4 files changed, 197 insertions, 61 deletions

diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 6b3e90c0..9b6dadd1 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -60,7 +60,7 @@ char *pgp_keyid_to_hex (const pgp_keyid_t keyid);
 /*/
 /// Compares KeyIDs.
 /*/
-int pgp_keyid_equal (const pgp_keyid_t a, const pgp_keyid_t b);
+bool pgp_keyid_equal (const pgp_keyid_t a, const pgp_keyid_t b);
 
 
 /* sequoia::openpgp::Fingerprint.  */
@@ -122,7 +122,7 @@ pgp_keyid_t pgp_fingerprint_to_keyid (const pgp_fingerprint_t fp);
 /*/
 /// Compares Fingerprints.
 /*/
-int pgp_fingerprint_equal (const pgp_fingerprint_t a, const pgp_fingerprint_t b);
+bool pgp_fingerprint_equal (const pgp_fingerprint_t a, const pgp_fingerprint_t b);
 
 /* sequoia::openpgp::RevocationStatus.  */
 
@@ -570,38 +570,110 @@ pgp_packet_t pgp_literal_into_packet (pgp_literal_t literal);
 /*/
 void pgp_literal_free (pgp_literal_t literal);
 
-/* openpgp::cert::UserIDBundle.  */
+/* openpgp::amalgamation::UserIDAmalgamation.  */
 
 /*/
-/// Returns the user id.
+/// Returns a copy of the user id.
 ///
-/// This function may fail and return NULL if the user id contains an
-/// interior NUL byte.  We do this rather than complicate the API, as
-/// there is no valid use for such user ids; they must be malicious.
+/// The caller must free the returned value.
+/*/
+pgp_packet_t pgp_user_id_amalgamation_user_id (pgp_user_id_amalgamation_t ua);
+
+/*/
+/// Frees the User ID Amalgamation.
+/*/
+void pgp_user_id_amalgamation_free (pgp_user_id_amalgamation_t ua);
+
+/*/
+/// Clones the UserID Amalgamation.
+/*/
+pgp_user_id_amalgamation_t pgp_user_id_amalgamation_clone (pgp_user_id_amalgamation_t ua);
+
+/*/
+/// Returns a human readable description of this object suitable for
+/// debugging.
+/*/
+char *pgp_user_id_amalgamation_debug (const pgp_user_id_amalgamation_t ua);
+
+/*/
+/// Returns a copy of the user id.
 ///
 /// The caller must free the returned value.
 /*/
-char *pgp_user_id_bundle_user_id (pgp_user_id_bundle_t binding);
+pgp_packet_t pgp_valid_user_id_amalgamation_user_id
+    (pgp_valid_user_id_amalgamation_t ua);
 
 /*/
-/// Returns a reference to the self-signature, if any.
+/// Returns the Valid UserID Amalgamation's revocation status.
 /*/
-pgp_signature_t pgp_user_id_bundle_selfsig(pgp_user_id_bundle_t binding,
-                                            pgp_policy_t policy);
+pgp_revocation_status_t pgp_valid_user_id_amalgamation_revocation_status
+    (pgp_valid_user_id_amalgamation_t ua);
 
-/* openpgp::cert::UserIDBundleIter.  */
+/*/
+/// Returns a reference to the self-signature.
+/*/
+pgp_signature_t pgp_valid_user_id_amalgamation_binding_signature
+    (pgp_valid_user_id_amalgamation_t ua);
+
+/*/
+/// Changes the policy applied to the `ValidUserIDAmalgamation`.
+///
+/// This consumes the UserID amalgamation.
+/*/
+pgp_valid_user_id_amalgamation_t pgp_valid_user_id_amalgamation_with_policy
+    (pgp_error_t *errp,
+     pgp_valid_user_id_amalgamation_t ua,
+     pgp_policy_t policy,
+     time_t time);
+
+/*/
+/// Frees the User ID Amalgamation.
+/*/
+void pgp_valid_user_id_amalgamation_free (pgp_valid_user_id_amalgamation_t ua);
+
+/*/
+/// Clones the UserID Amalgamation.
+/*/
+pgp_valid_user_id_amalgamation_t pgp_valid_user_id_amalgamation_clone (pgp_valid_user_id_amalgamation_t ua);
+
+/*/
+/// Returns a human readable description of this object suitable for
+/// debugging.
+/*/
+char *pgp_valid_user_id_amalgamation_debug (const pgp_valid_user_id_amalgamation_t ua);
+
+/* openpgp::cert::UserIDIter.  */
+
+/*/
+/// Returns the next element in the iterator.
+/*/
+pgp_user_id_amalgamation_t pgp_cert_user_id_iter_next (pgp_cert_user_id_iter_t iter);
+
+/*/
+/// Sets a policy.
+///
+/// Only User IDs that are valid according to the policy at the
+/// specified time are returned.
+/*/
+pgp_cert_valid_user_id_iter_t pgp_cert_user_id_iter_policy
+    (pgp_cert_user_id_iter_t iter, pgp_policy_t policy, time_t when);
+
+/*/
+/// Frees a pgp_cert_user_id_iter_t.
+/*/
+void pgp_cert_user_id_iter_free (pgp_cert_user_id_iter_t iter);
 
 /*/
 /// Returns the next element in the iterator.
 /*/
-pgp_user_id_bundle_t pgp_user_id_bundle_iter_next (pgp_user_id_bundle_iter_t iter);
+pgp_valid_user_id_amalgamation_t pgp_cert_valid_user_id_iter_next (pgp_cert_valid_user_id_iter_t iter);
 
 /*/
-/// Frees an pgp_user_id_bundle_iter_t.
+/// Frees a pgp_cert_valid_user_id_iter_t.
 /*/
-void pgp_user_id_bundle_iter_free (pgp_user_id_bundle_iter_t iter);
+void pgp_cert_valid_user_id_iter_free (pgp_cert_valid_user_id_iter_t iter);
 
-/* openpgp::cert::KeyIter.  */
+/* openpgp::cert::KeyAmalgamationIter.  */
 
 /*/
 /// Changes the iterator to only return keys that have secret keys.
@@ -619,10 +691,10 @@ void pgp_cert_key_iter_secret (pgp_cert_key_iter_t iter);
 void pgp_cert_key_iter_unencrypted_secret (pgp_cert_key_iter_t iter);
 
 /*/
-/// Changes the iterator to only return keys that have unencrypted
-/// secret keys.
+/// Sets a policy.
 ///
-/// Note: you may not call this function after starting to iterate.
+/// Only keys that are valid according to the policy at the specified
+/// time are returned.
 /*/
 pgp_cert_valid_key_iter_t pgp_cert_key_iter_policy
     (pgp_cert_key_iter_t iter, pgp_policy_t policy, time_t when);
@@ -794,7 +866,7 @@ pgp_cert_t pgp_cert_clone (pgp_cert_t cert);
 /*/
 /// Compares Certs.
 /*/
-int pgp_cert_equal (const pgp_cert_t a, const pgp_cert_t b);
+bool pgp_cert_equal (const pgp_cert_t a, const pgp_cert_t b);
 
 /*/
 /// Returns a human readable description of this object intended for
@@ -874,30 +946,30 @@ pgp_key_t pgp_cert_primary_key (pgp_cert_t cert);
 /// If `when` is 0, then returns the Cert's revocation status as of the
 /// time of the call.
 /*/
-pgp_revocation_status_t pgp_cert_revoked (pgp_cert_t cert,
-                                          pgp_policy_t policy, time_t when);
+pgp_revocation_status_t pgp_cert_revocation_status (pgp_cert_t cert,
+                                                    pgp_policy_t policy, time_t when);
 
 /*/
-/// Writes a revocation certificate to the writer.
+/// Returns a new revocation certificate for the Cert.
 ///
-/// This function consumes the writer.  It does *not* consume cert.
+/// This function does *not* consume `cert`.
 /*/
 pgp_signature_t pgp_cert_revoke (pgp_error_t *errp,
-                              pgp_cert_t cert,
-                              pgp_signer_t primary_signer,
-                              pgp_reason_for_revocation_t code,
-                              const char *reason);
+                                 pgp_cert_t cert,
+                                 pgp_signer_t primary_signer,
+                                 pgp_reason_for_revocation_t code,
+                                 const char *reason);
 
 /*/
-/// Adds a revocation certificate to the cert.
+/// Returns a new revocation certificate for the Cert.
 ///
-/// This function consumes the cert.
+/// This function consumes `cert` and returns a new `Cert`.
 /*/
 pgp_cert_t pgp_cert_revoke_in_place (pgp_error_t *errp,
-                                 pgp_cert_t cert,
-                                 pgp_signer_t primary_signer,
-                                 pgp_reason_for_revocation_t code,
-                                 const char *reason);
+                                     pgp_cert_t cert,
+                                     pgp_signer_t primary_signer,
+                                     pgp_reason_for_revocation_t code,
+                                     const char *reason);
 
 /*/
 /// Returns whether the Cert is alive at the specified time.
@@ -924,9 +996,16 @@ pgp_cert_t pgp_cert_set_expiration_time(pgp_error_t *errp,
 int pgp_cert_is_tsk(pgp_cert_t cert);
 
 /*/
-/// Returns an iterator over the `UserIDBundle`s.
+/// Returns an iterator over the `UserID`s.
 /*/
-pgp_user_id_bundle_iter_t pgp_cert_user_id_bundle_iter (pgp_cert_t cert);
+pgp_cert_user_id_iter_t pgp_cert_user_id_iter (pgp_cert_t cert);
+
+/*/
+/// Returns an iterator over the valid `UserID`s.
+/*/
+pgp_cert_valid_user_id_iter_t pgp_cert_valid_user_id_iter (pgp_cert_t cert,
+                                                           pgp_policy_t policy,
+                                                           time_t when);
 
 /*/
 /// Returns an iterator over all `Key`s in a Cert.
@@ -980,7 +1059,7 @@ pgp_cert_parser_t pgp_cert_parser_from_packet_parser(pgp_packet_parser_result_t
 pgp_cert_t pgp_cert_parser_next(pgp_error_t *errp, pgp_cert_parser_t parser);
 
 /*/
-/// Frees an pgp_cert_key_iter_t.
+/// Frees an pgp_cert_parser_t.
 /*/
 void pgp_cert_parser_free (pgp_cert_parser_t parser);
 
@@ -1106,8 +1185,19 @@ pgp_status_t pgp_valid_key_amalgamation_set_expiration_time
    pgp_valid_key_amalgamation_t ka,
    pgp_signer_t signer,
    time_t time,
-   pgp_packet_t **packets,
-   size_t *packet_count);
+   pgp_signature_t **sigs,
+   size_t *sig_count);
+
+/*/
+/// Changes the policy applied to the `ValidKeyAmalgamation`.
+///
+/// This consumes the key amalgamation.
+/*/
+pgp_valid_key_amalgamation_t pgp_valid_key_amalgamation_with_policy
+    (pgp_error_t *errp,
+     pgp_valid_key_amalgamation_t ka,
+     pgp_policy_t policy,
+     time_t time);
 
 /*/
 /// Frees the Valid Key Amalgamation.
@@ -1349,6 +1439,27 @@ const uint8_t *pgp_user_attribute_value (pgp_packet_t ua,
 					size_t *value_len);
 
 /*/
+/// Frees a pgp_user_id_t.
+/*/
+void pgp_user_id_free (pgp_user_id_t userid);
+
+/*/
+/// Clones the UserID.
+/*/
+pgp_user_id_t pgp_user_id_clone (pgp_user_id_t userid);
+
+/*/
+/// Returns a human readable description of this object suitable for
+/// debugging.
+/*/
+char *pgp_user_id_debug (const pgp_user_id_t userid);
+
+/*/
+/// Compares passwords.
+/*/
+bool pgp_user_id_equal (const pgp_user_id_t a, const pgp_user_id_t b);
+
+/*/
 /// Returns the session key.
 ///
 /// `key` of size `key_len` must be a buffer large enough to hold the
@@ -1715,7 +1826,7 @@ void pgp_message_structure_free (pgp_message_structure_t);
 char *pgp_message_structure_debug (const pgp_message_structure_t);
 
 pgp_message_structure_iter_t
-pgp_message_structure_iter (pgp_message_structure_t);
+pgp_message_structure_into_iter (pgp_message_structure_t);
 
 /*/
 /// Frees this object.
@@ -1825,7 +1936,7 @@ bool pgp_verification_result_bad_signature (pgp_verification_result_t,
 pgp_reader_t pgp_decryptor_new (pgp_error_t *errp,
     pgp_policy_t policy,
     pgp_reader_t input,
-    pgp_decryptor_get_public_keys_cb_t get_public_keys,
+    pgp_decryptor_get_certs_cb_t get_certs,
     pgp_decryptor_decrypt_cb_t decrypt,
     pgp_decryptor_check_cb_t check,
     pgp_decryptor_inspect_cb_t inspect,
@@ -1840,27 +1951,35 @@ pgp_reader_t pgp_decryptor_new (pgp_error_t *errp,
 pgp_reader_t pgp_verifier_new (pgp_error_t *errp,
     pgp_policy_t policy,
     pgp_reader_t input,
-    pgp_decryptor_get_public_keys_cb_t get_public_keys,
+    pgp_decryptor_get_certs_cb_t get_certs,
     pgp_decryptor_check_cb_t check,
+    pgp_decryptor_inspect_cb_t inspect,
     void *cookie, time_t time);
 
 /*/
-/// Verifies a detached OpenPGP signature.///
-/// A Certificate (see [RFC 4880, section 11.1]) can be used to verify
-/// signatures and encrypt data.  It can be stored in a keystore and
-/// uploaded to keyservers.
-///
-/// [RFC 4880, section 11.1]: https://tools.ietf.org/html/rfc4880#section-11.1
-
+/// Verifies a detached OpenPGP signature.
 /*/
-pgp_reader_t pgp_detached_verifier_new (pgp_error_t *errp,
+pgp_detached_verifier_t pgp_detached_verifier_new (pgp_error_t *errp,
     pgp_policy_t policy,
-    pgp_reader_t signature_input, pgp_reader_t input,
-    pgp_decryptor_get_public_keys_cb_t get_public_keys,
+    pgp_reader_t signature_input,
+    pgp_decryptor_get_certs_cb_t get_certs,
     pgp_decryptor_check_cb_t check,
+    pgp_decryptor_inspect_cb_t inspect,
     void *cookie, time_t time);
 
 /*/
+/// Frees this object.
+/*/
+void pgp_detached_verifier_free (pgp_detached_verifier_t);
+
+/*/
+/// Verifies `data` using `verifier`.
+/*/
+pgp_status_t pgp_detached_verifier_verify (pgp_error_t *errp,
+                                           pgp_detached_verifier_t verifier,
+                                           pgp_reader_t data);
+
+/*/
 /// Returns a new standard policy.
 /*/
 pgp_policy_t pgp_standard_policy ();
diff --git a/openpgp-ffi/include/sequoia/openpgp/crypto.h b/openpgp-ffi/include/sequoia/openpgp/crypto.h
index 9a3c3964..d0330da4 100644
--- a/openpgp-ffi/include/sequoia/openpgp/crypto.h
+++ b/openpgp-ffi/include/sequoia/openpgp/crypto.h
@@ -32,7 +32,7 @@ pgp_session_key_t pgp_session_key_clone (pgp_session_key_t session_key);
 /*/
 /// Compares session keys.
 /*/
-int pgp_session_key_equal (const pgp_session_key_t a,
+bool pgp_session_key_equal (const pgp_session_key_t a,
 			   const pgp_session_key_t b);
 
 /*/
@@ -59,7 +59,7 @@ pgp_password_t pgp_password_clone (pgp_password_t password);
 /*/
 /// Compares passwords.
 /*/
-int pgp_password_equal (const pgp_password_t a, const pgp_password_t b);
+bool pgp_password_equal (const pgp_password_t a, const pgp_password_t b);
 
 typedef struct pgp_key_unencrypted *pgp_key_unencrypted_t;
 
diff --git a/openpgp-ffi/include/sequoia/openpgp/packet.h b/openpgp-ffi/include/sequoia/openpgp/packet.h
index 8035b0c3..702ad355 100644
--- a/openpgp-ffi/include/sequoia/openpgp/packet.h
+++ b/openpgp-ffi/include/sequoia/openpgp/packet.h
@@ -20,7 +20,7 @@ char *pgp_packet_debug (const pgp_packet_t fp);
 /*/
 /// Compares objects of this kind.
 /*/
-int pgp_packet_equal (const pgp_packet_t a, const pgp_packet_t b);
+bool pgp_packet_equal (const pgp_packet_t a, const pgp_packet_t b);
 
 /*/
 /// Hashes this object.
diff --git a/openpgp-ffi/include/sequoia/openpgp/types.h b/openpgp-ffi/include/sequoia/openpgp/types.h
index ec883df6..216c69cb 100644
--- a/openpgp-ffi/include/sequoia/openpgp/types.h
+++ b/openpgp-ffi/include/sequoia/openpgp/types.h
@@ -1,6 +1,8 @@
 #ifndef SEQUOIA_OPENPGP_TYPES_H
 #define SEQUOIA_OPENPGP_TYPES_H
 
+#include <stdbool.h>
+
 /*/
 /// Holds a session key.
 ///
@@ -364,14 +366,24 @@ typedef struct pgp_packet_parser_eof *pgp_packet_parser_eof_t;
 typedef struct pgp_packet_pile *pgp_packet_pile_t;
 
 /*/
-/// A `UserIDBinding`.
+/// An iterator over User IDs in a Cert.
+/*/
+typedef struct pgp_cert_user_id_iter *pgp_cert_user_id_iter_t;
+
+/*/
+/// An iterator over valid User IDs in a Cert.
+/*/
+typedef struct pgp_cert_valid_user_id_iter *pgp_cert_valid_user_id_iter_t;
+
+/*/
+/// A `UserIDAmalgmation`.
 /*/
-typedef struct pgp_user_id_bundle *pgp_user_id_bundle_t;
+typedef struct pgp_user_id_amalgamation *pgp_user_id_amalgamation_t;
 
 /*/
-/// An iterator over `UserIDBinding`s.
+/// A `UserIDAmalgmation`.
 /*/
-typedef struct pgp_user_id_bundle_iter *pgp_user_id_bundle_iter_t;
+typedef struct pgp_valid_user_id_amalgamation *pgp_valid_user_id_amalgamation_t;
 
 /*/
 /// An iterator over keys in a Cert.
@@ -509,12 +521,12 @@ typedef enum pgp_verification_result_variant {
   PGP_VERIFICATION_RESULT_CODE_FORCE_WIDTH = INT_MAX,
 } pgp_verification_result_variant_t;
 
-typedef pgp_status_t (*pgp_decryptor_get_public_keys_cb_t) (void *,
+typedef pgp_status_t (*pgp_decryptor_get_certs_cb_t) (void *,
     pgp_keyid_t *, size_t,
     pgp_cert_t **, size_t *,
     void (**free)(void *));
 
-typedef pgp_status_t (pgp_decryptor_do_decrypt_cb_t) (
+typedef bool (pgp_decryptor_do_decrypt_cb_t) (
     void *,
     uint8_t,
     pgp_session_key_t);
@@ -534,6 +546,11 @@ typedef pgp_status_t (*pgp_decryptor_inspect_cb_t) (void *,
     pgp_packet_parser_t);
 
 /*/
+/// Verifies a detached signature.
+/*/
+typedef struct pgp_detached_verifier *pgp_detached_verifier_t;
+
+/*/
 /// An OpenPGP policy.
 /*/
 typedef struct pgp_policy *pgp_policy_t;