diff options
author | Neal H. Walfield <neal@pep.foundation> | 2019-03-11 08:47:21 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2019-03-11 09:42:16 +0100 |
commit | 220d1ab8ffe3c3bbec99c6143a9f480df4955e5b (patch) | |
tree | 042de383050ae621b72772982fd27fb151324c0c /openpgp-ffi/include/sequoia/openpgp.h | |
parent | 930d8b9b87384a0115d292434fbe831278151a76 (diff) |
openpgp-ffi: Move all type declarations to <sequoia/openpgp/types.h>
- pgp_key_t was declared multiple times, once in <sequoia/openpgp.h>
and again in <sequoia/openpgp/crypto.h>. Although the definitions
were the same, this causes gcc to emit a warning, which is
particularly annoying when combined with -Werror.
- It's hard to remove one of the declarations as this would create a
circular dependency.
- To break this circular dependency, we move all of the type
declarations to a separate header file.
Diffstat (limited to 'openpgp-ffi/include/sequoia/openpgp.h')
-rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 470 |
1 files changed, 1 insertions, 469 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 6ec9e109..66edd45d 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -9,48 +9,13 @@ #include <time.h> #include <sequoia/io.h> +#include <sequoia/openpgp/types.h> #include <sequoia/openpgp/error.h> #include <sequoia/openpgp/crypto.h> -/*/ -/// A low-level OpenPGP message parser. -/// -/// A `PacketParser` provides a low-level, iterator-like interface to -/// parse OpenPGP messages. -/// -/// For each iteration, the user is presented with a [`Packet`] -/// corresponding to the last packet, a `PacketParser` for the next -/// packet, and their positions within the message. -/// -/// Using the `PacketParser`, the user is able to configure how the -/// new packet will be parsed. For instance, it is possible to stream -/// the packet's contents (a `PacketParser` implements the -/// `std::io::Read` and the `BufferedReader` traits), buffer them -/// within the [`Packet`], or drop them. The user can also decide to -/// recurse into the packet, if it is a container, instead of getting -/// the following packet. -/*/ -typedef struct pgp_packet_parser *pgp_packet_parser_t; - -/*/ -/// Like an `Option<PacketParser>`, but the `None` variant -/// (`PacketParserEOF`) contains some summary information. -/*/ -typedef struct pgp_packet_parser_result *pgp_packet_parser_result_t; - -/*/ -/// The `None` variant of a `PacketParserResult`. -/*/ -typedef struct pgp_packet_parser_eof *pgp_packet_parser_eof_t; - /* sequoia::openpgp::KeyID. */ /*/ -/// Holds a KeyID. -/*/ -typedef struct pgp_keyid *pgp_keyid_t; - -/*/ /// Reads a binary key ID. /*/ pgp_keyid_t pgp_keyid_from_bytes (const uint8_t *id); @@ -100,11 +65,6 @@ int pgp_keyid_equal (const pgp_keyid_t a, const pgp_keyid_t b); /* sequoia::openpgp::Fingerprint. */ /*/ -/// Holds a fingerprint. -/*/ -typedef struct pgp_fingerprint *pgp_fingerprint_t; - -/*/ /// Reads a binary fingerprint. /*/ pgp_fingerprint_t pgp_fingerprint_from_bytes (const uint8_t *buf, size_t len); @@ -166,42 +126,6 @@ int pgp_fingerprint_equal (const pgp_fingerprint_t a, const pgp_fingerprint_t b) /* sequoia::openpgp::RevocationStatus. */ /*/ -/// Holds a revocation status. -/*/ -typedef struct pgp_revocation_status *pgp_revocation_status_t; - -typedef enum pgp_revocation_status_variant { - /*/ - /// The key is definitely revoked. - /// - /// All self-revocations are returned, the most recent revocation - /// first. - /*/ - PGP_REVOCATION_STATUS_REVOKED, - - /*/ - /// We have a third-party revocation certificate that is allegedly - /// from a designated revoker, but we don't have the designated - /// revoker's key to check its validity. - /// - /// All such certificates are returned. The caller must check - /// them manually. - /*/ - PGP_REVOCATION_STATUS_COULD_BE, - - /*/ - /// The key does not appear to be revoked, but perhaps an attacker - /// has performed a DoS, which prevents us from seeing the - /// revocation certificate. - /*/ - PGP_REVOCATION_STATUS_NOT_AS_FAR_AS_WE_KNOW, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_REVOCATION_STATUS_FORCE_WIDTH = INT_MAX, -} pgp_revocation_status_variant_t; - -/*/ /// Returns the revocation status's variant. /*/ pgp_revocation_status_variant_t pgp_revocation_status_variant ( @@ -216,56 +140,6 @@ void pgp_revocation_status_free (pgp_revocation_status_t rs); /* openpgp::armor. */ /*/ -/// Specifies the type of data (see [RFC 4880, section 6.2]). -/// -/// [RFC 4880, section 6.2]: https://tools.ietf.org/html/rfc4880#section-6.2 -/*/ -typedef enum pgp_armor_kind { - /*/ - /// When reading an Armored file, accept any type. - /*/ - PGP_ARMOR_KIND_ANY, - - /*/ - /// A generic OpenPGP message. - /*/ - PGP_ARMOR_KIND_MESSAGE, - - /*/ - /// A transferable public key. - /*/ - PGP_ARMOR_KIND_PUBLICKEY, - - /*/ - /// A transferable secret key. - /*/ - PGP_ARMOR_KIND_SECRETKEY, - - /*/ - /// A detached signature. - /*/ - PGP_ARMOR_KIND_SIGNATURE, - - /*/ - /// A generic file. This is a GnuPG extension. - /*/ - PGP_ARMOR_KIND_FILE, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_ARMOR_KIND_FORCE_WIDTH = INT_MAX, -} pgp_armor_kind_t; - -/*/ -/// Represents a (key, value) pair in an armor header. -/*/ -typedef struct pgp_armor_header { - char *key; - char *value; -} *pgp_armor_header_t; - - -/*/ /// Constructs a new filter for the given type of data. /// /// A filter that strips ASCII Armor from a stream of data. @@ -325,154 +199,11 @@ pgp_writer_t pgp_armor_writer_new (pgp_error_t *errp, pgp_writer_t inner, /*/ -/// The OpenPGP packet tags as defined in [Section 4.3 of RFC 4880]. -/// -/// [Section 4.3 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-4.3 -/// -/// The values correspond to the serialized format. The packet types -/// named `UnassignedXX` are not in use as of RFC 4880. -/// -/// Use [`Tag::from_numeric`] to translate a numeric value to a symbolic -/// one. -/// -/// [`Tag::from_numeric`]: enum.Tag.html#method.from_numeric -/*/ -typedef enum pgp_tag { - PGP_TAG_RESERVED0 = 0, - /* Public-Key Encrypted Session Key Packet. */ - PGP_TAG_PKESK = 1, - PGP_TAG_SIGNATURE = 2, - /* Symmetric-Key Encrypted Session Key Packet. */ - PGP_TAG_SKESK = 3, - /* One-Pass Signature Packet. */ - PGP_TAG_ONE_PASS_SIG = 4, - PGP_TAG_SECRET_KEY = 5, - PGP_TAG_PUBLIC_KEY = 6, - PGP_TAG_SECRET_SUBKEY = 7, - PGP_TAG_COMPRESSED_DATA = 8, - /* Symmetrically Encrypted Data Packet. */ - PGP_TAG_SED = 9, - PGP_TAG_MARKER = 10, - PGP_TAG_LITERAL = 11, - PGP_TAG_TRUST = 12, - PGP_TAG_USER_ID = 13, - PGP_TAG_PUBLIC_SUBKEY = 14, - - PGP_TAG_UNASSIGNED15 = 15, - PGP_TAG_UNASSIGNED16 = 16, - - PGP_TAG_USER_ATTRIBUTE = 17, - /* Sym. Encrypted and Integrity Protected Data Packet. */ - PGP_TAG_SEIP = 18, - /* Modification Detection Code Packet. */ - PGP_TAG_MDC = 19, - - /* Unassigned packets (as of RFC4880). */ - PGP_TAG_UNASSIGNED20 = 20, - PGP_TAG_UNASSIGNED21 = 21, - PGP_TAG_UNASSIGNED22 = 22, - PGP_TAG_UNASSIGNED23 = 23, - PGP_TAG_UNASSIGNED24 = 24, - PGP_TAG_UNASSIGNED25 = 25, - PGP_TAG_UNASSIGNED26 = 26, - PGP_TAG_UNASSIGNED27 = 27, - PGP_TAG_UNASSIGNED28 = 28, - PGP_TAG_UNASSIGNED29 = 29, - - PGP_TAG_UNASSIGNED30 = 30, - PGP_TAG_UNASSIGNED31 = 31, - PGP_TAG_UNASSIGNED32 = 32, - PGP_TAG_UNASSIGNED33 = 33, - PGP_TAG_UNASSIGNED34 = 34, - PGP_TAG_UNASSIGNED35 = 35, - PGP_TAG_UNASSIGNED36 = 36, - PGP_TAG_UNASSIGNED37 = 37, - PGP_TAG_UNASSIGNED38 = 38, - PGP_TAG_UNASSIGNED39 = 39, - - PGP_TAG_UNASSIGNED40 = 40, - PGP_TAG_UNASSIGNED41 = 41, - PGP_TAG_UNASSIGNED42 = 42, - PGP_TAG_UNASSIGNED43 = 43, - PGP_TAG_UNASSIGNED44 = 44, - PGP_TAG_UNASSIGNED45 = 45, - PGP_TAG_UNASSIGNED46 = 46, - PGP_TAG_UNASSIGNED47 = 47, - PGP_TAG_UNASSIGNED48 = 48, - PGP_TAG_UNASSIGNED49 = 49, - - PGP_TAG_UNASSIGNED50 = 50, - PGP_TAG_UNASSIGNED51 = 51, - PGP_TAG_UNASSIGNED52 = 52, - PGP_TAG_UNASSIGNED53 = 53, - PGP_TAG_UNASSIGNED54 = 54, - PGP_TAG_UNASSIGNED55 = 55, - PGP_TAG_UNASSIGNED56 = 56, - PGP_TAG_UNASSIGNED57 = 57, - PGP_TAG_UNASSIGNED58 = 58, - PGP_TAG_UNASSIGNED59 = 59, - - /* Experimental packets. */ - PGP_TAG_PRIVATE0 = 60, - PGP_TAG_PRIVATE1 = 61, - PGP_TAG_PRIVATE2 = 62, - PGP_TAG_PRIVATE3 = 63, -} pgp_tag_t; - -/*/ /// Returns a human-readable tag name. /*/ const char *pgp_tag_to_string (pgp_tag_t tag); /*/ -/// Opaque types for all the Packets that Sequoia understands. -/*/ -typedef struct pgp_unknown *pgp_unknown_t; -typedef struct pgp_signature *pgp_signature_t; -typedef struct pgp_one_pass_sig *pgp_one_pass_sig_t; -typedef struct pgp_key *pgp_key_t; -typedef struct pgp_user_id *pgp_user_id_t; -typedef struct pgp_user_attribute *pgp_user_attribute_t; -typedef struct pgp_literal *pgp_literal_t; -typedef struct pgp_compressed_data *pgp_compressed_data_t; -typedef struct pgp_pkesk *pgp_pkesk_t; -typedef struct pgp_skesk *pgp_skesk_t; -typedef struct pgp_seip *pgp_seip_t; -typedef struct pgp_mdc *pgp_mdc_t; - -/*/ -/// The OpenPGP packets that Sequoia understands. -/// -/// The different OpenPGP packets are detailed in [Section 5 of RFC 4880]. -/// -/// The `Unknown` packet allows Sequoia to deal with packets that it -/// doesn't understand. The `Unknown` packet is basically a binary -/// blob that includes the packet's tag. -/// -/// The unknown packet is also used for packets that are understood, -/// but use unsupported options. For instance, when the packet parser -/// encounters a compressed data packet with an unknown compression -/// algorithm, it returns the packet in an `Unknown` packet rather -/// than a `CompressedData` packet. -/// -/// [Section 5 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5 -/*/ -typedef union pgp_packet { - pgp_unknown_t unknown; - pgp_signature_t signature; - pgp_one_pass_sig_t one_pass_sig; - pgp_key_t key; - pgp_user_id_t user_id; - pgp_user_attribute_t user_attribute; - pgp_literal_t literal; - pgp_compressed_data_t compressed_data; - pgp_pkesk_t pkesk; - pgp_skesk_t skesk; - pgp_seip_t seip; - pgp_mdc_t mdc; -} pgp_packet_t; - -/*/ /// Frees the Packet. /*/ void pgp_packet_free (pgp_packet_t p); @@ -500,11 +231,6 @@ pgp_tag_t pgp_packet_kind (pgp_packet_t p); /* openpgp::PacketPile. */ /*/ -/// A `PacketPile` holds a deserialized OpenPGP message. -/*/ -typedef struct pgp_packet_pile *pgp_packet_pile_t; - -/*/ /// Deserializes the OpenPGP message stored in a `std::io::Read` /// object. /// @@ -752,45 +478,9 @@ pgp_status_t pgp_pkesk_decrypt (pgp_error_t *errp, pgp_pkesk_t pkesk, uint8_t *algo, /* XXX */ uint8_t *key, size_t *key_len); -typedef enum pgp_reason_for_revocation { - /*/ - /// No reason specified (key revocations or cert revocations) - /*/ - PGP_REASON_FOR_REVOCATION_UNSPECIFIED, - - /*/ - /// Key is superseded (key revocations) - /*/ - PGP_REASON_FOR_REVOCATION_KEY_SUPERSEDED, - - /*/ - /// Key material has been compromised (key revocations) - /*/ - PGP_REASON_FOR_REVOCATION_KEY_COMPROMISED, - - /*/ - /// Key is retired and no longer used (key revocations) - /*/ - PGP_REASON_FOR_REVOCATION_KEY_RETIRED, - - /*/ - /// User ID information is no longer valid (cert revocations) - /*/ - PGP_REASON_FOR_REVOCATION_UID_RETIRED, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_REASON_FOR_REVOCATION_FORCE_WIDTH = INT_MAX, -} pgp_reason_for_revocation_t; - /* openpgp::tpk::UserIDBinding. */ /*/ -/// A `UserIDBinding`. -/*/ -typedef struct pgp_user_id_binding *pgp_user_id_binding_t; - -/*/ /// Returns the user id. /// /// This function may fail and return NULL if the user id contains an @@ -809,11 +499,6 @@ pgp_signature_t pgp_user_id_binding_selfsig(pgp_user_id_binding_t binding); /* openpgp::tpk::UserIDBindingIter. */ /*/ -/// An iterator over `UserIDBinding`s. -/*/ -typedef struct pgp_user_id_binding_iter *pgp_user_id_binding_iter_t; - -/*/ /// Returns the next element in the iterator. /*/ pgp_user_id_binding_t pgp_user_id_binding_iter_next (pgp_user_id_binding_iter_t iter); @@ -824,11 +509,6 @@ void pgp_user_id_binding_iter_free (pgp_user_id_binding_iter_t iter); /* openpgp::tpk::KeyIter. */ /*/ -/// An iterator over keys in a TPK. -/*/ -typedef struct pgp_tpk_key_iter *pgp_tpk_key_iter_t; - -/*/ /// Returns the next key. Returns NULL if there are no more elements. /// /// If sigo is not NULL, stores the current self-signature (if any) in @@ -849,29 +529,6 @@ void pgp_tpk_key_iter_free (pgp_tpk_key_iter_t iter); /* openpgp::tpk. */ /*/ -/// A transferable public key (TPK). -/// -/// A TPK (see [RFC 4880, section 11.1]) can be used to verify -/// signatures and encrypt data. It can be stored in a keystore and -/// uploaded to keyservers. -/// -/// [RFC 4880, section 11.1]: https://tools.ietf.org/html/rfc4880#section-11.1 -/*/ -typedef struct pgp_tpk *pgp_tpk_t; - - -/*/ -/// A transferable secret key (TSK). -/// -/// A TSK (see [RFC 4880, section 11.2]) can be used to create -/// signatures and decrypt data. -/// -/// [RFC 4880, section 11.2]: https://tools.ietf.org/html/rfc4880#section-11.2 -/*/ -typedef struct pgp_tsk *pgp_tsk_t; - - -/*/ /// Returns the first TPK encountered in the reader. /*/ pgp_tpk_t pgp_tpk_from_reader (pgp_error_t *errp, @@ -1073,24 +730,6 @@ char *pgp_tpk_primary_user_id(pgp_tpk_t tpk); /* TPKBuilder */ -typedef struct pgp_tpk_builder *pgp_tpk_builder_t; - -typedef enum pgp_tpk_cipher_suite { - /*/ - /// EdDSA and ECDH over Curve25519 with SHA512 and AES256. - /*/ - PGP_TPK_CIPHER_SUITE_CV25519, - - /*/ - /// 3072 bit RSA with SHA512 and AES256. - /*/ - PGP_TPK_CIPHER_SUITE_RSA3K, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_TPK_CIPHER_SUITE_FORCE_WIDTH = INT_MAX, -} pgp_tpk_cipher_suite_t; - /*/ /// Creates a default `pgp_tpk_builder_t`. /*/ @@ -1268,57 +907,6 @@ pgp_fingerprint_t pgp_key_fingerprint (pgp_key_t p); /*/ pgp_keyid_t pgp_key_keyid (pgp_key_t p); -typedef enum pgp_public_key_algorithm { - /*/ - /// RSA (Encrypt or Sign) - /*/ - PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN, - - /*/ - /// RSA Encrypt-Only - /*/ - PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT, - - /*/ - /// RSA Sign-Only - /*/ - PGP_PUBLIC_KEY_ALGO_RSA_SIGN, - - /*/ - /// Elgamal (Encrypt-Only) - /*/ - PGP_PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT, - - /*/ - /// DSA (Digital Signature Algorithm) - /*/ - PGP_PUBLIC_KEY_ALGO_DSA, - - /*/ - /// Elliptic curve DH - /*/ - PGP_PUBLIC_KEY_ALGO_ECDH, - - /*/ - /// Elliptic curve DSA - /*/ - PGP_PUBLIC_KEY_ALGO_ECDSA, - - /*/ - /// Elgamal (Encrypt or Sign) - /*/ - PGP_PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT_SIGN, - - /*/ - /// "Twisted" Edwards curve DSA - /*/ - PGP_PUBLIC_KEY_ALGO_EDDSA, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_PUBLIC_KEY_ALGO_FORCE_WIDTH = INT_MAX, -} sq_public_key_algo_t; - /*/ /// Returns the key's public key algorithm. /*/ @@ -1611,8 +1199,6 @@ pgp_status_t pgp_packet_parser_decrypt (pgp_error_t *errp, uint8_t algo, /* XXX */ uint8_t *key, size_t key_len); -typedef struct pgp_writer_stack *pgp_writer_stack_t; - /*/ /// Streams an OpenPGP message. /*/ @@ -1687,31 +1273,6 @@ pgp_writer_stack_t pgp_literal_writer_new (pgp_error_t *errp, pgp_writer_stack_t inner); /*/ -/// Specifies whether to encrypt for archival purposes or for -/// transport. -/*/ -typedef enum pgp_encryption_mode { - /*/ - /// Encrypt data for long-term storage. - /// - /// This should be used for things that should be decryptable for - /// a long period of time, e.g. backups, archives, etc. - /*/ - PGP_ENCRYPTION_MODE_AT_REST = 0, - - /*/ - /// Encrypt data for transport. - /// - /// This should be used to protect a message in transit. The - /// recipient is expected to take additional steps if she wants to - /// be able to decrypt it later on, e.g. store the decrypted - /// session key, or re-encrypt the session key with a different - /// key. - /*/ - PGP_ENCRYPTION_MODE_FOR_TRANSPORT = 1, -} pgp_encryption_mode_t; - -/*/ /// Creates a new encryptor. /// /// The stream will be encrypted using a generated session key, @@ -1729,33 +1290,18 @@ pgp_writer_stack_t pgp_encryptor_new (pgp_error_t *errp, size_t recipients_len, pgp_encryption_mode_t mode); -typedef struct pgp_secret *pgp_secret_t; - /*/ /// Creates an pgp_secret_t from a decrypted session key. /*/ pgp_secret_t pgp_secret_cached(uint8_t algo, uint8_t *session_key, size_t session_key_len); -typedef struct pgp_verification_results *pgp_verification_results_t; -typedef struct pgp_verification_result *pgp_verification_result_t; - void pgp_verification_results_at_level(pgp_verification_results_t results, size_t level, pgp_verification_result_t **r, size_t *r_count); -typedef enum pgp_verification_result_code { - PGP_VERIFICATION_RESULT_CODE_GOOD_CHECKSUM = 1, - PGP_VERIFICATION_RESULT_CODE_MISSING_KEY = 2, - PGP_VERIFICATION_RESULT_CODE_BAD_CHECKSUM = 3, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - PGP_VERIFICATION_RESULT_CODE_FORCE_WIDTH = INT_MAX, -} pgp_verification_result_code_t; - /*/ /// Returns the verification result code. /*/ @@ -1778,20 +1324,6 @@ pgp_signature_t pgp_verification_result_signature( /*/ int pgp_verification_result_level(pgp_verification_result_t r); -typedef pgp_status_t (*pgp_sequoia_decrypt_get_public_keys_cb_t) (void *, - pgp_keyid_t *, size_t, - pgp_tpk_t **, size_t *, - void (**free)(void *)); - -typedef pgp_status_t (*pgp_sequoia_decrypt_get_secret_keys_cb_t) (void *, - pgp_pkesk_t *, size_t, - pgp_skesk_t *, size_t, - pgp_secret_t *); - -typedef pgp_status_t (*pgp_sequoia_decrypt_check_signatures_cb_t) (void *, - pgp_verification_results_t, - size_t); - pgp_status_t pgp_decrypt (pgp_error_t *errp, pgp_reader_t input, pgp_writer_t output, pgp_sequoia_decrypt_get_public_keys_cb_t get_public_keys, pgp_sequoia_decrypt_get_secret_keys_cb_t get_secret_keys, |