chore: update rPGP from 0.18.0 to 0.19.0

Author: link2xt

Cargo.lock

@@ -78,7 +78,7 @@ num-derive = "0.4"
 num-traits = { workspace = true }
 parking_lot = "0.12.4"
 percent-encoding = "2.3"
-pgp = { version = "0.18.0", default-features = false }
+pgp = { version = "0.19.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
 quick-xml = { version = "0.38", features = ["escape-html"] }

Cargo.toml

@@ -58,7 +58,7 @@ async fn create_context() -> Context {
         .await
         .unwrap();
     let secret = key_from_asc(include_str!("../test-data/key/bob-secret.asc")).unwrap();
-    let public = secret.signed_public_key();
+    let public = secret.to_public_key();
     let key_pair = KeyPair { public, secret };
     store_self_keypair(&context, &key_pair)
         .await

benches/decrypting.rs

@@ -110,9 +110,9 @@ impl FromStr for Aheader {
                 SignedPublicKey::from_base64(&raw).context("autocrypt key cannot be decoded")
             })
             .and_then(|key| {
-                key.verify()
+                key.verify_bindings()
                     .and(Ok(key))
-                    .context("autocrypt key cannot be verified")
+                    .context("Autocrypt key cannot be verified")
             })?;
 
         let prefer_encrypt = attributes

src/aheader.rs

@@ -19,7 +19,7 @@ use crate::config::Config;
 use crate::context::Context;
 use crate::e2ee;
 use crate::events::EventType;
-use crate::key::{self, DcKey, DcSecretKey, SignedPublicKey, SignedSecretKey};
+use crate::key::{self, DcKey, SignedPublicKey, SignedSecretKey};
 use crate::log::{LogExt, warn};
 use crate::pgp;
 use crate::qr::DCBACKUP_VERSION;
@@ -142,7 +142,7 @@ pub async fn has_backup(_context: &Context, dir_name: &Path) -> Result<String> {
 
 async fn set_self_key(context: &Context, armored: &str) -> Result<()> {
     let private_key = SignedSecretKey::from_asc(armored)?;
-    let public_key = private_key.split_public_key()?;
+    let public_key = private_key.to_public_key();
 
     let keypair = pgp::KeyPair {
         public: public_key,
@@ -153,7 +153,7 @@ async fn set_self_key(context: &Context, armored: &str) -> Result<()> {
     info!(
         context,
         "stored self key: {:?}",
-        keypair.secret.public_key().key_id()
+        keypair.secret.public_key().legacy_key_id()
     );
     Ok(())
 }

src/imex.rs

@@ -10,7 +10,7 @@ use deltachat_contact_tools::EmailAddress;
 use pgp::composed::Deserializable;
 pub use pgp::composed::{SignedPublicKey, SignedSecretKey};
 use pgp::ser::Serialize;
-use pgp::types::{KeyDetails, KeyId, Password};
+use pgp::types::{KeyDetails, KeyId};
 use tokio::runtime::Handle;
 
 use crate::context::Context;
@@ -264,7 +264,7 @@ impl DcKey for SignedPublicKey {
     }
 
     fn key_id(&self) -> KeyId {
-        KeyDetails::key_id(self)
+        KeyDetails::legacy_key_id(self)
     }
 }
 
@@ -291,30 +291,7 @@ impl DcKey for SignedSecretKey {
     }
 
     fn key_id(&self) -> KeyId {
-        KeyDetails::key_id(&**self)
-    }
-}
-
-/// Deltachat extension trait for secret keys.
-///
-/// Provides some convenience wrappers only applicable to [SignedSecretKey].
-pub(crate) trait DcSecretKey {
-    /// Create a public key from a private one.
-    fn split_public_key(&self) -> Result<SignedPublicKey>;
-}
-
-impl DcSecretKey for SignedSecretKey {
-    fn split_public_key(&self) -> Result<SignedPublicKey> {
-        self.verify()?;
-        let unsigned_pubkey = self.public_key();
-        let mut rng = rand_old::thread_rng();
-        let signed_pubkey = unsigned_pubkey.sign(
-            &mut rng,
-            &self.primary_key,
-            self.primary_key.public_key(),
-            &Password::empty(),
-        )?;
-        Ok(signed_pubkey)
+        KeyDetails::legacy_key_id(&**self)
     }
 }
 
@@ -426,7 +403,7 @@ pub(crate) async fn store_self_keypair(context: &Context, keypair: &KeyPair) ->
 /// Use import/export APIs instead.
 pub async fn preconfigure_keypair(context: &Context, secret_data: &str) -> Result<()> {
     let secret = SignedSecretKey::from_asc(secret_data)?;
-    let public = secret.split_public_key()?;
+    let public = secret.to_public_key();
     let keypair = KeyPair { public, secret };
     store_self_keypair(context, &keypair).await?;
     Ok(())
@@ -702,12 +679,6 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
         assert_eq!(res0.unwrap(), res1.unwrap());
     }
 
-    #[test]
-    fn test_split_key() {
-        let pubkey = KEYPAIR.secret.split_public_key().unwrap();
-        assert_eq!(pubkey.primary_key, KEYPAIR.public.primary_key);
-    }
-
     /// Tests that setting a default key second time is not allowed.
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_save_self_key_twice() {

src/key.rs

@@ -496,8 +496,7 @@ impl MimeMessage {
                 // We don't decompress messages compressed multiple times.
                 None
             }
-            Some(pgp::composed::Message::SignedOnePass { reader, .. }) => reader.signature(),
-            Some(pgp::composed::Message::Signed { reader, .. }) => Some(reader.signature()),
+            Some(pgp::composed::Message::Signed { reader, .. }) => reader.signature(0),
             Some(pgp::composed::Message::Encrypted { .. }) => {
                 // The message is already decrypted once.
                 None
@@ -1636,7 +1635,7 @@ impl MimeMessage {
             }
             Ok(key) => key,
         };
-        if let Err(err) = key.verify() {
+        if let Err(err) = key.verify_bindings() {
             warn!(context, "Attached PGP key verification failed: {err:#}.");
             return Ok(false);
         }

src/mimeparser.rs

@@ -4,22 +4,20 @@ use std::collections::{BTreeMap, HashMap, HashSet};
 use std::io::{BufRead, Cursor};
 
 use anyhow::{Context as _, Result, bail};
-use chrono::SubsecRound;
 use deltachat_contact_tools::EmailAddress;
 use pgp::armor::BlockType;
 use pgp::composed::{
-    ArmorOptions, DecryptionOptions, Deserializable, DetachedSignature, KeyType as PgpKeyType,
-    Message, MessageBuilder, SecretKeyParamsBuilder, SignedPublicKey, SignedPublicSubKey,
-    SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig, TheRing,
+    ArmorOptions, DecryptionOptions, Deserializable, DetachedSignature, EncryptionCaps,
+    KeyType as PgpKeyType, Message, MessageBuilder, SecretKeyParamsBuilder, SignedPublicKey,
+    SignedPublicSubKey, SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig, TheRing,
 };
 use pgp::crypto::aead::{AeadAlgorithm, ChunkSize};
 use pgp::crypto::ecc_curve::ECCCurve;
 use pgp::crypto::hash::HashAlgorithm;
 use pgp::crypto::sym::SymmetricKeyAlgorithm;
 use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
 use pgp::types::{
-    CompressionAlgorithm, KeyDetails, KeyVersion, Password, PublicKeyTrait, SecretKeyTrait as _,
-    StringToKey,
+    CompressionAlgorithm, KeyDetails, KeyVersion, Password, SigningKey as _, StringToKey,
 };
 use rand_old::{Rng as _, thread_rng};
 use tokio::runtime::Handle;
@@ -83,9 +81,7 @@ impl KeyPair {
     ///
     /// Public key is split off the secret key.
     pub fn new(secret: SignedSecretKey) -> Result<Self> {
-        use crate::key::DcSecretKey;
-
-        let public = secret.split_public_key()?;
+        let public = secret.to_public_key();
         Ok(Self { public, secret })
     }
 }
@@ -123,7 +119,7 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result<KeyPair> {
         .subkey(
             SubkeyParamsBuilder::default()
                 .key_type(encryption_key_type)
-                .can_encrypt(true)
+                .can_encrypt(EncryptionCaps::All)
                 .passphrase(None)
                 .build()
                 .context("failed to build subkey parameters")?,
@@ -134,18 +130,16 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result<KeyPair> {
     let mut rng = thread_rng();
     let secret_key = key_params
         .generate(&mut rng)
-        .context("failed to generate the key")?
-        .sign(&mut rng, &Password::empty())
-        .context("failed to sign secret key")?;
+        .context("Failed to generate the key")?;
     secret_key
-        .verify()
-        .context("invalid secret key generated")?;
+        .verify_bindings()
+        .context("Invalid secret key generated")?;
 
     let key_pair = KeyPair::new(secret_key)?;
     key_pair
         .public
-        .verify()
-        .context("invalid public key generated")?;
+        .verify_bindings()
+        .context("Invalid public key generated")?;
     Ok(key_pair)
 }
 
@@ -157,7 +151,7 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result<KeyPair> {
 fn select_pk_for_encryption(key: &SignedPublicKey) -> Option<&SignedPublicSubKey> {
     key.public_subkeys
         .iter()
-        .find(|subkey| subkey.is_encryption_key())
+        .find(|subkey| subkey.algorithm().can_encrypt())
 }
 
 /// Version of SEIPD packet to use.
@@ -194,7 +188,7 @@ pub async fn pk_encrypt(
             let subpkts = {
                 let mut hashed = Vec::with_capacity(1 + public_keys_for_encryption.len() + 1);
                 hashed.push(Subpacket::critical(SubpacketData::SignatureCreationTime(
-                    chrono::Utc::now().trunc_subsecs(0),
+                    pgp::types::Timestamp::now(),
                 ))?);
                 // Test "elena" uses old Delta Chat.
                 let skip = private_key_for_signing.dc_fingerprint().hex()
@@ -215,8 +209,8 @@ pub async fn pk_encrypt(
                 ))?);
                 let mut unhashed = vec![];
                 if private_key_for_signing.version() <= KeyVersion::V4 {
-                    unhashed.push(Subpacket::regular(SubpacketData::Issuer(
-                        private_key_for_signing.key_id(),
+                    unhashed.push(Subpacket::regular(SubpacketData::IssuerKeyId(
+                        private_key_for_signing.legacy_key_id(),
                     ))?);
                 }
                 SubpacketConfig::UserDefined { hashed, unhashed }
@@ -302,15 +296,15 @@ pub fn pk_calc_signature(
             private_key_for_signing.fingerprint(),
         ))?,
         Subpacket::critical(SubpacketData::SignatureCreationTime(
-            chrono::Utc::now().trunc_subsecs(0),
+            pgp::types::Timestamp::now(),
         ))?,
     ];
     config.unhashed_subpackets = vec![];
     if private_key_for_signing.version() <= KeyVersion::V4 {
         config
             .unhashed_subpackets
-            .push(Subpacket::regular(SubpacketData::Issuer(
-                private_key_for_signing.key_id(),
+            .push(Subpacket::regular(SubpacketData::IssuerKeyId(
+                private_key_for_signing.legacy_key_id(),
             ))?);
     }
 

src/pgp.rs

@@ -8,7 +8,7 @@ use std::collections::{BTreeMap, BTreeSet};
 use anyhow::{Context as _, Result};
 use deltachat_derive::FromSql;
 use num_traits::ToPrimitive;
-use pgp::types::PublicKeyTrait;
+use pgp::types::KeyDetails as _;
 use rand::distr::SampleString as _;
 use rusqlite::OptionalExtension;
 use serde::Serialize;
@@ -33,7 +33,7 @@ const MESSAGE_STATS_UPDATE_INTERVAL_SECONDS: i64 = 4 * 60; // 4 minutes (less th
 #[derive(Serialize)]
 struct Statistics {
     core_version: String,
-    key_create_timestamps: Vec<i64>,
+    key_create_timestamps: Vec<u32>,
     stats_id: String,
     is_chatmail: bool,
     contact_stats: Vec<ContactStat>,
@@ -345,10 +345,10 @@ async fn get_stats(context: &Context) -> Result<String> {
         .get_config_u32(Config::StatsLastOldContactId)
         .await?;
 
-    let key_create_timestamps: Vec<i64> = load_self_public_keyring(context)
+    let key_create_timestamps: Vec<u32> = load_self_public_keyring(context)
         .await?
         .iter()
-        .map(|k| k.created_at().timestamp())
+        .map(|k| k.created_at().as_secs())
         .collect();
 
     let sending_enabled_timestamps =