Synchronize Sequoia port with upstream API changes sync
authorNeal H. Walfield <neal@pep.foundation>
Mon, 11 Mar 2019 15:39:57 +0100
branchsync
changeset 33321bdce679b688
parent 3331 d11bc639db5c
child 3333 189b5a5eca19
Synchronize Sequoia port with upstream API changes
default.conf
src/pEp_internal.h
src/pgp_sequoia.c
src/pgp_sequoia_internal.h
     1.1 --- a/default.conf	Sat Mar 09 11:50:11 2019 +0100
     1.2 +++ b/default.conf	Mon Mar 11 15:39:57 2019 +0100
     1.3 @@ -236,10 +236,10 @@
     1.4  NETPGP_INC=
     1.5  #NETPGP_INC=-I$(PREFIX)/include
     1.6  
     1.7 -SEQUOIA_CFLAGS=$(shell pkg-config --cflags-only-other sequoia)
     1.8 -SEQUOIA_LDFLAGS=$(shell pkg-config --libs-only-L --libs-only-other sequoia)
     1.9 -SEQUOIA_LIB=$(shell pkg-config --libs-only-l sequoia)
    1.10 -SEQUOIA_INC=$(shell pkg-config --cflags-only-I sequoia)
    1.11 +SEQUOIA_CFLAGS=$(shell pkg-config --cflags-only-other sequoia-openpgp)
    1.12 +SEQUOIA_LDFLAGS=$(shell pkg-config --libs-only-l --libs-only-other sequoia-openpgp)
    1.13 +SEQUOIA_LIB=$(shell pkg-config --libs-only-L sequoia-openpgp)
    1.14 +SEQUOIA_INC=$(shell pkg-config --cflags-only-I sequoia-openpgp)
    1.15  
    1.16  
    1.17  ######### OpenPGP #########
     2.1 --- a/src/pEp_internal.h	Sat Mar 09 11:50:11 2019 +0100
     2.2 +++ b/src/pEp_internal.h	Mon Mar 11 15:39:57 2019 +0100
     2.3 @@ -128,7 +128,6 @@
     2.4  #elif defined(USE_NETPGP)
     2.5      pEpNetPGPSession ctx;
     2.6  #elif defined(USE_SEQUOIA)
     2.7 -    sq_context_t ctx;
     2.8      sqlite3 *key_db;
     2.9      struct {
    2.10          sqlite3_stmt *begin_transaction;
     3.1 --- a/src/pgp_sequoia.c	Sat Mar 09 11:50:11 2019 +0100
     3.2 +++ b/src/pgp_sequoia.c	Mon Mar 11 15:39:57 2019 +0100
     3.3 @@ -16,7 +16,7 @@
     3.4  
     3.5  #include "wrappers.h"
     3.6  
     3.7 -#define TRACE 0
     3.8 +#define TRACING 0
     3.9  #ifndef TRACING
    3.10  #  ifndef NDEBUG
    3.11  #    define TRACING 0
    3.12 @@ -47,25 +47,22 @@
    3.13  } while(0)
    3.14  
    3.15  // Verbosely displays errors.
    3.16 -#  define DUMP_ERR(__de_session, __de_status, ...) do {             \
    3.17 -    TC(__VA_ARGS__);                                                \
    3.18 -    _T(": ");                                                       \
    3.19 -    if ((__de_session->ctx)) {                                      \
    3.20 -        sq_error_t __de_err                                         \
    3.21 -            = sq_context_last_error((__de_session->ctx));           \
    3.22 -        if (__de_err)                                               \
    3.23 -            _T("Sequoia: %s => ", sq_error_string(__de_err));       \
    3.24 -        sq_error_free(__de_err);                                    \
    3.25 -    }                                                               \
    3.26 -    _T("%s\n", pep_status_to_string(__de_status));                  \
    3.27 +#  define DUMP_ERR(__de_err, __de_status, ...) do {             \
    3.28 +    TC(__VA_ARGS__);                                            \
    3.29 +    _T(": ");                                                   \
    3.30 +    if (__de_err) {                                             \
    3.31 +        _T("Sequoia: %s => ", pgp_error_to_string(__de_err));   \
    3.32 +        pgp_error_free(__de_err);                               \
    3.33 +    }                                                           \
    3.34 +    _T("%s\n", pep_status_to_string(__de_status));              \
    3.35  } while(0)
    3.36  
    3.37  // If __ec_status is an error, then disable the error, set 'status' to
    3.38  // it, and jump to 'out'.
    3.39 -#define ERROR_OUT(__e_session, __ec_status, ...) do {               \
    3.40 +#define ERROR_OUT(__e_err, __ec_status, ...) do {                   \
    3.41      PEP_STATUS ___ec_status = (__ec_status);                        \
    3.42      if ((___ec_status) != PEP_STATUS_OK) {                          \
    3.43 -        DUMP_ERR((__e_session), (___ec_status), ##__VA_ARGS__);     \
    3.44 +        DUMP_ERR((__e_err), (___ec_status), ##__VA_ARGS__);         \
    3.45          status = (___ec_status);                                    \
    3.46          goto out;                                                   \
    3.47      }                                                               \
    3.48 @@ -75,22 +72,16 @@
    3.49  {
    3.50      PEP_STATUS status = PEP_STATUS_OK;
    3.51  
    3.52 -    sq_error_t err;
    3.53 -    session->ctx = sq_context_new("foundation.pep", &err);
    3.54 -    if (session->ctx == NULL)
    3.55 -        ERROR_OUT(session, PEP_INIT_GPGME_INIT_FAILED,
    3.56 -                  "initializing sequoia context");
    3.57 -
    3.58      // Create the home directory.
    3.59      char *home_env = getenv("HOME");
    3.60      if (!home_env)
    3.61 -        ERROR_OUT(session, PEP_INIT_GPGME_INIT_FAILED, "HOME unset");
    3.62 +        ERROR_OUT(NULL, PEP_INIT_GPGME_INIT_FAILED, "HOME unset");
    3.63  
    3.64      // Create the DB and initialize it.
    3.65      char *path = NULL;
    3.66      asprintf(&path, "%s/.pEp_keys.db", home_env);
    3.67      if (!path)
    3.68 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
    3.69 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
    3.70  
    3.71      int sqlite_result;
    3.72      sqlite_result = sqlite3_open_v2(path,
    3.73 @@ -102,9 +93,8 @@
    3.74                                      NULL);
    3.75      free(path);
    3.76      if (sqlite_result != SQLITE_OK)
    3.77 -        ERROR_OUT(session, PEP_INIT_CANNOT_OPEN_DB,
    3.78 -                  "opening keys DB: %s",
    3.79 -                  sqlite3_errmsg(session->key_db));
    3.80 +        ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
    3.81 +                  "opening keys DB: %s", sqlite3_errmsg(session->key_db));
    3.82  
    3.83      sqlite_result = sqlite3_exec(session->key_db,
    3.84                                   "PRAGMA secure_delete=true;\n"
    3.85 @@ -113,7 +103,7 @@
    3.86                                   "PRAGMA journal_mode=WAL;\n",
    3.87                                   NULL, NULL, NULL);
    3.88      if (sqlite_result != SQLITE_OK)
    3.89 -        ERROR_OUT(session, PEP_INIT_CANNOT_OPEN_DB,
    3.90 +        ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
    3.91                    "setting pragmas: %s", sqlite3_errmsg(session->key_db));
    3.92  
    3.93      sqlite3_busy_timeout(session->key_db, BUSY_WAIT_TIME);
    3.94 @@ -128,7 +118,7 @@
    3.95                                   "  ON keys (primary_key, secret)\n",
    3.96                                   NULL, NULL, NULL);
    3.97      if (sqlite_result != SQLITE_OK)
    3.98 -        ERROR_OUT(session, PEP_INIT_CANNOT_OPEN_DB,
    3.99 +        ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   3.100                    "creating keys table: %s",
   3.101                    sqlite3_errmsg(session->key_db));
   3.102  
   3.103 @@ -145,7 +135,7 @@
   3.104                                   "  ON subkeys (subkey, primary_key)\n",
   3.105                                   NULL, NULL, NULL);
   3.106      if (sqlite_result != SQLITE_OK)
   3.107 -        ERROR_OUT(session, PEP_INIT_CANNOT_OPEN_DB,
   3.108 +        ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   3.109                    "creating subkeys table: %s",
   3.110                    sqlite3_errmsg(session->key_db));
   3.111  
   3.112 @@ -162,7 +152,7 @@
   3.113                                   "  ON userids (userid, primary_key)\n",
   3.114                                   NULL, NULL, NULL);
   3.115      if (sqlite_result != SQLITE_OK)
   3.116 -        ERROR_OUT(session, PEP_INIT_CANNOT_OPEN_DB,
   3.117 +        ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   3.118                    "creating userids table: %s",
   3.119                    sqlite3_errmsg(session->key_db));
   3.120  
   3.121 @@ -294,28 +284,23 @@
   3.122      if (session->key_db) {
   3.123          int result = sqlite3_close_v2(session->key_db);
   3.124          if (result != 0)
   3.125 -            DUMP_ERR(session, PEP_UNKNOWN_ERROR,
   3.126 +            DUMP_ERR(NULL, PEP_UNKNOWN_ERROR,
   3.127                       "Closing key DB: sqlite3_close_v2: %s",
   3.128                       sqlite3_errstr(result));
   3.129          session->key_db = NULL;
   3.130      }
   3.131 -
   3.132 -    if (session->ctx) {
   3.133 -        sq_context_free(session->ctx);
   3.134 -        session->ctx = NULL;
   3.135 -    }
   3.136  }
   3.137  
   3.138  // Ensures that a fingerprint is in canonical form.  A canonical
   3.139  // fingerprint doesn't contain any white space.
   3.140  //
   3.141  // This function does *not* consume fpr.
   3.142 -static char *sq_fingerprint_canonicalize(const char *) __attribute__((nonnull));
   3.143 -static char *sq_fingerprint_canonicalize(const char *fpr)
   3.144 +static char *pgp_fingerprint_canonicalize(const char *) __attribute__((nonnull));
   3.145 +static char *pgp_fingerprint_canonicalize(const char *fpr)
   3.146  {
   3.147 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
   3.148 -    char *fpr_canonicalized = sq_fingerprint_to_hex(sq_fpr);
   3.149 -    sq_fingerprint_free(sq_fpr);
   3.150 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   3.151 +    char *fpr_canonicalized = pgp_fingerprint_to_hex(pgp_fpr);
   3.152 +    pgp_fingerprint_free(pgp_fpr);
   3.153  
   3.154      return fpr_canonicalized;
   3.155  }
   3.156 @@ -374,10 +359,10 @@
   3.157  }
   3.158  
   3.159  // step statement and load the tpk and secret.
   3.160 -static PEP_STATUS key_load(PEP_SESSION, sqlite3_stmt *, sq_tpk_t *, int *)
   3.161 +static PEP_STATUS key_load(PEP_SESSION, sqlite3_stmt *, pgp_tpk_t *, int *)
   3.162      __attribute__((nonnull(1, 2)));
   3.163  static PEP_STATUS key_load(PEP_SESSION session, sqlite3_stmt *stmt,
   3.164 -                           sq_tpk_t *tpkp, int *secretp)
   3.165 +                           pgp_tpk_t *tpkp, int *secretp)
   3.166  {
   3.167      PEP_STATUS status = PEP_STATUS_OK;
   3.168      int sqlite_result = sqlite3_step(stmt);
   3.169 @@ -387,9 +372,10 @@
   3.170              int data_len = sqlite3_column_bytes(stmt, 0);
   3.171              const void *data = sqlite3_column_blob(stmt, 0);
   3.172  
   3.173 -            *tpkp = sq_tpk_from_bytes(session->ctx, data, data_len);
   3.174 +            pgp_error_t err = NULL;
   3.175 +            *tpkp = pgp_tpk_from_bytes(&err, data, data_len);
   3.176              if (!*tpkp)
   3.177 -                ERROR_OUT(session, PEP_GET_KEY_FAILED, "parsing TPK");
   3.178 +                ERROR_OUT(err, PEP_GET_KEY_FAILED, "parsing TPK");
   3.179          }
   3.180  
   3.181          if (secretp)
   3.182 @@ -401,7 +387,7 @@
   3.183          status = PEP_KEY_NOT_FOUND;
   3.184          break;
   3.185      default:
   3.186 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.187 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.188                    "stepping: %s", sqlite3_errmsg(session->key_db));
   3.189      }
   3.190  
   3.191 @@ -411,32 +397,32 @@
   3.192  }
   3.193  
   3.194  // step statement until exhausted and load the tpks.
   3.195 -static PEP_STATUS key_loadn(PEP_SESSION, sqlite3_stmt *, sq_tpk_t **, int *)
   3.196 +static PEP_STATUS key_loadn(PEP_SESSION, sqlite3_stmt *, pgp_tpk_t **, int *)
   3.197      __attribute__((nonnull));
   3.198  static PEP_STATUS key_loadn(PEP_SESSION session, sqlite3_stmt *stmt,
   3.199 -                            sq_tpk_t **tpksp, int *tpks_countp)
   3.200 +                            pgp_tpk_t **tpksp, int *tpks_countp)
   3.201  {
   3.202      PEP_STATUS status = PEP_STATUS_OK;
   3.203      int tpks_count = 0;
   3.204      int tpks_capacity = 8;
   3.205 -    sq_tpk_t *tpks = calloc(tpks_capacity, sizeof(sq_tpk_t));
   3.206 +    pgp_tpk_t *tpks = calloc(tpks_capacity, sizeof(pgp_tpk_t));
   3.207      if (!tpks)
   3.208 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
   3.209 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   3.210  
   3.211      for (;;) {
   3.212 -        sq_tpk_t tpk = NULL;
   3.213 +        pgp_tpk_t tpk = NULL;
   3.214          status = key_load(session, stmt, &tpk, NULL);
   3.215          if (status == PEP_KEY_NOT_FOUND) {
   3.216              status = PEP_STATUS_OK;
   3.217              break;
   3.218          }
   3.219 -        ERROR_OUT(session, status, "loading TPK");
   3.220 +        ERROR_OUT(NULL, status, "loading TPK");
   3.221  
   3.222          if (tpks_count == tpks_capacity) {
   3.223              tpks_capacity *= 2;
   3.224              tpks = realloc(tpks, sizeof(tpks[0]) * tpks_capacity);
   3.225              if (!tpks)
   3.226 -                ERROR_OUT(session, PEP_OUT_OF_MEMORY, "tpks");
   3.227 +                ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "tpks");
   3.228          }
   3.229          tpks[tpks_count ++] = tpk;
   3.230      }
   3.231 @@ -444,7 +430,7 @@
   3.232   out:
   3.233      if (status != PEP_STATUS_OK) {
   3.234          for (int i = 0; i < tpks_count; i ++)
   3.235 -            sq_tpk_free(tpks[i]);
   3.236 +            pgp_tpk_free(tpks[i]);
   3.237          free(tpks);
   3.238      } else {
   3.239          *tpksp = tpks;
   3.240 @@ -458,22 +444,23 @@
   3.241  // Returns the TPK identified by the provided fingerprint.
   3.242  //
   3.243  // This function only matches on the primary key!
   3.244 -static PEP_STATUS tpk_find(PEP_SESSION, sq_fingerprint_t, int, sq_tpk_t *, int *)
   3.245 +static PEP_STATUS tpk_find(PEP_SESSION, pgp_fingerprint_t, int, pgp_tpk_t *, int *)
   3.246      __attribute__((nonnull(1, 2)));
   3.247  static PEP_STATUS tpk_find(PEP_SESSION session,
   3.248 -                           sq_fingerprint_t fpr, int private_only,
   3.249 -                           sq_tpk_t *tpk, int *secret)
   3.250 +                           pgp_fingerprint_t fpr, int private_only,
   3.251 +                           pgp_tpk_t *tpk, int *secret)
   3.252  {
   3.253      PEP_STATUS status = PEP_STATUS_OK;
   3.254 -    char *fpr_str = sq_fingerprint_to_hex(fpr);
   3.255 +    char *fpr_str = pgp_fingerprint_to_hex(fpr);
   3.256  
   3.257      T("(%s, %d)", fpr_str, private_only);
   3.258  
   3.259 -    sqlite3_stmt *stmt = private_only ? session->sq_sql.tsk_find : session->sq_sql.tpk_find;
   3.260 +    sqlite3_stmt *stmt
   3.261 +        = private_only ? session->sq_sql.tsk_find : session->sq_sql.tpk_find;
   3.262      sqlite3_bind_text(stmt, 1, fpr_str, -1, SQLITE_STATIC);
   3.263  
   3.264      status = key_load(session, stmt, tpk, secret);
   3.265 -    ERROR_OUT(session, status, "Looking up %s", fpr_str);
   3.266 +    ERROR_OUT(NULL, status, "Looking up %s", fpr_str);
   3.267  
   3.268   out:
   3.269      sqlite3_reset(stmt);
   3.270 @@ -493,11 +480,11 @@
   3.271  //
   3.272  // If private_only is set, this will only consider TPKs with some
   3.273  // secret key material.
   3.274 -static PEP_STATUS tpk_find_by_keyid_hex(PEP_SESSION, const char *, int, sq_tpk_t *, int *)
   3.275 +static PEP_STATUS tpk_find_by_keyid_hex(PEP_SESSION, const char *, int, pgp_tpk_t *, int *)
   3.276    __attribute__((nonnull(1, 2)));
   3.277  static PEP_STATUS tpk_find_by_keyid_hex(
   3.278          PEP_SESSION session, const char *keyid_hex, int private_only,
   3.279 -        sq_tpk_t *tpkp, int *secretp)
   3.280 +        pgp_tpk_t *tpkp, int *secretp)
   3.281  {
   3.282      PEP_STATUS status = PEP_STATUS_OK;
   3.283      T("(%s, %d)", keyid_hex, private_only);
   3.284 @@ -507,7 +494,7 @@
   3.285      sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   3.286  
   3.287      status = key_load(session, stmt, tpkp, secretp);
   3.288 -    ERROR_OUT(session, status, "Looking up %s", keyid_hex);
   3.289 +    ERROR_OUT(NULL, status, "Looking up %s", keyid_hex);
   3.290  
   3.291   out:
   3.292      sqlite3_reset(stmt);
   3.293 @@ -516,13 +503,13 @@
   3.294  }
   3.295  
   3.296  // See tpk_find_by_keyid_hex.
   3.297 -PEP_STATUS tpk_find_by_keyid(PEP_SESSION, sq_keyid_t, int, sq_tpk_t *, int *)
   3.298 +PEP_STATUS tpk_find_by_keyid(PEP_SESSION, pgp_keyid_t, int, pgp_tpk_t *, int *)
   3.299      __attribute__((nonnull(1, 2)));
   3.300  PEP_STATUS tpk_find_by_keyid(PEP_SESSION session,
   3.301 -                             sq_keyid_t keyid, int private_only,
   3.302 -                             sq_tpk_t *tpkp, int *secretp)
   3.303 +                             pgp_keyid_t keyid, int private_only,
   3.304 +                             pgp_tpk_t *tpkp, int *secretp)
   3.305  {
   3.306 -    char *keyid_hex = sq_keyid_to_hex(keyid);
   3.307 +    char *keyid_hex = pgp_keyid_to_hex(keyid);
   3.308      if (! keyid_hex)
   3.309          return PEP_OUT_OF_MEMORY;
   3.310      PEP_STATUS status
   3.311 @@ -532,46 +519,46 @@
   3.312  }
   3.313  
   3.314  // See tpk_find_by_keyid_hex.
   3.315 -static PEP_STATUS tpk_find_by_fpr(PEP_SESSION, sq_fingerprint_t, int,
   3.316 -                                  sq_tpk_t *, int *)
   3.317 +static PEP_STATUS tpk_find_by_fpr(PEP_SESSION, pgp_fingerprint_t, int,
   3.318 +                                  pgp_tpk_t *, int *)
   3.319      __attribute__((nonnull(1, 2)));
   3.320  static PEP_STATUS tpk_find_by_fpr(
   3.321 -    PEP_SESSION session, sq_fingerprint_t fpr, int private_only,
   3.322 -    sq_tpk_t *tpkp, int *secretp)
   3.323 +    PEP_SESSION session, pgp_fingerprint_t fpr, int private_only,
   3.324 +    pgp_tpk_t *tpkp, int *secretp)
   3.325  {
   3.326 -    sq_keyid_t keyid = sq_fingerprint_to_keyid(fpr);
   3.327 +    pgp_keyid_t keyid = pgp_fingerprint_to_keyid(fpr);
   3.328      if (! keyid)
   3.329          return PEP_OUT_OF_MEMORY;
   3.330      PEP_STATUS status
   3.331          = tpk_find_by_keyid(session, keyid, private_only, tpkp, secretp);
   3.332 -    sq_keyid_free(keyid);
   3.333 +    pgp_keyid_free(keyid);
   3.334      return status;
   3.335  }
   3.336  
   3.337  // See tpk_find_by_keyid_hex.
   3.338 -static PEP_STATUS tpk_find_by_fpr_hex(PEP_SESSION, const char *, int, sq_tpk_t *, int *secret)
   3.339 +static PEP_STATUS tpk_find_by_fpr_hex(PEP_SESSION, const char *, int, pgp_tpk_t *, int *secret)
   3.340      __attribute__((nonnull(1, 2)));
   3.341  static PEP_STATUS tpk_find_by_fpr_hex(
   3.342      PEP_SESSION session, const char *fpr, int private_only,
   3.343 -    sq_tpk_t *tpkp, int *secretp)
   3.344 +    pgp_tpk_t *tpkp, int *secretp)
   3.345  {
   3.346 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
   3.347 -    if (! sq_fpr)
   3.348 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   3.349 +    if (! pgp_fpr)
   3.350          return PEP_OUT_OF_MEMORY;
   3.351      PEP_STATUS status
   3.352 -        = tpk_find_by_fpr(session, sq_fpr, private_only, tpkp, secretp);
   3.353 -    sq_fingerprint_free(sq_fpr);
   3.354 +        = tpk_find_by_fpr(session, pgp_fpr, private_only, tpkp, secretp);
   3.355 +    pgp_fingerprint_free(pgp_fpr);
   3.356      return status;
   3.357  }
   3.358  
   3.359  // Returns all known TPKs.
   3.360 -static PEP_STATUS tpk_all(PEP_SESSION, int, sq_tpk_t **, int *) __attribute__((nonnull));
   3.361 +static PEP_STATUS tpk_all(PEP_SESSION, int, pgp_tpk_t **, int *) __attribute__((nonnull));
   3.362  static PEP_STATUS tpk_all(PEP_SESSION session, int private_only,
   3.363 -                          sq_tpk_t **tpksp, int *tpks_countp) {
   3.364 +                          pgp_tpk_t **tpksp, int *tpks_countp) {
   3.365      PEP_STATUS status = PEP_STATUS_OK;
   3.366      sqlite3_stmt *stmt = private_only ? session->sq_sql.tsk_all : session->sq_sql.tpk_all;
   3.367      status = key_loadn(session, stmt, tpksp, tpks_countp);
   3.368 -    ERROR_OUT(session, status, "loading TPKs");
   3.369 +    ERROR_OUT(NULL, status, "loading TPKs");
   3.370   out:
   3.371      sqlite3_reset(stmt);
   3.372      return status;
   3.373 @@ -579,12 +566,12 @@
   3.374  
   3.375  // Returns keys that have a user id that matches the specified pattern.
   3.376  //
   3.377 -// The keys returned must be freed using sq_tpk_free.
   3.378 -static PEP_STATUS tpk_find_by_email(PEP_SESSION, const char *, int, sq_tpk_t **, int *)
   3.379 +// The keys returned must be freed using pgp_tpk_free.
   3.380 +static PEP_STATUS tpk_find_by_email(PEP_SESSION, const char *, int, pgp_tpk_t **, int *)
   3.381      __attribute__((nonnull));
   3.382  static PEP_STATUS tpk_find_by_email(PEP_SESSION session,
   3.383                                      const char *pattern, int private_only,
   3.384 -                                    sq_tpk_t **tpksp, int *countp)
   3.385 +                                    pgp_tpk_t **tpksp, int *countp)
   3.386  {
   3.387      PEP_STATUS status = PEP_STATUS_OK;
   3.388      T("(%s)", pattern);
   3.389 @@ -594,7 +581,7 @@
   3.390      sqlite3_bind_text(stmt, 1, pattern, -1, SQLITE_STATIC);
   3.391  
   3.392      status = key_loadn(session, stmt, tpksp, countp);
   3.393 -    ERROR_OUT(session, status, "Searching for '%s'", pattern);
   3.394 +    ERROR_OUT(NULL, status, "Searching for '%s'", pattern);
   3.395  
   3.396   out:
   3.397      sqlite3_reset(stmt);
   3.398 @@ -606,48 +593,52 @@
   3.399  // Saves the specified TPK.
   3.400  //
   3.401  // This function takes ownership of TPK.
   3.402 -static PEP_STATUS tpk_save(PEP_SESSION, sq_tpk_t, identity_list **)
   3.403 +static PEP_STATUS tpk_save(PEP_SESSION, pgp_tpk_t, identity_list **)
   3.404      __attribute__((nonnull(1, 2)));
   3.405 -static PEP_STATUS tpk_save(PEP_SESSION session, sq_tpk_t tpk,
   3.406 +static PEP_STATUS tpk_save(PEP_SESSION session, pgp_tpk_t tpk,
   3.407                             identity_list **private_idents)
   3.408  {
   3.409      PEP_STATUS status = PEP_STATUS_OK;
   3.410 -    sq_fingerprint_t sq_fpr = NULL;
   3.411 +    pgp_error_t err = NULL;
   3.412 +    pgp_fingerprint_t pgp_fpr = NULL;
   3.413      char *fpr = NULL;
   3.414      void *tsk_buffer = NULL;
   3.415      size_t tsk_buffer_len = 0;
   3.416      int tried_commit = 0;
   3.417 -    sq_tpk_key_iter_t key_iter = NULL;
   3.418 -    sq_user_id_binding_iter_t user_id_iter = NULL;
   3.419 +    pgp_tpk_key_iter_t key_iter = NULL;
   3.420 +    pgp_user_id_binding_iter_t user_id_iter = NULL;
   3.421  
   3.422 -    sq_fpr = sq_tpk_fingerprint(tpk);
   3.423 -    fpr = sq_fingerprint_to_hex(sq_fpr);
   3.424 +    pgp_fpr = pgp_tpk_fingerprint(tpk);
   3.425 +    fpr = pgp_fingerprint_to_hex(pgp_fpr);
   3.426      T("(%s, private_idents: %s)", fpr, private_idents ? "yes" : "no");
   3.427  
   3.428      // Merge any existing data into TPK.
   3.429 -    sq_tpk_t current = NULL;
   3.430 -    status = tpk_find(session, sq_fpr, false, &current, NULL);
   3.431 +    pgp_tpk_t current = NULL;
   3.432 +    status = tpk_find(session, pgp_fpr, false, &current, NULL);
   3.433      if (status == PEP_KEY_NOT_FOUND)
   3.434          status = PEP_STATUS_OK;
   3.435      else
   3.436 -        ERROR_OUT(session, status, "Looking up %s", fpr);
   3.437 -    if (current)
   3.438 -        tpk = sq_tpk_merge(session->ctx, tpk, current);
   3.439 +        ERROR_OUT(NULL, status, "Looking up %s", fpr);
   3.440 +    if (current) {
   3.441 +        tpk = pgp_tpk_merge(&err, tpk, current);
   3.442 +        if (! tpk)
   3.443 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Merging TPKs");
   3.444 +    }
   3.445  
   3.446 -    int is_tsk = sq_tpk_is_tsk(tpk);
   3.447 +    int is_tsk = pgp_tpk_is_tsk(tpk);
   3.448  
   3.449      // Serialize it.
   3.450 -    sq_writer_t writer = sq_writer_alloc(&tsk_buffer, &tsk_buffer_len);
   3.451 +    pgp_writer_t writer = pgp_writer_alloc(&tsk_buffer, &tsk_buffer_len);
   3.452      if (! writer)
   3.453 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
   3.454 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   3.455  
   3.456 -    sq_status_t sq_status;
   3.457 -    sq_tsk_t tsk = sq_tpk_into_tsk(tpk);
   3.458 -    sq_status = sq_tsk_serialize(session->ctx, tsk, writer);
   3.459 -    tpk = sq_tsk_into_tpk(tsk);
   3.460 -    //sq_writer_free(writer);
   3.461 -    if (sq_status != 0)
   3.462 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Serializing TPK");
   3.463 +    pgp_status_t pgp_status;
   3.464 +    pgp_tsk_t tsk = pgp_tpk_into_tsk(tpk);
   3.465 +    pgp_status = pgp_tsk_serialize(&err, tsk, writer);
   3.466 +    tpk = pgp_tsk_into_tpk(tsk);
   3.467 +    //pgp_writer_free(writer);
   3.468 +    if (pgp_status != 0)
   3.469 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Serializing TPK");
   3.470  
   3.471  
   3.472      // Insert the TSK into the DB.
   3.473 @@ -655,7 +646,7 @@
   3.474      int sqlite_result = sqlite3_step(stmt);
   3.475      sqlite3_reset(stmt);
   3.476      if (sqlite_result != SQLITE_DONE)
   3.477 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.478 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.479                    "begin transaction failed: %s",
   3.480                    sqlite3_errmsg(session->key_db));
   3.481  
   3.482 @@ -667,45 +658,45 @@
   3.483      sqlite_result = sqlite3_step(stmt);
   3.484      sqlite3_reset(stmt);
   3.485      if (sqlite_result != SQLITE_DONE)
   3.486 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.487 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.488                    "Saving TPK: %s", sqlite3_errmsg(session->key_db));
   3.489  
   3.490      // Insert the "subkeys" (the primary key and the subkeys).
   3.491      stmt = session->sq_sql.tpk_save_insert_subkeys;
   3.492 -    key_iter = sq_tpk_key_iter(tpk);
   3.493 -    sq_p_key_t key;
   3.494 -    while ((key = sq_tpk_key_iter_next(key_iter, NULL, NULL))) {
   3.495 -        sq_keyid_t keyid = sq_p_key_keyid(key);
   3.496 -        char *keyid_hex = sq_keyid_to_hex(keyid);
   3.497 +    key_iter = pgp_tpk_key_iter(tpk);
   3.498 +    pgp_key_t key;
   3.499 +    while ((key = pgp_tpk_key_iter_next(key_iter, NULL, NULL))) {
   3.500 +        pgp_keyid_t keyid = pgp_key_keyid(key);
   3.501 +        char *keyid_hex = pgp_keyid_to_hex(keyid);
   3.502          sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   3.503          sqlite3_bind_text(stmt, 2, fpr, -1, SQLITE_STATIC);
   3.504  
   3.505          sqlite_result = sqlite3_step(stmt);
   3.506          sqlite3_reset(stmt);
   3.507          free(keyid_hex);
   3.508 -        sq_keyid_free(keyid);
   3.509 +        pgp_keyid_free(keyid);
   3.510          if (sqlite_result != SQLITE_DONE) {
   3.511 -            sq_tpk_key_iter_free(key_iter);
   3.512 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.513 +            pgp_tpk_key_iter_free(key_iter);
   3.514 +            ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.515                        "Updating subkeys: %s", sqlite3_errmsg(session->key_db));
   3.516          }
   3.517      }
   3.518 -    sq_tpk_key_iter_free(key_iter);
   3.519 +    pgp_tpk_key_iter_free(key_iter);
   3.520      key_iter = NULL;
   3.521  
   3.522      // Insert the "userids".
   3.523      stmt = session->sq_sql.tpk_save_insert_userids;
   3.524 -    user_id_iter = sq_tpk_user_id_binding_iter(tpk);
   3.525 -    sq_user_id_binding_t binding;
   3.526 +    user_id_iter = pgp_tpk_user_id_binding_iter(tpk);
   3.527 +    pgp_user_id_binding_t binding;
   3.528      int first = 1;
   3.529 -    while ((binding = sq_user_id_binding_iter_next(user_id_iter))) {
   3.530 -        char *user_id = sq_user_id_binding_user_id(binding);
   3.531 +    while ((binding = pgp_user_id_binding_iter_next(user_id_iter))) {
   3.532 +        char *user_id = pgp_user_id_binding_user_id(binding);
   3.533          if (!user_id || !*user_id)
   3.534              continue;
   3.535  
   3.536          // Ignore bindings with a self-revocation certificate, but no
   3.537          // self-signature.
   3.538 -        if (!sq_user_id_binding_selfsig(binding)) {
   3.539 +        if (!pgp_user_id_binding_selfsig(binding)) {
   3.540              free(user_id);
   3.541              continue;
   3.542          }
   3.543 @@ -724,9 +715,9 @@
   3.544              sqlite3_reset(stmt);
   3.545  
   3.546              if (sqlite_result != SQLITE_DONE) {
   3.547 -                sq_user_id_binding_iter_free(user_id_iter);
   3.548 +                pgp_user_id_binding_iter_free(user_id_iter);
   3.549                  free(name);
   3.550 -                ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.551 +                ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.552                            "Updating userids: %s", sqlite3_errmsg(session->key_db));
   3.553              }
   3.554          }
   3.555 @@ -737,17 +728,17 @@
   3.556              // Create an identity for the primary user id.
   3.557              pEp_identity *ident = new_identity(email, fpr, NULL, name);
   3.558              if (ident == NULL)
   3.559 -                ERROR_OUT(session, PEP_OUT_OF_MEMORY, "new_identity");
   3.560 +                ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_identity");
   3.561  
   3.562              *private_idents = identity_list_add(*private_idents, ident);
   3.563              if (*private_idents == NULL)
   3.564 -                ERROR_OUT(session, PEP_OUT_OF_MEMORY, "identity_list_add");
   3.565 +                ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "identity_list_add");
   3.566          }
   3.567          free(email);
   3.568          free(name);
   3.569  
   3.570      }
   3.571 -    sq_user_id_binding_iter_free(user_id_iter);
   3.572 +    pgp_user_id_binding_iter_free(user_id_iter);
   3.573      user_id_iter = NULL;
   3.574  
   3.575   out:
   3.576 @@ -760,7 +751,7 @@
   3.577          int sqlite_result = sqlite3_step(stmt);
   3.578          sqlite3_reset(stmt);
   3.579          if (sqlite_result != SQLITE_DONE)
   3.580 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR,
   3.581 +            ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   3.582                        status == PEP_STATUS_OK
   3.583                        ? "commit failed: %s" : "rollback failed: %s",
   3.584                        sqlite3_errmsg(session->key_db));
   3.585 @@ -769,16 +760,16 @@
   3.586      T("(%s) -> %s", fpr, pep_status_to_string(status));
   3.587  
   3.588      if (user_id_iter)
   3.589 -        sq_user_id_binding_iter_free(user_id_iter);
   3.590 +        pgp_user_id_binding_iter_free(user_id_iter);
   3.591      if (key_iter)
   3.592 -        sq_tpk_key_iter_free(key_iter);
   3.593 +        pgp_tpk_key_iter_free(key_iter);
   3.594      if (stmt)
   3.595        sqlite3_reset(stmt);
   3.596      free(tsk_buffer);
   3.597      if (tpk)
   3.598 -        sq_tpk_free(tpk);
   3.599 +        pgp_tpk_free(tpk);
   3.600      free(fpr);
   3.601 -    sq_fingerprint_free(sq_fpr);
   3.602 +    pgp_fingerprint_free(pgp_fpr);
   3.603  
   3.604      return status;
   3.605  }
   3.606 @@ -794,10 +785,10 @@
   3.607      int decrypted;
   3.608  };
   3.609  
   3.610 -static sq_status_t
   3.611 +static pgp_status_t
   3.612  get_public_keys_cb(void *cookie_raw,
   3.613 -                   sq_keyid_t *keyids, size_t keyids_len,
   3.614 -                   sq_tpk_t **tpks, size_t *tpk_len,
   3.615 +                   pgp_keyid_t *keyids, size_t keyids_len,
   3.616 +                   pgp_tpk_t **tpks, size_t *tpk_len,
   3.617                     void (**our_free)(void *))
   3.618  {
   3.619      struct decrypt_cookie *cookie = cookie_raw;
   3.620 @@ -805,47 +796,48 @@
   3.621  
   3.622      *tpks = calloc(keyids_len, sizeof(*tpks));
   3.623      if (!*tpks)
   3.624 -        return SQ_STATUS_UNKNOWN_ERROR;
   3.625 +        return PGP_STATUS_UNKNOWN_ERROR;
   3.626      *our_free = free;
   3.627  
   3.628      int i, j;
   3.629      j = 0;
   3.630      for (i = 0; i < keyids_len; i ++) {
   3.631 -        sq_tpk_t tpk = NULL;
   3.632 -        sq_status_t status
   3.633 +        pgp_tpk_t tpk = NULL;
   3.634 +        pgp_status_t status
   3.635              = tpk_find_by_keyid(session, keyids[i], false, &tpk, NULL);
   3.636 -        if (status == SQ_STATUS_SUCCESS)
   3.637 +        if (status == PGP_STATUS_SUCCESS)
   3.638              (*tpks)[j ++] = tpk;
   3.639      }
   3.640      *tpk_len = j;
   3.641 -    return SQ_STATUS_SUCCESS;
   3.642 +    return PGP_STATUS_SUCCESS;
   3.643  }
   3.644  
   3.645 -static sq_status_t
   3.646 +static pgp_status_t
   3.647  get_secret_keys_cb(void *cookie_opaque,
   3.648 -                   sq_pkesk_t *pkesks, size_t pkesk_count,
   3.649 -                   sq_skesk_t *skesks, size_t skesk_count,
   3.650 -                   sq_secret_t *secret)
   3.651 +                   pgp_pkesk_t *pkesks, size_t pkesk_count,
   3.652 +                   pgp_skesk_t *skesks, size_t skesk_count,
   3.653 +                   pgp_secret_t *secret)
   3.654  {
   3.655 +    pgp_error_t err = NULL;
   3.656      struct decrypt_cookie *cookie = cookie_opaque;
   3.657      PEP_SESSION session = cookie->session;
   3.658 -    sq_tpk_t *tsks = NULL;
   3.659 +    pgp_tpk_t *tsks = NULL;
   3.660      int tsks_count = 0;
   3.661      int wildcards = 0;
   3.662  
   3.663      if (cookie->get_secret_keys_called)
   3.664          // Prevent iterations, which isn't needed since we don't
   3.665          // support SKESKs.
   3.666 -        return SQ_STATUS_UNKNOWN_ERROR;
   3.667 +        return PGP_STATUS_UNKNOWN_ERROR;
   3.668      cookie->get_secret_keys_called = 1;
   3.669  
   3.670      T("%zd PKESKs", pkesk_count);
   3.671  
   3.672      for (int i = 0; i < pkesk_count; i ++) {
   3.673 -        sq_pkesk_t pkesk = pkesks[i];
   3.674 -        sq_keyid_t keyid = sq_pkesk_recipient(pkesk); /* Reference. */
   3.675 -        char *keyid_str = sq_keyid_to_hex(keyid);
   3.676 -        sq_tpk_key_iter_t key_iter = NULL;
   3.677 +        pgp_pkesk_t pkesk = pkesks[i];
   3.678 +        pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
   3.679 +        char *keyid_str = pgp_keyid_to_hex(keyid);
   3.680 +        pgp_tpk_key_iter_t key_iter = NULL;
   3.681  
   3.682          T("Considering PKESK for %s", keyid_str);
   3.683  
   3.684 @@ -857,31 +849,31 @@
   3.685  
   3.686          // Collect the recipients.  Note: we must return the primary
   3.687          // key's fingerprint.
   3.688 -        sq_tpk_t tpk = NULL;
   3.689 +        pgp_tpk_t tpk = NULL;
   3.690          int is_tsk = 0;
   3.691          if (tpk_find_by_keyid(session, keyid, false, &tpk, &is_tsk) != PEP_STATUS_OK)
   3.692              goto eol;
   3.693  
   3.694 -        sq_fingerprint_t fp = sq_tpk_fingerprint(tpk);
   3.695 -        char *fp_string = sq_fingerprint_to_hex(fp);
   3.696 +        pgp_fingerprint_t fp = pgp_tpk_fingerprint(tpk);
   3.697 +        char *fp_string = pgp_fingerprint_to_hex(fp);
   3.698          stringlist_add_unique(cookie->recipient_keylist, fp_string);
   3.699          free(fp_string);
   3.700 -        sq_fingerprint_free(fp);
   3.701 +        pgp_fingerprint_free(fp);
   3.702  
   3.703          if (cookie->decrypted)
   3.704              goto eol;
   3.705  
   3.706          // See if we have the secret key.
   3.707 -        assert(is_tsk == sq_tpk_is_tsk(tpk));
   3.708 +        assert(is_tsk == pgp_tpk_is_tsk(tpk));
   3.709          if (! is_tsk)
   3.710              goto eol;
   3.711  
   3.712 -        key_iter = sq_tpk_key_iter(tpk);
   3.713 -        sq_p_key_t key;
   3.714 -        while ((key = sq_tpk_key_iter_next(key_iter, NULL, NULL))) {
   3.715 -            sq_keyid_t this_keyid = sq_p_key_keyid(key);
   3.716 -            char *this_keyid_hex = sq_keyid_to_hex(this_keyid);
   3.717 -            sq_keyid_free(this_keyid);
   3.718 +        key_iter = pgp_tpk_key_iter(tpk);
   3.719 +        pgp_key_t key;
   3.720 +        while ((key = pgp_tpk_key_iter_next(key_iter, NULL, NULL))) {
   3.721 +            pgp_keyid_t this_keyid = pgp_key_keyid(key);
   3.722 +            char *this_keyid_hex = pgp_keyid_to_hex(this_keyid);
   3.723 +            pgp_keyid_free(this_keyid);
   3.724  
   3.725              int match = strcmp(keyid_str, this_keyid_hex) == 0;
   3.726              free(this_keyid_hex);
   3.727 @@ -894,56 +886,59 @@
   3.728              goto eol;
   3.729          }
   3.730  
   3.731 +        fprintf(stderr, "key: %s\n", pgp_key_debug(key));
   3.732 +
   3.733          uint8_t algo;
   3.734          uint8_t session_key[1024];
   3.735          size_t session_key_len = sizeof(session_key);
   3.736 -        if (sq_pkesk_decrypt(cookie->session->ctx,
   3.737 -                             pkesk, key, &algo,
   3.738 -                             session_key, &session_key_len) != 0) {
   3.739 -            DUMP_ERR(session, PEP_UNKNOWN_ERROR, "sq_pkesk_decrypt");
   3.740 +        if (pgp_pkesk_decrypt(&err, pkesk, key, &algo,
   3.741 +                              session_key, &session_key_len) != 0) {
   3.742 +            DUMP_ERR(err, PEP_UNKNOWN_ERROR, "pgp_pkesk_decrypt");
   3.743              goto eol;
   3.744          }
   3.745  
   3.746          T("Decrypted PKESK for %s", keyid_str);
   3.747  
   3.748 -        *secret = sq_secret_cached(algo, session_key, session_key_len);
   3.749 +        *secret = pgp_secret_cached(algo, session_key, session_key_len);
   3.750          cookie->decrypted = 1;
   3.751  
   3.752      eol:
   3.753          free(keyid_str);
   3.754          if (key_iter)
   3.755 -            sq_tpk_key_iter_free(key_iter);
   3.756 +            pgp_tpk_key_iter_free(key_iter);
   3.757          if (tpk)
   3.758 -            sq_tpk_free(tpk);
   3.759 +            pgp_tpk_free(tpk);
   3.760      }
   3.761  
   3.762      // Consider wildcard recipients.
   3.763      if (wildcards) for (int i = 0; i < pkesk_count && !cookie->decrypted; i ++) {
   3.764 -        sq_pkesk_t pkesk = pkesks[i];
   3.765 -        sq_keyid_t keyid = sq_pkesk_recipient(pkesk); /* Reference. */
   3.766 -        char *keyid_str = sq_keyid_to_hex(keyid);
   3.767 -        sq_tpk_key_iter_t key_iter = NULL;
   3.768 +        pgp_pkesk_t pkesk = pkesks[i];
   3.769 +        pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
   3.770 +        char *keyid_str = pgp_keyid_to_hex(keyid);
   3.771 +        pgp_tpk_key_iter_t key_iter = NULL;
   3.772  
   3.773          if (strcmp(keyid_str, "0000000000000000") != 0)
   3.774              goto eol2;
   3.775  
   3.776          if (!tsks) {
   3.777              if (tpk_all(session, true, &tsks, &tsks_count) != PEP_STATUS_OK) {
   3.778 -                DUMP_ERR(session, PEP_UNKNOWN_ERROR, "Getting all tsks");
   3.779 +                DUMP_ERR(NULL, PEP_UNKNOWN_ERROR, "Getting all tsks");
   3.780              }
   3.781          }
   3.782  
   3.783          for (int j = 0; j < tsks_count; j ++) {
   3.784 -            sq_tpk_t tsk = tsks[j];
   3.785 +            pgp_tpk_t tsk = tsks[j];
   3.786  
   3.787 -            key_iter = sq_tpk_key_iter(tsk);
   3.788 -            sq_p_key_t key;
   3.789 -            sq_signature_t selfsig;
   3.790 -            while ((key = sq_tpk_key_iter_next(key_iter, &selfsig, NULL))) {
   3.791 -                if (! (sq_signature_can_encrypt_at_rest(selfsig)
   3.792 -                       || sq_signature_can_encrypt_for_transport(selfsig)))
   3.793 +            key_iter = pgp_tpk_key_iter(tsk);
   3.794 +            pgp_key_t key;
   3.795 +            pgp_signature_t selfsig;
   3.796 +            while ((key = pgp_tpk_key_iter_next(key_iter, &selfsig, NULL))) {
   3.797 +                if (! (pgp_signature_can_encrypt_at_rest(selfsig)
   3.798 +                       || pgp_signature_can_encrypt_for_transport(selfsig)))
   3.799                      continue;
   3.800  
   3.801 +                fprintf(stderr, "key: %s\n", pgp_key_debug(key));
   3.802 +
   3.803                  // Note: for decryption to appear to succeed, we must
   3.804                  // get a valid algorithm (8 of 256 values) and a
   3.805                  // 16-bit checksum must match.  Thus, we have about a
   3.806 @@ -951,64 +946,67 @@
   3.807                  uint8_t algo;
   3.808                  uint8_t session_key[1024];
   3.809                  size_t session_key_len = sizeof(session_key);
   3.810 -                if (sq_pkesk_decrypt(cookie->session->ctx, pkesk, key,
   3.811 -                                     &algo, session_key, &session_key_len))
   3.812 +                if (pgp_pkesk_decrypt(&err, pkesk, key,
   3.813 +                                      &algo, session_key, &session_key_len)) {
   3.814 +                    pgp_error_free(err);
   3.815 +                    err = NULL;
   3.816                      continue;
   3.817 +                }
   3.818  
   3.819                  // Add it to the recipient list.
   3.820 -                sq_fingerprint_t fp = sq_tpk_fingerprint(tsk);
   3.821 -                char *fp_string = sq_fingerprint_to_hex(fp);
   3.822 +                pgp_fingerprint_t fp = pgp_tpk_fingerprint(tsk);
   3.823 +                char *fp_string = pgp_fingerprint_to_hex(fp);
   3.824                  T("wildcard recipient appears to be %s", fp_string);
   3.825                  stringlist_add_unique(cookie->recipient_keylist, fp_string);
   3.826                  free(fp_string);
   3.827 -                sq_fingerprint_free(fp);
   3.828 +                pgp_fingerprint_free(fp);
   3.829  
   3.830 -                *secret = sq_secret_cached(algo, session_key, session_key_len);
   3.831 +                *secret = pgp_secret_cached(algo, session_key, session_key_len);
   3.832                  cookie->decrypted = 1;
   3.833              }
   3.834  
   3.835 -            sq_tpk_key_iter_free(key_iter);
   3.836 +            pgp_tpk_key_iter_free(key_iter);
   3.837              key_iter = NULL;
   3.838          }
   3.839      eol2:
   3.840          free(keyid_str);
   3.841          if (key_iter)
   3.842 -            sq_tpk_key_iter_free(key_iter);
   3.843 +            pgp_tpk_key_iter_free(key_iter);
   3.844      }
   3.845  
   3.846      if (tsks) {
   3.847          for (int i = 0; i < tsks_count; i ++)
   3.848 -            sq_tpk_free(tsks[i]);
   3.849 +            pgp_tpk_free(tsks[i]);
   3.850          free(tsks);
   3.851      }
   3.852  
   3.853 -    return cookie->decrypted ? SQ_STATUS_SUCCESS : SQ_STATUS_UNKNOWN_ERROR;
   3.854 +    return cookie->decrypted ? PGP_STATUS_SUCCESS : PGP_STATUS_UNKNOWN_ERROR;
   3.855  }
   3.856  
   3.857 -static sq_status_t
   3.858 +static pgp_status_t
   3.859  check_signatures_cb(void *cookie_opaque,
   3.860 -                   sq_verification_results_t results, size_t levels)
   3.861 +                   pgp_verification_results_t results, size_t levels)
   3.862  {
   3.863      struct decrypt_cookie *cookie = cookie_opaque;
   3.864      PEP_SESSION session = cookie->session;
   3.865  
   3.866      int level;
   3.867      for (level = 0; level < levels; level ++) {
   3.868 -        sq_verification_result_t *vrs;
   3.869 +        pgp_verification_result_t *vrs;
   3.870          size_t vr_count;
   3.871 -        sq_verification_results_at_level(results, level, &vrs, &vr_count);
   3.872 +        pgp_verification_results_at_level(results, level, &vrs, &vr_count);
   3.873  
   3.874          int i;
   3.875          for (i = 0; i < vr_count; i ++) {
   3.876 -            sq_tpk_t tpk = NULL;
   3.877 -            sq_verification_result_code_t code
   3.878 -                = sq_verification_result_code(vrs[i]);
   3.879 +            pgp_tpk_t tpk = NULL;
   3.880 +            pgp_verification_result_code_t code
   3.881 +                = pgp_verification_result_code(vrs[i]);
   3.882  
   3.883 -            if (code == SQ_VERIFICATION_RESULT_CODE_BAD_CHECKSUM) {
   3.884 +            if (code == PGP_VERIFICATION_RESULT_CODE_BAD_CHECKSUM) {
   3.885                  cookie->bad_checksums ++;
   3.886                  continue;
   3.887              }
   3.888 -            if (code == SQ_VERIFICATION_RESULT_CODE_MISSING_KEY) {
   3.889 +            if (code == PGP_VERIFICATION_RESULT_CODE_MISSING_KEY) {
   3.890                  // No key, nothing we can do.
   3.891                  cookie->missing_keys ++;
   3.892                  continue;
   3.893 @@ -1016,33 +1014,33 @@
   3.894  
   3.895              // We need to add the fingerprint of the primary key to
   3.896              // cookie->signer_keylist.
   3.897 -            sq_signature_t sig = sq_verification_result_signature(vrs[i]);
   3.898 +            pgp_signature_t sig = pgp_verification_result_signature(vrs[i]);
   3.899  
   3.900              // First try looking up by the TPK using the
   3.901              // IssuerFingerprint subpacket.
   3.902 -            sq_fingerprint_t issuer_fp = sq_signature_issuer_fingerprint(sig);
   3.903 +            pgp_fingerprint_t issuer_fp = pgp_signature_issuer_fingerprint(sig);
   3.904              if (issuer_fp) {
   3.905 -                sq_keyid_t issuer = sq_fingerprint_to_keyid(issuer_fp);
   3.906 +                pgp_keyid_t issuer = pgp_fingerprint_to_keyid(issuer_fp);
   3.907                  if (tpk_find_by_keyid(session, issuer, false, &tpk, NULL) != PEP_STATUS_OK)
   3.908                      ; // Soft error.  Ignore.
   3.909 -                sq_keyid_free(issuer);
   3.910 -                sq_fingerprint_free(issuer_fp);
   3.911 +                pgp_keyid_free(issuer);
   3.912 +                pgp_fingerprint_free(issuer_fp);
   3.913              }
   3.914  
   3.915              // If that is not available, try using the Issuer subpacket.
   3.916              if (!tpk) {
   3.917 -                sq_keyid_t issuer = sq_signature_issuer(sig);
   3.918 +                pgp_keyid_t issuer = pgp_signature_issuer(sig);
   3.919                  if (issuer) {
   3.920                      if (tpk_find_by_keyid(session, issuer, false, &tpk, NULL) != PEP_STATUS_OK)
   3.921                          ; // Soft error.  Ignore.
   3.922                  }
   3.923 -                sq_keyid_free(issuer);
   3.924 +                pgp_keyid_free(issuer);
   3.925              }
   3.926  
   3.927              if (tpk) {
   3.928                  // Ok, we have a TPK.
   3.929 -                sq_fingerprint_t fp = sq_tpk_fingerprint(tpk);
   3.930 -                char *fp_str = sq_fingerprint_to_hex(fp);
   3.931 +                pgp_fingerprint_t fp = pgp_tpk_fingerprint(tpk);
   3.932 +                char *fp_str = pgp_fingerprint_to_hex(fp);
   3.933                  stringlist_add_unique(cookie->signer_keylist, fp_str);
   3.934  
   3.935                  // XXX: Check that the TPK and the key used to make
   3.936 @@ -1053,11 +1051,11 @@
   3.937                  cookie->good_checksums ++;
   3.938  
   3.939                  free(fp_str);
   3.940 -                sq_fingerprint_free(fp);
   3.941 -                sq_tpk_free(tpk);
   3.942 +                pgp_fingerprint_free(fp);
   3.943 +                pgp_tpk_free(tpk);
   3.944              } else {
   3.945                  // If we get
   3.946 -                // SQ_VERIFICATION_RESULT_CODE_GOOD_CHECKSUM, then the
   3.947 +                // PGP_VERIFICATION_RESULT_CODE_GOOD_CHECKSUM, then the
   3.948                  // TPK should be available.  But, another process
   3.949                  // could have deleted the key from the store in the
   3.950                  // mean time, so be tolerant.
   3.951 @@ -1066,7 +1064,7 @@
   3.952          }
   3.953      }
   3.954  
   3.955 -    return SQ_STATUS_SUCCESS;
   3.956 +    return PGP_STATUS_SUCCESS;
   3.957  }
   3.958  
   3.959  PEP_STATUS pgp_decrypt_and_verify(
   3.960 @@ -1077,8 +1075,8 @@
   3.961  {
   3.962      PEP_STATUS status = PEP_STATUS_OK;
   3.963      struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, };
   3.964 -    sq_reader_t reader = NULL;
   3.965 -    sq_writer_t writer = NULL;
   3.966 +    pgp_reader_t reader = NULL;
   3.967 +    pgp_writer_t writer = NULL;
   3.968      *ptext = NULL;
   3.969      *psize = 0;
   3.970  
   3.971 @@ -1088,40 +1086,42 @@
   3.972  
   3.973      cookie.recipient_keylist = new_stringlist(NULL);
   3.974      if (!cookie.recipient_keylist)
   3.975 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "recipient_keylist");
   3.976 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "recipient_keylist");
   3.977  
   3.978      cookie.signer_keylist = new_stringlist(NULL);
   3.979      if (!cookie.signer_keylist)
   3.980 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "signer_keylist");
   3.981 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "signer_keylist");
   3.982  
   3.983 -    reader = sq_reader_from_bytes((const uint8_t *) ctext, csize);
   3.984 +    reader = pgp_reader_from_bytes((const uint8_t *) ctext, csize);
   3.985      if (! reader)
   3.986 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "Creating reader");
   3.987 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
   3.988  
   3.989 -    writer = sq_writer_alloc((void **) ptext, psize);
   3.990 +    writer = pgp_writer_alloc((void **) ptext, psize);
   3.991      if (! writer)
   3.992 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Creating writer");
   3.993 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "Creating writer");
   3.994  
   3.995 -    sq_status_t sq_status = sq_decrypt(session->ctx, reader, writer,
   3.996 -                                       get_public_keys_cb, get_secret_keys_cb,
   3.997 -                                       check_signatures_cb, &cookie);
   3.998 -    if (sq_status)
   3.999 -        ERROR_OUT(session, PEP_DECRYPT_NO_KEY, "sq_decrypt");
  3.1000 +    pgp_error_t err = NULL;
  3.1001 +    pgp_status_t pgp_status
  3.1002 +        = pgp_decrypt(&err, reader, writer,
  3.1003 +                      get_public_keys_cb, get_secret_keys_cb,
  3.1004 +                      check_signatures_cb, &cookie);
  3.1005 +    if (pgp_status)
  3.1006 +        ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "pgp_decrypt");
  3.1007  
  3.1008      if (! cookie.decrypted)
  3.1009 -        ERROR_OUT(session, PEP_DECRYPT_NO_KEY, "Decryption failed");
  3.1010 +        ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "Decryption failed");
  3.1011  
  3.1012      // Add a terminating NUL for naive users
  3.1013      void *t = realloc(*ptext, *psize + 1);
  3.1014      if (! t)
  3.1015 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1016 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1017      *ptext = t;
  3.1018      (*ptext)[*psize] = 0;
  3.1019  
  3.1020      if (! cookie.signer_keylist) {
  3.1021          cookie.signer_keylist = new_stringlist("");
  3.1022          if (! cookie.signer_keylist)
  3.1023 -            ERROR_OUT(session, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  3.1024 +            ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  3.1025      }
  3.1026      if (!cookie.signer_keylist->value)
  3.1027          stringlist_add(cookie.signer_keylist, "");
  3.1028 @@ -1150,9 +1150,9 @@
  3.1029      }
  3.1030  
  3.1031      if (reader)
  3.1032 -        sq_reader_free(reader);
  3.1033 +        pgp_reader_free(reader);
  3.1034      if (writer)
  3.1035 -        sq_writer_free(writer);
  3.1036 +        pgp_writer_free(writer);
  3.1037  
  3.1038      T("-> %s", pep_status_to_string(status));
  3.1039      return status;
  3.1040 @@ -1163,40 +1163,41 @@
  3.1041      const char *signature, size_t sig_size, stringlist_t **keylist)
  3.1042  {
  3.1043      PEP_STATUS status = PEP_STATUS_OK;
  3.1044 +    pgp_error_t err = NULL;
  3.1045      struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, };
  3.1046 -    sq_reader_t reader = NULL;
  3.1047 -    sq_reader_t dsig_reader = NULL;
  3.1048 +    pgp_reader_t reader = NULL;
  3.1049 +    pgp_reader_t dsig_reader = NULL;
  3.1050  
  3.1051      if (size == 0 || sig_size == 0)
  3.1052          return PEP_DECRYPT_WRONG_FORMAT;
  3.1053  
  3.1054      cookie.recipient_keylist = new_stringlist(NULL);
  3.1055      if (!cookie.recipient_keylist)
  3.1056 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1057 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1058  
  3.1059      cookie.signer_keylist = new_stringlist(NULL);
  3.1060      if (!cookie.signer_keylist)
  3.1061 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1062 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1063  
  3.1064 -    reader = sq_reader_from_bytes((const uint8_t *) text, size);
  3.1065 +    reader = pgp_reader_from_bytes((const uint8_t *) text, size);
  3.1066      if (! reader)
  3.1067 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "Creating reader");
  3.1068 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
  3.1069  
  3.1070      dsig_reader = NULL;
  3.1071      if (signature) {
  3.1072 -        dsig_reader = sq_reader_from_bytes((uint8_t *) signature, sig_size);
  3.1073 +        dsig_reader = pgp_reader_from_bytes((uint8_t *) signature, sig_size);
  3.1074          if (! dsig_reader)
  3.1075 -            ERROR_OUT(session, PEP_OUT_OF_MEMORY, "Creating signature reader");
  3.1076 +            ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating signature reader");
  3.1077      }
  3.1078  
  3.1079 -    if (sq_verify(session->ctx, reader, dsig_reader, /* output */ NULL,
  3.1080 +    if (pgp_verify(&err, reader, dsig_reader, /* output */ NULL,
  3.1081                    get_public_keys_cb, check_signatures_cb, &cookie))
  3.1082 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "sq_verify");
  3.1083 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "pgp_verify");
  3.1084  
  3.1085      if (! cookie.signer_keylist) {
  3.1086          cookie.signer_keylist = new_stringlist("");
  3.1087          if (! cookie.signer_keylist)
  3.1088 -            ERROR_OUT(session, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  3.1089 +            ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  3.1090      }
  3.1091      if (!cookie.signer_keylist->value)
  3.1092          stringlist_add(cookie.signer_keylist, "");
  3.1093 @@ -1224,9 +1225,9 @@
  3.1094      }
  3.1095  
  3.1096      if (reader)
  3.1097 -        sq_reader_free(reader);
  3.1098 +        pgp_reader_free(reader);
  3.1099      if (dsig_reader)
  3.1100 -        sq_reader_free(dsig_reader);
  3.1101 +        pgp_reader_free(dsig_reader);
  3.1102  
  3.1103      T("-> %s", pep_status_to_string(status));
  3.1104      return status;
  3.1105 @@ -1245,47 +1246,48 @@
  3.1106      assert(ssize);
  3.1107  
  3.1108      PEP_STATUS status = PEP_STATUS_OK;
  3.1109 -    sq_tpk_t signer = NULL;
  3.1110 -    sq_writer_stack_t ws = NULL;
  3.1111 +    pgp_error_t err = NULL;
  3.1112 +    pgp_tpk_t signer = NULL;
  3.1113 +    pgp_writer_stack_t ws = NULL;
  3.1114  
  3.1115      status = tpk_find_by_fpr_hex(session, fpr, true, &signer, NULL);
  3.1116 -    ERROR_OUT(session, status, "Looking up key '%s'", fpr);
  3.1117 +    ERROR_OUT(NULL, status, "Looking up key '%s'", fpr);
  3.1118  
  3.1119 -    sq_writer_t writer = sq_writer_alloc((void **) stext, ssize);
  3.1120 -    writer = sq_armor_writer_new(session->ctx, writer,
  3.1121 -                                 SQ_ARMOR_KIND_MESSAGE, NULL, 0);
  3.1122 +    pgp_writer_t writer = pgp_writer_alloc((void **) stext, ssize);
  3.1123 +    writer = pgp_armor_writer_new(&err, writer,
  3.1124 +                                  PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  3.1125      if (!writer)
  3.1126 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  3.1127 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  3.1128  
  3.1129 -    ws = sq_writer_stack_message(writer);
  3.1130 +    ws = pgp_writer_stack_message(writer);
  3.1131  
  3.1132 -    ws = sq_signer_new_detached(session->ctx, ws, &signer, 1);
  3.1133 +    ws = pgp_signer_new_detached(&err, ws, &signer, 1);
  3.1134      if (!ws)
  3.1135 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up signer");
  3.1136 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  3.1137  
  3.1138 -    sq_status_t write_status =
  3.1139 -        sq_writer_stack_write_all (session->ctx, ws,
  3.1140 -                                   (uint8_t *) ptext, psize);
  3.1141 +    pgp_status_t write_status =
  3.1142 +        pgp_writer_stack_write_all (&err, ws,
  3.1143 +                                    (uint8_t *) ptext, psize);
  3.1144      if (write_status != 0)
  3.1145 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Encrypting message");
  3.1146 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  3.1147  
  3.1148      // Add a terminating NUL for naive users
  3.1149      void *t = realloc(*stext, *ssize + 1);
  3.1150      if (! t)
  3.1151 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1152 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1153      *stext = t;
  3.1154      (*stext)[*ssize] = 0;
  3.1155  
  3.1156   out:
  3.1157      if (ws) {
  3.1158 -        sq_status_t sq_status = sq_writer_stack_finalize (session->ctx, ws);
  3.1159 +        pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  3.1160          ws = NULL;
  3.1161 -        if (sq_status != 0)
  3.1162 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Flushing writer");
  3.1163 +        if (pgp_status != 0)
  3.1164 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  3.1165      }
  3.1166  
  3.1167      if (signer)
  3.1168 -        sq_tpk_free(signer);
  3.1169 +        pgp_tpk_free(signer);
  3.1170  
  3.1171      T("(%s)-> %s", fpr, pep_status_to_string(status));
  3.1172      return status;
  3.1173 @@ -1296,10 +1298,11 @@
  3.1174      size_t psize, char **ctext, size_t *csize, bool sign)
  3.1175  {
  3.1176      PEP_STATUS status = PEP_STATUS_OK;
  3.1177 +    pgp_error_t err = NULL;
  3.1178      int keys_count = 0;
  3.1179 -    sq_tpk_t *keys = NULL;
  3.1180 -    sq_tpk_t signer = NULL;
  3.1181 -    sq_writer_stack_t ws = NULL;
  3.1182 +    pgp_tpk_t *keys = NULL;
  3.1183 +    pgp_tpk_t signer = NULL;
  3.1184 +    pgp_writer_stack_t ws = NULL;
  3.1185  
  3.1186      assert(session);
  3.1187      assert(keylist);
  3.1188 @@ -1313,74 +1316,81 @@
  3.1189  
  3.1190      keys = calloc(stringlist_length(keylist), sizeof(*keys));
  3.1191      if (keys == NULL)
  3.1192 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1193 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1194  
  3.1195      // Get the keys for the recipients.
  3.1196      const stringlist_t *_keylist;
  3.1197      for (_keylist = keylist; _keylist != NULL; _keylist = _keylist->next) {
  3.1198          assert(_keylist->value);
  3.1199 -        sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(_keylist->value);
  3.1200 -        status = tpk_find_by_fpr(session, sq_fpr, false, &keys[keys_count ++], NULL);
  3.1201 -        sq_fingerprint_free(sq_fpr);
  3.1202 -        ERROR_OUT(session, status, "Looking up key for recipient '%s'", _keylist->value);
  3.1203 +        pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(_keylist->value);
  3.1204 +        status = tpk_find_by_fpr(session, pgp_fpr, false, &keys[keys_count ++], NULL);
  3.1205 +        pgp_fingerprint_free(pgp_fpr);
  3.1206 +        ERROR_OUT(NULL, status, "Looking up key for recipient '%s'", _keylist->value);
  3.1207      }
  3.1208  
  3.1209      if (sign) {
  3.1210          // The first key in the keylist is the signer.
  3.1211          status = tpk_find_by_fpr_hex(session, keylist->value, true, &signer, NULL);
  3.1212 -        ERROR_OUT(session, status, "Looking up key for signing '%s'", keylist->value);
  3.1213 +        ERROR_OUT(NULL, status, "Looking up key for signing '%s'", keylist->value);
  3.1214      }
  3.1215  
  3.1216 -    sq_writer_t writer = sq_writer_alloc((void **) ctext, csize);
  3.1217 -    writer = sq_armor_writer_new(session->ctx, writer,
  3.1218 -                                 SQ_ARMOR_KIND_MESSAGE, NULL, 0);
  3.1219 +    pgp_writer_t writer = pgp_writer_alloc((void **) ctext, csize);
  3.1220 +    writer = pgp_armor_writer_new(&err, writer,
  3.1221 +                                  PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  3.1222      if (!writer)
  3.1223 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  3.1224 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  3.1225  
  3.1226 -    ws = sq_writer_stack_message(writer);
  3.1227 -    ws = sq_encryptor_new (session->ctx, ws,
  3.1228 +    ws = pgp_writer_stack_message(writer);
  3.1229 +    ws = pgp_encryptor_new (&err, ws,
  3.1230                             NULL, 0, keys, keys_count,
  3.1231 -                           SQ_ENCRYPTION_MODE_FOR_TRANSPORT);
  3.1232 +                           PGP_ENCRYPTION_MODE_FOR_TRANSPORT);
  3.1233      if (!ws) {
  3.1234 -        sq_writer_free(writer);
  3.1235 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up encryptor");
  3.1236 +        pgp_writer_free(writer);
  3.1237 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up encryptor");
  3.1238      }
  3.1239  
  3.1240      if (sign) {
  3.1241 -        ws = sq_signer_new(session->ctx, ws, &signer, 1);
  3.1242 +        pgp_key_t primary_key = pgp_tpk_primary (signer);
  3.1243 +        pgp_key_pair_t primary_keypair
  3.1244 +            = pgp_key_into_key_pair (NULL, pgp_key_clone (primary_key));
  3.1245 +        pgp_key_free (primary_key);
  3.1246 +        assert (primary_keypair);
  3.1247 +        pgp_signer_t primary_signer = pgp_key_pair_as_signer (primary_keypair);
  3.1248 +
  3.1249 +        ws = pgp_signer_new(&err, ws, &signer, 1);
  3.1250          if (!ws)
  3.1251 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up signer");
  3.1252 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  3.1253      }
  3.1254  
  3.1255 -    ws = sq_literal_writer_new (session->ctx, ws);
  3.1256 +    ws = pgp_literal_writer_new (&err, ws);
  3.1257      if (!ws)
  3.1258 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Setting up literal writer");
  3.1259 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up literal writer");
  3.1260  
  3.1261 -    sq_status_t write_status =
  3.1262 -        sq_writer_stack_write_all (session->ctx, ws,
  3.1263 -                                   (uint8_t *) ptext, psize);
  3.1264 +    pgp_status_t write_status =
  3.1265 +        pgp_writer_stack_write_all (&err, ws,
  3.1266 +                                    (uint8_t *) ptext, psize);
  3.1267      if (write_status != 0)
  3.1268 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Encrypting message");
  3.1269 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  3.1270  
  3.1271      // Add a terminating NUL for naive users
  3.1272      void *t = realloc(*ctext, *csize + 1);
  3.1273      if (! t)
  3.1274 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "out of memory");
  3.1275 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  3.1276      *ctext = t;
  3.1277      (*ctext)[*csize] = 0;
  3.1278  
  3.1279   out:
  3.1280      if (ws) {
  3.1281 -        sq_status_t sq_status = sq_writer_stack_finalize (session->ctx, ws);
  3.1282 +        pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  3.1283          ws = NULL;
  3.1284 -        if (sq_status != 0)
  3.1285 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Flushing writer");
  3.1286 +        if (pgp_status != 0)
  3.1287 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  3.1288      }
  3.1289  
  3.1290      if (signer)
  3.1291 -        sq_tpk_free(signer);
  3.1292 +        pgp_tpk_free(signer);
  3.1293      for (int i = 0; i < keys_count; i ++)
  3.1294 -        sq_tpk_free(keys[i]);
  3.1295 +        pgp_tpk_free(keys[i]);
  3.1296      free(keys);
  3.1297  
  3.1298      T("-> %s", pep_status_to_string(status));
  3.1299 @@ -1407,9 +1417,10 @@
  3.1300  PEP_STATUS pgp_generate_keypair(PEP_SESSION session, pEp_identity *identity)
  3.1301  {
  3.1302      PEP_STATUS status = PEP_STATUS_OK;
  3.1303 +    pgp_error_t err = NULL;
  3.1304      char *userid = NULL;
  3.1305 -    sq_tpk_t tpk = NULL;
  3.1306 -    sq_fingerprint_t sq_fpr = NULL;
  3.1307 +    pgp_tpk_t tpk = NULL;
  3.1308 +    pgp_fingerprint_t pgp_fpr = NULL;
  3.1309      char *fpr = NULL;
  3.1310  
  3.1311      assert(session);
  3.1312 @@ -1420,40 +1431,40 @@
  3.1313  
  3.1314      asprintf(&userid, "%s <%s>", identity->username, identity->address);
  3.1315      if (! userid)
  3.1316 -        ERROR_OUT(session, PEP_OUT_OF_MEMORY, "asprintf");
  3.1317 +        ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "asprintf");
  3.1318  
  3.1319      T("(%s)", userid);
  3.1320  
  3.1321      // Generate a key.
  3.1322 -    sq_tsk_t tsk;
  3.1323 -    sq_signature_t rev;
  3.1324 -    if (sq_tsk_new(session->ctx, userid, &tsk, &rev) != 0)
  3.1325 -        ERROR_OUT(session, PEP_CANNOT_CREATE_KEY, "Generating a key pair");
  3.1326 +    pgp_tsk_t tsk;
  3.1327 +    pgp_signature_t rev;
  3.1328 +    if (pgp_tsk_new(&err, userid, &tsk, &rev) != 0)
  3.1329 +        ERROR_OUT(err, PEP_CANNOT_CREATE_KEY, "Generating a key pair");
  3.1330  
  3.1331      // XXX: We should return this.
  3.1332 -    // sq_signature_free(rev);
  3.1333 +    // pgp_signature_free(rev);
  3.1334  
  3.1335 -    tpk = sq_tsk_into_tpk(tsk);
  3.1336 +    tpk = pgp_tsk_into_tpk(tsk);
  3.1337  
  3.1338      // Get the fingerprint.
  3.1339 -    sq_fpr = sq_tpk_fingerprint(tpk);
  3.1340 -    fpr = sq_fingerprint_to_hex(sq_fpr);
  3.1341 +    pgp_fpr = pgp_tpk_fingerprint(tpk);
  3.1342 +    fpr = pgp_fingerprint_to_hex(pgp_fpr);
  3.1343  
  3.1344      status = tpk_save(session, tpk, NULL);
  3.1345      tpk = NULL;
  3.1346      if (status != 0)
  3.1347 -        ERROR_OUT(session, PEP_CANNOT_CREATE_KEY, "saving TSK");
  3.1348 +        ERROR_OUT(NULL, PEP_CANNOT_CREATE_KEY, "saving TSK");
  3.1349  
  3.1350      free(identity->fpr);
  3.1351      identity->fpr = fpr;
  3.1352      fpr = NULL;
  3.1353  
  3.1354   out:
  3.1355 -    if (sq_fpr)
  3.1356 -        sq_fingerprint_free(sq_fpr);
  3.1357 +    if (pgp_fpr)
  3.1358 +        pgp_fingerprint_free(pgp_fpr);
  3.1359      free(fpr);
  3.1360      if (tpk)
  3.1361 -        sq_tpk_free(tpk);
  3.1362 +        pgp_tpk_free(tpk);
  3.1363      free(userid);
  3.1364  
  3.1365      T("-> %s", pep_status_to_string(status));
  3.1366 @@ -1463,7 +1474,7 @@
  3.1367  PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fpr_raw)
  3.1368  {
  3.1369      PEP_STATUS status = PEP_STATUS_OK;
  3.1370 -    char *fpr = sq_fingerprint_canonicalize(fpr_raw);
  3.1371 +    char *fpr = pgp_fingerprint_canonicalize(fpr_raw);
  3.1372  
  3.1373      T("(%s)", fpr);
  3.1374  
  3.1375 @@ -1483,41 +1494,42 @@
  3.1376                                size_t size, identity_list **private_idents)
  3.1377  {
  3.1378      PEP_STATUS status = PEP_STATUS_OK;
  3.1379 +    pgp_error_t err;
  3.1380  
  3.1381      if (private_idents)
  3.1382          *private_idents = NULL;
  3.1383  
  3.1384      T("parsing %zd bytes", size);
  3.1385  
  3.1386 -    sq_packet_parser_result_t ppr
  3.1387 -        = sq_packet_parser_from_bytes(session->ctx, (uint8_t *) key_data, size);
  3.1388 +    pgp_packet_parser_result_t ppr
  3.1389 +        = pgp_packet_parser_from_bytes(&err, (uint8_t *) key_data, size);
  3.1390      if (! ppr)
  3.1391 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "Creating packet parser");
  3.1392 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating packet parser");
  3.1393  
  3.1394 -    sq_tag_t tag = sq_packet_parser_result_tag(ppr);
  3.1395 +    pgp_tag_t tag = pgp_packet_parser_result_tag(ppr);
  3.1396      switch (tag) {
  3.1397 -    case SQ_TAG_SIGNATURE:
  3.1398 +    case PGP_TAG_SIGNATURE:
  3.1399          // XXX: Implement me.
  3.1400          assert(!"Have possible revocation certificate!");
  3.1401          break;
  3.1402  
  3.1403 -    case SQ_TAG_PUBLIC_KEY:
  3.1404 -    case SQ_TAG_SECRET_KEY: {
  3.1405 -        sq_tpk_t tpk = sq_tpk_from_packet_parser(session->ctx, ppr);
  3.1406 +    case PGP_TAG_PUBLIC_KEY:
  3.1407 +    case PGP_TAG_SECRET_KEY: {
  3.1408 +        pgp_tpk_t tpk = pgp_tpk_from_packet_parser(&err, ppr);
  3.1409          if (! tpk)
  3.1410 -            ERROR_OUT(session, PEP_UNKNOWN_ERROR, "parsing key data");
  3.1411 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "parsing key data");
  3.1412  
  3.1413          // If private_idents is not NULL and there is any private key
  3.1414          // material, it will be saved.
  3.1415          status = tpk_save(session, tpk, private_idents);
  3.1416          if (status == PEP_STATUS_OK)
  3.1417              status = PEP_KEY_IMPORTED;
  3.1418 -        ERROR_OUT(session, status, "saving TPK");
  3.1419 +        ERROR_OUT(NULL, status, "saving TPK");
  3.1420          break;
  3.1421      }
  3.1422      default:
  3.1423 -        ERROR_OUT(session, PEP_NO_KEY_IMPORTED,
  3.1424 -                  "Can't import %s", sq_tag_to_string(tag));        
  3.1425 +        ERROR_OUT(NULL, PEP_NO_KEY_IMPORTED,
  3.1426 +                  "Can't import %s", pgp_tag_to_string(tag));
  3.1427          break;
  3.1428      }
  3.1429  
  3.1430 @@ -1531,8 +1543,9 @@
  3.1431          bool secret)
  3.1432  {
  3.1433      PEP_STATUS status = PEP_STATUS_OK;
  3.1434 -    sq_tpk_t secret_key = NULL;
  3.1435 -    sq_tpk_t tpk = NULL;
  3.1436 +    pgp_error_t err = NULL;
  3.1437 +    pgp_tpk_t secret_key = NULL;
  3.1438 +    pgp_tpk_t tpk = NULL;
  3.1439  
  3.1440      assert(session);
  3.1441      assert(fpr);
  3.1442 @@ -1548,52 +1561,56 @@
  3.1443          status = tpk_find_by_fpr_hex(session, fpr, true, &secret_key, NULL);
  3.1444          if (status == PEP_KEY_NOT_FOUND)
  3.1445              status = PEP_STATUS_OK;
  3.1446 -        ERROR_OUT(session, status, "Looking up TSK for %s", fpr);
  3.1447 +        ERROR_OUT(NULL, status, "Looking up TSK for %s", fpr);
  3.1448      }
  3.1449  
  3.1450 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1451 -    status = tpk_find_by_fpr(session, sq_fpr, false, &tpk, NULL);
  3.1452 -    sq_fingerprint_free(sq_fpr);
  3.1453 -    ERROR_OUT(session, status, "Looking up TPK for %s", fpr);
  3.1454 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1455 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  3.1456 +    pgp_fingerprint_free(pgp_fpr);
  3.1457 +    ERROR_OUT(NULL, status, "Looking up TPK for %s", fpr);
  3.1458  
  3.1459      if (secret_key) {
  3.1460 -        tpk = sq_tpk_merge(session->ctx, tpk, secret_key);
  3.1461 -        // sq_tpk_merge can return NULL if the primary keys don't
  3.1462 +        tpk = pgp_tpk_merge(&err, tpk, secret_key);
  3.1463 +        // pgp_tpk_merge can return NULL if the primary keys don't
  3.1464          // match.  But, we looked up the tpk by the secret key's
  3.1465          // fingerprint so this should not be possible.
  3.1466          assert(tpk);
  3.1467 +        if (! tpk)
  3.1468 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "merging TPKs");
  3.1469          secret_key = NULL;
  3.1470      }
  3.1471  
  3.1472 -    sq_writer_t memory_writer = sq_writer_alloc((void **) key_data, size);
  3.1473 +    pgp_writer_t memory_writer = pgp_writer_alloc((void **) key_data, size);
  3.1474      if (! memory_writer)
  3.1475 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "creating memory writer");
  3.1476 -    sq_writer_t armor_writer = sq_armor_writer_new(session->ctx,
  3.1477 -                                                   memory_writer,
  3.1478 -                                                   SQ_ARMOR_KIND_PUBLICKEY,
  3.1479 -                                                   NULL, 0);
  3.1480 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "creating memory writer");
  3.1481 +    pgp_writer_t armor_writer = pgp_armor_writer_new(&err,
  3.1482 +                                                     memory_writer,
  3.1483 +                                                     PGP_ARMOR_KIND_PUBLICKEY,
  3.1484 +                                                     NULL, 0);
  3.1485      if (! armor_writer) {
  3.1486 -        sq_writer_free(memory_writer);
  3.1487 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "creating armored writer");
  3.1488 +        pgp_writer_free(memory_writer);
  3.1489 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "creating armored writer");
  3.1490      }
  3.1491  
  3.1492      if (secret) {
  3.1493 -        sq_tsk_t tsk = sq_tpk_into_tsk(tpk);
  3.1494 -        sq_tsk_serialize(session->ctx, tsk, armor_writer);
  3.1495 -        tpk = sq_tsk_into_tpk(tsk);
  3.1496 +        pgp_tsk_t tsk = pgp_tpk_into_tsk(tpk);
  3.1497 +        if (pgp_tsk_serialize(&err, tsk, armor_writer))
  3.1498 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing TSK");
  3.1499 +        tpk = pgp_tsk_into_tpk(tsk);
  3.1500      } else {
  3.1501 -        sq_tpk_serialize(session->ctx, tpk, armor_writer);
  3.1502 +        if (pgp_tpk_serialize(&err, tpk, armor_writer))
  3.1503 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing TPK");
  3.1504      }
  3.1505  
  3.1506   out:
  3.1507      if (tpk)
  3.1508 -        sq_tpk_free(tpk);
  3.1509 +        pgp_tpk_free(tpk);
  3.1510  
  3.1511      if (armor_writer)
  3.1512 -        sq_writer_free(armor_writer);
  3.1513 +        pgp_writer_free(armor_writer);
  3.1514  
  3.1515      if (secret_key)
  3.1516 -        sq_tpk_free(secret_key);
  3.1517 +        pgp_tpk_free(secret_key);
  3.1518  
  3.1519      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1520      return status;
  3.1521 @@ -1632,14 +1649,14 @@
  3.1522  static stringpair_list_t *add_key(PEP_SESSION session,
  3.1523                                    stringpair_list_t *keyinfo_list,
  3.1524                                    stringlist_t* keylist,
  3.1525 -                                  sq_tpk_t tpk, sq_fingerprint_t fpr) {
  3.1526 +                                  pgp_tpk_t tpk, pgp_fingerprint_t fpr) {
  3.1527      bool revoked = false;
  3.1528      // Don't add revoked keys to the keyinfo_list.
  3.1529      if (keyinfo_list) {
  3.1530 -        sq_revocation_status_t rs = sq_tpk_revocation_status(tpk);
  3.1531 -        sq_revocation_status_variant_t rsv = sq_revocation_status_variant(rs);
  3.1532 -        sq_revocation_status_free(rs);
  3.1533 -        if (rsv == SQ_REVOCATION_STATUS_REVOKED)
  3.1534 +        pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  3.1535 +        pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  3.1536 +        pgp_revocation_status_free(rs);
  3.1537 +        if (rsv == PGP_REVOCATION_STATUS_REVOKED)
  3.1538              revoked = true;
  3.1539      }
  3.1540  
  3.1541 @@ -1649,12 +1666,12 @@
  3.1542      int dealloc_fpr = 0;
  3.1543      if (!fpr) {
  3.1544          dealloc_fpr = 1;
  3.1545 -        fpr = sq_tpk_fingerprint(tpk);
  3.1546 +        fpr = pgp_tpk_fingerprint(tpk);
  3.1547      }
  3.1548 -    char *fpr_str = sq_fingerprint_to_hex(fpr);
  3.1549 +    char *fpr_str = pgp_fingerprint_to_hex(fpr);
  3.1550  
  3.1551      if (!revoked && keyinfo_list) {
  3.1552 -        char *user_id = sq_tpk_primary_user_id(tpk);
  3.1553 +        char *user_id = pgp_tpk_primary_user_id(tpk);
  3.1554          if (user_id)
  3.1555              keyinfo_list = stringpair_list_add(keyinfo_list,
  3.1556                                                 new_stringpair(fpr_str, user_id));
  3.1557 @@ -1666,7 +1683,7 @@
  3.1558  
  3.1559      free(fpr_str);
  3.1560      if (dealloc_fpr)
  3.1561 -        sq_fingerprint_free(fpr);
  3.1562 +        pgp_fingerprint_free(fpr);
  3.1563  
  3.1564      return keyinfo_list;
  3.1565  }
  3.1566 @@ -1676,8 +1693,8 @@
  3.1567                              stringpair_list_t** keyinfo_list, stringlist_t** keylist)
  3.1568  {
  3.1569      PEP_STATUS status = PEP_STATUS_OK;
  3.1570 -    sq_tpk_t tpk = NULL;
  3.1571 -    sq_fingerprint_t fpr = NULL;
  3.1572 +    pgp_tpk_t tpk = NULL;
  3.1573 +    pgp_fingerprint_t fpr = NULL;
  3.1574  
  3.1575      T("('%s', private: %d)", pattern, private_only);
  3.1576  
  3.1577 @@ -1685,13 +1702,13 @@
  3.1578      if (keyinfo_list) {
  3.1579          _keyinfo_list = new_stringpair_list(NULL);
  3.1580          if (!_keyinfo_list)
  3.1581 -            ERROR_OUT(session, PEP_OUT_OF_MEMORY, "new_stringpair_list");
  3.1582 +            ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_stringpair_list");
  3.1583      }
  3.1584      stringlist_t* _keylist = NULL;
  3.1585      if (keylist) {
  3.1586          _keylist = new_stringlist(NULL);
  3.1587          if (!_keylist)
  3.1588 -            ERROR_OUT(session, PEP_OUT_OF_MEMORY, "new_string_list");
  3.1589 +            ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_string_list");
  3.1590      }
  3.1591  
  3.1592      // Trim any leading space.  This also makes it easier to recognize
  3.1593 @@ -1701,13 +1718,13 @@
  3.1594  
  3.1595      if (strchr(pattern, '@')) {
  3.1596          // Looks like a mailbox.
  3.1597 -        sq_tpk_t *tpks = NULL;
  3.1598 +        pgp_tpk_t *tpks = NULL;
  3.1599          int count = 0;
  3.1600          status = tpk_find_by_email(session, pattern, private_only, &tpks, &count);
  3.1601 -        ERROR_OUT(session, status, "Looking up '%s'", pattern);
  3.1602 +        ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  3.1603          for (int i = 0; i < count; i ++) {
  3.1604              add_key(session, _keyinfo_list, _keylist, tpks[i], NULL);
  3.1605 -            sq_tpk_free(tpks[i]);
  3.1606 +            pgp_tpk_free(tpks[i]);
  3.1607          }
  3.1608          free(tpks);
  3.1609  
  3.1610 @@ -1731,20 +1748,20 @@
  3.1611                 // And a fair amount of them.
  3.1612                 && strlen(pattern) >= 16) {
  3.1613          // Fingerprint.
  3.1614 -        fpr = sq_fingerprint_from_hex(pattern);
  3.1615 +        fpr = pgp_fingerprint_from_hex(pattern);
  3.1616          status = tpk_find_by_fpr(session, fpr, false, &tpk, NULL);
  3.1617 -        ERROR_OUT(session, status, "Looking up key");
  3.1618 +        ERROR_OUT(NULL, status, "Looking up key");
  3.1619          add_key(session, _keyinfo_list, _keylist, tpk, fpr);
  3.1620      } else if (pattern[0] == 0) {
  3.1621          // Empty string.
  3.1622  
  3.1623 -        sq_tpk_t *tpks = NULL;
  3.1624 +        pgp_tpk_t *tpks = NULL;
  3.1625          int count = 0;
  3.1626          status = tpk_all(session, private_only, &tpks, &count);
  3.1627 -        ERROR_OUT(session, status, "Looking up '%s'", pattern);
  3.1628 +        ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  3.1629          for (int i = 0; i < count; i ++) {
  3.1630              add_key(session, _keyinfo_list, _keylist, tpks[i], NULL);
  3.1631 -            sq_tpk_free(tpks[i]);
  3.1632 +            pgp_tpk_free(tpks[i]);
  3.1633          }
  3.1634          free(tpks);
  3.1635      } else {
  3.1636 @@ -1753,9 +1770,9 @@
  3.1637  
  3.1638   out:
  3.1639      if (tpk)
  3.1640 -        sq_tpk_free(tpk);
  3.1641 +        pgp_tpk_free(tpk);
  3.1642      if (fpr)
  3.1643 -        sq_fingerprint_free(fpr);
  3.1644 +        pgp_fingerprint_free(fpr);
  3.1645  
  3.1646      if (status == PEP_KEY_NOT_FOUND)
  3.1647          status = PEP_STATUS_OK;
  3.1648 @@ -1826,7 +1843,7 @@
  3.1649      PEP_SESSION session, const char *fpr, PEP_comm_type *comm_type)
  3.1650  {
  3.1651      PEP_STATUS status = PEP_STATUS_OK;
  3.1652 -    sq_tpk_t tpk = NULL;
  3.1653 +    pgp_tpk_t tpk = NULL;
  3.1654  
  3.1655      assert(session);
  3.1656      assert(fpr);
  3.1657 @@ -1834,52 +1851,52 @@
  3.1658  
  3.1659      *comm_type = PEP_ct_unknown;
  3.1660  
  3.1661 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1662 -    status = tpk_find_by_fpr(session, sq_fpr, false, &tpk, NULL);
  3.1663 -    sq_fingerprint_free(sq_fpr);
  3.1664 -    ERROR_OUT(session, status, "Looking up key: %s", fpr);
  3.1665 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1666 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  3.1667 +    pgp_fingerprint_free(pgp_fpr);
  3.1668 +    ERROR_OUT(NULL, status, "Looking up key: %s", fpr);
  3.1669  
  3.1670      *comm_type = PEP_ct_OpenPGP_unconfirmed;
  3.1671  
  3.1672 -    if (sq_tpk_expired(tpk)) {
  3.1673 +    if (pgp_tpk_expired(tpk)) {
  3.1674          *comm_type = PEP_ct_key_expired;
  3.1675          goto out;
  3.1676      }
  3.1677  
  3.1678 -    sq_revocation_status_t rs = sq_tpk_revocation_status(tpk);
  3.1679 -    sq_revocation_status_variant_t rsv = sq_revocation_status_variant(rs);
  3.1680 -    sq_revocation_status_free(rs);
  3.1681 -    if (rsv == SQ_REVOCATION_STATUS_REVOKED) {
  3.1682 +    pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  3.1683 +    pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  3.1684 +    pgp_revocation_status_free(rs);
  3.1685 +    if (rsv == PGP_REVOCATION_STATUS_REVOKED) {
  3.1686          *comm_type = PEP_ct_key_revoked;
  3.1687          goto out;
  3.1688      }
  3.1689  
  3.1690      PEP_comm_type best_enc = PEP_ct_no_encryption, best_sign = PEP_ct_no_encryption;
  3.1691 -    sq_tpk_key_iter_t key_iter = sq_tpk_key_iter(tpk);
  3.1692 -    sq_p_key_t key;
  3.1693 -    sq_signature_t sig;
  3.1694 -    sq_revocation_status_t rev;
  3.1695 -    while ((key = sq_tpk_key_iter_next(key_iter, &sig, &rev))) {
  3.1696 +    pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter(tpk);
  3.1697 +    pgp_key_t key;
  3.1698 +    pgp_signature_t sig;
  3.1699 +    pgp_revocation_status_t rev;
  3.1700 +    while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
  3.1701          if (! sig)
  3.1702              continue;
  3.1703  
  3.1704 -        if (sq_revocation_status_variant(rev) == SQ_REVOCATION_STATUS_REVOKED)
  3.1705 +        if (pgp_revocation_status_variant(rev) == PGP_REVOCATION_STATUS_REVOKED)
  3.1706              continue;
  3.1707  
  3.1708 -        if (! sq_p_key_alive(key, sig))
  3.1709 +        if (! pgp_signature_key_alive(sig, key))
  3.1710              continue;
  3.1711  
  3.1712          PEP_comm_type curr = PEP_ct_no_encryption;
  3.1713  
  3.1714 -        int can_enc = sq_signature_can_encrypt_for_transport(sig)
  3.1715 -            || sq_signature_can_encrypt_at_rest(sig);
  3.1716 -        int can_sign = sq_signature_can_sign(sig);
  3.1717 +        int can_enc = pgp_signature_can_encrypt_for_transport(sig)
  3.1718 +            || pgp_signature_can_encrypt_at_rest(sig);
  3.1719 +        int can_sign = pgp_signature_can_sign(sig);
  3.1720  
  3.1721 -        sq_public_key_algo_t pk_algo = sq_p_key_public_key_algo(key);
  3.1722 -        if (pk_algo == SQ_PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN
  3.1723 -            || pk_algo == SQ_PUBLIC_KEY_ALGO_RSA_ENCRYPT
  3.1724 -            || pk_algo == SQ_PUBLIC_KEY_ALGO_RSA_SIGN) {
  3.1725 -            int bits = sq_p_key_public_key_bits(key);
  3.1726 +        pgp_public_key_algo_t pk_algo = pgp_key_public_key_algo(key);
  3.1727 +        if (pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN
  3.1728 +            || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT
  3.1729 +            || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_SIGN) {
  3.1730 +            int bits = pgp_key_public_key_bits(key);
  3.1731              if (bits < 1024)
  3.1732                  curr = PEP_ct_key_too_short;
  3.1733              else if (bits == 1024)
  3.1734 @@ -1896,7 +1913,7 @@
  3.1735          if (can_sign)
  3.1736              best_sign = _MAX(best_sign, curr);
  3.1737      }
  3.1738 -    sq_tpk_key_iter_free(key_iter);
  3.1739 +    pgp_tpk_key_iter_free(key_iter);
  3.1740  
  3.1741      if (best_enc == PEP_ct_no_encryption || best_sign == PEP_ct_no_encryption) {
  3.1742          *comm_type = PEP_ct_key_b0rken;
  3.1743 @@ -1907,7 +1924,7 @@
  3.1744  
  3.1745   out:
  3.1746      if (tpk)
  3.1747 -        sq_tpk_free(tpk);
  3.1748 +        pgp_tpk_free(tpk);
  3.1749  
  3.1750      T("(%s) -> %s", fpr, pep_comm_type_to_string(*comm_type));
  3.1751      return status;
  3.1752 @@ -1918,32 +1935,33 @@
  3.1753      PEP_SESSION session, const char *fpr, const timestamp *ts)
  3.1754  {
  3.1755      PEP_STATUS status = PEP_STATUS_OK;
  3.1756 -    sq_tpk_t tpk = NULL;
  3.1757 +    pgp_error_t err = NULL;
  3.1758 +    pgp_tpk_t tpk = NULL;
  3.1759      time_t t = mktime((struct tm *) ts);
  3.1760  
  3.1761      T("(%s)", fpr);
  3.1762  
  3.1763      status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
  3.1764 -    ERROR_OUT(session, status, "Looking up '%s'", fpr);
  3.1765 +    ERROR_OUT(NULL, status, "Looking up '%s'", fpr);
  3.1766  
  3.1767 -    uint32_t creation_time = sq_p_key_creation_time(sq_tpk_primary(tpk));
  3.1768 +    uint32_t creation_time = pgp_key_creation_time(pgp_tpk_primary(tpk));
  3.1769      if (creation_time > t)
  3.1770          // The creation time is after the expiration time!
  3.1771 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR,
  3.1772 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
  3.1773                    "creation time can't be after expiration time");
  3.1774  
  3.1775      uint32_t delta = t - creation_time;
  3.1776 -    tpk = sq_tpk_set_expiry(session->ctx, tpk, delta);
  3.1777 +    tpk = pgp_tpk_set_expiry(&err, tpk, delta);
  3.1778      if (! tpk)
  3.1779 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "setting expiration");
  3.1780 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
  3.1781  
  3.1782      status = tpk_save(session, tpk, NULL);
  3.1783      tpk = NULL;
  3.1784 -    ERROR_OUT(session, status, "Saving %s", fpr);
  3.1785 +    ERROR_OUT(NULL, status, "Saving %s", fpr);
  3.1786  
  3.1787   out:
  3.1788      if (tpk)
  3.1789 -        sq_tpk_free(tpk);
  3.1790 +        pgp_tpk_free(tpk);
  3.1791  
  3.1792      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1793      return status;
  3.1794 @@ -1953,29 +1971,39 @@
  3.1795      PEP_SESSION session, const char *fpr, const char *reason)
  3.1796  {
  3.1797      PEP_STATUS status = PEP_STATUS_OK;
  3.1798 -    sq_tpk_t tpk = NULL;
  3.1799 +    pgp_error_t err = NULL;
  3.1800 +    pgp_tpk_t tpk = NULL;
  3.1801  
  3.1802      T("(%s)", fpr);
  3.1803  
  3.1804      status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
  3.1805 -    ERROR_OUT(session, status, "Looking up %s", fpr);
  3.1806 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3.1807  
  3.1808 -    tpk = sq_tpk_revoke_in_place(session->ctx, tpk,
  3.1809 -                                 SQ_REASON_FOR_REVOCATION_UNSPECIFIED,
  3.1810 -                                 reason);
  3.1811 +    pgp_key_t primary_key = pgp_tpk_primary (tpk);
  3.1812 +    pgp_key_pair_t primary_keypair
  3.1813 +        = pgp_key_into_key_pair (NULL, pgp_key_clone (primary_key));
  3.1814 +    pgp_key_free (primary_key);
  3.1815 +    assert (primary_keypair);
  3.1816 +    pgp_signer_t primary_signer = pgp_key_pair_as_signer (primary_keypair);
  3.1817 +
  3.1818 +    tpk = pgp_tpk_revoke_in_place(&err, tpk, primary_signer,
  3.1819 +                                  PGP_REASON_FOR_REVOCATION_UNSPECIFIED,
  3.1820 +                                  reason);
  3.1821 +    pgp_signer_free (primary_signer);
  3.1822 +    pgp_key_pair_free (primary_keypair);
  3.1823      if (! tpk)
  3.1824 -        ERROR_OUT(session, PEP_UNKNOWN_ERROR, "setting expiration");
  3.1825 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
  3.1826  
  3.1827 -    assert(sq_revocation_status_variant(sq_tpk_revocation_status(tpk))
  3.1828 -           == SQ_REVOCATION_STATUS_REVOKED);
  3.1829 +    assert(pgp_revocation_status_variant(pgp_tpk_revocation_status(tpk))
  3.1830 +           == PGP_REVOCATION_STATUS_REVOKED);
  3.1831  
  3.1832      status = tpk_save(session, tpk, NULL);
  3.1833      tpk = NULL;
  3.1834 -    ERROR_OUT(session, status, "Saving %s", fpr);
  3.1835 +    ERROR_OUT(NULL, status, "Saving %s", fpr);
  3.1836  
  3.1837   out:
  3.1838      if (tpk)
  3.1839 -        sq_tpk_free(tpk);
  3.1840 +        pgp_tpk_free(tpk);
  3.1841  
  3.1842      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1843      return status;
  3.1844 @@ -1985,7 +2013,7 @@
  3.1845                             const time_t when, bool *expired)
  3.1846  {
  3.1847      PEP_STATUS status = PEP_STATUS_OK;
  3.1848 -    sq_tpk_t tpk = NULL;
  3.1849 +    pgp_tpk_t tpk = NULL;
  3.1850      T("(%s)", fpr);
  3.1851  
  3.1852      assert(session);
  3.1853 @@ -1994,13 +2022,13 @@
  3.1854  
  3.1855      *expired = false;
  3.1856  
  3.1857 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1858 -    status = tpk_find_by_fpr(session, sq_fpr, false, &tpk, NULL);
  3.1859 -    sq_fingerprint_free(sq_fpr);
  3.1860 -    ERROR_OUT(session, status, "Looking up %s", fpr);
  3.1861 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1862 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  3.1863 +    pgp_fingerprint_free(pgp_fpr);
  3.1864 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3.1865  
  3.1866      // Is the TPK live?
  3.1867 -    *expired = !sq_tpk_alive_at(tpk, when);
  3.1868 +    *expired = !pgp_tpk_alive_at(tpk, when);
  3.1869      if (*expired)
  3.1870          goto out;
  3.1871  
  3.1872 @@ -2008,38 +2036,38 @@
  3.1873      // and one encryption subkey that are live?
  3.1874      int can_certify = 0, can_encrypt = 0, can_sign = 0;
  3.1875  
  3.1876 -    sq_tpk_key_iter_t key_iter = sq_tpk_key_iter(tpk);
  3.1877 -    sq_p_key_t key;
  3.1878 -    sq_signature_t sig;
  3.1879 -    sq_revocation_status_t rev;
  3.1880 -    while ((key = sq_tpk_key_iter_next(key_iter, &sig, &rev))) {
  3.1881 +    pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter(tpk);
  3.1882 +    pgp_key_t key;
  3.1883 +    pgp_signature_t sig;
  3.1884 +    pgp_revocation_status_t rev;
  3.1885 +    while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
  3.1886          if (! sig)
  3.1887              continue;
  3.1888  
  3.1889 -        if (sq_revocation_status_variant(rev) == SQ_REVOCATION_STATUS_REVOKED)
  3.1890 +        if (pgp_revocation_status_variant(rev) == PGP_REVOCATION_STATUS_REVOKED)
  3.1891              continue;
  3.1892  
  3.1893 -        if (!sq_p_key_alive_at(key, sig, when))
  3.1894 +        if (!pgp_signature_key_alive_at(sig, key, when))
  3.1895              continue;
  3.1896  
  3.1897 -        if (sq_signature_can_encrypt_for_transport(sig)
  3.1898 -            || sq_signature_can_encrypt_at_rest(sig))
  3.1899 +        if (pgp_signature_can_encrypt_for_transport(sig)
  3.1900 +            || pgp_signature_can_encrypt_at_rest(sig))
  3.1901              can_encrypt = 1;
  3.1902 -        if (sq_signature_can_sign(sig))
  3.1903 +        if (pgp_signature_can_sign(sig))
  3.1904              can_sign = 1;
  3.1905 -        if (sq_signature_can_certify(sig))
  3.1906 +        if (pgp_signature_can_certify(sig))
  3.1907              can_certify = 1;
  3.1908  
  3.1909          if (can_encrypt && can_sign && can_certify)
  3.1910              break;
  3.1911      }
  3.1912 -    sq_tpk_key_iter_free(key_iter);
  3.1913 +    pgp_tpk_key_iter_free(key_iter);
  3.1914  
  3.1915      *expired = !(can_encrypt && can_sign && can_certify);
  3.1916  
  3.1917   out:
  3.1918      if (tpk)
  3.1919 -        sq_tpk_free(tpk);
  3.1920 +        pgp_tpk_free(tpk);
  3.1921      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1922      return status;
  3.1923  }
  3.1924 @@ -2047,7 +2075,7 @@
  3.1925  PEP_STATUS pgp_key_revoked(PEP_SESSION session, const char *fpr, bool *revoked)
  3.1926  {
  3.1927      PEP_STATUS status = PEP_STATUS_OK;
  3.1928 -    sq_tpk_t tpk;
  3.1929 +    pgp_tpk_t tpk;
  3.1930  
  3.1931      T("(%s)", fpr);
  3.1932  
  3.1933 @@ -2057,15 +2085,15 @@
  3.1934  
  3.1935      *revoked = false;
  3.1936  
  3.1937 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1938 -    status = tpk_find_by_fpr(session, sq_fpr, false, &tpk, NULL);
  3.1939 -    sq_fingerprint_free(sq_fpr);
  3.1940 -    ERROR_OUT(session, status, "Looking up %s", fpr);
  3.1941 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1942 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  3.1943 +    pgp_fingerprint_free(pgp_fpr);
  3.1944 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3.1945  
  3.1946 -    sq_revocation_status_t rs = sq_tpk_revocation_status(tpk);
  3.1947 -    *revoked = sq_revocation_status_variant(rs) == SQ_REVOCATION_STATUS_REVOKED;
  3.1948 -    sq_revocation_status_free (rs);
  3.1949 -    sq_tpk_free(tpk);
  3.1950 +    pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  3.1951 +    *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
  3.1952 +    pgp_revocation_status_free (rs);
  3.1953 +    pgp_tpk_free(tpk);
  3.1954  
  3.1955   out:
  3.1956      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1957 @@ -2075,19 +2103,19 @@
  3.1958  PEP_STATUS pgp_key_created(PEP_SESSION session, const char *fpr, time_t *created)
  3.1959  {
  3.1960      PEP_STATUS status = PEP_STATUS_OK;
  3.1961 -    sq_tpk_t tpk = NULL;
  3.1962 +    pgp_tpk_t tpk = NULL;
  3.1963      T("(%s)", fpr);
  3.1964  
  3.1965      *created = 0;
  3.1966  
  3.1967 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1968 -    status = tpk_find_by_fpr(session, sq_fpr, false, &tpk, NULL);
  3.1969 -    sq_fingerprint_free(sq_fpr);
  3.1970 -    ERROR_OUT(session, status, "Looking up %s", fpr);
  3.1971 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1972 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  3.1973 +    pgp_fingerprint_free(pgp_fpr);
  3.1974 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3.1975  
  3.1976 -    sq_p_key_t k = sq_tpk_primary(tpk);
  3.1977 -    *created = sq_p_key_creation_time(k);
  3.1978 -    sq_tpk_free(tpk);
  3.1979 +    pgp_key_t k = pgp_tpk_primary(tpk);
  3.1980 +    *created = pgp_key_creation_time(k);
  3.1981 +    pgp_tpk_free(tpk);
  3.1982  
  3.1983   out:
  3.1984      T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.1985 @@ -2103,15 +2131,16 @@
  3.1986                                   bool *has_private)
  3.1987  {
  3.1988      T("(%s)", fpr);
  3.1989 -    sq_fingerprint_t sq_fpr = sq_fingerprint_from_hex(fpr);
  3.1990 -    PEP_STATUS status = tpk_find_by_fpr(session, sq_fpr, true, NULL, NULL);
  3.1991 -    sq_fingerprint_free(sq_fpr);
  3.1992 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3.1993 +    PEP_STATUS status = tpk_find_by_fpr(session, pgp_fpr, true, NULL, NULL);
  3.1994 +    pgp_fingerprint_free(pgp_fpr);
  3.1995      if (status == PEP_STATUS_OK) {
  3.1996          *has_private = 1;
  3.1997      } else if (status == PEP_KEY_NOT_FOUND) {
  3.1998          *has_private = 0;
  3.1999          status = PEP_STATUS_OK;
  3.2000      }
  3.2001 -    T("(%s) -> %s", fpr, pep_status_to_string(status));
  3.2002 +    T("(%s) -> %s, %s",
  3.2003 +      fpr, *has_private ? "priv" : "pub", pep_status_to_string(status));
  3.2004      return status;
  3.2005  }
     4.1 --- a/src/pgp_sequoia_internal.h	Sat Mar 09 11:50:11 2019 +0100
     4.2 +++ b/src/pgp_sequoia_internal.h	Mon Mar 11 15:39:57 2019 +0100
     4.3 @@ -3,4 +3,4 @@
     4.4  
     4.5  #pragma once
     4.6  
     4.7 -#include <sequoia.h>
     4.8 +#include <sequoia/openpgp.h>