgp_policy_t policy, 1209 time_t time); 1210 1211 /*/ 1212 /// Frees the Valid Key Amalgamation. 1213 /*/ 1214 void pgp_valid_key_amalgamation_free (pgp_valid_key_amalgamation_t ka); 1215 1216 /*/ 1217 /// Clones the Valid Key Amalgamation. 1218 /*/ 1219 pgp_valid_key_amalgamation_t pgp_valid_key_amalgamation_clone (pgp_valid_key_amalgamation_t ka); 1220 1221 /*/ 1222 /// Returns a human readable description of this object suitable for 1223 /// debugging. 1224 /*/ 1225 char *pgp_valid_key_amalgamation_debug (const pgp_valid_key_amalgamation_t ka); 1226 1227 1228 /* TSK */ 1229 1230 /*/ 1231 /// Frees the TSK. 1232 /*/ 1233 void pgp_tsk_free (pgp_tsk_t tsk); 1234 1235 /*/ 1236 /// Serializes the TSK. 1237 /*/ 1238 pgp_status_t pgp_tsk_serialize (pgp_error_t *errp, 1239 const pgp_tsk_t tsk, 1240 pgp_writer_t writer); 1241 1242 /*/ 1243 /// Frees the key. 1244 /*/ 1245 void pgp_key_free (pgp_key_t key); 1246 1247 /*/ 1248 /// Clones the Key. 1249 /*/ 1250 pgp_key_t pgp_key_clone (pgp_key_t key); 1251 1252 /*/ 1253 /// Returns a human readable description of this object suitable for 1254 /// debugging. 1255 /*/ 1256 char *pgp_key_debug (const pgp_key_t key); 1257 1258 /*/ 1259 /// Compares Keys. 1260 /*/ 1261 bool pgp_key_equal (const pgp_key_t a, 1262 const pgp_key_t b); 1263 1264 /*/ 1265 /// Parses an object from the given reader. 1266 /*/ 1267 pgp_key_t pgp_key_from_reader (pgp_error_t *errp, 1268 pgp_reader_t reader); 1269 1270 /*/ 1271 /// Parses an object from the given file. 1272 /*/ 1273 pgp_key_t pgp_key_from_file (pgp_error_t *errp, 1274 const char *filename); 1275 1276 /*/ 1277 /// Parses an object from the given buffer. 1278 /*/ 1279 pgp_key_t pgp_key_from_bytes (pgp_error_t *errp, 1280 const uint8_t *b, size_t len); 1281 1282 /*/ 1283 /// Clones the key. 1284 /*/ 1285 pgp_key_t pgp_key_clone (pgp_key_t key); 1286 1287 /*/ 1288 /// Computes and returns the key's fingerprint as per Section 12.2 1289 /// of RFC 4880. 1290 /*/ 1291 pgp_fingerprint_t pgp_key_fingerprint (pgp_key_t key); 1292 1293 /*/ 1294 /// Computes and returns the key's key ID as per Section 12.2 of RFC 1295 /// 4880. 1296 /*/ 1297 pgp_keyid_t pgp_key_keyid (pgp_key_t key); 1298 1299 /*/ 1300 /// Returns the key's public key algorithm. 1301 /*/ 1302 pgp_public_key_algo_t pgp_key_public_key_algo(pgp_key_t key); 1303 1304 /*/ 1305 /// Returns the public key's size in bits. 1306 /*/ 1307 int pgp_key_public_key_bits(pgp_key_t key); 1308 1309 /*/ 1310 /// Creates a new key pair from a Key packet with an unencrypted 1311 /// secret key. 1312 /// 1313 /// # Errors 1314 /// 1315 /// Fails if the secret key is missing, or encrypted. 1316 /*/ 1317 pgp_key_pair_t pgp_key_into_key_pair (pgp_error_t *errp, pgp_key_t key); 1318 1319 /// Returns whether the secret key material is encrypted. 1320 /// 1321 /// Returns false if there is no secret key material. 1322 bool pgp_key_has_unencrypted_secret(pgp_key_t key); 1323 1324 /// Decrypts the secret key material. 1325 /// 1326 /// `password` is a byte array. `password_len` is its length. 1327 /// 1328 /// Returns false if there is no secret key material. 1329 /// 1330 /// This function takes ownership of `key`. On failure, `key` is 1331 /// deallocated. 1332 pgp_key_t pgp_key_decrypt_secret(pgp_error_t *errp, pgp_key_t key, 1333 const uint8_t *password, 1334 size_t password_len); 1335 1336 /*/ 1337 /// Constructs a User ID. 1338 /// 1339 /// This does a basic check and any necessary escaping to form a de 1340 /// facto User ID. Only the address is required. 1341 /*/ 1342 pgp_packet_t pgp_user_id_from_address (pgp_error_t *errp, 1343 const char *name, 1344 const char *comment, 1345 const char *address); 1346 1347 /*/ 1348 /// Constructs a User ID. 1349 /// 1350 /// This does a basic check and any necessary escaping to form a de 1351 /// facto User ID. The address is not checked. 1352 /// 1353 /// This is useful when you want to specify a URI instead of an 1354 /// email address. 1355 /*/ 1356 pgp_packet_t pgp_user_id_from_unchecked_address (pgp_error_t *errp, 1357 const char *name, 1358 const char *comment, 1359 const char *address); 1360 1361 /*/ 1362 /// Create a new User ID with the value `value`. 1363 /*/ 1364 pgp_packet_t pgp_user_id_new (const char *value); 1365 1366 /*/ 1367 /// Create a new User ID with the value `value`. 1368 /*/ 1369 pgp_packet_t pgp_user_id_from_raw (const char *value, size_t len); 1370 1371 /*/ 1372 /// Returns the value of the User ID Packet. 1373 /// 1374 /// The returned pointer is valid until `uid` is deallocated. If 1375 /// `value_len` is not `NULL`, the size of value is stored there. 1376 /*/ 1377 const uint8_t *pgp_user_id_value (pgp_packet_t uid, 1378 size_t *value_len); 1379 1380 /*/ 1381 /// Returns the User ID's name component, if any. 1382 /// 1383 /// The User ID is parsed according to de facto convention, and the 1384 /// name component is extracted. 1385 /// 1386 /// If the User ID cannot be parsed, then an error is returned. 1387 /// 1388 /// If the User ID does not contain a name component, *namep is set to 1389 /// NULL. 1390 /*/ 1391 pgp_status_t pgp_user_id_name(pgp_error_t *errp, pgp_packet_t uid, 1392 char **namep); 1393 1394 /*/ 1395 /// Returns the User ID's comment field, if any. 1396 /// 1397 /// The User ID is parsed according to de facto convention, and the 1398 /// comment field is extracted. 1399 /// 1400 /// If the User ID cannot be parsed, then an error is returned. 1401 /// 1402 /// If the User ID does not contain a comment, *commentp is set 1403 /// to NULL. 1404 /*/ 1405 pgp_status_t pgp_user_id_comment(pgp_error_t *errp, pgp_packet_t uid, 1406 char **commentp); 1407 1408 /*/ 1409 /// Returns the User ID's email address, if any. 1410 /// 1411 /// The User ID is parsed according to de facto convention, and the 1412 /// email address is extracted. 1413 /// 1414 /// If the User ID cannot be parsed, then an error is returned. 1415 /// 1416 /// If the User ID does not contain an email address, *addressp is set 1417 /// to NULL. 1418 /*/ 1419 pgp_status_t pgp_user_id_email(pgp_error_t *errp, pgp_packet_t uid, 1420 char **emailp); 1421 1422 /*/ 1423 /// Returns a normalized version of the UserID's email address. 1424 /// 1425 /// Normalized email addresses are primarily needed when email 1426 /// addresses are compared. 1427 /// 1428 /// Note: normalized email addresses are still valid email 1429 /// addresses. 1430 /// 1431 /// This function normalizes an email address by doing [puny-code 1432 /// normalization] on the domain, and lowercasing the local part in 1433 /// the so-called [empty locale]. 1434 /// 1435 /// Note: this normalization procedure is the same as the 1436 /// normalization procedure recommended by [Autocrypt]. 1437 /// 1438 /// [puny-code normalization]: https://tools.ietf.org/html/rfc5891.html#section-4.4 1439 /// [empty locale]: https://www.w3.org/International/wiki/Case_folding 1440 /// [Autocryt]: https://autocrypt.org/level1.html#e-mail-address-canonicalization 1441 /*/ 1442 pgp_status_t pgp_user_id_email_normalized(pgp_error_t *errp, pgp_packet_t uid, 1443 char **emailp); 1444 1445 /*/ 1446 /// Returns the User ID's URI, if any. 1447 /// 1448 /// The User ID is parsed according to de facto convention, and the 1449 /// URI is extracted. 1450 /// 1451 /// If the User ID cannot be parsed, then an error is returned. 1452 /// 1453 /// If the User ID does not contain a URI, *urip is set to NULL. 1454 /*/ 1455 pgp_status_t pgp_user_id_uri(pgp_error_t *errp, pgp_packet_t uid, 1456 char **uri); 1457 1458 /*/ 1459 /// Returns the value of the User Attribute Packet. 1460 /// 1461 /// The returned pointer is valid until `ua` is deallocated. If 1462 /// `value_len` is not `NULL`, the size of value is stored there. 1463 /*/ 1464 const uint8_t *pgp_user_attribute_value (pgp_packet_t ua, 1465 size_t *value_len); 1466 1467 /*/ 1468 /// Frees a pgp_user_id_t. 1469 /*/ 1470 void pgp_user_id_free (pgp_user_id_t userid); 1471 1472 /*/ 1473 /// Clones the UserID. 1474 /*/ 1475 pgp_user_id_t pgp_user_id_clone (pgp_user_id_t userid); 1476 1477 /*/ 1478 /// Returns a human readable description of this object suitable for 1479 /// debugging. 1480 /*/ 1481 char *pgp_user_id_debug (const pgp_user_id_t userid); 1482 1483 /*/ 1484 /// Compares passwords. 1485 /*/ 1486 bool pgp_user_id_equal (const pgp_user_id_t a, const pgp_user_id_t b); 1487 1488 /*/ 1489 /// Returns the session key. 1490 /// 1491 /// `key` of size `key_len` must be a buffer large enough to hold the 1492 /// session key. If `key` is NULL, or not large enough, then the key 1493 /// is not written to it. Either way, `key_len` is set to the size of 1494 /// the session key. 1495 /*/ 1496 pgp_status_t pgp_skesk_decrypt (pgp_error_t *errp, pgp_packet_t skesk, 1497 const uint8_t *password, size_t password_len, 1498 uint8_t *algo, /* XXX */ 1499 uint8_t *key, size_t *key_len); 1500 1501 /*/ 1502 /// Returns the key's creation time. 1503 /*/ 1504 time_t pgp_key_creation_time (pgp_key_t p); 1505 1506 /* openpgp::parse. */ 1507 1508 /*/ 1509 /// Starts parsing an OpenPGP message stored in a `pgp_reader_t` object. 1510 /*/ 1511 pgp_packet_parser_result_t pgp_packet_parser_from_reader (pgp_error_t *errp, 1512 pgp_reader_t reader); 1513 1514 /*/ 1515 /// Starts parsing an OpenPGP message stored in a file named `path`. 1516 /*/ 1517 pgp_packet_parser_result_t pgp_packet_parser_from_file (pgp_error_t *errp, 1518 const char *filename); 1519 1520 /*/ 1521 /// Starts parsing an OpenPGP message stored in a buffer. 1522 /*/ 1523 pgp_packet_parser_result_t pgp_packet_parser_from_bytes (pgp_error_t *errp, 1524 const uint8_t *b, 1525 size_t len); 1526 1527 /// Returns the current packet's tag. 1528 /// 1529 /// This is a convenience function to inspect the containing packet, 1530 /// without turning the `PacketParserResult` into a `PacketParser`. 1531 /// 1532 /// This function does not consume the ppr. 1533 /// 1534 /// Returns 0 if the PacketParserResult does not contain a packet. 1535 pgp_tag_t pgp_packet_parser_result_tag(pgp_packet_parser_result_t ppr); 1536 1537 /*/ 1538 /// If the `PacketParserResult` contains a `PacketParser`, returns it, 1539 /// otherwise, returns NULL. 1540 /// 1541 /// If the `PacketParser` reached EOF, then the `PacketParserResult` 1542 /// contains a `PacketParserEOF` and you should use 1543 /// `pgp_packet_parser_result_eof` to get it. 1544 /// 1545 /// If this function returns a `PacketParser`, then it consumes the 1546 /// `PacketParserResult` and ownership of the `PacketParser` is 1547 /// returned to the caller, i.e., the caller is responsible for 1548 /// ensuring that the `PacketParser` is freed. 1549 /*/ 1550 pgp_packet_parser_t pgp_packet_parser_result_packet_parser ( 1551 pgp_packet_parser_result_t ppr); 1552 1553 /*/ 1554 /// If the `PacketParserResult` contains a `PacketParserEOF`, returns 1555 /// it, otherwise, returns NULL. 1556 /// 1557 /// If the `PacketParser` did not yet reach EOF, then the 1558 /// `PacketParserResult` contains a `PacketParser` and you should use 1559 /// `pgp_packet_parser_result_packet_parser` to get it. 1560 /// 1561 /// If this function returns a `PacketParserEOF`, then it consumes the 1562 /// `PacketParserResult` and ownership of the `PacketParserEOF` is 1563 /// returned to the caller, i.e., the caller is responsible for 1564 /// ensuring that the `PacketParserEOF` is freed. 1565 /*/ 1566 pgp_packet_parser_eof_t pgp_packet_parser_result_eof ( 1567 pgp_packet_parser_result_t ppr); 1568 1569 /*/ 1570 /// Frees the packet parser result. 1571 /*/ 1572 void pgp_packet_parser_result_free (pgp_packet_parser_result_t ppr); 1573 1574 /*/ 1575 /// Frees the packet parser. 1576 /*/ 1577 void pgp_packet_parser_free (pgp_packet_parser_t pp); 1578 1579 /*/ 1580 /// Returns whether the message is a well-formed OpenPGP message. 1581 /// 1582 /// If the message is not well-formed, `*errp` explains why this is 1583 /// not the case. 1584 /*/ 1585 bool pgp_packet_parser_eof_is_message(pgp_error_t *errp, 1586 pgp_packet_parser_eof_t eof); 1587 1588 /*/ 1589 /// Frees the packet parser EOF object. 1590 /*/ 1591 void pgp_packet_parser_eof_free (pgp_packet_parser_eof_t eof); 1592 1593 /*/ 1594 /// Returns a reference to the packet that is being parsed. 1595 /*/ 1596 pgp_packet_t pgp_packet_parser_packet (pgp_packet_parser_t pp); 1597 1598 /*/ 1599 /// Returns the current packet's recursion depth. 1600 /// 1601 /// A top-level packet has a recursion depth of 0. Packets in a 1602 /// top-level container have a recursion depth of 1, etc. 1603 /*/ 1604 uint8_t pgp_packet_parser_recursion_depth (pgp_packet_parser_t pp); 1605 1606 /*/ 1607 /// Finishes parsing the current packet and starts parsing the 1608 /// next one. 1609 /// 1610 /// This function finishes parsing the current packet. By 1611 /// default, any unread content is dropped. (See 1612 /// [`PacketParsererBuilder`] for how to configure this.) It then 1613 /// creates a new packet parser for the next packet. If the 1614 /// current packet is a container, this function does *not* 1615 /// recurse into the container, but skips any packets it contains. 1616 /// To recurse into the container, use the [`recurse()`] method. 1617 /// 1618 /// [`PacketParsererBuilder`]: parse/struct.PacketParserBuilder.html 1619 /// [`recurse()`]: #method.recurse 1620 /// 1621 /// The return value is a tuple containing: 1622 /// 1623 /// - A `Packet` holding the fully processed old packet; 1624 /// 1625 /// - A `PacketParser` holding the new packet; 1626 /// 1627 /// To determine the two packet's position within the parse tree, 1628 /// you can use `last_path()` and `path()`, respectively. To 1629 /// determine their depth, you can use `last_recursion_depth()` 1630 /// and `recursion_depth()`, respectively. 1631 /// 1632 /// Note: A recursion depth of 0 means that the packet is a 1633 /// top-level packet, a recursion depth of 1 means that the packet 1634 /// is an immediate child of a top-level-packet, etc. 1635 /// 1636 /// Since the packets are serialized in depth-first order and all 1637 /// interior nodes are visited, we know that if the recursion 1638 /// depth is the same, then the packets are siblings (they have a 1639 /// common parent) and not, e.g., cousins (they have a common 1640 /// grandparent). This is because, if we move up the tree, the 1641 /// only way to move back down is to first visit a new container 1642 /// (e.g., an aunt). 1643 /// 1644 /// Using the two positions, we can compute the change in depth as 1645 /// new_depth - old_depth. Thus, if the change in depth is 0, the 1646 /// two packets are siblings. If the value is 1, the old packet 1647 /// is a container, and the new packet is its first child. And, 1648 /// if the value is -1, the new packet is contained in the old 1649 /// packet's grandparent. The idea is illustrated below: 1650 /// 1651 /// ```text 1652 /// ancestor 1653 /// | \ 1654 /// ... -n 1655 /// | 1656 /// grandparent 1657 /// | \ 1658 /// parent -1 1659 /// | \ 1660 /// packet 0 1661 /// | 1662 /// 1 1663 /// ``` 1664 /// 1665 /// Note: since this function does not automatically recurse into 1666 /// a container, the change in depth will always be non-positive. 1667 /// If the current container is empty, this function DOES pop that 1668 /// container off the container stack, and returns the following 1669 /// packet in the parent container. 1670 /// 1671 /// The items of the tuple are returned in out-parameters. If you do 1672 /// not wish to receive the value, pass `NULL` as the parameter. 1673 /// 1674 /// Consumes the given packet parser. 1675 /*/ 1676 pgp_status_t pgp_packet_parser_next (pgp_error_t *errp, 1677 pgp_packet_parser_t pp, 1678 pgp_packet_t *old_packet, 1679 pgp_packet_parser_result_t *ppr); 1680 1681 /*/ 1682 /// Finishes parsing the current packet and starts parsing the 1683 /// next one, recursing if possible. 1684 /// 1685 /// This method is similar to the [`next()`] method (see that 1686 /// method for more details), but if the current packet is a 1687 /// container (and we haven't reached the maximum recursion depth, 1688 /// and the user hasn't started reading the packet's contents), we 1689 /// recurse into the container, and return a `PacketParser` for 1690 /// its first child. Otherwise, we return the next packet in the 1691 /// packet stream. If this function recurses, then the new 1692 /// packet's position will be old_position + 1; because we always 1693 /// visit interior nodes, we can't recurse more than one level at 1694 /// a time. 1695 /// 1696 /// [`next()`]: #method.next 1697 /// 1698 /// The items of the tuple are returned in out-parameters. If you do 1699 /// not wish to receive the value, pass `NULL` as the parameter. 1700 /// 1701 /// Consumes the given packet parser. 1702 /*/ 1703 pgp_status_t pgp_packet_parser_recurse (pgp_error_t *errp, 1704 pgp_packet_parser_t pp, 1705 pgp_packet_t *old_packet, 1706 pgp_packet_parser_result_t *ppr); 1707 1708 /*/ 1709 /// Causes the PacketParser to buffer the packet's contents. 1710 /// 1711 /// The packet's contents are stored in `packet.content`. In 1712 /// general, you should avoid buffering a packet's content and 1713 /// prefer streaming its content unless you are certain that the 1714 /// content is small. 1715 /*/ 1716 uint8_t *pgp_packet_parser_buffer_unread_content (pgp_error_t *errp, 1717 pgp_packet_parser_t pp, 1718 size_t *len); 1719 1720 /*/ 1721 /// Finishes parsing the current packet. 1722 /// 1723 /// By default, this drops any unread content. Use, for instance, 1724 /// `PacketParserBuild` to customize the default behavior. 1725 /*/ 1726 pgp_status_t pgp_packet_parser_finish (pgp_error_t *errp, 1727 pgp_packet_parser_t pp, 1728 pgp_packet_t **packet); 1729 1730 /*/ 1731 /// Tries to decrypt the current packet. 1732 /// 1733 /// On success, this function pushes one or more readers onto the 1734 /// `PacketParser`'s reader stack, and sets the packet's 1735 /// `decrypted` flag. 1736 /// 1737 /// If this function is called on a packet that does not contain 1738 /// encrypted data, or some of the data was already read, then it 1739 /// returns `Error::InvalidOperation`. 1740 /*/ 1741 pgp_status_t pgp_packet_parser_decrypt (pgp_error_t *errp, 1742 pgp_packet_parser_t pp, 1743 uint8_t algo, /* XXX */ 1744 uint8_t *key, size_t key_len); 1745 1746 /*/ 1747 /// Streams an OpenPGP message. 1748 /*/ 1749 pgp_writer_stack_t pgp_writer_stack_message (pgp_writer_t writer); 1750 1751 /*/ 1752 /// Writes up to `len` bytes of `buf` into `writer`. 1753 /*/ 1754 ssize_t pgp_writer_stack_write (pgp_error_t *errp, pgp_writer_stack_t writer, 1755 const uint8_t *buf, size_t len); 1756 1757 /*/ 1758 /// Writes up to `len` bytes of `buf` into `writer`. 1759 /// 1760 /// Unlike pgp_writer_stack_write, unless an error occurs, the whole 1761 /// buffer will be written. Also, this version automatically catches 1762 /// EINTR. 1763 /*/ 1764 pgp_status_t pgp_writer_stack_write_all (pgp_error_t *errp, 1765 pgp_writer_stack_t writer, 1766 const uint8_t *buf, size_t len); 1767 1768 /*/ 1769 /// Finalizes this writer, returning the underlying writer. 1770 /*/ 1771 pgp_writer_stack_t pgp_writer_stack_finalize_one (pgp_error_t *errp, 1772 pgp_writer_stack_t writer); 1773 1774 /*/ 1775 /// Finalizes all writers, tearing down the whole stack. 1776 /*/ 1777 pgp_status_t pgp_writer_stack_finalize (pgp_error_t *errp, 1778 pgp_writer_stack_t writer); 1779 1780 /*/ 1781 /// Writes an arbitrary packet. 1782 /// 1783 /// This writer can be used to construct arbitrary OpenPGP packets. 1784 /// The body will be written using partial length encoding, or, if the 1785 /// body is short, using full length encoding. 1786 /*/ 1787 pgp_writer_stack_t pgp_arbitrary_writer_new (pgp_error_t *errp, 1788 pgp_writer_stack_t inner, 1789 pgp_tag_t tag); 1790 1791 /*/ 1792 /// Signs a packet stream. 1793 /// 1794 /// For every signing key, a signer writes a one-pass-signature 1795 /// packet, then hashes and emits the data stream, then for every key 1796 /// writes a signature packet. 1797 /// 1798 /// The signers are consumed. 1799 /// 1800 /// The hash is performed using the algorithm specified in 1801 /// `hash_algo`. Pass 0 for the default (which is what you usually 1802 /// want). 1803 /*/ 1804 pgp_writer_stack_t pgp_signer_new (pgp_error_t *errp, 1805 pgp_writer_stack_t inner, 1806 pgp_signer_t *signers, size_t signers_len, 1807 uint8_t hash_algo); 1808 1809 /*/ 1810 /// Creates a signer for a detached signature. 1811 /*/ 1812 pgp_writer_stack_t pgp_signer_new_detached (pgp_error_t *errp, 1813 pgp_writer_stack_t inner, 1814 pgp_signer_t *signers, 1815 size_t signers_len, 1816 uint8_t hash_algo); 1817 1818 /*/ 1819 /// Writes a literal data packet. 1820 /// 1821 /// The body will be written using partial length encoding, or, if the 1822 /// body is short, using full length encoding. 1823 /*/ 1824 pgp_writer_stack_t pgp_literal_writer_new (pgp_error_t *errp, 1825 pgp_writer_stack_t inner); 1826 1827 /*/ 1828 /// Creates a new encryptor. 1829 /// 1830 /// The stream will be encrypted using a generated session key, 1831 /// which will be encrypted using the given passwords, and all 1832 /// encryption-capable subkeys of the given Certs. 1833 /*/ 1834 pgp_writer_stack_t pgp_encryptor_new (pgp_error_t *errp, 1835 pgp_writer_stack_t inner, 1836 char **passwords, 1837 size_t passwords_len, 1838 pgp_recipient_t *recipients, 1839 size_t recipients_len, 1840 uint8_t cipher_algo, 1841 uint8_t aead_algo); 1842 1843 /*/ 1844 /// Frees this object. 1845 /*/ 1846 void pgp_message_structure_free (pgp_message_structure_t); 1847 1848 /*/ 1849 /// Returns a human readable description of this object suitable for 1850 /// debugging. 1851 /*/ 1852 char *pgp_message_structure_debug (const pgp_message_structure_t); 1853 1854 pgp_message_structure_iter_t 1855 pgp_message_structure_into_iter (pgp_message_structure_t); 1856 1857 /*/ 1858 /// Frees this object. 1859 /*/ 1860 void pgp_message_structure_iter_free (pgp_message_structure_iter_t); 1861 1862 pgp_message_layer_t 1863 pgp_message_structure_iter_next (pgp_message_structure_iter_t); 1864 1865 /*/ 1866 /// Frees this object. 1867 /*/ 1868 void pgp_message_layer_free (pgp_message_layer_t); 1869 1870 /*/ 1871 /// Returns a human readable description of this object suitable for 1872 /// debugging. 1873 /*/ 1874 char *pgp_message_layer_debug (const pgp_message_layer_t); 1875 1876 /*/ 1877 /// Returns the message layer variant. 1878 /*/ 1879 pgp_message_layer_variant_t 1880 pgp_message_layer_variant (pgp_message_layer_t); 1881 1882 /*/ 1883 /// Return the fields of the variants. 1884 /*/ 1885 bool pgp_message_layer_compression (pgp_message_layer_t, uint8_t *); 1886 bool pgp_message_layer_encryption (pgp_message_layer_t, uint8_t *, uint8_t *); 1887 bool pgp_message_layer_signature_group (pgp_message_layer_t, 1888 pgp_verification_result_iter_t *); 1889 1890 /*/ 1891 /// Frees this object. 1892 /*/ 1893 void pgp_verification_result_iter_free (pgp_verification_result_iter_t); 1894 1895 pgp_verification_result_t 1896 pgp_verification_result_iter_next (pgp_verification_result_iter_t); 1897 1898 /*/ 1899 /// Frees this object. 1900 /*/ 1901 void pgp_verification_result_free (pgp_verification_result_t); 1902 1903 /*/ 1904 /// Returns a human readable description of this object suitable for 1905 /// debugging. 1906 /*/ 1907 char *pgp_verification_result_debug (const pgp_verification_result_t); 1908 1909 /*/ 1910 /// Returns the verification result variant. 1911 /*/ 1912 pgp_verification_result_variant_t pgp_verification_result_variant ( 1913 pgp_verification_result_t r); 1914 1915 /*/ 1916 /// Return the fields of the variants. 1917 /*/ 1918 bool pgp_verification_result_good_checksum (pgp_verification_result_t, 1919 pgp_signature_t *, 1920 pgp_cert_t *, 1921 pgp_key_t *, 1922 pgp_signature_t *, 1923 pgp_revocation_status_t *); 1924 bool pgp_verification_result_malformed_signature (pgp_verification_result_t, 1925 pgp_signature_t *, 1926 pgp_error_t *); 1927 bool pgp_verification_result_missing_key (pgp_verification_result_t, 1928 pgp_signature_t *); 1929 bool pgp_verification_result_unbound_key (pgp_verification_result_t, 1930 pgp_signature_t *, 1931 pgp_cert_t *, 1932 pgp_error_t *); 1933 bool pgp_verification_result_bad_key (pgp_verification_result_t, 1934 pgp_signature_t *, 1935 pgp_cert_t *, 1936 pgp_key_t *, 1937 pgp_signature_t *, 1938 pgp_revocation_status_t *, 1939 pgp_error_t *); 1940 bool pgp_verification_result_bad_signature (pgp_verification_result_t, 1941 pgp_signature_t *, 1942 pgp_cert_t *, 1943 pgp_key_t *, 1944 pgp_signature_t *, 1945 pgp_revocation_status_t *, 1946 pgp_error_t *); 1947 1948 /*/ 1949 /// Decrypts an OpenPGP message. 1950 /// 1951 /// The message is read from `input` and the content of the 1952 /// `LiteralData` packet is written to output. Note: the content is 1953 /// written even if the message is not encrypted. You can determine 1954 /// whether the message was actually decrypted by recording whether 1955 /// the get_secret_keys callback was called in the cookie. 1956 /// 1957 /// The function takes three callbacks. The `cookie` is passed as the 1958 /// first parameter to each of them. 1959 /// 1960 /// Note: all of the parameters are required; none may be NULL. 1961 /*/ 1962 pgp_reader_t pgp_decryptor_new (pgp_error_t *errp, 1963 pgp_policy_t policy, 1964 pgp_reader_t input, 1965 pgp_decryptor_get_certs_cb_t get_certs, 1966 pgp_decryptor_decrypt_cb_t decrypt, 1967 pgp_decryptor_check_cb_t check, 1968 pgp_decryptor_inspect_cb_t inspect, 1969 void *cookie, time_t time); 1970 1971 /*/ 1972 /// Verifies an OpenPGP message. 1973 /// 1974 /// No attempt is made to decrypt any encryption packets. These are 1975 /// treated as opaque containers. 1976 /*/ 1977 pgp_reader_t pgp_verifier_new (pgp_error_t *errp, 1978 pgp_policy_t policy, 1979 pgp_reader_t input, 1980 pgp_decryptor_get_certs_cb_t get_certs, 1981 pgp_decryptor_check_cb_t check, 1982 pgp_decryptor_inspect_cb_t inspect, 1983 void *cookie, time_t time); 1984 1985 /*/ 1986 /// Verifies a detached OpenPGP signature. 1987 /*/ 1988 pgp_detached_verifier_t pgp_detached_verifier_new (pgp_error_t *errp, 1989 pgp_policy_t policy, 1990 pgp_reader_t signature_input, 1991 pgp_decryptor_get_certs_cb_t get_certs, 1992 pgp_decryptor_check_cb_t check, 1993 pgp_decryptor_inspect_cb_t inspect, 1994 void *cookie, time_t time); 1995 1996 /*/ 1997 /// Frees this object. 1998 /*/ 1999 void pgp_detached_verifier_free (pgp_detached_verifier_t); 2000 2001 /*/ 2002 /// Verifies `data` using `verifier`. 2003 /*/ 2004 pgp_status_t pgp_detached_verifier_verify (pgp_error_t *errp, 2005 pgp_detached_verifier_t verifier, 2006 pgp_reader_t data); 2007 2008 /*/ 2009 /// Returns a new standard policy. 2010 /*/ 2011 pgp_policy_t pgp_standard_policy (); 2012 2013 /*/ 2014 /// Clones the object. 2015 /*/ 2016 pgp_policy_t pgp_standard_policy_clone (pgp_standard_policy_t); 2017 2018 /*/ 2019 /// Frees this object. 2020 /*/ 2021 void pgp_standard_policy_free (pgp_standard_policy_t); 2022 2023 /*/ 2024 /// Returns a human readable description of this object suitable for 2025 /// debugging. 2026 /*/ 2027 char *pgp_standard_policy_debug (const pgp_standard_policy_t); 2028 2029 /*/ 2030 /// Returns a new null policy. 2031 /*/ 2032 pgp_policy_t pgp_null_policy (); 2033 2034 /*/ 2035 /// Clones the object. 2036 /*/ 2037 pgp_policy_t pgp_null_policy_clone (pgp_null_policy_t); 2038 2039 /*/ 2040 /// Frees this object. 2041 /*/ 2042 void pgp_null_policy_free (pgp_null_policy_t); 2043 2044 /*/ 2045 /// Returns a human readable description of this object suitable for 2046 /// debugging. 2047 /*/ 2048 char *pgp_null_policy_debug (const pgp_null_policy_t); 2049 2050 /*/ 2051 /// Clones the object. 2052 /*/ 2053 pgp_policy_t pgp_policy_clone (pgp_policy_t); 2054 2055 /*/ 2056 /// Frees this object. 2057 /*/ 2058 void pgp_policy_free (pgp_policy_t); 2059 2060 /*/ 2061 /// Returns a human readable description of this object suitable for 2062 /// debugging. 2063 /*/ 2064 char *pgp_policy_debug (const pgp_policy_t); 2065 2066 #endif 2067