diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-02-12 10:27:30 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-02-12 10:27:30 +0100 |
commit | 605da7f5442617757d36a40434200e9ff3287f1b (patch) | |
tree | eaaa1d81e205b0ad2cc1160a950527b2c245df50 | |
parent | e9be3b2e7bea44e7f877efe902ff8d5b10eaa53a (diff) |
openpgp: Use a Signer to set the expiry.
-rw-r--r-- | openpgp-ffi/src/tpk.rs | 7 | ||||
-rw-r--r-- | openpgp/src/tpk/mod.rs | 40 |
2 files changed, 21 insertions, 26 deletions
diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs index 039b5430..a816fb31 100644 --- a/openpgp-ffi/src/tpk.rs +++ b/openpgp-ffi/src/tpk.rs @@ -344,11 +344,14 @@ fn pgp_tpk_alive_at(tpk: *const TPK, when: time_t) /// This function consumes `tpk` and returns a new `TPK`. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system" fn pgp_tpk_set_expiry(errp: Option<&mut *mut ::error::Error>, - tpk: *mut TPK, expiry: u32) + tpk: *mut TPK, primary_signer: *mut Box<crypto::Signer>, + expiry: u32) -> Maybe<TPK> { let tpk = tpk.move_from_raw(); + let signer = ffi_param_ref_mut!(primary_signer); - tpk.set_expiry(Some(time::Duration::seconds(expiry as i64))) + tpk.set_expiry(signer.as_mut(), + Some(time::Duration::seconds(expiry as i64))) .move_into_raw(errp) } diff --git a/openpgp/src/tpk/mod.rs b/openpgp/src/tpk/mod.rs index ce365982..57268888 100644 --- a/openpgp/src/tpk/mod.rs +++ b/openpgp/src/tpk/mod.rs @@ -18,7 +18,6 @@ use { SignatureType, HashAlgorithm, packet::Tag, - packet::key::SecretKey, packet::signature::{self, Signature}, packet::Key, packet::UserID, @@ -1634,7 +1633,8 @@ impl TPK { /// /// This function exists to facilitate testing, which is why it is /// not exported. - fn set_expiry_as_of(self, expiration: Option<time::Duration>, + fn set_expiry_as_of(self, primary_signer: &mut Signer, + expiration: Option<time::Duration>, now: time::Tm) -> Result<TPK> { @@ -1647,32 +1647,18 @@ impl TPK { let hash_algo = HashAlgorithm::SHA512; let mut hash = hash_algo.context()?; - let pair = self.primary(); - - pair.hash(&mut hash); + self.primary().hash(&mut hash); if let Some(userid) = userid { userid.userid().hash(&mut hash); } else { assert_eq!(template.sigtype(), SignatureType::DirectKey); } - match pair.secret() { - Some(SecretKey::Unencrypted{ mpis: ref sec }) => { - // Generate the signature. - signature::Builder::from(template.clone()) - .set_key_expiration_time(expiration)? - .set_signature_creation_time(now)? - .sign_hash( - &mut KeyPair::new(pair.clone(), sec.clone())?, - hash_algo, hash)? - } - Some(_) => - return Err(Error::InvalidOperation( - "Secret key is encrypted".into()) .into()), - None => - return Err(Error::InvalidOperation( - "No secret key".into()).into()), - } + // Generate the signature. + signature::Builder::from(template.clone()) + .set_key_expiration_time(expiration)? + .set_signature_creation_time(now)? + .sign_hash(primary_signer, hash_algo, hash)? }; self.merge_packets(vec![sig.into()]) @@ -1682,10 +1668,11 @@ impl TPK { /// /// Note: the time is relative to the key's creation time, not the /// current time! - pub fn set_expiry(self, expiration: Option<time::Duration>) + pub fn set_expiry(self, primary_signer: &mut Signer, + expiration: Option<time::Duration>) -> Result<TPK> { - self.set_expiry_as_of(expiration, time::now()) + self.set_expiry_as_of(primary_signer, expiration, time::now()) } /// Returns an iterator over the TPK's valid `UserIDBinding`s. @@ -3391,8 +3378,11 @@ mod test { .key_expiration_time() .expect("Keys expire by default."); + let mut keypair = tpk.primary().clone().into_keypair().unwrap(); + // Clear the expiration. let tpk = tpk.set_expiry_as_of( + &mut keypair, None, now + time::Duration::seconds(10)).unwrap(); { @@ -3408,6 +3398,7 @@ mod test { assert!(expiry_expected > time::Duration::seconds(0)); let tpk = tpk.set_expiry_as_of( + &mut keypair, Some(expiry_expected), now + time::Duration::seconds(20)).unwrap(); { @@ -3571,6 +3562,7 @@ mod test { #[test] fn revoked_time() { use packet::Features; + use packet::key::SecretKey; use constants::PublicKeyAlgorithm; use rand::{thread_rng, Rng, distributions::Open01}; /* |