[u/mdw/catacomb] / key / key-data.h

/* -*-c-*-
 *
 * Manipulating key data
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_KEY_DATA_H
#define CATACOMB_KEY_DATA_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <stddef.h>

#include <mLib/bits.h>
#include <mLib/dstr.h>
#include <mLib/sym.h>

#ifndef CATACOMB_KEY_ERROR_H
#  include "key-error.h"
#endif

#ifndef CATACOMB_MP_H
#  include "mp.h"
#endif

#ifndef CATACOMB_EC_H
#  include "ec.h"
#endif

/*----- Data structures ---------------------------------------------------*/

/* --- Key binary data --- */

typedef struct key_bin {
  octet *k;				/* Pointer to key data */
  size_t sz;				/* Size of the key data (in bytes) */
} key_bin;

/* --- Key data structure --- */

typedef struct key_data {
  unsigned e;				/* Encoding type for key data */
  unsigned ref;				/* Reference counter */
  union {
    key_bin k;				/* Binary key data */
    mp *m;				/* Multiprecision integer */
    sym_table s;			/* Structured key data */
    char *p;				/* String pointer */
    ec e;				/* Elliptic curve point */
  } u;
} key_data;

typedef struct key_struct {
  sym_base _b;
  key_data *k;
} key_struct;

typedef struct key_subkeyiter { sym_iter i; } key_subkeyiter;

/* --- Packing and unpacking --- */

typedef struct key_packdef {
  unsigned e;				/* Key data encoding type */
  void *p;				/* Pointer to the destination */
  key_data *kd;				/* Key data block */
} key_packdef;

typedef struct key_packstruct {
  char *name;				/* Pointer to name string */
  key_packdef kp;			/* Packing structure */
} key_packstruct;

/* --- Key binary encoding --- *
 *
 * The binary encoding consists of a header containing a 16-bit encoding type
 * and a 16-bit length, followed immediately by the key data, followed by
 * between zero and three zero bytes to make the total length a multiple of
 * four.  The format of the following data depends on the encoding type:
 *
 * @KENC_BINARY@	Binary data.
 *
 * @KENC_MP@		Octet array interpreted in big-endian byte order.
 *
 * @KENC_STRUCT@	An array of pairs, each containing a string (8-bit
 *			length followed by data and zero-padding to 4-byte
 *			boundary) and key binary encodings.
 *
 * @KENC_ENCRYPT@	Binary data, format
 */

/* --- Key encoding methods and other flags--- */

enum {

  /* --- Bottom two bits are the encoding type --- */

  KF_ENCMASK	= 0x83,			/* Encoding mask */
  KENC_BINARY	= 0x00,			/* Plain binary key (@k@) */
  KENC_MP	= 0x01,			/* Multiprecision integer (@i@) */
  KENC_STRUCT	= 0x02,			/* Structured key data (@s@) */
  KENC_ENCRYPT	= 0x03,			/* Encrypted key type (@k@) */
  KENC_STRING	= 0x80,			/* ASCII string (@p@) */
  KENC_EC	= 0x81,			/* Elliptic curve point (@e@) */

  /* --- Key category bits --- */

  KF_CATMASK	= 0x0c,			/* Category mask */
  KCAT_SYMM	= 0x00,			/* Symmetric encryption key */
  KCAT_PRIV	= 0x04,			/* Private (asymmetric) key */
  KCAT_PUB	= 0x08,			/* Public (asymmetric) key */
  KCAT_SHARE	= 0x0c,			/* Shared (asymmetric) key */
  KF_NONSECRET	= 0x08,			/* Bit flag for non-secret keys */

  /* --- Other flags --- */

  KF_BURN	= 0x10,			/* Burn key after use */
  KF_OPT	= 0x20,			/* Optional key (for @key_unpack@) */

  /* --- Tag end --- */

  KENC_MAX				/* Dummy limit constant */
};

/* --- Key locking return codes --- */

#define KL_OK 0				/* All good */
#define KL_IOERR -1			/* I/O problem (e.g., getting pp) */
#define KL_KEYERR -2			/* Wrong key supplied */
#define KL_DATAERR -3			/* Data format error */

/* --- Key flag filtering --- */

typedef struct key_filter {
  unsigned f;
  unsigned m;
} key_filter;

/* --- Matching aginst key selection --- *
 *
 * GCC will warn about constant addresses in this test, which is rather
 * unfortunate.  Muffle the warning.  This is rather hideous because of the
 * way GCC's parser handles pragmata.
 */

#if __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
#  define KEY_MATCH_MUFFLE_WARNING(x) __extension__ ({			\
	_Pragma("GCC diagnostic push")					\
	_Pragma("GCC diagnostic ignored \"-Waddress\"")			\
	(x);								\
	_Pragma("GCC diagnostic pop")					\
   })
#else
#  define KEY_MATCH_MUFFLE_WARNING(x) (x)
#endif

#define KEY_MATCH(kd, kf)						\
  (KEY_MATCH_MUFFLE_WARNING(!(kf)) ||					\
   ((kd)->e & KF_ENCMASK) == KENC_STRUCT ||				\
   ((kd)->e & (kf)->m) == (kf)->f)

/*----- Key flags and filtering -------------------------------------------*/

/* --- @key_readflags@ --- *
 *
 * Arguments:	@const char *p@ = pointer to string to read
 *		@char **pp@ = where to store the end pointer
 *		@unsigned *ff@ = where to store the flags
 *		@unsigned *mm@ = where to store the mask
 *
 * Returns:	Zero if all went well, nonzero if there was an error.
 *
 * Use:		Reads a flag string.
 */

extern int key_readflags(const char */*p*/, char **/*pp*/,
			 unsigned */*ff*/, unsigned */*mm*/);

/* --- @key_writeflags@ --- *
 *
 * Arguments:	@unsigned f@ = flags to write
 *		@dstr *d@ = pointer to destination string
 *
 * Returns:	---
 *
 * Use:		Emits a flags word as a string representation.
 */

extern void key_writeflags(unsigned /*f*/, dstr */*d*/);

/* --- @key_match@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data block
 *		@const key_filter *kf@ = pointer to filter block
 *
 * Returns:	Nonzero if the key matches the filter.
 *
 * Use:		Checks whether a key matches a filter.
 */

extern int key_match(key_data */*k*/, const key_filter */*kf*/);

/*----- Setting new key data ----------------------------------------------*/

/* --- @key_newraw@ --- *
 *
 * Arguments:	@unsigned e@ = encoding type to set
 *
 * Returns:	New key block, not filled in.
 */

extern key_data *key_newraw(unsigned /*e*/);

/* --- @key_newbinary@ --- *
 *
 * Arguments:	@unsigned e@ = other encoding flags
 *		@const void *p@ = pointer to key data
 *		@size_t sz@ = size of the key data
 *
 * Returns:	New key data object.
 */

extern key_data *key_newbinary(unsigned /*e*/,
			       const void */*p*/, size_t /*sz*/);

/* --- @key_newencrypted@ --- *
 *
 * Arguments:	@unsigned e@ = other encoding flags
 *		@const void *p@ = pointer to key data
 *		@size_t sz@ = size of the key data
 *
 * Returns:	New key data object.
 */

extern key_data *key_newencrypted(unsigned /*e*/,
				  const void */*p*/, size_t /*sz*/);

/* --- @key_newmp@ --- *
 *
 * Arguments:	@unsigned e@ = other encoding flags
 *		@mp *m@ = pointer to the value to set
 *
 * Returns:	New key data object.
 */

extern key_data *key_newmp(unsigned /*e*/, mp */*m*/);

/* --- @key_newstring@ --- *
 *
 * Arguments:	@unsigned e@ = other encoding flags
 *		@const char *p@ = pointer to the value to set
 *
 * Returns:	New key data object.
 */

extern key_data *key_newstring(unsigned /*e*/, const char */*p*/);

/* --- @key_newec@ --- *
 *
 * Arguments:	@unsigned e@ = other encoding flags
 *		@const ec *pt@ = pointer to the value to set
 *
 * Returns:	New key data object.
 */

extern key_data *key_newec(unsigned /*e*/, const ec */*pt*/);

/* --- @key_newstruct@ --- *
 *
 * Arguments:	---
 *
 * Returns:	New key data object.
 */

extern key_data *key_newstruct(void);

/* --- @key_structfind@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data block
 *		@const char *tag@ = pointer to tag string
 *
 * Returns:	Pointer to key data block, or null.
 *
 * Use:		Looks up the tag in a structured key.
 */

extern key_data *key_structfind(key_data */*k*/, const char */*tag*/);

/* --- @key_mksubkeyiter@ --- *
 *
 * Arguments:	@key_subkeyiter *i@ = pointer to iterator block
 *		@key_data *k@ = pointer to key data block
 *
 * Returns:	---
 *
 * Use:		Initializes a subkey iterator.
 */

extern void key_mksubkeyiter(key_subkeyiter */*i*/, key_data */*k*/);

/* --- @key_nextsubkey@ --- *
 *
 * Arguments:	@key_structiter *i@ = pointer to iterator block
 *		@const char **tag@ = where to put the tag pointer, or null
 *		@key_data **kd@ = where to put the key data pointer, or null
 *
 * Returns:	Nonzero if there was another item, zero if we hit the
 *		end-stop.
 *
 * Use:		Collects the next subkey of a structured key.
 */

extern int key_nextsubkey(key_subkeyiter */*i*/,
			  const char **/*tag*/, key_data **/*kd*/);

/* --- @key_structset@, @key_structsteal@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data block
 *		@const char *tag@ = pointer to tag string
 *		@key_data *kd@ = new key data to store
 *
 * Returns:	---
 *
 * Use:		Creates a new subkey.  Stealing doesn't affect @kd@'s
 *		refcount.  If @kd@ is null, the subkey is deleted.
 */

extern void key_structset(key_data */*k*/,
			  const char */*tag*/, key_data */*kd*/);
extern void key_structsteal(key_data */*k*/,
			    const char */*tag*/, key_data */*kd*/);

/* --- @key_split@ --- *
 *
 * Arguments:	@key_data **kk@ = address of pointer to key data block
 *
 * Returns:	---
 *
 * Use:		Replaces @*kk@ with a pointer to the same key data, but with
 *		just one reference.
 */

extern void key_split(key_data **/*kk*/);

/*----- Miscellaneous operations ------------------------------------------*/

/* --- @key_incref@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data
 *
 * Returns:	---
 *
 * Use:		Increments the refcount on a key data block.
 */

#define KEY_INCREF(k) ((k)->ref++)
extern void key_incref(key_data */*k*/);

/* --- @key_destroy@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data to destroy
 *
 * Returns:	---
 *
 * Use:		Destroys a block of key data, regardless of reference count.
 *		Don't use this unless you know what you're doing.
 */

extern void key_destroy(key_data */*k*/);

/* --- @key_drop@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data to destroy
 *
 * Returns:	---
 *
 * Use:		Drops a reference to key data, destroying it if necessary.
 */

#define KEY_DROP(k) do {						\
  key_data *_k = k;							\
  _k->ref--;								\
  if (_k->ref == 0)							\
    key_destroy(_k);							\
} while (0)

extern void key_drop(key_data */*k*/);

/* --- @key_do@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data block
 *		@const key_filter *kf@ = pointer to filter block
 *		@dstr *d@ = pointer to base string
 *		@int (*func)(key_data *kd, dstr *d, void *p@ = function
 *		@void *p@ = argument to function
 *
 * Returns:	Nonzero return code from function, or zero.
 *
 * Use:		Runs a function over all the leaves of a key.
 */

extern int key_do(key_data */*k*/, const key_filter */*kf*/, dstr */*d*/,
		  int (*/*func*/)(key_data */*kd*/,
				  dstr */*d*/, void */*p*/),
		  void */*p*/);

/* --- @key_copydata@ --- *
 *
 * Arguments:	@key_data *k@ = key data to copy
 *		@const key_filter *kf@ = pointer to filter block
 *
 * Returns:	Pointer to a copy of the data, or null if the root subkey
 *		didn't match the filter.
 *
 * Use:		Copies a chunk of key data.  Subkeys, whether they're
 *		structured or leaves, which don't match the filter aren't
 *		copied.  The copy may or may not have structure in common
 *		with the original.
 */

extern key_data *key_copydata(key_data */*k*/, const key_filter */*kf*/);

/*----- Textual encoding --------------------------------------------------*/

/* --- @key_read@ --- *
 *
 * Arguments:	@const char *p@ = pointer to textual key representation
 *		@char **pp@ = where to store the end pointer
 *
 * Returns:	The newly-read key data, or null if it failed.
 *
 * Use:		Parses a textual key description.
 */

extern key_data *key_read(const char */*p*/, char **/*pp*/);

/* --- @key_write@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data
 *		@dstr *d@ = destination string to write on
 *		@const key_filter *kf@ = pointer to key selection block
 *
 * Returns:	Nonzero if any items were actually written.
 *
 * Use:		Writes a key in a textual encoding.
 */

extern int key_write(key_data */*k*/, dstr */*d*/, const key_filter */*kf*/);

/*----- Key binary encoding -----------------------------------------------*/

/* --- @key_decode@ --- *
 *
 * Arguments:	@const void *p@ = pointer to buffer to read
 *		@size_t sz@ = size of the buffer
 *
 * Returns:	The newly-read key data, or null if it failed.
 *
 * Use:		Decodes a binary representation of a key.
 */

extern key_data *key_decode(const void */*p*/, size_t /*sz*/);

/* --- @key_encode@ --- *
 *
 * Arguments:	@key_data *k@ = pointer to key data block
 *		@dstr *d@ = pointer to destination string
 *		@const key_filter *kf@ = pointer to key selection block
 *
 * Returns:	Nonzero if any items were actually written.
 *
 * Use:		Encodes a key block as binary data.
 */

extern int key_encode(key_data */*k*/, dstr */*d*/,
		      const key_filter */*kf*/);

/*----- Packing and unpacking keys ----------------------------------------*/

/* --- @key_pack@ --- *
 *
 * Arguments:	@key_packdef *kp@ = pointer to packing structure
 *		@key_data **kd@ = where to put the key data pointer
 *		@dstr *d@ = pointer to tag string for the key data
 *
 * Returns:	Error code, or zero.
 *
 * Use:		Packs a key from a data structure.
 */

extern int key_pack(key_packdef */*kp*/, key_data **/*kd*/, dstr */*d*/);

/* --- @key_unpack@ --- *
 *
 * Arguments:	@key_packdef *kp@ = pointer to packing structure
 *		@key_data *kd@ = pointer to source key data
 *		@dstr *d@ = pointer to tag string for the key data
 *
 * Returns:	Error code, or zero.
 *
 * Use:		Unpacks a key into an appropriate data structure.
 */

extern int key_unpack(key_packdef */*kp*/, key_data */*kd*/, dstr */*d*/);

/* --- @key_unpackdone@ --- *
 *
 * Arguments:	@key_packdef *kp@ = pointer to packing definition
 *
 * Returns:	---
 *
 * Use:		Frees the key components contained within a packing
 *		definition, created during key unpacking.
 */

extern void key_unpackdone(key_packdef */*kp*/);

/*----- Key encryption ----------------------------------------------------*/

/* --- @key_lock@ --- *
 *
 * Arguments:	@key_data **kt@ = where to store the destination pointer
 *		@key_data *k@ = source key data block or null to use @*kt@
 *		@const void *e@ = secret to encrypt key with
 *		@size_t esz@ = size of the secret
 *
 * Returns:	---
 *
 * Use:		Encrypts a key data block using a secret.
 */

extern void key_lock(key_data **/*kt*/, key_data */*k*/,
		     const void */*e*/, size_t /*esz*/);

/* --- @key_unlock@ --- *
 *
 * Arguments:	@key_data **kt@ = where to store the destination pointer
 *		@key_data *k@ = source key data block or null to use @*kt@
 *		@const void *e@ = secret to decrypt the block with
 *		@size_t esz@ = size of the secret
 *
 * Returns:	Zero for success, or a @KERR_@ error code.
 *
 * Use:		Unlocks a key using a secret.
 */

extern int key_unlock(key_data **/*kt*/, key_data */*k*/,
		      const void */*e*/, size_t /*esz*/);

/* --- @key_plock@ --- *
 *
 * Arguments:	@key_data **kt@ = where to store the destination pointer
 *		@key_data *k@ = source key data block or null to use @*kt@
 *		@const char *tag@ = tag to use for passphrase
 *
 * Returns:	Zero if successful, a @KERR@ error code on failure.
 *
 * Use:		Locks a key by encrypting it with a passphrase.
 */

extern int key_plock(key_data **/*kt*/, key_data */*k*/,
		     const char */*tag*/);

/* --- @key_punlock@ --- *
 *
 * Arguments:	@key_data **kt@ = where to store the destination pointer
 *		@key_data *k@ = source key data block or null to use @*kt@
 *		@const char *tag@ = tag to use for passphrase
 *
 * Returns:	Zero if successful, a @KERR@ error code on failure.
 *
 * Use:		Unlocks a passphrase-locked key.
 */

extern int key_punlock(key_data **/*kt*/, key_data */*k*/,
		       const char */*tag*/);

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
052b36d0	1	/* --c--
052b36d0	2	*
052b36d0	3	* Manipulating key data
	4	*
	5	* (c) 1999 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
052b36d0	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
052b36d0	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
052b36d0	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
052b36d0	28	#ifndef CATACOMB_KEY_DATA_H
	29	#define CATACOMB_KEY_DATA_H
	30
	31	#ifdef __cplusplus
	32	extern "C" {
	33	#endif
	34
	35	/----- Header files ------------------------------------------------------/
	36
	37	#include <stddef.h>
	38
	39	#include <mLib/bits.h>
	40	#include <mLib/dstr.h>
	41	#include <mLib/sym.h>
	42
1dda051b	43	#ifndef CATACOMB_KEY_ERROR_H
	44	# include "key-error.h"
	45	#endif
	46
052b36d0	47	#ifndef CATACOMB_MP_H
	48	# include "mp.h"
	49	#endif
	50
1ba83484	51	#ifndef CATACOMB_EC_H
	52	# include "ec.h"
	53	#endif
	54
052b36d0	55	/----- Data structures ---------------------------------------------------/
	56
	57	/* --- Key binary data --- */
	58
	59	typedef struct key_bin {
	60	octet k; / Pointer to key data */
	61	size_t sz; /* Size of the key data (in bytes) */
	62	} key_bin;
	63
	64	/* --- Key data structure --- */
	65
	66	typedef struct key_data {
	67	unsigned e; /* Encoding type for key data */
ef13e9a4	68	unsigned ref; /* Reference counter */
052b36d0	69	union {
	70	key_bin k; /* Binary key data */
	71	mp m; / Multiprecision integer */
	72	sym_table s; /* Structured key data */
1ba83484	73	char p; / String pointer */
1ba83484	74	ec e; /* Elliptic curve point */
052b36d0	75	} u;
	76	} key_data;
	77
	78	typedef struct key_struct {
	79	sym_base _b;
ef13e9a4	80	key_data *k;
052b36d0	81	} key_struct;
052b36d0	82
ef13e9a4	83	typedef struct key_subkeyiter { sym_iter i; } key_subkeyiter;
ef13e9a4	84
3f6ded6a	85	/* --- Packing and unpacking --- */
	86
	87	typedef struct key_packdef {
ef13e9a4	88	unsigned e; /* Key data encoding type */
3f6ded6a	89	void p; / Pointer to the destination */
ef13e9a4	90	key_data kd; / Key data block */
3f6ded6a	91	} key_packdef;
	92
	93	typedef struct key_packstruct {
	94	char name; / Pointer to name string */
	95	key_packdef kp; /* Packing structure */
	96	} key_packstruct;
	97
052b36d0	98	/* --- Key binary encoding --- *
	99	*
	100	* The binary encoding consists of a header containing a 16-bit encoding type
	101	* and a 16-bit length, followed immediately by the key data, followed by
	102	* between zero and three zero bytes to make the total length a multiple of
	103	* four. The format of the following data depends on the encoding type:
	104	*
	105	* @KENC_BINARY@ Binary data.
	106	*
	107	* @KENC_MP@ Octet array interpreted in big-endian byte order.
	108	*
	109	* @KENC_STRUCT@ An array of pairs, each containing a string (8-bit
	110	* length followed by data and zero-padding to 4-byte
	111	* boundary) and key binary encodings.
	112	*
	113	* @KENC_ENCRYPT@ Binary data, format
	114	*/
	115
	116	/* --- Key encoding methods and other flags--- */
	117
	118	enum {
	119
	120	/* --- Bottom two bits are the encoding type --- */
	121
1ba83484	122	KF_ENCMASK = 0x83, /* Encoding mask */
052b36d0	123	KENC_BINARY = 0x00, /* Plain binary key (@k@) */
	124	KENC_MP = 0x01, /* Multiprecision integer (@i@) */
	125	KENC_STRUCT = 0x02, /* Structured key data (@s@) */
	126	KENC_ENCRYPT = 0x03, /* Encrypted key type (@k@) */
1ba83484	127	KENC_STRING = 0x80, /* ASCII string (@p@) */
1ba83484	128	KENC_EC = 0x81, /* Elliptic curve point (@e@) */
052b36d0	129
	130	/* --- Key category bits --- */
	131
	132	KF_CATMASK = 0x0c, /* Category mask */
	133	KCAT_SYMM = 0x00, /* Symmetric encryption key */
	134	KCAT_PRIV = 0x04, /* Private (asymmetric) key */
	135	KCAT_PUB = 0x08, /* Public (asymmetric) key */
	136	KCAT_SHARE = 0x0c, /* Shared (asymmetric) key */
	137	KF_NONSECRET = 0x08, /* Bit flag for non-secret keys */
	138
	139	/* --- Other flags --- */
	140
	141	KF_BURN = 0x10, /* Burn key after use */
ef13e9a4	142	KF_OPT = 0x20, /* Optional key (for @key_unpack@) */
052b36d0	143
	144	/* --- Tag end --- */
	145
	146	KENC_MAX /* Dummy limit constant */
	147	};
	148
1dda051b	149	/* --- Key locking return codes --- */
	150
	151	#define KL_OK 0 /* All good */
	152	#define KL_IOERR -1 /* I/O problem (e.g., getting pp) */
	153	#define KL_KEYERR -2 /* Wrong key supplied */
	154	#define KL_DATAERR -3 /* Data format error */
	155
052b36d0	156	/* --- Key flag filtering --- */
	157
	158	typedef struct key_filter {
	159	unsigned f;
	160	unsigned m;
	161	} key_filter;
	162
aa02ed36 MW	163	/* --- Matching aginst key selection --- *
	164	*
	165	* GCC will warn about constant addresses in this test, which is rather
	166	* unfortunate. Muffle the warning. This is rather hideous because of the
	167	* way GCC's parser handles pragmata.
	168	*/
	169
	170	#if __GNUC__ >= 5 \|\| (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
	171	# define KEY_MATCH_MUFFLE_WARNING(x) __extension__ ({ \
	172	_Pragma("GCC diagnostic push") \
	173	_Pragma("GCC diagnostic ignored \"-Waddress\"") \
	174	(x); \
	175	_Pragma("GCC diagnostic pop") \
	176	})
	177	#else
	178	# define KEY_MATCH_MUFFLE_WARNING(x) (x)
	179	#endif
052b36d0	180
052b36d0	181	#define KEY_MATCH(kd, kf) \
aa02ed36	182	(KEY_MATCH_MUFFLE_WARNING(!(kf)) \|\| \
052b36d0	183	((kd)->e & KF_ENCMASK) == KENC_STRUCT \|\| \
	184	((kd)->e & (kf)->m) == (kf)->f)
	185
	186	/----- Key flags and filtering -------------------------------------------/
	187
	188	/* --- @key_readflags@ --- *
	189	*
	190	* Arguments: @const char *p@ = pointer to string to read
	191	* @char **pp@ = where to store the end pointer
	192	* @unsigned *ff@ = where to store the flags
	193	* @unsigned *mm@ = where to store the mask
	194	*
	195	* Returns: Zero if all went well, nonzero if there was an error.
	196	*
	197	* Use: Reads a flag string.
	198	*/
	199
	200	extern int key_readflags(const char /p/, char /pp*/,
	201	unsigned /ff/, unsigned /mm/);
	202
	203	/* --- @key_writeflags@ --- *
	204	*
	205	* Arguments: @unsigned f@ = flags to write
	206	* @dstr *d@ = pointer to destination string
	207	*
	208	* Returns: ---
	209	*
	210	* Use: Emits a flags word as a string representation.
	211	*/
	212
	213	extern void key_writeflags(unsigned /f/, dstr /d*/);
	214
	215	/* --- @key_match@ --- *
	216	*
	217	* Arguments: @key_data *k@ = pointer to key data block
	218	* @const key_filter *kf@ = pointer to filter block
	219	*
	220	* Returns: Nonzero if the key matches the filter.
	221	*
	222	* Use: Checks whether a key matches a filter.
	223	*/
	224
	225	extern int key_match(key_data /k/, const key_filter /kf/);
	226
	227	/----- Setting new key data ----------------------------------------------/
	228
ef13e9a4	229	/* --- @key_newraw@ --- *
052b36d0	230	*
ef13e9a4	231	* Arguments: @unsigned e@ = encoding type to set
	232	*
	233	* Returns: New key block, not filled in.
	234	*/
	235
	236	extern key_data key_newraw(unsigned /e*/);
	237
	238	/* --- @key_newbinary@ --- *
	239	*
	240	* Arguments: @unsigned e@ = other encoding flags
052b36d0	241	* @const void *p@ = pointer to key data
	242	* @size_t sz@ = size of the key data
	243	*
ef13e9a4	244	* Returns: New key data object.
052b36d0	245	*/
052b36d0	246
ef13e9a4	247	extern key_data key_newbinary(unsigned /e*/,
ef13e9a4	248	const void /p/, size_t /sz*/);
052b36d0	249
ef13e9a4	250	/* --- @key_newencrypted@ --- *
052b36d0	251	*
ef13e9a4	252	* Arguments: @unsigned e@ = other encoding flags
052b36d0	253	* @const void *p@ = pointer to key data
	254	* @size_t sz@ = size of the key data
	255	*
ef13e9a4	256	* Returns: New key data object.
052b36d0	257	*/
052b36d0	258
ef13e9a4	259	extern key_data key_newencrypted(unsigned /e*/,
ef13e9a4	260	const void /p/, size_t /sz*/);
052b36d0	261
4e28b711	262	/* --- @key_newmp@ --- *
052b36d0	263	*
ef13e9a4	264	* Arguments: @unsigned e@ = other encoding flags
052b36d0	265	* @mp *m@ = pointer to the value to set
052b36d0	266	*
ef13e9a4	267	* Returns: New key data object.
052b36d0	268	*/
052b36d0	269
ef13e9a4	270	extern key_data key_newmp(unsigned /e/, mp /m/);
052b36d0	271
ef13e9a4	272	/* --- @key_newstring@ --- *
1ba83484	273	*
ef13e9a4	274	* Arguments: @unsigned e@ = other encoding flags
1ba83484	275	* @const char *p@ = pointer to the value to set
1ba83484	276	*
ef13e9a4	277	* Returns: New key data object.
1ba83484	278	*/
1ba83484	279
ef13e9a4	280	extern key_data key_newstring(unsigned /e/, const char /p/);
1ba83484	281
ef13e9a4	282	/* --- @key_newec@ --- *
1ba83484	283	*
ef13e9a4	284	* Arguments: @unsigned e@ = other encoding flags
ef13e9a4	285	* @const ec *pt@ = pointer to the value to set
1ba83484	286	*
ef13e9a4	287	* Returns: New key data object.
1ba83484	288	*/
1ba83484	289
ef13e9a4	290	extern key_data key_newec(unsigned /e/, const ec /pt/);
1ba83484	291
ef13e9a4	292	/* --- @key_newstruct@ --- *
052b36d0	293	*
ef13e9a4	294	* Arguments: ---
052b36d0	295	*
ef13e9a4	296	* Returns: New key data object.
052b36d0	297	*/
052b36d0	298
ef13e9a4	299	extern key_data *key_newstruct(void);
052b36d0	300
	301	/* --- @key_structfind@ --- *
	302	*
	303	* Arguments: @key_data *k@ = pointer to key data block
	304	* @const char *tag@ = pointer to tag string
	305	*
	306	* Returns: Pointer to key data block, or null.
	307	*
	308	* Use: Looks up the tag in a structured key.
	309	*/
	310
	311	extern key_data key_structfind(key_data /k/, const char /tag*/);
	312
ef13e9a4	313	/* --- @key_mksubkeyiter@ --- *
	314	*
	315	* Arguments: @key_subkeyiter *i@ = pointer to iterator block
	316	* @key_data *k@ = pointer to key data block
	317	*
	318	* Returns: ---
	319	*
	320	* Use: Initializes a subkey iterator.
	321	*/
	322
	323	extern void key_mksubkeyiter(key_subkeyiter /i/, key_data /k/);
	324
	325	/* --- @key_nextsubkey@ --- *
	326	*
	327	* Arguments: @key_structiter *i@ = pointer to iterator block
	328	* @const char **tag@ = where to put the tag pointer, or null
	329	* @key_data **kd@ = where to put the key data pointer, or null
	330	*
	331	* Returns: Nonzero if there was another item, zero if we hit the
	332	* end-stop.
	333	*
	334	* Use: Collects the next subkey of a structured key.
	335	*/
	336
	337	extern int key_nextsubkey(key_subkeyiter /i*/,
	338	const char */tag/, key_data /kd*/);
	339
	340	/* --- @key_structset@, @key_structsteal@ --- *
052b36d0	341	*
	342	* Arguments: @key_data *k@ = pointer to key data block
	343	* @const char *tag@ = pointer to tag string
ef13e9a4	344	* @key_data *kd@ = new key data to store
052b36d0	345	*
ef13e9a4	346	* Returns: ---
052b36d0	347	*
ef13e9a4	348	* Use: Creates a new subkey. Stealing doesn't affect @kd@'s
ef13e9a4	349	* refcount. If @kd@ is null, the subkey is deleted.
052b36d0	350	*/
052b36d0	351
ef13e9a4	352	extern void key_structset(key_data /k*/,
	353	const char /tag/, key_data /kd/);
	354	extern void key_structsteal(key_data /k*/,
	355	const char /tag/, key_data /kd/);
	356
	357	/* --- @key_split@ --- *
	358	*
	359	* Arguments: @key_data **kk@ = address of pointer to key data block
	360	*
	361	* Returns: ---
	362	*
	363	* Use: Replaces @*kk@ with a pointer to the same key data, but with
	364	* just one reference.
	365	*/
	366
	367	extern void key_split(key_data */kk*/);
052b36d0	368
	369	/----- Miscellaneous operations ------------------------------------------/
	370
ef13e9a4	371	/* --- @key_incref@ --- *
	372	*
	373	* Arguments: @key_data *k@ = pointer to key data
	374	*
	375	* Returns: ---
	376	*
	377	* Use: Increments the refcount on a key data block.
	378	*/
	379
	380	#define KEY_INCREF(k) ((k)->ref++)
	381	extern void key_incref(key_data /k*/);
	382
052b36d0	383	/* --- @key_destroy@ --- *
	384	*
	385	* Arguments: @key_data *k@ = pointer to key data to destroy
	386	*
	387	* Returns: ---
	388	*
ef13e9a4	389	* Use: Destroys a block of key data, regardless of reference count.
ef13e9a4	390	* Don't use this unless you know what you're doing.
052b36d0	391	*/
	392
	393	extern void key_destroy(key_data /k*/);
	394
ef13e9a4	395	/* --- @key_drop@ --- *
	396	*
	397	* Arguments: @key_data *k@ = pointer to key data to destroy
	398	*
	399	* Returns: ---
	400	*
	401	* Use: Drops a reference to key data, destroying it if necessary.
	402	*/
	403
	404	#define KEY_DROP(k) do { \
	405	key_data *_k = k; \
	406	_k->ref--; \
	407	if (_k->ref == 0) \
	408	key_destroy(_k); \
	409	} while (0)
45c0fd36	410
ef13e9a4	411	extern void key_drop(key_data /k*/);
ef13e9a4	412
052b36d0	413	/* --- @key_do@ --- *
	414	*
	415	* Arguments: @key_data *k@ = pointer to key data block
	416	* @const key_filter *kf@ = pointer to filter block
	417	* @dstr *d@ = pointer to base string
	418	* @int (func)(key_data kd, dstr d, void p@ = function
	419	* @void *p@ = argument to function
	420	*
	421	* Returns: Nonzero return code from function, or zero.
	422	*
45c0fd36	423	* Use: Runs a function over all the leaves of a key.
052b36d0	424	*/
	425
	426	extern int key_do(key_data /k/, const key_filter /kf/, dstr /d*/,
	427	int (/func/)(key_data /kd/,
	428	dstr /d/, void /p/),
	429	void /p*/);
	430
6a7dce91 MW	431	/* --- @key_copydata@ --- *
	432	*
	433	* Arguments: @key_data *k@ = key data to copy
	434	* @const key_filter *kf@ = pointer to filter block
	435	*
	436	* Returns: Pointer to a copy of the data, or null if the root subkey
	437	* didn't match the filter.
	438	*
	439	* Use: Copies a chunk of key data. Subkeys, whether they're
	440	* structured or leaves, which don't match the filter aren't
	441	* copied. The copy may or may not have structure in common
	442	* with the original.
	443	*/
	444
	445	extern key_data key_copydata(key_data /k/, const key_filter /kf*/);
	446
052b36d0	447	/----- Textual encoding --------------------------------------------------/
	448
	449	/* --- @key_read@ --- *
	450	*
	451	* Arguments: @const char *p@ = pointer to textual key representation
052b36d0	452	* @char **pp@ = where to store the end pointer
052b36d0	453	*
ef13e9a4	454	* Returns: The newly-read key data, or null if it failed.
052b36d0	455	*
	456	* Use: Parses a textual key description.
	457	*/
	458
ef13e9a4	459	extern key_data key_read(const char /p/, char */pp*/);
052b36d0	460
	461	/* --- @key_write@ --- *
	462	*
	463	* Arguments: @key_data *k@ = pointer to key data
	464	* @dstr *d@ = destination string to write on
	465	* @const key_filter *kf@ = pointer to key selection block
	466	*
	467	* Returns: Nonzero if any items were actually written.
	468	*
	469	* Use: Writes a key in a textual encoding.
	470	*/
	471
ef13e9a4	472	extern int key_write(key_data /k/, dstr /d/, const key_filter /kf*/);
052b36d0	473
	474	/----- Key binary encoding -----------------------------------------------/
	475
	476	/* --- @key_decode@ --- *
	477	*
	478	* Arguments: @const void *p@ = pointer to buffer to read
	479	* @size_t sz@ = size of the buffer
052b36d0	480	*
ef13e9a4	481	* Returns: The newly-read key data, or null if it failed.
052b36d0	482	*
	483	* Use: Decodes a binary representation of a key.
	484	*/
	485
ef13e9a4	486	extern key_data key_decode(const void /p/, size_t /sz/);
052b36d0	487
	488	/* --- @key_encode@ --- *
	489	*
	490	* Arguments: @key_data *k@ = pointer to key data block
	491	* @dstr *d@ = pointer to destination string
	492	* @const key_filter *kf@ = pointer to key selection block
	493	*
	494	* Returns: Nonzero if any items were actually written.
	495	*
	496	* Use: Encodes a key block as binary data.
	497	*/
	498
	499	extern int key_encode(key_data /k/, dstr /d/,
	500	const key_filter /kf*/);
	501
3f6ded6a	502	/----- Packing and unpacking keys ----------------------------------------/
	503
	504	/* --- @key_pack@ --- *
	505	*
	506	* Arguments: @key_packdef *kp@ = pointer to packing structure
ef13e9a4	507	* @key_data **kd@ = where to put the key data pointer
3f6ded6a	508	* @dstr *d@ = pointer to tag string for the key data
	509	*
	510	* Returns: Error code, or zero.
	511	*
	512	* Use: Packs a key from a data structure.
	513	*/
	514
ef13e9a4	515	extern int key_pack(key_packdef /kp/, key_data /kd/, dstr /d/);
3f6ded6a	516
	517	/* --- @key_unpack@ --- *
	518	*
	519	* Arguments: @key_packdef *kp@ = pointer to packing structure
	520	* @key_data *kd@ = pointer to source key data
	521	* @dstr *d@ = pointer to tag string for the key data
	522	*
	523	* Returns: Error code, or zero.
	524	*
	525	* Use: Unpacks a key into an appropriate data structure.
	526	*/
	527
	528	extern int key_unpack(key_packdef /kp/, key_data /kd/, dstr /d*/);
	529
	530	/* --- @key_unpackdone@ --- *
	531	*
	532	* Arguments: @key_packdef *kp@ = pointer to packing definition
	533	*
	534	* Returns: ---
	535	*
	536	* Use: Frees the key components contained within a packing
	537	* definition, created during key unpacking.
	538	*/
	539
	540	extern void key_unpackdone(key_packdef /kp*/);
	541
1dda051b	542	/----- Key encryption ----------------------------------------------------/
	543
	544	/* --- @key_lock@ --- *
	545	*
ef13e9a4	546	* Arguments: @key_data **kt@ = where to store the destination pointer
ef13e9a4	547	* @key_data k@ = source key data block or null to use @kt@
1dda051b	548	* @const void *e@ = secret to encrypt key with
	549	* @size_t esz@ = size of the secret
	550	*
	551	* Returns: ---
	552	*
	553	* Use: Encrypts a key data block using a secret.
	554	*/
	555
ef13e9a4	556	extern void key_lock(key_data */kt/, key_data /k/,
1dda051b	557	const void /e/, size_t /esz*/);
	558
	559	/* --- @key_unlock@ --- *
	560	*
ef13e9a4	561	* Arguments: @key_data **kt@ = where to store the destination pointer
ef13e9a4	562	* @key_data k@ = source key data block or null to use @kt@
1dda051b	563	* @const void *e@ = secret to decrypt the block with
	564	* @size_t esz@ = size of the secret
	565	*
	566	* Returns: Zero for success, or a @KERR_@ error code.
	567	*
	568	* Use: Unlocks a key using a secret.
	569	*/
	570
ef13e9a4	571	extern int key_unlock(key_data */kt/, key_data /k/,
1dda051b	572	const void /e/, size_t /esz*/);
052b36d0	573
	574	/* --- @key_plock@ --- *
	575	*
ef13e9a4	576	* Arguments: @key_data **kt@ = where to store the destination pointer
	577	* @key_data k@ = source key data block or null to use @kt@
	578	* @const char *tag@ = tag to use for passphrase
052b36d0	579	*
1dda051b	580	* Returns: Zero if successful, a @KERR@ error code on failure.
052b36d0	581	*
	582	* Use: Locks a key by encrypting it with a passphrase.
	583	*/
	584
ef13e9a4	585	extern int key_plock(key_data */kt/, key_data /k/,
ef13e9a4	586	const char /tag*/);
052b36d0	587
	588	/* --- @key_punlock@ --- *
	589	*
ef13e9a4	590	* Arguments: @key_data **kt@ = where to store the destination pointer
	591	* @key_data k@ = source key data block or null to use @kt@
	592	* @const char *tag@ = tag to use for passphrase
052b36d0	593	*
1dda051b	594	* Returns: Zero if successful, a @KERR@ error code on failure.
052b36d0	595	*
	596	* Use: Unlocks a passphrase-locked key.
	597	*/
	598
ef13e9a4	599	extern int key_punlock(key_data */kt/, key_data /k/,
ef13e9a4	600	const char /tag*/);
052b36d0	601
	602	/----- That's all, folks -------------------------------------------------/
	603
	604	#ifdef __cplusplus
	605	}
	606	#endif
	607
	608	#endif