diff options
author | Neal H. Walfield <neal@pep.foundation> | 2019-01-29 10:22:46 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2019-01-29 10:22:46 +0100 |
commit | bff390b189ac92012a3c25e8c361013c78698fd3 (patch) | |
tree | 4460d76b3d396c48d7974ba49cad2ed08f08abf9 /openpgp-ffi/src | |
parent | ee276a2dc55fd55f22494e9e70187f060fb2f151 (diff) |
openpgp: TPKBuilder::autocrypt should not default to an empty UID
- TPKBuilder::autocrypt created a TPK with a single User ID, as
required by the Autocrypt specification. Since no User ID was
passed, it used the empty string.
- An empty User ID is a bit surprising, and it is unclear if it is
even a reasonable default (GnuPG rejects it). But, even if the
programmer is aware of this, adding a new user ID does not replace
the empty User ID, and removing the empty User ID is a pain.
- Change the API to better match typical usage: have the constructor
take the User ID.
- Nevertheless, preserve the flexibility by making the User ID
optional to allow the caller to add a User ID later. In this
case, a non-autocrypt compliant TPK with no User ID is created
instead of an empty User ID.
- Closes #146.
Diffstat (limited to 'openpgp-ffi/src')
-rw-r--r-- | openpgp-ffi/src/tpk.rs | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs index b4026604..1649a6ae 100644 --- a/openpgp-ffi/src/tpk.rs +++ b/openpgp-ffi/src/tpk.rs @@ -574,10 +574,25 @@ pub extern "system" fn pgp_tpk_builder_default() -> *mut TPKBuilder { /// Generates a key compliant to [Autocrypt Level 1]. /// +/// Autocrypt requires a user id, however, if `uid` is NULL, a TPK is +/// created without any user ids. It is then the caller's +/// responsibility to ensure that a user id is added later. +/// +/// `uid` must contain valid UTF-8. If it does not contain valid +/// UTF-8, then the invalid code points are silently replaced with +/// `U+FFFD REPLACEMENT CHARACTER`. +/// /// [Autocrypt Level 1]: https://autocrypt.org/level1.html #[::ffi_catch_abort] #[no_mangle] -pub extern "system" fn pgp_tpk_builder_autocrypt() -> *mut TPKBuilder { - box_raw!(TPKBuilder::autocrypt(Autocrypt::V1)) +pub extern "system" fn pgp_tpk_builder_autocrypt(uid: *const c_char) + -> *mut TPKBuilder +{ + let uid = if uid.is_null() { + None + } else { + Some(ffi_param_cstr!(uid).to_string_lossy()) + }; + box_raw!(TPKBuilder::autocrypt(Autocrypt::V1, uid)) } /// Frees an `pgp_tpk_builder_t`. @@ -607,6 +622,10 @@ pub extern "system" fn pgp_tpk_builder_set_cipher_suite /// Adds a new user ID. The first user ID added replaces the default /// ID that is just the empty string. +/// +/// `uid` must contain valid UTF-8. If it does not contain valid +/// UTF-8, then the invalid code points are silently replaced with +/// `U+FFFD REPLACEMENT CHARACTER`. #[::ffi_catch_abort] #[no_mangle] pub extern "system" fn pgp_tpk_builder_add_userid (tpkb: *mut *mut TPKBuilder, uid: *const c_char) |