summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2023-02-07XXX: Add certificate store support to sq.neal/cert-storeNeal H. Walfield
2023-02-02ipc: Release 0.30.1.ipc/v0.30.1Neal H. Walfield
2023-02-02openpgp: Handle an unexpected EOF in `RawCertParser::next` betterNeal H. Walfield
- When `RawCertParser::next` encounters EOF while reading the packet body, stop processing the input.
2023-02-01ipc: Fix the keybox parserNeal H. Walfield
- The current implementation of the parser cuts off the last eight bytes of the certificate data, based on the assumption that they are a magic fingerprint. - Additional research indicates that they are actually a valid gpg-specific trust packet, and the trust packet is not always present. - Since Sequoia has no problem parsing and ignoring trust packets from gpg, and the trust packets are not always there, simply return the certificate data as is. - Fixes #981.
2023-02-01ipc: Release 0.30.0.ipc/v0.30.0Neal H. Walfield
2023-02-01Update release-checklist.mdNeal H. Walfield
2023-02-01openpgp: Avoid creating a Buffered reader when parsing packets.Neal H. Walfield
- For each packet type, add a private function `from_buffered_reader`. - Implement `Parse::from_reader` and `Parse::from_bytes` in terms of `from_buffered_reader`. For `Parse::from_bytes`, this means that we can wrap the input in a `buffered_reader::Memory`, which is much faster than a `buffered_reader::Generic`, which we use now. - Note: `PacketParserBuilder` and by extension `Cert` already implement this optimimzation.
2023-01-26net: Switch to OpenSSL for DNSSEC validation.Wiktor Kwapisiewicz
2023-01-26CI: Make side-effect-free jobs interruptible.Wiktor Kwapisiewicz
- Mark all jobs that are without side effects as interruptible. - It should make updating commits build faster. - One notable exception is `docker-build-push` job that is left untouched. - See: https://docs.gitlab.com/ee/ci/yaml/#interruptible
2023-01-23ipc: Only build the Unix Domain Socket emulation code on Windows.Justus Winter
- This fixes a test failure on big endian systems. No big endian Windows systems are known to exist.
2023-01-23buffered-reader, openpgp: Fix overflow calculating buffer capacitiesJustus Winter
- Fixes #3e188fb312ad4db1395f5e836bffaf2034b88a42.
2023-01-22CI: make docker storage driver implicitDevan Carpenter
For dind (docker-in-docker) jobs, we want to inherit the storage driver configuration from the runner itself. This is necessary because storage backends may be different between docker daemons running on separate runner hosts. In the runner config (/etc/gitlab-runner/config.toml) we may set this environment variable with the "evironment" key. eg. environment = ["DOCKER_DRIVER=zfs"]
2023-01-19openpgp: Improve tracing.Justus Winter
2023-01-19CI: use aufs docker storage driverDevan Carpenter
Switching the job which uses dind (docker-in-docker) to use the AUFS storage driver due to the underlying filesystem being ZFS. The default overlay2 driver will not work on ZFS, and thus the job will fail.
2023-01-19Fix EC curve detection.Wiktor Kwapisiewicz
- Some systems have smaller set of supported curves and even though the curve identifiers are compiled in the usage of the curve fails. - Try to construct an `EcGroup` using retrieved `Nid` as this is a cheap check that will fail if the curve is truly unsupported. - Fixes #976.
2023-01-11net: Release 0.26.0.net/v0.26.0Justus Winter
2023-01-11autocrypt: Release 0.25.0.autocrypt/v0.25.0Justus Winter
2023-01-11sq: Feature cleanup, add new cryptographic backends.Justus Winter
- Enable sequoia-openpgp/default by default, notably this enables support for deflate compression which was missing. - Expose the compression features. - Add the OpenSSL and RustCrypto backends.
2023-01-07ipc: Make gnupg::KeyPair usable in async contexts.Justus Winter
- See if we are executing under a tokio async runtime, and if so, start a new one on a different thread. - This works around a design problem with the openpgp::crypto::{Signer, Decryptor} traits that use sync functions, but our implementation of the traits is async. We used to unconditionally start a tokio runtime and block to hide the async nature of the implementation, but that leads to panics if the current thread is already managed by a tokio runtime. This is a really easy mistake to make, and is not detected by the type system.
2023-01-06openpgp: Release v1.13.0.openpgp/v1.13.0Neal H. Walfield
2023-01-06buffered-reader: Release 1.1.4.buffered-reader/v1.1.4Neal H. Walfield
2023-01-06ci: Use images from our docker registry.Justus Winter
2023-01-06ci: Remove the Arm64 jobs as we don't have such a machine anymore.Justus Winter
2023-01-06openpgp: Add convenient accessor functions to RawCert.Neal H. Walfield
- The main reason to use a `RawCertParser` is to avoid having to parse certificates that are definitely not needed in the current context. - Add some convenient accessor functions to `RawCert`: `RawCert::primary_key`, `RawCert::keys`, `RawCert::subkeys`, and `RawCert::UserID` to make this easier.
2023-01-06openpgp: Split certificates without parsing the packets.Neal H. Walfield
- Add `RawCertParser`, which splits keyrings into individual certificates, similar to `CertParser`, but without invoking the heavy machinery of the `CertParser`. - `RawCertParser` uses the OpenPGP framing information to identify the packets, and it makes sure that the packets form a valid TPK or TSK as per Sections 11.1 and 11.2 of RFC 4880, respectively.
2023-01-06openpgp: When a packet source returns an error, don't assume EOF.Neal H. Walfield
- When a packet source returns an error to `CertParser::next`, don't assume that that means EOF. Subsequent calls may still return packets.
2023-01-06openpgp: Don't wait for EOF to return a queued error.Neal H. Walfield
- When `CertParser::next` is called and there is a queued error, return it immediately; don't wait for an EOF.
2023-01-06openpgp: Better handle multiple errors.Neal H. Walfield
- When `CertParser::next` encounters an error reading the next packet, and then encounters an error creating the queued certificate, queue the second error, and return the first one.
2023-01-06openpgp: Fix PacketParser to return the packet preceding any junk.Neal H. Walfield
- If the `PacketParser` encounters junk (i.e., corruption) and is able to find a valid packet within `RECOVERY_THRESHOLD` bytes of the end of the last valid packet, it recovers by converting the junk to an `Unknown` packet, and continuing to parse. - Extend this recovery mechanism to junk at the end of the file. If the `PacketParser` encounters up to `RECOVERY_THRESHOLD` bytes of junk at the end of the file, convert that data into an `Unknown` packet instead of immediately returning an error. - By returning an `Unknown` packet instead of an error, we also return the last buffered packet, which was otherwise lost. - When converting `RECOVERY_THRESHOLD` bytes of junk into an `Unknown` packet, queue an error (in `PacketParserState`) so that the next call to `PacketParser::next` will not continue trying to parse the input, but return an unrecoverable error. - Fixes #967.
2023-01-06openpgp: KeyringValidator::push should allow unknown packages.Neal H. Walfield
- When pushing a tag using `KeyringValidator::push`, allow the `Tag::Unknown` and `Tag::Private` variants. - The grammar already allows them.
2023-01-06openpgp: Improve tracing output.Neal H. Walfield
- When tracing is enabled, log what the iterator returned from `CertParser::From<PacketParserResult>` does.
2023-01-06openpgp: Reduce debug output.Neal H. Walfield
- When tracing the execution of a `PacketParser`, don't emit the `BufferedReader`, as this can result in a huge amount of unreadable output.
2023-01-06openpgp: Make PacketParser::plausible_cert more generic.Neal H. Walfield
- Make `PacketParser::plausible_cert` generic over the cookie so that it is usable with generic `BufferedReader`s.
2023-01-06openpgp: Remove unused field.Neal H. Walfield
- `CertParser::saw_error` is set, but never read. Remove it.
2023-01-06openpgp: Update NEWS regarding the OpenSSL backend.Neal H. Walfield
2023-01-06openpgp: Add missing NEWS for 1.12.0.Neal H. Walfield
2023-01-06buffered-reader, openpgp: Change the default buffer size.Neal H. Walfield
- Change the default buffer size from 8 KB to 32 KB. - Benchmarking using the chameleon reading a 23 MB cert-d with about 800 certificates, and verifying a signature over a short (2 KB) message, showed that 32 KB is optimal. In particular, 16 KB and 64 KB buffer sizes were, respectively, 10% and 30% worse.
2023-01-06buffered-reader, openpgp: Fix buffering.Neal H. Walfield
- When `buffered_reader::Generic::data_helper` is called and the amount of data that is requested exceeds the amount of data that is available, we read from the underlying reader. - When determining how much to read from the underlying reader, we took the maximum of the amount requested and the default buffer size, and then subtracted the amount of data that is available. - This means that when the amount requested is greater than the buffer size, we would read exactly the amount requested. This is problematic for two reasons. First, it is not unusual for a user of a `BufferedReader` to not consume the data (e.g., a `buffer_reader::Dup` never consumes data). In that case, once calls to `BufferedReader::data` request more than the default buffer size, the `BufferedReader` would forward any reads to the underlying reader, and append the result to the available data to create a single continuous `Vec<u8>`. Second, many of these reads are for just one more byte than is available. The consequence is that once the amount requested exceeds the amount available, many subsequent reads would read from the underlying reader, and `memcpy` the data held by the `BufferedReader`, which destroyed the performance. - Avoid most of the reads and the `memcpy`s by changing the behavior of `buffered_reader::Generic::data_helper` as follows: if the amount requested exceeds the amount available, try to read the amount requested plus the buffer size minus what is available. - Make the same change to `openpgp::armor::Reader`. - Fixes #969. Co-authored-by: Justus Winter <justus@sequoia-pgp.org>
2023-01-06buffered-reader: Set the buffer size using an environment variableNeal H. Walfield
- If the environment variable `SEQUOIA_BUFFERED_READER_BUFFER` is set, and we are able to parse it as a usize, use it as the default buffer size.
2023-01-06openpgp: Fix typos found by codespellDimitri Papadopoulos
These are typos in comments only.
2023-01-05Don't select a cryptograhic backend in non-leaf crates.Justus Winter
- This way, only the leaf package has to concern itself with the selection of a cryptographic backend for Sequoia. Notably, we don't have to repeat all of sequoia-openpgp's features in all crates that use sequoia-openpgp. - Enable the new feature resolver which allows for this method. - A complication arises because we want to make `cargo test` work by default for the intermediate crates without developers having to select a cryptographic backend. To make that work, we implicitly select a backend in the dev dependencies which are enabled when compiling the tests. To make it even more convenient, we select the most convenient backend, which is CNG for Windows and Nettle, our default, for every other platform. - Now that we have implicitly selected CNG on Windows for running the tests, when the user wants to use Nettle on Windows, and does `cargo test --features sequoia-openpgp/crypto-nettle`, then two backends are selected: the implicitly selected CNG and the explicitly selected Nettle. In this case, we detect that an implicit selection has been made, and ignore the implicitly selected backend. Now, this has already been compiled by cargo (remember that we cannot influence the set of dependencies at the time the build script is run), but we can still ignore the implicit backend using conditional compilation (i.e. it will not be included in the resulting binary). The same happens on non-Windows platforms where Nettle is the implicit default for tests when the user explicitly requests a different backend. In both cases, Nettle and CNG are slim wrappers around native libraries, so the wasted compilation time is low.
2022-12-23Port to Rust Edition 2021.Justus Winter
2022-12-23ipc: Bump clap to 3.Justus Winter
2022-12-22openpgp: Add OpenSSL cryptographic backend.Wiktor Kwapisiewicz
- Adds the backend behind `crypto-openssl` feature. - Add CI configuration to run tests with the new backend. - See #333.
2022-12-21openpgp: Check for supported AEAD ciphersuite in tests.Wiktor Kwapisiewicz
- Previously the AEAD roundtrip test checked supported symmetric ciphers and AEAD algorithms separately but only certain combinations of them are valid in some libraries. - See: https://openpgp-wg.gitlab.io/rfc4880bis/#name-preferred-aead-ciphersuites
2022-12-21openpgp: Add tests for correct ordering of Ed/Cv25519.Wiktor Kwapisiewicz
- Reversing of Cv25519 compared to X25519 and Ed25519 is a common source of confusion. - Add unit tests to check for correct secret key byte order.
2022-12-21openpgp: Adjust test suite to filter out unsupported AEAD algorithms.Wiktor Kwapisiewicz
2022-12-21openpgp: Adjust error messages on decryption failures.Wiktor Kwapisiewicz
2022-12-21openpgp: Make AEAD interface functions fallible.Wiktor Kwapisiewicz
- Some backends may want to propagate their internal errors to the caller. - Modify all functions to return Results and their clients to either propagate the error or handle it.
2022-12-21openpgp: Change `decrypt` into `decrypt_verify`.Wiktor Kwapisiewicz
- Some backends want to verify the AEAD block by themselves and need the tag to be passed in. - Change two step `decrypt` + `digest` into a one step `decrypt_verify`. - Old backends are modified to work like they did previously by utilizing decryption and the digest operation. - New backends can implement `decrypt_verify` using their respective cryptographic primitives.