+ sha1_update(&sha_ctx, sizeof(c), &c);
+ sha1_update(&sha_ctx, packet->length,
+ packet->data);
+ fingerprint->length = 20;
+ sha1_digest(&sha_ctx, fingerprint->length, fingerprint->fp);
+
+ break;
+#ifdef HAVE_NETTLE
+ case 5:
+ sha256_init(&sha2_ctx);
+ /* RFC4880bis 12.2 */
+ c = 0x9A;
+ sha256_update(&sha2_ctx, sizeof(c), &c);
+ c = packet->length >> 24;
+ sha256_update(&sha2_ctx, sizeof(c), &c);
+ c = packet->length >> 16;
+ sha256_update(&sha2_ctx, sizeof(c), &c);
+ c = packet->length >> 8;
+ sha256_update(&sha2_ctx, sizeof(c), &c);
+ c = packet->length & 0xFF;
+ sha256_update(&sha2_ctx, sizeof(c), &c);
+ sha256_update(&sha2_ctx, packet->length,
+ packet->data);
+ fingerprint->length = 32;
+ sha256_digest(&sha2_ctx, fingerprint->length, fingerprint->fp);
+
+ break;
+#endif
+ default:
+ return ONAK_E_UNKNOWN_VER;
+ }
+
+ return ONAK_E_OK;
+}
+
+
+/**
+ * get_packetid - Given a PGP packet returns the keyid.
+ * @packet: The packet to calculate the id for.
+ */
+onak_status_t get_packetid(struct openpgp_packet *packet, uint64_t *keyid)
+{
+ int offset = 0;
+ int i = 0;
+ struct openpgp_fingerprint fingerprint;
+#ifdef NETTLE_WITH_RIPEMD160
+ struct ripemd160_ctx ripemd160_context;
+ uint8_t data;
+#endif
+
+ if (packet == NULL || packet->data == NULL)
+ return ONAK_E_INVALID_PARAM;
+
+ switch (packet->data[0]) {
+ case 2:
+ case 3:
+ /*
+ * Old versions of GnuPG would put Elgamal keys inside
+ * a V3 key structure, then generate the keyid using
+ * RIPED160.
+ */
+#ifdef NETTLE_WITH_RIPEMD160
+ if (packet->data[7] == 16) {
+ ripemd160_init(&ripemd160_context);
+ data = 0x99;
+ ripemd160_update(&ripemd160_context, 1, &data);
+ data = packet->length >> 8;
+ ripemd160_update(&ripemd160_context, 1, &data);
+ data = packet->length & 0xFF;
+ ripemd160_update(&ripemd160_context, 1, &data);
+ ripemd160_update(&ripemd160_context,
+ packet->length,
+ packet->data);
+
+ ripemd160_digest(&ripemd160_context,
+ RIPEMD160_DIGEST_SIZE,
+ fingerprint.fp);
+ fingerprint.length = RIPEMD160_DIGEST_SIZE;
+
+ *keyid = fingerprint2keyid(&fingerprint);
+
+ return ONAK_E_OK;
+ }
+#endif
+ /*
+ * Check for an RSA key; if not return an error.
+ * 1 == RSA
+ * 2 == RSA Encrypt-Only
+ * 3 == RSA Sign-Only
+ */
+ if (packet->data[7] < 1 || packet->data[7] > 3) {
+ return ONAK_E_INVALID_PKT;