From 9fa19a4d02720740ed5c61243d23e49e0c524862 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Thu, 28 Sep 2023 13:44:52 +0300 Subject: [PATCH] Add and make use of RNP_EXPERIMENTAL_* defines to the rnp_export.h header. --- include/rnp/rnp.h | 10 ++++++++++ src/lib/CMakeLists.txt | 12 ++++++++++++ src/lib/rnp.cpp | 27 ++++++++++++++------------- 3 files changed, 36 insertions(+), 13 deletions(-) diff --git a/include/rnp/rnp.h b/include/rnp/rnp.h index 9279990447..94d1e1d1d5 100644 --- a/include/rnp/rnp.h +++ b/include/rnp/rnp.h @@ -1176,6 +1176,7 @@ RNP_API rnp_result_t rnp_op_generate_clear_pref_ciphers(rnp_op_generate_t op); RNP_API rnp_result_t rnp_op_generate_set_pref_keyserver(rnp_op_generate_t op, const char * keyserver); +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) /** Set the generated key version to v6. * NOTE: This is an experimantal feature and this function can be replaced (or removed) at any * time. @@ -1184,7 +1185,9 @@ RNP_API rnp_result_t rnp_op_generate_set_pref_keyserver(rnp_op_generate_t op, * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_v6_key(rnp_op_generate_t op); +#endif +#if defined(RNP_EXPERIMENTAL_CRYPTO_PQC) /** Set the SPHINCS+ parameter set * NOTE: This is an experimantal feature and this function can be replaced (or removed) at any * time. @@ -1200,6 +1203,7 @@ RNP_API rnp_result_t rnp_op_generate_set_v6_key(rnp_op_generate_t op); */ RNP_API rnp_result_t rnp_op_generate_set_sphincsplus_param(rnp_op_generate_t op, const char * param); +#endif /** Execute the prepared key or subkey generation operation. * Note: if you set protection algorithm, then you need to specify ffi password provider to @@ -3005,6 +3009,7 @@ RNP_API rnp_result_t rnp_op_encrypt_create(rnp_op_encrypt_t *op, */ RNP_API rnp_result_t rnp_op_encrypt_add_recipient(rnp_op_encrypt_t op, rnp_key_handle_t key); +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) /** * @brief Enables the creation of PKESK v6 (instead of v3) which results in the use of SEIPDv2. * The actually created version depends on the capabilities of the list of recipients. @@ -3015,6 +3020,7 @@ RNP_API rnp_result_t rnp_op_encrypt_add_recipient(rnp_op_encrypt_t op, rnp_key_h * @return RNP_SUCCESS or errorcode if failed. */ RNP_API rnp_result_t rnp_op_encrypt_enable_pkesk_v6(rnp_op_encrypt_t op); +#endif /** * @brief Add signature to encrypting context, so data will be encrypted and signed. @@ -3416,8 +3422,11 @@ RNP_API const char *rnp_backend_version(); #define RNP_ALGNAME_ECDH "ECDH" #define RNP_ALGNAME_ECDSA "ECDSA" #define RNP_ALGNAME_EDDSA "EDDSA" +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) #define RNP_ALGNAME_ED25519 "ED25519" #define RNP_ALGNAME_X25519 "X25519" +#endif +#if defined(RNP_EXPERIMENTAL_PQC) #define RNP_ALGNAME_KYBER768_X25519 "KYBER768_X25519" #define RNP_ALGNAME_KYBER1024_X448 "KYBER1024_X448" #define RNP_ALGNAME_KYBER768_P256 "KYBER768_P256" @@ -3432,6 +3441,7 @@ RNP_API const char *rnp_backend_version(); #define RNP_ALGNAME_DILITHIUM5_BP384 "DILITHIUM5_BP384" #define RNP_ALGNAME_SPHINCSPLUS_SHA2 "SPHINCSPLUS_SHA2" #define RNP_ALGNAME_SPHINCSPLUS_SHAKE "SPHINCSPLUS_SHAKE" +#endif #define RNP_ALGNAME_IDEA "IDEA" #define RNP_ALGNAME_TRIPLEDES "TRIPLEDES" #define RNP_ALGNAME_CAST5 "CAST5" diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 620e98e590..8f3ac7c896 100755 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -458,12 +458,24 @@ foreach (prop LINK_LIBRARIES INTERFACE_LINK_LIBRARIES INCLUDE_DIRECTORIES INTERF endforeach() +set(EXPERIMENTAL_FEATURES "") +if (ENABLE_CRYPTO_REFRESH) + set(EXPERIMENTAL_FEATURES "${EXPERIMENTAL_FEATURES}\n#define RNP_EXPERIMENTAL_CRYPTO_REFRESH\n") +endif() +if(ENABLE_PQC) + set(EXPERIMENTAL_FEATURES "${EXPERIMENTAL_FEATURES}\n#define RNP_EXPERIMENTAL_PQC\n") +endif() +if(NOT EXPERIMENTAL_FEATURES STREQUAL "") + message(WARNING "One or more experimental features are enabled. Use it on your own risk.") +endif() + generate_export_header(librnp BASE_NAME rnp EXPORT_MACRO_NAME RNP_API EXPORT_FILE_NAME rnp/rnp_export.h STATIC_DEFINE RNP_STATIC INCLUDE_GUARD_NAME RNP_EXPORT + CUSTOM_CONTENT_FROM_VARIABLE EXPERIMENTAL_FEATURES ) # This has precedence and can cause some confusion when the binary diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp index 51945bb10e..a9eb3a40e0 100644 --- a/src/lib/rnp.cpp +++ b/src/lib/rnp.cpp @@ -69,6 +69,13 @@ RNP_LOG_FD(fp, __VA_ARGS__); \ } while (0) +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) && !defined(ENABLE_CRYPTO_REFRESH) +#error "Invalid defines combination." +#endif +#if defined(RNP_EXPERIMENTAL_PQC) && !defined(ENABLE_PQC) +#error "Invalid defines combination." +#endif + static pgp_key_t *get_key_require_public(rnp_key_handle_t handle); static pgp_key_t *get_key_prefer_public(rnp_key_handle_t handle); static pgp_key_t *get_key_require_secret(rnp_key_handle_t handle); @@ -2592,21 +2599,19 @@ try { } FFI_GUARD +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) rnp_result_t rnp_op_encrypt_enable_pkesk_v6(rnp_op_encrypt_t op) try { -#if defined(ENABLE_CRYPTO_REFRESH) if (!op) { return RNP_ERROR_NULL_POINTER; } op->rnpctx.enable_pkesk_v6 = true; return RNP_SUCCESS; -#else - return RNP_ERROR_NOT_IMPLEMENTED; -#endif } FFI_GUARD +#endif rnp_result_t rnp_op_encrypt_add_signature(rnp_op_encrypt_t op, @@ -5672,26 +5677,24 @@ try { } FFI_GUARD +#if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) rnp_result_t rnp_op_generate_set_v6_key(rnp_op_generate_t op) try { -#if defined(ENABLE_CRYPTO_REFRESH) if (!op) { return RNP_ERROR_NULL_POINTER; } op->pgp_version = PGP_V6; return RNP_SUCCESS; -#else - return RNP_ERROR_NOT_IMPLEMENTED; -#endif } FFI_GUARD +#endif +#if defined(RNP_EXPERIMENTAL_CRYPTO_PQC) rnp_result_t rnp_op_generate_set_sphincsplus_param(rnp_op_generate_t op, const char *param_cstr) try { -#if defined(ENABLE_PQC) - if (!op) { + if (!op || !param_cstr) { return RNP_ERROR_NULL_POINTER; } @@ -5716,11 +5719,9 @@ try { op->crypto.sphincsplus.param = param; return RNP_SUCCESS; -#else - return RNP_ERROR_NOT_IMPLEMENTED; -#endif } FFI_GUARD +#endif rnp_result_t rnp_op_generate_execute(rnp_op_generate_t op)