rnp 1.0.4 → 1.0.5

data/lib/rnp/misc.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
-# (c) 2018 Ribose Inc.
+# (c) 2018-2020 Ribose Inc.
 
+require "json"
 require 'ffi'
 
 require 'rnp/utils'
@@ -74,6 +75,13 @@ class Rnp
   # @param output [Output] the output to write the armored
   #   data to. If nil, the result will be returned directly
   #   as a String.
+  # @param type [String] the armor type. Valid values include:
+  #   * message
+  #   * public key
+  #   * secret key
+  #   * signature
+  #   * cleartext
+  #   * nil (try to guess the type)
   # @return [nil, String]
   def self.enarmor(input:, output: nil, type: nil)
     Output.default(output) do |output_|
@@ -112,8 +120,12 @@ class Rnp
   # stamps generated with {version_for}.
   #
   # @return [Integer]
-  def self.version
-    LibRnp.rnp_version
+  def self.version(str = nil)
+    if str.nil?
+      LibRnp.rnp_version
+    else
+      LibRnp.rnp_version_for(*str.split('.').map(&:to_i))
+    end
   end
 
   # Encode the given major, minor, and patch numbers into a version
@@ -144,5 +156,142 @@ class Rnp
   def self.version_patch(version)
     LibRnp.rnp_version_patch(version)
   end
-end # class
 
+  # Retrieve the commit time of the latest commit.
+  #
+  # This will return 0 for release/non-master builds.
+  #
+  # @return [Integer]
+  def self.commit_time
+    LibRnp.rnp_version_commit_timestamp
+  end
+
+  # Parse OpenPGP data to JSON.
+  #
+  # @param input [Input] the input to read the data
+  # @param mpi [Boolean] if true then MPIs will be included
+  # @param raw [Boolean] if true then raw bytes will be included
+  # @param grip [Boolean] if true then grips will be included
+  # @return [Array]
+  def self.parse(input:, mpi: false, raw: false, grip: false)
+    flags = 0
+    flags |= LibRnp::RNP_JSON_DUMP_MPI if mpi
+    flags |= LibRnp::RNP_JSON_DUMP_RAW if raw
+    flags |= LibRnp::RNP_JSON_DUMP_GRIP if grip
+    pptr = FFI::MemoryPointer.new(:pointer)
+    Rnp.call_ffi(:rnp_dump_packets_to_json, input.ptr, flags, pptr)
+    begin
+      pjson = pptr.read_pointer
+      JSON.parse(pjson.read_string) unless pjson.null?
+    ensure
+      LibRnp.rnp_buffer_destroy(pjson)
+    end
+  end
+
+  # Calculate s2k iterations
+  #
+  # @param hash [String] the hash algorithm to use
+  # @param msec [Integer] the desired number of milliseconds
+  # @return [Integer]
+  def self.s2k_iterations(hash:, msec:)
+    piters = FFI::MemoryPointer.new(:size_t)
+    Rnp.call_ffi(:rnp_calculate_iterations, hash, msec, piters)
+    piters.read(:size_t)
+  end
+
+  # Enable debugging
+  #
+  # @param file [String] the file to enable debugging for (or nil for all)
+  # @return [void]
+  def self.enable_debug(file = nil)
+    Rnp.call_ffi(:rnp_enable_debug, file)
+  end
+
+  # Disable previously-enabled debugging
+  #
+  # @return [void]
+  def self.disable_debug
+    Rnp.call_ffi(:rnp_disable_debug)
+  end
+
+  # Guess the contents of an input
+  #
+  # @param input [Input]
+  # @return [String] the guessed content type (or 'unknown'), which may be
+  #   used with {enarmor}
+  def self.guess_contents(input)
+    pptr = FFI::MemoryPointer.new(:pointer)
+    Rnp.call_ffi(:rnp_guess_contents, input.ptr, pptr)
+    begin
+      presult = pptr.read_pointer
+      presult.read_string unless presult.null?
+    ensure
+      LibRnp.rnp_buffer_destroy(presult)
+    end
+  end
+
+  # Check if a specific feature is supported
+  #
+  # @param type [String] the type of feature ('symmetric algorithm', ...)
+  # @param name [String] the specific feature ('CAST5', ...)
+  # @return [Boolean]
+  def self.supports?(type, name)
+    presult = FFI::MemoryPointer.new(:bool)
+    Rnp.call_ffi(:rnp_supports_feature, type, name, presult)
+    presult.read(:bool)
+  end
+
+  # Get a list of supported features (by type)
+  #
+  # @param type [String] the type of feature ('symmetric algorithm', ...)
+  # @return [Array]
+  def self.supported_features(type)
+    pptr = FFI::MemoryPointer.new(:pointer)
+    Rnp.call_ffi(:rnp_supported_features, type, pptr)
+    begin
+      presult = pptr.read_pointer
+      JSON.parse(presult.read_string) unless presult.null?
+    ensure
+      LibRnp.rnp_buffer_destroy(presult)
+    end
+  end
+
+  # @api private
+  FEATURES = {
+    # Support for setting hash, creation, and expiration time for individual
+    # signatures in a sign operation. Older versions of rnp returned a
+    # "not implemented" error.
+    "per-signature-opts" => Rnp.version > Rnp.version("0.11.0") ||
+      Rnp.commit_time >= 1546035818,
+    # Correct grip calculation for Elgamal/DSA keys. This was actually before
+    # the commit timestamp API was added, so this isn't accurate in one case.
+    "dsa-elg-grip-calc" => Rnp.version > Rnp.version("0.11.0") ||
+      Rnp.commit_time >= 1538219020,
+    # Input reader callback signature was changed:
+    # ssize_t(void *app_ctx, void *buf, size_t len)
+    # bool(void *app_ctx, void *buf, size_t len, size_t *read)
+    "input-reader-cb-no-ssize_t" => Rnp.version >= Rnp.version("0.14.0") ||
+      Rnp.commit_time >= 1585833163,
+    # Behavior on primary userid retrieveing was changed:
+    # Now userid is not considered as primary if it is revoked/expired/etc.
+    "primary-userid-must-be-valid" => Rnp.version >= Rnp.version("0.14.0") ||
+      Rnp.commit_time >= 1605875599,
+    # Behavior was changed in v0.15.2 (issue #1509):
+    # userid is valid even if key expiration in userid expiration expires key.
+    "relax-userid-validity-checks" => Rnp.version >= Rnp.version("0.15.2") ||
+      Rnp.commit_time >= 1624526708,
+    # Behavior on default key expiration time was changed:
+    # Now default key expiration time is 2 years
+    "default-key-expiration-2-years" => Rnp.version >= Rnp.version("0.16.1") ||
+      Rnp.commit_time >= 1645578982,
+    # Behaviour on signature validation was changed:
+    # Now at least one valid signature is required for success
+    "require-single-valid-signature" => Rnp.version >= Rnp.version("0.16.1") ||
+      Rnp.commit_time >= 1661781294,
+  }.freeze
+
+  def self.has?(feature)
+    raise ArgumentError unless FEATURES.include?(feature)
+    FEATURES[feature]
+  end
+end # class

data/lib/rnp/op/encrypt.rb

@@ -43,19 +43,18 @@ class Rnp
     # Add a signer.
     #
     # @param signer [Key] the signer
-    # @param hash (see #hash=)
-    # @param creation_time (see #creation_time=)
-    # @param expiration_time (see #expiration_time=)
+    # @param [Hash] opts set several options in one place
+    # @option opts [String] :hash (see #hash=)
+    # @option opts [Time] :creation_time (see #creation_time=)
+    # @option opts [Time] :expiration_time (see #expiration_time=)
     # @return [self]
-    def add_signer(signer, hash: nil, creation_time: nil, expiration_time: nil)
+    def add_signer(signer, opts = {})
       pptr = FFI::MemoryPointer.new(:pointer)
       Rnp.call_ffi(:rnp_op_encrypt_add_signature, @ptr, signer.ptr, pptr)
       psig = pptr.read_pointer
       Sign.set_signature_options(
         psig,
-        hash: hash,
-        creation_time: creation_time,
-        expiration_time: expiration_time
+        **opts,
       )
       self
     end
@@ -88,20 +87,19 @@ class Rnp
     # @note Some options are related to signatures and will have no effect if
     # there are no signers.
     #
-    # @param armored (see #armored=)
-    # @param compression (see #compression=)
-    # @param cipher (see #cipher=)
-    # @param hash (see #hash=)
-    # @param creation_time (see #creation_time=)
-    # @param expiration_time (see #expiration_time=)
-    def options=(armored: nil, compression: nil, cipher: nil, hash: nil,
-                 creation_time: nil, expiration_time: nil)
-      self.armored = armored unless armored.nil?
-      self.compression = compression unless compression.nil?
-      self.cipher = cipher unless cipher.nil?
-      self.hash = hash unless hash.nil?
-      self.creation_time = creation_time unless creation_time.nil?
-      self.expiration_time = expiration_time unless expiration_time.nil?
+    # @param [Hash] opts set several options in one place
+    # @option opts [Boolean] :armored (see #armored=)
+    # @option opts [String] :compression (see #compression=)
+    # @option opts [String] :cipher (see #cipher=)
+    # @option opts [String] :hash (see #hash=)
+    # @option opts [Time] :creation_time (see #creation_time=)
+    # @option opts [Time] :expiration_time (see #expiration_time=)
+    def options=(opts)
+      %i{armored compression cipher aead hash creation_time
+         expiration_time}.each do |prop|
+        value = opts[prop]
+        send("#{prop}=", value) unless value.nil?
+      end
     end
 
     # Set whether the output will be ASCII-armored.
@@ -135,6 +133,13 @@ class Rnp
       Rnp.call_ffi(:rnp_op_encrypt_set_cipher, @ptr, cipher)
     end
 
+    # Set the AEAD algorithm for encryption.
+    #
+    # @param mode [String] the AEAD algorithm to use for encryption
+    def aead=(mode)
+      Rnp.call_ffi(:rnp_op_encrypt_set_aead, @ptr, mode.to_s)
+    end
+
     # Set the hash algorithm used for calculating signatures.
     #
     # @note This is only valid when there is one or more signer.
@@ -178,4 +183,3 @@ class Rnp
     end
   end # class
 end # class
-

data/lib/rnp/op/generate.rb

@@ -0,0 +1,211 @@
+# frozen_string_literal: true
+
+# (c) 2019 Ribose Inc.
+
+require "ffi"
+
+require "rnp/error"
+require "rnp/ffi/librnp"
+require "rnp/utils"
+
+class Rnp
+  # Key generation operation
+  class Generate
+    # @api private
+    attr_reader :ptr
+
+    # @api private
+    def initialize(ptr)
+      raise Rnp::Error, "NULL pointer" if ptr.null?
+
+      @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+    end
+
+    # @api private
+    def self.destroy(ptr)
+      LibRnp.rnp_op_generate_destroy(ptr)
+    end
+
+    def inspect
+      Rnp.inspect_ptr(self)
+    end
+
+    # Set a group of options.
+    #
+    # @param [Hash] opts set several options in one place
+    # @option opts [Integer] :bits (see #bits=)
+    # @option opts [Integer] :qbits (see #qbits=)
+    # @option opts [Integer] :curve (see #curve=)
+    # @option opts [String] :hash (see #hash=)
+    # @option opts [String] :s2k_hash (see #s2k_hash=)
+    # @option opts [Integer] :s2k_iterations (see #s2k_iterations=)
+    # @option opts [String] :s2k_cipher (see #s2k_cipher=)
+    # @option opts [String] :password (see #password=)
+    # @option opts [String] :protection_mode (see #protection_mode=)
+    # @option opts [Integer] :lifetime (see #lifetime=)
+    # @option opts [String] :userid (see #userid=)
+    # @option opts [String] :usage (see #usage=)
+    def options=(opts)
+      %i{bits qbits curve hash s2k_hash s2k_iterations
+         s2k_cipher password protection_mode lifetime
+         userid usage preferences}.each do |prop|
+        value = opts[prop]
+        send("#{prop}=", value) unless value.nil?
+      end
+    end
+
+    # Set the bit length of the key.
+    #
+    # @param len [Integer] the desired bit length
+    def bits=(len)
+      Rnp.call_ffi(:rnp_op_generate_set_bits, @ptr, len)
+    end
+
+    # Set the bit length of the q parameter for a DSA key.
+    #
+    # @note This is only valid for DSA keys.
+    #
+    # @param len [Integer] the desired bit length
+    def qbits=(len)
+      Rnp.call_ffi(:rnp_op_generate_set_dsa_qbits, @ptr, len)
+    end
+
+    # Set the desired curve for this ECC key.
+    #
+    # @note This is only valid for ECC keys which permit specifying a curve.
+    #
+    # @param curve [String] the curve
+    def curve=(curve)
+      Rnp.call_ffi(:rnp_op_generate_set_curve, @ptr, curve.to_s)
+    end
+
+    # Set the hash algorithm used in the self-signature of the key.
+    #
+    # @param hash [String] the hash algorithm name
+    def hash=(hash)
+      Rnp.call_ffi(:rnp_op_generate_set_hash, @ptr, hash.to_s)
+    end
+
+    # Set the hash algorithm used to protect the key.
+    #
+    # @param hash [String] the hash algorithm name
+    def s2k_hash=(hash)
+      Rnp.call_ffi(:rnp_op_generate_set_protection_hash, @ptr, hash.to_s)
+    end
+
+    # Set the s2k iteration count used to protect the key.
+    #
+    # @param iter [Integer] the hash algorithm name
+    def s2k_iterations=(iter)
+      Rnp.call_ffi(:rnp_op_generate_set_protection_iterations, @ptr, iter)
+    end
+
+    # Set the cipher used to protect the key.
+    #
+    # @param cipher [String] the cipher algorithm name
+    def s2k_cipher=(cipher)
+      Rnp.call_ffi(:rnp_op_generate_set_protection_cipher, @ptr, cipher.to_s)
+    end
+
+    # Set the password used to protect the key.
+    #
+    # @param password [String] the password
+    def password=(password)
+      Rnp.call_ffi(:rnp_op_generate_set_protection_password, @ptr, password)
+    end
+
+    # Set the protection mode for this key.
+    #
+    # @note This is only valid for keys saved in the G10 format.
+    #
+    # @param mode [String] the protection mode (OCB, CBC, etc)
+    def protection_mode=(mode)
+      Rnp.call_ffi(:rnp_op_generate_set_protection_mode, @ptr, mode.to_s)
+    end
+
+    # Set the number of seconds for this key to remain valid.
+    #
+    # This determines the expiration time (creation time + lifetime).
+    #
+    # @param secs [Integer] the number of seconds until this key will be
+    #   considered expired. A value of 0 indicates no expiration.
+    #   Note that there is an upper limit of 2^32-1.
+    def lifetime=(secs)
+      Rnp.call_ffi(:rnp_op_generate_set_expiration, @ptr, secs)
+    end
+
+    # Set the userid for this key.
+    #
+    # @param userid [String] the userid
+    def userid=(userid)
+      Rnp.call_ffi(:rnp_op_generate_set_userid, @ptr, userid)
+    end
+
+    # Set the usage for this key.
+    #
+    # @param usage [Array<Symbol>,Array<String>,Symbol,String] the usage
+    #   (:sign, etc)
+    def usage=(usage)
+      usage = [usage] unless usage.respond_to?(:each)
+      Rnp.call_ffi(:rnp_op_generate_clear_usage, @ptr)
+      usage.each do |usg|
+        Rnp.call_ffi(:rnp_op_generate_add_usage, @ptr, usg.to_s)
+      end
+    end
+
+    # Set the preferences for the generated key.
+
+    # @param [Hash] prefs set several preferences in one place
+    # @option prefs [Array<String>, Array<Symbol>] :hashes
+    # @option prefs [Array<String>, Array<Symbol>] :compression
+    # @option prefs [Array<String>, Array<Symbol>] :ciphers
+    # @option prefs [String] :key_server
+    def preferences=(prefs)
+      %i{hashes compression ciphers}.each do |param|
+        Rnp.call_ffi(pref_ffi_call(param, clear: true), @ptr)
+        prefs[param].each do |pref|
+          Rnp.call_ffi(pref_ffi_call(param, add: true),
+                       @ptr, pref.to_s)
+        end
+      end
+      Rnp.call_ffi(:rnp_op_generate_set_pref_keyserver, @ptr,
+                   prefs[:key_server])
+    end
+
+    # Execute the operation.
+    #
+    # This should only be called once.
+    #
+    # @return [Key] the generated key
+    def execute
+      Rnp.call_ffi(:rnp_op_generate_execute, @ptr)
+      key
+    end
+
+    # Retrieve the key.
+    #
+    # This should only be called after #execute.
+    #
+    # @return [Key]
+    def key
+      pptr = FFI::MemoryPointer.new(:pointer)
+      Rnp.call_ffi(:rnp_op_generate_get_key, @ptr, pptr)
+      pkey = pptr.read_pointer
+      Key.new(pkey) unless pkey.null?
+    end
+
+    # @api private
+    private
+
+    def pref_ffi_call(param, add: false, clear: false)
+      if add
+        fn = { hashes: :hash, ciphers: :cipher }.fetch(param, param)
+        "rnp_op_generate_add_pref_#{fn}".to_sym
+      elsif clear
+        "rnp_op_generate_clear_pref_#{param}".to_sym
+      else
+        raise ArgumentError, "add or clear must be passed"
+      end
+    end
+  end
+end

data/lib/rnp/op/sign.rb

@@ -34,37 +34,35 @@ class Rnp
     # @note The optional (per-signature) options here are not supported by RNP
     #   internally at the time of this writing.
     #
-    # @param signer [Key] the signer
-    # @param hash [String] (see #hash=)
-    # @param creation_time (see #creation_time=)
-    # @param expiration_time (see #expiration_time=)
+    # @param [Hash] opts set several options in one place
+    # @option opts [Key] :signer the signer
+    # @option opts [String] :hash (see #hash=)
+    # @option opts [Time] :creation_time (see #creation_time=)
+    # @option opts [Time] :expiration_time (see #expiration_time=)
     # @return [self]
-    def add_signer(signer, hash: nil, creation_time: nil, expiration_time: nil)
+    def add_signer(signer, opts = {})
       pptr = FFI::MemoryPointer.new(:pointer)
       Rnp.call_ffi(:rnp_op_sign_add_signature, @ptr, signer.ptr, pptr)
       psig = pptr.read_pointer
       self.class.set_signature_options(
         psig,
-        hash: hash,
-        creation_time: creation_time,
-        expiration_time: expiration_time
+        **opts,
       )
     end
 
     # Set a group of options.
     #
-    # @param armored see {#armored=}
-    # @param compression see {#compression=}
-    # @param hash see {#hash=}
-    # @param creation_time see {#creation_time=}
-    # @param expiration_time see {#expiration_time=}
-    def options=(armored: nil, compression: nil, hash: nil,
-                 creation_time: nil, expiration_time: nil)
-      self.armored = armored unless armored.nil?
-      self.compression = compression unless compression.nil?
-      self.hash = hash unless hash.nil?
-      self.creation_time = creation_time unless creation_time.nil?
-      self.expiration_time = expiration_time unless expiration_time.nil?
+    # @param [Hash] opts set several options in one place
+    # @option opts [String] :armored see {#armored=}
+    # @option opts [String] :compression see {#compression=}
+    # @option opts [String] :hash see {#hash=}
+    # @option opts [String] :creation_time see {#creation_time=}
+    # @option opts [String] :expiration_time see {#expiration_time=}
+    def options=(opts)
+      %i{armored compression hash creation_time expiration_time}.each do |prop|
+        value = opts[prop]
+        send("#{prop}=", value) unless value.nil?
+      end
     end
 
     # Set whether the output will be ASCII-armored.
@@ -127,12 +125,14 @@ class Rnp
     end
 
     # @api private
-    def self.set_signature_options(psig, hash:, creation_time:,
-                                   expiration_time:)
-      Rnp.call_ffi(:rnp_op_sign_signature_set_hash, psig, value) unless hash.nil?
+    def self.set_signature_options(psig, hash: nil, creation_time: nil,
+                                   expiration_time: nil)
+      Rnp.call_ffi(:rnp_op_sign_signature_set_hash, psig, hash) unless hash.nil?
       creation_time = creation_time.to_i if creation_time.is_a?(::Time)
-      Rnp.call_ffi(:rnp_op_sign_signature_set_creation_time, psig, value) unless creation_time.nil?
-      Rnp.call_ffi(:rnp_op_sign_signature_set_expiration_time, psig, value) unless expiration_time.nil?
+      Rnp.call_ffi(:rnp_op_sign_signature_set_creation_time, psig,
+                   creation_time) unless creation_time.nil?
+      Rnp.call_ffi(:rnp_op_sign_signature_set_expiration_time, psig,
+                   expiration_time) unless expiration_time.nil?
     end
   end # class
 end # class

data/lib/rnp/output.rb

@@ -86,6 +86,20 @@ class Rnp
       to_callback(io.method(:write))
     end
 
+    # Write to the output.
+    #
+    # @param strings [String]
+    # @return [Integer] the number of bytes written
+    def write(*strings)
+      total_written = 0
+      pwritten = FFI::MemoryPointer.new(:size_t)
+      strings.each do |string|
+        Rnp.call_ffi(:rnp_output_write, @ptr, string, string.size, pwritten)
+        total_written += pwritten.read(:size_t)
+      end
+      total_written
+    end
+
     # Retrieve the data written. Only valid for #{to_string}.
     #
     # @return [String, nil]