diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-09-09 17:16:52 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-09-30 13:49:17 +0200 |
commit | aa21e2404d9502eeea84ff39da03a85c971ea2d3 (patch) | |
tree | ea723d20c230e45899b4268f40bf89e7ff765808 | |
parent | c422b1b317fb760bc6b43cb8055fe0a1305ba3a5 (diff) |
openpgp: Add features to opt-in to experimental crypto backends.
-rw-r--r-- | openpgp/Cargo.toml | 4 | ||||
-rw-r--r-- | openpgp/README.md | 11 | ||||
-rw-r--r-- | openpgp/build.rs | 42 |
3 files changed, 57 insertions, 0 deletions
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml index 015000a8..1d1fa3de 100644 --- a/openpgp/Cargo.toml +++ b/openpgp/Cargo.toml @@ -70,6 +70,10 @@ default = ["compression", "crypto-nettle"] crypto-nettle = ["nettle"] crypto-cng = ["winapi", "win-crypto-ng", "ed25519-dalek", "num-bigint-dig"] +# Experimental and variable-time cryptographic backends opt-ins +allow-experimental-crypto = [] +allow-variable-time-crypto = [] + # The compression algorithms. compression = ["compression-deflate", "compression-bzip2"] compression-deflate = ["flate2", "buffered-reader/compression-deflate"] diff --git a/openpgp/README.md b/openpgp/README.md index 0206ff81..3e0c81c2 100644 --- a/openpgp/README.md +++ b/openpgp/README.md @@ -81,6 +81,17 @@ at compile time. Currently, these libraries are available: include the `crypto-cng` feature to enable it. Currently, the CNG backend requires at least Windows 10. +### Experimental and variable-time cryptographic backends + +Some cryptographic backends are not yet considered mature enough for +general consumption. The use of such backends requires explicit +opt-in using the feature flag `allow-experimental-crypto`. + +Some cryptographic backends can not guarantee that cryptographic +operations require a constant amount of time. This may leak secret +keys in some settings. The use of such backends requires explicit +opt-in using the feature flag `allow-variable-time-crypto`. + ## Compression algorithms Use the `compression` flag to enable support for all compression diff --git a/openpgp/build.rs b/openpgp/build.rs index bc0f09a7..210483e5 100644 --- a/openpgp/build.rs +++ b/openpgp/build.rs @@ -96,4 +96,46 @@ See https://crates.io/crates/sequoia-openpgp#crypto-backends", exit(1); }, } + + // We now have exactly one backend. + assert_eq!(backends.len(), 1); + let backend = &backends[0]; + + // Check its properties. + if ! (backend.production_ready + || cfg!(feature = "allow-experimental-crypto")) + { + eprintln!(" +The cryptographic backend {} is not considered production ready. + +If you know what you are doing, you can opt-in to using experimental +cryptographic backends using the feature flag + + allow-experimental-crypto + +See https://crates.io/crates/sequoia-openpgp#crypto-backends", + backend.name); + exit(1); + } + + if ! (backend.constant_time + || cfg!(feature = "allow-variable-time-crypto")) + { + eprintln!(" +The cryptographic backend {} does not provide constant-time +operations. This has the potential of leaking cryptographic secrets, +enable attackers to forge signatures, or cause other mayhem. + +If you are not using Sequoia in an interactive setting, using +variable-time cryptographic operations is probably safe. + +If you know what you are doing, you can opt-in to using variable-time +cryptographic operations using the feature flag + + allow-variable-time-crypto + +See https://crates.io/crates/sequoia-openpgp#crypto-backends", + backend.name); + exit(1); + } } |