Lib.rs

Parser implementations
#openpgp #gpg #rfc4880

sloppy-rfc4880

RFC 4880 parser extract from the openpgp crate

by kpcyrd, Pierre-Etienne Meunier

7 releases

0.2.0 Oct 29, 2020
0.1.5 Jun 23, 2019
0.1.3 Apr 27, 2019
0.1.2 Oct 10, 2018

#1291 in Parser implementations

Download history 32/week @ 2023-11-20 50/week @ 2023-11-27 38/week @ 2023-12-04 43/week @ 2023-12-11 41/week @ 2023-12-18 35/week @ 2023-12-25 42/week @ 2024-01-01 53/week @ 2024-01-08 37/week @ 2024-01-15 48/week @ 2024-01-22 53/week @ 2024-01-29 55/week @ 2024-02-05 48/week @ 2024-02-12 73/week @ 2024-02-19 87/week @ 2024-02-26 72/week @ 2024-03-04

287 downloads per month
Used in sn0int

Apache-2.0

46KB
520 lines

sloppy-rfc4880 Build Status crates.io docs.rs

Pure rust parser for RFC-4880 (OpenPGP Message Format). The codebase is heavily based on the openpgp crate, but all crypto code has been removed to keep the number of dependencies low for projects that only need to decode the binary packet format.

In addition, the codebase has been hardened to ensure it can handle arbitrary input without crashing. Also, an optional allocation limit has been added to avoid OOM on bogus inputs.

Fuzzing

The codebase was extensively fuzzed using cargo-fuzz and libfuzzer. The corpus folder has been bootstrapped using a full dump of a pgp keyserver:

git clone https://github.com/kpcyrd/sloppy-rfc4880
mkdir pgp
cd pgp
wget -c -r -p -e robots=off -N -l1 --cut-dirs=3 -nH http://pgp.key-server.io/dump/2018-10-07/
cd ../sloppy-rfc4880

for x in ../pgp/sks-dump-*; do
    cat "$x" | cargo run --release --example split fuzz/corpus/rfc4880/pgp
    cargo +nightly fuzz cmin --release rfc4880
done

You can download a copy of a pre-processed corpus folder from the release page.

To start fuzzing, run:

cargo +nightly fuzz run --release rfc4880 -j $(nproc) -- -timeout=240 -rss_limit_mb=500

License

Apache-2.0

Dependencies

~1.2–2MB
~44K SLoC