diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 14:20:53 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 15:59:16 +0100 |
commit | a464ce819ccd1fa07ff8c6d0be74cff5eec5cf34 (patch) | |
tree | 31ed9d18b9c7802a93b4e4c8e6e85d1121b201d8 /ipc | |
parent | b9b6533bd5394cd5cdb6b91b5c5ca7a02e3ea199 (diff) |
openpgp: Add a policy object.
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
Diffstat (limited to 'ipc')
-rw-r--r-- | ipc/examples/gpg-agent-decrypt.rs | 12 | ||||
-rw-r--r-- | ipc/examples/gpg-agent-sign.rs | 5 | ||||
-rw-r--r-- | ipc/tests/gpg-agent.rs | 20 |
3 files changed, 27 insertions, 10 deletions
diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index 69ba9d3b..0f0b3beb 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -21,9 +21,13 @@ use crate::openpgp::parse::{ MessageLayer, }, }; +use crate::openpgp::policy::Policy; +use crate::openpgp::policy::StandardPolicy as P; use crate::ipc::gnupg::{Context, KeyPair}; fn main() { + let p = &P::new(); + let matches = clap::App::new("gpg-agent-decrypt") .version(env!("CARGO_PKG_VERSION")) .about("Connects to gpg-agent and decrypts a message.") @@ -51,7 +55,7 @@ fn main() { // Now, create a decryptor with a helper using the given Certs. let mut decryptor = - Decryptor::from_reader(io::stdin(), Helper::new(&ctx, certs), None) + Decryptor::from_reader(p, io::stdin(), Helper::new(&ctx, p, certs), None) .unwrap(); // Finally, stream the decrypted data to stdout. @@ -70,11 +74,13 @@ struct Helper<'a> { impl<'a> Helper<'a> { /// Creates a Helper for the given Certs with appropriate secrets. - fn new(ctx: &'a Context, certs: Vec<openpgp::Cert>) -> Self { + fn new(ctx: &'a Context, policy: &'a dyn Policy, certs: Vec<openpgp::Cert>) + -> Self + { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys().policy(None) + for ka in cert.keys().set_policy(policy, None) .for_storage_encryption().for_transport_encryption() { let key = ka.key(); diff --git a/ipc/examples/gpg-agent-sign.rs b/ipc/examples/gpg-agent-sign.rs index a80f3935..424f2a74 100644 --- a/ipc/examples/gpg-agent-sign.rs +++ b/ipc/examples/gpg-agent-sign.rs @@ -9,9 +9,12 @@ extern crate sequoia_ipc as ipc; use crate::openpgp::armor; use crate::openpgp::parse::Parse; use crate::openpgp::serialize::stream::{Message, LiteralWriter, Signer}; +use crate::openpgp::policy::StandardPolicy as P; use crate::ipc::gnupg::{Context, KeyPair}; fn main() { + let p = &P::new(); + let matches = clap::App::new("gpg-agent-sign") .version(env!("CARGO_PKG_VERSION")) .about("Connects to gpg-agent and creates a dummy signature.") @@ -39,7 +42,7 @@ fn main() { // Construct a KeyPair for every signing-capable (sub)key. let mut signers = certs.iter().flat_map(|cert| { - cert.keys().policy(None).alive().revoked(false).for_signing() + cert.keys().set_policy(p, None).alive().revoked(false).for_signing() .filter_map(|ka| { KeyPair::new(&ctx, ka.key()).ok() }) diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index 8cb3216f..e8a69d92 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -15,6 +15,7 @@ use crate::openpgp::crypto::SessionKey; use crate::openpgp::parse::stream::*; use crate::openpgp::serialize::{Serialize, stream::*}; use crate::openpgp::cert::{CertBuilder, CipherSuite}; +use crate::openpgp::policy::Policy; extern crate sequoia_ipc as ipc; use crate::ipc::gnupg::{Context, Agent, KeyPair}; @@ -80,6 +81,9 @@ fn gpg_import(ctx: &Context, what: &[u8]) { #[test] fn sign() { use self::CipherSuite::*; + use openpgp::policy::StandardPolicy as P; + + let p = &P::new(); let ctx = make_context!(); for cs in &[RSA2k, Cv25519, P521] { @@ -95,7 +99,7 @@ fn sign() { let keypair = KeyPair::new( &ctx, - cert.keys().policy(None).alive().revoked(false) + cert.keys().set_policy(p, None).alive().revoked(false) .for_signing().take(1).next().unwrap().key()) .unwrap(); @@ -128,7 +132,7 @@ fn sign() { // Now, create a verifier with a helper using the given Certs. let mut verifier = - Verifier::from_bytes(&message, helper, None).unwrap(); + Verifier::from_bytes(p, &message, helper, None).unwrap(); // Verify the data. let mut sink = Vec::new(); @@ -193,6 +197,9 @@ fn sign() { #[test] fn decrypt() { use self::CipherSuite::*; + use openpgp::policy::StandardPolicy as P; + + let p = &P::new(); let ctx = make_context!(); for cs in &[RSA2k, Cv25519, P521] { @@ -209,7 +216,7 @@ fn decrypt() { let mut message = Vec::new(); { let recipient = - cert.keys().policy(None).alive().revoked(false) + cert.keys().set_policy(p, None).alive().revoked(false) .for_transport_encryption() .map(|ka| ka.key().into()) .nth(0).unwrap(); @@ -235,10 +242,10 @@ fn decrypt() { // Make a helper that that feeds the recipient's secret key to the // decryptor. - let helper = Helper { ctx: &ctx, cert: &cert, }; + let helper = Helper { policy: p, ctx: &ctx, cert: &cert, }; // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = Decryptor::from_bytes(&message, helper, None) + let mut decryptor = Decryptor::from_bytes(p, &message, helper, None) .unwrap(); // Decrypt the data. @@ -247,6 +254,7 @@ fn decrypt() { assert_eq!(MESSAGE.as_bytes(), &sink[..]); struct Helper<'a> { + policy: &'a Policy, ctx: &'a Context, cert: &'a openpgp::Cert, } @@ -276,7 +284,7 @@ fn decrypt() { { let mut keypair = KeyPair::new( self.ctx, - self.cert.keys().policy(None) + self.cert.keys().set_policy(self.policy, None) .for_storage_encryption().for_transport_encryption() .take(1).next().unwrap().key()) .unwrap(); |