Age | Commit message (Collapse) | Author |
|
- Nettle, OpenSSL, Botan, and RustCrypto implement this natively,
for CNG we use the RustCrypto implementation.
|
|
|
|
|
|
|
|
|
|
- CNG doesn't currently implement this on commonly deployed
installations. As this is not a high priority algorithm,
we don't implement it using RustCrypto when the CNG backend is
selected, but simply signal no support.
|
|
- See https://openpgp-wg.gitlab.io/rfc4880bis/#name-argon2
|
|
- v4 and v6 key IDs are both 8 octets in length, hence we cannot
distinguish them.
- Rename KeyID::V4 to KeyID::Long to reflect this. Handle aliasing
with v6 fingerprints.
|
|
|
|
|
|
- In this branch, we will collect our work implementing the next
revision of OpenPGP, RFC9580.
- The ongoing work will happen in feature branches starting from
this commit. A feature branch may also branch off from a commit
further down in the crypto-refresh branch.
- Small and complete changes may be collected into this branch,
especially changes introducing fundamental types required by most
feature brances, such as v6 fingerprints.
- We may occasionally rebase this branch on top of the current main
development branch, and use the opportunity to linearize it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- This way when the signature fits into two components, the computed
hash is correctly set for every copy of the signature.
|
|
- They are the same in the end, but let's be more hygienic.
|
|
- When looking for the relevant binding signature, search on the
unverified signatures and verify them on demand.
- When looking for revocation signatures, use the iterator.
|
|
- In the original implementation of `Cert::canonicalize`, all
self-signatures were verified. This has turned out to be very
expensive. Instead, we should only verify the signatures we are
actually interested in.
- To preserve the semantics, every self signature we hand out from
the `Cert` API must have been verified first. However, we can do
that lazily. And, when we reason over the cert (i.e. we are
looking for the right self-signature), we can search the
signatures without triggering the verification, and only verify
the one we are really interested in.
|
|
- Previously, when the third-party key is not
available (i.e. always), we only hashed the signature and did not
check whether the signature has the right type. This has the
potential (1 in 2^16 chance) of not recognizing that a signature
is misplaced (also happens when using Cert::insert_packets).
- Fix this by also checking the signature type when using the hash
heuristic.
- See also #1107.
|
|
- Previously, attestation key signatures were put into the
self_signatures bin. Then, in canonicalize they would fail to
verify as binding signature, and be put into the bad bin. Later,
when re-trying the bad signatures, we'd find the correct place for
it again.
- Instead, sort them into the attestations bin, and correctly verify
the attestations on the first try in Cert::canonicalize.
|
|
- Previously, all signature verification methods took a mutable self
reference in order to persist authentication results. Now that we
use interior mutability for that, signature verification doesn't
have to take a mutable reference any longer, enabling more
optimizations down the road.
|
|
|
|
|
|
- Notably, Signature4::set_computed_digest now takes an immutable
self. Use OnceLock to make this safe and ergonomic.
|
|
- The Rust Crypto crates are *very* slow when compiled without any
optimizations. Turn on some optimizations when using the dev
profile.
- Fixes 3dd92f2237f1989340392ac9451f842db31e92d5, which put the
profile into openpgp/Cargo.toml by mistake.
|
|
- Previously, there was a chance that we generated keys with p > q.
Add a test.
|
|
|
|
- Because we derive `Clone` for `Key` and `Key4`, `P` and `R` have
to implement `Clone`.
- This is not strictly necessary and we can drop this requirement by
implementing clone manually. Note: we already do this for
`KeyAmalgamation` for this exact reason.
|
|
- Add `CipherSuite::variants`, which returns an iterator over all
cipher suite variants.
|
|
|
|
- The Rust Crypto crates are *very* slow when compiled without any
optimizations. Turn on some optimizations when using the dev
profile.
|
|
- Currently, the reference time is not set, hence evaluated to the
current time on demand. If `now` is at the end of a whole
second (OpenPGP's time resolution), it may be that we are off by
one second. Explicitly set the reference time to avoid this.
- See #998.
|
|
|
|
|
|
|
|
|
|
- See #638.
|
|
|
|
- Instead of splitting them again. Filing them into the correct
bucket is a bit faster, and avoids us to make parser::split_sigs
pub(crate).
|
|
- Unknown::hash_algo_security returns CollisionResistance, and that
is what we use for UnknownBundles elsewhere in the grammar. We
should hold all UnknownBundles to the higher bar of requiring
CollisionResistance.
|
|
|
|
- This is a variant of Key::take_secret that doesn't change the type
and only requires a mutable reference.
|
|
|