| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- As first step, abstract over X25519.
|
|
|
|
- This trait will not be public, at least for now, and we will still
stick to the compile-time backend selection, at least for now.
Therefore, we can still enjoy static dispatch.
- The trait will formalize the interface. It should only abstract
over the underlying primitives. Notably, we want to be able to
implement all operations on packets using this interface, so that
no user-facing functions are implemented in the crypto backends.
This will lead to a more consistent experience across all backends.
|
|
- The Galois/Counter mode for block ciphers is a FIPS-approved AEAD
mode. It will be added to the upcoming OpenPGP standard so that
we have a FIPS-compliant subset of OpenPGP.
|
|
- Nettle 3.9 and up support the authenticated encryption mode OCB.
|
|
|
|
- Upgrade base64 to version 0.21.
|
|
- Arbitrary does not draw from a uniform distribution, e.g.,
arbitrary seems to be draw 0 about 10% of the time for a 32-bit
quantity.
- When we need two different arbitrary values, be very careful to
make sure they are different.
|
|
- In `Cert::keys`, `Cert::userids` and `Cert::user_attributes`, we
that `ValidCert:userids`, etc. is better than `Cert::userids`, etc.,
mention that `Cert::with_policy` can be used to turn a `Cert` into a
`ValidCert`.
- Fixes #921.
|
|
- Version 3 of Botan was release in April 2023. It is already
distributed by Arch. Switch crypto-botan to select the v3
interface.
- Introduce the `crypto-botan2` feature to use Botan with Botan's v2
interface.
|
|
- We can safely derive `Clone` for `SubpacketArea`.
- There is no reason to not clone the cache as well. It's just a
vector.
|
|
- `SignatureBuilder::effective_signature_creation_time` is supposed
to return the effective signature creation time. That is, it
should return the signature creation time that would be used if the
signature were created now.
- The function returns a `SystemTime`, which has a different
resolution and range from an OpenPGP timestamp.
- When using the current time, roundtrip it via `types::Timestamp`
to return the timestamp that will actually be set.
|
|
|
|
- When a `Key4` is changed, make sure the fingerprint cache is
cleared.
- Fixes #1016
|
|
- Add `KeyFlags::set_certification_to`, `KeyFlags::set_signing_to`,
`KeyFlags::set_transport_encryption_to`,
`KeyFlags::set_storage_encryption_to`,
`KeyFlags::set_split_key_to`, and
`KeyFlags::set_group_key_to`.
- This interface is easier to use when the caller has a boolean.
- Fixes #1018.
|
|
- When an algorithm is completely disabled, don't say that it
"is not considered secure since 1970-01-01T00:00:00Z" (i.e., the
unix epoch), just say "is not considered secure".
- Fixes #1000.
|
|
- If the packet parser encounters junk, it tries to recover by
finding the next plausible packet. Then, it returns the skipped
data in an synthetic packet. This packet has neither CTB nor
length.
- Previously, trying to access the data resulted in an out-of-bounds
subslicing.
- Fixes #985.
|
|
- Fixes #977.
|
|
- See #977.
|
|
- See #977.
|
|
- The packet parser hashes packet bodies to provide a robust
equality relation even when packet bodies are streamed. To hash
all bytes on the fly everywhere, we do that when it is consumed in
PacketParser::consume.
- This function assumes that if BufferedReader::data and friends
returned n bytes, future calls to these interfaces will succeed if
up to n bytes are requested, and no data was consumed in the
meantime.
- However, armor::Reader::data_helper did not provide that
guarantee, making PacketParser::consume panic with the message "It
is an error to consume more than data returns", which doesn't
quite correctly name the problem at hand.
- Fix this crash by fixing armor::Reader::data_helper in the same
way the previous commit fixes
buffered_reader::Generic::data_helper.
- Fixes #957.
|
|
- Make sure that we return the data we already have in our buffer,
even though we encountered an IO error while filling it.
- Notably, the packet parser assumes that data once read can be
requested through the buffered reader protocol again and again.
Unfortunately, that was not the case, leading to a panic.
- As the generic reader is used to implement the buffered reader
protocol on top of io::Read, this problem affects among other
things the compression container. Demonstrate this using test.
- Fixes #1005.
|
|
|
|
- It's not used.
|
|
|
|
|
|
- Fix the memsec and lalrpop dependencies. When allowing multiple,
incompatible versions of a package using `">x.y"` always specify a
upper bound to prevent a dependee that runs `cargo update` from
using a yet-to-be-released incompatible version in the future.
- Fix the openssl dependencies. When specifying a micro version, we
don't need to use ">" to get new semver-compatible versions. That
is, the default strategy is not "=", but "^".
https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
|
|
- Note: `x25519-dalek` is broken. It depends on zeroize `=1.3`, but
crates like rsa depend on newer versions of zeroize.
- See https://github.com/WebAssembly/wasi-crypto/issues/63 ,
https://github.com/dalek-cryptography/x25519-dalek/issues/92 .
- Resolve this by using `x25519-dalek-ng`, which fixes this issue.
This is a common workaround, and is also used by, for instance
OpenMLS:
https://github.com/openmls/openmls/blob/3ff090fd4881cb796d4688f7f174929a7521dbf1/openmls_rust_crypto/README.md?plain=1#L3
- Fixes #910.
|
|
- Fixes #1014
|
|
- Introduce SecretKeyMaterial::arbitrary_for that given a public key
algorithm will create plausible secrets for that. This function
can be re-used in impl Arbitrary for Key.
|
|
- Fixes #1010.
|
|
- We have to stay well below 255 bytes so that packets including the
S2K objects are representable.
|
|
|
|
- This changes and harmonizes the behavior of Key::encrypt, notably
it also returns more specific errors when a signature algorithm is
used for encryption.
- It also makes the matches over the public key algorithms
exhaustive, so that when we add more algorithms in the future, we
will see where we need to implement them.
|
|
|
|
- Don't enable AEAD-encryption by default in the test. Instead,
that should be inferred from the recipient keys.
|
|
|
|
This reverts commit d57bd33cf9bddda77dff8e6508ebb1e4902f9294.
|
|
|
|
- Improve the documentation for `Cert::sort_and_dedup`,
`Cert::merge_public` and `Cert::merge_public_and_secret`, and add
more examples.
|
|
- Fixes #970.
|
