Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
- This patch series adds methods to query key constraints and other
key-related signature subpackets to trait Amalgamation.
Key-related subpackets are relevant to all components. Recall
that primary key constraints may be expressed on userid binding
signatures, and that userid components may be stripped off.
- We do the same for the key holder's preference packets. These
subpackets are not relevant to subkeys, therefore we introduced a
new trait Preferences that is implemented for valid componentsand
primary keys.
- Add the original test case from the bug report.
- Fixes #215.
|
|
- This trait allows querying of the key holder's preferences. It is
implemented for ValidComponentAmalgamation and
ValidPrimaryKeyAmalgamation.
|
|
|
|
|
|
|
|
|
|
- See previous commit.
|
|
- See previous commit.
|
|
- This unifies key flag lookup across all amalgamations.
- While it may seem odd to query key flags on userid amalgamations,
this actually makes sense. It provides the primary key's flags if
all but the amalgamation's userid is stripped from the
certificate.
|
|
|
|
|
|
|
|
- Add a test to make sure we can use the policy object to invalidate
a binary signature.
|
|
- Move the autocrypt-related functionality to a new crate.
- Fixes #424.
|
|
|
|
|
|
- All the trace messages are gone except for the summary.
|
|
- This improves usability, e.g. when copy&pasting.
- Fixes #422.
|
|
|
|
|
|
- Fixes #427.
|
|
|
|
|
|
- Likewise KeyBinding, UserIDBinding, UserAttributeBinding,
UnknownBinding, etc.
- Reason: a self-signature on a component is a binding, but
revocations and TPSes are not bindings.
- Consistently call collections of components and associated
signatures bundles now. Likewise for fields, methods.
- Fixes #425.
|
|
|
|
- Previously, signatures following an unknown packet (like a version
3 signature) were attributed to the unknown component. To fix
that, try to reorder all signatures on unknown components. If we
fail, we put them back where we found them, assuming they are at
the correct location on an component unknown to us.
- Also split signatures of unknown components.
- Add test case.
|
|
- The signatures are ordered from authenticated and most important
to not authenticated and most likely to be abused. The order is:
- Self revocations first. They are authenticated and the most
important information.
- Self signatures. They are authenticated.
- Other signatures. They are not authenticated at this point.
- Other revocations. They are not authenticated, and likely not
well supported in other implementations, hence the least
reliable way of revoking keys and therefore least useful and
most likely to be abused.
|
|
|
|
|
|
|
|
- We now add components without binding signatures. They should be
kept, be enumerable, but ignored if a policy is applied. After
all, it could be that we merely do not understand a signature.
|
|
- The cost of missing a revocation certificate merely because we put
it into the wrong place seem to outweigh the cost of duplicating
it.
|
|
- In Writer::drop, assert that the writer has been taken in debug
mode. This forces the user to use Writer::finalize, and handle
the errors that might happen. In release builds, we just do our
best to finalize the armor writer.
- This is a carrot-and-stick approach to a shortcoming in Rust's
type system which cannot enforce that a value is consumed (see
https://github.com/rust-lang/rfcs/issues/2642). Our carrot is
that you get the inner writer back by calling finalize, the stick
is crashing in debug builds if you don't.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Use armor::Writer::finalize to properly handle the errors.
- Account for the newline in comments.
|
|
|
|
|
|
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
|
|
|
|
|
|
- This cleanly avoids creating a linked list of references on the
stack that grows every time we call into_inner.
|
|
- Also, make PacketHeaderParser polymorphic over
BufferedReader<Cookie> at the same time.
|