diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-01-28 11:19:27 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-01-28 11:19:27 +0100 |
commit | d97a6a10067bfc7e7fc95bc280d7cec400dc0615 (patch) | |
tree | 8dd6229577755037504560865e743ad63cfab458 | |
parent | 3b548e7a1bccde28dde3d4bbd59ccc2bd470db5c (diff) |
sq: Copy policy into struct Config.
-rw-r--r-- | sq/src/commands/certify.rs | 5 | ||||
-rw-r--r-- | sq/src/commands/decrypt.rs | 33 | ||||
-rw-r--r-- | sq/src/commands/key.rs | 17 | ||||
-rw-r--r-- | sq/src/commands/mod.rs | 20 | ||||
-rw-r--r-- | sq/src/sq.rs | 18 |
5 files changed, 47 insertions, 46 deletions
diff --git a/sq/src/commands/certify.rs b/sq/src/commands/certify.rs index 11c23a5b..add05199 100644 --- a/sq/src/commands/certify.rs +++ b/sq/src/commands/certify.rs @@ -6,7 +6,6 @@ use openpgp::cert::prelude::*; use openpgp::packet::prelude::*; use openpgp::packet::signature::subpacket::NotationDataFlags; use openpgp::parse::Parse; -use openpgp::policy::Policy; use openpgp::serialize::Serialize; use openpgp::types::SignatureType; @@ -14,7 +13,7 @@ use crate::Config; use crate::parse_duration; use crate::SECONDS_IN_YEAR; -pub fn certify(config: Config, p: &impl Policy, m: &clap::ArgMatches) +pub fn certify(config: Config, m: &clap::ArgMatches) -> Result<()> { let certifier = m.value_of("certifier").unwrap(); @@ -23,7 +22,7 @@ pub fn certify(config: Config, p: &impl Policy, m: &clap::ArgMatches) let certifier = Cert::from_file(certifier)?; let cert = Cert::from_file(cert)?; - let vc = cert.with_policy(p, None)?; + let vc = cert.with_policy(&config.policy, None)?; let trust_depth: u8 = m.value_of("depth") .map(|s| s.parse()).unwrap_or(Ok(0))?; diff --git a/sq/src/commands/decrypt.rs b/sq/src/commands/decrypt.rs index 3f196a57..ef33dadf 100644 --- a/sq/src/commands/decrypt.rs +++ b/sq/src/commands/decrypt.rs @@ -18,7 +18,6 @@ use crate::openpgp::parse::{ use crate::openpgp::parse::stream::{ VerificationHelper, DecryptionHelper, DecryptorBuilder, MessageStructure, }; -use crate::openpgp::policy::Policy; use crate::{ Config, @@ -28,8 +27,8 @@ use crate::{ }, }; -struct Helper { - vhelper: VHelper, +struct Helper<'a> { + vhelper: VHelper<'a>, secret_keys: HashMap<KeyID, Key<key::SecretParts, key::UnspecifiedRole>>, key_identities: HashMap<KeyID, Fingerprint>, @@ -38,17 +37,17 @@ struct Helper { dumper: Option<PacketDumper>, } -impl Helper { - fn new<'a>(config: Config, policy: &'a dyn Policy, - signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, - dump_session_key: bool, dump: bool) - -> Self +impl<'a> Helper<'a> { + fn new(config: &Config<'a>, + signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, + dump_session_key: bool, dump: bool) + -> Self { let mut keys = HashMap::new(); let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new(); let mut hints: HashMap<KeyID, String> = HashMap::new(); for tsk in secrets { - let hint = match tsk.with_policy(policy, None) + let hint = match tsk.with_policy(&config.policy, None) .and_then(|valid_cert| valid_cert.primary_userid()).ok() { Some(uid) => format!("{} ({})", uid.userid(), @@ -58,7 +57,7 @@ impl Helper { for ka in tsk.keys() // XXX: Should use the message's creation time that we do not know. - .with_policy(policy, None) + .with_policy(&config.policy, None) .for_transport_encryption().for_storage_encryption() .secret() { @@ -111,7 +110,7 @@ impl Helper { } } -impl VerificationHelper for Helper { +impl<'a> VerificationHelper for Helper<'a> { fn inspect(&mut self, pp: &PacketParser) -> Result<()> { if let Some(dumper) = self.dumper.as_mut() { dumper.packet(&mut io::stderr(), @@ -130,7 +129,7 @@ impl VerificationHelper for Helper { } } -impl DecryptionHelper for Helper { +impl<'a> DecryptionHelper for Helper<'a> { fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK], sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> openpgp::Result<Option<Fingerprint>> @@ -276,18 +275,18 @@ impl DecryptionHelper for Helper { } } -pub fn decrypt(config: Config, policy: &dyn Policy, +pub fn decrypt(config: Config, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, dump_session_key: bool, dump: bool, hex: bool) -> Result<()> { - let helper = Helper::new(config, policy, signatures, certs, secrets, + let helper = Helper::new(&config, signatures, certs, secrets, dump_session_key, dump || hex); let mut decryptor = DecryptorBuilder::from_reader(input)? .mapping(hex) - .with_policy(policy, None, helper) + .with_policy(&config.policy, None, helper) .context("Decryption failed")?; io::copy(&mut decryptor, output).context("Decryption failed")?; @@ -300,13 +299,13 @@ pub fn decrypt(config: Config, policy: &dyn Policy, return Ok(()); } -pub fn decrypt_unwrap(config: Config, policy: &dyn Policy, +pub fn decrypt_unwrap(config: Config, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, secrets: Vec<Cert>, dump_session_key: bool) -> Result<()> { - let mut helper = Helper::new(config, policy, 0, Vec::new(), secrets, + let mut helper = Helper::new(&config, 0, Vec::new(), secrets, dump_session_key, false); let mut ppr = PacketParser::from_reader(input)?; diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs index acc5502f..3ed69a04 100644 --- a/sq/src/commands/key.rs +++ b/sq/src/commands/key.rs @@ -194,7 +194,7 @@ pub fn generate(m: &ArgMatches, force: bool) -> Result<()> { Ok(()) } -pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { +pub fn adopt(config: Config, m: &ArgMatches) -> Result<()> { let input = open_or_stdin(m.value_of("certificate"))?; let cert = Cert::from_reader(input)?; let mut wanted: Vec<(KeyHandle, @@ -213,11 +213,12 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { } let null_policy = &crate::openpgp::policy::NullPolicy::new(); - let adoptee_policy = if m.values_of("allow-broken-crypto").is_some() { - null_policy - } else { - p - }; + let adoptee_policy: &dyn Policy = + if m.values_of("allow-broken-crypto").is_some() { + null_policy + } else { + &config.policy + }; // Find the corresponding keys. for keyring in m.values_of("keyring").unwrap_or_default() { @@ -365,7 +366,7 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { cert.as_tsk().serialize(&mut message)?; message.finalize()?; - let vc = cert.with_policy(p, None).expect("still valid"); + let vc = cert.with_policy(&config.policy, None).expect("still valid"); for pair in packets[..].chunks(2) { let newkey: &Key<key::PublicParts, key::UnspecifiedRole> = match pair[0] { Packet::PublicKey(ref k) => k.into(), @@ -396,7 +397,7 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { Ok(()) } -pub fn attest_certifications(config: Config, m: &ArgMatches, _p: &dyn Policy) +pub fn attest_certifications(config: Config, m: &ArgMatches) -> Result<()> { // XXX: This function has to do some steps manually, because // Sequoia does not expose this functionality because it has not diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index 7becf237..ca0e03e7 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -205,9 +205,9 @@ pub fn encrypt<'a>(policy: &'a dyn Policy, Ok(()) } -struct VHelper { +struct VHelper<'a> { #[allow(dead_code)] - config: Config, + config: Config<'a>, signatures: usize, certs: Option<Vec<Cert>>, labels: HashMap<KeyID, String>, @@ -220,12 +220,12 @@ struct VHelper { broken_signatures: usize, } -impl VHelper { - fn new(config: Config, signatures: usize, +impl<'a> VHelper<'a> { + fn new(config: &Config<'a>, signatures: usize, certs: Vec<Cert>) -> Self { VHelper { - config, + config: config.clone(), signatures: signatures, certs: Some(certs), labels: HashMap::new(), @@ -331,7 +331,7 @@ impl VHelper { } } -impl VerificationHelper for VHelper { +impl<'a> VerificationHelper for VHelper<'a> { fn get_certs(&mut self, _ids: &[openpgp::KeyHandle]) -> Result<Vec<Cert>> { let certs = self.certs.take().unwrap(); // Get all keys. @@ -373,21 +373,21 @@ impl VerificationHelper for VHelper { } } -pub fn verify(config: Config, policy: &dyn Policy, +pub fn verify(config: Config, input: &mut (dyn io::Read + Sync + Send), detached: Option<&mut (dyn io::Read + Sync + Send)>, output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>) -> Result<()> { - let helper = VHelper::new(config, signatures, certs); + let helper = VHelper::new(&config, signatures, certs); let helper = if let Some(dsig) = detached { let mut v = DetachedVerifierBuilder::from_reader(dsig)? - .with_policy(policy, None, helper)?; + .with_policy(&config.policy, None, helper)?; v.verify_reader(input)?; v.into_helper() } else { let mut v = VerifierBuilder::from_reader(input)? - .with_policy(policy, None, helper)?; + .with_policy(&config.policy, None, helper)?; io::copy(&mut v, output)?; v.into_helper() }; diff --git a/sq/src/sq.rs b/sq/src/sq.rs index d13d6c31..9e11e44c 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -328,9 +328,10 @@ fn help_warning(arg: &str) { } } -#[allow(dead_code)] -pub struct Config { +#[derive(Clone)] +pub struct Config<'a> { force: bool, + policy: P<'a>, } fn main() -> Result<()> { @@ -357,6 +358,7 @@ fn main() -> Result<()> { let config = Config { force, + policy: policy.clone(), }; match matches.subcommand() { @@ -371,7 +373,7 @@ fn main() -> Result<()> { let secrets = m.values_of("secret-key-file") .map(load_keys) .unwrap_or(Ok(vec![]))?; - commands::decrypt(config, policy, + commands::decrypt(config, &mut input, &mut output, signatures, certs, secrets, m.is_present("dump-session-key"), @@ -478,7 +480,7 @@ fn main() -> Result<()> { let certs = m.values_of("sender-cert-file") .map(load_certs) .unwrap_or(Ok(vec![]))?; - commands::verify(config, policy, &mut input, + commands::verify(config, &mut input, detached.as_mut().map(|r| r as &mut (dyn io::Read + Sync + Send)), &mut output, signatures, certs)?; }, @@ -613,7 +615,7 @@ fn main() -> Result<()> { .map(load_keys) .unwrap_or(Ok(vec![]))?; commands::decrypt::decrypt_unwrap( - config, policy, + config, &mut input, &mut output, secrets, m.is_present("dump-session-key"))?; output.finalize()?; @@ -647,9 +649,9 @@ fn main() -> Result<()> { ("key", Some(m)) => match m.subcommand() { ("generate", Some(m)) => commands::key::generate(m, force)?, - ("adopt", Some(m)) => commands::key::adopt(config, m, policy)?, + ("adopt", Some(m)) => commands::key::adopt(config, m)?, ("attest-certifications", Some(m)) => - commands::key::attest_certifications(config, m, policy)?, + commands::key::attest_certifications(config, m)?, _ => unreachable!(), }, @@ -657,7 +659,7 @@ fn main() -> Result<()> { ("wkd", Some(m)) => commands::net::dispatch_wkd(config, m)?, ("certify", Some(m)) => { - commands::certify::certify(config, policy, m)?; + commands::certify::certify(config, m)?; }, _ => unreachable!(), |