~ubuntu-branches/ubuntu/hoary/nettle/hoary : contents of pgp-encode.c at revision 3

~ubuntu-branches/ubuntu/hoary/nettle/hoary : (revision 3)

/* pgp.c
 *
 * PGP related functions.
 */

/* nettle, low-level cryptographics library
 *
 * Copyright (C) 2001, 2002 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#if HAVE_CONFIG_H
# include "config.h"
#endif

#include <assert.h>
#include <stdlib.h>
#include <string.h>

#if HAVE_LIBGMP
# include "bignum.h"
# include "pgp.h"
#else /* !HAVE_LIBGMP */
/* Kludge to make it possible to include pgp.h */
# define mpz_t int
# include "pgp.h"
# undef mpz_t
#endif /* !HAVE_LIBGMP */

#if WITH_PUBLIC_KEY
# include "rsa.h"
#endif

#include "base64.h"
#include "buffer.h"
#include "macros.h"

int
pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i)
{
  uint8_t *p = nettle_buffer_space(buffer, 4);
  if (!p)
    return 0;
  
  WRITE_UINT32(p, i);
  return 1;
}

int
pgp_put_uint16(struct nettle_buffer *buffer, unsigned i)
{
  uint8_t *p = nettle_buffer_space(buffer, 2);
  if (!p)
    return 0;
  
  WRITE_UINT16(p, i);
  return 1;
}

#if HAVE_LIBGMP
int
pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x)
{
  unsigned bits = mpz_sizeinbase(x, 2);
  unsigned octets = (bits + 7) / 8;

  uint8_t *p;

  /* FIXME: What's the correct representation of zero? */
  if (!pgp_put_uint16(buffer, bits))
    return 0;
  
  p = nettle_buffer_space(buffer, octets);

  if (!p)
    return 0;
  
  nettle_mpz_get_str_256(octets, p, x);

  return 1;
}
#endif

int
pgp_put_string(struct nettle_buffer *buffer,
	       unsigned length,
	       const uint8_t *s)
{
  return nettle_buffer_write(buffer, length, s);
}

#if 0
static unsigned
length_field(unsigned length)
{
  if (length < PGP_LENGTH_TWO_OCTET)
    return 1;
  else if (length < PGP_LENGTH_FOUR_OCTETS)
    return 2;
  else return 4;
}
#endif

/*   bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
 *   ==> bodyLen - 192 + 192 << 8 = (1st_octet << 8) + (2nd_octet) 
 */

#define LENGTH_TWO_OFFSET (192 * 255)

int
pgp_put_length(struct nettle_buffer *buffer,
	       unsigned length)
{
  if (length < PGP_LENGTH_TWO_OCTETS)
    return NETTLE_BUFFER_PUTC(buffer, length);

  else if (length < PGP_LENGTH_FOUR_OCTETS)
    return pgp_put_uint16(buffer, length + LENGTH_TWO_OFFSET);
  else
    return NETTLE_BUFFER_PUTC(buffer, 0xff) && pgp_put_uint32(buffer, length);
}

/* Uses the "new" packet format */
int
pgp_put_header(struct nettle_buffer *buffer,
	       unsigned tag, unsigned length)
{
  assert(tag < 0x40);

  return (NETTLE_BUFFER_PUTC(buffer, 0xC0 | tag)
	  && pgp_put_length(buffer, length));  
}

/* FIXME: Should we abort or return error if the length and the field
 * size don't match? */
void
pgp_put_header_length(struct nettle_buffer *buffer,
		      /* start of the header */
		      unsigned start,
		      unsigned field_size)
{
  unsigned length;
  switch (field_size)
    {
    case 1:
      length = buffer->size - (start + 2);
      assert(length < PGP_LENGTH_TWO_OCTETS);
      buffer->contents[start + 1] = length;
      break;
    case 2:
      length = buffer->size - (start + 3);
      assert(length < PGP_LENGTH_FOUR_OCTETS
	     && length >= PGP_LENGTH_TWO_OCTETS);
      WRITE_UINT16(buffer->contents + start + 1, length + LENGTH_TWO_OFFSET);
      break;
    case 4:
      length = buffer->size - (start + 5);
      WRITE_UINT32(buffer->contents + start + 2, length);
      break;
    default:
      abort();
    }
}

int
pgp_put_userid(struct nettle_buffer *buffer,
	       unsigned length,
	       const uint8_t *name)
{
  return (pgp_put_header(buffer, PGP_TAG_USERID, length)
	  && pgp_put_string(buffer, length, name));
}

unsigned
pgp_sub_packet_start(struct nettle_buffer *buffer)
{
  return nettle_buffer_space(buffer, 2) ? buffer->size : 0;
}

int
pgp_put_sub_packet(struct nettle_buffer *buffer,
		   unsigned type,
		   unsigned length,
		   const uint8_t *data)
{
  return (pgp_put_length(buffer, length + 1)
	  && NETTLE_BUFFER_PUTC(buffer, type)
	  && pgp_put_string(buffer, length, data));
}

void
pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start)
{
  unsigned length;
  
  assert(start >= 2);
  assert(start <= buffer->size);

  length = buffer->size - start;
  WRITE_UINT32(buffer->contents + start - 2, length);
}

#if WITH_PUBLIC_KEY
int
pgp_put_public_rsa_key(struct nettle_buffer *buffer,
		       const struct rsa_public_key *pub,
		       time_t timestamp)
{
  /* Public key packet, version 4 */
  unsigned start;
  unsigned length;

  /* Size of packet is 16 + the size of e and n */
  length = (4 * 4
	  + nettle_mpz_sizeinbase_256_u(pub->n)
	  + nettle_mpz_sizeinbase_256_u(pub->e));

  if (!pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, length))
    return 0;

  start = buffer->size;
  
  if (! (pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY,
			/* Assume that we need two octets */
			PGP_LENGTH_TWO_OCTETS)
	 && pgp_put_uint32(buffer, 4)        /* Version */  
	 && pgp_put_uint32(buffer, timestamp)/* Time stamp */
	 && pgp_put_uint32(buffer, PGP_RSA)  /* Algorithm */
	 && pgp_put_mpi(buffer, pub->n)
	 && pgp_put_mpi(buffer, pub->e)) )
    return 0;

  assert(buffer->size == start + length);

  return 1;
}

int
pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
			   const struct rsa_private_key *key,
			   const uint8_t *keyid,
			   unsigned type,
			   struct sha1_ctx *hash)
{
  unsigned signature_start = buffer->size;
  unsigned hash_end;
  unsigned sub_packet_start;
  uint8_t trailer[6];
  uint8_t digest16[2];
  mpz_t s;
  
  /* Signature packet. The packet could reasonably be both smaller and
   * larger than 192, so for simplicity we use the 4 octet header
   * form. */

  if (! (pgp_put_header(buffer, PGP_TAG_SIGNATURE, PGP_LENGTH_FOUR_OCTETS)
	 && NETTLE_BUFFER_PUTC(buffer, 4)  /* Version */
	 && NETTLE_BUFFER_PUTC(buffer, type)
	 /* Could also be PGP_RSA_SIGN */
	 && NETTLE_BUFFER_PUTC(buffer, PGP_RSA)
	 && NETTLE_BUFFER_PUTC(buffer, PGP_SHA1)
	 && pgp_put_uint16(buffer, 0)))  /* Hashed subpacket length */
    return 0;

  hash_end = buffer->size;

  sha1_update(hash,
	      hash_end - signature_start,
	      buffer->contents + signature_start);

  trailer[0] = 4; trailer[1] = 0xff;
  WRITE_UINT32(trailer + 2, buffer->size - signature_start);

  sha1_update(hash, sizeof(trailer), trailer);

  {
    struct sha1_ctx hcopy = *hash;
    uint8_t *p = nettle_buffer_space(buffer, 2);
    if (!p)
      return 0;
    
    sha1_digest(&hcopy, 2, p);
  }

  /* One "sub-packet" field with the issuer keyid */
  sub_packet_start = pgp_sub_packet_start(buffer);
  if (!sub_packet_start)
    return 0;

  if (pgp_put_sub_packet(buffer, PGP_SUBPACKET_ISSUER_KEY_ID, 8, keyid))
    {
      pgp_sub_packet_end(buffer, sub_packet_start);
      return 0;
    }
    
  mpz_init(s);
  rsa_sha1_sign(key, hash, s);

  if (!pgp_put_mpi(buffer, s))
    {
      mpz_clear(s);
      return 0;
    }

  mpz_clear(s);
  pgp_put_header_length(buffer, signature_start, 4);

  return 1;
}
#endif /* WITH_PUBLIC_KEY */

#define CRC24_INIT 0x0b704ceL
#define CRC24_POLY 0x1864cfbL

uint32_t
pgp_crc24(unsigned length, const uint8_t *data)
{
  uint32_t crc = CRC24_INIT;

  unsigned i;
  for (i = 0; i<length; i++)
    {
      unsigned j;
      crc ^= ((unsigned) (data[i]) << 16);
      for (j = 0; j<8; j++)
	{
	  crc <<= 1;
	  if (crc & 0x1000000)
	    crc ^= CRC24_POLY;
	}
    }
  assert(crc < 0x1000000);
  return crc;
}


#define WRITE(buffer, s) (nettle_buffer_write(buffer, strlen((s)), (s)))

/* 15 base 64 groups data per line */
#define BINARY_PER_LINE 45
#define TEXT_PER_LINE BASE64_ENCODE_LENGTH(BINARY_PER_LINE)

int
pgp_armor(struct nettle_buffer *buffer,
	  const char *tag,
	  unsigned length,
	  const uint8_t *data)
{
  struct base64_encode_ctx ctx;
  
  unsigned crc = pgp_crc24(length, data);

  base64_encode_init(&ctx);
  
  if (! (WRITE(buffer, "BEGIN PGP ")
	 && WRITE(buffer, tag)
	 && WRITE(buffer, "\nComment: Nettle\n\n")))
    return 0;

  for (;
       length >= BINARY_PER_LINE;
       length -= BINARY_PER_LINE, data += BINARY_PER_LINE)
    {
      unsigned done;
      uint8_t *p
	= nettle_buffer_space(buffer, TEXT_PER_LINE);
      
      if (!p)
	return 0;

      done = base64_encode_update(&ctx, p, BINARY_PER_LINE, data);
      assert(done <= TEXT_PER_LINE);

      /* FIXME: Create some official way to do this */
      buffer->size -= (TEXT_PER_LINE - done);
      
      if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
	return 0;
    }

  if (length)
    {
      unsigned text_size = BASE64_ENCODE_LENGTH(length)
	+ BASE64_ENCODE_FINAL_LENGTH;
      unsigned done;
      
      uint8_t *p
	= nettle_buffer_space(buffer, text_size);
      if (!p)
	return 0;

      done = base64_encode_update(&ctx, p, length, data);
      done += base64_encode_final(&ctx, p + done);

      /* FIXME: Create some official way to do this */
      buffer->size -= (text_size - done);
      
      if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
	return 0;
    }
  /* Checksum */
  if (!NETTLE_BUFFER_PUTC(buffer, '='))
    return 0;

  {
    uint8_t *p = nettle_buffer_space(buffer, 4);
    if (!p)
      return 0;
    base64_encode_group(p, crc);
  }
  
  return (WRITE(buffer, "\nBEGIN PGP ")
	  && WRITE(buffer, tag)
	  && NETTLE_BUFFER_PUTC(buffer, '\n'));
}

1 by Marek Habersack Import upstream version 1.10	1	/* pgp.c
	2	*
	3	* PGP related functions.
	4	*/
	5
	6	/* nettle, low-level cryptographics library
	7	*
	8	* Copyright (C) 2001, 2002 Niels Möller
	9	*
	10	* The nettle library is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU Lesser General Public License as published by
	12	* the Free Software Foundation; either version 2.1 of the License, or (at your
	13	* option) any later version.
	14	*
	15	* The nettle library is distributed in the hope that it will be useful, but
	16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	17	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
	18	* License for more details.
	19	*
	20	* You should have received a copy of the GNU Lesser General Public License
	21	* along with the nettle library; see the file COPYING.LIB. If not, write to
	22	* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	23	* MA 02111-1307, USA.
	24	*/
	25
	26	#if HAVE_CONFIG_H
	27	# include "config.h"
	28	#endif
	29
	30	#include <assert.h>
	31	#include <stdlib.h>
	32	#include <string.h>
	33
	34	#if HAVE_LIBGMP
	35	# include "bignum.h"
	36	# include "pgp.h"
	37	#else /* !HAVE_LIBGMP */
	38	/* Kludge to make it possible to include pgp.h */
	39	# define mpz_t int
	40	# include "pgp.h"
	41	# undef mpz_t
	42	#endif /* !HAVE_LIBGMP */
	43
	44	#if WITH_PUBLIC_KEY
	45	# include "rsa.h"
	46	#endif
	47
	48	#include "base64.h"
	49	#include "buffer.h"
	50	#include "macros.h"
	51
	52	int
	53	pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i)
	54	{
	55	uint8_t *p = nettle_buffer_space(buffer, 4);
	56	if (!p)
	57	return 0;
	58
	59	WRITE_UINT32(p, i);
	60	return 1;
	61	}
	62
	63	int
	64	pgp_put_uint16(struct nettle_buffer *buffer, unsigned i)
65	{
66	uint8_t *p = nettle_buffer_space(buffer, 2);
67	if (!p)
68	return 0;
69
70	WRITE_UINT16(p, i);
71	return 1;
72	}
73
74	#if HAVE_LIBGMP
75	int
76	pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x)
77	{
78	unsigned bits = mpz_sizeinbase(x, 2);
79	unsigned octets = (bits + 7) / 8;
80
81	uint8_t *p;
82
83	/* FIXME: What's the correct representation of zero? */
84	if (!pgp_put_uint16(buffer, bits))
85	return 0;
86
87	p = nettle_buffer_space(buffer, octets);
88
89	if (!p)
90	return 0;
91
92	nettle_mpz_get_str_256(octets, p, x);
93
94	return 1;
95	}
96	#endif
97
98	int
99	pgp_put_string(struct nettle_buffer *buffer,
100	unsigned length,
101	const uint8_t *s)
102	{
103	return nettle_buffer_write(buffer, length, s);
104	}
105
106	#if 0
107	static unsigned
108	length_field(unsigned length)
109	{
110	if (length < PGP_LENGTH_TWO_OCTET)
111	return 1;
112	else if (length < PGP_LENGTH_FOUR_OCTETS)
113	return 2;
114	else return 4;
115	}
116	#endif
117
118	/* bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
119	* ==> bodyLen - 192 + 192 << 8 = (1st_octet << 8) + (2nd_octet)
120	*/
121
122	#define LENGTH_TWO_OFFSET (192 * 255)
123
124	int
125	pgp_put_length(struct nettle_buffer *buffer,
126	unsigned length)
127	{
128	if (length < PGP_LENGTH_TWO_OCTETS)
129	return NETTLE_BUFFER_PUTC(buffer, length);
130
131	else if (length < PGP_LENGTH_FOUR_OCTETS)
132	return pgp_put_uint16(buffer, length + LENGTH_TWO_OFFSET);
133	else
134	return NETTLE_BUFFER_PUTC(buffer, 0xff) && pgp_put_uint32(buffer, length);
135	}
136
137	/* Uses the "new" packet format */
138	int
139	pgp_put_header(struct nettle_buffer *buffer,
140	unsigned tag, unsigned length)
141	{
142	assert(tag < 0x40);
143
144	return (NETTLE_BUFFER_PUTC(buffer, 0xC0 \| tag)
145	&& pgp_put_length(buffer, length));
146	}
147
148	/* FIXME: Should we abort or return error if the length and the field
149	* size don't match? */
150	void
151	pgp_put_header_length(struct nettle_buffer *buffer,
152	/* start of the header */
153	unsigned start,
154	unsigned field_size)
155	{
156	unsigned length;
157	switch (field_size)
158	{
159	case 1:
160	length = buffer->size - (start + 2);
161	assert(length < PGP_LENGTH_TWO_OCTETS);
162	buffer->contents[start + 1] = length;
163	break;
164	case 2:
165	length = buffer->size - (start + 3);
166	assert(length < PGP_LENGTH_FOUR_OCTETS
167	&& length >= PGP_LENGTH_TWO_OCTETS);
168	WRITE_UINT16(buffer->contents + start + 1, length + LENGTH_TWO_OFFSET);
169	break;
170	case 4:
171	length = buffer->size - (start + 5);
172	WRITE_UINT32(buffer->contents + start + 2, length);
173	break;
174	default:
175	abort();
176	}
177	}
178
179	int
180	pgp_put_userid(struct nettle_buffer *buffer,
181	unsigned length,
182	const uint8_t *name)
183	{
184	return (pgp_put_header(buffer, PGP_TAG_USERID, length)
185	&& pgp_put_string(buffer, length, name));
186	}
187
188	unsigned
189	pgp_sub_packet_start(struct nettle_buffer *buffer)
190	{
191	return nettle_buffer_space(buffer, 2) ? buffer->size : 0;
192	}
193
194	int
195	pgp_put_sub_packet(struct nettle_buffer *buffer,
196	unsigned type,
197	unsigned length,
198	const uint8_t *data)
199	{
200	return (pgp_put_length(buffer, length + 1)
201	&& NETTLE_BUFFER_PUTC(buffer, type)
202	&& pgp_put_string(buffer, length, data));
203	}
204
205	void
206	pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start)
207	{
208	unsigned length;
209
210	assert(start >= 2);
211	assert(start <= buffer->size);
212
213	length = buffer->size - start;
214	WRITE_UINT32(buffer->contents + start - 2, length);
215	}
216
217	#if WITH_PUBLIC_KEY
218	int
219	pgp_put_public_rsa_key(struct nettle_buffer *buffer,
220	const struct rsa_public_key *pub,
221	time_t timestamp)
222	{
223	/* Public key packet, version 4 */
224	unsigned start;
225	unsigned length;
226
227	/* Size of packet is 16 + the size of e and n */
228	length = (4 * 4
229	+ nettle_mpz_sizeinbase_256_u(pub->n)
230	+ nettle_mpz_sizeinbase_256_u(pub->e));
231
232	if (!pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, length))
233	return 0;
234
235	start = buffer->size;
236
237	if (! (pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY,
238	/* Assume that we need two octets */
239	PGP_LENGTH_TWO_OCTETS)
240	&& pgp_put_uint32(buffer, 4) /* Version */
241	&& pgp_put_uint32(buffer, timestamp)/* Time stamp */
242	&& pgp_put_uint32(buffer, PGP_RSA) /* Algorithm */
243	&& pgp_put_mpi(buffer, pub->n)
244	&& pgp_put_mpi(buffer, pub->e)) )
245	return 0;
246
247	assert(buffer->size == start + length);
248
249	return 1;
250	}
251
252	int
253	pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
254	const struct rsa_private_key *key,
255	const uint8_t *keyid,
256	unsigned type,
257	struct sha1_ctx *hash)
258	{
259	unsigned signature_start = buffer->size;
260	unsigned hash_end;
261	unsigned sub_packet_start;
262	uint8_t trailer[6];
263	uint8_t digest16[2];
264	mpz_t s;
265
266	/* Signature packet. The packet could reasonably be both smaller and
267	* larger than 192, so for simplicity we use the 4 octet header
268	* form. */
269
270	if (! (pgp_put_header(buffer, PGP_TAG_SIGNATURE, PGP_LENGTH_FOUR_OCTETS)
271	&& NETTLE_BUFFER_PUTC(buffer, 4) /* Version */
272	&& NETTLE_BUFFER_PUTC(buffer, type)
273	/* Could also be PGP_RSA_SIGN */
274	&& NETTLE_BUFFER_PUTC(buffer, PGP_RSA)
275	&& NETTLE_BUFFER_PUTC(buffer, PGP_SHA1)
276	&& pgp_put_uint16(buffer, 0))) /* Hashed subpacket length */
277	return 0;
278
279	hash_end = buffer->size;
280
281	sha1_update(hash,
282	hash_end - signature_start,
283	buffer->contents + signature_start);
284
285	trailer[0] = 4; trailer[1] = 0xff;
286	WRITE_UINT32(trailer + 2, buffer->size - signature_start);
287
288	sha1_update(hash, sizeof(trailer), trailer);
289
290	{
291	struct sha1_ctx hcopy = *hash;
292	uint8_t *p = nettle_buffer_space(buffer, 2);
293	if (!p)
294	return 0;
295
296	sha1_digest(&hcopy, 2, p);
297	}
298
299	/* One "sub-packet" field with the issuer keyid */
300	sub_packet_start = pgp_sub_packet_start(buffer);
301	if (!sub_packet_start)
302	return 0;
303
304	if (pgp_put_sub_packet(buffer, PGP_SUBPACKET_ISSUER_KEY_ID, 8, keyid))
305	{
306	pgp_sub_packet_end(buffer, sub_packet_start);
307	return 0;
308	}
309
310	mpz_init(s);
311	rsa_sha1_sign(key, hash, s);
312
313	if (!pgp_put_mpi(buffer, s))
314	{
315	mpz_clear(s);
316	return 0;
317	}
318
319	mpz_clear(s);
320	pgp_put_header_length(buffer, signature_start, 4);
321
322	return 1;
323	}
324	#endif /* WITH_PUBLIC_KEY */
325
326	#define CRC24_INIT 0x0b704ceL
327	#define CRC24_POLY 0x1864cfbL
328
329	uint32_t
330	pgp_crc24(unsigned length, const uint8_t *data)
331	{
332	uint32_t crc = CRC24_INIT;
333
334	unsigned i;
335	for (i = 0; i<length; i++)
336	{
337	unsigned j;
338	crc ^= ((unsigned) (data[i]) << 16);
339	for (j = 0; j<8; j++)
340	{
341	crc <<= 1;
342	if (crc & 0x1000000)
343	crc ^= CRC24_POLY;
344	}
345	}
346	assert(crc < 0x1000000);
347	return crc;
348	}
349
350
351	#define WRITE(buffer, s) (nettle_buffer_write(buffer, strlen((s)), (s)))
352
353	/* 15 base 64 groups data per line */
354	#define BINARY_PER_LINE 45
355	#define TEXT_PER_LINE BASE64_ENCODE_LENGTH(BINARY_PER_LINE)
356
357	int
358	pgp_armor(struct nettle_buffer *buffer,
359	const char *tag,
360	unsigned length,
361	const uint8_t *data)
362	{
363	struct base64_encode_ctx ctx;
364
365	unsigned crc = pgp_crc24(length, data);
366
367	base64_encode_init(&ctx);
368
369	if (! (WRITE(buffer, "BEGIN PGP ")
370	&& WRITE(buffer, tag)
371	&& WRITE(buffer, "\nComment: Nettle\n\n")))
372	return 0;
373
374	for (;
375	length >= BINARY_PER_LINE;
376	length -= BINARY_PER_LINE, data += BINARY_PER_LINE)
377	{
378	unsigned done;
379	uint8_t *p
380	= nettle_buffer_space(buffer, TEXT_PER_LINE);
381
382	if (!p)
383	return 0;
384
385	done = base64_encode_update(&ctx, p, BINARY_PER_LINE, data);
386	assert(done <= TEXT_PER_LINE);
387
388	/* FIXME: Create some official way to do this */
389	buffer->size -= (TEXT_PER_LINE - done);
390
391	if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
392	return 0;
393	}
394
395	if (length)
396	{
397	unsigned text_size = BASE64_ENCODE_LENGTH(length)
398	+ BASE64_ENCODE_FINAL_LENGTH;
399	unsigned done;
400
401	uint8_t *p
402	= nettle_buffer_space(buffer, text_size);
403	if (!p)
404	return 0;
405
406	done = base64_encode_update(&ctx, p, length, data);
407	done += base64_encode_final(&ctx, p + done);
408
409	/* FIXME: Create some official way to do this */
410	buffer->size -= (text_size - done);
411
412	if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
413	return 0;
414	}
415	/* Checksum */
416	if (!NETTLE_BUFFER_PUTC(buffer, '='))
417	return 0;
418
419	{
420	uint8_t *p = nettle_buffer_space(buffer, 4);
421	if (!p)
422	return 0;
423	base64_encode_group(p, crc);
424	}
425
426	return (WRITE(buffer, "\nBEGIN PGP ")
427	&& WRITE(buffer, tag)
428	&& NETTLE_BUFFER_PUTC(buffer, '\n'));
429	}