summaryrefslogtreecommitdiffstats
path: root/openpgp/src
AgeCommit message (Collapse)Author
2024-06-20openpgp: Add key derivation function.Justus Winter
- Nettle, OpenSSL, Botan, and RustCrypto implement this natively, for CNG we use the RustCrypto implementation.
2024-06-20openpgp: Update references to new subpackets.Justus Winter
2024-06-20openpgp: Deprecate the PreferredAEADAlgorithms subpacket.Justus Winter
2024-06-20openpgp: Implement the PreferredAEADCiphersuites subpacket.Justus Winter
2024-06-20openpgp: Add the SEIPDv2 feature.Justus Winter
2024-06-20openpgp: Implement SHA3.Justus Winter
- CNG doesn't currently implement this on commonly deployed installations. As this is not a high priority algorithm, we don't implement it using RustCrypto when the CNG backend is selected, but simply signal no support.
2024-06-20openpgp: Implement S2K::Argon2.Justus Winter
- See https://openpgp-wg.gitlab.io/rfc4880bis/#name-argon2
2024-06-20openpgp: Implement v6 key IDs.Justus Winter
- v4 and v6 key IDs are both 8 octets in length, hence we cannot distinguish them. - Rename KeyID::V4 to KeyID::Long to reflect this. Handle aliasing with v6 fingerprints.
2024-06-20openpgp: Implement v6 fingerprints.Justus Winter
2024-06-20openpgp: Add KeyAmalgamationIter::key_handles2. XXXJustus Winter
2024-06-20openpgp: Improve tracing.Justus Winter
2024-06-19openpgp: Consolidate ECDH over Cv25519 decryption.Justus Winter
2024-06-19openpgp: Port test to the higher-level PKESK::decrypt API.Justus Winter
2024-06-19openpgp: Clamp X25519 secrets before handing them to CNG.Justus Winter
2024-06-18openpgp: Consolidate ECDH over Cv25519 encryption.Justus Winter
2024-05-29openpgp: Preserve soft parser errors when parsing single packets.Justus Winter
2024-05-29openpgp: Allow deconstructing Unknown packets into the parse error.Justus Winter
2024-05-29openpgp: Lazily verify out-of-place self-signatures.Justus Winter
2024-05-29openpgp: When sorting sigs, set the computed hash on the clone.Justus Winter
- This way when the signature fits into two components, the computed hash is correctly set for every copy of the signature.
2024-05-29openpgp: Fix macro to use `$sig` instead of the captured `sig`.Justus Winter
- They are the same in the end, but let's be more hygienic.
2024-05-29openpgp: Lazily reason over certs.Justus Winter
- When looking for the relevant binding signature, search on the unverified signatures and verify them on demand. - When looking for revocation signatures, use the iterator.
2024-05-29openpgp: Lazily verify self-signatures in certs.Justus Winter
- In the original implementation of `Cert::canonicalize`, all self-signatures were verified. This has turned out to be very expensive. Instead, we should only verify the signatures we are actually interested in. - To preserve the semantics, every self signature we hand out from the `Cert` API must have been verified first. However, we can do that lazily. And, when we reason over the cert (i.e. we are looking for the right self-signature), we can search the signatures without triggering the verification, and only verify the one we are really interested in.
2024-05-29openpgp: Consider signature type when hashing 3rd party sigs.Justus Winter
- Previously, when the third-party key is not available (i.e. always), we only hashed the signature and did not check whether the signature has the right type. This has the potential (1 in 2^16 chance) of not recognizing that a signature is misplaced (also happens when using Cert::insert_packets). - Fix this by also checking the signature type when using the hash heuristic. - See also #1107.
2024-05-29openpgp: Improve handling of attestation key signatures.Justus Winter
- Previously, attestation key signatures were put into the self_signatures bin. Then, in canonicalize they would fail to verify as binding signature, and be put into the bad bin. Later, when re-trying the bad signatures, we'd find the correct place for it again. - Instead, sort them into the attestations bin, and correctly verify the attestations on the first try in Cert::canonicalize.
2024-05-29openpgp: Make signature verification take an immutable reference.Justus Winter
- Previously, all signature verification methods took a mutable self reference in order to persist authentication results. Now that we use interior mutability for that, signature verification doesn't have to take a mutable reference any longer, enabling more optimizations down the road.
2024-05-29openpgp: Use interior mutability for the additional issuers.Justus Winter
2024-05-29openpgp: Use an AtomicBool to track authenticated subpackets.Justus Winter
2024-05-29openpgp: Use interior mutability to store the computed digest.Justus Winter
- Notably, Signature4::set_computed_digest now takes an immutable self. Use OnceLock to make this safe and ergonomic.
2024-05-29openpgp: Fix RSA key generation with OpenSSL and RustCrypto.Justus Winter
- Previously, there was a chance that we generated keys with p > q. Add a test.
2024-05-29openpgp: When importing RSA keys, make sure that p < q.Justus Winter
2024-05-28openpgp: Loosen the trait bounds on Key::clone and Key4::clone.Neal H. Walfield
- Because we derive `Clone` for `Key` and `Key4`, `P` and `R` have to implement `Clone`. - This is not strictly necessary and we can drop this requirement by implementing clone manually. Note: we already do this for `KeyAmalgamation` for this exact reason.
2024-05-21openpgp: Add CipherSuite::variants.neal/cipher-suite-variantsNeal H. Walfield
- Add `CipherSuite::variants`, which returns an iterator over all cipher suite variants.
2024-05-16openpgp: Fix comment.Neal H. Walfield
2024-05-07openpgp: Make test more robust.Justus Winter
- Currently, the reference time is not set, hence evaluated to the current time on demand. If `now` is at the end of a whole second (OpenPGP's time resolution), it may be that we are off by one second. Explicitly set the reference time to avoid this. - See #998.
2024-05-07openpgp: Avoid deprecated Bundle::self_signatures in doctests.Justus Winter
2024-05-07openpgp: Typo.Justus Winter
2024-05-07openpgp: Constrain visibility of ComponentBundle's fields.Justus Winter
2024-05-07openpgp: Use public interface in tests.Justus Winter
2024-05-07openpgp: Add iteration interface for signatures in bundles.Justus Winter
- See #638.
2024-05-07openpgp: Simplify splitting the signatures.Justus Winter
2024-05-07openpgp: Correctly file signatures on unknown components.Justus Winter
- Instead of splitting them again. Filing them into the correct bucket is a bit faster, and avoids us to make parser::split_sigs pub(crate).
2024-05-07openpgp: Align hash algo security parameter for unknown bundles.Justus Winter
- Unknown::hash_algo_security returns CollisionResistance, and that is what we use for UnknownBundles elsewhere in the grammar. We should hold all UnknownBundles to the higher bar of requiring CollisionResistance.
2024-05-07openpgp: Use the new functions to strip secret key material.Justus Winter
2024-05-07openpgp: Add Key::steal_secret for public and unknown keys.Justus Winter
- This is a variant of Key::take_secret that doesn't change the type and only requires a mutable reference.
2024-04-17openpgp: Introduce a constructor for ComponentBundle.Justus Winter
2024-04-17openpgp: Use public accessors in tests.Justus Winter
2024-04-17openpgp: Move ComponentBundles to cert::bundles.Justus Winter
2024-04-16openpgp: Support NistP521 using the RustCrypto backend.Justus Winter
2024-04-16openpgp: Support NistP384 using the RustCrypto backend.Justus Winter
2024-04-16openpgp: Refactor imports.Justus Winter
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 06:11:37 +0000