diff options
author | Neal H. Walfield <neal@pep.foundation> | 2023-05-12 14:22:10 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2023-05-12 14:25:10 +0200 |
commit | d76a5abbb8688500874be0e6b8404bb24c50a80d (patch) | |
tree | cccd2c75abd19fa7b04db9f26eb0d9c04b875185 | |
parent | b84cd1384e7c3eff75c87a66fe1a18e0c815e413 (diff) |
openpgp: Make KeyFlags easier to use.
- Add `KeyFlags::set_certification_to`, `KeyFlags::set_signing_to`,
`KeyFlags::set_transport_encryption_to`,
`KeyFlags::set_storage_encryption_to`,
`KeyFlags::set_split_key_to`, and
`KeyFlags::set_group_key_to`.
- This interface is easier to use when the caller has a boolean.
- Fixes #1018.
-rw-r--r-- | openpgp/NEWS | 8 | ||||
-rw-r--r-- | openpgp/src/types/key_flags.rs | 91 |
2 files changed, 99 insertions, 0 deletions
diff --git a/openpgp/NEWS b/openpgp/NEWS index 184383eb..893965a9 100644 --- a/openpgp/NEWS +++ b/openpgp/NEWS @@ -3,6 +3,14 @@ #+TITLE: sequoia-openpgp NEWS – history of user-visible changes #+STARTUP: content hidestars +* Changes in 1.16.0 +** New functionality + - Add KeyFlags::set_certification_to. + - Add KeyFlags::set_signing_to. + - Add KeyFlags::set_transport_encryption_to. + - Add KeyFlags::set_storage_encryption_to. + - Add KeyFlags::set_split_key_to. + - Add KeyFlags::set_group_key_to. * Changes in 1.15.0 ** New functionality - StandardPolicy::accept_hash_property diff --git a/openpgp/src/types/key_flags.rs b/openpgp/src/types/key_flags.rs index 933df1ea..03ef15a4 100644 --- a/openpgp/src/types/key_flags.rs +++ b/openpgp/src/types/key_flags.rs @@ -280,6 +280,15 @@ impl KeyFlags { self.clear(KEY_FLAG_CERTIFY) } + /// Declares whether this key may be used to certify other keys. + pub fn set_certification_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_CERTIFY) + } else { + self.clear(KEY_FLAG_CERTIFY) + } + } + /// This key may be used to sign data. pub fn for_signing(&self) -> bool { self.get(KEY_FLAG_SIGN) @@ -295,6 +304,15 @@ impl KeyFlags { self.clear(KEY_FLAG_SIGN) } + /// Declares whether this key may be used to sign data. + pub fn set_signing_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_SIGN) + } else { + self.clear(KEY_FLAG_SIGN) + } + } + /// This key may be used to encrypt communications. pub fn for_transport_encryption(&self) -> bool { self.get(KEY_FLAG_ENCRYPT_FOR_TRANSPORT) @@ -310,6 +328,15 @@ impl KeyFlags { self.clear(KEY_FLAG_ENCRYPT_FOR_TRANSPORT) } + /// Declares whether this key may be used to encrypt communications. + pub fn set_transport_encryption_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_ENCRYPT_FOR_TRANSPORT) + } else { + self.clear(KEY_FLAG_ENCRYPT_FOR_TRANSPORT) + } + } + /// This key may be used to encrypt storage. pub fn for_storage_encryption(&self) -> bool { self.get(KEY_FLAG_ENCRYPT_AT_REST) @@ -325,6 +352,15 @@ impl KeyFlags { self.clear(KEY_FLAG_ENCRYPT_AT_REST) } + /// Declares whether this key may be used to encrypt storage. + pub fn set_storage_encryption_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_ENCRYPT_AT_REST) + } else { + self.clear(KEY_FLAG_ENCRYPT_AT_REST) + } + } + /// This key may be used for authentication. pub fn for_authentication(&self) -> bool { self.get(KEY_FLAG_AUTHENTICATE) @@ -340,6 +376,15 @@ impl KeyFlags { self.clear(KEY_FLAG_AUTHENTICATE) } + /// Declares whether this key may be used for authentication. + pub fn set_authentication_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_AUTHENTICATE) + } else { + self.clear(KEY_FLAG_AUTHENTICATE) + } + } + /// The private component of this key may have been split /// using a secret-sharing mechanism. pub fn is_split_key(&self) -> bool { @@ -358,6 +403,16 @@ impl KeyFlags { self.clear(KEY_FLAG_SPLIT_KEY) } + /// Declares whether the private component of this key may have been + /// split using a secret-sharing mechanism. + pub fn set_split_key_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_SPLIT_KEY) + } else { + self.clear(KEY_FLAG_SPLIT_KEY) + } + } + /// The private component of this key may be in possession of more /// than one person. pub fn is_group_key(&self) -> bool { @@ -376,6 +431,16 @@ impl KeyFlags { self.clear(KEY_FLAG_GROUP_KEY) } + /// Declares whether the private component of this key is in + /// possession of more than one person. + pub fn set_group_key_to(self, value: bool) -> Self { + if value { + self.set(KEY_FLAG_GROUP_KEY) + } else { + self.clear(KEY_FLAG_GROUP_KEY) + } + } + /// Returns whether no flags are set. pub fn is_empty(&self) -> bool { self.as_slice().iter().all(|b| *b == 0) @@ -434,4 +499,30 @@ mod tests { true } } + + #[test] + fn test_set_to() { + macro_rules! t { + ($set:ident, $set2:ident) => { + // Set using set2. + assert_eq!(KeyFlags::empty().$set(), + KeyFlags::empty().$set2(true)); + + // Clear using set2. + assert_eq!(KeyFlags::empty().$set2(false), + KeyFlags::empty()); + + // Set using set, then clear using set2. + assert_eq!(KeyFlags::empty().$set().$set2(false), + KeyFlags::empty()); + } + } + + t!(set_certification, set_certification_to); + t!(set_signing, set_signing_to); + t!(set_transport_encryption, set_transport_encryption_to); + t!(set_storage_encryption, set_storage_encryption_to); + t!(set_split_key, set_split_key_to); + t!(set_group_key, set_group_key_to); + } } |