diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-07 15:36:37 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-07 17:00:52 +0200 |
| commit | 3eb554d0980ae788df2a07df609b77e01b7e57ce (patch) | |
| tree | 1a36348c4e7dd5ec7b3f83b6ed5d93b80a0e200d | |
| parent | 50b3ed9a61161761f20d134b13c2f8ac07698ea5 (diff) | |
openpgp: Use a builder to construct Decryptor.
- See #498.
| -rw-r--r-- | guide/src/chapter_02.md | 20 | ||||
| -rw-r--r-- | ipc/examples/gpg-agent-decrypt.rs | 7 | ||||
| -rw-r--r-- | ipc/tests/gpg-agent.rs | 4 | ||||
| -rw-r--r-- | openpgp-ffi/src/parse/stream.rs | 6 | ||||
| -rw-r--r-- | openpgp/examples/decrypt-with.rs | 5 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 5 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 144 | ||||
| -rw-r--r-- | openpgp/src/policy.rs | 57 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 9 | ||||
| -rw-r--r-- | sop/src/main.rs | 4 | ||||
| -rw-r--r-- | tool/src/commands/decrypt.rs | 5 |
11 files changed, 142 insertions, 124 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 1990ac8a..e820fae0 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -16,7 +16,7 @@ use openpgp::cert::prelude::*; use openpgp::crypto::SessionKey; use openpgp::types::SymmetricAlgorithm; use openpgp::serialize::stream::*; -use openpgp::parse::stream::*; +use openpgp::parse::{Parse, stream::*}; use openpgp::policy::Policy; use openpgp::policy::StandardPolicy as P; @@ -94,7 +94,8 @@ fn main() { # }; # # // Now, create a decryptor with a helper using the given Certs. -# let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; +# let mut decryptor = DecryptorBuilder::from_bytes(ciphertext)? +# .with_policy(policy, None, helper)?; # # // Decrypt the data. # io::copy(&mut decryptor, sink)?; @@ -163,7 +164,7 @@ create it: # use openpgp::crypto::SessionKey; # use openpgp::types::SymmetricAlgorithm; # use openpgp::serialize::stream::*; -# use openpgp::parse::stream::*; +# use openpgp::parse::{Parse, stream::*}; # use openpgp::policy::Policy; # use openpgp::policy::StandardPolicy as P; # @@ -241,7 +242,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # }; # # // Now, create a decryptor with a helper using the given Certs. -# let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; +# let mut decryptor = DecryptorBuilder::from_bytes(ciphertext)? +# .with_policy(policy, None, helper)?; # # // Decrypt the data. # io::copy(&mut decryptor, sink)?; @@ -310,7 +312,7 @@ implements [`io::Write`], and we simply write the plaintext to it. # use openpgp::crypto::SessionKey; # use openpgp::types::SymmetricAlgorithm; # use openpgp::serialize::stream::*; -# use openpgp::parse::stream::*; +# use openpgp::parse::{Parse, stream::*}; # use openpgp::policy::Policy; # use openpgp::policy::StandardPolicy as P; # @@ -388,7 +390,8 @@ fn encrypt(policy: &dyn Policy, # }; # # // Now, create a decryptor with a helper using the given Certs. -# let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; +# let mut decryptor = DecryptorBuilder::from_bytes(ciphertext)? +# .with_policy(policy, None, helper)?; # # // Decrypt the data. # io::copy(&mut decryptor, sink)?; @@ -471,7 +474,7 @@ Decrypted data can be read from this using [`io::Read`]. # use openpgp::crypto::SessionKey; # use openpgp::types::SymmetricAlgorithm; # use openpgp::serialize::stream::*; -# use openpgp::parse::stream::*; +# use openpgp::parse::{Parse, stream::*}; # use openpgp::policy::Policy; # use openpgp::policy::StandardPolicy as P; # @@ -549,7 +552,8 @@ fn decrypt(policy: &dyn Policy, }; // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; + let mut decryptor = DecryptorBuilder::from_bytes(ciphertext)? + .with_policy(policy, None, helper)?; // Decrypt the data. io::copy(&mut decryptor, sink)?; diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index 163a83fb..254aebdd 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -15,7 +15,7 @@ use crate::openpgp::parse::{ Parse, stream::{ DecryptionHelper, - Decryptor, + DecryptorBuilder, VerificationHelper, GoodChecksum, VerificationError, @@ -56,9 +56,8 @@ fn main() { }).collect(); // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = - Decryptor::from_reader(p, io::stdin(), Helper::new(&ctx, p, certs), None) - .unwrap(); + let mut decryptor = DecryptorBuilder::from_reader(io::stdin()).unwrap() + .with_policy(p, None, Helper::new(&ctx, p, certs)).unwrap(); // Finally, stream the decrypted data to stdout. io::copy(&mut decryptor, &mut io::stdout()) diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index ab3a6b4a..d4800847 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -241,8 +241,8 @@ fn decrypt() -> openpgp::Result<()> { let helper = Helper { policy: p, ctx: &ctx, cert: &cert, }; // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = Decryptor::from_bytes(p, &message, helper, None) - .unwrap(); + let mut decryptor = DecryptorBuilder::from_bytes(&message).unwrap() + .with_policy(p, None, helper).unwrap(); // Decrypt the data. let mut sink = Vec::new(); diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs index a0a65df3..9c900a76 100644 --- a/openpgp-ffi/src/parse/stream.rs +++ b/openpgp-ffi/src/parse/stream.rs @@ -28,7 +28,7 @@ use self::openpgp::{ use self::openpgp::parse::stream::{ self, DecryptionHelper, - Decryptor, + DecryptorBuilder, VerificationHelper, VerifierBuilder, }; @@ -1057,11 +1057,13 @@ fn pgp_decryptor_new<'a>(errp: Option<&mut *mut crate::error::Error>, time: time_t) -> Maybe<io::Reader> { + ffi_make_fry_from_errp!(errp); let policy = policy.ref_raw().as_ref(); let helper = DHelper::new( get_certs, decrypt, check, inspect, cookie); - Decryptor::from_reader(policy, input.ref_mut_raw(), helper, maybe_time(time)) + ffi_try_or!(DecryptorBuilder::from_reader(input.ref_mut_raw()), None) + .with_policy(policy, maybe_time(time), helper) .map(|r| io::ReaderKind::Generic(Box::new(r))) .move_into_raw(errp) } diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 4360ddc0..09f44794 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -14,7 +14,7 @@ use crate::openpgp::parse::{ Parse, stream::{ DecryptionHelper, - Decryptor, + DecryptorBuilder, VerificationHelper, GoodChecksum, MessageStructure, @@ -42,7 +42,8 @@ pub fn main() { // Now, create a decryptor with a helper using the given Certs. let mut decryptor = - Decryptor::from_reader(p, io::stdin(), Helper::new(p, certs), None).unwrap(); + DecryptorBuilder::from_reader(io::stdin()).unwrap() + .with_policy(p, None, Helper::new(p, certs)).unwrap(); // Finally, stream the decrypted data to stdout. io::copy(&mut decryptor, &mut io::stdout()) diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index e735caed..7154ce0a 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -7,7 +7,7 @@ use crate::openpgp::cert::prelude::*; use crate::openpgp::crypto::SessionKey; use crate::openpgp::types::SymmetricAlgorithm; use crate::openpgp::serialize::stream::*; -use crate::openpgp::parse::stream::*; +use crate::openpgp::parse::{Parse, stream::*}; use crate::openpgp::policy::Policy; use crate::openpgp::policy::StandardPolicy as P; @@ -86,7 +86,8 @@ fn decrypt(p: &dyn Policy, }; // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = Decryptor::from_bytes(p, ciphertext, helper, None)?; + let mut decryptor = DecryptorBuilder::from_bytes(ciphertext)? + .with_policy(p, None, helper)?; // Decrypt the data. io::copy(&mut decryptor, sink)?; diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index c5da1343..8ed01f94 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -1061,7 +1061,7 @@ enum Mode { /// use openpgp::crypto::SessionKey; /// use openpgp::types::SymmetricAlgorithm; /// use openpgp::{KeyID, Cert, Result, packet::{Key, PKESK, SKESK}}; -/// use openpgp::parse::stream::*; +/// use openpgp::parse::{Parse, stream::*}; /// use sequoia_openpgp::policy::StandardPolicy; /// /// let p = &StandardPolicy::new(); @@ -1098,7 +1098,8 @@ enum Mode { /// -----END PGP MESSAGE-----"; /// /// let h = Helper {}; -/// let mut v = Decryptor::from_bytes(p, message, h, None)?; +/// let mut v = DecryptorBuilder::from_bytes(&message[..])? +/// .with_policy(p, None, h)?; /// /// let mut content = Vec::new(); /// v.read_to_end(&mut content)?; @@ -1147,6 +1148,75 @@ pub struct Decryptor<'a, H: VerificationHelper + DecryptionHelper> { policy: &'a dyn Policy, } +/// A builder for `Decryptor`. +/// +/// This allows the customization of [`Decryptor`], which can +/// be built using [`DecryptorBuilder::with_policy`]. +/// +/// [`Decryptor`]: struct.Decryptor.html +/// [`DecryptorBuilder::with_policy`]: struct.DecryptorBuilder.html#method.with_policy +pub struct DecryptorBuilder<'a> { + message: Box<dyn BufferedReader<Cookie> + 'a>, +} + +impl<'a> Parse<'a, DecryptorBuilder<'a>> + for DecryptorBuilder<'a> +{ + fn from_reader<R>(reader: R) -> Result<DecryptorBuilder<'a>> + where R: io::Read + 'a, + { + DecryptorBuilder::new(buffered_reader::Generic::with_cookie( + reader, None, Default::default())) + } + + fn from_file<P>(path: P) -> Result<DecryptorBuilder<'a>> + where P: AsRef<Path>, + { + DecryptorBuilder::new(buffered_reader::File::with_cookie( + path, Default::default())?) + } + + fn from_bytes<D>(data: &'a D) -> Result<DecryptorBuilder<'a>> + where D: AsRef<[u8]> + ?Sized, + { + DecryptorBuilder::new(buffered_reader::Memory::with_cookie( + data.as_ref(), Default::default())) + } +} + +impl<'a> DecryptorBuilder<'a> { + fn new<B>(signatures: B) -> Result<Self> + where B: buffered_reader::BufferedReader<Cookie> + 'a + { + Ok(DecryptorBuilder { + message: Box::new(signatures), + }) + } + + /// Creates the `Decryptor`. + /// + /// Signature verifications are done under the given `policy` and + /// relative to time `time`, or the current time, if `time` is + /// `None`. `helper` is the [`VerificationHelper`] and + /// [`DecryptionHelper`] to use. + /// + /// [`VerificationHelper`]: trait.VerificationHelper.html + /// [`DecryptionHelper`]: trait.DecryptionHelper.html + pub fn with_policy<T, H>(self, policy: &'a dyn Policy, time: T, helper: H) + -> Result<Decryptor<'a, H>> + where H: VerificationHelper + DecryptionHelper, + T: Into<Option<time::SystemTime>>, + { + // Do not eagerly map `t` to the current time. + let t = time.into(); + Decryptor::from_buffered_reader( + policy, + self.message, + helper, + t, Mode::Decrypt) + } +} + /// Helper for decrypting messages. /// /// This trait abstracts over session key decryption. It allows us to @@ -1301,59 +1371,6 @@ pub trait DecryptionHelper { } impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { - /// Creates a `Decryptor` from the given reader. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_reader<R, T>(policy: &'a dyn Policy, - reader: R, helper: H, t: T) - -> Result<Decryptor<'a, H>> - where R: io::Read + 'a, T: Into<Option<time::SystemTime>> - { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Decryptor::from_buffered_reader( - policy, - Box::new(buffered_reader::Generic::with_cookie(reader, None, - Default::default())), - helper, t, Mode::Decrypt) - } - - /// Creates a `Decryptor` from the given file. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_file<P, T>(policy: &'a dyn Policy, path: P, helper: H, t: T) - -> Result<Decryptor<'a, H>> - where P: AsRef<Path>, - T: Into<Option<time::SystemTime>> - { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Decryptor::from_buffered_reader( - policy, - Box::new(buffered_reader::File::with_cookie(path, - Default::default())?), - helper, t, Mode::Decrypt) - } - - /// Creates a `Decryptor` from the given buffer. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_bytes<T>(policy: &'a dyn Policy, bytes: &'a [u8], helper: H, t: T) - -> Result<Decryptor<'a, H>> - where T: Into<Option<time::SystemTime>> - { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Decryptor::from_buffered_reader( - policy, - Box::new(buffered_reader::Memory::with_cookie(bytes, - Default::default())), - helper, t, Mode::Decrypt) - } - /// Returns a reference to the helper. pub fn helper_ref(&self) -> &H { &self.helper @@ -2033,9 +2050,8 @@ mod test { // Test Decryptor. let h = VHelper::new(0, 0, 0, 0, keys.clone()); - let mut v = - match Decryptor::from_bytes(&p, crate::tests::file(f), h, - crate::frozen_time()) { + let mut v = match DecryptorBuilder::from_bytes(crate::tests::file(f))? + .with_policy(&p, crate::frozen_time(), h) { Ok(v) => v, Err(e) => if r.error > 0 || r.unknown > 0 { // Expected error. No point in trying to read @@ -2120,9 +2136,9 @@ mod test { assert!(v.message_processed()); // Test decryptor. - let v = Decryptor::from_bytes( - &p, crate::tests::message("signed-1-notarized-by-ed25519.pgp"), - VHelper(()), crate::frozen_time()).unwrap(); + let v = DecryptorBuilder::from_bytes( + crate::tests::message("signed-1-notarized-by-ed25519.pgp"))? + .with_policy(&p, crate::frozen_time(), VHelper(()))?; assert!(v.message_processed()); Ok(()) } @@ -2255,7 +2271,8 @@ mod test { // Test Decryptor. let h = VHelper::new(0, 0, 0, 0, vec![cert.clone()]); - let mut v = Decryptor::from_bytes(p, &buf, h, None).unwrap(); + let mut v = + DecryptorBuilder::from_bytes(&buf)?.with_policy(p, None, h)?; assert!(!v.message_processed()); assert!(v.helper_ref().good == 0); @@ -2278,7 +2295,8 @@ mod test { // Try the same, but this time we let .check() fail. let h = VHelper::new(0, 0, /* makes check() fail: */ 1, 0, vec![cert.clone()]); - let mut v = Decryptor::from_bytes(p, &buf, h, None).unwrap(); + let mut v = + DecryptorBuilder::from_bytes(&buf)?.with_policy(p, None, h)?; assert!(!v.message_processed()); assert!(v.helper_ref().good == 0); diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index f5be5ce9..550b68c0 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -977,7 +977,7 @@ mod test { use crate::packet::{PKESK, SKESK}; use crate::parse::Parse; use crate::parse::stream::DecryptionHelper; - use crate::parse::stream::Decryptor; + use crate::parse::stream::DecryptorBuilder; use crate::parse::stream::DetachedVerifierBuilder; use crate::parse::stream::MessageLayer; use crate::parse::stream::MessageStructure; @@ -1300,12 +1300,8 @@ mod test { // Standard policy. let h = VHelper::new(keys.clone()); - let mut v = - match Decryptor::from_bytes(standard, crate::tests::file(data), h, - crate::frozen_time()) { - Ok(v) => v, - Err(e) => panic!("{}", e), - }; + let mut v = DecryptorBuilder::from_bytes(crate::tests::file(data))? + .with_policy(standard, crate::frozen_time(), h)?; assert!(v.message_processed()); assert_eq!(v.helper_ref().good, 1); assert_eq!(v.helper_ref().errors, 0); @@ -1318,12 +1314,8 @@ mod test { // Kill the subkey. let h = VHelper::new(keys.clone()); - let mut v = match Decryptor::from_bytes(no_subkey_signatures, - crate::tests::file(data), h, - crate::frozen_time()) { - Ok(v) => v, - Err(e) => panic!("{}", e), - }; + let mut v = DecryptorBuilder::from_bytes(crate::tests::file(data))? + .with_policy(no_subkey_signatures, crate::frozen_time(), h)?; assert!(v.message_processed()); assert_eq!(v.helper_ref().good, 0); assert_eq!(v.helper_ref().errors, 1); @@ -1336,13 +1328,8 @@ mod test { // Kill the data signature. let h = VHelper::new(keys.clone()); - let mut v = - match Decryptor::from_bytes(no_binary_signatures, - crate::tests::file(data), h, - crate::frozen_time()) { - Ok(v) => v, - Err(e) => panic!("{}", e), - }; + let mut v = DecryptorBuilder::from_bytes(crate::tests::file(data))? + .with_policy(no_binary_signatures, crate::frozen_time(), h)?; assert!(v.message_processed()); assert_eq!(v.helper_ref().good, 0); assert_eq!(v.helper_ref().errors, 1); @@ -1758,7 +1745,7 @@ mod test { } #[test] - fn reject_seip_packet() { + fn reject_seip_packet() -> Result<()> { #[derive(PartialEq, Debug)] struct Helper {} impl VerificationHelper for Helper { @@ -1782,9 +1769,9 @@ mod test { } let p = &P::new(); - let r = Decryptor::from_bytes( - p, crate::tests::message("encrypted-to-testy.gpg"), - Helper {}, crate::frozen_time()); + let r = DecryptorBuilder::from_bytes(crate::tests::message( + "encrypted-to-testy.gpg"))? + .with_policy(p, crate::frozen_time(), Helper {}); match r { Ok(_) => panic!(), Err(e) => assert_match!(Error::MissingSessionKey(_) @@ -1794,18 +1781,19 @@ mod test { // Reject the SEIP packet. let p = &mut P::new(); p.reject_packet_tag(Tag::SEIP); - let r = Decryptor::from_bytes( - p, crate::tests::message("encrypted-to-testy.gpg"), - Helper {}, crate::frozen_time()); + let r = DecryptorBuilder::from_bytes(crate::tests::message( + "encrypted-to-testy.gpg"))? + .with_policy(p, crate::frozen_time(), Helper {}); match r { Ok(_) => panic!(), Err(e) => assert_match!(Error::PolicyViolation(_, _) = e.downcast().unwrap()), } + Ok(()) } #[test] - fn reject_cipher() { + fn reject_cipher() -> Result<()> { struct Helper {} impl VerificationHelper for Helper { fn get_certs(&mut self, _: &[crate::KeyHandle]) @@ -1837,21 +1825,22 @@ mod test { } let p = &P::new(); - Decryptor::from_bytes( - p, crate::tests::message("encrypted-to-testy-no-compression.gpg"), - Helper {}, crate::frozen_time()).unwrap(); + DecryptorBuilder::from_bytes(crate::tests::message( + "encrypted-to-testy-no-compression.gpg"))? + .with_policy(p, crate::frozen_time(), Helper {})?; // Reject the AES256. let p = &mut P::new(); p.reject_symmetric_algo(SymmetricAlgorithm::AES256); - let r = Decryptor::from_bytes( - p, crate::tests::message("encrypted-to-testy-no-compression.gpg"), - Helper {}, crate::frozen_time()); + let r = DecryptorBuilder::from_bytes(crate::tests::message( + "encrypted-to-testy-no-compression.gpg"))? + .with_policy(p, crate::frozen_time(), Helper {}); match r { Ok(_) => panic!(), Err(e) => assert_match!(Error::PolicyViolation(_, _) = e.downcast().unwrap()), } + Ok(()) } #[test] diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index b0fccf93..e2ee0f34 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -2985,7 +2985,7 @@ mod test { } #[test] - fn aead_messages() { + fn aead_messages() -> Result<()> { // AEAD data is of the form: // // [ chunk1 ][ tag1 ] ... [ chunkN ][ tagN ][ tag ] @@ -3009,7 +3009,7 @@ mod test { use crate::parse::{ stream::{ - Decryptor, + DecryptorBuilder, DecryptionHelper, VerificationHelper, MessageStructure, @@ -3103,7 +3103,9 @@ mod test { let h = Helper { policy: p, tsk: &tsk }; // Note: a corrupted message is only guaranteed // to error out before it returns EOF. - let mut v = match Decryptor::from_bytes(p, &msg, h, None) { + let mut v = match DecryptorBuilder::from_bytes(&msg)? + .with_policy(p, None, h) + { Ok(v) => v, Err(_) if do_err => continue, Err(err) => panic!("Decrypting message: {}", err), @@ -3143,6 +3145,7 @@ mod test { } } } + Ok(()) } #[test] diff --git a/sop/src/main.rs b/sop/src/main.rs index b9a4fe13..f708e001 100644 --- a/sop/src/main.rs +++ b/sop/src/main.rs @@ -400,8 +400,8 @@ fn real_main() -> Result<()> { verify_with); let helper = Helper::new(p, vhelper, session_keys, passwords, keys, session_key_out); - let mut v = - Decryptor::from_reader(p, io::stdin(), helper, None)?; + let mut v =DecryptorBuilder::from_reader(io::stdin())? + .with_policy(p, None, helper)?; io::copy(&mut v, &mut io::stdout())?; }, diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs index 8a1a0f78..1b228a7f 100644 --- a/tool/src/commands/decrypt.rs +++ b/tool/src/commands/decrypt.rs @@ -18,7 +18,7 @@ use crate::openpgp::parse::{ PacketParserResult, }; use crate::openpgp::parse::stream::{ - VerificationHelper, DecryptionHelper, Decryptor, MessageStructure, + VerificationHelper, DecryptionHelper, DecryptorBuilder, MessageStructure, }; use crate::openpgp::policy::Policy; extern crate sequoia_store as store; @@ -288,7 +288,8 @@ pub fn decrypt(ctx: &Context, policy: &dyn Policy, mapping: &mut store::Mapping, -> Result<()> { let helper = Helper::new(ctx, policy, mapping, signatures, certs, secrets, dump_session_key, dump, hex); - let mut decryptor = Decryptor::from_reader(policy, input, helper, None) + let mut decryptor = DecryptorBuilder::from_reader(input)? + .with_policy(policy, None, helper) .context("Decryption failed")?; io::copy(&mut decryptor, output).context("Decryption failed")?; |