From 36f9f925cd9a2449a16089b533a9a092bd38a3a6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Tue, 12 Nov 2024 20:34:58 +0100 Subject: [PATCH] Delete obsolete openpgp code. --- ChangeLog | 10 ++ Makefile.in | 3 +- pgp-encode.c | 424 -------------------------------------------------- pgp.h | 248 ----------------------------- rsa.h | 10 -- rsa2openpgp.c | 109 ------------- 6 files changed, 11 insertions(+), 793 deletions(-) delete mode 100644 pgp-encode.c delete mode 100644 pgp.h delete mode 100644 rsa2openpgp.c diff --git a/ChangeLog b/ChangeLog index 2151ecf5..0e837525 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2024-08-23 Niels Möller + + Delete incomplete and old openpgp support. + * pgp-encode.c: Deleted file. + * pgp.h: Deleted file. + * rsa2openpgp.c: Deleted file. + * rsa.h (rsa_keypair_to_openpgp): Delete declaration. + * Makefile.in (hogweed_SOURCES): Delete pgp-encode.c and rsa2openpgp.c. + (HEADERS): Delete pgp.h. + 2024-06-23 Niels Möller * testsuite/testutils.h (struct nettle_xof): New struct type. diff --git a/Makefile.in b/Makefile.in index 71ad761e..7844b32e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -197,7 +197,6 @@ hogweed_SOURCES = sexp.c sexp-format.c \ dsa-sha1-sign.c dsa-sha1-verify.c \ dsa-sha256-sign.c dsa-sha256-verify.c \ dsa2sexp.c sexp2dsa.c \ - pgp-encode.c rsa2openpgp.c \ der-iterator.c der2rsa.c der2dsa.c \ sec-add-1.c sec-sub-1.c \ gmp-glue.c cnd-copy.c \ @@ -244,7 +243,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \ memops.h memxor.h \ nettle-meta.h nettle-types.h \ ocb.h pbkdf2.h \ - pgp.h pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \ + pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \ salsa20.h sexp.h serpent.h \ sha.h sha1.h sha2.h sha3.h sm3.h sm4.h streebog.h twofish.h \ umac.h yarrow.h xts.h poly1305.h nist-keywrap.h \ diff --git a/pgp-encode.c b/pgp-encode.c deleted file mode 100644 index c051f9e4..00000000 --- a/pgp-encode.c +++ /dev/null @@ -1,424 +0,0 @@ -/* pgp-encode.c - - PGP related functions. - - Copyright (C) 2001, 2002 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include -#include -#include - -#include "pgp.h" - -#include "base64.h" -#include "buffer.h" -#include "macros.h" -#include "rsa.h" - -int -pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i) -{ - uint8_t *p = nettle_buffer_space(buffer, 4); - if (!p) - return 0; - - WRITE_UINT32(p, i); - return 1; -} - -int -pgp_put_uint16(struct nettle_buffer *buffer, unsigned i) -{ - uint8_t *p = nettle_buffer_space(buffer, 2); - if (!p) - return 0; - - WRITE_UINT16(p, i); - return 1; -} - -int -pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x) -{ - unsigned bits = mpz_sizeinbase(x, 2); - unsigned octets = (bits + 7) / 8; - - uint8_t *p; - - /* FIXME: What's the correct representation of zero? */ - if (!pgp_put_uint16(buffer, bits)) - return 0; - - p = nettle_buffer_space(buffer, octets); - - if (!p) - return 0; - - nettle_mpz_get_str_256(octets, p, x); - - return 1; -} - -int -pgp_put_string(struct nettle_buffer *buffer, - unsigned length, - const uint8_t *s) -{ - return nettle_buffer_write(buffer, length, s); -} - -#if 0 -static unsigned -length_field(unsigned length) -{ - if (length < PGP_LENGTH_TWO_OCTET) - return 1; - else if (length < PGP_LENGTH_FOUR_OCTETS) - return 2; - else return 4; -} -#endif - -/* bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192 - * ==> bodyLen - 192 + 192 << 8 = (1st_octet << 8) + (2nd_octet) - */ - -#define LENGTH_TWO_OFFSET (192 * 255) - -int -pgp_put_length(struct nettle_buffer *buffer, - unsigned length) -{ - if (length < PGP_LENGTH_TWO_OCTETS) - return NETTLE_BUFFER_PUTC(buffer, length); - - else if (length < PGP_LENGTH_FOUR_OCTETS) - return pgp_put_uint16(buffer, length + LENGTH_TWO_OFFSET); - else - return NETTLE_BUFFER_PUTC(buffer, 0xff) && pgp_put_uint32(buffer, length); -} - -/* Uses the "new" packet format */ -int -pgp_put_header(struct nettle_buffer *buffer, - unsigned tag, unsigned length) -{ - assert(tag < 0x40); - - return (NETTLE_BUFFER_PUTC(buffer, 0xC0 | tag) - && pgp_put_length(buffer, length)); -} - -/* FIXME: Should we abort or return error if the length and the field - * size don't match? */ -void -pgp_put_header_length(struct nettle_buffer *buffer, - /* start of the header */ - unsigned start, - unsigned field_size) -{ - unsigned length; - switch (field_size) - { - case 1: - length = buffer->size - (start + 2); - assert(length < PGP_LENGTH_TWO_OCTETS); - buffer->contents[start + 1] = length; - break; - case 2: - length = buffer->size - (start + 3); - assert(length < PGP_LENGTH_FOUR_OCTETS - && length >= PGP_LENGTH_TWO_OCTETS); - WRITE_UINT16(buffer->contents + start + 1, length + LENGTH_TWO_OFFSET); - break; - case 4: - length = buffer->size - (start + 5); - WRITE_UINT32(buffer->contents + start + 2, length); - break; - default: - abort(); - } -} - -int -pgp_put_userid(struct nettle_buffer *buffer, - unsigned length, - const uint8_t *name) -{ - return (pgp_put_header(buffer, PGP_TAG_USERID, length) - && pgp_put_string(buffer, length, name)); -} - -unsigned -pgp_sub_packet_start(struct nettle_buffer *buffer) -{ - return nettle_buffer_space(buffer, 2) ? buffer->size : 0; -} - -int -pgp_put_sub_packet(struct nettle_buffer *buffer, - unsigned type, - unsigned length, - const uint8_t *data) -{ - return (pgp_put_length(buffer, length + 1) - && NETTLE_BUFFER_PUTC(buffer, type) - && pgp_put_string(buffer, length, data)); -} - -void -pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start) -{ - unsigned length; - - assert(start >= 2); - assert(start <= buffer->size); - - length = buffer->size - start; - WRITE_UINT32(buffer->contents + start - 2, length); -} - -int -pgp_put_public_rsa_key(struct nettle_buffer *buffer, - const struct rsa_public_key *pub, - time_t timestamp) -{ - /* Public key packet, version 4 */ - unsigned start; - unsigned length; - - /* Size of packet is 16 + the size of e and n */ - length = (4 * 4 - + nettle_mpz_sizeinbase_256_u(pub->n) - + nettle_mpz_sizeinbase_256_u(pub->e)); - - if (!pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, length)) - return 0; - - start = buffer->size; - - if (! (pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, - /* Assume that we need two octets */ - PGP_LENGTH_TWO_OCTETS) - && pgp_put_uint32(buffer, 4) /* Version */ - && pgp_put_uint32(buffer, timestamp)/* Time stamp */ - && pgp_put_uint32(buffer, PGP_RSA) /* Algorithm */ - && pgp_put_mpi(buffer, pub->n) - && pgp_put_mpi(buffer, pub->e)) ) - return 0; - - assert(buffer->size == start + length); - - return 1; -} - -int -pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer, - const struct rsa_private_key *key, - const uint8_t *keyid, - unsigned type, - struct sha1_ctx *hash) -{ - unsigned signature_start = buffer->size; - unsigned hash_end; - unsigned sub_packet_start; - uint8_t trailer[6]; - mpz_t s; - - /* Signature packet. The packet could reasonably be both smaller and - * larger than 192, so for simplicity we use the 4 octet header - * form. */ - - if (! (pgp_put_header(buffer, PGP_TAG_SIGNATURE, PGP_LENGTH_FOUR_OCTETS) - && NETTLE_BUFFER_PUTC(buffer, 4) /* Version */ - && NETTLE_BUFFER_PUTC(buffer, type) - /* Could also be PGP_RSA_SIGN */ - && NETTLE_BUFFER_PUTC(buffer, PGP_RSA) - && NETTLE_BUFFER_PUTC(buffer, PGP_SHA1) - && pgp_put_uint16(buffer, 0))) /* Hashed subpacket length */ - return 0; - - hash_end = buffer->size; - - sha1_update(hash, - hash_end - signature_start, - buffer->contents + signature_start); - - trailer[0] = 4; trailer[1] = 0xff; - WRITE_UINT32(trailer + 2, buffer->size - signature_start); - - sha1_update(hash, sizeof(trailer), trailer); - - { - struct sha1_ctx hcopy = *hash; - uint8_t *p = nettle_buffer_space(buffer, 2); - if (!p) - return 0; - - sha1_digest(&hcopy, 2, p); - } - - /* One "sub-packet" field with the issuer keyid */ - sub_packet_start = pgp_sub_packet_start(buffer); - if (!sub_packet_start) - return 0; - - if (pgp_put_sub_packet(buffer, PGP_SUBPACKET_ISSUER_KEY_ID, 8, keyid)) - { - pgp_sub_packet_end(buffer, sub_packet_start); - return 0; - } - - mpz_init(s); - if (!(rsa_sha1_sign(key, hash, s) - && pgp_put_mpi(buffer, s))) - { - mpz_clear(s); - return 0; - } - - mpz_clear(s); - pgp_put_header_length(buffer, signature_start, 4); - - return 1; -} - -#define CRC24_INIT 0x0b704ceL -#define CRC24_POLY 0x1864cfbL - -uint32_t -pgp_crc24(unsigned length, const uint8_t *data) -{ - uint32_t crc = CRC24_INIT; - - unsigned i; - for (i = 0; i= BINARY_PER_LINE; - length -= BINARY_PER_LINE, data += BINARY_PER_LINE) - { - unsigned done; - char *p - = (char *) nettle_buffer_space(buffer, TEXT_PER_LINE); - - if (!p) - return 0; - - done = base64_encode_update(&ctx, p, BINARY_PER_LINE, data); - assert(done <= TEXT_PER_LINE); - - /* FIXME: Create some official way to do this */ - buffer->size -= (TEXT_PER_LINE - done); - - if (!NETTLE_BUFFER_PUTC(buffer, '\n')) - return 0; - } - - if (length) - { - unsigned text_size = BASE64_ENCODE_LENGTH(length) - + BASE64_ENCODE_FINAL_LENGTH; - unsigned done; - - char *p - = (char *) nettle_buffer_space(buffer, text_size); - if (!p) - return 0; - - done = base64_encode_update(&ctx, p, length, data); - done += base64_encode_final(&ctx, p + done); - - /* FIXME: Create some official way to do this */ - buffer->size -= (text_size - done); - - if (!NETTLE_BUFFER_PUTC(buffer, '\n')) - return 0; - } - /* Checksum */ - if (!NETTLE_BUFFER_PUTC(buffer, '=')) - return 0; - - { - char *p = (char *) nettle_buffer_space(buffer, 4); - if (!p) - return 0; - base64_encode_group(p, crc); - } - - return (write_string(buffer, "\nBEGIN PGP ") - && write_string(buffer, tag) - && NETTLE_BUFFER_PUTC(buffer, '\n')); -} diff --git a/pgp.h b/pgp.h deleted file mode 100644 index 4c2fd848..00000000 --- a/pgp.h +++ /dev/null @@ -1,248 +0,0 @@ -/* pgp.h - - PGP related functions. - - Copyright (C) 2001, 2002 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#ifndef NETTLE_PGP_H_INCLUDED -#define NETTLE_PGP_H_INCLUDED - -#include - -#include "nettle-types.h" -#include "bignum.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* Name mangling */ -#define pgp_put_uint32 nettle_pgp_put_uint32 -#define pgp_put_uint16 nettle_pgp_put_uint16 -#define pgp_put_mpi nettle_pgp_put_mpi -#define pgp_put_string nettle_pgp_put_string -#define pgp_put_length nettle_pgp_put_length -#define pgp_put_header nettle_pgp_put_header -#define pgp_put_header_length nettle_pgp_put_header_length -#define pgp_sub_packet_start nettle_pgp_sub_packet_start -#define pgp_put_sub_packet nettle_pgp_put_sub_packet -#define pgp_sub_packet_end nettle_pgp_sub_packet_end -#define pgp_put_public_rsa_key nettle_pgp_put_public_rsa_key -#define pgp_put_rsa_sha1_signature nettle_pgp_put_rsa_sha1_signature -#define pgp_put_userid nettle_pgp_put_userid -#define pgp_crc24 nettle_pgp_crc24 -#define pgp_armor nettle_pgp_armor - -struct nettle_buffer; -struct rsa_public_key; -struct rsa_private_key; -struct sha1_ctx; - -int -pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i); - -int -pgp_put_uint16(struct nettle_buffer *buffer, unsigned i); - -int -pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x); - -int -pgp_put_string(struct nettle_buffer *buffer, - unsigned length, - const uint8_t *s); - -int -pgp_put_length(struct nettle_buffer *buffer, - unsigned length); - -int -pgp_put_header(struct nettle_buffer *buffer, - unsigned tag, unsigned length); - -void -pgp_put_header_length(struct nettle_buffer *buffer, - /* start of the header */ - unsigned start, - unsigned field_size); - -unsigned -pgp_sub_packet_start(struct nettle_buffer *buffer); - -int -pgp_put_sub_packet(struct nettle_buffer *buffer, - unsigned type, - unsigned length, - const uint8_t *data); - -void -pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start); - -int -pgp_put_public_rsa_key(struct nettle_buffer *, - const struct rsa_public_key *key, - time_t timestamp); - -int -pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer, - const struct rsa_private_key *key, - const uint8_t *keyid, - unsigned type, - struct sha1_ctx *hash); - -int -pgp_put_userid(struct nettle_buffer *buffer, - unsigned length, - const uint8_t *name); - -uint32_t -pgp_crc24(unsigned length, const uint8_t *data); - -int -pgp_armor(struct nettle_buffer *buffer, - const char *tag, - unsigned length, - const uint8_t *data); - -/* Values that can be passed to pgp_put_header when the size of the - * length field, but not the length itself, is known. Also the minimum length - * for the given field size. */ -enum pgp_lengths - { - PGP_LENGTH_ONE_OCTET = 0, - PGP_LENGTH_TWO_OCTETS = 192, - PGP_LENGTH_FOUR_OCTETS = 8384, - }; - -enum pgp_public_key_algorithm - { - PGP_RSA = 1, - PGP_RSA_ENCRYPT = 2, - PGP_RSA_SIGN = 3, - PGP_EL_GAMAL_ENCRYPT = 16, - PGP_DSA = 17, - PGP_EL_GAMAL = 20, - }; - -enum pgp_symmetric_algorithm - { - PGP_PLAINTEXT = 0, - PGP_IDEA = 1, - PGP_3DES = 2, - PGP_CAST5 = 3, - PGP_BLOWFISH = 4, - PGP_SAFER_SK = 5, - PGP_AES128 = 7, - PGP_AES192 = 8, - PGP_AES256 = 9, - }; - -enum pgp_compression_algorithm - { - PGP_UNCOMPRESSED = 0, - PGP_ZIP = 1, - PGP_ZLIB = 2, - }; - -enum pgp_hash_algorithm - { - PGP_MD5 = 1, - PGP_SHA1 = 2, - PGP_RIPEMD = 3, - PGP_MD2 = 5, - PGP_TIGER192 = 6, - PGP_HAVAL = 7, - }; - -enum pgp_tag - { - PGP_TAG_PUBLIC_SESSION_KEY = 1, - PGP_TAG_SIGNATURE = 2, - PGP_TAG_SYMMETRIC_SESSION_KEY = 3, - PGP_TAG_ONE_PASS_SIGNATURE = 4, - PGP_TAG_SECRET_KEY = 5, - PGP_TAG_PUBLIC_KEY = 6, - PGP_TAG_SECRET_SUBKEY = 7, - PGP_TAG_COMPRESSED = 8, - PGP_TAG_ENCRYPTED = 9, - PGP_TAG_MARKER = 10, - PGP_TAG_LITERAL = 11, - PGP_TAG_TRUST = 12, - PGP_TAG_USERID = 13, - PGP_TAG_PUBLIC_SUBKEY = 14, - }; - -enum pgp_signature_type - { - PGP_SIGN_BINARY = 0, - PGP_SIGN_TEXT = 1, - PGP_SIGN_STANDALONE = 2, - PGP_SIGN_CERTIFICATION = 0x10, - PGP_SIGN_CERTIFICATION_PERSONA = 0x11, - PGP_SIGN_CERTIFICATION_CASUAL = 0x12, - PGP_SIGN_CERTIFICATION_POSITIVE = 0x13, - PGP_SIGN_SUBKEY = 0x18, - PGP_SIGN_KEY = 0x1f, - PGP_SIGN_REVOCATION = 0x20, - PGP_SIGN_REVOCATION_SUBKEY = 0x28, - PGP_SIGN_REVOCATION_CERTIFICATE = 0x30, - PGP_SIGN_TIMESTAMP = 0x40, - }; - -enum pgp_subpacket_tag - { - PGP_SUBPACKET_CREATION_TIME = 2, - PGP_SUBPACKET_SIGNATURE_EXPIRATION_TIME = 3, - PGP_SUBPACKET_EXPORTABLE_CERTIFICATION = 4, - PGP_SUBPACKET_TRUST_SIGNATURE = 5, - PGP_SUBPACKET_REGULAR_EXPRESSION = 6, - PGP_SUBPACKET_REVOCABLE = 7, - PGP_SUBPACKET_KEY_EXPIRATION_TIME = 9, - PGP_SUBPACKET_PLACEHOLDER = 10 , - PGP_SUBPACKET_PREFERRED_SYMMETRIC_ALGORITHMS = 11, - PGP_SUBPACKET_REVOCATION_KEY = 12, - PGP_SUBPACKET_ISSUER_KEY_ID = 16, - PGP_SUBPACKET_NOTATION_DATA = 20, - PGP_SUBPACKET_PREFERRED_HASH_ALGORITHMS = 21, - PGP_SUBPACKET_PREFERRED_COMPRESSION_ALGORITHMS = 22, - PGP_SUBPACKET_KEY_SERVER_PREFERENCES = 23, - PGP_SUBPACKET_PREFERRED_KEY_SERVER = 24, - PGP_SUBPACKET_PRIMARY_USER_ID = 25, - PGP_SUBPACKET_POLICY_URL = 26, - PGP_SUBPACKET_KEY_FLAGS = 27, - PGP_SUBPACKET_SIGNERS_USER_ID = 28, - PGP_SUBPACKET_REASON_FOR_REVOCATION = 29, - }; - -#ifdef __cplusplus -} -#endif - -#endif /* NETTLE_PGP_H_INCLUDED */ diff --git a/rsa.h b/rsa.h index 054b318c..fb8de2df 100644 --- a/rsa.h +++ b/rsa.h @@ -104,7 +104,6 @@ extern "C" { #define rsa_public_key_from_der_iterator nettle_rsa_public_key_from_der_iterator #define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator #define rsa_keypair_from_der nettle_rsa_keypair_from_der -#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp /* This limit is somewhat arbitrary. Technically, the smallest modulo which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But @@ -573,15 +572,6 @@ rsa_keypair_from_der(struct rsa_public_key *pub, unsigned limit, size_t length, const uint8_t *data); -/* OpenPGP format. Experimental interface, subject to change. */ -int -rsa_keypair_to_openpgp(struct nettle_buffer *buffer, - const struct rsa_public_key *pub, - const struct rsa_private_key *priv, - /* A single user id. NUL-terminated utf8. */ - const char *userid); - - #ifdef __cplusplus } #endif diff --git a/rsa2openpgp.c b/rsa2openpgp.c deleted file mode 100644 index c72a857b..00000000 --- a/rsa2openpgp.c +++ /dev/null @@ -1,109 +0,0 @@ -/* rsa2openpgp.c - - Converting rsa keys to OpenPGP format. - - Copyright (C) 2001, 2002 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include -#include - -#include "rsa.h" - -#include "buffer.h" -#include "pgp.h" - - -/* According to RFC 2440, a public key consists of the following packets: - * - * Public key packet - * - * Zero or more revocation signatures - * - * One or more User ID packets - * - * After each User ID packet, zero or more signature packets - * - * Zero or more Subkey packets - * - * After each Subkey packet, one signature packet, optionally a - * revocation. - * - * Currently, we generate a public key packet, a single user id, and a - * signature. */ - -int -rsa_keypair_to_openpgp(struct nettle_buffer *buffer, - const struct rsa_public_key *pub, - const struct rsa_private_key *priv, - /* A single user id. NUL-terminated utf8. */ - const char *userid) -{ - time_t now = time(NULL); - - unsigned key_start; - unsigned userid_start; - - struct sha1_ctx key_hash; - struct sha1_ctx signature_hash; - uint8_t fingerprint[SHA1_DIGEST_SIZE]; - - key_start = buffer->size; - - if (!pgp_put_public_rsa_key(buffer, pub, now)) - return 0; - - /* userid packet */ - userid_start = buffer->size; - if (!pgp_put_userid(buffer, strlen(userid), (const uint8_t *) userid)) - return 0; - - /* FIXME: We hash the key first, and then the user id. Is this right? */ - sha1_init(&key_hash); - sha1_update(&key_hash, - userid_start - key_start, - buffer->contents + key_start); - - signature_hash = key_hash; - sha1_digest(&key_hash, sizeof(fingerprint), fingerprint); - - sha1_update(&signature_hash, - buffer->size - userid_start, - buffer->contents + userid_start); - - return pgp_put_rsa_sha1_signature(buffer, - priv, - fingerprint + SHA1_DIGEST_SIZE - 8, - PGP_SIGN_CERTIFICATION, - &signature_hash); -} -- 2.47.2