rpmio/rpmpgp.h

Go to the documentation of this file.

#ifndef H_RPMPGP
#define H_RPMPGP

#include <string.h>

#if !defined(_BEECRYPT_API_H)
/*@-redef@*/
typedef unsigned char byte;
/*@=redef@*/
#endif  /* _BEECRYPT_API_H */

typedef /*@abstract@*/ struct DIGEST_CTX_s * DIGEST_CTX;

typedef const struct pgpValTbl_s {
    int val;
/*@observer@*/ const char * str;
} * pgpValTbl;
 
typedef enum pgpTag_e {
    PGPTAG_RESERVED             =  0, 
    PGPTAG_PUBLIC_SESSION_KEY   =  1, 
    PGPTAG_SIGNATURE            =  2, 
    PGPTAG_SYMMETRIC_SESSION_KEY=  3, 
    PGPTAG_ONEPASS_SIGNATURE    =  4, 
    PGPTAG_SECRET_KEY           =  5, 
    PGPTAG_PUBLIC_KEY           =  6, 
    PGPTAG_SECRET_SUBKEY        =  7, 
    PGPTAG_COMPRESSED_DATA      =  8, 
    PGPTAG_SYMMETRIC_DATA       =  9, 
    PGPTAG_MARKER               = 10, 
    PGPTAG_LITERAL_DATA         = 11, 
    PGPTAG_TRUST                = 12, 
    PGPTAG_USER_ID              = 13, 
    PGPTAG_PUBLIC_SUBKEY        = 14, 
    PGPTAG_COMMENT_OLD          = 16, 
    PGPTAG_PHOTOID              = 17, 
    PGPTAG_ENCRYPTED_MDC        = 18, 
    PGPTAG_MDC                  = 19, 
    PGPTAG_PRIVATE_60           = 60, 
    PGPTAG_COMMENT              = 61, 
    PGPTAG_PRIVATE_62           = 62, 
    PGPTAG_CONTROL              = 63  
} pgpTag;

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpTagTbl[];

typedef struct pgpPktPubkey_s {
    byte version;       
    byte keyid[8];      
    byte algo;          
} pgpPktPubkey;


/*@-typeuse@*/
typedef enum pgpSigType_e {
    PGPSIGTYPE_BINARY            = 0x00, 
    PGPSIGTYPE_TEXT              = 0x01, 
    PGPSIGTYPE_STANDALONE        = 0x02, 
    PGPSIGTYPE_GENERIC_CERT      = 0x10,
    PGPSIGTYPE_PERSONA_CERT      = 0x11,
    PGPSIGTYPE_CASUAL_CERT       = 0x12,
    PGPSIGTYPE_POSITIVE_CERT     = 0x13,
    PGPSIGTYPE_SUBKEY_BINDING    = 0x18, 
    PGPSIGTYPE_SIGNED_KEY        = 0x1F, 
    PGPSIGTYPE_KEY_REVOKE        = 0x20, 
    PGPSIGTYPE_SUBKEY_REVOKE     = 0x28, 
    PGPSIGTYPE_CERT_REVOKE       = 0x30, 
    PGPSIGTYPE_TIMESTAMP         = 0x40  
} pgpSigType;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpSigTypeTbl[];

/*@-typeuse@*/
typedef enum pgpPubkeyAlgo_e {
    PGPPUBKEYALGO_RSA           =  1,   
    PGPPUBKEYALGO_RSA_ENCRYPT   =  2,   
    PGPPUBKEYALGO_RSA_SIGN      =  3,   
    PGPPUBKEYALGO_ELGAMAL_ENCRYPT = 16, 
    PGPPUBKEYALGO_DSA           = 17,   
    PGPPUBKEYALGO_EC            = 18,   
    PGPPUBKEYALGO_ECDSA         = 19,   
    PGPPUBKEYALGO_ELGAMAL       = 20,   
    PGPPUBKEYALGO_DH            = 21    
} pgpPubkeyAlgo;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpPubkeyTbl[];

/*@-typeuse@*/
typedef enum pgpSymkeyAlgo_e {
    PGPSYMKEYALGO_PLAINTEXT     =  0,   
    PGPSYMKEYALGO_IDEA          =  1,   
    PGPSYMKEYALGO_TRIPLE_DES    =  2,   
    PGPSYMKEYALGO_CAST5         =  3,   
    PGPSYMKEYALGO_BLOWFISH      =  4,   
    PGPSYMKEYALGO_SAFER         =  5,   
    PGPSYMKEYALGO_DES_SK        =  6,   
    PGPSYMKEYALGO_AES_128       =  7,   
    PGPSYMKEYALGO_AES_192       =  8,   
    PGPSYMKEYALGO_AES_256       =  9,   
    PGPSYMKEYALGO_TWOFISH       = 10,   
    PGPSYMKEYALGO_NOENCRYPT     = 110   
} pgpSymkeyAlgo;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpSymkeyTbl[];

/*@-typeuse@*/
typedef enum pgpCompressAlgo_e {
    PGPCOMPRESSALGO_NONE        =  0,   
    PGPCOMPRESSALGO_ZIP         =  1,   
    PGPCOMPRESSALGO_ZLIB        =  2,   
    PGPCOMPRESSALGO_BZIP2       =  3    
} pgpCompressAlgo;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpCompressionTbl[];

typedef enum pgpHashAlgo_e {
    PGPHASHALGO_MD5             =  1,   
    PGPHASHALGO_SHA1            =  2,   
    PGPHASHALGO_RIPEMD160       =  3,   
    PGPHASHALGO_MD2             =  5,   
    PGPHASHALGO_TIGER192        =  6,   
    PGPHASHALGO_HAVAL_5_160     =  7,   
    PGPHASHALGO_SHA256          =  8,   
    PGPHASHALGO_SHA384          =  9,   
    PGPHASHALGO_SHA512          = 10,   
} pgpHashAlgo;

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpHashTbl[];

typedef struct pgpPktSigV3_s {
    byte version;       
    byte hashlen;       
    byte sigtype;       
    byte time[4];       
    byte signid[8];     
    byte pubkey_algo;   
    byte hash_algo;     
    byte signhash16[2]; 
} * pgpPktSigV3;

typedef struct pgpPktSigV4_s {
    byte version;       
    byte sigtype;       
    byte pubkey_algo;   
    byte hash_algo;     
    byte hashlen[2];    
} * pgpPktSigV4;

/*@-typeuse@*/
typedef enum pgpSubType_e {
    PGPSUBTYPE_NONE             =   0, 
    PGPSUBTYPE_SIG_CREATE_TIME  =   2, 
    PGPSUBTYPE_SIG_EXPIRE_TIME  =   3, 
    PGPSUBTYPE_EXPORTABLE_CERT  =   4, 
    PGPSUBTYPE_TRUST_SIG        =   5, 
    PGPSUBTYPE_REGEX            =   6, 
    PGPSUBTYPE_REVOCABLE        =   7, 
    PGPSUBTYPE_KEY_EXPIRE_TIME  =   9, 
    PGPSUBTYPE_ARR              =  10, 
    PGPSUBTYPE_PREFER_SYMKEY    =  11, 
    PGPSUBTYPE_REVOKE_KEY       =  12, 
    PGPSUBTYPE_ISSUER_KEYID     =  16, 
    PGPSUBTYPE_NOTATION         =  20, 
    PGPSUBTYPE_PREFER_HASH      =  21, 
    PGPSUBTYPE_PREFER_COMPRESS  =  22, 
    PGPSUBTYPE_KEYSERVER_PREFERS=  23, 
    PGPSUBTYPE_PREFER_KEYSERVER =  24, 
    PGPSUBTYPE_PRIMARY_USERID   =  25, 
    PGPSUBTYPE_POLICY_URL       =  26, 
    PGPSUBTYPE_KEY_FLAGS        =  27, 
    PGPSUBTYPE_SIGNER_USERID    =  28, 
    PGPSUBTYPE_REVOKE_REASON    =  29, 
    PGPSUBTYPE_FEATURES         =  30, 
    PGPSUBTYPE_EMBEDDED_SIG     =  32, 
    PGPSUBTYPE_INTERNAL_100     = 100, 
    PGPSUBTYPE_INTERNAL_101     = 101, 
    PGPSUBTYPE_INTERNAL_102     = 102, 
    PGPSUBTYPE_INTERNAL_103     = 103, 
    PGPSUBTYPE_INTERNAL_104     = 104, 
    PGPSUBTYPE_INTERNAL_105     = 105, 
    PGPSUBTYPE_INTERNAL_106     = 106, 
    PGPSUBTYPE_INTERNAL_107     = 107, 
    PGPSUBTYPE_INTERNAL_108     = 108, 
    PGPSUBTYPE_INTERNAL_109     = 109, 
    PGPSUBTYPE_INTERNAL_110     = 110, 
    PGPSUBTYPE_CRITICAL         = 128  
} pgpSubType;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpSubTypeTbl[];

typedef union pgpPktSig_u {
    struct pgpPktSigV3_s v3;
    struct pgpPktSigV4_s v4;
} * pgpPktSig;

typedef struct pgpPktSymkey_s {
    byte version;       
    byte symkey_algo;
    byte s2k[1];
} pgpPktSymkey;

typedef struct pgpPktOnepass_s {
    byte version;       
    byte sigtype;       
    byte hash_algo;     
    byte pubkey_algo;   
    byte signid[8];     
    byte nested;
} * pgpPktOnepass;

typedef struct pgpPktKeyV3_s {
    byte version;       
    byte time[4];       
    byte valid[2];      
    byte pubkey_algo;   
} * pgpPktKeyV3;

typedef struct pgpPktKeyV4_s {
    byte version;       
    byte time[4];       
    byte pubkey_algo;   
} * pgpPktKeyV4;

typedef union pgpPktKey_u {
    struct pgpPktKeyV3_s v3;
    struct pgpPktKeyV4_s v4;
} pgpPktKey;

/*
 * 5.6. Compressed Data Packet (Tag 8)
 *
 * The Compressed Data packet contains compressed data. Typically, this
 * packet is found as the contents of an encrypted packet, or following
 * a Signature or One-Pass Signature packet, and contains literal data
 * packets.
 *
 * The body of this packet consists of:
 *   - One octet that gives the algorithm used to compress the packet.
 *   - The remainder of the packet is compressed data.
 *
 * A Compressed Data Packet's body contains an block that compresses
 * some set of packets. See section "Packet Composition" for details on
 * how messages are formed.
 *
 * ZIP-compressed packets are compressed with raw RFC 1951 DEFLATE
 * blocks. Note that PGP V2.6 uses 13 bits of compression. If an
 * implementation uses more bits of compression, PGP V2.6 cannot
 * decompress it.
 *
 * ZLIB-compressed packets are compressed with RFC 1950 ZLIB-style
 * blocks.
 */
typedef struct pgpPktCdata_s {
    byte compressalgo;
    byte data[1];
} pgpPktCdata;

/*
 * 5.7. Symmetrically Encrypted Data Packet (Tag 9)
 *
 * The Symmetrically Encrypted Data packet contains data encrypted with
 * a symmetric-key algorithm. When it has been decrypted, it will
 * typically contain other packets (often literal data packets or
 * compressed data packets).
 *
 * The body of this packet consists of:
 *   - Encrypted data, the output of the selected symmetric-key cipher
 *     operating in PGP's variant of Cipher Feedback (CFB) mode.
 *
 * The symmetric cipher used may be specified in an Public-Key or
 * Symmetric-Key Encrypted Session Key packet that precedes the
 * Symmetrically Encrypted Data Packet.  In that case, the cipher
 * algorithm octet is prefixed to the session key before it is
 * encrypted.  If no packets of these types precede the encrypted data,
 * the IDEA algorithm is used with the session key calculated as the MD5
 * hash of the passphrase.
 *
 * The data is encrypted in CFB mode, with a CFB shift size equal to the
 * cipher's block size.  The Initial Vector (IV) is specified as all
 * zeros.  Instead of using an IV, OpenPGP prefixes a 10-octet string to
 * the data before it is encrypted.  The first eight octets are random,
 * and the 9th and 10th octets are copies of the 7th and 8th octets,
 * respectively. After encrypting the first 10 octets, the CFB state is
 * resynchronized if the cipher block size is 8 octets or less.  The
 * last 8 octets of ciphertext are passed through the cipher and the
 * block boundary is reset.
 *
 * The repetition of 16 bits in the 80 bits of random data prefixed to
 * the message allows the receiver to immediately check whether the
 * session key is incorrect.
 */
typedef struct pgpPktEdata_s {
    byte data[1];
} pgpPktEdata;

/*
 * 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
 *
 * An experimental version of PGP used this packet as the Literal
 * packet, but no released version of PGP generated Literal packets with
 * this tag. With PGP 5.x, this packet has been re-assigned and is
 * reserved for use as the Marker packet.
 *
 * The body of this packet consists of:
 *   - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
 *
 * Such a packet MUST be ignored when received.  It may be placed at the
 * beginning of a message that uses features not available in PGP 2.6.x
 * in order to cause that version to report that newer software is
 * necessary to process the message.
 */
/*
 * 5.9. Literal Data Packet (Tag 11)
 *
 * A Literal Data packet contains the body of a message; data that is
 * not to be further interpreted.
 *
 * The body of this packet consists of:
 *   - A one-octet field that describes how the data is formatted.
 *
 * If it is a 'b' (0x62), then the literal packet contains binary data.
 * If it is a 't' (0x74), then it contains text data, and thus may need
 * line ends converted to local form, or other text-mode changes.  RFC
 * 1991 also defined a value of 'l' as a 'local' mode for machine-local
 * conversions.  This use is now deprecated.
 *   - File name as a string (one-octet length, followed by file name),
 *     if the encrypted data should be saved as a file.
 *
 * If the special name "_CONSOLE" is used, the message is considered to
 * be "for your eyes only".  This advises that the message data is
 * unusually sensitive, and the receiving program should process it more
 * carefully, perhaps avoiding storing the received data to disk, for
 * example.
 *   - A four-octet number that indicates the modification date of the
 *     file, or the creation time of the packet, or a zero that
 *     indicates the present time.
 *   - The remainder of the packet is literal data.
 *
 * Text data is stored with <CR><LF> text endings (i.e. network-normal
 * line endings).  These should be converted to native line endings by
 * the receiving software.
 */
typedef struct pgpPktLdata_s {
    byte format;
    byte filenamelen;
    byte filename[1];
} pgpPktLdata;

/*
 * 5.10. Trust Packet (Tag 12)
 *
 * The Trust packet is used only within keyrings and is not normally
 * exported.  Trust packets contain data that record the user's
 * specifications of which key holders are trustworthy introducers,
 * along with other information that implementing software uses for
 * trust information.
 *
 * Trust packets SHOULD NOT be emitted to output streams that are
 * transferred to other users, and they SHOULD be ignored on any input
 * other than local keyring files.
 */
typedef struct pgpPktTrust_s {
    byte flag;
} pgpPktTrust;

/*
 * 5.11. User ID Packet (Tag 13)
 *
 * A User ID packet consists of data that is intended to represent the
 * name and email address of the key holder.  By convention, it includes
 * an RFC 822 mail name, but there are no restrictions on its content.
 * The packet length in the header specifies the length of the user id.
 * If it is text, it is encoded in UTF-8.
 *
 */
typedef struct pgpPktUid_s {
    byte userid[1];
} pgpPktUid;

union pgpPktPre_u {
    pgpPktPubkey pubkey;        
    pgpPktSig sig;              
    pgpPktSymkey symkey;        
    pgpPktOnepass onepass;      
    pgpPktKey key;              
    pgpPktCdata cdata;          
    pgpPktEdata edata;          
    pgpPktLdata ldata;          
    pgpPktTrust tdata;          
    pgpPktUid uid;              
};

/*@-typeuse@*/
typedef enum pgpArmor_e {
    PGPARMOR_ERR_CRC_CHECK              = -7,
    PGPARMOR_ERR_BODY_DECODE            = -6,
    PGPARMOR_ERR_CRC_DECODE             = -5,
    PGPARMOR_ERR_NO_END_PGP             = -4,
    PGPARMOR_ERR_UNKNOWN_PREAMBLE_TAG   = -3,
    PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE     = -2,
    PGPARMOR_ERR_NO_BEGIN_PGP           = -1,
#define PGPARMOR_ERROR  PGPARMOR_ERR_NO_BEGIN_PGP
    PGPARMOR_NONE               =  0,
    PGPARMOR_MESSAGE            =  1, 
    PGPARMOR_PUBKEY             =  2, 
    PGPARMOR_SIGNATURE          =  3, 
    PGPARMOR_SIGNED_MESSAGE     =  4, 
    PGPARMOR_FILE               =  5, 
    PGPARMOR_PRIVKEY            =  6, 
    PGPARMOR_SECKEY             =  7  
} pgpArmor;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpArmorTbl[];

/*@-typeuse@*/
typedef enum pgpArmorKey_e {
    PGPARMORKEY_VERSION         = 1, 
    PGPARMORKEY_COMMENT         = 2, 
    PGPARMORKEY_MESSAGEID       = 3, 
    PGPARMORKEY_HASH            = 4, 
    PGPARMORKEY_CHARSET         = 5  
} pgpArmorKey;
/*@=typeuse@*/

/*@observer@*/ /*@unchecked@*/ /*@unused@*/
extern struct pgpValTbl_s pgpArmorKeyTbl[];

typedef enum rpmDigestFlags_e {
    RPMDIGEST_NONE      = 0
} rpmDigestFlags;


/*@-fcnuse@*/
#ifdef __cplusplus
extern "C" {
#endif

/*@unused@*/ static inline
unsigned int pgpGrab(const byte *s, int nbytes)
        /*@*/
{
    unsigned int i = 0;
    int nb = (nbytes <= sizeof(i) ? nbytes : sizeof(i));
/*@-boundsread@*/
    while (nb--)
        i = (i << 8) | *s++;
/*@=boundsread@*/
    return i;
}

/*@unused@*/ static inline
int pgpLen(const byte *s, /*@out@*/ unsigned int *lenp)
        /*@modifies *lenp @*/
{
/*@-boundswrite@*/
    if (*s < 192) {
        (*lenp) = *s++;
        return 1;
    } else if (*s < 255) {
        (*lenp) = ((((unsigned)s[0]) - 192) << 8) + s[1] + 192;
        return 2;
    } else {
        (*lenp) = pgpGrab(s+1, 4);
        return 5;
    }
/*@=boundswrite@*/
}

/*@unused@*/ static inline
unsigned int pgpMpiBits(const byte *p)
        /*@requires maxRead(p) >= 1 @*/
        /*@*/
{
    return ((p[0] << 8) | p[1]);
}

/*@unused@*/ static inline
unsigned int pgpMpiLen(const byte *p)
        /*@requires maxRead(p) >= 1 @*/
        /*@*/
{
    return (2 + ((pgpMpiBits(p)+7)>>3));
}
        
/*@unused@*/ static inline
char * pgpHexCvt(/*@returned@*/ char *t, const byte *s, int nbytes)
        /*@modifies *t @*/
{
    static char hex[] = "0123456789abcdef";
/*@-boundswrite@*/
    while (nbytes-- > 0) {
        unsigned int i;
        i = *s++;
        *t++ = hex[ (i >> 4) & 0xf ];
        *t++ = hex[ (i     ) & 0xf ];
    }
    *t = '\0';
/*@=boundswrite@*/
    return t;
}

/*@unused@*/ static inline /*@observer@*/
char * pgpHexStr(const byte *p, unsigned int plen)
        /*@*/
{
    static char prbuf[8*BUFSIZ];        /* XXX ick */
    char *t = prbuf;
    t = pgpHexCvt(t, p, plen);
    return prbuf;
}

/*@unused@*/ static inline /*@observer@*/
const char * pgpMpiStr(const byte *p)
        /*@requires maxRead(p) >= 3 @*/
        /*@*/
{
    static char prbuf[8*BUFSIZ];        /* XXX ick */
    char *t = prbuf;
    sprintf(t, "[%4u]: ", pgpGrab(p, 2));
    t += strlen(t);
    t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2);
    return prbuf;
}

/*@unused@*/ static inline /*@observer@*/
const char * pgpValStr(pgpValTbl vs, byte val)
        /*@*/
{
    do {
        if (vs->val == val)
            break;
    } while ((++vs)->val != -1);
    return vs->str;
}

/*@unused@*/ static inline
int pgpValTok(pgpValTbl vs, const char * s, const char * se)
        /*@*/
{
    do {
        int vlen = strlen(vs->str);
        if (vlen <= (se-s) && !strncmp(s, vs->str, vlen))
            break;
    } while ((++vs)->val != -1);
    return vs->val;
}

/*@-exportlocal@*/
void pgpPrtVal(const char * pre, pgpValTbl vs, byte val)
        /*@globals fileSystem @*/
        /*@modifies fileSystem @*/;

int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype)
        /*@globals fileSystem @*/
        /*@modifies fileSystem @*/;

int pgpPrtSig(pgpTag tag, const byte *h, unsigned int hlen)
        /*@globals fileSystem, internalState @*/
        /*@modifies fileSystem, internalState @*/;

int pgpPrtKey(pgpTag tag, const byte *h, unsigned int hlen)
        /*@globals fileSystem, internalState @*/
        /*@modifies fileSystem, internalState @*/;

int pgpPrtUserID(pgpTag tag, const byte *h, unsigned int hlen)
        /*@globals fileSystem, internalState @*/
        /*@modifies fileSystem, internalState @*/;

int pgpPrtComment(pgpTag tag, const byte *h, unsigned int hlen)
        /*@globals fileSystem @*/
        /*@modifies fileSystem @*/;

int pgpPubkeyFingerprint(const byte * pkt, unsigned int pktlen,
                /*@out@*/ byte * keyid)
        /*@modifies *keyid @*/;

int pgpPrtPkt(const byte *pkt, unsigned int pleft)
        /*@globals fileSystem, internalState @*/
        /*@modifies fileSystem, internalState @*/;
/*@=exportlocal@*/

int pgpPrtPkts(const byte *pkts, unsigned int pktlen, pgpDig dig, int printing)
        /*@globals fileSystem, internalState @*/
        /*@modifies dig, fileSystem, internalState @*/;

pgpArmor pgpReadPkts(const char * fn,
                /*@out@*/ const byte ** pkt, /*@out@*/ size_t * pktlen)
        /*@globals h_errno, fileSystem, internalState @*/
        /*@modifies *pkt, *pktlen, fileSystem, internalState @*/;

char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
        /*@*/;

/*@only@*/
pgpDig pgpNewDig(void)
        /*@*/;

void pgpCleanDig(/*@null@*/ pgpDig dig)
        /*@modifies dig @*/;

/*@only@*/ /*@null@*/
pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig)
        /*@modifies dig @*/;

/*@unused@*/ static inline
int pgpIsPkt(const byte * p)
        /*@*/
{
/*@-boundsread@*/
    unsigned int val = *p++;
/*@=boundsread@*/
    pgpTag tag;
    int rc;

    /* XXX can't deal with these. */
    if (!(val & 0x80))
        return 0;

    if (val & 0x40)
        tag = (pgpTag)(val & 0x3f);
    else
        tag = (pgpTag)((val >> 2) & 0xf);

    switch (tag) {
    case PGPTAG_MARKER:
    case PGPTAG_SYMMETRIC_SESSION_KEY:
    case PGPTAG_ONEPASS_SIGNATURE:
    case PGPTAG_PUBLIC_KEY:
    case PGPTAG_SECRET_KEY:
    case PGPTAG_PUBLIC_SESSION_KEY:
    case PGPTAG_SIGNATURE:
    case PGPTAG_COMMENT:
    case PGPTAG_COMMENT_OLD:
    case PGPTAG_LITERAL_DATA:
    case PGPTAG_COMPRESSED_DATA:
    case PGPTAG_SYMMETRIC_DATA:
        rc = 1;
        break;
    case PGPTAG_PUBLIC_SUBKEY:
    case PGPTAG_SECRET_SUBKEY:
    case PGPTAG_USER_ID:
    case PGPTAG_RESERVED:
    case PGPTAG_TRUST:
    case PGPTAG_PHOTOID:
    case PGPTAG_ENCRYPTED_MDC:
    case PGPTAG_MDC:
    case PGPTAG_PRIVATE_60:
    case PGPTAG_PRIVATE_62:
    case PGPTAG_CONTROL:
    default:
        rc = 0;
        break;
    }

    return rc;
}

#define CRC24_INIT      0xb704ce
#define CRC24_POLY      0x1864cfb

/*@unused@*/ static inline
unsigned int pgpCRC(const byte *octets, size_t len)
        /*@*/
{
    unsigned int crc = CRC24_INIT;
    int i;

    while (len--) {
/*@-boundsread@*/
        crc ^= (*octets++) << 16;
/*@=boundsread@*/
        for (i = 0; i < 8; i++) {
            crc <<= 1;
            if (crc & 0x1000000)
                crc ^= CRC24_POLY;
        }
    }
    return crc & 0xffffff;
}

/*@only@*/
DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
        /*@*/;

/*@only@*/ /*@null@*/
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
        /*@*/;

int rpmDigestUpdate(/*@null@*/ DIGEST_CTX ctx, const void * data, size_t len)
        /*@modifies ctx @*/;

int rpmDigestFinal(/*@only@*/ /*@null@*/ DIGEST_CTX ctx,
        /*@null@*/ /*@out@*/ void ** datap,
        /*@null@*/ /*@out@*/ size_t * lenp, int asAscii)
                /*@modifies *datap, *lenp @*/;

#ifdef __cplusplus
}
#endif
/*@=fcnuse@*/

#endif  /* H_RPMPGP */

---