rpgpie 0.9.0

Experimental high level API for rPGP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334

//! Utility functionality to look up and verify the issuers of signatures

use std::collections::HashMap;

use pgp::{
    packet::{PublicKey, Signature, SignatureType, UserId},
    types::{Fingerprint, KeyDetails, KeyId, Tag, Timestamp},
};

use crate::certificate::Checked;

/// A generic lookup helper to find certificates by [`Fingerprint`] or [`KeyId`].
///
/// An index can be created (in different ways) over a set of [`Checked`] certificates, with each
/// certificate getting indexed for any number of [`Fingerprint`]s or [`KeyId`]s, depending on the
/// lookup use case.
///
/// The main use case for this is to find the issuer of a [`Signature`], based on the Issuer
/// Fingerprint or Issuer KeyId subpackets in the Signature.
///
/// The current indexing options are:
///
/// - `index_as_certifier`, which indexes every certificate by its primary key (if it carries the
///   key flag for issuing third-party certifications),
/// - `index_as_data_signer`, which indexes every certificate by the fingerprint/keyid of each
///   component key that has the "data signatures" key flag enable.
pub struct CertificateIndex<'a> {
    /// A list of [`Checked`] per [`Fingerprint`].
    ///
    /// This robustly handles multiple `Checked` per `Fingerprint` (which can occur for collisions,
    /// especially with Fingerprints that use weaker hashes, but also e.g. when component keys are
    /// re-used in different certificates)
    by_fp: HashMap<Fingerprint, Vec<&'a Checked>>,

    /// A list of [`Checked`] per [`KeyId`].
    ///
    /// This robustly handles potential duplicate [`KeyId`]s (which can occur due to collisions,
    /// or because a component key is reused in different certificates).
    by_keyid: HashMap<KeyId, Vec<&'a Checked>>,
}

impl<'a> CertificateIndex<'a> {
    /// Initialize a lookup structure for all certificates in `checked` by the primary key's
    /// identity.
    ///
    /// The lookup index is seeded with the primary key's fingerprint and key id.
    /// This is useful for looking up the issuer of third-party certifying signatures.
    pub fn index_as_certifier(checked: &'a [Checked]) -> Self {
        let index_primary = |cert: &Checked| vec![(cert.fingerprint().clone(), cert.key_id())];

        Self::initialize_index(checked, &index_primary)
    }

    /// Initialize a lookup structure for all certificates in `checked`, used as data signers.
    ///
    /// The lookup index is seeded with the fingerprint and key id of all component keys that
    /// carry the key flag for *data signatures*.
    pub fn index_as_data_signer(checked: &'a [Checked]) -> Self {
        let now = Timestamp::now();

        let index_data_signers = |cert: &Checked| {
            // collect data verifiers, not required to be valid at any particular time
            cert.component_keys()
                .filter(|sckp| {
                    // TODO: also include component keys that are now soft revoked, but previously
                    //       carried the "data signature" key flag?

                    // does this component key have the "data signature" key flag right now?
                    sckp.key_flags_at(now)
                        .map(|flag| flag.sign())
                        .unwrap_or(false)
                })
                .map(|sckp| (sckp.fingerprint(), sckp.legacy_key_id()))
                .collect()
        };

        Self::initialize_index(checked, &index_data_signers)
    }

    /// Generic setup of a `CertificateIndex`
    fn initialize_index(
        checked: &'a [Checked],
        indexer: &dyn Fn(&Checked) -> Vec<(Fingerprint, KeyId)>,
    ) -> Self {
        let mut by_fp = HashMap::new();
        let mut by_keyid = HashMap::new();

        for c in checked {
            for (fp, key_id) in indexer(c) {
                // store for lookup by fingerprint
                let values = by_fp.entry(fp).or_insert(vec![]);
                values.push(c);

                // store for lookup by keyid
                let values = by_keyid.entry(key_id).or_insert(vec![]);
                values.push(c);
            }
        }

        Self { by_fp, by_keyid }
    }

    /// Look up a set of certificates by [`Fingerprint`]
    pub fn lookup_fingerprint(&self, fp: &Fingerprint) -> &[&'a Checked] {
        self.by_fp.get(fp).map_or(&[], |v| v)
    }

    /// Look up a set of certificates by [`Key Id`]
    pub fn lookup_keyid(&self, keyid: &KeyId) -> &[&'a Checked] {
        self.by_keyid.get(keyid).map_or(&[], |v| v)
    }
}

/// A helper for dealing with third-party certification signatures.
///
/// An instance of [`CertifierLookup`] is based on a set of certificates, and can efficiently find
/// and verify the issuer of third-party signatures within that set (or determine that the signer is
/// unknown).
///
/// [`CertifierLookup`] handles two types of third-party signatures:
///
/// - User ID certifications,
/// - Direct key signatures (issued over the primary key).
pub struct CertifierLookup<'a> {
    index: CertificateIndex<'a>,
}

impl<'a> CertifierLookup<'a> {
    /// Initialize a lookup structure for all certificates in `checked`.
    ///
    /// This allows efficient lookup of certificates by both [`Fingerprint`] and [`KeyId`], of the
    /// primary key.
    pub fn new(checked: &'a [Checked]) -> Self {
        let index = CertificateIndex::index_as_certifier(checked);
        Self { index }
    }

    /// Find a cryptographically valid signer for `sig` as a third-party certification over
    /// `signee` and `user_id`.
    ///
    /// If a signer is found, a reference to it is returned, otherwise None.
    pub fn find_userid_signer(
        &self,
        sig: &Signature,
        signee: &PublicKey,
        user_id: &UserId,
    ) -> Option<&'a Checked> {
        // Helper closure: verify signature as user id certification
        let verify = |signee: &PublicKey, signer: &PublicKey| {
            sig.verify_third_party_certification(signee, signer, Tag::UserId, user_id)
                .is_ok()
        };

        self.find_signer(sig, signee, &verify)
    }

    /// Find a cryptographically valid signer for `sig` as a third-party direct key signature over
    /// `signee`.
    ///
    /// If a signer is found, a reference to it is returned, otherwise None.
    pub fn find_direct_key_signer(
        &self,
        sig: &Signature,
        signee: &PublicKey,
    ) -> Option<&'a Checked> {
        // Helper closure: verify signature as third-party direct certification
        let verify = |signee: &PublicKey, signer: &PublicKey| {
            sig.verify_key_third_party(signee, signer).is_ok()
        };

        self.find_signer(sig, signee, &verify)
    }

    /// Find possible signers, based on the Issuer Fingerprint and Issuer Key Id Subpackets in `sig`
    fn candidates(&self, sig: &Signature) -> Vec<&'a Checked> {
        // Possible optimization:
        // Remember (e.g. by HashSet of primary fingerprint), which possible signers we already
        // tried and didn't get a positive check result for, and don't try those again.
        //
        // This would save time if there are many issuer/issuer fingerprint subpackets that don't
        // verify as ok.

        let mut cand = Vec::new();

        // Try to find the signer by Issuer Fingerprint subpacket
        for fp in sig.issuer_fingerprint() {
            for &c in self.index.lookup_fingerprint(fp) {
                cand.push(c);
            }
        }

        // Try to find the signer by Issuer KeyId subpacket
        for keyid in sig.issuer_key_id() {
            for &c in self.index.lookup_keyid(keyid) {
                cand.push(c);
            }
        }

        cand
    }

    /// Generic signer lookup, used for both user id certifications and direct key signatures.
    fn find_signer(
        &self,
        sig: &Signature,
        signee: &PublicKey,
        verify: &dyn Fn(&PublicKey, &PublicKey) -> bool,
    ) -> Option<&'a Checked> {
        self.candidates(sig)
            .into_iter()
            .find(|&c| verify(signee, &c.as_signed_public_key().primary_key))
    }

    /// Filter the third-party user id certifying signatures in `signatures` by policy, as well as
    /// temporal and cryptographic validity, and group them by signer certificate.
    ///
    /// This bulk processing function is useful to process the output of
    /// [`Checked::user_id_third_party_certifications`].
    pub fn valid_userid_certifications(
        &self,
        signatures: &[&'a Signature],
        target: &Checked,
        target_user: &UserId,
        reference_time: Timestamp,
    ) -> Vec<(&'a Checked, Vec<&'a Signature>)> {
        // We only handle (some) certification signature types
        const FILTER: &[Option<SignatureType>] = &[
            Some(SignatureType::CertPositive),
            Some(SignatureType::CertGeneric),
            Some(SignatureType::CertCasual),
            Some(SignatureType::CertRevocation),
        ];

        let lookup = |sig| {
            self.find_userid_signer(sig, &target.as_signed_public_key().primary_key, target_user)
        };

        Self::collect_third_party(signatures, reference_time, Box::new(lookup), FILTER)
    }

    /// Filter the third-party direct key signatures in `signatures` by policy, as well as
    /// temporal and cryptographic validity, and group them by signer certificate.
    ///
    /// This bulk processing function is useful to process the output of
    /// [`Checked::direct_third_party_certifications`].
    pub fn valid_direct_signatures(
        &self,
        signatures: &[&'a Signature],
        target: &Checked,
        reference_time: Timestamp,
    ) -> Vec<(&'a Checked, Vec<&'a Signature>)> {
        // We only handle third-party direct key signatures (and their revocations) here
        const FILTER: &[Option<SignatureType>] = &[Some(SignatureType::Key)];

        let lookup =
            |sig| self.find_direct_key_signer(sig, &target.as_signed_public_key().primary_key);

        Self::collect_third_party(signatures, reference_time, Box::new(lookup), FILTER)
    }

    /// Filters a set of `signatures` for semantical validity, looks up their signers, and returns
    /// all valid third-party certifications grouped by signer.
    fn collect_third_party(
        signatures: &[&'a Signature],
        reference_time: Timestamp,
        lookup: Box<impl Fn(&'a Signature) -> Option<&'a Checked>>,
        sigtype_filter: &[Option<SignatureType>],
    ) -> Vec<(&'a Checked, Vec<&'a Signature>)> {
        let mut map = HashMap::new();

        for &sig in signatures {
            if !sigtype_filter.contains(&sig.typ()) {
                continue;
            }

            // Policy check - is the signature using acceptable algorithms?
            if !crate::signature::signature_acceptable(sig) {
                continue;
            }

            let Some(sig_created) = sig.created() else {
                continue;
            };

            // Filter out if signature creation time is after reference_time
            if sig_created > reference_time {
                log::trace!("skipping signature from the future {:?}", sig);
                continue;
            }

            // Filter out if signature has an expiration time that is before reference_time
            if let Some(exp) = sig.signature_expiration_time() {
                if exp.as_secs() != 0 {
                    let expires = Timestamp::from_secs(sig_created.as_secs() + exp.as_secs());

                    if expires <= reference_time {
                        log::trace!("skipping expired sig {:?}", sig);
                        continue;
                    }
                }
            }

            // Find the signer that has made this signature, if any.
            // This includes a check for cryptographic validity of the signature.
            let Some(signer) = lookup(sig) else {
                // We found no signer, go to the next signature
                continue;
            };

            log::debug!("  found signer: {:?}", signer.fingerprint());

            // TODO: check that the signer's primary has key flag `0x01`

            // Ignore signature if signer is invalid at its creation time
            if !signer.primary_valid_at(sig_created).unwrap_or(false) {
                continue;
            }

            // Ignore signature if signer is invalid at reference time.
            // (NOTE: this disagrees with s-w cert_expired, cert_revoked_soft)
            if !signer.primary_valid_at(reference_time).unwrap_or(false) {
                continue;
            }

            // Store this signature in map
            // let signer_cert = to_certificate(signer);
            let entry: &mut (&Checked, Vec<&Signature>) =
                map.entry(signer.fingerprint()).or_insert((signer, vec![]));
            entry.1.push(sig);
        }

        map.into_values().collect()
    }
}