add source to libraries, and cruft for building under windows

1 files changed, 4698 insertions, 0 deletions

diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/doc/gcrypt.info b/linden/indra/libgcrypt/libgcrypt-1.2.2/doc/gcrypt.info
new file mode 100755
index 0000000..ad64497
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/doc/gcrypt.info
@@ -0,0 +1,4698 @@
+This is gcrypt.info, produced by makeinfo version 4.7 from gcrypt.texi.

+

+   This manual is for Libgcrypt (version 1.2.2, 29 July 2005), which is

+GNU's library of cryptographic building blocks.

+

+   Copyright (C) 2000, 2002, 2003, 2004 Free Software Foundation, Inc.

+

+     Permission is granted to copy, distribute and/or modify this

+     document under the terms of the GNU General Public License as

+     published by the Free Software Foundation; either version 2 of the

+     License, or (at your option) any later version. The text of the

+     license can be found in the section entitled "Copying".

+

+INFO-DIR-SECTION GNU Libraries

+START-INFO-DIR-ENTRY

+* libgcrypt: (gcrypt).  Cryptographic function library.

+END-INFO-DIR-ENTRY

+

+

+File: gcrypt.info,  Node: Top,  Next: Introduction,  Up: (dir)

+

+The Libgcrypt Library

+*********************

+

+This manual is for Libgcrypt (version 1.2.2, 29 July 2005), which is

+GNU's library of cryptographic building blocks.

+

+   Copyright (C) 2000, 2002, 2003, 2004 Free Software Foundation, Inc.

+

+     Permission is granted to copy, distribute and/or modify this

+     document under the terms of the GNU General Public License as

+     published by the Free Software Foundation; either version 2 of the

+     License, or (at your option) any later version. The text of the

+     license can be found in the section entitled "Copying".

+

+* Menu:

+

+* Introduction::                 What is Libgcrypt.

+* Preparation::                  What you should do before using the library.

+* Generalities::                 General library functions and data types.

+* Handler Functions::            Working with handler functions.

+* Symmetric cryptography::       How to use symmetric cryptography.

+* Hashing::                      How to use hashing.

+* Public Key cryptography (I)::  How to use public key cryptography.

+* Public Key cryptography (II):: How to use public key cryptography, alternatively.

+* Random Numbers::               How to work with random numbers.

+* S-expressions::                How to manage S-expressions.

+* MPI library::                  How to work with multi-precision-integers.

+* Utilities::                    Utility functions.

+

+Appendices

+

+* Library Copying::             The GNU Lesser General Public License

+                                says how you can copy and share `Libgcrypt'.

+* Copying::                     The GNU General Public License says how you

+                                can copy and share some parts of `Libgcrypt'.

+

+Indices

+

+* Concept Index::               Index of concepts and programs.

+* Function and Data Index::     Index of functions, variables and data types.

+

+ --- The Detailed Node Listing ---

+

+Introduction

+* Getting Started::             How to use this manual.

+* Features::                    A glance at Libgcrypt's features.

+* Overview::                    Overview about the library.

+

+Preparation

+* Header::                              What header file you need to include.

+* Building sources::                    How to build sources using the library.

+* Building sources using Automake::     How to build sources with the help of Automake.

+* Initializing the library::            How to initialize the library.

+* Multi Threading::                     How Libgcrypt can be used in a MT environment.

+

+Generalities

+* Controlling the library::     Controlling Libgcrypt's behavior.

+* Modules::                     Description of extension modules.

+* Error Handling::              Error codes and such.

+

+Handler Functions

+* Progress handler::            Using a progress handler function.

+* Allocation handler::          Using special memory allocation functions.

+* Error handler::               Using error handler functions.

+* Logging handler::             Using a special logging function.

+

+Symmetric cryptography

+* Available ciphers::           List of ciphers supported by the library.

+* Cipher modules::              How to work with cipher modules.

+* Available cipher modes::      List of cipher modes supported by the library.

+* Working with cipher handles:: How to perform operations related to cipher handles.

+* General cipher functions::    General cipher functions independent of cipher handles.

+

+Hashing

+* Available hash algorithms::           List of hash algorithms supported by the library.

+* Hash algorithm modules::              How to work with hash algorithm modules.

+* Working with hash algorithms::        List of functions related to hashing.

+

+Public Key cryptography (I)

+* Used S-expressions::                    Introduction into the used S-expression.

+* Available algorithms::                  Algorithms supported by the library.

+* Public key modules::                    How to work with public key modules.

+* Cryptographic Functions::               Functions for performing the cryptographic actions.

+* General public-key related Functions::  General functions, not implementing any cryptography.

+

+Public Key cryptography (II)

+* Available asymmetric algorithms:: List of algorithms supported by the library.

+* Working with sets of data::       How to work with sets of data.

+* Working with handles::            How to use handles.

+* Working with keys::               How to work with keys.

+* Using cryptographic functions::   How to perform cryptographic operations.

+* Handle-independent functions::    General functions independent of handles.

+

+Random Numbers

+* Quality of random numbers::   Libgcrypt uses different quality levels.

+* Retrieving random numbers::   How to retrieve random numbers.

+

+S-expressions

+* Data types for S-expressions::   Data types related with S-expressions.

+* Working with S-expressions::     How to work with S-expressions.

+

+MPI library

+* Data types::                  MPI related data types.

+* Basic functions::             First steps with MPI numbers.

+* MPI formats::                 External representation of MPIs.

+* Calculations::                Performing MPI calculations.

+* Comparisons::                 How to compare MPI values.

+* Bit manipulations::           How to access single bits of MPI values.

+* Miscellaneous::               Miscellaneous MPI functions.

+

+Utilities

+* Memory allocation::           Functions related with memory allocation.

+

+

+File: gcrypt.info,  Node: Introduction,  Next: Preparation,  Prev: Top,  Up: Top

+

+1 Introduction

+**************

+

+`Libgcrypt' is a library providing cryptographic building blocks.

+

+* Menu:

+

+* Getting Started::             How to use this manual.

+* Features::                    A glance at Libgcrypt's features.

+* Overview::                    Overview about the library.

+

+

+File: gcrypt.info,  Node: Getting Started,  Next: Features,  Up: Introduction

+

+1.1 Getting Started

+===================

+

+This manual documents the `Libgcrypt' library application programming

+interface (API).  All functions and data types provided by the library

+are explained.

+

+The reader is assumed to possess basic knowledge about applied

+cryptography.

+

+   This manual can be used in several ways.  If read from the beginning

+to the end, it gives a good introduction into the library and how it

+can be used in an application.  Forward references are included where

+necessary.  Later on, the manual can be used as a reference manual to

+get just the information needed about any particular interface of the

+library.  Experienced programmers might want to start looking at the

+examples at the end of the manual, and then only read up those parts of

+the interface which are unclear.

+

+

+File: gcrypt.info,  Node: Features,  Next: Overview,  Prev: Getting Started,  Up: Introduction

+

+1.2 Features

+============

+

+`Libgcrypt' might have a couple of advantages over other libraries doing

+a similar job.

+

+It's Free Software

+     Anybody can use, modify, and redistribute it under the terms of

+     the GNU Lesser General Public License (*note Library Copying::).

+     Note, that some parts (which are not needed on a GNU or GNU/Linux

+     system) are subject to the terms of the GNU General Public License

+     (*note Copying::); please see the README file of the distribution

+     for of list of these parts.

+

+It encapsulates the low level cryptography

+     `Libgcrypt' provides a high level interface to cryptographic

+     building blocks using an extendable and flexible API.

+

+

+

+File: gcrypt.info,  Node: Overview,  Prev: Features,  Up: Introduction

+

+1.3 Overview

+============

+

+The `Libgcrypt' library is fully thread-safe, where it makes sense to

+be thread-safe.  An exception for thread-safety are some cryptographic

+functions that modify a certain context stored in handles.  If the user

+really intents to use such functions from different threads on the same

+handle, he has to take care of the serialization of such functions

+himself.  If not described otherwise, every function is thread-safe.

+

+   Libgcrypt depends on the library `libgpg-error', which contains

+common error handling related code for GnuPG components.

+

+

+File: gcrypt.info,  Node: Preparation,  Next: Generalities,  Prev: Introduction,  Up: Top

+

+2 Preparation

+*************

+

+To use `Libgcrypt', you have to perform some changes to your sources

+and the build system.  The necessary changes are small and explained in

+the following sections.  At the end of this chapter, it is described

+how the library is initialized, and how the requirements of the library

+are verified.

+

+* Menu:

+

+* Header::                      What header file you need to include.

+* Building sources::            How to build sources using the library.

+* Building sources using Automake::  How to build sources with the help of Automake.

+* Initializing the library::    How to initialize the library.

+* Multi Threading::             How Libgcrypt can be used in a MT environment.

+

+

+File: gcrypt.info,  Node: Header,  Next: Building sources,  Up: Preparation

+

+2.1 Header

+==========

+

+All interfaces (data types and functions) of the library are defined in

+the header file `gcrypt.h'.  You must include this in all source files

+using the library, either directly or through some other header file,

+like this:

+

+     #include <gcrypt.h>

+

+   The name space of `Libgcrypt' is `gcry_*' for function and type

+names and `GCRY*' for other symbols.  In addition the same name

+prefixes with one prepended underscore are reserved for internal use

+and should never be used by an application.  Furthermore `libgpg-error'

+defines functions prefixed with `gpg_' and preprocessor symbols

+prefixed with `GPG_'.  Note that Libgcrypt uses libgpg-error, which

+uses `gpg_err_*' as name space for function and type names and

+`GPG_ERR_*' for other symbols, including all the error codes.

+

+

+File: gcrypt.info,  Node: Building sources,  Next: Building sources using Automake,  Prev: Header,  Up: Preparation

+

+2.2 Building sources

+====================

+

+If you want to compile a source file including the `gcrypt.h' header

+file, you must make sure that the compiler can find it in the directory

+hierarchy.  This is accomplished by adding the path to the directory in

+which the header file is located to the compilers include file search

+path (via the `-I' option).

+

+   However, the path to the include file is determined at the time the

+source is configured.  To solve this problem, `Libgcrypt' ships with a

+small helper program `libgcrypt-config' that knows the path to the

+include file and other configuration options.  The options that need to

+be added to the compiler invocation at compile time are output by the

+`--cflags' option to `libgcrypt-config'.  The following example shows

+how it can be used at the command line:

+

+     gcc -c foo.c `libgcrypt-config --cflags`

+

+   Adding the output of `libgcrypt-config --cflags' to the compilers

+command line will ensure that the compiler can find the `Libgcrypt'

+header file.

+

+   A similar problem occurs when linking the program with the library.

+Again, the compiler has to find the library files.  For this to work,

+the path to the library files has to be added to the library search path

+(via the `-L' option).  For this, the option `--libs' to

+`libgcrypt-config' can be used.  For convenience, this option also

+outputs all other options that are required to link the program with

+the `Libgcrypt' libraries (in particular, the `-lgcrypt' option).  The

+example shows how to link `foo.o' with the `Libgcrypt' library to a

+program `foo'.

+

+     gcc -o foo foo.o `libgcrypt-config --libs`

+

+   Of course you can also combine both examples to a single command by

+specifying both options to `libgcrypt-config':

+

+     gcc -o foo foo.c `libgcrypt-config --cflags --libs`

+

+

+File: gcrypt.info,  Node: Building sources using Automake,  Next: Initializing the library,  Prev: Building sources,  Up: Preparation

+

+2.3 Building sources using Automake

+===================================

+

+It is much easier if you use GNU Automake instead of writing your own

+Makefiles.  If you do that you do not have to worry about finding and

+invoking the `libgcrypt-config' script at all.  Libgcrypt provides an

+extension to Automake that does all the work for you.

+

+ -- Macro: AM_PATH_LIBGCRYPT ([MINIMUM-VERSION], [ACTION-IF-FOUND],

+          [ACTION-IF-NOT-FOUND])

+     Check whether Libgcrypt (at least version MINIMUM-VERSION, if

+     given) exists on the host system.  If it is found, execute

+     ACTION-IF-FOUND, otherwise do ACTION-IF-NOT-FOUND, if given.

+

+     Additionally, the function defines `LIBGCRYPT_CFLAGS' to the flags

+     needed for compilation of the program to find the `gcrypt.h'

+     header file, and `LIBGCRYPT_LIBS' to the linker flags needed to

+     link the program to the Libgcrypt library.

+

+   You can use the defined Autoconf variables like this in your

+`Makefile.am':

+

+     AM_CPPFLAGS = $(LIBGCRYPT_CFLAGS)

+     LDADD = $(LIBGCRYPT_LIBS)

+

+

+File: gcrypt.info,  Node: Initializing the library,  Next: Multi Threading,  Prev: Building sources using Automake,  Up: Preparation

+

+2.4 Initializing the library

+============================

+

+It is often desirable to check that the version of `Libgcrypt' used is

+indeed one which fits all requirements.  Even with binary compatibility

+new features may have been introduced but due to problem with the

+dynamic linker an old version is actually used.  So you may want to

+check that the version is okay right after program startup.

+

+ -- Function: const char *gcry_check_version (const char *REQ_VERSION)

+     The function `gcry_check_version' has three purposes.  It can be

+     used to retrieve the version number of the library.  In addition it

+     can verify that the version number is higher than a certain

+     required version number.

+

+     In either case, the function initializes some sub-systems, and for

+     this reason alone it must be invoked early in your program, before

+     you make use of the other functions of Libgcrypt.

+

+

+File: gcrypt.info,  Node: Multi Threading,  Prev: Initializing the library,  Up: Preparation

+

+2.5 Multi Threading

+===================

+

+As mentioned earlier, the `Libgcrypt' library is thread-safe if you

+adhere to the following requirements:

+

+   * If your application is multi-threaded, you must set the thread

+     support callbacks with the `GCRYCTL_SET_THREAD_CBS' command

+     *before* any other function in the library.

+

+     This is easy enough if you are indeed writing an application using

+     Libgcrypt.  It is rather problematic if you are writing a library

+     instead.  Here are some tips what to do if you are writing a

+     library:

+

+     If your library requires a certain thread package, just initialize

+     Libgcrypt to use this thread package.  If your library supports

+     multiple thread packages, but needs to be configured, you will

+     have to implement a way to determine which thread package the

+     application wants to use with your library anyway.  Then configure

+     Libgcrypt to use this thread package.

+

+     If your library is fully reentrant without any special support by a

+     thread package, then you are lucky indeed.  Unfortunately, this

+     does not relieve you from doing either of the two above, or use a

+     third option.  The third option is to let the application

+     initialize Libgcrypt for you.  Then you are not using Libgcrypt

+     transparently, though.

+

+     As if this was not difficult enough, a conflict may arise if two

+     libraries try to initialize Libgcrypt independently of each

+     others, and both such libraries are then linked into the same

+     application.  To make it a bit simpler for you, this will probably

+     work, but only if both libraries have the same requirement for the

+     thread package.  This is currently only supported for the

+     non-threaded case, GNU Pth and pthread.  Support for more thread

+     packages is easy to add, so contact us if you require it.

+

+   * The function `gcry_check_version' must be called before any other

+     function in the library, except the `GCRYCTL_SET_THREAD_CBS'

+     command (called via the `gcry_control' function), because it

+     initializes the thread support subsystem in Libgcrypt.  To achieve

+     this in multi-threaded programs, you must synchronize the memory

+     with respect to other threads that also want to use Libgcrypt.

+     For this, it is sufficient to call `gcry_check_version' before

+     creating the other threads using Libgcrypt(1).

+

+   *  As with the function `gpg_strerror', `gcry_strerror' is not

+     thread safe.  You have to use `gpg_strerror_r' instead.

+

+   Libgcrypt contains convenient macros, which define the necessary

+thread callbacks for PThread and for GNU Pth:

+

+`GCRY_THREAD_OPTION_PTH_IMPL'

+     This macro defines the following (static) symbols: gcry_pth_init,

+     gcry_pth_mutex_init, gcry_pth_mutex_destroy, gcry_pth_mutex_lock,

+     gcry_pth_mutex_unlock, gcry_pth_read, gcry_pth_write,

+     gcry_pth_select, gcry_pth_waitpid, gcry_pth_accept,

+     gcry_pth_connect, gcry_threads_pth.

+

+     After including this macro, gcry_control() shall be used with a

+     command of GCRYCTL_SET_THREAD_CBS in order to register the thread

+     callback structure named "gcry_threads_pth".

+

+`GCRY_THREAD_OPTION_PTHREAD_IMPL'

+     This macro defines the following (static) symbols:

+     gcry_pthread_mutex_init, gcry_pthread_mutex_destroy,

+     gcry_mutex_lock, gcry_mutex_unlock, gcry_threads_pthread.

+

+     After including this macro, gcry_control() shall be used with a

+     command of GCRYCTL_SET_THREAD_CBS in order to register the thread

+     callback structure named "gcry_threads_pthread".

+

+   Note that these macros need to be terminated with a semicolon.  Keep

+in mind that these are convenient macros for C programmers; C++

+programmers might have to wrap these macros in an "extern C" body.

+

+   ---------- Footnotes ----------

+

+   (1) At least this is true for POSIX threads, as `pthread_create' is

+a function that synchronizes memory with respects to other threads.

+There are many functions which have this property, a complete list can

+be found in POSIX, IEEE Std 1003.1-2003, Base Definitions, Issue 6, in

+the definition of the term "Memory Synchronization".  For other thread

+packages, more relaxed or more strict rules may apply.

+

+

+File: gcrypt.info,  Node: Generalities,  Next: Handler Functions,  Prev: Preparation,  Up: Top

+

+3 Generalities

+**************

+

+* Menu:

+

+* Controlling the library::     Controlling Libgcrypt's behavior.

+* Modules::                     Description of extension modules.

+* Error Handling::              Error codes and such.

+

+

+File: gcrypt.info,  Node: Controlling the library,  Next: Modules,  Up: Generalities

+

+3.1 Controlling the library

+===========================

+

+ -- Function: gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...)

+     This function can be used to influence the general behavior of

+     Libgcrypt in several ways.  Depending on CMD, more arguments can

+     or have to be provided.

+

+

+

+File: gcrypt.info,  Node: Modules,  Next: Error Handling,  Prev: Controlling the library,  Up: Generalities

+

+3.2 Modules

+===========

+

+Libgcrypt supports the use of `extension modules', which implement

+algorithms in addition to those already built into the library directly.

+

+ -- Data type: gcry_module_t

+     This data type represents a `module'.

+

+   Functions registering modules provided by the user take a `module

+specification structure' as input and return a value of `gcry_module_t'

+and an ID that is unique in the modules' category.  This ID can be used

+to reference the newly registered module.  After registering a module

+successfully, the new functionality should be able to be used through

+the normal functions provided by Libgcrypt until it is unregistered

+again.

+

+

+File: gcrypt.info,  Node: Error Handling,  Prev: Modules,  Up: Generalities

+

+3.3 Error Handling

+==================

+

+Many functions in Libgcrypt can return an error if they fail.  For this

+reason, the application should always catch the error condition and

+take appropriate measures, for example by releasing the resources and

+passing the error up to the caller, or by displaying a descriptive

+message to the user and cancelling the operation.

+

+   Some error values do not indicate a system error or an error in the

+operation, but the result of an operation that failed properly.  For

+example, if you try to decrypt a tempered message, the decryption will

+fail.  Another error value actually means that the end of a data buffer

+or list has been reached.  The following descriptions explain for many

+error codes what they mean usually.  Some error values have specific

+meanings if returned by a certain functions.  Such cases are described

+in the documentation of those functions.

+

+   Libgcrypt uses the `libgpg-error' library.  This allows to share the

+error codes with other components of the GnuPG system, and thus pass

+error values transparently from the crypto engine, or some helper

+application of the crypto engine, to the user.  This way no information

+is lost.  As a consequence, Libgcrypt does not use its own identifiers

+for error codes, but uses those provided by `libgpg-error'.  They

+usually start with `GPG_ERR_'.

+

+   However, Libgcrypt does provide aliases for the functions defined in

+libgpg-error, which might be preferred for name space consistency.

+

+   Most functions in Libgcrypt return an error code in the case of

+failure.  For this reason, the application should always catch the

+error condition and take appropriate measures, for example by releasing

+the resources and passing the error up to the caller, or by displaying

+a descriptive message to the user and canceling the operation.

+

+   Some error values do not indicate a system error or an error in the

+operation, but the result of an operation that failed properly.

+

+   GnuPG components, including Libgcrypt, use an extra library named

+libgpg-error to provide a common error handling scheme.  For more

+information on libgpg-error, see the according manual.

+

+* Menu:

+

+* Error Values::                The error value and what it means.

+* Error Sources::               A list of important error sources.

+* Error Codes::                 A list of important error codes.

+* Error Strings::               How to get a descriptive string from a value.

+

+

+File: gcrypt.info,  Node: Error Values,  Next: Error Sources,  Up: Error Handling

+

+3.3.1 Error Values

+------------------

+

+ -- Data type: gcry_err_code_t

+     The `gcry_err_code_t' type is an alias for the `libgpg-error' type

+     `gpg_err_code_t'.  The error code indicates the type of an error,

+     or the reason why an operation failed.

+

+     A list of important error codes can be found in the next section.

+

+ -- Data type: gcry_err_source_t

+     The `gcry_err_source_t' type is an alias for the `libgpg-error'

+     type `gpg_err_source_t'.  The error source has not a precisely

+     defined meaning.  Sometimes it is the place where the error

+     happened, sometimes it is the place where an error was encoded

+     into an error value.  Usually the error source will give an

+     indication to where to look for the problem.  This is not always

+     true, but it is attempted to achieve this goal.

+

+     A list of important error sources can be found in the next section.

+

+ -- Data type: gcry_error_t

+     The `gcry_error_t' type is an alias for the `libgpg-error' type

+     `gpg_error_t'.  An error value like this has always two

+     components, an error code and an error source.  Both together form

+     the error value.

+

+     Thus, the error value can not be directly compared against an error

+     code, but the accessor functions described below must be used.

+     However, it is guaranteed that only 0 is used to indicate success

+     (`GPG_ERR_NO_ERROR'), and that in this case all other parts of the

+     error value are set to 0, too.

+

+     Note that in Libgcrypt, the error source is used purely for

+     diagnostic purposes.  Only the error code should be checked to test

+     for a certain outcome of a function.  The manual only documents the

+     error code part of an error value.  The error source is left

+     unspecified and might be anything.

+

+ -- Function: gcry_err_code_t gcry_err_code (gcry_error_t ERR)

+     The static inline function `gcry_err_code' returns the

+     `gcry_err_code_t' component of the error value ERR.  This function

+     must be used to extract the error code from an error value in

+     order to compare it with the `GPG_ERR_*' error code macros.

+

+ -- Function: gcry_err_source_t gcry_err_source (gcry_error_t ERR)

+     The static inline function `gcry_err_source' returns the

+     `gcry_err_source_t' component of the error value ERR.  This

+     function must be used to extract the error source from an error

+     value in order to compare it with the `GPG_ERR_SOURCE_*' error

+     source macros.

+

+ -- Function: gcry_error_t gcry_err_make (gcry_err_source_t SOURCE,

+          gcry_err_code_t CODE)

+     The static inline function `gcry_err_make' returns the error value

+     consisting of the error source SOURCE and the error code CODE.

+

+     This function can be used in callback functions to construct an

+     error value to return it to the library.

+

+ -- Function: gcry_error_t gcry_error (gcry_err_code_t CODE)

+     The static inline function `gcry_error' returns the error value

+     consisting of the default error source and the error code CODE.

+

+     For GCRY applications, the default error source is

+     `GPG_ERR_SOURCE_USER_1'.  You can define `GCRY_ERR_SOURCE_DEFAULT'

+     before including `gcrypt.h' to change this default.

+

+     This function can be used in callback functions to construct an

+     error value to return it to the library.

+

+   The `libgpg-error' library provides error codes for all system error

+numbers it knows about.  If ERR is an unknown error number, the error

+code `GPG_ERR_UNKNOWN_ERRNO' is used.  The following functions can be

+used to construct error values from system errno numbers.

+

+ -- Function: gcry_error_t gcry_err_make_from_errno

+          (gcry_err_source_t SOURCE, int ERR)

+     The function `gcry_err_make_from_errno' is like `gcry_err_make',

+     but it takes a system error like `errno' instead of a

+     `gcry_err_code_t' error code.

+

+ -- Function: gcry_error_t gcry_error_from_errno (int ERR)

+     The function `gcry_error_from_errno' is like `gcry_error', but it

+     takes a system error like `errno' instead of a `gcry_err_code_t'

+     error code.

+

+   Sometimes you might want to map system error numbers to error codes

+directly, or map an error code representing a system error back to the

+system error number.  The following functions can be used to do that.

+

+ -- Function: gcry_err_code_t gcry_err_code_from_errno (int ERR)

+     The function `gcry_err_code_from_errno' returns the error code for

+     the system error ERR.  If ERR is not a known system error, the

+     function returns `GPG_ERR_UNKNOWN_ERRNO'.

+

+ -- Function: int gcry_err_code_to_errno (gcry_err_code_t ERR)

+     The function `gcry_err_code_to_errno' returns the system error for

+     the error code ERR.  If ERR is not an error code representing a

+     system error, or if this system error is not defined on this

+     system, the function returns `0'.

+

+

+File: gcrypt.info,  Node: Error Sources,  Next: Error Codes,  Prev: Error Values,  Up: Error Handling

+

+3.3.2 Error Sources

+-------------------

+

+The library `libgpg-error' defines an error source for every component

+of the GnuPG system.  The error source part of an error value is not

+well defined.  As such it is mainly useful to improve the diagnostic

+error message for the user.

+

+   If the error code part of an error value is `0', the whole error

+value will be `0'.  In this case the error source part is of course

+`GPG_ERR_SOURCE_UNKNOWN'.

+

+   The list of error sources that might occur in applications using

+Libgctypt is:

+

+`GPG_ERR_SOURCE_UNKNOWN'

+     The error source is not known.  The value of this error source is

+     `0'.

+

+`GPG_ERR_SOURCE_GPGME'

+     The error source is GPGME itself.

+

+`GPG_ERR_SOURCE_GPG'

+     The error source is GnuPG, which is the crypto engine used for the

+     OpenPGP protocol.

+

+`GPG_ERR_SOURCE_GPGSM'

+     The error source is GPGSM, which is the crypto engine used for the

+     OpenPGP protocol.

+

+`GPG_ERR_SOURCE_GCRYPT'

+     The error source is `libgcrypt', which is used by crypto engines

+     to perform cryptographic operations.

+

+`GPG_ERR_SOURCE_GPGAGENT'

+     The error source is `gpg-agent', which is used by crypto engines

+     to perform operations with the secret key.

+

+`GPG_ERR_SOURCE_PINENTRY'

+     The error source is `pinentry', which is used by `gpg-agent' to

+     query the passphrase to unlock a secret key.

+

+`GPG_ERR_SOURCE_SCD'

+     The error source is the SmartCard Daemon, which is used by

+     `gpg-agent' to delegate operations with the secret key to a

+     SmartCard.

+

+`GPG_ERR_SOURCE_KEYBOX'

+     The error source is `libkbx', a library used by the crypto engines

+     to manage local keyrings.

+

+`GPG_ERR_SOURCE_USER_1'

+

+`GPG_ERR_SOURCE_USER_2'

+

+`GPG_ERR_SOURCE_USER_3'

+

+`GPG_ERR_SOURCE_USER_4'

+     These error sources are not used by any GnuPG component and can be

+     used by other software.  For example, applications using Libgcrypt

+     can use them to mark error values coming from callback handlers.

+     Thus `GPG_ERR_SOURCE_USER_1' is the default for errors created

+     with `gcry_error' and `gcry_error_from_errno', unless you define

+     `GCRY_ERR_SOURCE_DEFAULT' before including `gcrypt.h'.

+

+

+File: gcrypt.info,  Node: Error Codes,  Next: Error Strings,  Prev: Error Sources,  Up: Error Handling

+

+3.3.3 Error Codes

+-----------------

+

+The library `libgpg-error' defines many error values.  The following

+list includes the most important error codes.

+

+`GPG_ERR_EOF'

+     This value indicates the end of a list, buffer or file.

+

+`GPG_ERR_NO_ERROR'

+     This value indicates success.  The value of this error code is

+     `0'.  Also, it is guaranteed that an error value made from the

+     error code `0' will be `0' itself (as a whole).  This means that

+     the error source information is lost for this error code, however,

+     as this error code indicates that no error occured, this is

+     generally not a problem.

+

+`GPG_ERR_GENERAL'

+     This value means that something went wrong, but either there is not

+     enough information about the problem to return a more useful error

+     value, or there is no separate error value for this type of

+     problem.

+

+`GPG_ERR_ENOMEM'

+     This value means that an out-of-memory condition occurred.

+

+`GPG_ERR_E...'

+     System errors are mapped to GPG_ERR_EFOO where FOO is the symbol

+     for the system error.

+

+`GPG_ERR_INV_VALUE'

+     This value means that some user provided data was out of range.

+

+`GPG_ERR_UNUSABLE_PUBKEY'

+     This value means that some recipients for a message were invalid.

+

+`GPG_ERR_UNUSABLE_SECKEY'

+     This value means that some signers were invalid.

+

+`GPG_ERR_NO_DATA'

+     This value means that data was expected where no data was found.

+

+`GPG_ERR_CONFLICT'

+     This value means that a conflict of some sort occurred.

+

+`GPG_ERR_NOT_IMPLEMENTED'

+     This value indicates that the specific function (or operation) is

+     not implemented.  This error should never happen.  It can only

+     occur if you use certain values or configuration options which do

+     not work, but for which we think that they should work at some

+     later time.

+

+`GPG_ERR_DECRYPT_FAILED'

+     This value indicates that a decryption operation was unsuccessful.

+

+`GPG_ERR_WRONG_KEY_USAGE'

+     This value indicates that a key is not used appropriately.

+

+`GPG_ERR_NO_SECKEY'

+     This value indicates that no secret key for the user ID is

+     available.

+

+`GPG_ERR_UNSUPPORTED_ALGORITHM'

+     This value means a verification failed because the cryptographic

+     algorithm is not supported by the crypto backend.

+

+`GPG_ERR_BAD_SIGNATURE'

+     This value means a verification failed because the signature is

+     bad.

+

+`GPG_ERR_NO_PUBKEY'

+     This value means a verification failed because the public key is

+     not available.

+

+`GPG_ERR_USER_1'

+

+`GPG_ERR_USER_2'

+

+`...'

+

+`GPG_ERR_USER_16'

+     These error codes are not used by any GnuPG component and can be

+     freely used by other software.  Applications using Libgcrypt might

+     use them to mark specific errors returned by callback handlers if

+     no suitable error codes (including the system errors) for these

+     errors exist already.

+

+

+File: gcrypt.info,  Node: Error Strings,  Prev: Error Codes,  Up: Error Handling

+

+3.3.4 Error Strings

+-------------------

+

+ -- Function: const char * gcry_strerror (gcry_error_t ERR)

+     The function `gcry_strerror' returns a pointer to a statically

+     allocated string containing a description of the error code

+     contained in the error value ERR.  This string can be used to

+     output a diagnostic message to the user.

+

+ -- Function: const char * gcry_strsource (gcry_error_t ERR)

+     The function `gcry_strerror' returns a pointer to a statically

+     allocated string containing a description of the error source

+     contained in the error value ERR.  This string can be used to

+     output a diagnostic message to the user.

+

+   The following example illustrates the use of the functions described

+above:

+

+     {

+       gcry_cipher_hd_t handle;

+       gcry_error_t err = 0;

+

+       err = gcry_cipher_open (&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);

+       if (err)

+         {

+           fprintf (stderr, "Failure: %s/%s\n",

+                    gcry_strsource (err),

+                    gcry_strerror (err));

+         }

+     }

+

+

+File: gcrypt.info,  Node: Handler Functions,  Next: Symmetric cryptography,  Prev: Generalities,  Up: Top

+

+4 Handler Functions

+*******************

+

+Libgcrypt makes it possible to install so called `handler functions',

+which get called by Libgcrypt in case of certain events.

+

+* Menu:

+

+* Progress handler::            Using a progress handler function.

+* Allocation handler::          Using special memory allocation functions.

+* Error handler::               Using error handler functions.

+* Logging handler::             Using a special logging function.

+

+

+File: gcrypt.info,  Node: Progress handler,  Next: Allocation handler,  Up: Handler Functions

+

+4.1 Progress handler

+====================

+

+It is often useful to retrieve some feedback while long running

+operations are performed.

+

+ -- Data type: gcry_handler_progress_t

+     Progress handler functions have to be of the type

+     `gcry_handler_progress_t', which is defined as:

+

+     `void (*gcry_handler_progress_t) (void *, const char *, int, int,

+     int)'

+

+   The following function may be used to register a handler function for

+this purpose.

+

+ -- Function: void gcry_set_progress_handler (gcry_handler_progress_t

+          CB, void *CB_DATA)

+     This function installs CB as the `Progress handler' function.  CB

+     must be defined as follows:

+

+          void

+          my_progress_handler (void *CB_DATA, const char *WHAT,

+                               int PRINTCHAR, int CURRENT, int TOTAL)

+          {

+            /* Do something.  */

+          }

+

+     A description of the arguments of the progress handler function

+     follows.

+

+    CB_DATA

+          The argument provided in the call to

+          `gcry_set_progress_handler'.

+

+    WHAT

+          A string identifying the type of the progress output.  The

+          following values for WHAT are defined:

+

+         `need_entropy'

+               Not enough entropy is available.  TOTAL holds the number

+               of required bytes.

+

+         `primegen'

+               Values for PRINTCHAR:

+              `\n'

+                    Prime generated.

+

+              `!'

+                    Need to refresh the pool of prime numbers.

+

+              `<, >'

+                    Number of bits adjusted.

+

+              `^'

+                    Searching for a generator.

+

+              `.'

+                    Fermat test on 10 candidates failed.

+

+              `:'

+                    Restart with a new random value.

+

+              `+'

+                    Rabin Miller test passed.

+

+

+

+

+File: gcrypt.info,  Node: Allocation handler,  Next: Error handler,  Prev: Progress handler,  Up: Handler Functions

+

+4.2 Allocation handler

+======================

+

+It is possible to make Libgcrypt use special memory allocation

+functions instead of the built-in ones.

+

+   Memory allocation functions are of the following types:

+

+ -- Data type: gcry_handler_alloc_t

+     This type is defined as: `void *(*gcry_handler_alloc_t) (size_t

+     n)'.

+

+ -- Data type: gcry_handler_secure_check_t

+     This type is defined as: `int *(*gcry_handler_secure_check_t)

+     (const void *)'.

+

+ -- Data type: gcry_handler_realloc_t

+     This type is defined as: `void *(*gcry_handler_realloc_t) (void

+     *p, size_t n)'.

+

+ -- Data type: gcry_handler_free_t

+     This type is defined as: `void *(*gcry_handler_free_t) (void *)'.

+

+   Special memory allocation functions can be installed with the

+following function:

+

+ -- Function: void gcry_set_allocation_handler (gcry_handler_alloc_t

+          FUNC_ALLOC, gcry_handler_alloc_t FUNC_ALLOC_SECURE,

+          gcry_handler_secure_check_t FUNC_SECURE_CHECK,

+          gcry_handler_realloc_t FUNC_REALLOC, gcry_handler_free_t

+          FUNC_FREE)

+     Install the provided functions and use them instead of the built-in

+     functions for doing memory allocation.

+

+

+File: gcrypt.info,  Node: Error handler,  Next: Logging handler,  Prev: Allocation handler,  Up: Handler Functions

+

+4.3 Error handler

+=================

+

+The following functions may be used to register handler functions that

+are called by Libgcrypt in case certain error conditions occur.

+

+ -- Data type: gcry_handler_no_mem_t

+     This type is defined as: `void (*gcry_handler_no_mem_t) (void *,

+     size_t, unsigned int)'

+

+ -- Function: void gcry_set_outofcore_handler (gcry_handler_no_mem_t

+          FUNC_NO_MEM, void *CB_DATA)

+     This function registers FUNC_NO_MEM as `out-of-core handler',

+     which means that it will be called in the case of not having enough

+     memory available.

+

+ -- Data type: gcry_handler_error_t

+     This type is defined as: `void (*gcry_handler_error_t) (void *,

+     int, const char *)'

+

+ -- Function: void gcry_set_fatalerror_handler (gcry_handler_error_t

+          FUNC_ERROR, void *CB_DATA)

+     This function registers FUNC_ERROR as `error handler', which means

+     that it will be called in error conditions.

+

+

+File: gcrypt.info,  Node: Logging handler,  Prev: Error handler,  Up: Handler Functions

+

+4.4 Logging handler

+===================

+

+ -- Data type: gcry_handler_log_t

+     This type is defined as: `void (*gcry_handler_log_t) (void *, int,

+     const char *, va_list)'

+

+ -- Function: void gcry_set_log_handler (gcry_handler_log_t FUNC_LOG,

+          void *CB_DATA)

+     This function registers FUNC_LOG as `logging handler', which means

+     that it will be called in case Libgcrypt wants to log a message.

+

+

+File: gcrypt.info,  Node: Symmetric cryptography,  Next: Hashing,  Prev: Handler Functions,  Up: Top

+

+5 Symmetric cryptography

+************************

+

+The cipher functions are used for symmetrical cryptography, i.e.

+cryptography using a shared key.  The programming model follows an

+open/process/close paradigm and is in that similar to other building

+blocks provided by Libgcrypt.

+

+* Menu:

+

+* Available ciphers::           List of ciphers supported by the library.

+* Cipher modules::              How to work with cipher modules.

+* Available cipher modes::      List of cipher modes supported by the library.

+* Working with cipher handles::  How to perform operations related to cipher handles.

+* General cipher functions::    General cipher functions independent of cipher handles.

+

+

+File: gcrypt.info,  Node: Available ciphers,  Next: Cipher modules,  Up: Symmetric cryptography

+

+5.1 Available ciphers

+=====================

+

+`GCRY_CIPHER_NONE'

+     This is not a real algorithm but used by some functions as error

+     return.  The value always evaluates to false.

+

+`GCRY_CIPHER_IDEA'

+     This is the IDEA algorithm.  The constant is provided but there is

+     currently no implementation for it because the algorithm is

+     patented.

+

+`GCRY_CIPHER_3DES'

+     Triple-DES with 3 Keys as EDE.  The key size of this algorithm is

+     168 but you have to pass 192 bits because the most significant

+     bits of each byte are ignored.

+

+`GCRY_CIPHER_CAST5'

+     CAST128-5 block cipher algorithm.  The key size is 128 bits.

+

+`GCRY_CIPHER_BLOWFISH'

+     The blowfish algorithm. The current implementation allows only for

+     a key size of 128 bits.

+

+`GCRY_CIPHER_SAFER_SK128'

+     Reserved and not currently implemented.

+

+`GCRY_CIPHER_DES_SK'

+     Reserved and not currently implemented.

+

+`GCRY_CIPHER_AES'

+`GCRY_CIPHER_AES128'

+`GCRY_CIPHER_RIJNDAEL'

+`GCRY_CIPHER_RIJNDAEL128'

+     AES (Rijndael) with a 128 bit key.

+

+`GCRY_CIPHER_AES192'

+`GCRY_CIPHER_RIJNDAEL128'

+     AES (Rijndael) with a 192 bit key.

+

+`GCRY_CIPHER_AES256'

+`GCRY_CIPHER_RIJNDAEL256'

+     AES (Rijndael) with a 256 bit key.

+

+`GCRY_CIPHER_TWOFISH'

+     The Twofish algorithm with a 256 bit key.

+

+`GCRY_CIPHER_TWOFISH128'

+     The Twofish algorithm with a 128 bit key.

+

+`GCRY_CIPHER_ARCFOUR'

+     An algorithm which is 100% compatible with RSA Inc.'s RC4

+     algorithm.  Note that this is a stream cipher and must be used

+     very carefully to avoid a couple of weaknesses.

+

+`GCRY_CIPHER_DES'

+     Standard DES with a 56 bit key. You need to pass 64 bit but the

+     high bits of each byte are ignored.  Note, that this is a weak

+     algorithm which can be broken in reasonable time using a brute

+     force approach.

+

+

+

+File: gcrypt.info,  Node: Cipher modules,  Next: Available cipher modes,  Prev: Available ciphers,  Up: Symmetric cryptography

+

+5.2 Cipher modules

+==================

+

+Libgcrypt makes it possible to load additional `cipher modules'; these

+cipher can be used just like the cipher algorithms that are built into

+the library directly.  For an introduction into extension modules, see

+*Note Modules::.

+

+ -- Data type: gcry_cipher_spec_t

+     This is the `module specification structure' needed for registering

+     cipher modules, which has to be filled in by the user before it

+     can be used to register a module.  It contains the following

+     members:

+

+    `const char *name'

+          The primary name of the algorithm.

+

+    `const char **aliases'

+          A list of strings that are `aliases' for the algorithm.  The

+          list must be terminated with a NULL element.

+

+    `gcry_cipher_oid_spec_t *oids'

+          A list of OIDs that are to be associated with the algorithm.

+          The list's last element must have it's `oid' member set to

+          NULL.  See below for an explanation of this type.

+

+    `size_t blocksize'

+          The block size of the algorithm, in bytes.

+

+    `size_t keylen'

+          The length of the key, in bits.

+

+    `size_t contextsize'

+          The size of the algorithm-specific `context', that should be

+          allocated for each handle.

+

+    `gcry_cipher_setkey_t setkey'

+          The function responsible for initializing a handle with a

+          provided key.  See below for a description of this type.

+

+    `gcry_cipher_encrypt_t encrypt'

+          The function responsible for encrypting a single block.  See

+          below for a description of this type.

+

+    `gcry_cipher_decrypt_t decrypt'

+          The function responsible for decrypting a single block.  See

+          below for a description of this type.

+

+    `gcry_cipher_stencrypt_t stencrypt'

+          Like `encrypt', for stream ciphers.  See below for a

+          description of this type.

+

+    `gcry_cipher_stdecrypt_t stdecrypt'

+          Like `decrypt', for stream ciphers.  See below for a

+          description of this type.

+

+ -- Data type: gcry_cipher_oid_spec_t

+     This type is used for associating a user-provided algorithm

+     implementation with certain OIDs.  It contains the following

+     members:

+    `const char *oid'

+          Textual representation of the OID.

+

+    `int mode'

+          Cipher mode for which this OID is valid.

+

+ -- Data type: gcry_cipher_setkey_t

+     Type for the `setkey' function, defined as: gcry_err_code_t

+     (*gcry_cipher_setkey_t) (void *c, const unsigned char *key,

+     unsigned keylen)

+

+ -- Data type: gcry_cipher_encrypt_t

+     Type for the `encrypt' function, defined as: gcry_err_code_t

+     (*gcry_cipher_encrypt_t) (void *c, const unsigned char *outbuf,

+     const unsigned char *inbuf)

+

+ -- Data type: gcry_cipher_decrypt_t

+     Type for the `decrypt' function, defined as: gcry_err_code_t

+     (*gcry_cipher_decrypt_t) (void *c, const unsigned char *outbuf,

+     const unsigned char *inbuf)

+

+ -- Data type: gcry_cipher_stencrypt_t

+     Type for the `stencrypt' function, defined as: gcry_err_code_t

+     (*gcry_cipher_stencrypt_t) (void *c, const unsigned char *outbuf,

+     const unsigned char *, unsigned int n)

+

+ -- Data type: gcry_cipher_stdecrypt_t

+     Type for the `stdecrypt' function, defined as: gcry_err_code_t

+     (*gcry_cipher_stdecrypt_t) (void *c, const unsigned char *outbuf,

+     const unsigned char *, unsigned int n)

+

+ -- Function: gcry_error_t gcry_cipher_register (gcry_cipher_spec_t

+          *CIPHER, unsigned int *algorithm_id, gcry_module_t *MODULE)

+     Register a new cipher module whose specification can be found in

+     CIPHER.  On success, a new algorithm ID is stored in ALGORITHM_ID

+     and a pointer representing this module is stored in MODULE.

+

+ -- Function: void gcry_cipher_unregister (gcry_module_t MODULE)

+     Unregister the cipher identified by MODULE, which must have been

+     registered with gcry_cipher_register.

+

+ -- Function: gcry_error_t gcry_cipher_list (int *LIST, int

+          *LIST_LENGTH)

+     Get a list consisting of the IDs of the loaded cipher modules.  If

+     LIST is zero, write the number of loaded cipher modules to

+     LIST_LENGTH and return.  If LIST is non-zero, the first

+     *LIST_LENGTH algorithm IDs are stored in LIST, which must be of

+     according size.  In case there are less cipher modules than

+     *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.

+

+

+File: gcrypt.info,  Node: Available cipher modes,  Next: Working with cipher handles,  Prev: Cipher modules,  Up: Symmetric cryptography

+

+5.3 Available cipher modes

+==========================

+

+`GCRY_CIPHER_MODE_NONE'

+     No mode specified, may be set later using other functions.  The

+     value of this constant is always 0.

+

+`GCRY_CIPHER_MODE_ECB'

+     Electronic Codebook mode.

+

+`GCRY_CIPHER_MODE_CFB'

+     Cipher Feedback mode.

+

+`GCRY_CIPHER_MODE_CBC'

+     Cipher Block Chaining mode.

+

+`GCRY_CIPHER_MODE_STREAM'

+     Stream mode, only to be used with stream cipher algorithms.

+

+`GCRY_CIPHER_MODE_OFB'

+     Outer Feedback mode.

+

+`GCRY_CIPHER_MODE_CTR'

+     Counter mode.

+

+

+

+File: gcrypt.info,  Node: Working with cipher handles,  Next: General cipher functions,  Prev: Available cipher modes,  Up: Symmetric cryptography

+

+5.4 Working with cipher handles

+===============================

+

+To use a cipher algorithm, you must first allocate an according handle.

+This is to be done using the open function:

+

+ -- Function: gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *HD, int

+          ALGO, int MODE, unsigned int FLAGS)

+     This function creates the context handle required for most of the

+     other cipher functions and returns a handle to it in `hd'.  In

+     case of an error, an according error code is returned.

+

+     The ID of algorithm to use must be specified via ALGO.  See *Note

+     Available ciphers::, for a list of supported ciphers and the

+     according constants.

+

+     Besides using the constants directly, the function

+     `gcry_cipher_map_name' may be used to convert the textual name of

+     an algorithm into the according numeric ID.

+

+     The cipher mode to use must be specified via MODE.  See *Note

+     Available cipher modes::, for a list of supported cipher modes and

+     the according constants.  Note, that some modes do not work

+     together with all algorithms.

+

+     The third argument FLAGS can either be passed as `0' or as the

+     bit-wise OR of the following constants.

+

+    `GCRY_CIPHER_SECURE'

+          Make sure that all operations are allocated in secure memory.

+          This is useful, when the key material is highly confidential.

+

+    `GCRY_CIPHER_ENABLE_SYNC'

+          This flag enables the CFB sync mode, which is a special

+          feature of Libgcrypt's CFB mode implementation to allow for

+          OpenPGP's CFB variant.  See `gcry_cipher_sync'.

+

+    `GCRY_CIPHER_CBC_CTS'

+          Enable cipher text stealing (CTS) for the CBC mode.  Cannot

+          be used simultaneous as GCRY_CIPHER_CBC_MAC

+

+    `GCRY_CIPHER_CBC_MAC'

+          Compute CBC-MAC keyed checksums.  This is the same as CBC

+          mode, but only output the last block.  Cannot be used

+          simultaneous as GCRY_CIPHER_CBC_CTS.

+

+   Use the following function to release an existing handle:

+

+ -- Function: void gcry_cipher_close (gcry_cipher_hd_t H)

+     This function releases the context created by `gcry_cipher_open'.

+

+   In order to use a handle for performing cryptographic operations, a

+`key' has to be set first:

+

+ -- Function: gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t H, void

+          *K, size_t L)

+     Set the key K used for encryption or decryption in the context

+     denoted by the handle H.  The length L of the key K must match the

+     required length of the algorithm set for this context or be in the

+     allowed range for algorithms with variable key size.  The function

+     checks this and returns an error if there is a problem.  A caller

+     should always check for an error.

+

+     Note, this is currently implemented as a macro but may be changed

+     to a function in the future.

+

+   Most crypto modes requires an initialization vector (IV), which

+usually is a non-secret random string acting as a kind of salt value.

+The CTR mode requires a counter, which is also similar to a salt value.

+To set the IV or CTR, use these functions:

+

+ -- Function: gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t H, void

+          *K, size_t L)

+     Set the initialization vector used for encryption or decryption.

+     The vector is passed as the buffer K of length L and copied to

+     internal data structures.  The function checks that the IV matches

+     the requirement of the selected algorithm and mode.  Note, that

+     this is implemented as a macro.

+

+ -- Function: gcry_error_t gcry_cipher_setctr (gcry_cipher_hd_t H, void

+          *C, size_t L)

+     Set the counter vector used for encryption or decryption. The

+     counter is passed as the buffer C of length L and copied to

+     internal data structures.  The function checks that the counter

+     matches the requirement of the selected algorithm (i.e., it must be

+     the same size as the block size).  Note, that this is implemented

+     as a macro.

+

+ -- Function: gcry_error_t gcry_cipher_reset (gcry_cipher_hd_t H)

+     Set the given handle's context back to the state it had after the

+     last call to gcry_cipher_setkey and clear the initialization

+     vector.

+

+     Note, that gcry_cipher_reset is implemented as a macro.

+

+   The actual encryption and decryption is done by using one of the

+following functions.  They may be used as often as required to process

+all the data.

+

+ -- Function: gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t H,

+          void *out, size_t OUTSIZE, const void *IN, size_t INLEN)

+     `gcry_cipher_encrypt' is used to encrypt the data.  This function

+     can either work in place or with two buffers.  It uses the cipher

+     context already setup and described by the handle H.  There are 2

+     ways to use the function: If IN is passed as `NULL' and INLEN is

+     `0', in-place encryption of the data in OUT or length OUTSIZE

+     takes place.  With IN being not `NULL', INLEN bytes are encrypted

+     to the buffer OUT which must have at least a size of INLEN.

+     OUTLEN must be set to the allocated size of OUT, so that the

+     function can check that there is sufficient space. Note, that

+     overlapping buffers are not allowed.

+

+     Depending on the selected algorithms and encryption mode, the

+     length of the buffers must be a multiple of the block size.

+

+     The function returns `0' on success or an error code.

+

+ -- Function: gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t H,

+          void *out, size_t OUTSIZE, const void *IN, size_t INLEN)

+     `gcry_cipher_decrypt' is used to decrypt the data.  This function

+     can either work in place or with two buffers.  It uses the cipher

+     context already setup and described by the handle H.  There are 2

+     ways to use the function: If IN is passed as `NULL' and INLEN is

+     `0', in-place decryption of the data in OUT or length OUTSIZE

+     takes place.  With IN being not `NULL', INLEN bytes are decrypted

+     to the buffer OUT which must have at least a size of INLEN.

+     OUTLEN must be set to the allocated size of OUT, so that the

+     function can check that there is sufficient space. Note, that

+     overlapping buffers are not allowed.

+

+     Depending on the selected algorithms and encryption mode, the

+     length of the buffers must be a multiple of the block size.

+

+     The function returns `0' on success or an error code.

+

+   OpenPGP (as defined in RFC-2440) requires a special sync operation in

+some places, the following function is used for this:

+

+ -- Function: gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t H)

+     Perform the OpenPGP sync operation on context H. Note, that this

+     is a no-op unless the context was created with the flag

+     `GCRY_CIPHER_ENABLE_SYNC'

+

+   Some of the described functions are implemented as macros utilizing a

+catch-all control function.  This control function is rarely used

+directly but there is nothing which would inhibit it:

+

+ -- Function: gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t H, int

+          CMD, void *BUFFER, size_t BUFLEN)

+     `gcry_cipher_ctl' controls various aspects of the cipher module and

+     specific cipher contexts.  Usually some more specialized functions

+     or macros are used for this purpose.  The semantics of the

+     function and its parameters depends on the the command CMD and the

+     passed context handle H.  Please see the comments in the source

+     code (`src/global.c') for details.

+

+ -- Function: gcry_error_t gcry_cipher_info (gcry_cipher_hd_t H, int

+          WHAT, void *BUFFER, size_t *NBYTES)

+     `gcry_cipher_info' is used to retrieve various information about a

+     cipher context or the cipher module in general.

+

+     Currently no information is available.

+

+

+File: gcrypt.info,  Node: General cipher functions,  Prev: Working with cipher handles,  Up: Symmetric cryptography

+

+5.5 General cipher functions

+============================

+

+To work with the algorithms, several functions are available to map

+algorithm names to the internal identifiers, as well as ways to

+retrieve information about an algorithm or the current cipher context.

+

+ -- Function: gcry_error_t gcry_cipher_algo_info (int ALGO, int WHAT,

+          void *BUFFER, size_t *NBYTES)

+     This function is used to retrieve information on a specific

+     algorithm.  You pass the cipher algorithm ID as ALGO and the type

+     of information requested as WHAT. The result is either returned as

+     the return code of the function or copied to the provided BUFFER

+     whose allocated length must be available in an integer variable

+     with the address passed in NBYTES.  This variable will also

+     receive the actual used length of the buffer.

+

+     Here is a list of supported codes for WHAT:

+

+    `GCRYCTL_GET_KEYLEN:'

+          Return the length of the key. If the algorithm supports

+          multiple key lengths, the maximum supported value is

+          returned.  The length is returned as number of octets (bytes)

+          and not as number of bits in NBYTES; BUFFER must be zero.

+

+    `GCRYCTL_GET_BLKLEN:'

+          Return the block length of the algorithm.  The length is

+          returned as a number of octets in NBYTES; BUFFER must be zero.

+

+    `GCRYCTL_TEST_ALGO:'

+          Returns `0' when the specified algorithm is available for use.

+          BUFFER and NBYTES must be zero.

+

+

+

+ -- Function: const char *gcry_cipher_algo_name (int ALGO)

+     `gcry_cipher_algo_name' returns a string with the name of the

+     cipher algorithm ALGO.  If the algorithm is not known or another

+     error occurred, an empty string is returned.  This function will

+     never return `NULL'.

+

+ -- Function: int gcry_cipher_map_name (const char *NAME)

+     `gcry_cipher_map_name' returns the algorithm identifier for the

+     cipher algorithm described by the string NAME.  If this algorithm

+     is not available `0' is returned.

+

+ -- Function: int gcry_cipher_mode_from_oid (const char *STRING)

+     Return the cipher mode associated with an ASN.1 object identifier.

+     The object identifier is expected to be in the IETF-style dotted

+     decimal notation.  The function returns `0' for an unknown object

+     identifier or when no mode is associated with it.

+

+

+File: gcrypt.info,  Node: Hashing,  Next: Public Key cryptography (I),  Prev: Symmetric cryptography,  Up: Top

+

+6 Hashing

+*********

+

+Libgcrypt provides an easy and consistent to use interface for hashing.

+Hashing is buffered and several hash algorithms can be updated at

+once.  It is possible to calculate a MAC using the same routines.  The

+programming model follows an open/process/close paradigm and is in that

+similar to other building blocks provided by Libgcrypt.

+

+   For convenience reasons, a few cyclic redundancy check value

+operations are also supported.

+

+* Menu:

+

+* Available hash algorithms::   List of hash algorithms supported by the library.

+* Hash algorithm modules::      How to work with hash algorithm modules.

+* Working with hash algorithms::  List of functions related to hashing.

+

+

+File: gcrypt.info,  Node: Available hash algorithms,  Next: Hash algorithm modules,  Up: Hashing

+

+6.1 Available hash algorithms

+=============================

+

+`GCRY_MD_NONE'

+     This is not a real algorithm but used by some functions as an error

+     return value.  This constant is guaranteed to have the value `0'.

+

+`GCRY_MD_SHA1'

+     This is the SHA-1 algorithm which yields a message digest of 20

+     bytes.

+

+`GCRY_MD_RMD160'

+     This is the 160 bit version of the RIPE message digest

+     (RIPE-MD-160).  Like SHA-1 it also yields a digest of 20 bytes.

+

+`GCRY_MD_MD5'

+     This is the well known MD5 algorithm, which yields a message

+     digest of 16 bytes.

+

+`GCRY_MD_MD4'

+     This is the MD4 algorithm, which yields a message digest of 16

+     bytes.

+

+`GCRY_MD_MD2'

+     This is an reserved identifier for MD-2; there is no

+     implementation yet.

+

+`GCRY_MD_TIGER'

+     This is the TIGER/192 algorithm which yields a message digest of

+     24 bytes.

+

+`GCRY_MD_HAVAL'

+     This is an reserved for the HAVAL algorithm with 5 passes and 160

+     bit. It yields a message digest of 20 bytes.  Note that there is no

+     implementation yet available.

+

+`GCRY_MD_SHA256'

+     This is the SHA-256 algorithm which yields a message digest of 32

+     bytes.  See FIPS 180-2 for the specification.

+

+`GCRY_MD_SHA384'

+     This is reserved for SHA-2 with 384 bits. It yields a message

+     digest of 48 bytes.  Note that there is no implementation yet

+     available.

+

+`GCRY_MD_SHA512'

+     This is reserved for SHA-2 with 512 bits. It yields a message

+     digest of 64 bytes.  Note that there is no implementation yet

+     available.

+

+`GCRY_MD_CRC32'

+     This is the ISO 3309 and ITU-T V.42 cyclic redundancy check.  It

+     yields an output of 4 bytes.

+

+`GCRY_MD_CRC32_RFC1510'

+     This is the above cyclic redundancy check function, as modified by

+     RFC 1510.  It yields an output of 4 bytes.

+

+`GCRY_MD_CRC24_RFC2440'

+     This is the OpenPGP cyclic redundancy check function.  It yields an

+     output of 3 bytes.

+

+

+

+File: gcrypt.info,  Node: Hash algorithm modules,  Next: Working with hash algorithms,  Prev: Available hash algorithms,  Up: Hashing

+

+6.2 Hash algorithm modules

+==========================

+

+Libgcrypt makes it possible to load additional `message digest

+modules'; these cipher can be used just like the message digest

+algorithms that are built into the library directly.  For an

+introduction into extension modules, see *Note Modules::.

+

+ -- Data type: gcry_md_spec_t

+     This is the `module specification structure' needed for registering

+     message digest modules, which has to be filled in by the user

+     before it can be used to register a module.  It contains the

+     following members:

+

+    `const char *name'

+          The primary name of this algorithm.

+

+    `unsigned char *asnoid'

+          Array of bytes that form the ASN OID.

+

+    `int asnlen'

+          Length of bytes in `asnoid'.

+

+    `gcry_md_oid_spec_t *oids'

+          A list of OIDs that are to be associated with the algorithm.

+          The list's last element must have it's `oid' member set to

+          NULL.  See below for an explanation of this type.  See below

+          for an explanation of this type.

+

+    `int mdlen'

+          Length of the message digest algorithm.  See below for an

+          explanation of this type.

+

+    `gcry_md_init_t init'

+          The function responsible for initializing a handle.  See

+          below for an explanation of this type.

+

+    `gcry_md_write_t write'

+          The function responsible for writing data into a message

+          digest context.  See below for an explanation of this type.

+

+    `gcry_md_final_t final'

+          The function responsible for `finalizing' a message digest

+          context.  See below for an explanation of this type.

+

+    `gcry_md_read_t read'

+          The function responsible for reading out a message digest

+          result.  See below for an explanation of this type.

+

+    `size_t contextsize'

+          The size of the algorithm-specific `context', that should be

+          allocated for each handle.

+

+ -- Data type: gcry_md_oid_spec_t

+     This type is used for associating a user-provided algorithm

+     implementation with certain OIDs.  It contains the following

+     members:

+

+    `const char *oidstring'

+          Textual representation of the OID.

+

+ -- Data type: gcry_md_init_t

+     Type for the `init' function, defined as: void (*gcry_md_init_t)

+     (void *c)

+

+ -- Data type: gcry_md_write_t

+     Type for the `write' function, defined as: void (*gcry_md_write_t)

+     (void *c, unsigned char *buf, size_t nbytes)

+

+ -- Data type: gcry_md_final_t

+     Type for the `final' function, defined as: void (*gcry_md_final_t)

+     (void *c)

+

+ -- Data type: gcry_md_read_t

+     Type for the `read' function, defined as: unsigned char

+     *(*gcry_md_read_t) (void *c)

+

+ -- Function: gcry_error_t gcry_md_register (gcry_md_spec_t *DIGEST,

+          unsigned int *algorithm_id, gcry_module_t *MODULE)

+     Register a new digest module whose specification can be found in

+     DIGEST.  On success, a new algorithm ID is stored in ALGORITHM_ID

+     and a pointer representing this module is stored in MODULE.

+

+ -- Function: void gcry_md_unregister (gcry_module_t MODULE)

+     Unregister the digest identified by MODULE, which must have been

+     registered with gcry_md_register.

+

+ -- Function: gcry_error_t gcry_md_list (int *LIST, int *LIST_LENGTH)

+     Get a list consisting of the IDs of the loaded message digest

+     modules.  If LIST is zero, write the number of loaded message

+     digest modules to LIST_LENGTH and return.  If LIST is non-zero,

+     the first *LIST_LENGTH algorithm IDs are stored in LIST, which

+     must be of according size.  In case there are less message digests

+     modules than *LIST_LENGTH, *LIST_LENGTH is updated to the correct

+     number.

+

+

+File: gcrypt.info,  Node: Working with hash algorithms,  Prev: Hash algorithm modules,  Up: Hashing

+

+6.3 Working with hash algorithms

+================================

+

+To use most of these function it is necessary to create a context; this

+is done using:

+

+ -- Function: gcry_error_t gcry_md_open (gcry_md_hd_t *HD, int ALGO,

+          unsigned int FLAGS)

+     Create a message digest object for algorithm ALGO.  FLAGS may be

+     given as an bitwise OR of constants described below.  ALGO may be

+     given as `0' if the algorithms to use are later set using

+     `gcry_md_enable'. HD is guaranteed to either receive a valid

+     handle or NULL.

+

+     For a list of supported algorithms, see *Note Available hash

+     algorithms::.

+

+     The flags allowed for MODE are:

+

+    `GCRY_MD_FLAG_SECURE'

+          Allocate all buffers and the resulting digest in "secure

+          memory".  Use this is the hashed data is highly confidential.

+

+    `GCRY_MD_FLAG_HMAC'

+          Turn the algorithm into a HMAC message authentication

+          algorithm.  This does only work if just one algorithm is

+          enabled for the handle and SHA-384 and SHA512 is not used.

+          Note that the function `gcry_md_setkey' must be used set the

+          MAC key.  If you want CBC message authentication codes based

+          on a cipher, see *Note Working with cipher handles::.

+

+

+     You may use the function `gcry_md_is_enabled' to later check

+     whether an algorithm has been enabled.

+

+

+   If you want to calculate several hash algorithms at the same time,

+you have to use the following function right after the `gcry_md_open':

+

+ -- Function: gcry_error_t gcry_md_enable (gcry_md_hd_t H, int ALGO)

+     Add the message digest algorithm ALGO to the digest object

+     described by handle H.  Duplicated enabling of algorithms is

+     detected and ignored.

+

+   If the flag `GCRY_MD_FLAG_HMAC' was used, the key for the MAC must

+be set using the function:

+

+ -- Function: gcry_error_t gcry_md_setkey (gcry_md_hd_t H, const void

+          *KEY, size_t KEYLEN)

+     For use with the HMAC feature, set the MAC key to the value of KEY

+     of length KEYLEN.

+

+   After you are done with the hash calculation, you should release the

+resources by using:

+

+ -- Function: void gcry_md_close (gcry_md_hd_t H)

+     Release all resources of hash context H.  H should not be used

+     after a call to this function.  A `NULL' passed as H is ignored.

+

+

+   Often you have to do several hash operations using the same

+algorithm.  To avoid the overhead of creating and releasing context, a

+reset function is provided:

+

+ -- Function: void gcry_md_reset (gcry_md_hd_t H)

+     Reset the current context to its initial state.  This is

+     effectively identical to a close followed by an open and enabling

+     all currently active algorithms.

+

+   Often it is necessary to start hashing some data and than continue to

+hash different data.  To avoid hashing the same data several times

+(which might not even be possible if the data is received from a pipe),

+a snapshot of the current hash context can be taken and turned into a

+new context:

+

+ -- Function: gcry_error_t gcry_md_copy (gcry_md_hd_t *HANDLE_DST,

+          gcry_md_hd_t HANDLE_SRC)

+     Create a new digest object as an exact copy of the object

+     described by handle HANDLE_SRC and store it in HANDLE_DST.  The

+     context is not reset and you can continue to hash data using this

+     context and independently using the original context.

+

+   Now that we have prepared everything to calculate hashes, its time to

+see how it is actually done.  There are 2  ways for this, one to update

+the hash with a block of memory and one macro to update the hash by

+just one character.  Both may be used intermixed.

+

+ -- Function: void gcry_md_write (gcry_md_hd_t H, const void *BUFFER,

+          size_t LENGTH)

+     Pass LENGTH bytes of the data in BUFFER to the digest object with

+     handle H to update the digest values. This function should be used

+     for large blocks of data.

+

+ -- Function: void gcry_md_putc (gcry_md_hd_t H, int C)

+     Pass the byte in C to the digest object with handle H to update

+     the digest value.  This is an efficient function, implemented as a

+     macro to buffer the data before an actual update.

+

+   The semantics of the hash functions don't allow to read out

+intermediate message digests because the calculation must be finalized

+fist.  This finalization may for example include the number of bytes

+hashed in the message digest.

+

+ -- Function: void gcry_md_final (gcry_md_hd_t H)

+     Finalize the message digest calculation.  This is not really needed

+     because `gcry_md_read' does this implicitly.  After this has been

+     done no further updates (by means of `gcry_md_write' or

+     `gcry_md_putc' are allowed.  Only the first call to this function

+     has an effect. It is implemented as a macro.

+

+   The way to read out the calculated message digest is by using the

+function:

+

+ -- Function: unsigned char *gcry_md_read (gcry_md_hd_t H, int ALGO)

+     `gcry_md_read' returns the message digest after finalizing the

+     calculation.  This function may be used as often as required but

+     it will always return the same value for one handle.  The returned

+     message digest is allocated within the message context and

+     therefore valid until the handle is released or reseted (using

+     `gcry_md_close' or `gcry_md_reset'.  ALGO may be given as 0 to

+     return the only enabled message digest or it may specify one of

+     the enabled algorithms.  The function does return `NULL' if the

+     requested algorithm has not been enabled.

+

+   Because it is often necessary to get the message digest of one block

+of memory, a fast convenience function is available for this task:

+

+ -- Function: void gcry_md_hash_buffer (int ALGO, void *DIGEST, const

+          cvoid *BUFFER, size_t LENGTH);

+     `gcry_md_hash_buffer' is a shortcut function to calculate a message

+     digest of a buffer.  This function does not require a context and

+     immediately returns the message digest of the LENGTH bytes at

+     BUFFER.  DIGEST must be allocated by the caller, large enough to

+     hold the message digest yielded by the the specified algorithm

+     ALGO.  This required size may be obtained by using the function

+     `gcry_md_get_algo_dlen'.

+

+     Note, that this function will abort the process if an unavailable

+     algorithm is used.

+

+   Hash algorithms are identified by internal algorithm numbers (see

+`gcry_md_open' for a list.  However, in most applications they are used

+by names, so 2 functions are available to map between string

+representations and hash algorithm identifiers.

+

+ -- Function: const char *gcry_md_algo_name (int ALGO)

+     Map the digest algorithm id ALGO to a string representation of the

+     algorithm name.  For unknown algorithms this functions returns an

+     empty string.  This function should not be used to test for the

+     availability of an algorithm.

+

+ -- Function: int gcry_md_map_name (const char *NAME)

+     Map the algorithm with NAME to a digest algorithm identifier.

+     Returns 0 if the algorithm name is not known.  Names representing

+     ASN.1 object identifiers are recognized if the IETF dotted format

+     is used and the OID is prefixed with either "`oid.'" or "`OID.'".

+     For a list of supported OIDs, see the source code at

+     `cipher/md.c'. This function should not be used to test for the

+     availability of an algorithm.

+

+ -- Function: gcry_error_t gcry_md_get_asnoid (int ALGO, void *BUFFER,

+          size_t *LENGTH)

+     Return an DER encoded ASN.1 OID for the algorithm ALGO in the user

+     allocated BUFFER. LENGTH must point to variable with the available

+     size of BUFFER and receives after return the actual size of the

+     returned OID.  The returned error code may be `GPG_ERR_TOO_SHORT'

+     if the provided buffer is to short to receive the OID; it is

+     possible to call the function with `NULL' for BUFFER to have it

+     only return the required size.  The function returns 0 on success.

+

+

+   To test whether an algorithm is actually available for use, the

+following macro should be used:

+

+ -- Function: gcry_error_t gcry_md_test_algo (int ALGO)

+     The macro returns 0 if the algorithm ALGO is available for use.

+

+   If the length of a message digest is not known, it can be retrieved

+using the following function:

+

+ -- Function: unsigned int gcry_md_get_algo_dlen (int ALGO)

+     Retrieve the length in bytes of the digest yielded by algorithm

+     ALGO.  This is often used prior to `gcry_md_read' to allocate

+     sufficient memory for the digest.

+

+   In some situations it might be hard to remember the algorithm used

+for the ongoing hashing. The following function might be used to get

+that information:

+

+ -- Function: int gcry_md_get_algo (gcry_md_hd_t H)

+     Retrieve the algorithm used with the handle H. Note, that this

+     does not work reliable if more than one algorithm is enabled in H.

+

+   The following macro might also be useful:

+

+ -- Function: int gcry_md_is_secure (gcry_md_hd_t H)

+     This function returns true when the digest object H is allocated

+     in "secure memory"; i.e. H was created with the

+     `GCRY_MD_FLAG_SECURE'.

+

+ -- Function: int gcry_md_is_enabled (gcry_md_hd_t H, int ALGO)

+     This function returns true when the algorithm ALGO has been

+     enabled for the digest object H.

+

+   Tracking bugs related to hashing is often a cumbersome task which

+requires to add a lot of printf statements into the code.  Libgcrypt

+provides an easy way to avoid this.  The actual data hashed can be

+written to files on request.  The following 2 macros should be used to

+implement such a debugging facility:

+

+ -- Function: void gcry_md_start_debug (gcry_md_hd_t H, const char

+          *SUFFIX)

+     Enable debugging for the digest object with handle H.  This

+     creates create files named `dbgmd-<n>.<string>' while doing the

+     actual hashing.  SUFFIX is the string part in the filename.  The

+     number is a counter incremented for each new hashing.  The data in

+     the file is the raw data as passed to `gcry_md_write' or

+     `gcry_md_putc'.

+

+ -- Function: void gcry_md_stop_debug (gcry_md_hd_t H, int RESERVED)

+     Stop debugging on handle H.  RESERVED should be specified as 0.

+     This function is usually not required because `gcry_md_close' does

+     implicitly stop debugging.

+

+

+File: gcrypt.info,  Node: Public Key cryptography (I),  Next: Public Key cryptography (II),  Prev: Hashing,  Up: Top

+

+7 Public Key cryptography (I)

+*****************************

+

+Public key cryptography, also known as asymmetric cryptography, is an

+easy way for key management and to provide digital signatures.

+Libgcrypt provides two completely different interfaces to public key

+cryptography, this chapter explains the one based on S-expressions.

+

+* Menu:

+

+* Available algorithms::        Algorithms supported by the library.

+* Used S-expressions::          Introduction into the used S-expression.

+* Public key modules::          How to work with public key modules.

+* Cryptographic Functions::     Functions for performing the cryptographic actions.

+* General public-key related Functions::  General functions, not implementing any cryptography.

+

+

+File: gcrypt.info,  Node: Available algorithms,  Next: Used S-expressions,  Up: Public Key cryptography (I)

+

+7.1 Available algorithms

+========================

+

+Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well

+as DSA (Digital Signature Algorithm) and ElGamal.  The versatile

+interface allows to add more algorithms in the future.

+

+

+File: gcrypt.info,  Node: Used S-expressions,  Next: Public key modules,  Prev: Available algorithms,  Up: Public Key cryptography (I)

+

+7.2 Used S-expressions

+======================

+

+Libgcrypt's API for asymmetric cryptography is based on data structures

+called S-expressions (see XXXX) and does not work with contexts as most

+of the other building blocks of Libgcrypt do.

+

+   The following information are stored in S-expressions:

+

+keys

+

+plain text data

+

+encrypted data

+

+signatures

+

+To describe how Libgcrypt expect keys, we use some examples. Note that

+words in uppercase indicate parameters whereas lowercase words are

+literals.

+

+     (private-key

+       (dsa

+         (p P-MPI)

+         (q Q-MPI)

+         (g G-MPI)

+         (y Y-MPI)

+         (x X-MPI)))

+

+This specifies a DSA private key with the following parameters:

+

+P-MPI

+     DSA prime p.

+

+Q-MPI

+     DSA group order q (which is a prime divisor of p-1).

+

+G-MPI

+     DSA group generator g.

+

+Y-MPI

+     DSA public key value y = g^x \bmod p.

+

+X-MPI

+     DSA secret exponent x.

+

+   All the MPI values are  expected to be in `GCRYMPI_FMT_USG' format.

+The public key is similar with "private-key" replaced by "public-key"

+and no X-MPI.

+

+   An easy way to create such an S-expressions is by using

+`gcry_sexp_build' which allows to pass a string with printf-like

+escapes to insert MPI values.

+

+Here is an example for an RSA key:

+

+     (private-key

+       (rsa

+         (n N-MPI)

+         (e E-MPI)

+         (d D-MPI)

+         (p P-MPI)

+         (q Q-MPI)

+         (u U-MPI)

+

+with

+

+N-MPI

+     RSA public modulus n.

+

+E-MPI

+     RSA public exponent e.

+

+D-MPI

+     RSA secret exponent d = e^-1 \bmod (p-1)(q-1).

+

+P-MPI

+     RSA secret prime p.

+

+Q-MPI

+     RSA secret prime q with q > p.

+

+U-MPI

+     multiplicative inverse u = p^-1 \bmod q.

+

+

+File: gcrypt.info,  Node: Public key modules,  Next: Cryptographic Functions,  Prev: Used S-expressions,  Up: Public Key cryptography (I)

+

+7.3 Public key modules

+======================

+

+Libgcrypt makes it possible to load additional `public key modules';

+these public key algorithms can be used just like the algorithms that

+are built into the library directly.  For an introduction into

+extension modules, see *Note Modules::.

+

+ -- Data type: gcry_pk_spec_t

+     This is the `module specification structure' needed for registering

+     public key modules, which has to be filled in by the user before it

+     can be used to register a module.  It contains the following

+     members:

+

+    `const char *name'

+          The primary name of this algorithm.

+

+    `char **aliases'

+          A list of strings that are `aliases' for the algorithm.  The

+          list must be terminated with a NULL element.

+

+    `const char *elements_pkey'

+          String containing the one-letter names of the MPI values

+          contained in a public key.

+

+    `const char *element_skey'

+          String containing the one-letter names of the MPI values

+          contained in a secret key.

+

+    `const char *elements_enc'

+          String containing the one-letter names of the MPI values that

+          are the result of an encryption operation using this

+          algorithm.

+

+    `const char *elements_sig'

+          String containing the one-letter names of the MPI values that

+          are the result of a sign operation using this algorithm.

+

+    `const char *elements_grip'

+          String containing the one-letter names of the MPI values that

+          are to be included in the `key grip'.

+

+    `int use'

+          The bitwise-OR of the following flags, depending on the

+          abilities of the algorithm:

+         `GCRY_PK_USAGE_SIGN'

+               The algorithm supports signing and verifying of data.

+

+         `GCRY_PK_USAGE_ENCR'

+               The algorithm supports the encryption and decryption of

+               data.

+

+    `gcry_pk_generate_t generate'

+          The function responsible for generating a new key pair.  See

+          below for a description of this type.

+

+    `gcry_pk_check_secret_key_t check_secret_key'

+          The function responsible for checking the sanity of a

+          provided secret key.  See below for a description of this

+          type.

+

+    `gcry_pk_encrypt_t encrypt'

+          The function responsible for encrypting data.  See below for a

+          description of this type.

+

+    `gcry_pk_decrypt_t decrypt'

+          The function responsible for decrypting data.  See below for a

+          description of this type.

+

+    `gcry_pk_sign_t sign'

+          The function responsible for signing data.  See below for a

+          description of this type.

+

+    `gcry_pk_verify_t verify'

+          The function responsible for verifying that the provided

+          signature matches the provided data.  See below for a

+          description of this type.

+

+    `gcry_pk_get_nbits_t get_nbits'

+          The function responsible for returning the number of bits of

+          a provided key.  See below for a description of this type.

+

+ -- Data type: gcry_pk_generate_t

+     Type for the `generate' function, defined as: gcry_err_code_t

+     (*gcry_pk_generate_t) (int algo, unsigned int nbits, unsigned long

+     use_e, gcry_mpi_t *skey, gcry_mpi_t **retfactors)

+

+ -- Data type: gcry_pk_check_secret_key_t

+     Type for the `check_secret_key' function, defined as:

+     gcry_err_code_t (*gcry_pk_check_secret_key_t) (int algo,

+     gcry_mpi_t *skey)

+

+ -- Data type: gcry_pk_encrypt_t

+     Type for the `encrypt' function, defined as: gcry_err_code_t

+     (*gcry_pk_encrypt_t) (int algo, gcry_mpi_t *resarr, gcry_mpi_t

+     data, gcry_mpi_t *pkey, int flags)

+

+ -- Data type: gcry_pk_decrypt_t

+     Type for the `decrypt' function, defined as: gcry_err_code_t

+     (*gcry_pk_decrypt_t) (int algo, gcry_mpi_t *result, gcry_mpi_t

+     *data, gcry_mpi_t *skey, int flags)

+

+ -- Data type: gcry_pk_sign_t

+     Type for the `sign' function, defined as: gcry_err_code_t

+     (*gcry_pk_sign_t) (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,

+     gcry_mpi_t *skey)

+

+ -- Data type: gcry_pk_verify_t

+     Type for the `verify' function, defined as: gcry_err_code_t

+     (*gcry_pk_verify_t) (int algo, gcry_mpi_t hash, gcry_mpi_t *data,

+     gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaquev)

+

+ -- Data type: gcry_pk_get_nbits_t

+     Type for the `get_nbits' function, defined as: unsigned

+     (*gcry_pk_get_nbits_t) (int algo, gcry_mpi_t *pkey)

+

+ -- Function: gcry_error_t gcry_pk_register (gcry_pk_spec_t *PUBKEY,

+          unsigned int *algorithm_id, gcry_module_t *MODULE)

+     Register a new public key module whose specification can be found

+     in PUBKEY.  On success, a new algorithm ID is stored in

+     ALGORITHM_ID and a pointer representing this module is stored in

+     MODULE.

+

+ -- Function: void gcry_pk_unregister (gcry_module_t MODULE)

+     Unregister the public key module identified by MODULE, which must

+     have been registered with gcry_pk_register.

+

+ -- Function: gcry_error_t gcry_pk_list (int *LIST, int *LIST_LENGTH)

+     Get a list consisting of the IDs of the loaded pubkey modules.  If

+     LIST is zero, write the number of loaded pubkey modules to

+     LIST_LENGTH and return.  If LIST is non-zero, the first

+     *LIST_LENGTH algorithm IDs are stored in LIST, which must be of

+     according size.  In case there are less pubkey modules than

+     *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.

+

+

+File: gcrypt.info,  Node: Cryptographic Functions,  Next: General public-key related Functions,  Prev: Public key modules,  Up: Public Key cryptography (I)

+

+7.4 Cryptographic Functions

+===========================

+

+Note, that we will in future allow to use keys without p,q and u

+specified and may also support other parameters for performance reasons.

+

+Some functions operating on S-expressions support `flags', that

+influence the operation.  These flags have to be listed in a

+sub-S-expression named `flags'; the following flags are known:

+

+PKCS1

+     Use PKCS#1 block type 2 padding.

+

+NO-BLINDING

+     Do not use a technique called `blinding', which is used by default

+     in order to prevent leaking of secret information.  Blinding is

+     only implemented by RSA, but it might be implemented by other

+     algorithms in the future as well, when necessary.

+

+Now that we know the key basics, we can carry on and explain how to

+encrypt and decrypt data.  In almost all cases the data is a random

+session key which is in turn used for the actual encryption of the real

+data.  There are 2 functions to do this:

+

+ -- Function: gcry_error_t gcry_pk_encrypt (gcry_sexp_t *R_CIPH,

+          gcry_sexp_t DATA, gcry_sexp_t PKEY)

+     Obviously a public key must be provided for encryption.  It is

+     expected as an appropriate S-expression (see above) in PKEY.  The

+     data to be encrypted can either be in the simple old format, which

+     is a very simple S-expression consisting only of one MPI, or it

+     may be a more complex S-expression which also allows to specify

+     flags for operation, like e.g. padding rules.

+

+     If you don't want to let Libgcrypt handle the padding, you must

+     pass an appropriate MPI using this expression for DATA:

+

+          (data

+            (flags raw)

+            (value MPI))

+

+     This has the same semantics as the old style MPI only way.  MPI is

+     the actual data, already padded appropriate for your protocol.

+     Most systems however use PKCS#1 padding and so you can use this

+     S-expression for DATA:

+

+          (data

+            (flags pkcs1)

+            (value BLOCK))

+

+     Here, the "flags" list has the "pkcs1" flag which let the function

+     know that it should provide PKCS#1 block type 2 padding.  The

+     actual data to be encrypted is passed as a string of octets in

+     BLOCK.  The function checks that this data actually can be used

+     with the given key, does the padding and encrypts it.

+

+     If the function could successfully perform the encryption, the

+     return value will be 0 and a a new S-expression with the encrypted

+     result is allocated and assign to the variable at the address of

+     R_CIPH.  The caller is responsible to release this value using

+     `gcry_sexp_release'.  In case of an error, an error code is

+     returned and R_CIPH will be set to `NULL'.

+

+     The returned S-expression has this format when used with RSA:

+

+          (enc-val

+            (rsa

+              (a A-MPI)))

+

+     Where A-MPI is an MPI with the result of the RSA operation.  When

+     using the ElGamal algorithm, the return value will have this

+     format:

+

+          (enc-val

+            (elg

+              (a A-MPI)

+              (b B-MPI)))

+

+     Where A-MPI and B-MPI are MPIs with the result of the ElGamal

+     encryption operation.

+

+ -- Function: gcry_error_t gcry_pk_decrypt (gcry_sexp_t *R_PLAIN,

+          gcry_sexp_t DATA, gcry_sexp_t SKEY)

+     Obviously a private key must be provided for decryption.  It is

+     expected as an appropriate S-expression (see above) in SKEY.  The

+     data to be decrypted must match the format of the result as

+     returned by `gcry_pk_encrypt', but should be enlarged with a

+     `flags' element:

+

+          (enc-val

+            (flags)

+            (elg

+              (a A-MPI)

+              (b B-MPI)))

+

+     Note, that this function currently does not know of any padding

+     methods and the caller must do any un-padding on his own.

+

+     The function returns 0 on success or an error code.  The variable

+     at the address of R_PLAIN will be set to NULL on error or receive

+     the decrypted value on success.  The format of R_PLAIN is a simple

+     S-expression part (i.e. not a valid one) with just one MPI if

+     there was no `flags' element in DATA; if at least an empty `flags'

+     is passed in DATA, the format is:

+

+          (value PLAINTEXT)

+

+   Another operation commonly performed using public key cryptography is

+signing data.  In some sense this is even more important than

+encryption because digital signatures are an important instrument for

+key management.  Libgcrypt supports digital signatures using 2

+functions, similar to the encryption functions:

+

+ -- Function: gcry_error_t gcry_pk_sign (gcry_sexp_t *R_SIG,

+          gcry_sexp_t DATA, gcry_sexp_t SKEY)

+     This function creates a digital signature for DATA using the

+     private key SKEY and place it into the variable at the address of

+     R_SIG.  DATA may either be the simple old style S-expression with

+     just one MPI or a modern and more versatile S-expression which

+     allows to let Libgcrypt handle padding:

+

+           (data

+            (flags pkcs1)

+            (hash HASH-ALGO BLOCK))

+

+     This example requests to sign the data in BLOCK after applying

+     PKCS#1 block type 1 style padding.  HASH-ALGO is a string with the

+     hash algorithm to be encoded into the signature, this may be any

+     hash algorithm name as supported by Libgcrypt.  Most likely, this

+     will be "sha1", "rmd160" or "md5".  It is obvious that the length

+     of BLOCK must match the size of that message digests; the function

+     checks that this and other constraints are valid.

+

+     If PKCS#1 padding is not required (because the caller does already

+     provide a padded value), either the old format or better the

+     following format should be used:

+

+          (data

+            (flags raw)

+            (value MPI))

+

+     Here, the data to be signed is directly given as an MPI.

+

+     The signature is returned as a newly allocated S-expression in

+     R_SIG using this format for RSA:

+

+          (sig-val

+            (rsa

+              (s S-MPI)))

+

+     Where S-MPI is the result of the RSA sign operation.  For DSA the

+     S-expression returned is:

+

+          (sig-val

+            (dsa

+              (r R-MPI)

+              (s S-MPI)))

+

+     Where R-MPI and S-MPI are the result of the DSA sign operation.

+     For ElGamal signing (which is slow, yields large numbers and

+     probably is not as secure as the other algorithms), the same

+     format is used with "elg" replacing "dsa".

+

+The operation most commonly used is definitely the verification of a

+signature.  Libgcrypt provides this function:

+

+ -- Function: gcry_error_t gcry_pk_verify (gcry_sexp_t SIG,

+          gcry_sexp_t DATA, gcry_sexp_t PKEY)

+     This is used to check whether the signature SIG matches the DATA.

+     The public key PKEY must be provided to perform this verification.

+     This function is similar in its parameters to `gcry_pk_sign' with

+     the exceptions that the public key is used instead of the private

+     key and that no signature is created but a signature, in a format

+     as created by `gcry_pk_sign', is passed to the function in SIG.

+

+     The result is 0 for success (i.e. the data matches the signature),

+     or an error code where the most relevant code is

+     `GCRYERR_BAD_SIGNATURE' to indicate that the signature does not

+     match the provided data.

+

+

+

+File: gcrypt.info,  Node: General public-key related Functions,  Prev: Cryptographic Functions,  Up: Public Key cryptography (I)

+

+7.5 General public-key related Functions

+========================================

+

+A couple of utility functions are available to retrieve the length of

+the key, map algorithm identifiers and perform sanity checks:

+

+ -- Function: const char * gcry_pk_algo_name (int ALGO)

+     Map the public key algorithm id ALGO to a string representation of

+     the algorithm name.  For unknown algorithms this functions returns

+     an empty string.

+

+ -- Function: int gcry_pk_map_name (const char *NAME)

+     Map the algorithm NAME to a public key algorithm Id.  Returns 0 if

+     the algorithm name is not known.

+

+ -- Function: int gcry_pk_test_algo (int ALGO)

+     Return 0 if the public key algorithm ALGO is available for use.

+     Note, that this is implemented as a macro.

+

+ -- Function: unsigned int gcry_pk_get_nbits (gcry_sexp_t KEY)

+     Return what is commonly referred as the key length for the given

+     public or private in KEY.

+

+ -- Function: unsigned char * gcry_pk_get_keygrip (gcry_sexp_t KEY,

+          unsigned char *ARRAY)

+     Return the so called "keygrip" which is the SHA-1 hash of the

+     public key parameters expressed in a way depended on the

+     algorithm.  ARRAY must either provide space for 20 bytes or

+     `NULL;'. In the latter case a newly allocated array of that size

+     is returned.  On success a pointer to the newly allocated space or

+     to ARRAY is returned.  `NULL' is returned to indicate an error

+     which is most likely an unknown algorithm or one where a "keygrip"

+     has not yet been defined.  The function accepts public or secret

+     keys in KEY.

+

+ -- Function: gcry_error_t gcry_pk_testkey (gcry_sexp_t KEY)

+     Return zero if the private key KEY is `sane', an error code

+     otherwise.  Note, that it is not possible to chek the `saneness'

+     of a public key.

+

+

+ -- Function: int gcry_pk_algo_info (int ALGO, int WHAT, void *BUFFER,

+          size_t *NBYTES)

+     Depending on the value of WHAT return various information about

+     the public key algorithm with the id ALGO.  Note, that the

+     function returns `-1' on error and the actual error code must be

+     retrieved using the function `gcry_errno'.  The currently defined

+     values for WHAT are:

+

+    `GCRYCTL_TEST_ALGO:'

+          Return 0 when the specified algorithm is available for use.

+          BUFFER must be `NULL', NBYTES may be passed as `NULL' or

+          point to a variable with the required usage of the algorithm.

+          This may be 0 for "don't care" or the bit-wise OR of these

+          flags:

+

+         `GCRY_PK_USAGE_SIGN'

+               Algorithm is usable for signing.

+

+         `GCRY_PK_USAGE_ENCR'

+               Algorithm is usable for encryption.

+

+    `GCRYCTL_GET_ALGO_USAGE:'

+          Return the usage flags for the given algorithm.  An invalid

+          algorithm return 0.  Disabled algorithms are ignored here

+          because we want to know whether the algorithm is at all

+          capable of a certain usage.

+

+    `GCRYCTL_GET_ALGO_NPKEY'

+          Return the number of elements the public key for algorithm

+          ALGO consist of.  Return 0 for an unknown algorithm.

+

+    `GCRYCTL_GET_ALGO_NSKEY'

+          Return the number of elements the private key for algorithm

+          ALGO consist of.  Note that this value is always larger than

+          that of the public key.  Return 0 for an unknown algorithm.

+

+    `GCRYCTL_GET_ALGO_NSIGN'

+          Return the number of elements a signature created with the

+          algorithm ALGO consists of.  Return 0 for an unknown

+          algorithm or for an algorithm not capable of creating

+          signatures.

+

+    `GCRYCTL_GET_ALGO_NENC'

+          Return the number of elements a encrypted message created

+          with the algorithm ALGO consists of.  Return 0 for an unknown

+          algorithm or for an algorithm not capable of encryption.

+

+     Please note that parameters not required should be passed as

+     `NULL'.

+

+ -- Function: gcry_error_t gcry_pk_ctl (int CMD, void *BUFFER,

+          size_t BUFLEN)

+     This is a general purpose function to perform certain control

+     operations.  CMD controls what is to be done. The return value is

+     0 for success or an error code.  Currently supported values for

+     CMD are:

+

+    `GCRYCTL_DISABLE_ALGO'

+          Disable the algorithm given as an algorithm id in BUFFER.

+          BUFFER must point to an `int' variable with the algorithm id

+          and BUFLEN must have the value `sizeof (int)'.

+

+

+Libgcrypt also provides a function for generating public key pairs:

+

+ -- Function: gcry_error_t gcry_pk_genkey (gcry_sexp_t *R_KEY,

+          gcry_sexp_t PARMS)

+     This function create a new public key pair using information given

+     in the S-expression PARMS and stores the private and the public key

+     in one new S-expression at the address given by R_KEY.  In case of

+     an error, R_KEY is set to `NULL'.  The return code is 0 for

+     success or an error code otherwise.

+

+     Here is an example for PARMS for creating a 1024 bit RSA key:

+

+          (genkey

+            (rsa

+              (nbits 4:1024)))

+

+     To create an ElGamal key, substitute "elg" for "rsa" and to create

+     a DSA key use "dsa".  Valid ranges for the key length depend on the

+     algorithms; all commonly used key lengths are supported.  Currently

+     supported parameters are:

+

+    `nbits'

+          This is always required to specify the length of the key.

+          The argument is a string with a number in C-notation.

+

+    `rsa-use-e'

+          This is only used with RSA to give a hint for the public

+          exponent. The value will be used as a base to test for a

+          usable exponent. Some values are special:

+

+         `0'

+               Use a secure and fast value.  This is currently the

+               number 41.

+

+         `1'

+               Use a secure value as required by some specification.

+               This is currently the number 65537.

+

+         `2'

+               Reserved

+

+          If this parameter is not used, Libgcrypt uses for historic

+          reasons 65537.

+

+

+     The key pair is returned in a format depending on the algorithm.

+     Both private and public keys are returned in one container and may

+     be accompanied by some miscellaneous information.

+

+     As an example, here is what the ElGamal key generation returns:

+

+          (key-data

+            (public-key

+              (elg

+                (p P-MPI)

+                (g G-MPI)

+                (y Y-MPI)))

+            (private-key

+              (elg

+                (p P-MPI)

+                (g G-MPI)

+                (y Y-MPI)

+                (x X-MPI)))

+            (misc-key-info

+              (pm1-factors N1 N2 ... NN)))

+

+     As you can see, some of the information is duplicated, but this

+     provides an easy way to extract either the public or the private

+     key.  Note that the order of the elements is not defined, e.g. the

+     private key may be stored before the public key. N1 N2 ... NN is a

+     list of prime numbers used to composite P-MPI; this is in general

+     not a very useful information.

+

+

+File: gcrypt.info,  Node: Public Key cryptography (II),  Next: Random Numbers,  Prev: Public Key cryptography (I),  Up: Top

+

+8 Public Key cryptography (II)

+******************************

+

+This chapter documents the alternative interface to asymmetric

+cryptography (ac) that is not based on S-expressions, but on native C

+data structures.  As opposed to the pk interface described in the

+former chapter, this one follows an open/use/close paradigm like other

+building blocks of the library.

+

+* Menu:

+

+* Available asymmetric algorithms::  List of algorithms supported by the library.

+* Working with sets of data::   How to work with sets of data.

+* Working with handles::        How to use handles.

+* Working with keys::           How to work with keys.

+* Using cryptographic functions::  How to perform cryptographic operations.

+* Handle-independent functions::  General functions independent of handles.

+

+

+File: gcrypt.info,  Node: Available asymmetric algorithms,  Next: Working with sets of data,  Up: Public Key cryptography (II)

+

+8.1 Available asymmetric algorithms

+===================================

+

+Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well

+as DSA (Digital Signature Algorithm) and ElGamal.  The versatile

+interface allows to add more algorithms in the future.

+

+ -- Data type: gcry_ac_id_t

+     The following constants are defined for this type:

+

+    `GCRY_AC_RSA'

+          Riven-Shamir-Adleman

+

+    `GCRY_AC_DSA'

+          Digital Signature Algorithm

+

+    `GCRY_AC_ELG'

+          ElGamal

+

+    `GCRY_AC_ELG_E'

+          ElGamal, encryption only.

+

+

+File: gcrypt.info,  Node: Working with sets of data,  Next: Working with handles,  Prev: Available asymmetric algorithms,  Up: Public Key cryptography (II)

+

+8.2 Working with sets of data

+=============================

+

+In the context of this interface the term `data set' refers to a list

+of `named MPI values' that is used by functions performing

+cryptographic operations.

+

+   Such data sets are used for representing keys, since keys simply

+consist of a variable amount of numbers.  Furthermore some functions

+return data sets to the caller that are to be provided to other

+functions.

+

+   This section documents the data types, symbols and functions that are

+relevant for working with such data sets.

+

+ -- Data type: gcry_ac_data_t

+     A data set, that is simply a list of named MPI values.

+

+   The following flags are supported:

+

+`GCRY_AC_FLAG_DEALLOC'

+     Used for storing data in a data set.  If given, the data will be

+     released by the library.

+

+`GCRY_AC_FLAG_COPY'

+     Used for storing/retrieving data in/from a data set.  If given, the

+     library will create copies of the provided/contained data, which

+     will then be given to the user/associated with the data set.

+

+ -- Function: gcry_error_t gcry_ac_data_new (gcry_ac_data_t *DATA)

+     Creates a new, empty data set and stores it in DATA.

+

+ -- Function: void gcry_ac_data_destroy (gcry_ac_data_t DATA)

+     Destroys the data set DATA.

+

+ -- Function: gcry_error_t gcry_ac_data_set (gcry_ac_data_t DATA,

+          unsigned int FLAGS, char *NAME, gcry_mpi_t MPI)

+     Add the value MPI to DATA with the label NAME.  If FLAGS contains

+     GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME

+     and MPI.  If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or

+     GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will

+     be deallocated when they are to be removed from the data set.

+

+ -- Function: gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *DATA_CP,

+          gcry_ac_data_t DATA)

+     Create a copy of the data set DATA and store it in DATA_CP.

+

+ -- Function: unsigned int gcry_ac_data_length (gcry_ac_data_t DATA)

+     Returns the number of named MPI values inside of the data set DATA.

+

+ -- Function: gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t DATA,

+          unsigned int FLAGS, char *NAME, gcry_mpi_t *MPI)

+     Store the value labelled with NAME found in DATA in MPI.  If FLAGS

+     contains GCRY_AC_FLAG_COPY, store a copy of the MPI value

+     contained in the data set.  MPI may be NULL.

+

+ -- Function: gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t DATA,

+          unsigned int flags, unsigned int INDEX, const char **NAME,

+          gcry_mpi_t *MPI)

+     Stores in NAME and MPI the named MPI value contained in the data

+     set DATA with the index IDX.  If FLAGS contains GCRY_AC_FLAG_COPY,

+     store copies of the values contained in the data set. NAME or MPI

+     may be NULL.

+

+ -- Function: void gcry_ac_data_clear (gcry_ac_data_t DATA)

+     Destroys any values contained in the data set DATA.

+

+

+File: gcrypt.info,  Node: Working with handles,  Next: Working with keys,  Prev: Working with sets of data,  Up: Public Key cryptography (II)

+

+8.3 Working with handles

+========================

+

+In order to use an algorithm, an according handle must be created.

+This is done using the following function:

+

+ -- Function: gcry_error_t gcry_ac_open (gcry_ac_handle_t *HANDLE, int

+          ALGORITHM, int FLAGS)

+     Creates a new handle for the algorithm ALGORITHM and stores it in

+     HANDLE.  FLAGS is not used yet.

+

+     ALGORITHM must be a valid algorithm ID, see *Note Available

+     algorithms::, for a list of supported algorithms and the according

+     constants.  Besides using the listed constants directly, the

+     functions `gcry_ac_name_to_id' may be used to convert the textual

+     name of an algorithm into the according numeric ID.

+

+ -- Function: void gcry_ac_close (gcry_ac_handle_t HANDLE)

+     Destroys the handle HANDLE.

+

+

+File: gcrypt.info,  Node: Working with keys,  Next: Using cryptographic functions,  Prev: Working with handles,  Up: Public Key cryptography (II)

+

+8.4 Working with keys

+=====================

+

+ -- Data type: gcry_ac_key_type_t

+     Defined constants:

+

+    `GCRY_AC_KEY_TYPE_SECRET'

+          Specifies a secret key.

+

+    `GCRY_AC_KEY_TYPE_PUBLIC'

+          Specifies a public key.

+

+ -- Data type: gcry_ac_key_t

+     This type represents a single `key', either a secret one or a

+     public one.

+

+ -- Data type: gcry_ac_key_pair_t

+     This type represents a `key pair' containing a secret and a public

+     key.

+

+   Key data structures can be created in two different ways; a new key

+pair can be generated, resulting in ready-to-use key.  Alternatively a

+key can be initialized from a given data set.

+

+ -- Function: gcry_error_t gcry_ac_key_init (gcry_ac_key_t *KEY,

+          gcry_ac_handle_t HANDLE, gcry_ac_key_type_t TYPE,

+          gcry_ac_data_t DATA)

+     Creates a new key of type TYPE, consisting of the MPI values

+     contained in the data set DATA and stores it in KEY.

+

+ -- Function: gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t

+          HANDLE, unsigned int NBITS, void *KEY_SPEC,

+          gcry_ac_key_pair_t *KEY_PAIR, gcry_mpi_t **MISC_DATA)

+     Generates a new key pair via the handle HANDLE of NBITS bits and

+     stores it in KEY_PAIR.

+

+     In case non-standard settings are wanted, a pointer to a structure

+     of type `gcry_ac_key_spec_<algorithm>_t', matching the selected

+     algorithm, can be given as KEY_SPEC.  MISC_DATA is not used yet.

+     Such a structure does only exist for RSA.  A descriptions of the

+     members of the supported structures follows.

+

+    `gcry_ac_key_spec_rsa_t'

+

+         `gcry_mpi_t e'

+               Generate the key pair using a special `e'.  The value of

+               `e' has the following meanings:

+              `= 0'

+                    Let Libgcrypt device what exponent should be used.

+

+              `= 1'

+                    Request the use of a "secure" exponent; this is

+                    required by some specification to be 65537.

+

+              `> 2'

+                    Try starting at this value until a working exponent

+                    is found.  Note, that the current implementation

+                    leaks some information about the private key

+                    because the incrementation used is not randomized.

+                    Thus, this function will be changed in the future

+                    to return a random exponent of the given size.

+

+     Example code:

+          {

+            gcry_ac_key_pair_t key_pair;

+            gcry_ac_key_spec_rsa  rsa_spec;

+

+            rsa_spec.e = gcry_mpi_new (0);

+            gcry_mpi_set_ui (rsa_spec.e, 1)

+

+            err = gcry_ac_open  (&handle, GCRY_AC_RSA, 0);

+            assert (! err);

+

+            err = gcry_ac_key_pair_generate (handle, &key_pair, 1024, (void *) &rsa_spec);

+            assert (! err);

+          }

+

+ -- Function: gcry_ac_key_t gcry_ac_key_pair_extract

+          (gcry_ac_key_pair_t KEY_PAIR, gcry_ac_key_type_t WHICH)

+     Returns the key of type WHICH out of the key pair KEY_PAIR.

+

+ -- Function: void gcry_ac_key_destroy (gcry_ac_key_t KEY)

+     Destroys the key KEY.

+

+ -- Function: void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t

+          KEY_PAIR)

+     Destroys the key pair KEY_PAIR.

+

+ -- Function: gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t KEY)

+     Returns the data set contained in the key KEY.

+

+ -- Function: gcry_error_t gcry_ac_key_test (gcry_ac_handle_t HANDLE,

+          gcry_ac_key_t KEY)

+     Verifies that the private key KEY is sane via HANDLE.

+

+ -- Function: gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t

+          HANDLE, gcry_ac_key_t KEY, unsigned int *NBITS)

+     Stores the number of bits of the key KEY in NBITS via HANDLE.

+

+ -- Function: gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t

+          HANDLE, gcry_ac_key_t KEY, unsigned char *KEY_GRIP)

+     Writes the 20 byte long key grip of the key KEY to KEY_GRIP via

+     HANDLE.

+

+

+File: gcrypt.info,  Node: Using cryptographic functions,  Next: Handle-independent functions,  Prev: Working with keys,  Up: Public Key cryptography (II)

+

+8.5 Using cryptographic functions

+=================================

+

+The following flags might be relevant:

+

+`GCRY_AC_FLAG_NO_BLINDING'

+     Disable any blinding, which might be supported by the chosen

+     algorithm; blinding is the default.

+

+ -- Function: gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t

+          HANDLE, unsigned int FLAGS, gcry_ac_key_t KEY, gcry_mpi_t

+          DATA_PLAIN, gcry_ac_data_t **DATA_ENCRYPTED)

+     Encrypts the plain text MPI value DATA_PLAIN with the key public

+     KEY under the control of the flags FLAGS and stores the resulting

+     data set into DATA_ENCRYPTED.

+

+ -- Function: gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t

+          HANDLE, unsigned int FLAGS, gcry_ac_key_t KEY, gcry_mpi_t

+          *DATA_PLAIN, gcry_ac_data_t DATA_ENCRYPTED)

+     Decrypts the encrypted data contained in the data set

+     DATA_ENCRYPTED with the secret key KEY under the control of the

+     flags FLAGS and stores the resulting plain text MPI value in

+     DATA_PLAIN.

+

+ -- Function: gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t HANDLE,

+          gcry_ac_key_t KEY, gcry_mpi_t DATA, gcry_ac_data_t

+          *DATA_SIGNATURE)

+     Signs the data contained in DATA with the secret key KEY and

+     stores the resulting signature in the data set DATA_SIGNATURE.

+

+ -- Function: gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t

+          HANDLE, gcry_ac_key_t KEY, gcry_mpi_t DATA, gcry_ac_data_t

+          DATA_SIGNATURE)

+     Verifies that the signature contained in the data set

+     DATA_SIGNATURE is indeed the result of signing the data contained

+     in DATA with the secret key belonging to the public key KEY.

+

+

+File: gcrypt.info,  Node: Handle-independent functions,  Prev: Using cryptographic functions,  Up: Public Key cryptography (II)

+

+8.6 Handle-independent functions

+================================

+

+ -- Function: gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t ALGORITHM,

+          const char **NAME)

+     Stores the textual representation of the algorithm whose id is

+     given in ALGORITHM in NAME.

+

+ -- Function: gcry_error_t gcry_ac_name_to_id (const char *NAME,

+          gcry_ac_id_t *ALGORITHM)

+     Stores the numeric ID of the algorithm whose textual

+     representation is contained in NAME in ALGORITHM.

+

+

+File: gcrypt.info,  Node: Random Numbers,  Next: S-expressions,  Prev: Public Key cryptography (II),  Up: Top

+

+9 Random Numbers

+****************

+

+* Menu:

+

+* Quality of random numbers::   Libgcrypt uses different quality levels.

+* Retrieving random numbers::   How to retrieve random numbers.

+

+

+File: gcrypt.info,  Node: Quality of random numbers,  Next: Retrieving random numbers,  Up: Random Numbers

+

+9.1 Quality of random numbers

+=============================

+

+Libgcypt offers random numbers of different quality levels:

+

+ -- Data type: enum gcry_random_level

+     The constants for the random quality levels are of this type.

+

+`GCRY_WEAK_RANDOM'

+     This should not anymore be used.  It has recently been changed to

+     an alias of GCRY_STRONG_RANDOM.  Use `gcry_create_nonce' instead.

+

+`GCRY_STRONG_RANDOM'

+     Use this level for e.g. session keys and similar purposes.

+

+`GCRY_VERY_STRONG_RANDOM'

+     Use this level for e.g. key material.

+

+

+File: gcrypt.info,  Node: Retrieving random numbers,  Prev: Quality of random numbers,  Up: Random Numbers

+

+9.2 Retrieving random numbers

+=============================

+

+ -- Function: void gcry_randomize (unsigned char *BUFFER, size_t

+          LENGTH, enum gcry_random_level LEVEL)

+     Fill BUFFER with LENGTH random bytes using a random quality as

+     defined by LEVEL.

+

+ -- Function: void * gcry_random_bytes (size_t NBYTES, enum

+          gcry_random_level LEVEL)

+     Allocate a memory block consisting of NBYTES fresh random bytes

+     using a random quality as defined by LEVEL.

+

+ -- Function: void * gcry_random_bytes_secure (size_t NBYTES, enum

+          gcry_random_level LEVEL)

+     Allocate a memory block consisting of NBYTES fresh random bytes

+     using a random quality as defined by LEVEL.  This function differs

+     from `gcry_random_bytes' in that the returned buffer is allocated

+     in a "secure" area of the memory.

+

+ -- Function: void gcry_create_nonce (void *BUFFER, size_t LENGTH)

+     Fill BUFFER with LENGTH unpredictable bytes.  This is commonly

+     called a nonce and may also be used for initialization vectors and

+     padding.  This is an extra function nearly independent of the

+     other random function for 3 reasons: It better protects the

+     regular random generator's internal state, provides better

+     performance and does not drain the precious entropy pool.

+

+

+

+File: gcrypt.info,  Node: S-expressions,  Next: MPI library,  Prev: Random Numbers,  Up: Top

+

+10 S-expressions

+****************

+

+S-expressions are used by the public key functions to pass complex data

+structures around.  These LISP like objects are used by some

+cryptographic protocols (cf. RFC-2692) and Libgcrypt provides functions

+to parse and construct them.  For detailed information, see `Ron

+Rivest, code and description of S-expressions,

+`http://theory.lcs.mit.edu/~rivest/sexp.html''.

+

+* Menu:

+

+* Data types for S-expressions::  Data types related with S-expressions.

+* Working with S-expressions::  How to work with S-expressions.

+

+

+File: gcrypt.info,  Node: Data types for S-expressions,  Next: Working with S-expressions,  Up: S-expressions

+

+10.1 Data types for S-expressions

+=================================

+

+ -- Data type: gcry_sexp_t

+     The `gcry_sexp_t' type describes an object with the Libgcrypt

+     internal representation of an S-expression.

+

+

+File: gcrypt.info,  Node: Working with S-expressions,  Prev: Data types for S-expressions,  Up: S-expressions

+

+10.2 Working with S-expressions

+===============================

+

+There are several functions to create an Libgcrypt S-expression object

+from its external representation or from a string template.  There is

+also a function to convert the internal representation back into one of

+the external formats:

+

+ -- Function: gcry_error_t gcry_sexp_new (gcry_sexp_t *R_SEXP,

+          const void *BUFFER, size_t LENGTH, int AUTODETECT)

+     This is the generic function to create an new S-expression object

+     from its external representation in BUFFER of LENGTH bytes.  On

+     success the result is stored at the address given by R_SEXP.  With

+     AUTODETECT set to 0, the data in BUFFER is expected to be in

+     canonized format, with AUTODETECT set to 1 the parses any of the

+     defined external formats.  If BUFFER does not hold a valid

+     S-expression an error code is returned and R_SEXP set to `NULL'.

+     Note, that the caller is responsible for releasing the newly

+     allocated S-expression using `gcry_sexp_release'.

+

+ -- Function: gcry_error_t gcry_sexp_create (gcry_sexp_t *R_SEXP,

+          void *BUFFER, size_t LENGTH, int AUTODETECT,

+          void (*FREEFNC)(void*))

+     This function is identical to `gcry_sexp_new' but has an extra

+     argument FREEFNC, which, when not set to `NULL', is expected to be

+     a function to release the BUFFER; most likely the standard `free'

+     function is used for this argument.  This has the effect of

+     transferring the ownership of BUFFER to the created object in

+     R_SEXP.  The advantage of using this function is that Libgcrypt

+     might decide to directly use the provided buffer and thus avoid

+     extra copying.

+

+ -- Function: gcry_error_t gcry_sexp_sscan (gcry_sexp_t *R_SEXP,

+          size_t *ERROFF, const char *BUFFER, size_t LENGTH)

+     This is another variant of the above functions.  It behaves nearly

+     identical but provides an ERROFF argument which will receive the

+     offset into the buffer where the parsing stopped on error.

+

+ -- Function: gcry_error_t gcry_sexp_build (gcry_sexp_t *R_SEXP,

+          size_t *ERROFF, const char *FORMAT, ...)

+     This function creates an internal S-expression from the string

+     template FORMAT and stores it at the address of R_SEXP. If there

+     is a parsing error, the function returns an appropriate error code

+     and stores the offset into FORMAT where the parsing stopped in

+     ERROFF.  The function supports a couple of printf-like formatting

+     characters and expects arguments for some of these escape

+     sequences right after FORMAT.  The following format characters are

+     defined:

+

+    `%m'

+          The next argument is expected to be of type `gcry_mpi_t' and

+          a copy of its value is inserted into the resulting

+          S-expression.

+

+    `%s'

+          The next argument is expected to be of type `char *' and that

+          string is inserted into the resulting S-expression.

+

+    `%d'

+          The next argument is expected to be of type `int' and its

+          value ist inserted into the resulting S-expression.

+

+    `%b'

+          The next argument is expected to be of type `int' directly

+          followed by an argument of type `char *'.  This represents a

+          buffer of given length to be inserted into the resulting

+          regular expression.

+

+     No other format characters are defined and would return an error.

+     Note, that the format character `%%' does not exists, because a

+     percent sign is not a valid character in an S-expression.

+

+ -- Function: void gcry_sexp_release (gcry_sexp_t SEXP)

+     Release the S-expression object SEXP.

+

+The next 2 functions are used to convert the internal representation

+back into a regular external S-expression format and to show the

+structure for debugging.

+

+ -- Function: size_t gcry_sexp_sprint (gcry_sexp_t SEXP, int MODE,

+          void *BUFFER, size_t MAXLENGTH)

+     Copies the S-expression object SEXP into BUFFER using the format

+     specified in MODE.  MAXLENGTH must be set to the allocated length

+     of BUFFER.  The function returns the actual length of valid bytes

+     put into BUFFER or 0 if the provided buffer is too short.  Passing

+     `NULL' for BUFFER returns the required length for BUFFER.  For

+     convenience reasons an extra byte with value 0 is appended to the

+     buffer.

+

+     The following formats are supported:

+

+    `GCRYSEXP_FMT_DEFAULT'

+          Returns a convenient external S-expression representation.

+

+    `GCRYSEXP_FMT_CANON'

+          Return the S-expression in canonical format.

+

+    `GCRYSEXP_FMT_BASE64'

+          Not currently supported.

+

+    `GCRYSEXP_FMT_ADVANCED'

+          Returns the S-expression in advanced format.

+

+ -- Function: void gcry_sexp_dump (gcry_sexp_t SEXP)

+     Dumps SEXP in a format suitable for debugging to Libgcrypt's

+     logging stream.

+

+Often canonical encoding is used in the external representation.  The

+following function can be used to check for valid encoding and to learn

+the length of the S-expression"

+

+ -- Function: size_t gcry_sexp_canon_len (const unsigned char *BUFFER,

+          size_t LENGTH, size_t *ERROFF, int *ERRCODE)

+     Scan the canonical encoded BUFFER with implicit length values and

+     return the actual length this S-expression uses.  For a valid

+     S-expression it should never return 0.  If LENGTH is not 0, the

+     maximum length to scan is given; this can be used for syntax

+     checks of data passed from outside.  ERRCODE and ERROFF may both be

+     passed as `NULL'.

+

+

+There are a couple of functions to parse S-expressions and retrieve

+elements:

+

+ -- Function: gcry_sexp_t gcry_sexp_find_token (const gcry_sexp_t LIST,

+          const char *TOKEN, size_t TOKLEN)

+     Scan the S-expression for a sublist with a type (the car of the

+     list) matching the string TOKEN.  If TOKLEN is not 0, the token is

+     assumed to be raw memory of this length.  The function returns a

+     newly allocated S-expression consisting of the found sublist or

+     `NULL' when not found.

+

+ -- Function: int gcry_sexp_length (const gcry_sexp_t LIST)

+     Return the length of the LIST.  For a valid S-expression this

+     should be at least 1.

+

+ -- Function: gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t LIST,

+          int NUMBER)

+     Create and return a new S-expression from the element with index

+     NUMBER in LIST.  Note that the first element has the index 0.  If

+     there is no such element, `NULL' is returned.

+

+ -- Function: gcry_sexp_t gcry_sexp_car (const gcry_sexp_t LIST)

+     Create and return a new S-expression from the first element in

+     LIST; this called the "type" and should always exist and be a

+     string. `NULL' is returned in case of a problem.

+

+ -- Function: gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t LIST)

+     Create and return a new list form all elements except for the

+     first one.  Note, that this function may return an invalid

+     S-expression because it is not guaranteed, that the type exists

+     and is a string.  However, for parsing a complex S-expression it

+     might be useful for intermediate lists.  Returns `NULL' on error.

+

+ -- Function: const char * gcry_sexp_nth_data (const gcry_sexp_t LIST,

+          int NUMBER, size_t *DATALEN)

+     This function is used to get data from a LIST.  A pointer to the

+     actual data with index NUMBER is returned and the length of this

+     data will be stored to DATALEN.  If there is no data at the given

+     index or the index represents another list, `NULL' is returned.

+     *Take care:* The returned pointer is valid as long as LIST is not

+     modified or released.

+

+     Here is an example on how to extract and print the surname (Meier)

+     from the S-expression `(Name Otto Meier (address Burgplatz 3))':

+

+          size_t len;

+          const char *name;

+

+          name = gcry_sexp_nth_data (list, 2, &len);

+          printf ("my name is %.*s\n", (int)len, name);

+

+ -- Function: gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t LIST,

+          int NUMBER, int MPIFMT)

+     This function is used to get and convert data from a LIST. This

+     data is assumed to be an MPI stored in the format described by

+     MPIFMT and returned as a standard Libgcrypt MPI.  The caller must

+     release this returned value using `gcry_mpi_release'.  If there is

+     no data at the given index, the index represents a list or the

+     value can't be converted to an MPI, `NULL' is returned.

+

+

+File: gcrypt.info,  Node: MPI library,  Next: Utilities,  Prev: S-expressions,  Up: Top

+

+11 MPI library

+**************

+

+* Menu:

+

+* Data types::                  MPI related data types.

+* Basic functions::             First steps with MPI numbers.

+* MPI formats::                 External representation of MPIs.

+* Calculations::                Performing MPI calculations.

+* Comparisons::                 How to compare MPI values.

+* Bit manipulations::           How to access single bits of MPI values.

+* Miscellaneous::               Miscellaneous MPI functions.

+

+   Public key cryptography is based on mathematics with large numbers.

+To implement the public key functions, a library for handling these

+large numbers is required.  Because of the general usefulness of such a

+library, its interface is exposed by Libgcrypt.  The implementation is

+based on an old release of GNU Multi-Precision Library (GMP) but in the

+meantime heavily modified and stripped down to what is required for

+cryptography. For a lot of CPUs, high performance assembler

+implementations of some very low level functions are used to gain much

+better performance than with the standard C implementation.

+

+In the context of Libgcrypt and in most other applications, these large

+numbers are called MPIs (multi-precision-integers).

+

+

+File: gcrypt.info,  Node: Data types,  Next: Basic functions,  Up: MPI library

+

+11.1 Data types

+===============

+

+ -- Data type: gcry_mpi_t

+     The `gcry_mpi_t' type represents an object to hold an MPI.

+

+

+File: gcrypt.info,  Node: Basic functions,  Next: MPI formats,  Prev: Data types,  Up: MPI library

+

+11.2 Basic functions

+====================

+

+To work with MPIs, storage must be allocated and released for the

+numbers.  This can be done with one of these functions:

+

+ -- Function: gcry_mpi_t gcry_mpi_new (unsigned int NBITS)

+     Allocate a new MPI object, initialize it to 0 and initially

+     allocate enough memory for a number of at least NBITS.  This

+     pre-allocation is only a small performance issue and not actually

+     necessary because Libgcrypt automatically re-allocates the

+     required memory.

+

+ -- Function: gcry_mpi_t gcry_mpi_snew (unsigned int NBITS)

+     This is identical to `gcry_mpi_new' but allocates the MPI in the so

+     called "secure memory" which in turn will take care that all

+     derived values will also be stored in this "secure memory".  Use

+     this for highly confidential data like private key parameters.

+

+ -- Function: gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t A)

+     Create a new MPI as the exact copy of A.

+

+ -- Function: void gcry_mpi_release (gcry_mpi_t A)

+     Release the MPI A and free all associated resources.  Passing

+     `NULL' is allowed and ignored.  When a MPI stored in the "secure

+     memory" is released, that memory gets wiped out immediately.

+

+The simplest operations are used to assign a new value to an MPI:

+

+ -- Function: gcry_mpi_t gcry_mpi_set (gcry_mpi_t W, const gcry_mpi_t U)

+     Assign the value of U to W and return W.  If `NULL' is passed for

+     W, a new MPI is allocated, set to the value of U and returned.

+

+ -- Function: gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t W, unsigned long U)

+     Assign the value of U to W and return W.  If `NULL' is passed for

+     W, a new MPI is allocated, set to the value of U and returned.

+     This function takes an `unsigned int' as type for U and thus it is

+     only possible to set W to small values (usually up to the word

+     size of the CPU).

+

+ -- Function: void gcry_mpi_swap (gcry_mpi_t A, gcry_mpi_t B)

+     Swap the values of A and B.

+

+

+File: gcrypt.info,  Node: MPI formats,  Next: Calculations,  Prev: Basic functions,  Up: MPI library

+

+11.3 MPI formats

+================

+

+The following functions are used to convert between an external

+representation of an MPI and the internal one of Libgcrypt.

+

+ -- Function: int gcry_mpi_scan (gcry_mpi_t *R_MPI,

+          enum gcry_mpi_format FORMAT, const void *BUFFER,

+          size_t BUFLEN, size_t *NSCANNED)

+     Convert the external representation of an integer stored in BUFFER

+     with a length of BUFLEN into a newly created MPI returned which

+     will be stored at the address of R_MPI.  For certain formats the

+     length argument is not required and may be passed as `0'.  After a

+     successful operation the variable NSCANNED receives the number of

+     bytes actually scanned unless NSCANNED was given as `NULL'. FORMAT

+     describes the format of the MPI as stored in BUFFER:

+

+    `GCRYMPI_FMT_STD'

+          2-complement stored without a length header.

+

+    `GCRYMPI_FMT_PGP'

+          As used by OpenPGP (only defined as unsigned). This is

+          basically `GCRYMPI_FMT_STD' with a 2 byte big endian length

+          header.

+

+    `GCRYMPI_FMT_SSH'

+          As used in the Secure Shell protocol.  This is

+          `GCRYMPI_FMT_STD' with a 4 byte big endian header.

+

+    `GCRYMPI_FMT_HEX'

+          Stored as a C style string with each byte of the MPI encoded

+          as 2 hex digits.

+

+    `GCRYMPI_FMT_USG'

+          Simple unsigned integer.

+

+     Note, that all of the above formats store the integer in big-endian

+     format (MSB first).

+

+ -- Function: int gcry_mpi_print (enum gcry_mpi_format FORMAT,

+          unsigned char *BUFFER, size_t BUFLEN, size_t *NWRITTEN,

+          const gcry_mpi_t A)

+     Convert the MPI A into an external representation described by

+     FORMAT (see above) and store it in the provided BUFFER which has a

+     usable length of at least the BUFLEN bytes. If NWRITTEN is not

+     NULL, it will receive the number of bytes actually stored in

+     BUFFER after a successful operation.

+

+ -- Function: int gcry_mpi_aprint (enum gcry_mpi_format FORMAT,

+          unsigned char **BUFFER, size_t *NBYTES, const gcry_mpi_t A)

+     Convert the MPI A into an external representation described by

+     FORMAT (see above) and store it in a newly allocated buffer which

+     address will be stored in the variable BUFFER points to.  The

+     number of bytes stored in this buffer will be stored in the

+     variable NBYTES points to, unless NBYTES is `NULL'.

+

+ -- Function: void gcry_mpi_dump (const gcry_mpi_t A)

+     Dump the value of A in a format suitable for debugging to

+     Libgcrypt's logging stream.  Note that one leading space but no

+     trailing space or linefeed will be printed.  It is okay to pass

+     `NULL' for A.

+

+

+File: gcrypt.info,  Node: Calculations,  Next: Comparisons,  Prev: MPI formats,  Up: MPI library

+

+11.4 Calculations

+=================

+

+Basic arithmetic operations:

+

+ -- Function: void gcry_mpi_add (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V)

+     W = U + V.

+

+ -- Function: void gcry_mpi_add_ui (gcry_mpi_t W, gcry_mpi_t U,

+          unsigned long V)

+     W = U + V.  Note, that V is an unsigned integer.

+

+ -- Function: void gcry_mpi_addm (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V, gcry_mpi_t M)

+     W = U + V \bmod M.

+

+ -- Function: void gcry_mpi_sub (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V)

+     W = U - V.

+

+ -- Function: void gcry_mpi_sub_ui (gcry_mpi_t W, gcry_mpi_t U,

+          unsigned long V)

+     W = U - V.  V is an unsigned integer.

+

+ -- Function: void gcry_mpi_subm (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V, gcry_mpi_t M)

+     W = U - V \bmod M.

+

+ -- Function: void gcry_mpi_mul (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V)

+     W = U * V.

+

+ -- Function: void gcry_mpi_mul_ui (gcry_mpi_t W, gcry_mpi_t U,

+          unsigned long V)

+     W = U * V.  V is an unsigned integer.

+

+ -- Function: void gcry_mpi_mulm (gcry_mpi_t W, gcry_mpi_t U,

+          gcry_mpi_t V, gcry_mpi_t M)

+     W = U * V \bmod M.

+

+ -- Function: void gcry_mpi_mul_2exp (gcry_mpi_t W, gcry_mpi_t U,

+          unsigned long E)

+     W = U * 2^e.

+

+ -- Function: void gcry_mpi_div (gcry_mpi_t Q, gcry_mpi_t R,

+          gcry_mpi_t DIVIDEND, gcry_mpi_t DIVISOR, int ROUND)

+     Q = DIVIDEND / DIVISOR, R = DIVIDEND \bmod DIVISOR.  Q and R may

+     be passed as `NULL'.  ROUND should be negative or 0.

+

+ -- Function: void gcry_mpi_mod (gcry_mpi_t R, gcry_mpi_t DIVIDEND,

+          gcry_mpi_t DIVISOR)

+     R = DIVIDEND \bmod DIVISOR.

+

+ -- Function: void gcry_mpi_powm (gcry_mpi_t W, const gcry_mpi_t B,

+          const gcry_mpi_t E, const gcry_mpi_t M)

+     W = B^e \bmod M.

+

+ -- Function: int gcry_mpi_gcd (gcry_mpi_t G, gcry_mpi_t A,

+          gcry_mpi_t B)

+     Set G to the greatest common divisor of A and B.  Return true if

+     the G is 1.

+

+ -- Function: int gcry_mpi_invm (gcry_mpi_t X, gcry_mpi_t A,

+          gcry_mpi_t M)

+     Set X to the multiplicative inverse of A \bmod M.  Return true if

+     the inverse exists.

+

+

+File: gcrypt.info,  Node: Comparisons,  Next: Bit manipulations,  Prev: Calculations,  Up: MPI library

+

+11.5 Comparisons

+================

+

+The next 2 functions are used to compare MPIs:

+

+ -- Function: int gcry_mpi_cmp (const gcry_mpi_t U, const gcry_mpi_t V)

+     Compare the big integer number U and V returning 0 for equality, a

+     positive value for U > V and a negative for U < V.

+

+ -- Function: int gcry_mpi_cmp_ui (const gcry_mpi_t U, unsigned long V)

+     Compare the big integer number U with the unsigned integer V

+     returning 0 for equality, a positive value for U > V and a

+     negative for U < V.

+

+

+File: gcrypt.info,  Node: Bit manipulations,  Next: Miscellaneous,  Prev: Comparisons,  Up: MPI library

+

+11.6 Bit manipulations

+======================

+

+There are a couple of functions to get information on arbitrary bits in

+an MPI and to set or clear them:

+

+ -- Function: unsigned int gcry_mpi_get_nbits (gcry_mpi_t A)

+     Return the number of bits required to represent A.

+

+ -- Function: int gcry_mpi_test_bit (gcry_mpi_t A, unsigned int N)

+     Return true if bit number N (counting from 0) is set in A.

+

+ -- Function: void gcry_mpi_set_bit (gcry_mpi_t A, unsigned int N)

+     Set bit number N in A.

+

+ -- Function: void gcry_mpi_clear_bit (gcry_mpi_t A, unsigned int N)

+     Clear bit number N in A.

+

+ -- Function: void gcry_mpi_set_highbit (gcry_mpi_t A, unsigned int N)

+     Set bit number N in A and clear all bits greater than N.

+

+ -- Function: void gcry_mpi_clear_highbit (gcry_mpi_t A, unsigned int N)

+     Clear bit number N in A and all bits greater than N.

+

+ -- Function: void gcry_mpi_rshift (gcry_mpi_t X, gcry_mpi_t A,

+          unsigned int N)

+     Shift the value of A by N bits to the right and store the result

+     in X.

+

+

+File: gcrypt.info,  Node: Miscellaneous,  Prev: Bit manipulations,  Up: MPI library

+

+11.7 Miscellanous

+=================

+

+ -- Function: gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t A, void *P,

+          unsigned int NBITS)

+     Store NBITS of the value P points to in A and mark A as an opaque

+     value (i.e. an value that can't be used for any math calculation

+     and is only used to store an arbitrary bit pattern in A).

+

+     WARNING: Never use an opaque MPI for actual math operations.  The

+     only valid functions are gcry_mpi_get_opaque and gcry_mpi_release.

+     Use gcry_mpi_scan to convert a string of arbitrary bytes into an

+     MPI.

+

+

+ -- Function: void * gcry_mpi_get_opaque (gcry_mpi_t A,

+          unsigned int *NBITS)

+     Return a pointer to an opaque value stored in A and return its

+     size in NBITS.  Note, that the returned pointer is still owned by

+     A and that the function should never be used for an non-opaque MPI.

+

+ -- Function: void gcry_mpi_set_flag (gcry_mpi_t A,

+          enum gcry_mpi_flag FLAG)

+     Set the FLAG for the MPI A.  Currently only the flag

+     `GCRYMPI_FLAG_SECURE' is allowed to convert A into an MPI stored

+     in "secure memory".

+

+ -- Function: void gcry_mpi_clear_flag (gcry_mpi_t A,

+          enum gcry_mpi_flag FLAG)

+     Clear FLAG for the big integer A.  Note, that this function is

+     currently useless as no flags are allowed.

+

+ -- Function: int gcry_mpi_get_flag (gcry_mpi_t A,

+          enum gcry_mpi_flag FLAG)

+     Return true when the FLAG is set for A.

+

+ -- Function: void gcry_mpi_randomize (gcry_mpi_t W,

+          unsigned int NBITS, enum gcry_random_level LEVEL)

+     Set the big integer W to a random value of NBITS, using random

+     data quality of level LEVEL.  In case NBITS is not a multiple of a

+     byte, NBITS is rounded up to the next byte boundary.

+

+

+File: gcrypt.info,  Node: Utilities,  Next: Library Copying,  Prev: MPI library,  Up: Top

+

+12 Utilities

+************

+

+* Menu:

+

+* Memory allocation::           Functions related with memory allocation.

+

+

+File: gcrypt.info,  Node: Memory allocation,  Up: Utilities

+

+12.1 Memory allocation

+======================

+

+ -- Function: void *gcry_malloc (size_t N)

+     This function tries to allocate N bytes of memory.  On success it

+     returns a pointer to the memory area, in an out-of-core condition,

+     it returns NULL.

+

+ -- Function: void *gcry_malloc_secure (size_t N)

+     Like `gcry_malloc', but uses secure memory.

+

+ -- Function: void *gcry_calloc (size_t N)

+     This function tries to allocate N bytes of cleared memory (i.e.

+     memory that is initialized with zero bytes).  On success it

+     returns a pointer to the memory area, in an out-of-core condition,

+     it returns NULL.

+

+ -- Function: void *gcry_calloc_secure (size_t N)

+     Like `gcry_calloc', but uses secure memory.

+

+ -- Function: void *gcry_realloc (void *P, size_t N)

+     This function tries to resize the memory area pointed to by P to N

+     bytes.  On success it returns a pointer to the new memory area, in

+     an out-of-core condition, it returns NULL.  Depending on whether

+     the memory pointed to by P is secure memory or not, gcry_realloc

+     tries to use secure memory as well.

+

+ -- Function: void gcry_free (void *P)

+     Release the memory area pointed to by P.

+

+

+File: gcrypt.info,  Node: Library Copying,  Next: Copying,  Prev: Utilities,  Up: Top

+

+Appendix A GNU LESSER GENERAL PUBLIC LICENSE

+********************************************

+

+                      Version 2.1, February 1999

+

+     Copyright (C) 1991, 1999 Free Software Foundation, Inc.

+     59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

+

+     Everyone is permitted to copy and distribute verbatim copies

+     of this license document, but changing it is not allowed.

+

+     [This is the first released version of the Lesser GPL.  It also counts

+     as the successor of the GNU Library Public License, version 2, hence the

+     version number 2.1.]

+

+A.0.1 Preamble

+--------------

+

+The licenses for most software are designed to take away your freedom

+to share and change it.  By contrast, the GNU General Public Licenses

+are intended to guarantee your freedom to share and change free

+software--to make sure the software is free for all its users.

+

+   This license, the Lesser General Public License, applies to some

+specially designated software--typically libraries--of the Free

+Software Foundation and other authors who decide to use it.  You can use

+it too, but we suggest you first think carefully about whether this

+license or the ordinary General Public License is the better strategy to

+use in any particular case, based on the explanations below.

+

+   When we speak of free software, we are referring to freedom of use,

+not price.  Our General Public Licenses are designed to make sure that

+you have the freedom to distribute copies of free software (and charge

+for this service if you wish); that you receive source code or can get

+it if you want it; that you can change the software and use pieces of it

+in new free programs; and that you are informed that you can do these

+things.

+

+   To protect your rights, we need to make restrictions that forbid

+distributors to deny you these rights or to ask you to surrender these

+rights.  These restrictions translate to certain responsibilities for

+you if you distribute copies of the library or if you modify it.

+

+   For example, if you distribute copies of the library, whether gratis

+or for a fee, you must give the recipients all the rights that we gave

+you.  You must make sure that they, too, receive or can get the source

+code.  If you link other code with the library, you must provide

+complete object files to the recipients, so that they can relink them

+with the library after making changes to the library and recompiling

+it.  And you must show them these terms so they know their rights.

+

+   We protect your rights with a two-step method: (1) we copyright the

+library, and (2) we offer you this license, which gives you legal

+permission to copy, distribute and/or modify the library.

+

+   To protect each distributor, we want to make it very clear that

+there is no warranty for the free library.  Also, if the library is

+modified by someone else and passed on, the recipients should know that

+what they have is not the original version, so that the original

+author's reputation will not be affected by problems that might be

+introduced by others.

+

+   Finally, software patents pose a constant threat to the existence of

+any free program.  We wish to make sure that a company cannot

+effectively restrict the users of a free program by obtaining a

+restrictive license from a patent holder.  Therefore, we insist that

+any patent license obtained for a version of the library must be

+consistent with the full freedom of use specified in this license.

+

+   Most GNU software, including some libraries, is covered by the

+ordinary GNU General Public License.  This license, the GNU Lesser

+General Public License, applies to certain designated libraries, and is

+quite different from the ordinary General Public License.  We use this

+license for certain libraries in order to permit linking those

+libraries into non-free programs.

+

+   When a program is linked with a library, whether statically or using

+a shared library, the combination of the two is legally speaking a

+combined work, a derivative of the original library.  The ordinary

+General Public License therefore permits such linking only if the

+entire combination fits its criteria of freedom.  The Lesser General

+Public License permits more lax criteria for linking other code with

+the library.

+

+   We call this license the "Lesser" General Public License because it

+does _Less_ to protect the user's freedom than the ordinary General

+Public License.  It also provides other free software developers Less

+of an advantage over competing non-free programs.  These disadvantages

+are the reason we use the ordinary General Public License for many

+libraries.  However, the Lesser license provides advantages in certain

+special circumstances.

+

+   For example, on rare occasions, there may be a special need to

+encourage the widest possible use of a certain library, so that it

+becomes a de-facto standard.  To achieve this, non-free programs must be

+allowed to use the library.  A more frequent case is that a free

+library does the same job as widely used non-free libraries.  In this

+case, there is little to gain by limiting the free library to free

+software only, so we use the Lesser General Public License.

+

+   In other cases, permission to use a particular library in non-free

+programs enables a greater number of people to use a large body of free

+software.  For example, permission to use the GNU C Library in non-free

+programs enables many more people to use the whole GNU operating

+system, as well as its variant, the GNU/Linux operating system.

+

+   Although the Lesser General Public License is Less protective of the

+users' freedom, it does ensure that the user of a program that is

+linked with the Library has the freedom and the wherewithal to run that

+program using a modified version of the Library.

+

+   The precise terms and conditions for copying, distribution and

+modification follow.  Pay close attention to the difference between a

+"work based on the library" and a "work that uses the library".  The

+former contains code derived from the library, whereas the latter must

+be combined with the library in order to run.

+

+                   GNU LESSER GENERAL PUBLIC LICENSE

+    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

+  0. This License Agreement applies to any software library or other

+     program which contains a notice placed by the copyright holder or

+     other authorized party saying it may be distributed under the

+     terms of this Lesser General Public License (also called "this

+     License").  Each licensee is addressed as "you".

+

+     A "library" means a collection of software functions and/or data

+     prepared so as to be conveniently linked with application programs

+     (which use some of those functions and data) to form executables.

+

+     The "Library", below, refers to any such software library or work

+     which has been distributed under these terms.  A "work based on the

+     Library" means either the Library or any derivative work under

+     copyright law: that is to say, a work containing the Library or a

+     portion of it, either verbatim or with modifications and/or

+     translated straightforwardly into another language.  (Hereinafter,

+     translation is included without limitation in the term

+     "modification".)

+

+     "Source code" for a work means the preferred form of the work for

+     making modifications to it.  For a library, complete source code

+     means all the source code for all modules it contains, plus any

+     associated interface definition files, plus the scripts used to

+     control compilation and installation of the library.

+

+     Activities other than copying, distribution and modification are

+     not covered by this License; they are outside its scope.  The act

+     of running a program using the Library is not restricted, and

+     output from such a program is covered only if its contents

+     constitute a work based on the Library (independent of the use of

+     the Library in a tool for writing it).  Whether that is true

+     depends on what the Library does and what the program that uses

+     the Library does.

+

+  1. You may copy and distribute verbatim copies of the Library's

+     complete source code as you receive it, in any medium, provided

+     that you conspicuously and appropriately publish on each copy an

+     appropriate copyright notice and disclaimer of warranty; keep

+     intact all the notices that refer to this License and to the

+     absence of any warranty; and distribute a copy of this License

+     along with the Library.

+

+     You may charge a fee for the physical act of transferring a copy,

+     and you may at your option offer warranty protection in exchange

+     for a fee.

+

+  2. You may modify your copy or copies of the Library or any portion

+     of it, thus forming a work based on the Library, and copy and

+     distribute such modifications or work under the terms of Section 1

+     above, provided that you also meet all of these conditions:

+

+       a. The modified work must itself be a software library.

+

+       b. You must cause the files modified to carry prominent notices

+          stating that you changed the files and the date of any change.

+

+       c. You must cause the whole of the work to be licensed at no

+          charge to all third parties under the terms of this License.

+

+       d. If a facility in the modified Library refers to a function or

+          a table of data to be supplied by an application program that

+          uses the facility, other than as an argument passed when the

+          facility is invoked, then you must make a good faith effort

+          to ensure that, in the event an application does not supply

+          such function or table, the facility still operates, and

+          performs whatever part of its purpose remains meaningful.

+

+          (For example, a function in a library to compute square roots

+          has a purpose that is entirely well-defined independent of the

+          application.  Therefore, Subsection 2d requires that any

+          application-supplied function or table used by this function

+          must be optional: if the application does not supply it, the

+          square root function must still compute square roots.)

+

+     These requirements apply to the modified work as a whole.  If

+     identifiable sections of that work are not derived from the

+     Library, and can be reasonably considered independent and separate

+     works in themselves, then this License, and its terms, do not

+     apply to those sections when you distribute them as separate

+     works.  But when you distribute the same sections as part of a

+     whole which is a work based on the Library, the distribution of

+     the whole must be on the terms of this License, whose permissions

+     for other licensees extend to the entire whole, and thus to each

+     and every part regardless of who wrote it.

+

+     Thus, it is not the intent of this section to claim rights or

+     contest your rights to work written entirely by you; rather, the

+     intent is to exercise the right to control the distribution of

+     derivative or collective works based on the Library.

+

+     In addition, mere aggregation of another work not based on the

+     Library with the Library (or with a work based on the Library) on

+     a volume of a storage or distribution medium does not bring the

+     other work under the scope of this License.

+

+  3. You may opt to apply the terms of the ordinary GNU General Public

+     License instead of this License to a given copy of the Library.

+     To do this, you must alter all the notices that refer to this

+     License, so that they refer to the ordinary GNU General Public

+     License, version 2, instead of to this License.  (If a newer

+     version than version 2 of the ordinary GNU General Public License

+     has appeared, then you can specify that version instead if you

+     wish.)  Do not make any other change in these notices.

+

+     Once this change is made in a given copy, it is irreversible for

+     that copy, so the ordinary GNU General Public License applies to

+     all subsequent copies and derivative works made from that copy.

+

+     This option is useful when you wish to copy part of the code of

+     the Library into a program that is not a library.

+

+  4. You may copy and distribute the Library (or a portion or

+     derivative of it, under Section 2) in object code or executable

+     form under the terms of Sections 1 and 2 above provided that you

+     accompany it with the complete corresponding machine-readable

+     source code, which must be distributed under the terms of Sections

+     1 and 2 above on a medium customarily used for software

+     interchange.

+

+     If distribution of object code is made by offering access to copy

+     from a designated place, then offering equivalent access to copy

+     the source code from the same place satisfies the requirement to

+     distribute the source code, even though third parties are not

+     compelled to copy the source along with the object code.

+

+  5. A program that contains no derivative of any portion of the

+     Library, but is designed to work with the Library by being

+     compiled or linked with it, is called a "work that uses the

+     Library".  Such a work, in isolation, is not a derivative work of

+     the Library, and therefore falls outside the scope of this License.

+

+     However, linking a "work that uses the Library" with the Library

+     creates an executable that is a derivative of the Library (because

+     it contains portions of the Library), rather than a "work that

+     uses the library".  The executable is therefore covered by this

+     License.  Section 6 states terms for distribution of such

+     executables.

+

+     When a "work that uses the Library" uses material from a header

+     file that is part of the Library, the object code for the work may

+     be a derivative work of the Library even though the source code is

+     not.  Whether this is true is especially significant if the work

+     can be linked without the Library, or if the work is itself a

+     library.  The threshold for this to be true is not precisely

+     defined by law.

+

+     If such an object file uses only numerical parameters, data

+     structure layouts and accessors, and small macros and small inline

+     functions (ten lines or less in length), then the use of the object

+     file is unrestricted, regardless of whether it is legally a

+     derivative work.  (Executables containing this object code plus

+     portions of the Library will still fall under Section 6.)

+

+     Otherwise, if the work is a derivative of the Library, you may

+     distribute the object code for the work under the terms of Section

+     6.  Any executables containing that work also fall under Section 6,

+     whether or not they are linked directly with the Library itself.

+

+  6. As an exception to the Sections above, you may also combine or

+     link a "work that uses the Library" with the Library to produce a

+     work containing portions of the Library, and distribute that work

+     under terms of your choice, provided that the terms permit

+     modification of the work for the customer's own use and reverse

+     engineering for debugging such modifications.

+

+     You must give prominent notice with each copy of the work that the

+     Library is used in it and that the Library and its use are covered

+     by this License.  You must supply a copy of this License.  If the

+     work during execution displays copyright notices, you must include

+     the copyright notice for the Library among them, as well as a

+     reference directing the user to the copy of this License.  Also,

+     you must do one of these things:

+

+       a. Accompany the work with the complete corresponding

+          machine-readable source code for the Library including

+          whatever changes were used in the work (which must be

+          distributed under Sections 1 and 2 above); and, if the work

+          is an executable linked with the Library, with the complete

+          machine-readable "work that uses the Library", as object code

+          and/or source code, so that the user can modify the Library

+          and then relink to produce a modified executable containing

+          the modified Library.  (It is understood that the user who

+          changes the contents of definitions files in the Library will

+          not necessarily be able to recompile the application to use

+          the modified definitions.)

+

+       b. Use a suitable shared library mechanism for linking with the

+          Library.  A suitable mechanism is one that (1) uses at run

+          time a copy of the library already present on the user's

+          computer system, rather than copying library functions into

+          the executable, and (2) will operate properly with a modified

+          version of the library, if the user installs one, as long as

+          the modified version is interface-compatible with the version

+          that the work was made with.

+

+       c. Accompany the work with a written offer, valid for at least

+          three years, to give the same user the materials specified in

+          Subsection 6a, above, for a charge no more than the cost of

+          performing this distribution.

+

+       d. If distribution of the work is made by offering access to copy

+          from a designated place, offer equivalent access to copy the

+          above specified materials from the same place.

+

+       e. Verify that the user has already received a copy of these

+          materials or that you have already sent this user a copy.

+

+     For an executable, the required form of the "work that uses the

+     Library" must include any data and utility programs needed for

+     reproducing the executable from it.  However, as a special

+     exception, the materials to be distributed need not include

+     anything that is normally distributed (in either source or binary

+     form) with the major components (compiler, kernel, and so on) of

+     the operating system on which the executable runs, unless that

+     component itself accompanies the executable.

+

+     It may happen that this requirement contradicts the license

+     restrictions of other proprietary libraries that do not normally

+     accompany the operating system.  Such a contradiction means you

+     cannot use both them and the Library together in an executable

+     that you distribute.

+

+  7. You may place library facilities that are a work based on the

+     Library side-by-side in a single library together with other

+     library facilities not covered by this License, and distribute

+     such a combined library, provided that the separate distribution

+     of the work based on the Library and of the other library

+     facilities is otherwise permitted, and provided that you do these

+     two things:

+

+       a. Accompany the combined library with a copy of the same work

+          based on the Library, uncombined with any other library

+          facilities.  This must be distributed under the terms of the

+          Sections above.

+

+       b. Give prominent notice with the combined library of the fact

+          that part of it is a work based on the Library, and explaining

+          where to find the accompanying uncombined form of the same

+          work.

+

+  8. You may not copy, modify, sublicense, link with, or distribute the

+     Library except as expressly provided under this License.  Any

+     attempt otherwise to copy, modify, sublicense, link with, or

+     distribute the Library is void, and will automatically terminate

+     your rights under this License.  However, parties who have

+     received copies, or rights, from you under this License will not

+     have their licenses terminated so long as such parties remain in

+     full compliance.

+

+  9. You are not required to accept this License, since you have not

+     signed it.  However, nothing else grants you permission to modify

+     or distribute the Library or its derivative works.  These actions

+     are prohibited by law if you do not accept this License.

+     Therefore, by modifying or distributing the Library (or any work

+     based on the Library), you indicate your acceptance of this

+     License to do so, and all its terms and conditions for copying,

+     distributing or modifying the Library or works based on it.

+

+ 10. Each time you redistribute the Library (or any work based on the

+     Library), the recipient automatically receives a license from the

+     original licensor to copy, distribute, link with or modify the

+     Library subject to these terms and conditions.  You may not impose

+     any further restrictions on the recipients' exercise of the rights

+     granted herein.  You are not responsible for enforcing compliance

+     by third parties with this License.

+

+ 11. If, as a consequence of a court judgment or allegation of patent

+     infringement or for any other reason (not limited to patent

+     issues), conditions are imposed on you (whether by court order,

+     agreement or otherwise) that contradict the conditions of this

+     License, they do not excuse you from the conditions of this

+     License.  If you cannot distribute so as to satisfy simultaneously

+     your obligations under this License and any other pertinent

+     obligations, then as a consequence you may not distribute the

+     Library at all.  For example, if a patent license would not permit

+     royalty-free redistribution of the Library by all those who

+     receive copies directly or indirectly through you, then the only

+     way you could satisfy both it and this License would be to refrain

+     entirely from distribution of the Library.

+

+     If any portion of this section is held invalid or unenforceable

+     under any particular circumstance, the balance of the section is

+     intended to apply, and the section as a whole is intended to apply

+     in other circumstances.

+

+     It is not the purpose of this section to induce you to infringe any

+     patents or other property right claims or to contest validity of

+     any such claims; this section has the sole purpose of protecting

+     the integrity of the free software distribution system which is

+     implemented by public license practices.  Many people have made

+     generous contributions to the wide range of software distributed

+     through that system in reliance on consistent application of that

+     system; it is up to the author/donor to decide if he or she is

+     willing to distribute software through any other system and a

+     licensee cannot impose that choice.

+

+     This section is intended to make thoroughly clear what is believed

+     to be a consequence of the rest of this License.

+

+ 12. If the distribution and/or use of the Library is restricted in

+     certain countries either by patents or by copyrighted interfaces,

+     the original copyright holder who places the Library under this

+     License may add an explicit geographical distribution limitation

+     excluding those countries, so that distribution is permitted only

+     in or among countries not thus excluded.  In such case, this

+     License incorporates the limitation as if written in the body of

+     this License.

+

+ 13. The Free Software Foundation may publish revised and/or new

+     versions of the Lesser General Public License from time to time.

+     Such new versions will be similar in spirit to the present version,

+     but may differ in detail to address new problems or concerns.

+

+     Each version is given a distinguishing version number.  If the

+     Library specifies a version number of this License which applies

+     to it and "any later version", you have the option of following

+     the terms and conditions either of that version or of any later

+     version published by the Free Software Foundation.  If the Library

+     does not specify a license version number, you may choose any

+     version ever published by the Free Software Foundation.

+

+ 14. If you wish to incorporate parts of the Library into other free

+     programs whose distribution conditions are incompatible with these,

+     write to the author to ask for permission.  For software which is

+     copyrighted by the Free Software Foundation, write to the Free

+     Software Foundation; we sometimes make exceptions for this.  Our

+     decision will be guided by the two goals of preserving the free

+     status of all derivatives of our free software and of promoting

+     the sharing and reuse of software generally.

+

+                                NO WARRANTY

+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO

+     WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE

+     LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT

+     HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT

+     WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT

+     NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

+     FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE

+     QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU.  SHOULD THE

+     LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY

+     SERVICING, REPAIR OR CORRECTION.

+

+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN

+     WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY

+     MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE

+     LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,

+     INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR

+     INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF

+     DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU

+     OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY

+     OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN

+     ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

+

+                      END OF TERMS AND CONDITIONS

+A.0.2 How to Apply These Terms to Your New Libraries

+----------------------------------------------------

+

+If you develop a new library, and you want it to be of the greatest

+possible use to the public, we recommend making it free software that

+everyone can redistribute and change.  You can do so by permitting

+redistribution under these terms (or, alternatively, under the terms of

+the ordinary General Public License).

+

+   To apply these terms, attach the following notices to the library.

+It is safest to attach them to the start of each source file to most

+effectively convey the exclusion of warranty; and each file should have

+at least the "copyright" line and a pointer to where the full notice is

+found.

+

+     ONE LINE TO GIVE THE LIBRARY'S NAME AND AN IDEA OF WHAT IT DOES.

+     Copyright (C) YEAR  NAME OF AUTHOR

+

+     This library is free software; you can redistribute it and/or modify it

+     under the terms of the GNU Lesser General Public License as published by

+     the Free Software Foundation; either version 2.1 of the License, or (at

+     your option) any later version.

+

+     This library is distributed in the hope that it will be useful, but

+     WITHOUT ANY WARRANTY; without even the implied warranty of

+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+     Lesser General Public License for more details.

+

+     You should have received a copy of the GNU Lesser General Public

+     License along with this library; if not, write to the Free Software

+     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,

+     USA.

+

+   Also add information on how to contact you by electronic and paper

+mail.

+

+   You should also get your employer (if you work as a programmer) or

+your school, if any, to sign a "copyright disclaimer" for the library,

+if necessary.  Here is a sample; alter the names:

+

+     Yoyodyne, Inc., hereby disclaims all copyright interest in the library

+     `Frob' (a library for tweaking knobs) written by James Random Hacker.

+

+     SIGNATURE OF TY COON, 1 April 1990

+     Ty Coon, President of Vice

+

+   That's all there is to it!

+

+

+File: gcrypt.info,  Node: Copying,  Next: Concept Index,  Prev: Library Copying,  Up: Top

+

+Appendix B GNU GENERAL PUBLIC LICENSE

+*************************************

+

+                         Version 2, June 1991

+

+     Copyright (C) 1989, 1991 Free Software Foundation, Inc.

+     59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

+

+     Everyone is permitted to copy and distribute verbatim copies

+     of this license document, but changing it is not allowed.

+

+B.0.1 Preamble

+--------------

+

+The licenses for most software are designed to take away your freedom

+to share and change it.  By contrast, the GNU General Public License is

+intended to guarantee your freedom to share and change free

+software--to make sure the software is free for all its users.  This

+General Public License applies to most of the Free Software

+Foundation's software and to any other program whose authors commit to

+using it.  (Some other Free Software Foundation software is covered by

+the GNU Library General Public License instead.)  You can apply it to

+your programs, too.

+

+   When we speak of free software, we are referring to freedom, not

+price.  Our General Public Licenses are designed to make sure that you

+have the freedom to distribute copies of free software (and charge for

+this service if you wish), that you receive source code or can get it

+if you want it, that you can change the software or use pieces of it in

+new free programs; and that you know you can do these things.

+

+   To protect your rights, we need to make restrictions that forbid

+anyone to deny you these rights or to ask you to surrender the rights.

+These restrictions translate to certain responsibilities for you if you

+distribute copies of the software, or if you modify it.

+

+   For example, if you distribute copies of such a program, whether

+gratis or for a fee, you must give the recipients all the rights that

+you have.  You must make sure that they, too, receive or can get the

+source code.  And you must show them these terms so they know their

+rights.

+

+   We protect your rights with two steps: (1) copyright the software,

+and (2) offer you this license which gives you legal permission to copy,

+distribute and/or modify the software.

+

+   Also, for each author's protection and ours, we want to make certain

+that everyone understands that there is no warranty for this free

+software.  If the software is modified by someone else and passed on, we

+want its recipients to know that what they have is not the original, so

+that any problems introduced by others will not reflect on the original

+authors' reputations.

+

+   Finally, any free program is threatened constantly by software

+patents.  We wish to avoid the danger that redistributors of a free

+program will individually obtain patent licenses, in effect making the

+program proprietary.  To prevent this, we have made it clear that any

+patent must be licensed for everyone's free use or not licensed at all.

+

+   The precise terms and conditions for copying, distribution and

+modification follow.

+

+    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

+  1. This License applies to any program or other work which contains a

+     notice placed by the copyright holder saying it may be distributed

+     under the terms of this General Public License.  The "Program",

+     below, refers to any such program or work, and a "work based on

+     the Program" means either the Program or any derivative work under

+     copyright law: that is to say, a work containing the Program or a

+     portion of it, either verbatim or with modifications and/or

+     translated into another language.  (Hereinafter, translation is

+     included without limitation in the term "modification".)  Each

+     licensee is addressed as "you".

+

+     Activities other than copying, distribution and modification are

+     not covered by this License; they are outside its scope.  The act

+     of running the Program is not restricted, and the output from the

+     Program is covered only if its contents constitute a work based on

+     the Program (independent of having been made by running the

+     Program).  Whether that is true depends on what the Program does.

+

+  2. You may copy and distribute verbatim copies of the Program's

+     source code as you receive it, in any medium, provided that you

+     conspicuously and appropriately publish on each copy an appropriate

+     copyright notice and disclaimer of warranty; keep intact all the

+     notices that refer to this License and to the absence of any

+     warranty; and give any other recipients of the Program a copy of

+     this License along with the Program.

+

+     You may charge a fee for the physical act of transferring a copy,

+     and you may at your option offer warranty protection in exchange

+     for a fee.

+

+  3. You may modify your copy or copies of the Program or any portion

+     of it, thus forming a work based on the Program, and copy and

+     distribute such modifications or work under the terms of Section 1

+     above, provided that you also meet all of these conditions:

+

+       a. You must cause the modified files to carry prominent notices

+          stating that you changed the files and the date of any change.

+

+       b. You must cause any work that you distribute or publish, that

+          in whole or in part contains or is derived from the Program

+          or any part thereof, to be licensed as a whole at no charge

+          to all third parties under the terms of this License.

+

+       c. If the modified program normally reads commands interactively

+          when run, you must cause it, when started running for such

+          interactive use in the most ordinary way, to print or display

+          an announcement including an appropriate copyright notice and

+          a notice that there is no warranty (or else, saying that you

+          provide a warranty) and that users may redistribute the

+          program under these conditions, and telling the user how to

+          view a copy of this License.  (Exception: if the Program

+          itself is interactive but does not normally print such an

+          announcement, your work based on the Program is not required

+          to print an announcement.)

+

+     These requirements apply to the modified work as a whole.  If

+     identifiable sections of that work are not derived from the

+     Program, and can be reasonably considered independent and separate

+     works in themselves, then this License, and its terms, do not

+     apply to those sections when you distribute them as separate

+     works.  But when you distribute the same sections as part of a

+     whole which is a work based on the Program, the distribution of

+     the whole must be on the terms of this License, whose permissions

+     for other licensees extend to the entire whole, and thus to each

+     and every part regardless of who wrote it.

+

+     Thus, it is not the intent of this section to claim rights or

+     contest your rights to work written entirely by you; rather, the

+     intent is to exercise the right to control the distribution of

+     derivative or collective works based on the Program.

+

+     In addition, mere aggregation of another work not based on the

+     Program with the Program (or with a work based on the Program) on

+     a volume of a storage or distribution medium does not bring the

+     other work under the scope of this License.

+

+  4. You may copy and distribute the Program (or a work based on it,

+     under Section 2) in object code or executable form under the terms

+     of Sections 1 and 2 above provided that you also do one of the

+     following:

+

+       a. Accompany it with the complete corresponding machine-readable

+          source code, which must be distributed under the terms of

+          Sections 1 and 2 above on a medium customarily used for

+          software interchange; or,

+

+       b. Accompany it with a written offer, valid for at least three

+          years, to give any third party, for a charge no more than your

+          cost of physically performing source distribution, a complete

+          machine-readable copy of the corresponding source code, to be

+          distributed under the terms of Sections 1 and 2 above on a

+          medium customarily used for software interchange; or,

+

+       c. Accompany it with the information you received as to the offer

+          to distribute corresponding source code.  (This alternative is

+          allowed only for noncommercial distribution and only if you

+          received the program in object code or executable form with

+          such an offer, in accord with Subsection b above.)

+

+     The source code for a work means the preferred form of the work for

+     making modifications to it.  For an executable work, complete

+     source code means all the source code for all modules it contains,

+     plus any associated interface definition files, plus the scripts

+     used to control compilation and installation of the executable.

+     However, as a special exception, the source code distributed need

+     not include anything that is normally distributed (in either

+     source or binary form) with the major components (compiler,

+     kernel, and so on) of the operating system on which the executable

+     runs, unless that component itself accompanies the executable.

+

+     If distribution of executable or object code is made by offering

+     access to copy from a designated place, then offering equivalent

+     access to copy the source code from the same place counts as

+     distribution of the source code, even though third parties are not

+     compelled to copy the source along with the object code.

+

+  5. You may not copy, modify, sublicense, or distribute the Program

+     except as expressly provided under this License.  Any attempt

+     otherwise to copy, modify, sublicense or distribute the Program is

+     void, and will automatically terminate your rights under this

+     License.  However, parties who have received copies, or rights,

+     from you under this License will not have their licenses

+     terminated so long as such parties remain in full compliance.

+

+  6. You are not required to accept this License, since you have not

+     signed it.  However, nothing else grants you permission to modify

+     or distribute the Program or its derivative works.  These actions

+     are prohibited by law if you do not accept this License.

+     Therefore, by modifying or distributing the Program (or any work

+     based on the Program), you indicate your acceptance of this

+     License to do so, and all its terms and conditions for copying,

+     distributing or modifying the Program or works based on it.

+

+  7. Each time you redistribute the Program (or any work based on the

+     Program), the recipient automatically receives a license from the

+     original licensor to copy, distribute or modify the Program

+     subject to these terms and conditions.  You may not impose any

+     further restrictions on the recipients' exercise of the rights

+     granted herein.  You are not responsible for enforcing compliance

+     by third parties to this License.

+

+  8. If, as a consequence of a court judgment or allegation of patent

+     infringement or for any other reason (not limited to patent

+     issues), conditions are imposed on you (whether by court order,

+     agreement or otherwise) that contradict the conditions of this

+     License, they do not excuse you from the conditions of this

+     License.  If you cannot distribute so as to satisfy simultaneously

+     your obligations under this License and any other pertinent

+     obligations, then as a consequence you may not distribute the

+     Program at all.  For example, if a patent license would not permit

+     royalty-free redistribution of the Program by all those who

+     receive copies directly or indirectly through you, then the only

+     way you could satisfy both it and this License would be to refrain

+     entirely from distribution of the Program.

+

+     If any portion of this section is held invalid or unenforceable

+     under any particular circumstance, the balance of the section is

+     intended to apply and the section as a whole is intended to apply

+     in other circumstances.

+

+     It is not the purpose of this section to induce you to infringe any

+     patents or other property right claims or to contest validity of

+     any such claims; this section has the sole purpose of protecting

+     the integrity of the free software distribution system, which is

+     implemented by public license practices.  Many people have made

+     generous contributions to the wide range of software distributed

+     through that system in reliance on consistent application of that

+     system; it is up to the author/donor to decide if he or she is

+     willing to distribute software through any other system and a

+     licensee cannot impose that choice.

+

+     This section is intended to make thoroughly clear what is believed

+     to be a consequence of the rest of this License.

+

+  9. If the distribution and/or use of the Program is restricted in

+     certain countries either by patents or by copyrighted interfaces,

+     the original copyright holder who places the Program under this

+     License may add an explicit geographical distribution limitation

+     excluding those countries, so that distribution is permitted only

+     in or among countries not thus excluded.  In such case, this

+     License incorporates the limitation as if written in the body of

+     this License.

+

+ 10. The Free Software Foundation may publish revised and/or new

+     versions of the General Public License from time to time.  Such

+     new versions will be similar in spirit to the present version, but

+     may differ in detail to address new problems or concerns.

+

+     Each version is given a distinguishing version number.  If the

+     Program specifies a version number of this License which applies

+     to it and "any later version", you have the option of following

+     the terms and conditions either of that version or of any later

+     version published by the Free Software Foundation.  If the Program

+     does not specify a version number of this License, you may choose

+     any version ever published by the Free Software Foundation.

+

+ 11. If you wish to incorporate parts of the Program into other free

+     programs whose distribution conditions are different, write to the

+     author to ask for permission.  For software which is copyrighted

+     by the Free Software Foundation, write to the Free Software

+     Foundation; we sometimes make exceptions for this.  Our decision

+     will be guided by the two goals of preserving the free status of

+     all derivatives of our free software and of promoting the sharing

+     and reuse of software generally.

+

+                                NO WARRANTY

+ 12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO

+     WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE

+     LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT

+     HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT

+     WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT

+     NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

+     FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE

+     QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE

+     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY

+     SERVICING, REPAIR OR CORRECTION.

+

+ 13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN

+     WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY

+     MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE

+     LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,

+     INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR

+     INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF

+     DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU

+     OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY

+     OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN

+     ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

+

+                      END OF TERMS AND CONDITIONS

+How to Apply These Terms to Your New Programs

+=============================================

+

+If you develop a new program, and you want it to be of the greatest

+possible use to the public, the best way to achieve this is to make it

+free software which everyone can redistribute and change under these

+terms.

+

+   To do so, attach the following notices to the program.  It is safest

+to attach them to the start of each source file to most effectively

+convey the exclusion of warranty; and each file should have at least

+the "copyright" line and a pointer to where the full notice is found.

+

+     ONE LINE TO GIVE THE PROGRAM'S NAME AND AN IDEA OF WHAT IT DOES.

+     Copyright (C) 19YY  NAME OF AUTHOR

+

+     This program is free software; you can redistribute it and/or

+     modify it under the terms of the GNU General Public License

+     as published by the Free Software Foundation; either version 2

+     of the License, or (at your option) any later version.

+

+     This program is distributed in the hope that it will be useful,

+     but WITHOUT ANY WARRANTY; without even the implied warranty of

+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+     GNU General Public License for more details.

+

+     You should have received a copy of the GNU General Public License along

+     with this program; if not, write to the Free Software Foundation, Inc.,

+     59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.

+

+   Also add information on how to contact you by electronic and paper

+mail.

+

+   If the program is interactive, make it output a short notice like

+this when it starts in an interactive mode:

+

+     Gnomovision version 69, Copyright (C) 19YY NAME OF AUTHOR

+     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details

+     type `show w'.  This is free software, and you are welcome

+     to redistribute it under certain conditions; type `show c'

+     for details.

+

+   The hypothetical commands `show w' and `show c' should show the

+appropriate parts of the General Public License.  Of course, the

+commands you use may be called something other than `show w' and `show

+c'; they could even be mouse-clicks or menu items--whatever suits your

+program.

+

+   You should also get your employer (if you work as a programmer) or

+your school, if any, to sign a "copyright disclaimer" for the program,

+if necessary.  Here is a sample; alter the names:

+

+     Yoyodyne, Inc., hereby disclaims all copyright

+     interest in the program `Gnomovision'

+     (which makes passes at compilers) written

+     by James Hacker.

+

+     SIGNATURE OF TY COON, 1 April 1989

+     Ty Coon, President of Vice

+

+   This General Public License does not permit incorporating your

+program into proprietary programs.  If your program is a subroutine

+library, you may consider it more useful to permit linking proprietary

+applications with the library.  If this is what you want to do, use the

+GNU Library General Public License instead of this License.

+

+

+File: gcrypt.info,  Node: Concept Index,  Next: Function and Data Index,  Prev: Copying,  Up: Top

+

+Concept Index

+*************

+

+
+* Menu:

+

+* error codes:                           Error Values.          (line 6)

+* error codes, list of <1>:              Error Codes.           (line 6)

+* error codes, list of:                  Error Sources.         (line 6)

+* error codes, printing of:              Error Strings.         (line 6)

+* error sources:                         Error Values.          (line 6)

+* error sources, printing of:            Error Strings.         (line 6)

+* error strings:                         Error Strings.         (line 6)

+* error values:                          Error Values.          (line 6)

+* error values, printing of:             Error Strings.         (line 6)

+* GPL, GNU General Public License:       Copying.               (line 6)

+* LGPL, Lesser General Public License:   Library Copying.       (line 6)

+

+

+File: gcrypt.info,  Node: Function and Data Index,  Prev: Concept Index,  Up: Top

+

+Function and Data Index

+***********************

+

+
+* Menu:

+

+* *:                                     Retrieving random numbers.

+                                                              (line  13)

+* *gcry_calloc:                          Memory allocation.   (line  15)

+* *gcry_calloc_secure:                   Memory allocation.   (line  21)

+* *gcry_malloc:                          Memory allocation.   (line   7)

+* *gcry_malloc_secure:                   Memory allocation.   (line  12)

+* *gcry_realloc:                         Memory allocation.   (line  24)

+* AM_PATH_LIBGCRYPT:                     Building sources using Automake.

+                                                              (line  13)

+* char <1>:                              Working with hash algorithms.

+                                                              (line 117)

+* char <2>:                              General cipher functions.

+                                                              (line  39)

+* char:                                  Initializing the library.

+                                                              (line  13)

+* enum:                                  Quality of random numbers.

+                                                              (line   9)

+* gcry_ac_close:                         Working with handles.

+                                                              (line  21)

+* gcry_ac_data_clear:                    Working with sets of data.

+                                                              (line  68)

+* gcry_ac_data_copy:                     Working with sets of data.

+                                                              (line  48)

+* gcry_ac_data_decrypt:                  Using cryptographic functions.

+                                                              (line  22)

+* gcry_ac_data_destroy:                  Working with sets of data.

+                                                              (line  36)

+* gcry_ac_data_encrypt:                  Using cryptographic functions.

+                                                              (line  15)

+* gcry_ac_data_get_index:                Working with sets of data.

+                                                              (line  62)

+* gcry_ac_data_get_name:                 Working with sets of data.

+                                                              (line  55)

+* gcry_ac_data_new:                      Working with sets of data.

+                                                              (line  33)

+* gcry_ac_data_set:                      Working with sets of data.

+                                                              (line  40)

+* gcry_ac_data_sign:                     Using cryptographic functions.

+                                                              (line  30)

+* gcry_ac_data_t:                        Working with sets of data.

+                                                              (line  19)

+* gcry_ac_data_verify:                   Using cryptographic functions.

+                                                              (line  36)

+* gcry_ac_id_t:                          Available asymmetric algorithms.

+                                                              (line  11)

+* gcry_ac_id_to_name:                    Handle-independent functions.

+                                                              (line   8)

+* gcry_ac_key_data_get:                  Working with keys.   (line  92)

+* gcry_ac_key_destroy:                   Working with keys.   (line  85)

+* gcry_ac_key_get_grip:                  Working with keys.   (line 104)

+* gcry_ac_key_get_nbits:                 Working with keys.   (line 100)

+* gcry_ac_key_init:                      Working with keys.   (line  30)

+* gcry_ac_key_pair_destroy:              Working with keys.   (line  89)

+* gcry_ac_key_pair_extract:              Working with keys.   (line  82)

+* gcry_ac_key_pair_generate:             Working with keys.   (line  36)

+* gcry_ac_key_pair_t:                    Working with keys.   (line  20)

+* gcry_ac_key_t:                         Working with keys.   (line  16)

+* gcry_ac_key_test:                      Working with keys.   (line  96)

+* gcry_ac_key_type_t:                    Working with keys.   (line   7)

+* gcry_ac_name_to_id:                    Handle-independent functions.

+                                                              (line  13)

+* gcry_ac_open:                          Working with handles.

+                                                              (line  11)

+* gcry_cipher_algo_info:                 General cipher functions.

+                                                              (line  12)

+* gcry_cipher_close:                     Working with cipher handles.

+                                                              (line  52)

+* gcry_cipher_ctl:                       Working with cipher handles.

+                                                              (line 152)

+* gcry_cipher_decrypt:                   Working with cipher handles.

+                                                              (line 122)

+* gcry_cipher_decrypt_t:                 Cipher modules.      (line  80)

+* gcry_cipher_encrypt:                   Working with cipher handles.

+                                                              (line 104)

+* gcry_cipher_encrypt_t:                 Cipher modules.      (line  75)

+* gcry_cipher_info:                      Working with cipher handles.

+                                                              (line 161)

+* gcry_cipher_list:                      Cipher modules.      (line 106)

+* gcry_cipher_map_name:                  General cipher functions.

+                                                              (line  45)

+* gcry_cipher_mode_from_oid:             General cipher functions.

+                                                              (line  50)

+* gcry_cipher_oid_spec_t:                Cipher modules.      (line  60)

+* gcry_cipher_open:                      Working with cipher handles.

+                                                              (line  11)

+* gcry_cipher_register:                  Cipher modules.      (line  96)

+* gcry_cipher_reset:                     Working with cipher handles.

+                                                              (line  92)

+* gcry_cipher_setctr:                    Working with cipher handles.

+                                                              (line  84)

+* gcry_cipher_setiv:                     Working with cipher handles.

+                                                              (line  76)

+* gcry_cipher_setkey:                    Working with cipher handles.

+                                                              (line  59)

+* gcry_cipher_setkey_t:                  Cipher modules.      (line  70)

+* gcry_cipher_spec_t:                    Cipher modules.      (line  12)

+* gcry_cipher_stdecrypt_t:               Cipher modules.      (line  90)

+* gcry_cipher_stencrypt_t:               Cipher modules.      (line  85)

+* gcry_cipher_sync:                      Working with cipher handles.

+                                                              (line 142)

+* gcry_cipher_unregister:                Cipher modules.      (line 101)

+* gcry_control:                          Controlling the library.

+                                                              (line   7)

+* gcry_create_nonce:                     Retrieving random numbers.

+                                                              (line  24)

+* gcry_err_code:                         Error Values.        (line  43)

+* gcry_err_code_from_errno:              Error Values.        (line  95)

+* gcry_err_code_t:                       Error Values.        (line   7)

+* gcry_err_code_to_errno:                Error Values.        (line 100)

+* gcry_err_make:                         Error Values.        (line  57)

+* gcry_err_make_from_errno:              Error Values.        (line  81)

+* gcry_err_source:                       Error Values.        (line  49)

+* gcry_err_source_t:                     Error Values.        (line  14)

+* gcry_error:                            Error Values.        (line  64)

+* gcry_error_from_errno:                 Error Values.        (line  86)

+* gcry_error_t:                          Error Values.        (line  25)

+* gcry_free:                             Memory allocation.   (line  31)

+* gcry_handler_alloc_t:                  Allocation handler.  (line  12)

+* gcry_handler_error_t:                  Error handler.       (line  20)

+* gcry_handler_free_t:                   Allocation handler.  (line  24)

+* gcry_handler_log_t:                    Logging handler.     (line   7)

+* gcry_handler_no_mem_t:                 Error handler.       (line  10)

+* gcry_handler_progress_t:               Progress handler.    (line  10)

+* gcry_handler_realloc_t:                Allocation handler.  (line  20)

+* gcry_handler_secure_check_t:           Allocation handler.  (line  16)

+* gcry_md_close:                         Working with hash algorithms.

+                                                              (line  59)

+* gcry_md_copy:                          Working with hash algorithms.

+                                                              (line  80)

+* gcry_md_enable:                        Working with hash algorithms.

+                                                              (line  43)

+* gcry_md_final:                         Working with hash algorithms.

+                                                              (line 107)

+* gcry_md_final_t:                       Hash algorithm modules.

+                                                              (line  73)

+* gcry_md_get_algo:                      Working with hash algorithms.

+                                                              (line 193)

+* gcry_md_get_asnoid:                    Working with hash algorithms.

+                                                              (line 165)

+* gcry_md_hash_buffer:                   Working with hash algorithms.

+                                                              (line 132)

+* gcry_md_init_t:                        Hash algorithm modules.

+                                                              (line  65)

+* gcry_md_is_enabled:                    Working with hash algorithms.

+                                                              (line 204)

+* gcry_md_is_secure:                     Working with hash algorithms.

+                                                              (line 199)

+* gcry_md_list:                          Hash algorithm modules.

+                                                              (line  91)

+* gcry_md_map_name:                      Working with hash algorithms.

+                                                              (line 155)

+* gcry_md_oid_spec_t:                    Hash algorithm modules.

+                                                              (line  57)

+* gcry_md_open:                          Working with hash algorithms.

+                                                              (line  11)

+* gcry_md_putc:                          Working with hash algorithms.

+                                                              (line  97)

+* gcry_md_read_t:                        Hash algorithm modules.

+                                                              (line  77)

+* gcry_md_register:                      Hash algorithm modules.

+                                                              (line  82)

+* gcry_md_reset:                         Working with hash algorithms.

+                                                              (line  68)

+* gcry_md_setkey:                        Working with hash algorithms.

+                                                              (line  52)

+* gcry_md_spec_t:                        Hash algorithm modules.

+                                                              (line  12)

+* gcry_md_start_debug:                   Working with hash algorithms.

+                                                              (line 215)

+* gcry_md_stop_debug:                    Working with hash algorithms.

+                                                              (line 223)

+* gcry_md_test_algo:                     Working with hash algorithms.

+                                                              (line 178)

+* gcry_md_unregister:                    Hash algorithm modules.

+                                                              (line  87)

+* gcry_md_write:                         Working with hash algorithms.

+                                                              (line  92)

+* gcry_md_write_t:                       Hash algorithm modules.

+                                                              (line  69)

+* gcry_module_t:                         Modules.             (line  10)

+* gcry_mpi_add:                          Calculations.        (line  10)

+* gcry_mpi_add_ui:                       Calculations.        (line  14)

+* gcry_mpi_addm:                         Calculations.        (line  18)

+* gcry_mpi_aprint:                       MPI formats.         (line  53)

+* gcry_mpi_clear_bit:                    Bit manipulations.   (line  19)

+* gcry_mpi_clear_flag:                   Miscellaneous.       (line  32)

+* gcry_mpi_clear_highbit:                Bit manipulations.   (line  25)

+* gcry_mpi_cmp:                          Comparisons.         (line   9)

+* gcry_mpi_cmp_ui:                       Comparisons.         (line  13)

+* gcry_mpi_copy:                         Basic functions.     (line  23)

+* gcry_mpi_div:                          Calculations.        (line  50)

+* gcry_mpi_dump:                         MPI formats.         (line  60)

+* gcry_mpi_gcd:                          Calculations.        (line  63)

+* gcry_mpi_get_flag:                     Miscellaneous.       (line  37)

+* gcry_mpi_get_nbits:                    Bit manipulations.   (line  10)

+* gcry_mpi_get_opaque:                   Miscellaneous.       (line  20)

+* gcry_mpi_invm:                         Calculations.        (line  68)

+* gcry_mpi_mod:                          Calculations.        (line  55)

+* gcry_mpi_mul:                          Calculations.        (line  34)

+* gcry_mpi_mul_2exp:                     Calculations.        (line  46)

+* gcry_mpi_mul_ui:                       Calculations.        (line  38)

+* gcry_mpi_mulm:                         Calculations.        (line  42)

+* gcry_mpi_new:                          Basic functions.     (line  10)

+* gcry_mpi_powm:                         Calculations.        (line  59)

+* gcry_mpi_print:                        MPI formats.         (line  45)

+* gcry_mpi_randomize:                    Miscellaneous.       (line  41)

+* gcry_mpi_release:                      Basic functions.     (line  26)

+* gcry_mpi_rshift:                       Bit manipulations.   (line  29)

+* gcry_mpi_scan:                         MPI formats.         (line  12)

+* gcry_mpi_set:                          Basic functions.     (line  33)

+* gcry_mpi_set_bit:                      Bit manipulations.   (line  16)

+* gcry_mpi_set_flag:                     Miscellaneous.       (line  26)

+* gcry_mpi_set_highbit:                  Bit manipulations.   (line  22)

+* gcry_mpi_set_opaque:                   Miscellaneous.       (line   8)

+* gcry_mpi_set_ui:                       Basic functions.     (line  37)

+* gcry_mpi_snew:                         Basic functions.     (line  17)

+* gcry_mpi_sub:                          Calculations.        (line  22)

+* gcry_mpi_sub_ui:                       Calculations.        (line  26)

+* gcry_mpi_subm:                         Calculations.        (line  30)

+* gcry_mpi_swap:                         Basic functions.     (line  44)

+* gcry_mpi_t:                            Data types.          (line   7)

+* gcry_mpi_test_bit:                     Bit manipulations.   (line  13)

+* gcry_pk_algo_info:                     General public-key related Functions.

+                                                              (line  46)

+* gcry_pk_algo_name:                     General public-key related Functions.

+                                                              (line  10)

+* gcry_pk_check_secret_key_t:            Public key modules.  (line  91)

+* gcry_pk_ctl:                           General public-key related Functions.

+                                                              (line  96)

+* gcry_pk_decrypt:                       Cryptographic Functions.

+                                                              (line  85)

+* gcry_pk_decrypt_t:                     Public key modules.  (line 101)

+* gcry_pk_encrypt:                       Cryptographic Functions.

+                                                              (line  29)

+* gcry_pk_encrypt_t:                     Public key modules.  (line  96)

+* gcry_pk_generate_t:                    Public key modules.  (line  86)

+* gcry_pk_genkey:                        General public-key related Functions.

+                                                              (line 111)

+* gcry_pk_get_keygrip:                   General public-key related Functions.

+                                                              (line  28)

+* gcry_pk_get_nbits:                     General public-key related Functions.

+                                                              (line  23)

+* gcry_pk_get_nbits_t:                   Public key modules.  (line 116)

+* gcry_pk_list:                          Public key modules.  (line 131)

+* gcry_pk_map_name:                      General public-key related Functions.

+                                                              (line  15)

+* gcry_pk_register:                      Public key modules.  (line 121)

+* gcry_pk_sign:                          Cryptographic Functions.

+                                                              (line 117)

+* gcry_pk_sign_t:                        Public key modules.  (line 106)

+* gcry_pk_spec_t:                        Public key modules.  (line  12)

+* gcry_pk_test_algo:                     General public-key related Functions.

+                                                              (line  19)

+* gcry_pk_testkey:                       General public-key related Functions.

+                                                              (line  39)

+* gcry_pk_unregister:                    Public key modules.  (line 127)

+* gcry_pk_verify:                        Cryptographic Functions.

+                                                              (line 170)

+* gcry_pk_verify_t:                      Public key modules.  (line 111)

+* gcry_randomize:                        Retrieving random numbers.

+                                                              (line   8)

+* gcry_set_allocation_handler:           Allocation handler.  (line  34)

+* gcry_set_fatalerror_handler:           Error handler.       (line  25)

+* gcry_set_log_handler:                  Logging handler.     (line  12)

+* gcry_set_outofcore_handler:            Error handler.       (line  15)

+* gcry_set_progress_handler:             Progress handler.    (line  21)

+* gcry_sexp_build:                       Working with S-expressions.

+                                                              (line  43)

+* gcry_sexp_canon_len:                   Working with S-expressions.

+                                                              (line 116)

+* gcry_sexp_car:                         Working with S-expressions.

+                                                              (line 146)

+* gcry_sexp_cdr:                         Working with S-expressions.

+                                                              (line 151)

+* gcry_sexp_create:                      Working with S-expressions.

+                                                              (line  26)

+* gcry_sexp_dump:                        Working with S-expressions.

+                                                              (line 107)

+* gcry_sexp_find_token:                  Working with S-expressions.

+                                                              (line 129)

+* gcry_sexp_length:                      Working with S-expressions.

+                                                              (line 136)

+* gcry_sexp_new:                         Working with S-expressions.

+                                                              (line  13)

+* gcry_sexp_nth:                         Working with S-expressions.

+                                                              (line 141)

+* gcry_sexp_nth_data:                    Working with S-expressions.

+                                                              (line 159)

+* gcry_sexp_nth_mpi:                     Working with S-expressions.

+                                                              (line 177)

+* gcry_sexp_release:                     Working with S-expressions.

+                                                              (line  76)

+* gcry_sexp_sprint:                      Working with S-expressions.

+                                                              (line  84)

+* gcry_sexp_sscan:                       Working with S-expressions.

+                                                              (line  37)

+* gcry_sexp_t:                           Data types for S-expressions.

+                                                              (line   7)

+* gcry_strerror:                         Error Strings.       (line   7)

+* gcry_strsource:                        Error Strings.       (line  13)

+* int <1>:                               Working with sets of data.

+                                                              (line  51)

+* int:                                   Working with hash algorithms.

+                                                              (line 184)

+

+

+

+Tag Table:

+Node: Top730

+Node: Introduction6207

+Node: Getting Started6581

+Node: Features7464

+Node: Overview8254

+Node: Preparation8902

+Node: Header9700

+Node: Building sources10583

+Node: Building sources using Automake12505

+Node: Initializing the library13686

+Node: Multi Threading14729

+Ref: Multi Threading-Footnote-118634

+Node: Generalities19042

+Node: Controlling the library19367

+Node: Modules19751

+Node: Error Handling20530

+Node: Error Values23055

+Node: Error Sources27995

+Node: Error Codes30266

+Node: Error Strings33227

+Node: Handler Functions34379

+Node: Progress handler34938

+Node: Allocation handler36885

+Node: Error handler38180

+Node: Logging handler39237

+Node: Symmetric cryptography39743

+Node: Available ciphers40532

+Node: Cipher modules42436

+Node: Available cipher modes46959

+Node: Working with cipher handles47638

+Node: General cipher functions55498

+Node: Hashing57975

+Node: Available hash algorithms58781

+Node: Hash algorithm modules60808

+Node: Working with hash algorithms64655

+Node: Public Key cryptography (I)75048

+Node: Available algorithms75901

+Node: Used S-expressions76254

+Node: Public key modules78046

+Node: Cryptographic Functions83634

+Node: General public-key related Functions91123

+Node: Public Key cryptography (II)98345

+Node: Available asymmetric algorithms99252

+Node: Working with sets of data99932

+Node: Working with handles102954

+Node: Working with keys103898

+Node: Using cryptographic functions107960

+Node: Handle-independent functions109778

+Node: Random Numbers110392

+Node: Quality of random numbers110687

+Node: Retrieving random numbers111343

+Node: S-expressions112755

+Node: Data types for S-expressions113399

+Node: Working with S-expressions113725

+Node: MPI library122259

+Node: Data types123567

+Node: Basic functions123773

+Node: MPI formats125841

+Node: Calculations128631

+Node: Comparisons130886

+Node: Bit manipulations131504

+Node: Miscellaneous132648

+Node: Utilities134492

+Node: Memory allocation134696

+Node: Library Copying135952

+Node: Copying164116

+Node: Concept Index183319

+Node: Function and Data Index184274

+

+End Tag Table