diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-04-28 09:11:58 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-04-28 09:26:50 +0200 |
commit | cd05b15f1cd0517fa9ad4129fdaed3e0a3f21169 (patch) | |
tree | f8fe34c46768e527144407ecdc101e5ba10d8adc | |
parent | 22a777c7c5db1d35642bfb9d2ab44b4833937956 (diff) |
openpgp: Rework Cert::revoke_in_place.
- Rename `Cert::revoke_in_place` to `Cert::revoke`.
- Return the revocation certificate; don't merge it.
- Fixes #485.
-rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 15 | ||||
-rw-r--r-- | openpgp-ffi/src/cert.rs | 64 | ||||
-rw-r--r-- | openpgp/src/cert/mod.rs | 26 | ||||
-rw-r--r-- | openpgp/src/policy.rs | 3 |
4 files changed, 16 insertions, 92 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 42591a4a..d6a7b219 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -958,22 +958,11 @@ pgp_revocation_status_t pgp_cert_revocation_status (pgp_cert_t cert, pgp_policy_t policy, time_t when); /*/ -/// Writes a revocation certificate to the writer. +/// Returns a new revocation certificate for the Cert. /// -/// This function consumes the writer. It does *not* consume cert. +/// This function does *not* consume `cert`. /*/ pgp_signature_t pgp_cert_revoke (pgp_error_t *errp, - pgp_cert_t cert, - pgp_signer_t primary_signer, - pgp_reason_for_revocation_t code, - const char *reason); - -/*/ -/// Adds a revocation certificate to the cert. -/// -/// This function consumes the cert. -/*/ -pgp_cert_t pgp_cert_revoke_in_place (pgp_error_t *errp, pgp_cert_t cert, pgp_signer_t primary_signer, pgp_reason_for_revocation_t code, diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs index 3237e126..16350cd1 100644 --- a/openpgp-ffi/src/cert.rs +++ b/openpgp-ffi/src/cert.rs @@ -253,70 +253,6 @@ fn pgp_cert_revoke(errp: Option<&mut *mut crate::error::Error>, sig.move_into_raw(errp) } -/// Adds a revocation certificate to the cert. -/// -/// This function consumes the cert. -/// -/// # Example -/// -/// ```c -/// #include <assert.h> -/// #include <sequoia/openpgp.h> -/// -/// pgp_cert_builder_t builder; -/// pgp_cert_t cert; -/// pgp_signature_t revocation; -/// pgp_key_t primary_key; -/// pgp_key_pair_t primary_keypair; -/// pgp_signer_t primary_signer; -/// pgp_policy_t policy = pgp_standard_policy (); -/// -/// builder = pgp_cert_builder_new (); -/// pgp_cert_builder_set_cipher_suite (&builder, PGP_CERT_CIPHER_SUITE_CV25519); -/// pgp_cert_builder_generate (NULL, builder, &cert, &revocation); -/// assert (cert); -/// assert (revocation); -/// pgp_signature_free (revocation); /* Free the generated one. */ -/// -/// primary_key = pgp_cert_primary_key (cert); -/// primary_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (primary_key)); -/// pgp_key_free (primary_key); -/// assert (primary_keypair); -/// primary_signer = pgp_key_pair_as_signer (primary_keypair); -/// cert = pgp_cert_revoke_in_place (NULL, cert, primary_signer, -/// PGP_REASON_FOR_REVOCATION_KEY_COMPROMISED, -/// "It was the maid :/"); -/// assert (cert); -/// pgp_signer_free (primary_signer); -/// pgp_key_pair_free (primary_keypair); -/// -/// pgp_revocation_status_t rs = pgp_cert_revocation_status (cert, policy, 0); -/// assert (pgp_revocation_status_variant (rs) == PGP_REVOCATION_STATUS_REVOKED); -/// pgp_revocation_status_free (rs); -/// -/// pgp_cert_free (cert); -/// pgp_policy_free (policy); -/// ``` -#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_cert_revoke_in_place(errp: Option<&mut *mut crate::error::Error>, - cert: *mut Cert, - primary_signer: *mut Box<dyn crypto::Signer>, - code: c_int, - reason: Option<&c_char>) - -> Maybe<Cert> -{ - let cert = cert.move_from_raw(); - let signer = ffi_param_ref_mut!(primary_signer); - let code = int_to_reason_for_revocation(code); - let reason = if let Some(reason) = reason { - ffi_param_cstr!(reason as *const c_char).to_bytes() - } else { - b"" - }; - - cert.revoke_in_place(signer.as_mut(), code, reason).move_into_raw(errp) -} - /// Returns whether the Cert is alive at the specified time. /// /// If `when` is 0, then the current time is used. diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index e2e54219..4ace6639 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -829,11 +829,9 @@ impl Cert { /// Revokes the certificate in place. /// - /// This is a convenience function to generate a revocation - /// certificate and merge it into the certificate. - /// - /// To just generate a revocation certificate, use - /// [`CertRevocationBuilder`]. + /// This is a convenience function around + /// [`CertRevocationBuilder`] to generate a revocation + /// certificate. /// /// [`CertRevocationBuilder`]: struct.CertRevocationBuilder.html /// @@ -875,9 +873,10 @@ impl Cert { /// // Create a revocation to explain what *really* happened. /// let mut keypair = cert.primary_key() /// .key().clone().parts_into_secret()?.into_keypair()?; - /// let cert = cert.revoke_in_place(&mut keypair, - /// ReasonForRevocation::KeyCompromised, - /// b"It was the maid :/")?; + /// let rev = cert.revoke(&mut keypair, + /// ReasonForRevocation::KeyCompromised, + /// b"It was the maid :/")?; + /// let cert = cert.merge_packets(vec![ rev.into() ])?; /// if let RevocationStatus::Revoked(revs) = cert.revocation_status(p, None) { /// assert_eq!(revs.len(), 1); /// let rev = revs[0]; @@ -892,14 +891,13 @@ impl Cert { /// # Ok(()) /// # } /// ``` - pub fn revoke_in_place(self, primary_signer: &mut dyn Signer, - code: ReasonForRevocation, reason: &[u8]) - -> Result<Cert> + pub fn revoke(&self, primary_signer: &mut dyn Signer, + code: ReasonForRevocation, reason: &[u8]) + -> Result<Signature> { - let sig = CertRevocationBuilder::new() + CertRevocationBuilder::new() .set_reason_for_revocation(code, reason)? - .build(primary_signer, &self, None)?; - self.merge_packets(vec![sig.into()]) + .build(primary_signer, &self, None) } /// Sets the key to expire in delta seconds. diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 0de62f51..046dfbf6 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1390,10 +1390,11 @@ mod test { // Create a revoked version. let mut keypair = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; - let cert_revoked = cert.clone().revoke_in_place( + let rev = cert.revoke( &mut keypair, ReasonForRevocation::KeyCompromised, b"It was the maid :/")?; + let cert_revoked = cert.clone().merge_packets(vec![ rev.into() ])?; match cert_revoked.revocation_status(&DEFAULT, None) { RevocationStatus::Revoked(sigs) => { |