Age | Commit message (Collapse) | Author |
|
- CDefError is not exposed as cffi.error.CDefError, but as
cffi.api.CDefError in python3-cffi 1.9.1-2. This change is
forwards compatible with python3-cffi 1.11.5-3 (from Debian
Testing).
- enum.auto is only available in Python v3.6. Albeit uglier,
manually assigning values works in Python v3.5 (and later).
|
|
- When we transfer ownership from C to Rust, we move the wrapped
object out of the wrapper, and poison the wrapper.
- This prevents reuse of the wrapper object. When a stale reference
is given to us, we check the tag encoding the type information.
- If the tag field is poisoned, we can produce a more helpful error
message. This is not exact, of course. As soon as the memory is
reused, our tag is overwritten.
|
|
|
|
|
|
|
|
- This is a framework for dealing with ownership and references at
the FFI boundary. Previously, we used macros to do that. This
change introduces a more idiomatic interface, we use traits
converting from raw pointers of a wrapper type to objects,
references, or mutable references to a wrapped type.
- For now, we use the wrapped type as wrapper type. We merely
introduce a new mechanism replacing the macro-based one.
- This patch also converts all the derived functions.
- The following patches will convert all the functions that are
already using the ffi_wrapper_type. Once this conversion is done,
we can introduce our own wrapper type.
|
|
- This function was used early on to demonstrate the FFI layer. It
can now be expressed using pgp_tpk_debug().
|
|
|
|
|
|
|
|
|
|
|
|
- For C code fragments, we use the highlight.js highlighter to apply
syntax highlighting. Previously, highlight.js was only used in
the FFI documentation, and was loaded from a CDN.
- We now distribute highlight.js with our documentation. This is
done in the 'doc' make target.
- This helps to protect the privacy of users viewing the
documentation.
- Unfortunately, highlighting no longer works when viewing the
documentation locally in a browser using the file:// scheme.
|
|
- This is the result of the following command:
git grep -il pgp_p_key | while read F ; do sed -E -i -e 's/pgp_p_key/pgp_key/g' $F ; done
- Fixes #155.
|
|
- This change is the result of the following command, which can also
be used to automatically convert existing users of Sequoia's C
API:
git grep -il sq_ | while read F ; do sed -E -i -e 's/sq_(arbitrary_writer_new|armor_reader_from_bytes|armor_reader_from_file|armor_reader_headers|armor_reader_kind|armor_reader_new|armor_writer_new|decrypt|encryptor_new|error_free|error_status|error_string|fingerprint_as_bytes|fingerprint_clone|fingerprint_equal|fingerprint_free|fingerprint_from_bytes|fingerprint_from_hex|fingerprint_hash|fingerprint_to_hex|fingerprint_to_keyid|fingerprint_to_string|keyid_clone|keyid_equal|keyid_free|keyid_from_bytes|keyid_from_hex|keyid_hash|keyid_to_hex|keyid_to_string|key_pair_as_signer|key_pair_free|key_pair_new|literal_writer_new|packet_free|packet_kind|packet_parser_buffer_unread_content|packet_parser_decrypt|packet_parser_eof_free|packet_parser_eof_is_message|packet_parser_finish|packet_parser_free|packet_parser_from_bytes|packet_parser_from_file|packet_parser_from_reader|packet_parser_next|packet_parser_packet|packet_parser_recurse|packet_parser_recursion_depth|packet_parser_result_eof|packet_parser_result_free|packet_parser_result_packet_parser|packet_parser_result_tag|packet_pile_clone|packet_pile_free|packet_pile_from_bytes|packet_pile_from_file|packet_pile_from_reader|packet_pile_serialize|packet_tag|pkesk_decrypt|pkesk_recipient|p_key_alive|p_key_alive_at|p_key_clone|p_key_creation_time|p_key_expired|p_key_expired_at|p_key_fingerprint|p_key_into_key_pair|p_key_keyid|p_key_public_key_algo|p_key_public_key_bits|reader_free|reader_from_bytes|reader_from_fd|reader_from_file|reader_read|revocation_status_free|revocation_status_variant|secret_cached|signature_alive|signature_alive_at|signature_can_authenticate|signature_can_certify|signature_can_encrypt_at_rest|signature_can_encrypt_for_transport|signature_can_sign|signature_expired|signature_expired_at|signature_free|signature_is_group_key|signature_is_split_key|signature_issuer|signature_issuer_fingerprint|signature_to_packet|signer_free|signer_new|signer_new_detached|skesk_decrypt|tag_to_string|tpk_alive|tpk_alive_at|tpk_builder_add_certification_subkey|tpk_builder_add_encryption_subkey|tpk_builder_add_signing_subkey|tpk_builder_add_userid|tpk_builder_autocrypt|tpk_builder_default|tpk_builder_free|tpk_builder_generate|tpk_builder_set_cipher_suite|tpk_clone|tpk_dump|tpk_equal|tpk_expired|tpk_expired_at|tpk_fingerprint|tpk_free|tpk_from_bytes|tpk_from_file|tpk_from_packet_parser|tpk_from_packet_pile|tpk_from_reader|tpk_into_tsk|tpk_is_tsk|tpk_key_iter|tpk_key_iter_free|tpk_key_iter_next|tpk_merge|tpk_merge_packets|tpk_primary|tpk_primary_user_id|tpk_revocation_status|tpk_revoke|tpk_revoke_in_place|tpk_serialize|tpk_set_expiry|tpk_user_id_binding_iter|tsk_free|tsk_into_tpk|tsk_new|tsk_serialize|tsk_tpk|user_attribute_value|user_id_binding_iter_free|user_id_binding_iter_next|user_id_binding_selfsig|user_id_binding_user_id|user_id_value|verification_result_code|verification_result_level|verification_results_at_level|verification_result_signature|verify|writer_alloc|writer_free|writer_from_bytes|writer_from_fd|writer_from_file|writer_stack_finalize|writer_stack_finalize_one|writer_stack_message|writer_stack_write|writer_stack_write_all|writer_write|reader|writer|packet_parser|packet_parser_result|packet_parser_eof|keyid|fingerprint|revocation_status|revocation_status_variant|armor_kind|armor_header|tag|unknown|signature|one_pass_sig|p_key|user_id|user_attribute|literal|compressed_data|pkesk|skesk|seip|mdc|packet|packet_pile|reason_for_revocation|user_id_binding|user_id_binding_iter|tpk_key_iter|tpk|tsk|tpk_builder|tpk_cipher_suite|public_key_algorithm|writer_stack|encryption_mode|secret|verification_results|verification_result|verification_result_code|sequoia_decrypt_get_public_keys_cb_t|sequoia_decrypt_get_secret_keys_cb_t|sequoia_decrypt_check_signatures_cb_t|mpi|signer|key_pair|p_key|status|error)/pgp_\1/g' -e 's/SQ_(ARMOR_KIND_ANY|ARMOR_KIND_FILE|ARMOR_KIND_FORCE_WIDTH|ARMOR_KIND_MESSAGE|ARMOR_KIND_PUBLICKEY|ARMOR_KIND_SECRETKEY|ARMOR_KIND_SIGNATURE|ENCRYPTION_MODE_AT_REST|ENCRYPTION_MODE_FOR_TRANSPORT|PUBLIC_KEY_ALGO_DSA|PUBLIC_KEY_ALGO_ECDH|PUBLIC_KEY_ALGO_ECDSA|PUBLIC_KEY_ALGO_EDDSA|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_FORCE_WIDTH|PUBLIC_KEY_ALGO_RSA_ENCRYPT|PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_RSA_SIGN|REASON_FOR_REVOCATION_FORCE_WIDTH|REASON_FOR_REVOCATION_KEY_COMPROMISED|REASON_FOR_REVOCATION_KEY_RETIRED|REASON_FOR_REVOCATION_KEY_SUPERSEDED|REASON_FOR_REVOCATION_UID_RETIRED|REASON_FOR_REVOCATION_UNSPECIFIED|REVOCATION_STATUS_COULD_BE|REVOCATION_STATUS_FORCE_WIDTH|REVOCATION_STATUS_NOT_AS_FAR_AS_WE_KNOW|REVOCATION_STATUS_REVOKED|STATUS_BAD_SIGNATURE|STATUS_FORCE_WIDTH|STATUS_INDEX_OUT_OF_RANGE|STATUS_INVALID_ARGUMENT|STATUS_INVALID_OPERATION|STATUS_INVALID_PASSWORD|STATUS_INVALID_SESSION_KEY|STATUS_IO_ERROR|STATUS_MALFORMED_MESSAGE|STATUS_MALFORMED_PACKET|STATUS_MALFORMED_TPK|STATUS_MANIPULATED_MESSAGE|STATUS_MISSING_SESSION_KEY|STATUS_NETWORK_POLICY_VIOLATION|STATUS_SUCCESS|STATUS_UNKNOWN_ERROR|STATUS_UNSUPPORTED_AEAD_ALGORITHM|STATUS_UNSUPPORTED_ELLIPTIC_CURVE|STATUS_UNSUPPORTED_HASH_ALGORITHM|STATUS_UNSUPPORTED_PUBLICKEY_ALGORITHM|STATUS_UNSUPPORTED_SIGNATURE_TYPE|STATUS_UNSUPPORTED_SYMMETRIC_ALGORITHM|STATUS_UNSUPPORTED_TPK|TAG_COMPRESSED_DATA|TAG_LITERAL|TAG_MARKER|TAG_MDC|TAG_ONE_PASS_SIG|TAG_PKESK|TAG_PRIVATE|TAG_PUBLIC_KEY|TAG_PUBLIC_SUBKEY|TAG_RESERVED|TAG_SECRET_KEY|TAG_SECRET_SUBKEY|TAG_SED|TAG_SEIP|TAG_SIGNATURE|TAG_SKESK|TAG_TRUST|TAG_UNASSIGNED|TAG_USER_ATTRIBUTE|TAG_USER_ID|TPK_CIPHER_SUITE_CV|TPK_CIPHER_SUITE_FORCE_WIDTH|TPK_CIPHER_SUITE_RSA|VERIFICATION_RESULT_CODE_BAD_CHECKSUM|VERIFICATION_RESULT_CODE_FORCE_WIDTH|VERIFICATION_RESULT_CODE_GOOD_CHECKSUM|VERIFICATION_RESULT_CODE_MISSING_KEY)/PGP_\1/g' $F ; done
|
|
- This creates a new crate, 'sequoia-openpgp-ffi', and moves a
handful of functions from 'sequoia-ffi' to it.
- The 'sequoia-ffi' crate is a superset of the 'sequoia-openpgp-ffi'
crate. This is accomplished by some include! magic.
- My first attempt involved having 'sequoia-ffi' depend on
'sequoia-openpgp-ffi', so that the former just re-exports the
symbols. However, that turned out to be unreliable, and might be
not what we want, because it could also duplicate parts of Rust's
standard library.
- Fixes #144.
|
|
|
|
|
|
Adds an argument to *::revoked to give a timepoint. The function will
then return the revokation status at this time instead of now.
|
|
- Fixes error handling in the Python bindings.
|
|
- This prepares us for the FFI crate split.
- Fixes #158.
|
|
- First, for the two existing functions with an error-pointer.
|
|
- Express existing context-based error handling using the new set of
macros.
|
|
|
|
|
|
- Introduce a macro that emits local macros that implicitly use the
given context to store complex errors.
- This prepares us to decouple error handling from contexts, at
least for the functions that otherwise do not use the context.
|
|
- This prevents stack unwinding across the FFI boundary.
- Fixes #161.
|
|
- Allocate all returned strings using libc's allocator. This has
the advantage that the user can easily use strings and free them
using free(3).
- Fixes #157.
|
|
|
|
|
|
- Using `crypto::Signer`s has several benefits. First, it shifts
the decision which key to use to the caller, moving policy out of
the caller. Second, it forces the caller to deal with encrypted
keys. Finally, it allows us to use remote keys like smart cards
in the future.
- Fixes #142.
|
|
|
|
- The bingings support basic manipulation of OpenPGP data, but are
quite incomplete. Furthermore, the Python API is not very
pythonic in some places, so expect it to break in the future.
|
|
|
|
|
|
|
|
|
|
|
|
- We must use &c_char here instead of *const c_char, because the
former can not be NULL, hence Option<&c_char> gets
NULLable-pointer-optimized (see
https://doc.rust-lang.org/nomicon/ffi.html#the-nullable-pointer-optimization).
|
|
|
|
|
|
- This reflects the fact that destructors may be called with NULL.
|
|
- Previously, Option<&T> was used, primarily because it was more
ergonomic in Rust. However, this gave the impression that the
argument was optional.
- Likewise for mutable references.
- This patch addresses all pointers to Rust values.
- See #149.
|
|
|
|
|
|
|
|
|
|
- `tpk_refs_raw` is a `*mut _`, forgetting it is a nop.
|
|
|
|
|