From 59a59ac5bf9cc9be2698eb35376c3b58fd483252 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Fri, 15 Jan 2021 09:35:04 +0100 Subject: net: Decouple from core. - Move core::NetworkPolicy to net::Policy, update all code accordingly. --- ffi/examples/configure.c | 4 ++-- ffi/examples/keyserver.c | 2 +- ffi/include/sequoia/core.h | 36 ------------------------------------ ffi/include/sequoia/net.h | 32 +++++++++++++++++++++++++++++++- ffi/include/sequoia/store.h | 4 +++- ffi/src/core.rs | 19 +------------------ ffi/src/error.rs | 15 +++++++++++++-- ffi/src/net.rs | 27 +++++++++++++++------------ ffi/src/store.rs | 4 +++- 9 files changed, 69 insertions(+), 74 deletions(-) (limited to 'ffi') diff --git a/ffi/examples/configure.c b/ffi/examples/configure.c index ca3d781a..6551e196 100644 --- a/ffi/examples/configure.c +++ b/ffi/examples/configure.c @@ -25,13 +25,13 @@ main (int argc, char **argv) sq_keyserver_t ks; cfg = sq_context_configure (); - sq_config_network_policy (cfg, SQ_NETWORK_POLICY_OFFLINE); + sq_config_home (cfg, "/tmp"); ctx = sq_config_build (cfg, &err); if (ctx == NULL) error (1, 0, "Initializing sequoia failed: %s", pgp_error_to_string (err)); - ks = sq_keyserver_keys_openpgp_org (ctx); + ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_OFFLINE); if (ks == NULL) { pgp_error_t err = sq_context_last_error (ctx); diff --git a/ffi/examples/keyserver.c b/ffi/examples/keyserver.c index 64c90cdc..08624ea7 100644 --- a/ffi/examples/keyserver.c +++ b/ffi/examples/keyserver.c @@ -29,7 +29,7 @@ main (int argc, char **argv) error (1, 0, "Initializing sequoia failed: %s", pgp_error_to_string (err)); - ks = sq_keyserver_keys_openpgp_org (ctx); + ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_ENCRYPTED); if (ks == NULL) { pgp_error_t err = sq_context_last_error (ctx); diff --git a/ffi/include/sequoia/core.h b/ffi/include/sequoia/core.h index c7f73f45..c73d54c1 100644 --- a/ffi/include/sequoia/core.h +++ b/ffi/include/sequoia/core.h @@ -32,32 +32,6 @@ pgp_error_t sq_context_last_error (sq_context_t ctx); /*/ typedef struct sq_config *sq_config_t; -/*/ -/// Network policy for Sequoia. -/// -/// With this policy you can control how Sequoia accesses remote -/// systems. -/*/ -typedef enum sq_network_policy { - /* Do not contact remote systems. */ - SQ_NETWORK_POLICY_OFFLINE = 0, - - /* Only contact remote systems using anonymization techniques like - * TOR. */ - SQ_NETWORK_POLICY_ANONYMIZED = 1, - - /* Only contact remote systems using transports offering - * encryption and authentication like TLS. */ - SQ_NETWORK_POLICY_ENCRYPTED = 2, - - /* Contact remote systems even with insecure transports. */ - SQ_NETWORK_POLICY_INSECURE = 3, - - /* Dummy value to make sure the enumeration has a defined size. Do - not use this value. */ - SQ_NETWORK_POLICY_FORCE_WIDTH = INT_MAX, -} sq_network_policy_t; - /*/ /// IPC policy for Sequoia. /// @@ -154,11 +128,6 @@ const char *sq_context_home(const sq_context_t ctx); /*/ const char *sq_context_lib(const sq_context_t ctx); -/*/ -/// Returns the network policy. -/*/ -sq_network_policy_t sq_context_network_policy(const sq_context_t ctx); - /*/ /// Returns the IPC policy. /*/ @@ -190,11 +159,6 @@ void sq_config_home(sq_config_t cfg, const char *home); /*/ void sq_config_lib(sq_config_t cfg, const char *lib); -/*/ -/// Sets the network policy. -/*/ -void sq_config_network_policy(sq_config_t cfg, sq_network_policy_t policy); - /*/ /// Sets the IPC policy. /*/ diff --git a/ffi/include/sequoia/net.h b/ffi/include/sequoia/net.h index 63311d85..f1d850d3 100644 --- a/ffi/include/sequoia/net.h +++ b/ffi/include/sequoia/net.h @@ -8,6 +8,33 @@ /*/ typedef struct sq_keyserver *sq_keyserver_t; +/*/ +/// Network policy for Sequoia. +/// +/// With this policy you can control how Sequoia accesses remote +/// systems. +/*/ +typedef enum sq_network_policy { + /* Do not contact remote systems. */ + SQ_NETWORK_POLICY_OFFLINE = 0, + + /* Only contact remote systems using anonymization techniques like + * TOR. */ + SQ_NETWORK_POLICY_ANONYMIZED = 1, + + /* Only contact remote systems using transports offering + * encryption and authentication like TLS. */ + SQ_NETWORK_POLICY_ENCRYPTED = 2, + + /* Contact remote systems even with insecure transports. */ + SQ_NETWORK_POLICY_INSECURE = 3, + + /* Dummy value to make sure the enumeration has a defined size. Do + not use this value. */ + SQ_NETWORK_POLICY_FORCE_WIDTH = INT_MAX, +} sq_network_policy_t; + + /*/ /// Returns a handle for the given URI. /// @@ -17,6 +44,7 @@ typedef struct sq_keyserver *sq_keyserver_t; /// Returns `NULL` on errors. /*/ sq_keyserver_t sq_keyserver_new (sq_context_t ctx, + sq_network_policy_t policy, const char *uri); /*/ @@ -29,6 +57,7 @@ sq_keyserver_t sq_keyserver_new (sq_context_t ctx, /// Returns `NULL` on errors. /*/ sq_keyserver_t sq_keyserver_with_cert (sq_context_t ctx, + sq_network_policy_t policy, const char *uri, const uint8_t *cert, size_t len); @@ -41,7 +70,8 @@ sq_keyserver_t sq_keyserver_with_cert (sq_context_t ctx, /// /// Returns `NULL` on errors. /*/ -sq_keyserver_t sq_keyserver_keys_openpgp_org (sq_context_t ctx); +sq_keyserver_t sq_keyserver_keys_openpgp_org (sq_context_t ctx, + sq_network_policy_t policy); /*/ /// Frees a keyserver object. diff --git a/ffi/include/sequoia/store.h b/ffi/include/sequoia/store.h index 694aa32c..5fc84d19 100644 --- a/ffi/include/sequoia/store.h +++ b/ffi/include/sequoia/store.h @@ -2,6 +2,7 @@ #define SEQUOIA_STORE_H #include +#include /*/ /// Keys used for communications. @@ -262,7 +263,8 @@ sq_key_iter_t sq_store_list_keys (sq_context_t ctx); /// Opening the mapping with a different network policy is /// forbidden. /*/ -sq_mapping_t sq_mapping_open (sq_context_t ctx, const char *realm, const char *name); +sq_mapping_t sq_mapping_open (sq_context_t ctx, sq_network_policy_t policy, + const char *realm, const char *name); /*/ /// Adds a key identified by fingerprint to the mapping. diff --git a/ffi/src/core.rs b/ffi/src/core.rs index 3051b133..d0dd5138 100644 --- a/ffi/src/core.rs +++ b/ffi/src/core.rs @@ -30,7 +30,7 @@ //! sq_context_t ctx; //! //! cfg = sq_context_configure (); -//! sq_config_network_policy (cfg, SQ_NETWORK_POLICY_OFFLINE); +//! sq_config_ipc_policy (cfg, SQ_IPC_POLICY_ROBUST); //! ctx = sq_config_build (cfg, NULL); //! //! /* Use Sequoia. */ @@ -111,13 +111,6 @@ fn sq_context_lib(ctx: *const Context) -> *const c_char { ctx.c.lib().to_string_lossy().as_bytes().as_ptr() as *const c_char } -/// Returns the network policy. -#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn sq_context_network_policy(ctx: *const Context) -> c_int { - let ctx = ffi_param_ref!(ctx); - u8::from(ctx.c.network_policy()) as c_int -} - /// Returns the IPC policy. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn sq_context_ipc_policy(ctx: *const Context) -> c_int { @@ -164,16 +157,6 @@ fn sq_config_lib(cfg: *mut Config, lib: *const c_char) { cfg.set_lib(&lib.as_ref()); } -/// Sets the network policy. -#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn sq_config_network_policy(cfg: *mut Config, policy: c_int) { - let cfg = ffi_param_ref_mut!(cfg); - if policy < 0 || policy > 3 { - panic!("Bad network policy: {}", policy); - } - cfg.set_network_policy((policy as u8).into()); -} - /// Sets the IPC policy. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn sq_config_ipc_policy(cfg: *mut Config, policy: c_int) { diff --git a/ffi/src/error.rs b/ffi/src/error.rs index 0eff9226..ebce4e0d 100644 --- a/ffi/src/error.rs +++ b/ffi/src/error.rs @@ -4,6 +4,7 @@ use std::io; use sequoia_openpgp as openpgp; use sequoia_core as core; +use sequoia_net as net; pub use crate::openpgp::error::Status; pub(crate) use crate::openpgp::error::Error; @@ -16,13 +17,23 @@ impl<'a> FromSequoiaError<'a> for Status { fn from_sequoia_error(e: &'a anyhow::Error) -> Self { if let Some(e) = e.downcast_ref::() { return match e { - &core::Error::NetworkPolicyViolation(_) => - Status::NetworkPolicyViolation, &core::Error::IoError(_) => Status::IoError, } } + if let Some(e) = e.downcast_ref::() { + return match e { + net::Error::PolicyViolation(_) => + Status::NetworkPolicyViolation, + e => { + // XXX + eprintln!("ffi: net error not converted: {}", e); + Status::UnknownError + }, + } + } + if let Some(e) = e.downcast_ref::() { return match e { &openpgp::Error::InvalidArgument(_) => diff --git a/ffi/src/net.rs b/ffi/src/net.rs index 60154838..f08a3ef0 100644 --- a/ffi/src/net.rs +++ b/ffi/src/net.rs @@ -6,12 +6,10 @@ //! //! # Examples //! -//! We provide a very reasonable default key server backed by -//! `hkps.pool.sks-keyservers.net`, the subset of the [SKS keyserver] -//! network that uses https to protect integrity and confidentiality -//! of the communication with the client: +//! As reasonable default key server we provide a shortcut to use +//! [`keys.openpgp.org`]: //! -//! [SKS keyserver]: https://www.sks-keyservers.net/overview-of-pools.php#pool_hkps +//! [`keys.openpgp.org`]: https://keys.openpgp.org //! //! ```c //! #include @@ -22,7 +20,7 @@ //! pgp_cert_t cert; //! //! ctx = sq_context_new (NULL); -//! ks = sq_keyserver_keys_openpgp_org (ctx); +//! ks = sq_keyserver_keys_openpgp_org (ctx, SQ_NETWORK_POLICY_ENCRYPTED); //! id = pgp_keyid_from_bytes ((uint8_t *) "\x24\x7F\x6D\xAB\xC8\x49\x14\xFE"); //! cert = sq_keyserver_get (ctx, ks, id); //! @@ -54,12 +52,14 @@ use crate::Maybe; /// /// Returns `NULL` on errors. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn sq_keyserver_new(ctx: *mut Context, uri: *const c_char) -> *mut KeyServer { +fn sq_keyserver_new(ctx: *mut Context, policy: u8, uri: *const c_char) + -> *mut KeyServer { let ctx = ffi_param_ref_mut!(ctx); ffi_make_fry_from_ctx!(ctx); + let policy = policy.into(); let uri = ffi_param_cstr!(uri).to_string_lossy(); - ffi_try_box!(KeyServer::new(&ctx.c, &uri)) + ffi_try_box!(KeyServer::new(policy, &uri)) } /// Returns a handle for the given URI. @@ -70,12 +70,13 @@ fn sq_keyserver_new(ctx: *mut Context, uri: *const c_char) -> *mut KeyServer { /// /// Returns `NULL` on errors. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn sq_keyserver_with_cert(ctx: *mut Context, +fn sq_keyserver_with_cert(ctx: *mut Context, policy: u8, uri: *const c_char, cert: *const u8, len: size_t) -> *mut KeyServer { let ctx = ffi_param_ref_mut!(ctx); ffi_make_fry_from_ctx!(ctx); + let policy = policy.into(); let uri = ffi_param_cstr!(uri).to_string_lossy(); if cert.is_null() { @@ -88,7 +89,7 @@ fn sq_keyserver_with_cert(ctx: *mut Context, let cert = ffi_try!(Certificate::from_der(cert) .map_err(|e| ::anyhow::Error::from(e))); - ffi_try_box!(KeyServer::with_cert(&ctx.c, &uri, cert)) + ffi_try_box!(KeyServer::with_cert(policy, &uri, cert)) } /// Returns a handle for keys.openpgp.org. @@ -98,10 +99,12 @@ fn sq_keyserver_with_cert(ctx: *mut Context, /// /// Returns `NULL` on errors. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn sq_keyserver_keys_openpgp_org(ctx: *mut Context) -> *mut KeyServer { +fn sq_keyserver_keys_openpgp_org(ctx: *mut Context, policy: u8) + -> *mut KeyServer { let ctx = ffi_param_ref_mut!(ctx); ffi_make_fry_from_ctx!(ctx); - ffi_try_box!(KeyServer::keys_openpgp_org(&ctx.c)) + let policy = policy.into(); + ffi_try_box!(KeyServer::keys_openpgp_org(policy)) } /// Frees a keyserver object. diff --git a/ffi/src/store.rs b/ffi/src/store.rs index 482f0dec..65372d78 100644 --- a/ffi/src/store.rs +++ b/ffi/src/store.rs @@ -190,15 +190,17 @@ fn sq_log_iter_free(iter: Option<&mut LogIter>) { /// forbidden. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn sq_mapping_open(ctx: *mut Context, + policy: u8, realm: *const c_char, name: *const c_char) -> *mut Mapping { let ctx = ffi_param_ref_mut!(ctx); ffi_make_fry_from_ctx!(ctx); + let policy = policy.into(); let realm = ffi_param_cstr!(realm).to_string_lossy(); let name = ffi_param_cstr!(name).to_string_lossy(); - ffi_try_box!(Mapping::open(&ctx.c, &realm, &name)) + ffi_try_box!(Mapping::open(&ctx.c, policy, &realm, &name)) } /// Frees a sq_mapping_t. -- cgit v1.2.3