diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-12-03 17:50:12 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-04 13:21:47 +0100 |
commit | 8354d849b19170a9a2c2b97179d9aaedb6fca6cf (patch) | |
tree | 12578d07af9c4d104571e1055e1d40af4eae99ed | |
parent | 807eee2432de52715a2e3c7167d5e859ca3315a8 (diff) |
openpgp: Rename KeyFlag's accessors.
- Fixes #359.
27 files changed, 164 insertions, 164 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 89df3321..4b5f5dc2 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -53,8 +53,8 @@ fn main() { # let mut recipients = # recipient.keys_valid() # .key_flags(KeyFlags::default() -# .set_encrypt_at_rest(true) -# .set_encrypt_for_transport(true)) +# .set_storage_encryption(true) +# .set_transport_encryption(true)) # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); # @@ -196,8 +196,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # let mut recipients = # recipient.keys_valid() # .key_flags(KeyFlags::default() -# .set_encrypt_at_rest(true) -# .set_encrypt_for_transport(true)) +# .set_storage_encryption(true) +# .set_transport_encryption(true)) # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); # @@ -339,8 +339,8 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) let mut recipients = recipient.keys_valid() .key_flags(KeyFlags::default() - .set_encrypt_at_rest(true) - .set_encrypt_for_transport(true)) + .set_storage_encryption(true) + .set_transport_encryption(true)) .map(|(_, _, key)| key.into()) .collect::<Vec<_>>(); @@ -496,8 +496,8 @@ Decrypted data can be read from this using [`io::Read`]. # let mut recipients = # recipient.keys_valid() # .key_flags(KeyFlags::default() -# .set_encrypt_at_rest(true) -# .set_encrypt_for_transport(true)) +# .set_storage_encryption(true) +# .set_transport_encryption(true)) # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); # diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index e418e8c1..fa76c970 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -73,8 +73,8 @@ impl<'a> Helper<'a> { let mut keys = HashMap::new(); for cert in certs { for (sig, _, key) in cert.keys_all() { - if sig.map(|s| (s.key_flags().can_encrypt_at_rest() - || s.key_flags().can_encrypt_for_transport())) + if sig.map(|s| (s.key_flags().for_storage_encryption() + || s.key_flags().for_transport_encryption())) .unwrap_or(false) { keys.insert(key.keyid(), key.clone().into()); diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index 0656bc21..ce494e60 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -209,7 +209,7 @@ fn decrypt() { { let recipient = cert.keys_valid().key_flags( - KeyFlags::default().set_encrypt_for_transport(true)) + KeyFlags::default().set_transport_encryption(true)) .map(|(_, _, key)| key.into()) .nth(0).unwrap(); @@ -276,7 +276,7 @@ fn decrypt() { let mut keypair = KeyPair::new( self.ctx, self.cert.keys_valid().key_flags( - KeyFlags::default().set_encrypt_for_transport(true)) + KeyFlags::default().set_transport_encryption(true)) .take(1).next().unwrap().2) .unwrap(); diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c index abf9d1a9..8303f8ee 100644 --- a/openpgp-ffi/examples/encrypt-for.c +++ b/openpgp-ffi/examples/encrypt-for.c @@ -37,8 +37,8 @@ main (int argc, char **argv) error (1, 0, "pgp_cert_from_file: %s", pgp_error_to_string (err)); pgp_cert_key_iter_t iter = pgp_cert_key_iter_valid (cert); - pgp_cert_key_iter_encrypting_capable_at_rest (iter); - pgp_cert_key_iter_encrypting_capable_for_transport (iter); + pgp_cert_key_iter_for_storage_encryption (iter); + pgp_cert_key_iter_for_transport_encryption (iter); size_t recipients_len; pgp_recipient_t *recipients = pgp_recipients_from_key_iter (iter, &recipients_len); diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 00e841f9..b1de42e3 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -340,31 +340,31 @@ pgp_fingerprint_t pgp_signature_issuer_fingerprint(pgp_signature_t sig); /// Returns whether the KeyFlags indicates that the key can be used to /// make certifications. /*/ -bool pgp_signature_can_certify(pgp_signature_t signature); +bool pgp_signature_for_certification(pgp_signature_t signature); /*/ /// Returns whether the KeyFlags indicates that the key can be used to /// make signatures. /*/ -bool pgp_signature_can_sign(pgp_signature_t signature); +bool pgp_signature_for_signing(pgp_signature_t signature); /*/ /// Returns whether the KeyFlags indicates that the key can be used to /// encrypt data for transport. /*/ -bool pgp_signature_can_encrypt_for_transport(pgp_signature_t signature); +bool pgp_signature_for_transport_encryption(pgp_signature_t signature); /*/ /// Returns whether the KeyFlags indicates that the key can be used to /// encrypt data at rest. /*/ -bool pgp_signature_can_encrypt_at_rest(pgp_signature_t signature); +bool pgp_signature_for_storage_encryption(pgp_signature_t signature); /*/ /// Returns whether the KeyFlags indicates that the key can be used /// for authentication. /*/ -bool pgp_signature_can_authenticate(pgp_signature_t signature); +bool pgp_signature_for_authentication(pgp_signature_t signature); /*/ /// Returns whether the KeyFlags indicates that the key is a split diff --git a/openpgp-ffi/src/packet/signature.rs b/openpgp-ffi/src/packet/signature.rs index 14df1ce3..e3abedb3 100644 --- a/openpgp-ffi/src/packet/signature.rs +++ b/openpgp-ffi/src/packet/signature.rs @@ -69,37 +69,37 @@ fn pgp_signature_issuer_fingerprint(sig: *const Signature) /// Returns whether the KeyFlags indicates that the key can be used to /// make certifications. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_can_certify(sig: *const Signature) -> bool { - sig.ref_raw().key_flags().can_certify() +fn pgp_signature_for_certification(sig: *const Signature) -> bool { + sig.ref_raw().key_flags().for_certification() } /// Returns whether the KeyFlags indicates that the key can be used to /// make signatures. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_can_sign(sig: *const Signature) -> bool { - sig.ref_raw().key_flags().can_sign() +fn pgp_signature_for_signing(sig: *const Signature) -> bool { + sig.ref_raw().key_flags().for_signing() } /// Returns whether the KeyFlags indicates that the key can be used to /// encrypt data for transport. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_can_encrypt_for_transport(sig: *const Signature) +fn pgp_signature_for_transport_encryption(sig: *const Signature) -> bool { - sig.ref_raw().key_flags().can_encrypt_for_transport() + sig.ref_raw().key_flags().for_transport_encryption() } /// Returns whether the KeyFlags indicates that the key can be used to /// encrypt data at rest. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_can_encrypt_at_rest(sig: *const Signature) -> bool { - sig.ref_raw().key_flags().can_encrypt_at_rest() +fn pgp_signature_for_storage_encryption(sig: *const Signature) -> bool { + sig.ref_raw().key_flags().for_storage_encryption() } /// Returns whether the KeyFlags indicates that the key can be used /// for authentication. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_can_authenticate(sig: *const Signature) -> bool { - sig.ref_raw().key_flags().can_authenticate() +fn pgp_signature_for_authentication(sig: *const Signature) -> bool { + sig.ref_raw().key_flags().for_authentication() } /// Returns whether the KeyFlags indicates that the key is a split diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index a290d14d..537e8f8b 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -60,8 +60,8 @@ impl Helper { let mut keys = HashMap::new(); for cert in certs { for (sig, _, key) in cert.keys_all() { - if sig.map(|s| (s.key_flags().can_encrypt_at_rest() - || s.key_flags().can_encrypt_for_transport())) + if sig.map(|s| (s.key_flags().for_storage_encryption() + || s.key_flags().for_transport_encryption())) .unwrap_or(false) { // This only works for unencrypted secret keys. diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index 64d94b1c..f3004532 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -21,8 +21,8 @@ fn main() { } let mode = match args[1].as_ref() { - "at-rest" => KeyFlags::default().set_encrypt_at_rest(true), - "for-transport" => KeyFlags::default().set_encrypt_for_transport(true), + "at-rest" => KeyFlags::default().set_storage_encryption(true), + "for-transport" => KeyFlags::default().set_transport_encryption(true), x => panic!("invalid mode: {:?}, \ must be either 'at-rest' or 'for-transport'", x), diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs index 9229c520..a13e53d5 100644 --- a/openpgp/examples/pad.rs +++ b/openpgp/examples/pad.rs @@ -23,8 +23,8 @@ fn main() { } let mode = match args[1].as_ref() { - "at-rest" => KeyFlags::default().set_encrypt_at_rest(true), - "for-transport" => KeyFlags::default().set_encrypt_for_transport(true), + "at-rest" => KeyFlags::default().set_storage_encryption(true), + "for-transport" => KeyFlags::default().set_transport_encryption(true), x => panic!("invalid mode: {:?}, \ must be either 'at-rest' or 'for-transport'", x), diff --git a/openpgp/src/cert/bindings.rs b/openpgp/src/cert/bindings.rs index 2bd82f16..70ade707 100644 --- a/openpgp/src/cert/bindings.rs +++ b/openpgp/src/cert/bindings.rs @@ -35,7 +35,7 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// .mark_parts_secret()?.into_keypair()?; /// /// // Let's add an encryption subkey. - /// let flags = KeyFlags::default().set_encrypt_at_rest(true); + /// let flags = KeyFlags::default().set_storage_encryption(true); /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0); /// /// // Generate a subkey and a binding signature. @@ -156,7 +156,7 @@ impl UserID { /// # fn f() -> Result<()> { /// // Generate a Cert, and create a keypair from the primary key. /// let (alice, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_userid("alice@example.org") /// .generate()?; /// let mut keypair = alice.primary().clone() @@ -164,7 +164,7 @@ impl UserID { /// /// // Generate a Cert for Bob. /// let (bob, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_userid("bob@example.org") /// .generate()?; /// @@ -314,7 +314,7 @@ impl UserAttribute { /// Image::Private(100, vec![0, 1, 2].into_boxed_slice())), /// ])?; /// let (bob, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_user_attribute(user_attr) /// .generate()?; /// diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index d9f266ad..ba534608 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -63,10 +63,10 @@ impl CipherSuite { Key4::generate_rsa(4096), CipherSuite::Cv25519 | CipherSuite::P256 | CipherSuite::P384 | CipherSuite::P521 => { - let sign = flags.can_certify() || flags.can_sign() - || flags.can_authenticate(); - let encrypt = flags.can_encrypt_for_transport() - || flags.can_encrypt_at_rest(); + let sign = flags.for_certification() || flags.for_signing() + || flags.for_authentication(); + let encrypt = flags.for_transport_encryption() + || flags.for_storage_encryption(); let curve = match self { CipherSuite::Cv25519 if sign => Curve::Ed25519, CipherSuite::Cv25519 if encrypt => Curve::Cv25519, @@ -130,7 +130,7 @@ impl CertBuilder { CertBuilder{ ciphersuite: CipherSuite::default(), primary: KeyBlueprint{ - flags: KeyFlags::default().set_certify(true), + flags: KeyFlags::default().set_certification(true), expiration: None, }, subkeys: vec![], @@ -152,16 +152,16 @@ impl CertBuilder { ciphersuite: ciphersuite.into().unwrap_or(Default::default()), primary: KeyBlueprint { flags: KeyFlags::default() - .set_certify(true) - .set_sign(true), + .set_certification(true) + .set_signing(true), expiration: Some( time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0)), }, subkeys: vec![ KeyBlueprint { flags: KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), + .set_transport_encryption(true) + .set_storage_encryption(true), expiration: None, } ], @@ -191,16 +191,16 @@ impl CertBuilder { }, primary: KeyBlueprint { flags: KeyFlags::default() - .set_certify(true) - .set_sign(true), + .set_certification(true) + .set_signing(true), expiration: Some( time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0)), }, subkeys: vec![ KeyBlueprint { flags: KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), + .set_transport_encryption(true) + .set_storage_encryption(true), expiration: None, } ], @@ -240,24 +240,24 @@ impl CertBuilder { /// Adds a signing capable subkey. pub fn add_signing_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_sign(true), None) + self.add_subkey(KeyFlags::default().set_signing(true), None) } /// Adds an encryption capable subkey. pub fn add_encryption_subkey(self) -> Self { self.add_subkey(KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), None) + .set_transport_encryption(true) + .set_storage_encryption(true), None) } /// Adds an certification capable subkey. pub fn add_certification_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_certify(true), None) + self.add_subkey(KeyFlags::default().set_certification(true), None) } /// Adds an authentication capable subkey. pub fn add_authentication_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_authenticate(true), None) + self.add_subkey(KeyFlags::default().set_authentication(true), None) } /// Adds a custom subkey. @@ -308,7 +308,7 @@ impl CertBuilder { // make sure the primary key can sign subkeys if !self.subkeys.is_empty() { - self.primary.flags = self.primary.flags.set_certify(true); + self.primary.flags = self.primary.flags.set_certification(true); } // Generate & and self-sign primary key. @@ -362,14 +362,14 @@ impl CertBuilder { .set_key_expiration_time( blueprint.expiration.or(self.primary.expiration))?; - if flags.can_encrypt_for_transport() || flags.can_encrypt_at_rest() + if flags.for_transport_encryption() || flags.for_storage_encryption() { builder = builder.set_preferred_symmetric_algorithms(vec![ SymmetricAlgorithm::AES256, ])?; } - if flags.can_certify() || flags.can_sign() { + if flags.for_certification() || flags.for_signing() { builder = builder.set_preferred_hash_algorithms(vec![ HashAlgorithm::SHA512, ])?; @@ -415,7 +415,7 @@ impl CertBuilder { -> Result<(key::PublicKey, Signature)> { let key = self.ciphersuite.generate_key( - &KeyFlags::default().set_certify(true))?; + &KeyFlags::default().set_certification(true))?; let sig = signature::Builder::new(SignatureType::DirectKey) // GnuPG wants at least a 512-bit hash for P521 keys. .set_hash_algo(HashAlgorithm::SHA512) @@ -558,7 +558,7 @@ mod tests { let sig_pkts = &cert1.primary_key_signature(None).unwrap().hashed_area(); match sig_pkts.lookup(SubpacketTag::KeyFlags).unwrap().value() { - SubpacketValue::KeyFlags(ref ks) => assert!(ks.can_certify()), + SubpacketValue::KeyFlags(ref ks) => assert!(ks.for_certification()), v => panic!("Unexpected subpacket: {:?}", v), } @@ -570,12 +570,12 @@ mod tests { let (cert1, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .primary_keyflags(KeyFlags::default()) - .add_subkey(KeyFlags::default().set_certify(true), None) + .add_subkey(KeyFlags::default().set_certification(true), None) .generate().unwrap(); let sig_pkts = cert1.subkeys().next().unwrap().self_signatures[0].hashed_area(); match sig_pkts.lookup(SubpacketTag::KeyFlags).unwrap().value() { - SubpacketValue::KeyFlags(ref ks) => assert!(ks.can_certify()), + SubpacketValue::KeyFlags(ref ks) => assert!(ks.for_certification()), v => panic!("Unexpected subpacket: {:?}", v), } @@ -636,9 +636,9 @@ mod tests { let s = std::time::Duration::new(1, 0); let (cert,_) = CertBuilder::new() .set_expiration(600 * s) - .add_subkey(KeyFlags::default().set_sign(true), + .add_subkey(KeyFlags::default().set_signing(true), 300 * s) - .add_subkey(KeyFlags::default().set_authenticate(true), + .add_subkey(KeyFlags::default().set_authentication(true), None) .generate().unwrap(); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index 13813388..76f273d9 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -299,35 +299,35 @@ impl<'a, P: 'a + key::KeyParts, R: 'a + key::KeyRole> KeyIter<'a, P, R> /// /// See `key_flags` for caveats. pub fn for_certification(self) -> Self { - self.key_flags(KeyFlags::default().set_certify(true)) + self.key_flags(KeyFlags::default().set_certification(true)) } /// Returns keys that are signing capable. /// /// See `key_flags` for caveats. pub fn for_signing(self) -> Self { - self.key_flags(KeyFlags::default().set_sign(true)) + self.key_flags(KeyFlags::default().set_signing(true)) } /// Returns keys that are authentication capable. /// /// See `key_flags` for caveats. pub fn for_authentication(self) -> Self { - self.key_flags(KeyFlags::default().set_authenticate(true)) + self.key_flags(KeyFlags::default().set_authentication(true)) } /// Returns keys that are capable of encrypting data at rest. /// /// See `key_flags` for caveats. pub fn for_storage_encryption(self) -> Self { - self.key_flags(KeyFlags::default().set_encrypt_at_rest(true)) + self.key_flags(KeyFlags::default().set_storage_encryption(true)) } /// Returns keys that are capable of encrypting data for transport. /// /// See `key_flags` for caveats. pub fn for_transport_encryption(self) -> Self { - self.key_flags(KeyFlags::default().set_encrypt_for_transport(true)) + self.key_flags(KeyFlags::default().set_transport_encryption(true)) } /// Only returns keys that are live as of `now`. @@ -433,7 +433,7 @@ mod test { |