diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2018-12-20 14:23:42 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2018-12-28 18:16:16 +0100 |
| commit | 52835dff9d19939c819659e67e7726bccca57d22 (patch) | |
| tree | dc04ad7edaadc32a7b653727bd840eb840e73351 | |
| parent | b091ea99fcf90067f1e34319104c6282e2ceb4d4 (diff) | |
openpgp: Make KeyPair own Key and mpis::SecretKey.
| -rw-r--r-- | openpgp/src/message/mod.rs | 4 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/mod.rs | 19 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 5 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/tpk/builder.rs | 16 | ||||
| -rw-r--r-- | openpgp/src/tpk/mod.rs | 13 | ||||
| -rw-r--r-- | openpgp/src/tsk.rs | 5 |
7 files changed, 35 insertions, 29 deletions
diff --git a/openpgp/src/message/mod.rs b/openpgp/src/message/mod.rs index f5cb5ae1..c7be55ea 100644 --- a/openpgp/src/message/mod.rs +++ b/openpgp/src/message/mod.rs @@ -763,7 +763,7 @@ mod tests { panic!() }; let sig = ::packet::signature::Builder::new(SignatureType::Binary) - .sign_hash(&mut KeyPair::new(&key, &sec).unwrap(), + .sign_hash(&mut KeyPair::new(key, sec).unwrap(), hash, hash.context().unwrap()).unwrap(); // 0: OnePassSig @@ -879,7 +879,7 @@ mod tests { panic!() }; let sig = ::packet::signature::Builder::new(SignatureType::Binary) - .sign_hash(&mut KeyPair::new(&key, &sec).unwrap(), + .sign_hash(&mut KeyPair::new(key, sec).unwrap(), hash, hash.context().unwrap()).unwrap(); // 0: Signature diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index bc7239c5..02d3d441 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -222,14 +222,14 @@ pub trait Signer { } /// A cryptographic key pair. -pub struct KeyPair<'a> { - public: &'a Key, - secret: &'a mpis::SecretKey, +pub struct KeyPair { + public: Key, + secret: mpis::SecretKey, } -impl<'a> KeyPair<'a> { +impl KeyPair { /// Creates a new key pair. - pub fn new(public: &'a Key, secret: &'a mpis::SecretKey) -> Result<Self> { + pub fn new(public: Key, secret: mpis::SecretKey) -> Result<Self> { Ok(Self { public: public, secret: secret, @@ -237,7 +237,7 @@ impl<'a> KeyPair<'a> { } } -impl<'a> Signer for KeyPair<'a> { +impl Signer for KeyPair { fn public(&self) -> &Key { &self.public } @@ -252,7 +252,7 @@ impl<'a> Signer for KeyPair<'a> { let mut rng = Yarrow::default(); #[allow(deprecated)] - match (self.public.pk_algo(), self.public.mpis(), self.secret) + match (self.public.pk_algo(), self.public.mpis(), &self.secret) { (RSASign, &PublicKey::RSA { ref e, ref n }, @@ -1079,7 +1079,8 @@ mod test { let mut hash = hash_algo.context().unwrap(); // Make signature. - let sig = sig.sign_hash(&mut KeyPair::new(&pair, sec).unwrap(), + let sig = sig.sign_hash(&mut KeyPair::new(pair.clone(), + sec.clone()).unwrap(), hash_algo, hash).unwrap(); // Good signature. @@ -1130,7 +1131,7 @@ mod test { hash.update(&msg[..]); Builder::new(SignatureType::Text) - .sign_hash(&mut KeyPair::new(&key, &private_mpis).unwrap(), + .sign_hash(&mut KeyPair::new(key, private_mpis).unwrap(), HashAlgorithm::SHA256, hash).unwrap(); } diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index 75f56ffa..90b48b3c 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2250,8 +2250,7 @@ fn accessors() { } else { panic!() }; - let key_ = key.clone(); - let mut keypair = KeyPair::new(&key_, &sec).unwrap(); + let mut keypair = KeyPair::new(key.clone(), sec.clone()).unwrap(); // Cook up a timestamp without ns resolution. let now = time::Tm::from_pgp(time::now_utc().to_pgp().unwrap()); @@ -2319,7 +2318,7 @@ fn accessors() { assert_eq!(sig_.revocable(), Some(false)); key.set_creation_time(now); - let mut keypair = KeyPair::new(&key, &sec).unwrap(); + let mut keypair = KeyPair::new(key.clone(), sec).unwrap(); sig.set_key_expiration_time(Some(five_minutes)).unwrap(); let sig_ = sig.clone().sign_hash(&mut keypair, hash_algo, hash.clone()).unwrap(); diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 212267f2..9deebe65 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -413,7 +413,7 @@ impl<'a> Signer<'a> { let sig = if let &SecretKey::Unencrypted { mpis: ref sec } = key.secret().expect("validated in constructor") { - sig.sign_hash(&mut KeyPair::new(&key, sec)?, + sig.sign_hash(&mut KeyPair::new(key.clone(), sec.clone())?, HashAlgorithm::SHA512, hash)? } else { panic!("validated in constructor"); diff --git a/openpgp/src/tpk/builder.rs b/openpgp/src/tpk/builder.rs index 078c4843..6a1e5c03 100644 --- a/openpgp/src/tpk/builder.rs +++ b/openpgp/src/tpk/builder.rs @@ -242,10 +242,10 @@ impl TPKBuilder { Some(SecretKey::Unencrypted{ ref mpis }) => { match uid { Some(uid) => sig.sign_userid_binding( - &mut KeyPair::new(&key, mpis)?, &key, &uid, - HashAlgorithm::SHA512)?, + &mut KeyPair::new(key.clone(), mpis.clone())?, + &key, &uid, HashAlgorithm::SHA512)?, None => sig.sign_primary_key_binding( - &mut KeyPair::new(&key, mpis)?, + &mut KeyPair::new(key.clone(), mpis.clone())?, HashAlgorithm::SHA512)?, } } @@ -296,8 +296,8 @@ impl TPKBuilder { let backsig = match subkey.secret() { Some(SecretKey::Unencrypted{ ref mpis }) => { backsig.sign_subkey_binding( - &mut KeyPair::new(&subkey, mpis)?, primary_key, &subkey, - HashAlgorithm::SHA512)? + &mut KeyPair::new(subkey.clone(), mpis.clone())?, + primary_key, &subkey, HashAlgorithm::SHA512)? } Some(SecretKey::Encrypted{ .. }) => { return Err(Error::InvalidOperation( @@ -313,7 +313,8 @@ impl TPKBuilder { let sig = match primary_key.secret() { Some(SecretKey::Unencrypted{ ref mpis }) => { - sig.sign_subkey_binding(&mut KeyPair::new(primary_key, mpis)?, + sig.sign_subkey_binding(&mut KeyPair::new(primary_key.clone(), + mpis.clone())?, primary_key, &subkey, HashAlgorithm::SHA512)? } @@ -342,7 +343,8 @@ impl TPKBuilder { let sig = match key.secret() { Some(SecretKey::Unencrypted{ ref mpis }) => { - sig.sign_userid_binding(&mut KeyPair::new(key, mpis)?, + sig.sign_userid_binding(&mut KeyPair::new(key.clone(), + mpis.clone())?, key, &uid, HashAlgorithm::SHA512)? } Some(SecretKey::Encrypted{ .. }) => { diff --git a/openpgp/src/tpk/mod.rs b/openpgp/src/tpk/mod.rs index dd1e63fb..5203940a 100644 --- a/openpgp/src/tpk/mod.rs +++ b/openpgp/src/tpk/mod.rs @@ -370,7 +370,8 @@ impl SubkeyBinding { let sig = match primary_key.secret() { Some(SecretKey::Unencrypted{ ref mpis }) => { - sig.sign_subkey_binding(&mut KeyPair::new(primary_key, mpis)?, + sig.sign_subkey_binding(&mut KeyPair::new(primary_key.clone(), + mpis.clone())?, primary_key, &subkey, HashAlgorithm::SHA512)? } @@ -493,7 +494,8 @@ impl UserIDBinding { let sig = match signer.secret() { Some(SecretKey::Unencrypted{ ref mpis }) => { - sig.sign_userid_binding(&mut KeyPair::new(signer, mpis)?, + sig.sign_userid_binding(&mut KeyPair::new(signer.clone(), + mpis.clone())?, key, &uid, HashAlgorithm::SHA512)? } Some(SecretKey::Encrypted{ .. }) => { @@ -1337,7 +1339,8 @@ impl TPK { if let Some(SecretKey::Unencrypted{ mpis: ref sec }) = pair.secret() { // Generate the signature. - sig.sign_hash(&mut KeyPair::new(&pair, sec)?, hash_algo, hash) + sig.sign_hash(&mut KeyPair::new(pair.clone(), sec.clone())?, + hash_algo, hash) } else { return Err(Error::InvalidOperation( "Secret key is encrypted".into()).into()); @@ -1456,8 +1459,8 @@ impl TPK { match pair.secret() { Some(SecretKey::Unencrypted{ mpis: ref sec }) => { // Generate the signature. - sig.sign_hash(&mut KeyPair::new(&pair, sec)?, hash_algo, - hash)? + sig.sign_hash(&mut KeyPair::new(pair.clone(), sec.clone())?, + hash_algo, hash)? } Some(_) => return Err(Error::InvalidOperation( diff --git a/openpgp/src/tsk.rs b/openpgp/src/tsk.rs index 120fc88b..05734be8 100644 --- a/openpgp/src/tsk.rs +++ b/openpgp/src/tsk.rs @@ -110,12 +110,13 @@ impl TSK { let keys = self.key.select_keys(caps, None); match keys.first() { - Some(ref my_key) => { + Some(my_key) => { match my_key.secret() { Some(&SecretKey::Unencrypted{ ref mpis }) => { signature::Builder::new(SignatureType::GenericCertificate) .sign_userid_binding( - &mut KeyPair::new(my_key, mpis)?, + &mut KeyPair::new((*my_key).clone(), + mpis.clone())?, key, userid, HashAlgorithm::SHA512) } _ => Err(Error::InvalidOperation( |