2025-03-05 Niels Möller <nisse@lysator.liu.se>
+ Delete incomplete and old openpgp support.
+ * pgp-encode.c: Deleted file.
+ * pgp.h: Deleted file.
+ * rsa2openpgp.c: Deleted file.
+ * rsa.h (rsa_keypair_to_openpgp): Delete declaration.
+ * Makefile.in (hogweed_SOURCES): Delete pgp-encode.c and rsa2openpgp.c.
+ (HEADERS): Delete pgp.h.
+
* md5-compat.c (MD5Init, MD5Update, MD5Final): Delete file and
functions. Also delete corresponding header file, tests, and
documentation.
dsa-sha1-sign.c dsa-sha1-verify.c \
dsa-sha256-sign.c dsa-sha256-verify.c \
dsa2sexp.c sexp2dsa.c \
- pgp-encode.c rsa2openpgp.c \
der-iterator.c der2rsa.c der2dsa.c \
sec-add-1.c sec-sub-1.c \
gmp-glue.c cnd-copy.c \
memops.h memxor.h \
nettle-meta.h nettle-types.h \
ocb.h pbkdf2.h \
- pgp.h pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \
+ pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \
salsa20.h sexp.h serpent.h \
sha.h sha1.h sha2.h sha3.h sm3.h sm4.h streebog.h twofish.h \
umac.h yarrow.h xts.h poly1305.h nist-keywrap.h \
+++ /dev/null
-/* pgp-encode.c
-
- PGP related functions.
-
- Copyright (C) 2001, 2002 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pgp.h"
-
-#include "base64.h"
-#include "buffer.h"
-#include "macros.h"
-#include "rsa.h"
-
-int
-pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i)
-{
- uint8_t *p = nettle_buffer_space(buffer, 4);
- if (!p)
- return 0;
-
- WRITE_UINT32(p, i);
- return 1;
-}
-
-int
-pgp_put_uint16(struct nettle_buffer *buffer, unsigned i)
-{
- uint8_t *p = nettle_buffer_space(buffer, 2);
- if (!p)
- return 0;
-
- WRITE_UINT16(p, i);
- return 1;
-}
-
-int
-pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x)
-{
- unsigned bits = mpz_sizeinbase(x, 2);
- unsigned octets = (bits + 7) / 8;
-
- uint8_t *p;
-
- /* FIXME: What's the correct representation of zero? */
- if (!pgp_put_uint16(buffer, bits))
- return 0;
-
- p = nettle_buffer_space(buffer, octets);
-
- if (!p)
- return 0;
-
- nettle_mpz_get_str_256(octets, p, x);
-
- return 1;
-}
-
-int
-pgp_put_string(struct nettle_buffer *buffer,
- unsigned length,
- const uint8_t *s)
-{
- return nettle_buffer_write(buffer, length, s);
-}
-
-#if 0
-static unsigned
-length_field(unsigned length)
-{
- if (length < PGP_LENGTH_TWO_OCTET)
- return 1;
- else if (length < PGP_LENGTH_FOUR_OCTETS)
- return 2;
- else return 4;
-}
-#endif
-
-/* bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
- * ==> bodyLen - 192 + 192 << 8 = (1st_octet << 8) + (2nd_octet)
- */
-
-#define LENGTH_TWO_OFFSET (192 * 255)
-
-int
-pgp_put_length(struct nettle_buffer *buffer,
- unsigned length)
-{
- if (length < PGP_LENGTH_TWO_OCTETS)
- return NETTLE_BUFFER_PUTC(buffer, length);
-
- else if (length < PGP_LENGTH_FOUR_OCTETS)
- return pgp_put_uint16(buffer, length + LENGTH_TWO_OFFSET);
- else
- return NETTLE_BUFFER_PUTC(buffer, 0xff) && pgp_put_uint32(buffer, length);
-}
-
-/* Uses the "new" packet format */
-int
-pgp_put_header(struct nettle_buffer *buffer,
- unsigned tag, unsigned length)
-{
- assert(tag < 0x40);
-
- return (NETTLE_BUFFER_PUTC(buffer, 0xC0 | tag)
- && pgp_put_length(buffer, length));
-}
-
-/* FIXME: Should we abort or return error if the length and the field
- * size don't match? */
-void
-pgp_put_header_length(struct nettle_buffer *buffer,
- /* start of the header */
- unsigned start,
- unsigned field_size)
-{
- unsigned length;
- switch (field_size)
- {
- case 1:
- length = buffer->size - (start + 2);
- assert(length < PGP_LENGTH_TWO_OCTETS);
- buffer->contents[start + 1] = length;
- break;
- case 2:
- length = buffer->size - (start + 3);
- assert(length < PGP_LENGTH_FOUR_OCTETS
- && length >= PGP_LENGTH_TWO_OCTETS);
- WRITE_UINT16(buffer->contents + start + 1, length + LENGTH_TWO_OFFSET);
- break;
- case 4:
- length = buffer->size - (start + 5);
- WRITE_UINT32(buffer->contents + start + 2, length);
- break;
- default:
- abort();
- }
-}
-
-int
-pgp_put_userid(struct nettle_buffer *buffer,
- unsigned length,
- const uint8_t *name)
-{
- return (pgp_put_header(buffer, PGP_TAG_USERID, length)
- && pgp_put_string(buffer, length, name));
-}
-
-unsigned
-pgp_sub_packet_start(struct nettle_buffer *buffer)
-{
- return nettle_buffer_space(buffer, 2) ? buffer->size : 0;
-}
-
-int
-pgp_put_sub_packet(struct nettle_buffer *buffer,
- unsigned type,
- unsigned length,
- const uint8_t *data)
-{
- return (pgp_put_length(buffer, length + 1)
- && NETTLE_BUFFER_PUTC(buffer, type)
- && pgp_put_string(buffer, length, data));
-}
-
-void
-pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start)
-{
- unsigned length;
-
- assert(start >= 2);
- assert(start <= buffer->size);
-
- length = buffer->size - start;
- WRITE_UINT32(buffer->contents + start - 2, length);
-}
-
-int
-pgp_put_public_rsa_key(struct nettle_buffer *buffer,
- const struct rsa_public_key *pub,
- time_t timestamp)
-{
- /* Public key packet, version 4 */
- unsigned start;
- unsigned length;
-
- /* Size of packet is 16 + the size of e and n */
- length = (4 * 4
- + nettle_mpz_sizeinbase_256_u(pub->n)
- + nettle_mpz_sizeinbase_256_u(pub->e));
-
- if (!pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, length))
- return 0;
-
- start = buffer->size;
-
- if (! (pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY,
- /* Assume that we need two octets */
- PGP_LENGTH_TWO_OCTETS)
- && pgp_put_uint32(buffer, 4) /* Version */
- && pgp_put_uint32(buffer, timestamp)/* Time stamp */
- && pgp_put_uint32(buffer, PGP_RSA) /* Algorithm */
- && pgp_put_mpi(buffer, pub->n)
- && pgp_put_mpi(buffer, pub->e)) )
- return 0;
-
- assert(buffer->size == start + length);
-
- return 1;
-}
-
-int
-pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
- const struct rsa_private_key *key,
- const uint8_t *keyid,
- unsigned type,
- struct sha1_ctx *hash)
-{
- unsigned signature_start = buffer->size;
- unsigned hash_end;
- unsigned sub_packet_start;
- uint8_t trailer[6];
- mpz_t s;
-
- /* Signature packet. The packet could reasonably be both smaller and
- * larger than 192, so for simplicity we use the 4 octet header
- * form. */
-
- if (! (pgp_put_header(buffer, PGP_TAG_SIGNATURE, PGP_LENGTH_FOUR_OCTETS)
- && NETTLE_BUFFER_PUTC(buffer, 4) /* Version */
- && NETTLE_BUFFER_PUTC(buffer, type)
- /* Could also be PGP_RSA_SIGN */
- && NETTLE_BUFFER_PUTC(buffer, PGP_RSA)
- && NETTLE_BUFFER_PUTC(buffer, PGP_SHA1)
- && pgp_put_uint16(buffer, 0))) /* Hashed subpacket length */
- return 0;
-
- hash_end = buffer->size;
-
- sha1_update(hash,
- hash_end - signature_start,
- buffer->contents + signature_start);
-
- trailer[0] = 4; trailer[1] = 0xff;
- WRITE_UINT32(trailer + 2, buffer->size - signature_start);
-
- sha1_update(hash, sizeof(trailer), trailer);
-
- {
- struct sha1_ctx hcopy = *hash;
- uint8_t *p = nettle_buffer_space(buffer, 2);
- if (!p)
- return 0;
-
- sha1_digest(&hcopy, 2, p);
- }
-
- /* One "sub-packet" field with the issuer keyid */
- sub_packet_start = pgp_sub_packet_start(buffer);
- if (!sub_packet_start)
- return 0;
-
- if (pgp_put_sub_packet(buffer, PGP_SUBPACKET_ISSUER_KEY_ID, 8, keyid))
- {
- pgp_sub_packet_end(buffer, sub_packet_start);
- return 0;
- }
-
- mpz_init(s);
- if (!(rsa_sha1_sign(key, hash, s)
- && pgp_put_mpi(buffer, s)))
- {
- mpz_clear(s);
- return 0;
- }
-
- mpz_clear(s);
- pgp_put_header_length(buffer, signature_start, 4);
-
- return 1;
-}
-
-#define CRC24_INIT 0x0b704ceL
-#define CRC24_POLY 0x1864cfbL
-
-uint32_t
-pgp_crc24(unsigned length, const uint8_t *data)
-{
- uint32_t crc = CRC24_INIT;
-
- unsigned i;
- for (i = 0; i<length; i++)
- {
- unsigned j;
- crc ^= ((unsigned) (data[i]) << 16);
- for (j = 0; j<8; j++)
- {
- crc <<= 1;
- if (crc & 0x1000000)
- crc ^= CRC24_POLY;
- }
- }
- assert(crc < 0x1000000);
- return crc;
-}
-
-
-static int
-write_string (struct nettle_buffer *buffer, const char *s)
-{
- return nettle_buffer_write(buffer, strlen((s)), (const uint8_t *) (s));
-}
-
-/* 15 base 64 groups data per line */
-#define BINARY_PER_LINE 45
-#define TEXT_PER_LINE BASE64_ENCODE_LENGTH(BINARY_PER_LINE)
-
-int
-pgp_armor(struct nettle_buffer *buffer,
- const char *tag,
- unsigned length,
- const uint8_t *data)
-{
- struct base64_encode_ctx ctx;
-
- unsigned crc = pgp_crc24(length, data);
-
- base64_encode_init(&ctx);
-
- if (! (write_string(buffer, "BEGIN PGP ")
- && write_string(buffer, tag)
- && write_string(buffer, "\nComment: Nettle\n\n")))
- return 0;
-
- for (;
- length >= BINARY_PER_LINE;
- length -= BINARY_PER_LINE, data += BINARY_PER_LINE)
- {
- unsigned done;
- char *p
- = (char *) nettle_buffer_space(buffer, TEXT_PER_LINE);
-
- if (!p)
- return 0;
-
- done = base64_encode_update(&ctx, p, BINARY_PER_LINE, data);
- assert(done <= TEXT_PER_LINE);
-
- /* FIXME: Create some official way to do this */
- buffer->size -= (TEXT_PER_LINE - done);
-
- if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
- return 0;
- }
-
- if (length)
- {
- unsigned text_size = BASE64_ENCODE_LENGTH(length)
- + BASE64_ENCODE_FINAL_LENGTH;
- unsigned done;
-
- char *p
- = (char *) nettle_buffer_space(buffer, text_size);
- if (!p)
- return 0;
-
- done = base64_encode_update(&ctx, p, length, data);
- done += base64_encode_final(&ctx, p + done);
-
- /* FIXME: Create some official way to do this */
- buffer->size -= (text_size - done);
-
- if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
- return 0;
- }
- /* Checksum */
- if (!NETTLE_BUFFER_PUTC(buffer, '='))
- return 0;
-
- {
- char *p = (char *) nettle_buffer_space(buffer, 4);
- if (!p)
- return 0;
- base64_encode_group(p, crc);
- }
-
- return (write_string(buffer, "\nBEGIN PGP ")
- && write_string(buffer, tag)
- && NETTLE_BUFFER_PUTC(buffer, '\n'));
-}
+++ /dev/null
-/* pgp.h
-
- PGP related functions.
-
- Copyright (C) 2001, 2002 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef NETTLE_PGP_H_INCLUDED
-#define NETTLE_PGP_H_INCLUDED
-
-#include <time.h>
-
-#include "nettle-types.h"
-#include "bignum.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Name mangling */
-#define pgp_put_uint32 nettle_pgp_put_uint32
-#define pgp_put_uint16 nettle_pgp_put_uint16
-#define pgp_put_mpi nettle_pgp_put_mpi
-#define pgp_put_string nettle_pgp_put_string
-#define pgp_put_length nettle_pgp_put_length
-#define pgp_put_header nettle_pgp_put_header
-#define pgp_put_header_length nettle_pgp_put_header_length
-#define pgp_sub_packet_start nettle_pgp_sub_packet_start
-#define pgp_put_sub_packet nettle_pgp_put_sub_packet
-#define pgp_sub_packet_end nettle_pgp_sub_packet_end
-#define pgp_put_public_rsa_key nettle_pgp_put_public_rsa_key
-#define pgp_put_rsa_sha1_signature nettle_pgp_put_rsa_sha1_signature
-#define pgp_put_userid nettle_pgp_put_userid
-#define pgp_crc24 nettle_pgp_crc24
-#define pgp_armor nettle_pgp_armor
-
-struct nettle_buffer;
-struct rsa_public_key;
-struct rsa_private_key;
-struct sha1_ctx;
-
-int
-pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i);
-
-int
-pgp_put_uint16(struct nettle_buffer *buffer, unsigned i);
-
-int
-pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x);
-
-int
-pgp_put_string(struct nettle_buffer *buffer,
- unsigned length,
- const uint8_t *s);
-
-int
-pgp_put_length(struct nettle_buffer *buffer,
- unsigned length);
-
-int
-pgp_put_header(struct nettle_buffer *buffer,
- unsigned tag, unsigned length);
-
-void
-pgp_put_header_length(struct nettle_buffer *buffer,
- /* start of the header */
- unsigned start,
- unsigned field_size);
-
-unsigned
-pgp_sub_packet_start(struct nettle_buffer *buffer);
-
-int
-pgp_put_sub_packet(struct nettle_buffer *buffer,
- unsigned type,
- unsigned length,
- const uint8_t *data);
-
-void
-pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start);
-
-int
-pgp_put_public_rsa_key(struct nettle_buffer *,
- const struct rsa_public_key *key,
- time_t timestamp);
-
-int
-pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
- const struct rsa_private_key *key,
- const uint8_t *keyid,
- unsigned type,
- struct sha1_ctx *hash);
-
-int
-pgp_put_userid(struct nettle_buffer *buffer,
- unsigned length,
- const uint8_t *name);
-
-uint32_t
-pgp_crc24(unsigned length, const uint8_t *data);
-
-int
-pgp_armor(struct nettle_buffer *buffer,
- const char *tag,
- unsigned length,
- const uint8_t *data);
-
-/* Values that can be passed to pgp_put_header when the size of the
- * length field, but not the length itself, is known. Also the minimum length
- * for the given field size. */
-enum pgp_lengths
- {
- PGP_LENGTH_ONE_OCTET = 0,
- PGP_LENGTH_TWO_OCTETS = 192,
- PGP_LENGTH_FOUR_OCTETS = 8384,
- };
-
-enum pgp_public_key_algorithm
- {
- PGP_RSA = 1,
- PGP_RSA_ENCRYPT = 2,
- PGP_RSA_SIGN = 3,
- PGP_EL_GAMAL_ENCRYPT = 16,
- PGP_DSA = 17,
- PGP_EL_GAMAL = 20,
- };
-
-enum pgp_symmetric_algorithm
- {
- PGP_PLAINTEXT = 0,
- PGP_IDEA = 1,
- PGP_3DES = 2,
- PGP_CAST5 = 3,
- PGP_BLOWFISH = 4,
- PGP_SAFER_SK = 5,
- PGP_AES128 = 7,
- PGP_AES192 = 8,
- PGP_AES256 = 9,
- };
-
-enum pgp_compression_algorithm
- {
- PGP_UNCOMPRESSED = 0,
- PGP_ZIP = 1,
- PGP_ZLIB = 2,
- };
-
-enum pgp_hash_algorithm
- {
- PGP_MD5 = 1,
- PGP_SHA1 = 2,
- PGP_RIPEMD = 3,
- PGP_MD2 = 5,
- PGP_TIGER192 = 6,
- PGP_HAVAL = 7,
- };
-
-enum pgp_tag
- {
- PGP_TAG_PUBLIC_SESSION_KEY = 1,
- PGP_TAG_SIGNATURE = 2,
- PGP_TAG_SYMMETRIC_SESSION_KEY = 3,
- PGP_TAG_ONE_PASS_SIGNATURE = 4,
- PGP_TAG_SECRET_KEY = 5,
- PGP_TAG_PUBLIC_KEY = 6,
- PGP_TAG_SECRET_SUBKEY = 7,
- PGP_TAG_COMPRESSED = 8,
- PGP_TAG_ENCRYPTED = 9,
- PGP_TAG_MARKER = 10,
- PGP_TAG_LITERAL = 11,
- PGP_TAG_TRUST = 12,
- PGP_TAG_USERID = 13,
- PGP_TAG_PUBLIC_SUBKEY = 14,
- };
-
-enum pgp_signature_type
- {
- PGP_SIGN_BINARY = 0,
- PGP_SIGN_TEXT = 1,
- PGP_SIGN_STANDALONE = 2,
- PGP_SIGN_CERTIFICATION = 0x10,
- PGP_SIGN_CERTIFICATION_PERSONA = 0x11,
- PGP_SIGN_CERTIFICATION_CASUAL = 0x12,
- PGP_SIGN_CERTIFICATION_POSITIVE = 0x13,
- PGP_SIGN_SUBKEY = 0x18,
- PGP_SIGN_KEY = 0x1f,
- PGP_SIGN_REVOCATION = 0x20,
- PGP_SIGN_REVOCATION_SUBKEY = 0x28,
- PGP_SIGN_REVOCATION_CERTIFICATE = 0x30,
- PGP_SIGN_TIMESTAMP = 0x40,
- };
-
-enum pgp_subpacket_tag
- {
- PGP_SUBPACKET_CREATION_TIME = 2,
- PGP_SUBPACKET_SIGNATURE_EXPIRATION_TIME = 3,
- PGP_SUBPACKET_EXPORTABLE_CERTIFICATION = 4,
- PGP_SUBPACKET_TRUST_SIGNATURE = 5,
- PGP_SUBPACKET_REGULAR_EXPRESSION = 6,
- PGP_SUBPACKET_REVOCABLE = 7,
- PGP_SUBPACKET_KEY_EXPIRATION_TIME = 9,
- PGP_SUBPACKET_PLACEHOLDER = 10 ,
- PGP_SUBPACKET_PREFERRED_SYMMETRIC_ALGORITHMS = 11,
- PGP_SUBPACKET_REVOCATION_KEY = 12,
- PGP_SUBPACKET_ISSUER_KEY_ID = 16,
- PGP_SUBPACKET_NOTATION_DATA = 20,
- PGP_SUBPACKET_PREFERRED_HASH_ALGORITHMS = 21,
- PGP_SUBPACKET_PREFERRED_COMPRESSION_ALGORITHMS = 22,
- PGP_SUBPACKET_KEY_SERVER_PREFERENCES = 23,
- PGP_SUBPACKET_PREFERRED_KEY_SERVER = 24,
- PGP_SUBPACKET_PRIMARY_USER_ID = 25,
- PGP_SUBPACKET_POLICY_URL = 26,
- PGP_SUBPACKET_KEY_FLAGS = 27,
- PGP_SUBPACKET_SIGNERS_USER_ID = 28,
- PGP_SUBPACKET_REASON_FOR_REVOCATION = 29,
- };
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* NETTLE_PGP_H_INCLUDED */
#define rsa_public_key_from_der_iterator nettle_rsa_public_key_from_der_iterator
#define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator
#define rsa_keypair_from_der nettle_rsa_keypair_from_der
-#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
unsigned limit,
size_t length, const uint8_t *data);
-/* OpenPGP format. Experimental interface, subject to change. */
-int
-rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
- const struct rsa_public_key *pub,
- const struct rsa_private_key *priv,
- /* A single user id. NUL-terminated utf8. */
- const char *userid);
-
-
#ifdef __cplusplus
}
#endif
+++ /dev/null
-/* rsa2openpgp.c
-
- Converting rsa keys to OpenPGP format.
-
- Copyright (C) 2001, 2002 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <string.h>
-#include <time.h>
-
-#include "rsa.h"
-
-#include "buffer.h"
-#include "pgp.h"
-
-
-/* According to RFC 2440, a public key consists of the following packets:
- *
- * Public key packet
- *
- * Zero or more revocation signatures
- *
- * One or more User ID packets
- *
- * After each User ID packet, zero or more signature packets
- *
- * Zero or more Subkey packets
- *
- * After each Subkey packet, one signature packet, optionally a
- * revocation.
- *
- * Currently, we generate a public key packet, a single user id, and a
- * signature. */
-
-int
-rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
- const struct rsa_public_key *pub,
- const struct rsa_private_key *priv,
- /* A single user id. NUL-terminated utf8. */
- const char *userid)
-{
- time_t now = time(NULL);
-
- unsigned key_start;
- unsigned userid_start;
-
- struct sha1_ctx key_hash;
- struct sha1_ctx signature_hash;
- uint8_t fingerprint[SHA1_DIGEST_SIZE];
-
- key_start = buffer->size;
-
- if (!pgp_put_public_rsa_key(buffer, pub, now))
- return 0;
-
- /* userid packet */
- userid_start = buffer->size;
- if (!pgp_put_userid(buffer, strlen(userid), (const uint8_t *) userid))
- return 0;
-
- /* FIXME: We hash the key first, and then the user id. Is this right? */
- sha1_init(&key_hash);
- sha1_update(&key_hash,
- userid_start - key_start,
- buffer->contents + key_start);
-
- signature_hash = key_hash;
- sha1_digest(&key_hash, sizeof(fingerprint), fingerprint);
-
- sha1_update(&signature_hash,
- buffer->size - userid_start,
- buffer->contents + userid_start);
-
- return pgp_put_rsa_sha1_signature(buffer,
- priv,
- fingerprint + SHA1_DIGEST_SIZE - 8,
- PGP_SIGN_CERTIFICATION,
- &signature_hash);
-}
projects / thirdparty / nettle.git / commitdiff
