 @@ -1,49 +1,57 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.2 2015/01/30 18:47:51 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.3 2016/07/05 20:18:03 agc Exp $
 .\"
-.\" Copyright (c) 2014 Alistair Crooks <agc@NetBSD.org>
+.\" Copyright (c) 2014,2015,2016 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 15, 2015
+.Dd June 26, 2016
 .Dt LIBNETPGPVERIFY 3
 .Os
 .Sh NAME
 .Nm libnetpgpverify
 .Nd library to verify digital signatures
 .Sh LIBRARY
 .Lb libnetpgpverify
 .Sh SYNOPSIS
 .In netpgp/verify.h
 .Ft int
 .Fo pgpv_new
 .Fa "void"
 .Fc
 .Ft int
 .Fo pgpv_new_cursor
 .Fa "void"
 .Fc
 .Ft int
 .Fo pgpv_read_pubring
 .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size"
 .Fc
 .Ft int
 .Fo pgpv_read_ssh_pubkeys
 .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size"
 .Fc
 .Ft size_t
 .Fo pgpv_verify
 .Fa "pgpv_cursor_t *cursor" "pgpv_t *pgp" "const void *ptr" "ssize_t size"
 .Fc
 .Ft size_t
 .Fo pgpv_get_verified
 @@ -51,26 +59,34 @@
 .Fc
 .Ft size_t
 .Fo pgpv_get_cursor_element
 .Fa "pgpv_cursor_t *cursor" "size_t element"
 .Fc
 .Ft size_t
 .Fo pgpv_dump
 .Fa "pgpv_t *pgp" "char **data"
 .Fc
 .Ft size_t
 .Fo pgpv_get_entry
 .Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers"
 .Fc
 .Ft int64_t
 .Fo pgpv_get_cursor_num
 .Fa "pgpv_t *pgp" "const char *field"
 .Fc
 .Ft char *
 .Fo pgpv_get_cursor_str
 .Fa "pgpv_t *pgp" "const char *field"
 .Fc
 .Ft int
 .Fo pgpv_close
 .Fa "pgpv_t *pgp"
 .Fc
 .Sh DESCRIPTION
 .Nm
 is a small library which will verify a digital signature on a text or
 binary document.
 It has been kept deliberately small and only uses compression libraries
 to function.
 .Pp
 PGP messages, including key rings, are made up of PGP packets, defined
 in RFC 4880.

 @@ -43,26 +43,263 @@
 #include "bzlib.h"
 #include "zlib.h"
 #include "array.h"
 #include "b64.h"
 #include "bn.h"
 #include "bufgap.h"
 #include "digest.h"
 #include "misc.h"
 #include "pgpsum.h"
 #include "rsa.h"
 #include "verify.h"
 #ifndef PGPV_ARRAY
 /* creates 2 unsigned vars called "name"c and "name"size in current scope */
 /* also creates an array called "name"s in current scope */
 #define PGPV_ARRAY(type, name)						\
 	unsigned name##c; unsigned name##vsize; type *name##s
 #endif
 /* 64bit key ids */
 #define PGPV_KEYID_LEN		8
 #define PGPV_STR_KEYID_LEN	(PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1)
 /* bignum structure */
 typedef struct pgpv_bignum_t {
 	void			*bn;	/* hide the implementation details */
 	uint16_t		 bits;	/* cached number of bits */
 } pgpv_bignum_t;
 /* right now, our max binary digest length is 20 bytes */
 #define PGPV_MAX_HASH_LEN	64
 /* fingerprint */
 typedef struct pgpv_fingerprint_t {
 	uint8_t			hashalg;	/* algorithm for digest */
 	uint8_t			v[PGPV_MAX_HASH_LEN];	/* the digest */
 	uint32_t		len;		/* its length */
 } pgpv_fingerprint_t;
 /* specify size for array of bignums */
 #define PGPV_MAX_PUBKEY_BN	4
 /* public key */
 typedef struct pgpv_pubkey_t {
 	pgpv_fingerprint_t	 fingerprint;	/* key fingerprint i.e. digest */
 	uint8_t			 keyid[PGPV_KEYID_LEN];	/* last 8 bytes of v4 keys */
 	int64_t		 	 birth;		/* creation time */
 	int64_t			 expiry;	/* expiry time */
 	pgpv_bignum_t		 bn[PGPV_MAX_PUBKEY_BN];	/* bignums */
 	uint8_t			 keyalg;	/* key algorithm */
 	uint8_t			 hashalg;	/* hash algorithm */
 	uint8_t			 version;	/* key version */
 } pgpv_pubkey_t;
 #define PGPV_MAX_SESSKEY_BN	2
 /* a (size, byte array) string */
 typedef struct pgpv_string_t {
 	size_t			 size;
 	uint8_t			*data;
 } pgpv_string_t;
 typedef struct pgpv_ref_t {
 	void			*vp;
 	size_t			 offset;
 	unsigned		 mem;
 } pgpv_ref_t;
 #define PGPV_MAX_SECKEY_BN	4
 typedef struct pgpv_compress_t {
 	pgpv_string_t		 s;
 	uint8_t			 compalg;
 } pgpv_compress_t;
 /* a packet dealing with trust */
 typedef struct pgpv_trust_t {
 	uint8_t			level;
 	uint8_t			amount;
 } pgpv_trust_t;
 /* a signature sub packet */
 typedef struct pgpv_sigsubpkt_t {
 	pgpv_string_t		 s;
 	uint8_t			 tag;
 	uint8_t			 critical;
 } pgpv_sigsubpkt_t;
 #define PGPV_MAX_SIG_BN		2
 typedef struct pgpv_signature_t {
 	uint8_t			*signer;		/* key id of signer */
 	pgpv_ref_t		 hashstart;
 	uint8_t			*hash2;
 	uint8_t			*mpi;
 	int64_t			 birth;
 	int64_t			 keyexpiry;
 	int64_t			 expiry;
 	uint32_t		 hashlen;
 	uint8_t			 version;
 	uint8_t			 type;
 	uint8_t			 keyalg;
 	uint8_t			 hashalg;
 	uint8_t			 trustlevel;
 	uint8_t			 trustamount;
 	pgpv_bignum_t		 bn[PGPV_MAX_SIG_BN];
 	char			*regexp;
 	char			*pref_key_server;
 	char			*policy;
 	char			*features;
 	char			*why_revoked;
 	uint8_t			*revoke_fingerprint;
 	uint8_t			 revoke_alg;
 	uint8_t			 revoke_sensitive;
 	uint8_t			 trustsig;
 	uint8_t			 revocable;
 	uint8_t			 pref_symm_alg;
 	uint8_t			 pref_hash_alg;
 	uint8_t			 pref_compress_alg;
 	uint8_t			 key_server_modify;
 	uint8_t			 notation;
 	uint8_t			 type_key;
 	uint8_t			 primary_userid;
 	uint8_t			 revoked;	/* subtract 1 to get real reason, 0 == not revoked */
 } pgpv_signature_t;
 /* a signature packet */
 typedef struct pgpv_sigpkt_t {
 	pgpv_signature_t	 sig;
 	uint16_t		 subslen;
 	uint16_t		 unhashlen;
 	PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts);
 } pgpv_sigpkt_t;
 /* a one-pass signature packet */
 typedef struct pgpv_onepass_t {
 	uint8_t			 keyid[PGPV_KEYID_LEN];
 	uint8_t			 version;
 	uint8_t			 type;
 	uint8_t			 hashalg;
 	uint8_t			 keyalg;
 	uint8_t			 nested;
 } pgpv_onepass_t;
 /* a literal data packet */
 typedef struct pgpv_litdata_t {
 	uint8_t			*filename;
 	pgpv_string_t		 s;
 	uint32_t		 secs;
 	uint8_t			 namelen;
 	char			 format;
 	unsigned		 mem;
 	size_t			 offset;
 	size_t			 len;
 } pgpv_litdata_t;
 /* user attributes - images */
 typedef struct pgpv_userattr_t {
 	size_t 			 len;
 	PGPV_ARRAY(pgpv_string_t, subattrs);
 } pgpv_userattr_t;
 /* a general PGP packet */
 typedef struct pgpv_pkt_t {
 	uint8_t			 tag;
 	uint8_t			 newfmt;
 	uint8_t			 allocated;
 	uint8_t			 mement;
 	size_t			 offset;
 	pgpv_string_t		 s;
 	union {
 		pgpv_sigpkt_t	sigpkt;
 		pgpv_onepass_t	onepass;
 		pgpv_litdata_t	litdata;
 		pgpv_compress_t	compressed;
 		pgpv_trust_t	trust;
 		pgpv_pubkey_t	pubkey;
 		pgpv_string_t	userid;
 		pgpv_userattr_t	userattr;
 	} u;
 } pgpv_pkt_t;
 /* a memory structure */
 typedef struct pgpv_mem_t {
 	size_t			 size;
 	size_t			 cc;
 	uint8_t			*mem;
 	FILE			*fp;
 	uint8_t			 dealloc;
 	const char		*allowed;	/* the types of packet that are allowed */
 } pgpv_mem_t;
 /* packet parser */
 typedef struct pgpv_signed_userid_t {
 	pgpv_string_t	 	 userid;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 	uint8_t			 primary_userid;
 	uint8_t			 revoked;
 } pgpv_signed_userid_t;
 typedef struct pgpv_signed_userattr_t {
 	pgpv_userattr_t	 	 userattr;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 	uint8_t			 revoked;
 } pgpv_signed_userattr_t;
 typedef struct pgpv_signed_subkey_t {
 	pgpv_pubkey_t	 	 subkey;
 	pgpv_signature_t 	 revoc_self_sig;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 } pgpv_signed_subkey_t;
 typedef struct pgpv_primarykey_t {
 	pgpv_pubkey_t 		 primary;
 	pgpv_signature_t 	 revoc_self_sig;
 	PGPV_ARRAY(pgpv_signature_t, direct_sigs);
 	PGPV_ARRAY(pgpv_signed_userid_t, signed_userids);
 	PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs);
 	PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys);
 	size_t			 fmtsize;
 	uint8_t			 primary_userid;
 } pgpv_primarykey_t;
 /* everything stems from this structure */
 typedef struct pgpv_t {
 	PGPV_ARRAY(pgpv_pkt_t, 	 pkts);		/* packet array */
 	PGPV_ARRAY(pgpv_primarykey_t,	 primaries);	/* array of primary keys */
 	PGPV_ARRAY(pgpv_mem_t,	 areas);	/* areas we read packets from */
 	PGPV_ARRAY(size_t,	 datastarts);	/* starts of data packets */
 	size_t		 	 pkt;		/* when parsing, current pkt number */
 	const char		*op;		/* the operation we're doing */
 	unsigned		 ssh;		/* using ssh keys */
 } pgpv_t;
 #define PGPV_REASON_LEN		128
 /* when searching, we define a cursor, and fill in an array of subscripts */
 typedef struct pgpv_cursor_t {
 	pgpv_t			*pgp;			/* pointer to pgp tree */
 	char			*field;			/* field we're searching on */
 	char			*op;			/* operation we're doing */
 	char			*value;			/* value we're searching for */
 	void			*ptr;			/* for regexps etc */
 	PGPV_ARRAY(uint32_t,	 found);		/* array of matched pimary key subscripts */
 	PGPV_ARRAY(size_t,	 datacookies);		/* cookies to retrieve matched data */
 	int64_t			 sigtime;		/* time of signature */
 	char			 why[PGPV_REASON_LEN];	/* reason for bad signature */
 } pgpv_cursor_t;
 #ifndef USE_ARG
 #define USE_ARG(x)	/*LINTED*/(void)&(x)
 #endif
 #ifndef __dead
 #define __dead				__attribute__((__noreturn__))
 #endif
 #ifndef __printflike
 #define __printflike(n, m)		__attribute__((format(printf,n,m)))
 #endif
 #ifndef MIN
 @@ -2738,26 +2975,42 @@ get_packet_type(uint8_t tag)
 	case TRUST_PKT:
 		return "trust packet";
 	case USERID_PKT:
 		return "userid packet";
 	case PUB_SUBKEY_PKT:
 		return "public subkey packet";
 	case USER_ATTRIBUTE_PKT:
 		return "user attribute packet";
 	default:
 		return "[UNKNOWN]";
+	}
+}
 /**************************************************************************/
 /* make a new pgpv struct */
 pgpv_t *
 pgpv_new(void)
+{
 	return calloc(1, sizeof(pgpv_t));
+}
 /* make a new pgpv_cursor struct */
 pgpv_cursor_t *
 pgpv_new_cursor(void)
+{
 	return calloc(1, sizeof(pgpv_cursor_t));
+}
 /* get an element from the found array */
 int
 pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element)
+{
 	if (cursor && element < ARRAY_COUNT(cursor->found)) {
 		return (int)ARRAY_ELEMENT(cursor->found, element);
+	}
 	return -1;
+}
 /* verify the signed packets we have */
 size_t
 pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 @@ -2942,13 +3195,37 @@ pgpv_dump(pgpv_t *pgp, char **data)
 				buf, sizeof(buf));
 		n = snprintf(&(*data)[cc], alloc - cc,
 			"[%zu] off %zu, len %zu, tag %u, %s\n%.*s",
 			pkt,
 			ARRAY_ELEMENT(pgp->pkts, pkt).offset,
 			ARRAY_ELEMENT(pgp->pkts, pkt).s.size,
 			ARRAY_ELEMENT(pgp->pkts, pkt).tag,
 			get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag),
 			(int)dumpc, buf);
 		cc += n;
+	}
 	return cc;
+}
 /* return cursor field as a number */
 int64_t
 pgpv_get_cursor_num(pgpv_cursor_t *cursor, const char *field)
+{
 	if (cursor && field) {
 		if (strcmp(field, "sigtime") == 0) {
 			return cursor->sigtime;
+		}
+	}
 	return 0;
+}
 /* return cursor field as a string */
 char *
 pgpv_get_cursor_str(pgpv_cursor_t *cursor, const char *field)
+{
 	if (cursor && field) {
 		if (strcmp(field, "why") == 0) {
 			return cursor->why;
+		}
+	}
 	return 0;
+}

 @@ -79,109 +79,110 @@ getstdin(ssize_t *cc, size_t *size)
 		in = newin;
 		*size = newsize;
 		if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) {
 			*cc += rc;
+		}
 	} while (rc > 0);
 	return in;
+}
 /* verify memory or file */
 static int
 verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
+{
-	pgpv_cursor_t	 cursor;
+	pgpv_cursor_t	*cursor;
 	const char	*modifiers;
 	size_t		 size;
 	size_t		 cookie;
 	char		*data;
 	int		 el;
-	memset(&cursor, 0x0, sizeof(cursor));
+	cursor = pgpv_new_cursor();
 	if (strcasecmp(cmd, "cat") == 0) {
-		if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
-			if ((size = pgpv_get_verified(&cursor, cookie, &data)) > 0) {
+			if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) {
 				write(STDOUT_FILENO, data, size);
+			}
 			return 1;
+		}
 	} else if (strcasecmp(cmd, "dump") == 0) {
-		if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
 			size = pgpv_dump(pgp, &data);
 			write(STDOUT_FILENO, data, size);
 			return 1;
+		}
 	} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
 		modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
-		if (pgpv_verify(&cursor, pgp, in, cc)) {
+		if (pgpv_verify(cursor, pgp, in, cc)) {
 			printf("Good signature for %s made ", inname);
-			ptime(cursor.sigtime);
+			ptime(pgpv_get_cursor_num(cursor, "sigtime"));
-			el = pgpv_get_cursor_element(&cursor, 0);
+			el = pgpv_get_cursor_element(cursor, 0);
 			pentry(pgp, el, modifiers);
 			return 1;
+		}
-		fprintf(stderr, "Signature did not match contents -- %s\n", cursor.why);
+		fprintf(stderr, "Signature did not match contents -- %s\n",
 			pgpv_get_cursor_str(cursor, "why"));
 	} else {
 		fprintf(stderr, "unrecognised command \"%s\"\n", cmd);
+	}
 	return 0;
+}
 int
 main(int argc, char **argv)
+{
 	const char	*keyring;
 	const char	*cmd;
 	ssize_t		 cc;
 	size_t		 size;
-	pgpv_t		 pgp;
+	pgpv_t		*pgp;
 	char		*in;
 	int		 ssh;
 	int		 ok;
 	int		 i;
-	memset(&pgp, 0x0, sizeof(pgp));
+	pgp = pgpv_new();
 	keyring = NULL;
 	ssh = 0;
 	ok = 1;
 	cmd = "verify";
 	while ((i = getopt(argc, argv, "S:c:k:v")) != -1) {
 		switch(i) {
 		case 'S':
 			ssh = 1;
 			keyring = optarg;
 			break;
 		case 'c':
 			cmd = optarg;
 			break;
 		case 'k':
 			keyring = optarg;
 			break;
 		case 'v':
 			printf("%s\n", NETPGPVERIFY_VERSION);
 			exit(EXIT_SUCCESS);
 		default:
 			break;
+		}
+	}
 	if (ssh) {
-		if (!pgpv_read_ssh_pubkeys(&pgp, keyring, -1)) {
+		if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) {
 			fprintf(stderr, "can't read ssh keyring\n");
 			exit(EXIT_FAILURE);
+		}
-	} else if (!pgpv_read_pubring(&pgp, keyring, -1)) {
+	} else if (!pgpv_read_pubring(pgp, keyring, -1)) {
 		fprintf(stderr, "can't read keyring\n");
 		exit(EXIT_FAILURE);
+	}
 	if (optind == argc) {
 		in = getstdin(&cc, &size);
-		ok = verify_data(&pgp, cmd, "[stdin]", in, cc);
+		ok = verify_data(pgp, cmd, "[stdin]", in, cc);
 	} else {
 		for (ok = 1, i = optind ; i < argc ; i++) {
-			if (!verify_data(&pgp, cmd, argv[i], argv[i], -1)) {
+			if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) {
 				ok = 0;
+			}
+		}
+	}
-	pgpv_close(&pgp);
+	pgpv_close(pgp);
 	exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE);
+}

 @@ -13,286 +13,60 @@
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_	20160625
+#define NETPGP_VERIFY_H_	20160626
-#define NETPGPVERIFY_VERSION	"netpgpverify portable 20160625"
+#define NETPGPVERIFY_VERSION	"netpgpverify portable 20160626"
 #include <sys/types.h>
 #include <inttypes.h>
-#ifndef PGPV_ARRAY
+struct pgpv_t;
-/* creates 2 unsigned vars called "name"c and "name"size in current scope */
+typedef struct pgpv_t	pgpv_t;
 /* also creates an array called "name"s in current scope */
 #define PGPV_ARRAY(type, name)						\
 	unsigned name##c; unsigned name##vsize; type *name##s
 #endif
-/* 64bit key ids */
+struct pgpv_cursor_t;
-#define PGPV_KEYID_LEN		8
+typedef struct pgpv_cursor_t	pgpv_cursor_t;
 #define PGPV_STR_KEYID_LEN	(PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1)
 /* bignum structure */
 typedef struct pgpv_bignum_t {
 	void			*bn;	/* hide the implementation details */
 	uint16_t		 bits;	/* cached number of bits */
 } pgpv_bignum_t;
 /* right now, our max binary digest length is 20 bytes */
 #define PGPV_MAX_HASH_LEN	64
 /* fingerprint */
 typedef struct pgpv_fingerprint_t {
 	uint8_t			hashalg;	/* algorithm for digest */
 	uint8_t			v[PGPV_MAX_HASH_LEN];	/* the digest */
 	uint32_t		len;		/* its length */
 } pgpv_fingerprint_t;
 /* specify size for array of bignums */
 #define PGPV_MAX_PUBKEY_BN	4
 /* public key */
 typedef struct pgpv_pubkey_t {
 	pgpv_fingerprint_t	 fingerprint;	/* key fingerprint i.e. digest */
 	uint8_t			 keyid[PGPV_KEYID_LEN];	/* last 8 bytes of v4 keys */
 	int64_t		 	 birth;		/* creation time */
 	int64_t			 expiry;	/* expiry time */
 	pgpv_bignum_t		 bn[PGPV_MAX_PUBKEY_BN];	/* bignums */
 	uint8_t			 keyalg;	/* key algorithm */
 	uint8_t			 hashalg;	/* hash algorithm */
 	uint8_t			 version;	/* key version */
 } pgpv_pubkey_t;
 #define PGPV_MAX_SESSKEY_BN	2
 /* a (size, byte array) string */
 typedef struct pgpv_string_t {
 	size_t			 size;
 	uint8_t			*data;
 } pgpv_string_t;
 typedef struct pgpv_ref_t {
 	void			*vp;
 	size_t			 offset;
 	unsigned		 mem;
 } pgpv_ref_t;
 #define PGPV_MAX_SECKEY_BN	4
 typedef struct pgpv_compress_t {
 	pgpv_string_t		 s;
 	uint8_t			 compalg;
 } pgpv_compress_t;
 /* a packet dealing with trust */
 typedef struct pgpv_trust_t {
 	uint8_t			level;
 	uint8_t			amount;
 } pgpv_trust_t;
 /* a signature sub packet */
 typedef struct pgpv_sigsubpkt_t {
 	pgpv_string_t		 s;
 	uint8_t			 tag;
 	uint8_t			 critical;
 } pgpv_sigsubpkt_t;
 #define PGPV_MAX_SIG_BN		2
 typedef struct pgpv_signature_t {
 	uint8_t			*signer;		/* key id of signer */
 	pgpv_ref_t		 hashstart;
 	uint8_t			*hash2;
 	uint8_t			*mpi;
 	int64_t			 birth;
 	int64_t			 keyexpiry;
 	int64_t			 expiry;
 	uint32_t		 hashlen;
 	uint8_t			 version;
 	uint8_t			 type;
 	uint8_t			 keyalg;
 	uint8_t			 hashalg;
 	uint8_t			 trustlevel;
 	uint8_t			 trustamount;
 	pgpv_bignum_t		 bn[PGPV_MAX_SIG_BN];
 	char			*regexp;
 	char			*pref_key_server;
 	char			*policy;
 	char			*features;
 	char			*why_revoked;
 	uint8_t			*revoke_fingerprint;
 	uint8_t			 revoke_alg;
 	uint8_t			 revoke_sensitive;
 	uint8_t			 trustsig;
 	uint8_t			 revocable;
 	uint8_t			 pref_symm_alg;
 	uint8_t			 pref_hash_alg;
 	uint8_t			 pref_compress_alg;
 	uint8_t			 key_server_modify;
 	uint8_t			 notation;
 	uint8_t			 type_key;
 	uint8_t			 primary_userid;
 	uint8_t			 revoked;	/* subtract 1 to get real reason, 0 == not revoked */
 } pgpv_signature_t;
 /* a signature packet */
 typedef struct pgpv_sigpkt_t {
 	pgpv_signature_t	 sig;
 	uint16_t		 subslen;
 	uint16_t		 unhashlen;
 	PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts);
 } pgpv_sigpkt_t;
 /* a one-pass signature packet */
 typedef struct pgpv_onepass_t {
 	uint8_t			 keyid[PGPV_KEYID_LEN];
 	uint8_t			 version;
 	uint8_t			 type;
 	uint8_t			 hashalg;
 	uint8_t			 keyalg;
 	uint8_t			 nested;
 } pgpv_onepass_t;
 /* a literal data packet */
 typedef struct pgpv_litdata_t {
 	uint8_t			*filename;
 	pgpv_string_t		 s;
 	uint32_t		 secs;
 	uint8_t			 namelen;
 	char			 format;
 	unsigned		 mem;
 	size_t			 offset;
 	size_t			 len;
 } pgpv_litdata_t;
 /* user attributes - images */
 typedef struct pgpv_userattr_t {
 	size_t 			 len;
 	PGPV_ARRAY(pgpv_string_t, subattrs);
 } pgpv_userattr_t;
 /* a general PGP packet */
 typedef struct pgpv_pkt_t {
 	uint8_t			 tag;
 	uint8_t			 newfmt;
 	uint8_t			 allocated;
 	uint8_t			 mement;
 	size_t			 offset;
 	pgpv_string_t		 s;
 	union {
 		pgpv_sigpkt_t	sigpkt;
 		pgpv_onepass_t	onepass;
 		pgpv_litdata_t	litdata;
 		pgpv_compress_t	compressed;
 		pgpv_trust_t	trust;
 		pgpv_pubkey_t	pubkey;
 		pgpv_string_t	userid;
 		pgpv_userattr_t	userattr;
 	} u;
 } pgpv_pkt_t;
 /* a memory structure */
 typedef struct pgpv_mem_t {
 	size_t			 size;
 	size_t			 cc;
 	uint8_t			*mem;
 	FILE			*fp;
 	uint8_t			 dealloc;
 	const char		*allowed;	/* the types of packet that are allowed */
 } pgpv_mem_t;
 /* packet parser */
 typedef struct pgpv_signed_userid_t {
 	pgpv_string_t	 	 userid;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 	uint8_t			 primary_userid;
 	uint8_t			 revoked;
 } pgpv_signed_userid_t;
 typedef struct pgpv_signed_userattr_t {
 	pgpv_userattr_t	 	 userattr;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 	uint8_t			 revoked;
 } pgpv_signed_userattr_t;
 typedef struct pgpv_signed_subkey_t {
 	pgpv_pubkey_t	 	 subkey;
 	pgpv_signature_t 	 revoc_self_sig;
 	PGPV_ARRAY(pgpv_signature_t, sigs);
 } pgpv_signed_subkey_t;
 typedef struct pgpv_primarykey_t {
 	pgpv_pubkey_t 		 primary;
 	pgpv_signature_t 	 revoc_self_sig;
 	PGPV_ARRAY(pgpv_signature_t, direct_sigs);
 	PGPV_ARRAY(pgpv_signed_userid_t, signed_userids);
 	PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs);
 	PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys);
 	size_t			 fmtsize;
 	uint8_t			 primary_userid;
 } pgpv_primarykey_t;
 /* everything stems from this structure */
 typedef struct pgpv_t {
 	PGPV_ARRAY(pgpv_pkt_t, 	 pkts);		/* packet array */
 	PGPV_ARRAY(pgpv_primarykey_t,	 primaries);	/* array of primary keys */
 	PGPV_ARRAY(pgpv_mem_t,	 areas);	/* areas we read packets from */
 	PGPV_ARRAY(size_t,	 datastarts);	/* starts of data packets */
 	size_t		 	 pkt;		/* when parsing, current pkt number */
 	const char		*op;		/* the operation we're doing */
 	unsigned		 ssh;		/* using ssh keys */
 } pgpv_t;
 #define PGPV_REASON_LEN		128
 /* when searching, we define a cursor, and fill in an array of subscripts */
 typedef struct pgpv_cursor_t {
 	pgpv_t			*pgp;			/* pointer to pgp tree */
 	char			*field;			/* field we're searching on */
 	char			*op;			/* operation we're doing */
 	char			*value;			/* value we're searching for */
 	void			*ptr;			/* for regexps etc */
 	PGPV_ARRAY(uint32_t,	 found);		/* array of matched pimary key subscripts */
 	PGPV_ARRAY(size_t,	 datacookies);		/* cookies to retrieve matched data */
 	int64_t			 sigtime;		/* time of signature */
 	char			 why[PGPV_REASON_LEN];	/* reason for bad signature */
 } pgpv_cursor_t;
 #ifndef __BEGIN_DECLS
 #  if defined(__cplusplus)
 #  define __BEGIN_DECLS           extern "C" {
 #  define __END_DECLS             }
 #  else
 #  define __BEGIN_DECLS
 #  define __END_DECLS
 #  endif
 #endif
 __BEGIN_DECLS
 pgpv_t *pgpv_new(void);
 pgpv_cursor_t *pgpv_new_cursor(void);
 int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/);
 int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/);
 size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
 size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/);
 int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/);
 size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/);
 size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/);
 int64_t pgpv_get_cursor_num(pgpv_cursor_t */*cursor*/, const char */*field*/);
 char *pgpv_get_cursor_str(pgpv_cursor_t */*cursor*/, const char */*field*/);
 int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/);
 int pgpv_close(pgpv_t */*pgp*/);
 __END_DECLS
 #endif