Check userids for validity.

[ni4]

This PR adds userid validity checks.
Userid is now considered as valid when:

• it has valid, non-expired self-signature
• this self-signature doesn't expire the key itself
• there is no revocation for this userid.

This changes behavior to the following:

• key cannot be searched by non-valid userid
• primary key selection respects only valid userids
• however, non valid userids still are enumerated, and should be checked for validity via rnp_uid_is_valid().

Also it adds few more functions which allows to retrieve uid-related data via uid handle.

Fixes #1022
Fixes #1126

[ni4]

Single test is failing for ruby-rnp, it should be addressed via or together with rnpgp/ruby-rnp#69

[rrrooommmaaa]

LGTM, but I suggest to use std::set in places where we need to keep unique keys

[rrrooommmaaa]

I think it's more convenient to use std::set here

[ni4]

@rrrooommmaaa That would require to satisfy https://en.cppreference.com/w/cpp/named_req/Compare, and if I understand correctly, pgp_key_t will not. Given that it's just for tests I don't see the reason to spend time on implement that. And, actually, now it works the same way as it worked before. What do you think?

[rrrooommmaaa]

@ni4 Aren't we comparing pointers?

[ni4]

@rrrooommmaaa Oh, my fault, somehow mislooked (how?) pointerness, sorry. Fixed and force-pushed.

[rrrooommmaaa]

I think it's more convenient to use std::set here

[rrrooommmaaa]

I think it's more convenient to use std::set here

[rrrooommmaaa]

LGTM!

[ronaldtse]

Seems that there are some failures with ruby-rnp. @dewyatt is there a way we can solve them once and for all?

[dewyatt]

It looks like this changes the behavior of rnp_locate_key so that searching via a userid without a valid cert would no longer return results where it may have before. Am I understanding that correctly?
Should we be doing that kind of filtering or should we let the API client decide what to do?

[ni4]

It looks like this changes the behavior of rnp_locate_key so that searching via a userid without a valid cert would no longer return results where it may have before. Am I understanding that correctly?

Yes. Also userid will not be marked as primary if it is considered as invalid.

Should we be doing that kind of filtering or should we let the API client decide what to do?

Usage of non-signed userid (or one with invalid signature) should be considered as a security issue, so I think we should not allow it to be used by default. However, API user still able to list all userids and check their validities.

[dewyatt]

It looks like this changes the behavior of rnp_locate_key so that searching via a userid without a valid cert would no longer return results where it may have before. Am I understanding that correctly?

Yes. Also userid will not be marked as primary if it is considered as invalid.

Should we be doing that kind of filtering or should we let the API client decide what to do?

Usage of non-signed userid (or one with invalid signature) should be considered as a security issue, so I think we should not allow it to be used by default. However, API user still able to list all userids and check their validities.

Shouldn't we at least throw some documentation updates in here?

[ronaldtse]

Shouldn't we at least throw some documentation updates in here?

Agree

[ni4]

Shouldn't we at least throw some documentation updates in here?

Agree

Agree as well, just got lost with those CI issues. Update documentation and force-pushed.

[ni4]

@dewyatt Should we merge this now? As I checked, only the single ruby-rnp test is failed. And CIFuzz shots it's leg on the container building steps.

[dewyatt]

@dewyatt Should we merge this now? As I checked, only the single ruby-rnp test is failed. And CIFuzz shots it's leg on the container building steps.

May as well yes