Update CHANGELOG

Bump sop-java to 10.0.0
Delegate verification operations to SOPVImpl
2024-03-24 10:52:16 +01:00 · 2024-03-24 10:52:15 +01:00 · 2024-03-24 10:52:15 +01:00 · 2024-03-24 10:52:15 +01:00 · 2024-03-24 10:52:14 +01:00 · 2024-03-21 14:13:58 +01:00
12 changed files with 119 additions and 14 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,9 +14,12 @@ SPDX-License-Identifier: CC0-1.0
  - Rewrote most of the codebase in Kotlin
  - Removed `OpenPgpMetadata` (`decryptionStream.getResult()`) in favor of `MessageMetadata` (`decryptionStream.getMetadata()`)
 - `pgpainless-sop`, `pgpainless-cli`
-  - Bump `sop-java` to `8.0.1`, implementing [SOP Spec Revision 08](https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-08.html)
+  - Bump `sop-java` to `10.0.0`, implementing [SOP Spec Revision 10](https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-10.html)
  - Change API of `sop.encrypt` to return a `ReadyWithResult<EncryptionResult>` to expose the session key
  - `decrypt --verify-with`: Fix to not throw `NoSignature` exception (exit code 3) if `VERIFICATIONS` is empty
+  - Separate signature verification operations into `SOPV` interface
+  - Add `version --sopv` option
+  - Throw `BadData` error when passing KEYS where CERTS are expected.
 - Properly feed EOS tokens to the pushdown automaton when reaching the end of stream (thanks @iNPUTmice)
 - Do not choke on unknown signature subpackets (thanks @Jerbell)
 - Prevent timing issues resuting in subkey binding signatures predating the subkey (@thanks Jerbell)
@ -24,6 +27,12 @@ SPDX-License-Identifier: CC0-1.0
  - `GNUPG_AEAD_ENCRYPTED_DATA` -> `LIBREPGP_OCB_ENCRYPTED_DATA`
  - `GNUPG_VERSION_5_PUBLIC_KEY` -> `LIBREPGP_VERSION_5_PUBLIC_KEY`

+## 1.6.7
+- SOP: Fix OOM error when detached-signing large amounts of data (fix #432)
+- Move `CachingBcPublicKeyDataDecryptorFactory` from `org.bouncycastle` packet to `org.pgpainless.decryption_verification` to avoid package split (partially addresses #428)
+- Basic support for Java Modules for `pgpainless-core` and `pgpainless-sop`
+  - Added `Automatic-Module-Name` directive to gradle build files
+
 ## 1.6.6
 - Downgrade `logback-core` and `logback-classic` to `1.2.13` to fix #426

--- a/pgpainless-core/build.gradle
+++ b/pgpainless-core/build.gradle
@ -27,3 +27,10 @@ dependencies {
    // @Nullable, @Nonnull annotations
    implementation "com.google.code.findbugs:jsr305:3.0.2"
 }
+
+// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
+tasks.named('jar') {
+    manifest {
+        attributes('Automatic-Module-Name': 'org.pgpainless.core')
+    }
+}
--- a/pgpainless-sop/README.md
+++ b/pgpainless-sop/README.md
@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0

 # PGPainless-SOP

-[![Spec Revision: 8](https://img.shields.io/badge/Spec%20Revision-8-blue)](https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/)
+[![Spec Revision: 10](https://img.shields.io/badge/Spec%20Revision-10-blue)](https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/)
 [![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgpainless-sop)](https://search.maven.org/artifact/org.pgpainless/pgpainless-sop)
 [![javadoc](https://javadoc.io/badge2/org.pgpainless/pgpainless-sop/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgpainless-sop)

--- a/pgpainless-sop/build.gradle
+++ b/pgpainless-sop/build.gradle
@ -34,3 +34,10 @@ test {
    useJUnitPlatform()
    environment("test.implementation", "sop.testsuite.pgpainless.PGPainlessSopInstanceFactory")
 }
+
+// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
+tasks.named('jar') {
+    manifest {
+        attributes('Automatic-Module-Name': 'org.pgpainless.sop')
+    }
+}
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DetachedSignImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DetachedSignImpl.java
@ -4,7 +4,6 @@

 package org.pgpainless.sop;

-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@ -98,10 +97,10 @@ public class DetachedSignImpl implements DetachedSign {
            }
        }

-        ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+        OutputStream sink = new NullOutputStream();
        try {
            EncryptionStream signingStream = PGPainless.encryptAndOrSign()
-                    .onOutputStream(buffer)
+                    .onOutputStream(sink)
                    .withOptions(ProducerOptions.sign(signingOptions)
                            .setAsciiArmor(armor));

--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/KeyReader.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/KeyReader.java
@ -6,8 +6,10 @@ package org.pgpainless.sop;

 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
+import org.bouncycastle.openpgp.PGPRuntimeOperationException;
 import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
 import org.pgpainless.PGPainless;
+import org.pgpainless.key.collection.PGPKeyRingCollection;
 import sop.exception.SOPGPException;

 import java.io.IOException;
@ -44,19 +46,24 @@ class KeyReader {

    static PGPPublicKeyRingCollection readPublicKeys(InputStream certIn, boolean requireContent)
            throws IOException {
-        PGPPublicKeyRingCollection certs;
+        PGPKeyRingCollection certs;
        try {
-            certs = PGPainless.readKeyRing().publicKeyRingCollection(certIn);
+            certs = PGPainless.readKeyRing().keyRingCollection(certIn, false);
        } catch (IOException e) {
            String msg = e.getMessage();
            if (msg != null && (msg.startsWith("unknown object in stream:") || msg.startsWith("invalid header encountered"))) {
                throw new SOPGPException.BadData(e);
            }
            throw e;
+        } catch (PGPRuntimeOperationException e) {
+            throw new SOPGPException.BadData(e);
        }
-        if (requireContent && certs.size() == 0) {
+        if (certs.getPgpSecretKeyRingCollection().size() != 0) {
+            throw new SOPGPException.BadData("Secret key components encountered, while certificates were expected.");
+        }
+        if (requireContent && certs.getPgpPublicKeyRingCollection().size() == 0) {
            throw new SOPGPException.BadData(new PGPException("No cert data found."));
        }
-        return certs;
+        return certs.getPgpPublicKeyRingCollection();
    }
 }
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/NullOutputStream.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/NullOutputStream.java
@ -0,0 +1,17 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.sop;
+
+import java.io.OutputStream;
+
+/**
+ * {@link OutputStream} that simply discards bytes written to it.
+ */
+public class NullOutputStream extends OutputStream {
+    @Override
+    public void write(int b) {
+        // NOP
+    }
+}
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/SOPImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/SOPImpl.java
@ -6,6 +6,7 @@ package org.pgpainless.sop;

 import org.pgpainless.util.ArmoredOutputStreamFactory;
 import sop.SOP;
+import sop.SOPV;
 import sop.operation.Armor;
 import sop.operation.ChangeKeyPassword;
 import sop.operation.Dearmor;
@ -36,10 +37,12 @@ public class SOPImpl implements SOP {
        ArmoredOutputStreamFactory.setVersionInfo(null);
    }

+    private final SOPV sopv = new SOPVImpl();
+
    @Override
    @Nonnull
    public Version version() {
-        return new VersionImpl();
+        return sopv.version();
    }

    @Override
@ -81,13 +84,13 @@ public class SOPImpl implements SOP {
    @Override
    @Nonnull
    public DetachedVerify detachedVerify() {
-        return new DetachedVerifyImpl();
+        return sopv.detachedVerify();
    }

    @Override
    @Nonnull
    public InlineVerify inlineVerify() {
-        return new InlineVerifyImpl();
+        return sopv.inlineVerify();
    }

    @Override
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/SOPVImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/SOPVImpl.java
@ -0,0 +1,40 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.sop;
+
+import org.jetbrains.annotations.NotNull;
+import org.pgpainless.util.ArmoredOutputStreamFactory;
+import sop.SOPV;
+import sop.operation.DetachedVerify;
+import sop.operation.InlineVerify;
+import sop.operation.Version;
+
+/**
+ * Implementation of the <pre>sopv</pre> interface subset using PGPainless.
+ */
+public class SOPVImpl implements SOPV {
+
+    static {
+        ArmoredOutputStreamFactory.setVersionInfo(null);
+    }
+
+    @NotNull
+    @Override
+    public DetachedVerify detachedVerify() {
+        return new DetachedVerifyImpl();
+    }
+
+    @NotNull
+    @Override
+    public InlineVerify inlineVerify() {
+        return new InlineVerifyImpl();
+    }
+
+    @NotNull
+    @Override
+    public Version version() {
+        return new VersionImpl();
+    }
+}
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/VersionImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/VersionImpl.java
@ -10,6 +10,8 @@ import java.util.Locale;
 import java.util.Properties;

 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.jetbrains.annotations.NotNull;
+import sop.exception.SOPGPException;
 import sop.operation.Version;

 import javax.annotation.Nonnull;
@ -20,7 +22,9 @@ import javax.annotation.Nonnull;
 public class VersionImpl implements Version {

    // draft version
-    private static final int SOP_VERSION = 8;
+    private static final int SOP_VERSION = 10;
+
+    private static final String SOPV_VERSION = "1.0";

    @Override
    @Nonnull
@ -86,4 +90,9 @@ public class VersionImpl implements Version {
        return null;
    }

+    @NotNull
+    @Override
+    public String getSopVVersion() throws SOPGPException.UnsupportedOption {
+        return SOPV_VERSION;
+    }
 }
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/VersionTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/VersionTest.java
@ -72,4 +72,11 @@ public class VersionTest {
            assertTrue(fullSopSpecVersion.endsWith(incompletenessRemarks));
        }
    }
+
+    @Test
+    public void testGetSopVVersion() {
+        String sopVVersion = sop.version().getSopVVersion();
+        assertNotNull(sopVVersion);
+        assertTrue(sopVVersion.matches("\\d+\\.\\d+(\\.\\d+)*")); // X.Y or X.Y.Z... etc.
+    }
 }
--- a/version.gradle
+++ b/version.gradle
@ -14,6 +14,6 @@ allprojects {
        logbackVersion = '1.2.13'
        mockitoVersion = '4.5.1'
        slf4jVersion = '1.7.36'
-        sopJavaVersion = '8.0.1'
+        sopJavaVersion = '10.0.0'
    }
 }
Author	SHA1	Message	Date
Paul Schaub	bd1949871a	Update CHANGELOG	2024-03-24 10:52:16 +01:00
Paul Schaub	194e4e1458	Bump sop-java to 10.0.0	2024-03-24 10:52:15 +01:00
Paul Schaub	44be5aa981	Delegate verification operations to SOPVImpl	2024-03-24 10:52:15 +01:00
Paul Schaub	3ac273757a	Bump sop-java to 10.0.0-SNAPSHOT and implement sopv interface subset	2024-03-24 10:52:15 +01:00
Paul Schaub	fa5bdfcd82	Throw BadData if KEYS are passed where CERTS are expected	2024-03-24 10:52:14 +01:00
Paul Schaub	89038ebedf	Update CHANGELOG	2024-03-21 14:13:58 +01:00
Paul Schaub	337b5d68b6	Add Automatic-Module-Name to pgpainless-core and pgpainless-sop	2024-03-19 15:56:49 +01:00
Paul Schaub	265f72d99f	Fix OOM when detached signing large files Fixes #432	2024-03-17 17:29:01 +01:00