net: Decouple from core.

- Move core::NetworkPolicy to net::Policy, update all code accordingly.
author: Justus Winter <justus@sequoia-pgp.org> 2021-01-15 09:35:04 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2021-01-15 11:34:49 +0100
commit: 59a59ac5bf9cc9be2698eb35376c3b58fd483252 (patch)
tree: 5eb5c8256c67b8397669c48fae905840c3302866 /ffi
parent: de5c18230ddcad3928ae5c4bd2c1badbe9ec2e92 (diff)
9 files changed, 69 insertions, 74 deletions
diff --git a/ffi/examples/configure.c b/ffi/examples/configure.c
index ca3d781a..6551e196 100644
--- a/ffi/examples/configure.c
+++ b/ffi/examples/configure.c
@@ -25,13 +25,13 @@ main (int argc, char **argv)
   sq_keyserver_t ks;
 
   cfg = sq_context_configure ();
-  sq_config_network_policy (cfg, SQ_NETWORK_POLICY_OFFLINE);
+  sq_config_home (cfg, "/tmp");
   ctx = sq_config_build (cfg, &err);
   if (ctx == NULL)
     error (1, 0, "Initializing sequoia failed: %s",
            pgp_error_to_string (err));
 
-  ks = sq_keyserver_keys_openpgp_org (ctx);
+  ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_OFFLINE);
   if (ks == NULL)
     {
       pgp_error_t err = sq_context_last_error (ctx);
diff --git a/ffi/examples/keyserver.c b/ffi/examples/keyserver.c
index 64c90cdc..08624ea7 100644
--- a/ffi/examples/keyserver.c
+++ b/ffi/examples/keyserver.c
@@ -29,7 +29,7 @@ main (int argc, char **argv)
     error (1, 0, "Initializing sequoia failed: %s",
            pgp_error_to_string (err));
 
-  ks = sq_keyserver_keys_openpgp_org (ctx);
+  ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_ENCRYPTED);
   if (ks == NULL)
     {
       pgp_error_t err = sq_context_last_error (ctx);
diff --git a/ffi/include/sequoia/core.h b/ffi/include/sequoia/core.h
index c7f73f45..c73d54c1 100644
--- a/ffi/include/sequoia/core.h
+++ b/ffi/include/sequoia/core.h
@@ -33,32 +33,6 @@ pgp_error_t sq_context_last_error (sq_context_t ctx);
 typedef struct sq_config *sq_config_t;
 
 /*/
-/// Network policy for Sequoia.
-///
-/// With this policy you can control how Sequoia accesses remote
-/// systems.
-/*/
-typedef enum sq_network_policy {
-  /* Do not contact remote systems.  */
-  SQ_NETWORK_POLICY_OFFLINE = 0,
-
-  /* Only contact remote systems using anonymization techniques like
-   * TOR.  */
-  SQ_NETWORK_POLICY_ANONYMIZED = 1,
-
-  /* Only contact remote systems using transports offering
-   * encryption and authentication like TLS.  */
-  SQ_NETWORK_POLICY_ENCRYPTED = 2,
-
-  /* Contact remote systems even with insecure transports.  */
-  SQ_NETWORK_POLICY_INSECURE = 3,
-
-  /* Dummy value to make sure the enumeration has a defined size.  Do
-     not use this value.  */
-  SQ_NETWORK_POLICY_FORCE_WIDTH = INT_MAX,
-} sq_network_policy_t;
-
-/*/
 /// IPC policy for Sequoia.
 ///
 /// With this policy you can control how Sequoia starts background
@@ -155,11 +129,6 @@ const char *sq_context_home(const sq_context_t ctx);
 const char *sq_context_lib(const sq_context_t ctx);
 
 /*/
-/// Returns the network policy.
-/*/
-sq_network_policy_t sq_context_network_policy(const sq_context_t ctx);
-
-/*/
 /// Returns the IPC policy.
 /*/
 sq_ipc_policy_t sq_context_ipc_policy(const sq_context_t ctx);
@@ -191,11 +160,6 @@ void sq_config_home(sq_config_t cfg, const char *home);
 void sq_config_lib(sq_config_t cfg, const char *lib);
 
 /*/
-/// Sets the network policy.
-/*/
-void sq_config_network_policy(sq_config_t cfg, sq_network_policy_t policy);
-
-/*/
 /// Sets the IPC policy.
 /*/
 void sq_config_ipc_policy(sq_config_t cfg, sq_ipc_policy_t policy);
diff --git a/ffi/include/sequoia/net.h b/ffi/include/sequoia/net.h
index 63311d85..f1d850d3 100644
--- a/ffi/include/sequoia/net.h
+++ b/ffi/include/sequoia/net.h
@@ -9,6 +9,33 @@
 typedef struct sq_keyserver *sq_keyserver_t;
 
 /*/
+/// Network policy for Sequoia.
+///
+/// With this policy you can control how Sequoia accesses remote
+/// systems.
+/*/
+typedef enum sq_network_policy {
+  /* Do not contact remote systems.  */
+  SQ_NETWORK_POLICY_OFFLINE = 0,
+
+  /* Only contact remote systems using anonymization techniques like
+   * TOR.  */
+  SQ_NETWORK_POLICY_ANONYMIZED = 1,
+
+  /* Only contact remote systems using transports offering
+   * encryption and authentication like TLS.  */
+  SQ_NETWORK_POLICY_ENCRYPTED = 2,
+
+  /* Contact remote systems even with insecure transports.  */
+  SQ_NETWORK_POLICY_INSECURE = 3,
+
+  /* Dummy value to make sure the enumeration has a defined size.  Do
+     not use this value.  */
+  SQ_NETWORK_POLICY_FORCE_WIDTH = INT_MAX,
+} sq_network_policy_t;
+
+
+/*/
 /// Returns a handle for the given URI.
 ///
 /// `uri` is a UTF-8 encoded value of a keyserver URI,
@@ -17,6 +44,7 @@ typedef struct sq_keyserver *sq_keyserver_t;
 /// Returns `NULL` on errors.
 /*/
 sq_keyserver_t sq_keyserver_new (sq_context_t ctx,
+				 sq_network_policy_t policy,
 				 const char *uri);
 
 /*/
@@ -29,6 +57,7 @@ sq_keyserver_t sq_keyserver_new (sq_context_t ctx,
 /// Returns `NULL` on errors.
 /*/
 sq_keyserver_t sq_keyserver_with_cert (sq_context_t ctx,
+				       sq_network_policy_t policy,
 				       const char *uri,
 				       const uint8_t *cert,
 				       size_t len);
@@ -41,7 +70,8 @@ sq_keyserver_t sq_keyserver_with_cert (sq_context_t ctx,
 ///
 /// Returns `NULL` on errors.
 /*/
-sq_keyserver_t sq_keyserver_keys_openpgp_org (sq_context_t ctx);
+sq_keyserver_t sq_keyserver_keys_openpgp_org (sq_context_t ctx,
+					      sq_network_policy_t policy);
 
 /*/
 /// Frees a keyserver object.
diff --git a/ffi/include/sequoia/store.h b/ffi/include/sequoia/store.h
index 694aa32c..5fc84d19 100644
--- a/ffi/include/sequoia/store.h
+++ b/ffi/include/sequoia/store.h
@@ -2,6 +2,7 @@
 #define SEQUOIA_STORE_H
 
 #include <sequoia/core.h>
+#include <sequoia/net.h>
 
 /*/
 /// Keys used for communications.
@@ -262,7 +263,8 @@ sq_key_iter_t sq_store_list_keys (sq_context_t ctx);
 /// Opening the mapping with a different network policy is
 /// forbidden.
 /*/
-sq_mapping_t sq_mapping_open (sq_context_t ctx, const char *realm, const char *name);
+sq_mapping_t sq_mapping_open (sq_context_t ctx, sq_network_policy_t policy,
+                              const char *realm, const char *name);
 
 /*/
 /// Adds a key identified by fingerprint to the mapping.
diff --git a/ffi/src/core.rs b/ffi/src/core.rs
index 3051b133..d0dd5138 100644
--- a/ffi/src/core.rs
+++ b/ffi/src/core.rs
@@ -30,7 +30,7 @@
 //! sq_context_t ctx;
 //!
 //! cfg = sq_context_configure ();
-//! sq_config_network_policy (cfg, SQ_NETWORK_POLICY_OFFLINE);
+//! sq_config_ipc_policy (cfg, SQ_IPC_POLICY_ROBUST);
 //! ctx = sq_config_build (cfg, NULL);
 //!
 //! /* Use Sequoia.  */
@@ -111,13 +111,6 @@ fn sq_context_lib(ctx: *const Context) -> *const c_char {
     ctx.c.lib().to_string_lossy().as_bytes().as_ptr() as *const c_char
 }
 
-/// Returns the network policy.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_context_network_policy(ctx: *const Context) -> c_int {
-    let ctx = ffi_param_ref!(ctx);
-    u8::from(ctx.c.network_policy()) as c_int
-}
-
 /// Returns the IPC policy.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
 fn sq_context_ipc_policy(ctx: *const Context) -> c_int {
@@ -164,16 +157,6 @@ fn sq_config_lib(cfg: *mut Config, lib: *const c_char) {
     cfg.set_lib(&lib.as_ref());
 }
 
-/// Sets the network policy.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_config_network_policy(cfg: *mut Config, policy: c_int) {
-    let cfg = ffi_param_ref_mut!(cfg);
-    if policy < 0 || policy > 3 {
-        panic!("Bad network policy: {}", policy);
-    }
-    cfg.set_network_policy((policy as u8).into());
-}
-
 /// Sets the IPC policy.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
 fn sq_config_ipc_policy(cfg: *mut Config, policy: c_int) {
diff --git a/ffi/src/error.rs b/ffi/src/error.rs
index 0eff9226..ebce4e0d 100644
--- a/ffi/src/error.rs
+++ b/ffi/src/error.rs
@@ -4,6 +4,7 @@ use std::io;
 
 use sequoia_openpgp as openpgp;
 use sequoia_core as core;
+use sequoia_net as net;
 pub use crate::openpgp::error::Status;
 
 pub(crate) use crate::openpgp::error::Error;
@@ -16,13 +17,23 @@ impl<'a> FromSequoiaError<'a> for Status {
     fn from_sequoia_error(e: &'a anyhow::Error) -> Self {
         if let Some(e) = e.downcast_ref::<core::Error>() {
             return match e {
-                &core::Error::NetworkPolicyViolation(_) =>
-                    Status::NetworkPolicyViolation,
                 &core::Error::IoError(_) =>
                     Status::IoError,
             }
         }
 
+        if let Some(e) = e.downcast_ref::<net::Error>() {
+            return match e {
+                net::Error::PolicyViolation(_) =>
+                    Status::NetworkPolicyViolation,
+                e => {
+                    // XXX
+                    eprintln!("ffi: net error not converted: {}", e);
+                    Status::UnknownError
+                },
+            }
+        }
+
         if let Some(e) = e.downcast_ref::<openpgp::Error>() {
             return match e {
                 &openpgp::Error::InvalidArgument(_) =>
diff --git a/ffi/src/net.rs b/ffi/src/net.rs
index 60154838..f08a3ef0 100644
--- a/ffi/src/net.rs
+++ b/ffi/src/net.rs
@@ -6,12 +6,10 @@
 //!
 //! # Examples
 //!
-//! We provide a very reasonable default key server backed by
-//! `hkps.pool.sks-keyservers.net`, the subset of the [SKS keyserver]
-//! network that uses https to protect integrity and confidentiality
-//! of the communication with the client:
+//! As reasonable default key server we provide a shortcut to use
+//! [`keys.openpgp.org`]:
 //!
-//! [SKS keyserver]: https://www.sks-keyservers.net/overview-of-pools.php#pool_hkps
+//! [`keys.openpgp.org`]: https://keys.openpgp.org
 //!
 //! ```c
 //! #include <sequoia.h>
@@ -22,7 +20,7 @@
 //! pgp_cert_t cert;
 //!
 //! ctx = sq_context_new (NULL);
-//! ks = sq_keyserver_keys_openpgp_org (ctx);
+//! ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_ENCRYPTED);
 //! id = pgp_keyid_from_bytes ((uint8_t *) "\x24\x7F\x6D\xAB\xC8\x49\x14\xFE");
 //! cert = sq_keyserver_get (ctx, ks, id);
 //!
@@ -54,12 +52,14 @@ use crate::Maybe;
 ///
 /// Returns `NULL` on errors.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_keyserver_new(ctx: *mut Context, uri: *const c_char) -> *mut KeyServer {
+fn sq_keyserver_new(ctx: *mut Context, policy: u8, uri: *const c_char)
+                    -> *mut KeyServer {
     let ctx = ffi_param_ref_mut!(ctx);
     ffi_make_fry_from_ctx!(ctx);
+    let policy = policy.into();
     let uri = ffi_param_cstr!(uri).to_string_lossy();
 
-    ffi_try_box!(KeyServer::new(&ctx.c, &uri))
+    ffi_try_box!(KeyServer::new(policy, &uri))
 }
 
 /// Returns a handle for the given URI.
@@ -70,12 +70,13 @@ fn sq_keyserver_new(ctx: *mut Context, uri: *const c_char) -> *mut KeyServer {
 ///
 /// Returns `NULL` on errors.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_keyserver_with_cert(ctx: *mut Context,
+fn sq_keyserver_with_cert(ctx: *mut Context, policy: u8,
                           uri: *const c_char,
                           cert: *const u8,
                           len: size_t) -> *mut KeyServer {
     let ctx = ffi_param_ref_mut!(ctx);
     ffi_make_fry_from_ctx!(ctx);
+    let policy = policy.into();
     let uri = ffi_param_cstr!(uri).to_string_lossy();
 
     if cert.is_null() {
@@ -88,7 +89,7 @@ fn sq_keyserver_with_cert(ctx: *mut Context,
 
     let cert = ffi_try!(Certificate::from_der(cert)
                     .map_err(|e| ::anyhow::Error::from(e)));
-    ffi_try_box!(KeyServer::with_cert(&ctx.c, &uri, cert))
+    ffi_try_box!(KeyServer::with_cert(policy, &uri, cert))
 }
 
 /// Returns a handle for keys.openpgp.org.
@@ -98,10 +99,12 @@ fn sq_keyserver_with_cert(ctx: *mut Context,
 ///
 /// Returns `NULL` on errors.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_keyserver_keys_openpgp_org(ctx: *mut Context) -> *mut KeyServer {
+fn sq_keyserver_keys_openpgp_org(ctx: *mut Context, policy: u8)
+                                 -> *mut KeyServer {
     let ctx = ffi_param_ref_mut!(ctx);
     ffi_make_fry_from_ctx!(ctx);
-    ffi_try_box!(KeyServer::keys_openpgp_org(&ctx.c))
+    let policy = policy.into();
+    ffi_try_box!(KeyServer::keys_openpgp_org(policy))
 }
 
 /// Frees a keyserver object.
diff --git a/ffi/src/store.rs b/ffi/src/store.rs
index 482f0dec..65372d78 100644
--- a/ffi/src/store.rs
+++ b/ffi/src/store.rs
@@ -190,15 +190,17 @@ fn sq_log_iter_free(iter: Option<&mut LogIter>) {
 /// forbidden.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
 fn sq_mapping_open(ctx: *mut Context,
+                   policy: u8,
                  realm: *const c_char,
                  name: *const c_char)
                  -> *mut Mapping {
     let ctx = ffi_param_ref_mut!(ctx);
     ffi_make_fry_from_ctx!(ctx);
+    let policy = policy.into();
     let realm = ffi_param_cstr!(realm).to_string_lossy();
     let name = ffi_param_cstr!(name).to_string_lossy();
 
-    ffi_try_box!(Mapping::open(&ctx.c, &realm, &name))
+    ffi_try_box!(Mapping::open(&ctx.c, policy, &realm, &name))
 }
 
 /// Frees a sq_mapping_t.
author	Justus Winter <justus@sequoia-pgp.org>	2021-01-15 09:35:04 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2021-01-15 11:34:49 +0100
commit	59a59ac5bf9cc9be2698eb35376c3b58fd483252 (patch)
tree	5eb5c8256c67b8397669c48fae905840c3302866 /ffi
parent	de5c18230ddcad3928ae5c4bd2c1badbe9ec2e92 (diff)