Age | Commit message (Collapse) | Author |
|
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- Fixes #507.
|
|
|
|
- Add the `UserID`, `UserIDAmalgamation` and
`ValidUserIDAmalgamation` types, and some associated methods.
- Replace the use of `UserIDBundle` with `UserIDAmalgamation` and
`ValidUserIDAmalgamation`.
|
|
- Cf. c4f087f886bd66f4177093569db615dc1c1e9e1d
|
|
- Previously, we transformed data and detached signatures into
signed messages on the fly, then used the streaming Verifier to
verify the message. However, this introduces a nontrivial
overhead, even if unnecessary copies are carefully avoided.
- Instead, specialize the streaming Decryptor to handle detached
signatures. use crypto::hash_buffered_reader to compute the
hashes over the data, then attach the computed signatures to the
signature packets, and use Decryptor's verification machinery.
- While this is arguably less elegant, it is much simpler, and a lot
faster. Notably, if we operate on files and can mmap them into
memory, we can compute the hash in one call to the compression
function. Verification of detached signatures is an important use
case, so this speedup outweighs the loss of elegance.
- Fixes #457.
|
|
- Introduce `KeyAmalgamation` and `ValidKeyAmalgamation` to the C
FFI.
- Change pgp_cert_key_iter_next and pgp_cert_valid_key_iter_next to
return them instead of keys.
|
|
- Add a new Null Policy, which accepts everything.
|
|
- Split VerificationResult into Result<GoodChecksum,
VerificationError>.
- Fixes #416.
|
|
|
|
- Likewise KeyBinding, UserIDBinding, UserAttributeBinding,
UnknownBinding, etc.
- Reason: a self-signature on a component is a binding, but
revocations and TPSes are not bindings.
- Consistently call collections of components and associated
signatures bundles now. Likewise for fields, methods.
- Fixes #425.
|
|
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
|
|
- This is better expressed as an error.
|
|
- KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
take a time stamp so they could only be used for filtering keys
based on their current state, not their state at some time in the
past. Adding a time stamp to each of the filters would have fixed
the problem, but it would have made the interface ugly: callers
always want the same time stamp for all filters.
- Split KeyIter into two structures: a KeyIter and a ValidKeyIter.
- Add KeyIter::policy. It takes a time stamp, which is then used
for filters like `alive` and `revoked`, and it returns a
ValidKeyIter, which exposes filters that require a time stamp.
|
|
|
|
|
|
- Fixes #387.
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
- Return a different `VerificationResult` for signatures that are
not alive (BadSignature) from signatures that are actually
bad (BadCheck).
|
|
- Force pgp_tag_t to have a defined size, and return integers of
that size from the ffi glue.
- This problem did only manifest itself when compiling with
opt-level=1.
|
|
- Instead of giving a set of TPKs to the encryptor, hand in a set of
recipients, which are (keyid, key)-tuples, conveniently created
from key queries over TPKs. This simplifies the encryptor, and
makes the key selection explicit.
- Drop the EncryptionMode type.
- As a nice side effect, we can now generate encrypted messages with
wildcard recipient addresses.
|
|
- This introduces a configurable limit for
non-data (i.e. non-container) packets. This prevents a trivial
DoS on our parser, which previously assumed that all non-data
packets can be buffered.
- Fixes #242.
|
|
- Introduce two new types, `Encrypted` and `Unencrypted`, to make
the fields of enum `SecretKey` private. Add accessors, implement
From<..> to make the new types ergonomic to use, update callsites.
|
|
|
|
|
|
- DecryptionHelper has a default NULL implementation of the inspect
callback. Allow C code to override it by exposing it in the
pgp_decryptor_new API.
|
|
|
|
- Fixes #100.
|
|
|
|
|
|
|
|
- See #156.
|
|
|
|
- Simplify the protocol by removing the iteration. Instead, the
callee gets a proxy for PacketParser::decrypt() that she can use
to decrypt the message. If successful, the session key can be
cached without involving the DecryptionHelper trait. This also
allows us to dump session keys.
- Fixes #219.
|
|
|
|
|
|
- Fixes e3cb52fede1872f93371677224201228a62ae6ce.
|
|
- public and this are C++ keywords, avoid them.
|
|
|
|
- pgp_key_t was declared multiple times, once in <sequoia/openpgp.h>
and again in <sequoia/openpgp/crypto.h>. Although the definitions
were the same, this causes gcc to emit a warning, which is
particularly annoying when combined with -Werror.
- It's hard to remove one of the declarations as this would create a
circular dependency.
- To break this circular dependency, we move all of the type
declarations to a separate header file.
|
|
|
|
|
|
- This is the result of the following command:
git grep -il pgp_p_key | while read F ; do sed -E -i -e 's/pgp_p_key/pgp_key/g' $F ; done
- Fixes #155.
|
|
- This change is the result of the following command, which can also
be used to automatically convert existing users of Sequoia's C
API:
git grep -il sq_ | while read F ; do sed -E -i -e 's/sq_(arbitrary_writer_new|armor_reader_from_bytes|armor_reader_from_file|armor_reader_headers|armor_reader_kind|armor_reader_new|armor_writer_new|decrypt|encryptor_new|error_free|error_status|error_string|fingerprint_as_bytes|fingerprint_clone|fingerprint_equal|fingerprint_free|fingerprint_from_bytes|fingerprint_from_hex|fingerprint_hash|fingerprint_to_hex|fingerprint_to_keyid|fingerprint_to_string|keyid_clone|keyid_equal|keyid_free|keyid_from_bytes|keyid_from_hex|keyid_hash|keyid_to_hex|keyid_to_string|key_pair_as_signer|key_pair_free|key_pair_new|literal_writer_new|packet_free|packet_kind|packet_parser_buffer_unread_content|packet_parser_decrypt|packet_parser_eof_free|packet_parser_eof_is_message|packet_parser_finish|packet_parser_free|packet_parser_from_bytes|packet_parser_from_file|packet_parser_from_reader|packet_parser_next|packet_parser_packet|packet_parser_recurse|packet_parser_recursion_depth|packet_parser_result_eof|packet_parser_result_free|packet_parser_result_packet_parser|packet_parser_result_tag|packet_pile_clone|packet_pile_free|packet_pile_from_bytes|packet_pile_from_file|packet_pile_from_reader|packet_pile_serialize|packet_tag|pkesk_decrypt|pkesk_recipient|p_key_alive|p_key_alive_at|p_key_clone|p_key_creation_time|p_key_expired|p_key_expired_at|p_key_fingerprint|p_key_into_key_pair|p_key_keyid|p_key_public_key_algo|p_key_public_key_bits|reader_free|reader_from_bytes|reader_from_fd|reader_from_file|reader_read|revocation_status_free|revocation_status_variant|secret_cached|signature_alive|signature_alive_at|signature_can_authenticate|signature_can_certify|signature_can_encrypt_at_rest|signature_can_encrypt_for_transport|signature_can_sign|signature_expired|signature_expired_at|signature_free|signature_is_group_key|signature_is_split_key|signature_issuer|signature_issuer_fingerprint|signature_to_packet|signer_free|signer_new|signer_new_detached|skesk_decrypt|tag_to_string|tpk_alive|tpk_alive_at|tpk_builder_add_certification_subkey|tpk_builder_add_encryption_subkey|tpk_builder_add_signing_subkey|tpk_builder_add_userid|tpk_builder_autocrypt|tpk_builder_default|tpk_builder_free|tpk_builder_generate|tpk_builder_set_cipher_suite|tpk_clone|tpk_dump|tpk_equal|tpk_expired|tpk_expired_at|tpk_fingerprint|tpk_free|tpk_from_bytes|tpk_from_file|tpk_from_packet_parser|tpk_from_packet_pile|tpk_from_reader|tpk_into_tsk|tpk_is_tsk|tpk_key_iter|tpk_key_iter_free|tpk_key_iter_next|tpk_merge|tpk_merge_packets|tpk_primary|tpk_primary_user_id|tpk_revocation_status|tpk_revoke|tpk_revoke_in_place|tpk_serialize|tpk_set_expiry|tpk_user_id_binding_iter|tsk_free|tsk_into_tpk|tsk_new|tsk_serialize|tsk_tpk|user_attribute_value|user_id_binding_iter_free|user_id_binding_iter_next|user_id_binding_selfsig|user_id_binding_user_id|user_id_value|verification_result_code|verification_result_level|verification_results_at_level|verification_result_signature|verify|writer_alloc|writer_free|writer_from_bytes|writer_from_fd|writer_from_file|writer_stack_finalize|writer_stack_finalize_one|writer_stack_message|writer_stack_write|writer_stack_write_all|writer_write|reader|writer|packet_parser|packet_parser_result|packet_parser_eof|keyid|fingerprint|revocation_status|revocation_status_variant|armor_kind|armor_header|tag|unknown|signature|one_pass_sig|p_key|user_id|user_attribute|literal|compressed_data|pkesk|skesk|seip|mdc|packet|packet_pile|reason_for_revocation|user_id_binding|user_id_binding_iter|tpk_key_iter|tpk|tsk|tpk_builder|tpk_cipher_suite|public_key_algorithm|writer_stack|encryption_mode|secret|verification_results|verification_result|verification_result_code|sequoia_decrypt_get_public_keys_cb_t|sequoia_decrypt_get_secret_keys_cb_t|sequoia_decrypt_check_signatures_cb_t|mpi|signer|key_pair|p_key|status|error)/pgp_\1/g' -e 's/SQ_(ARMOR_KIND_ANY|ARMOR_KIND_FILE|ARMOR_KIND_FORCE_WIDTH|ARMOR_KIND_MESSAGE|ARMOR_KIND_PUBLICKEY|ARMOR_KIND_SECRETKEY|ARMOR_KIND_SIGNATURE|ENCRYPTION_MODE_AT_REST|ENCRYPTION_MODE_FOR_TRANSPORT|PUBLIC_KEY_ALGO_DSA|PUBLIC_KEY_ALGO_ECDH|PUBLIC_KEY_ALGO_ECDSA|PUBLIC_KEY_ALGO_EDDSA|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_FORCE_WIDTH|PUBLIC_KEY_ALGO_RSA_ENCRYPT|PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_RSA_SIGN|REASON_FOR_REVOCATION_FORCE_WIDTH|REASON_FOR_REVOCATION_KEY_COMPROMISED|REASON_FOR_REVOCATION_KEY_RETIRED|REASON_FOR_REVOCATION_KEY_SUPERSEDED|REASON_FOR_REVOCATION_UID_RETIRED|REASON_FOR_REVOCATION_UNSPECIFIED|REVOCATION_STATUS_COULD_BE|REVOCATION_STATUS_FORCE_WIDTH|REVOCATION_STATUS_NOT_AS_FAR_AS_WE_KNOW|REVOCATION_STATUS_REVOKED|STATUS_BAD_SIGNATURE|STATUS_FORCE_WIDTH|STATUS_INDEX_OUT_OF_RANGE|STATUS_INVALID_ARGUMENT|STATUS_INVALID_OPERATION|STATUS_INVALID_PASSWORD|STATUS_INVALID_SESSION_KEY|STATUS_IO_ERROR|STATUS_MALFORMED_MESSAGE|STATUS_MALFORMED_PACKET|STATUS_MALFORMED_TPK|STATUS_MANIPULATED_MESSAGE|STATUS_MISSING_SESSION_KEY|STATUS_NETWORK_POLICY_VIOLATION|STATUS_SUCCESS|STATUS_UNKNOWN_ERROR|STATUS_UNSUPPORTED_AEAD_ALGORITHM|STATUS_UNSUPPORTED_ELLIPTIC_CURVE|STATUS_UNSUPPORTED_HASH_ALGORITHM|STATUS_UNSUPPORTED_PUBLICKEY_ALGORITHM|STATUS_UNSUPPORTED_SIGNATURE_TYPE|STATUS_UNSUPPORTED_SYMMETRIC_ALGORITHM|STATUS_UNSUPPORTED_TPK|TAG_COMPRESSED_DATA|TAG_LITERAL|TAG_MARKER|TAG_MDC|TAG_ONE_PASS_SIG|TAG_PKESK|TAG_PRIVATE|TAG_PUBLIC_KEY|TAG_PUBLIC_SUBKEY|TAG_RESERVED|TAG_SECRET_KEY|TAG_SECRET_SUBKEY|TAG_SED|TAG_SEIP|TAG_SIGNATURE|TAG_SKESK|TAG_TRUST|TAG_UNASSIGNED|TAG_USER_ATTRIBUTE|TAG_USER_ID|TPK_CIPHER_SUITE_CV|TPK_CIPHER_SUITE_FORCE_WIDTH|TPK_CIPHER_SUITE_RSA|VERIFICATION_RESULT_CODE_BAD_CHECKSUM|VERIFICATION_RESULT_CODE_FORCE_WIDTH|VERIFICATION_RESULT_CODE_GOOD_CHECKSUM|VERIFICATION_RESULT_CODE_MISSING_KEY)/PGP_\1/g' $F ; done
|
|
- This creates a new crate, 'sequoia-openpgp-ffi', and moves a
handful of functions from 'sequoia-ffi' to it.
- The 'sequoia-ffi' crate is a superset of the 'sequoia-openpgp-ffi'
crate. This is accomplished by some include! magic.
- My first attempt involved having 'sequoia-ffi' depend on
'sequoia-openpgp-ffi', so that the former just re-exports the
symbols. However, that turned out to be unreliable, and might be
not what we want, because it could also duplicate parts of Rust's
standard library.
- Fixes #144.
|