openpgp: New TSK type.

  - With a1e226f8f1418de43e577fdaa1d087b68bbb09ae in place, we have a
    more general way to add components to a TPK.  Retire the current
    `TSK` type and replace it with a thin shim that only allows
    serialization of secret keys.

  - Fixes #107.

5 files changed, 57 insertions, 113 deletions

diff --git a/openpgp-ffi/examples/Makefile b/openpgp-ffi/examples/Makefile
index 77e5aad9..f5dd0f8c 100644
--- a/openpgp-ffi/examples/Makefile
+++ b/openpgp-ffi/examples/Makefile
@@ -11,6 +11,7 @@ EXAMPLE_TARGET_DIR      ?= $(CARGO_TARGET_DIR)/debug/c-examples/openpgp-ffi
 EXAMPLES = \
 	example reader parser encrypt-for armor \
 	decrypt-with \
+	generate-key \
 	type-safety-demo use-after-free-demo immutable-reference-demo \
 
 CFLAGS  = -I../include -O0 -g -Wall -Werror
diff --git a/openpgp-ffi/examples/generate-key.c b/openpgp-ffi/examples/generate-key.c
new file mode 100644
index 00000000..268e5593
--- /dev/null
+++ b/openpgp-ffi/examples/generate-key.c
@@ -0,0 +1,37 @@
+#include <assert.h>
+#include <stdio.h>
+
+#include <sequoia/openpgp.h>
+
+int
+main () {
+  pgp_status_t rc;
+
+  /* First, generate the key.  */
+  pgp_tpk_builder_t builder = pgp_tpk_builder_default ();
+  pgp_tpk_builder_set_cipher_suite (&builder, PGP_TPK_CIPHER_SUITE_CV25519);
+
+  pgp_tpk_t tpk;
+  pgp_signature_t revocation;
+  pgp_tpk_builder_generate (NULL, builder, &tpk, &revocation);
+  assert (tpk);
+  assert (revocation);
+  pgp_signature_free (revocation);    /* Free the generated revocation.  */
+
+  /* Now, setup an armor writer for stdout.  */
+  pgp_writer_t sink = pgp_writer_from_fd (STDOUT_FILENO);
+  pgp_writer_t armor = pgp_armor_writer_new (NULL, sink,
+					     PGP_ARMOR_KIND_SECRETKEY,
+					     NULL, 0);
+  assert (armor);
+
+  /* Finally, derive a TSK object, and serialize it.  */
+  pgp_tsk_t tsk = pgp_tpk_as_tsk (tpk);
+  rc = pgp_tsk_serialize (NULL, tsk, armor);
+  assert (rc == PGP_STATUS_SUCCESS);
+
+  pgp_tsk_free (tsk);
+  pgp_writer_free (armor);
+  pgp_writer_free (sink);
+  pgp_tpk_free (tpk);
+}
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 0d2494bd..d2af360c 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -675,10 +675,13 @@ pgp_fingerprint_t pgp_tpk_fingerprint (const pgp_tpk_t tpk);
 
 
 /*/
-/// Cast the public key into a secret key that allows using the secret
-/// parts of the containing keys.
+/// Derive a [`TSK`] object from this key.
+///
+/// This object writes out secret keys during serialization.
+///
+/// [`TSK`]: tpk/struct.TSK.html
 /*/
-pgp_tsk_t pgp_tpk_into_tsk (pgp_tpk_t tpk);
+pgp_tsk_t pgp_tpk_as_tsk (pgp_tpk_t tpk);
 
 /*/
 /// Returns a reference to the TPK's primary key.
@@ -855,63 +858,11 @@ pgp_tpk_t pgp_tpk_builder_generate(pgp_error_t *errp, pgp_tpk_builder_t tpkb,
 /* TSK */
 
 /*/
-/// Generates a new RSA 3072 bit key with UID `primary_uid`.
-/*/
-pgp_status_t pgp_tsk_new (pgp_error_t *errp, char *primary_uid,
-                        pgp_tsk_t *tpk, pgp_signature_t *revocation);
-
-/*/
-/// Returns the first TSK encountered in the reader.
-/*/
-pgp_tsk_t pgp_tsk_from_reader (pgp_error_t *errp,
-                               pgp_reader_t reader);
-
-/*/
-/// Returns the first TSK encountered in the file.
-/*/
-pgp_tsk_t pgp_tsk_from_file (pgp_error_t *errp,
-                             const char *filename);
-
-/*/
-/// Returns the first TSK found in `buf`.
-///
-/// `buf` must be an OpenPGP-encoded TSK.
-/*/
-pgp_tsk_t pgp_tsk_from_bytes (pgp_error_t *errp,
-                              const uint8_t *b, size_t len);
-
-/*/
 /// Frees the TSK.
 /*/
 void pgp_tsk_free (pgp_tsk_t tsk);
 
 /*/
-/// Clones the TSK.
-/*/
-pgp_tsk_t pgp_tsk_clone (pgp_tsk_t message);
-
-/*/
-/// Returns a human readable description of this object suitable for
-/// debugging.
-/*/
-char *pgp_tsk_debug (const pgp_tsk_t);
-
-/*/
-/// Compares TPKs.
-/*/
-bool pgp_tsk_equal (const pgp_tsk_t a, const pgp_tsk_t b);
-
-/*/
-/// Returns a reference to the corresponding TPK.
-/*/
-pgp_tpk_t pgp_tsk_tpk (pgp_tsk_t tsk);
-
-/*/
-/// Converts the TSK into a TPK.
-/*/
-pgp_tpk_t pgp_tsk_into_tpk (pgp_tsk_t tsk);
-
-/*/
 /// Serializes the TSK.
 /*/
 pgp_status_t pgp_tsk_serialize (pgp_error_t *errp,
diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs
index a1ca0ebe..75baba6d 100644
--- a/openpgp-ffi/src/tpk.rs
+++ b/openpgp-ffi/src/tpk.rs
@@ -128,12 +128,14 @@ fn pgp_tpk_fingerprint(tpk: *const TPK)
     tpk.fingerprint().move_into_raw()
 }
 
-/// Cast the public key into a secret key that allows using the secret
-/// parts of the containing keys.
+/// Derive a [`TSK`] object from this key.
+///
+/// This object writes out secret keys during serialization.
+///
+/// [`TSK`]: tpk/struct.TSK.html
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system"
-fn pgp_tpk_into_tsk(tpk: *mut TPK)
-                    -> *mut TSK {
-    tpk.move_from_raw().into_tsk().move_into_raw()
+fn pgp_tpk_as_tsk(tpk: *const TPK) -> *mut TSK<'static> {
+    tpk.ref_raw().as_tsk().move_into_raw()
 }
 
 /// Returns a reference to the TPK's primary key.
diff --git a/openpgp-ffi/src/tsk.rs b/openpgp-ffi/src/tsk.rs
index ef17c285..29e9e1c8 100644
--- a/openpgp-ffi/src/tsk.rs
+++ b/openpgp-ffi/src/tsk.rs
@@ -1,21 +1,10 @@
 //! Transferable secret keys.
 //!
-//! Wraps [`sequoia-openpgp::TSK`].
+//! Wraps [`sequoia-openpgp::tpk::TSK`].
 //!
-//! [`sequoia-openpgp::TSK`]: ../../sequoia_openpgp/struct.TSK.html
-
-use failure;
-use libc::c_char;
+//! [`sequoia-openpgp::tpk::TSK`]: ../../sequoia_openpgp/struct.TSK.html
 
 extern crate sequoia_openpgp as openpgp;
-use super::packet::signature::Signature;
-
-use super::tpk::TPK;
-use ::error::Status;
-use RefRaw;
-use MoveFromRaw;
-use MoveIntoRaw;
-use MoveResultIntoRaw;
 
 /// A transferable secret key (TSK).
 ///
@@ -24,44 +13,8 @@ use MoveResultIntoRaw;
 ///
 /// [RFC 4880, section 11.2]: https://tools.ietf.org/html/rfc4880#section-11.2
 ///
-/// Wraps [`sequoia-openpgp::TSK`].
+/// Wraps [`sequoia-openpgp::tpk::TSK`].
 ///
-/// [`sequoia-openpgp::TSK`]: ../../sequoia_openpgp/enum.TSK.html
-#[::ffi_wrapper_type(prefix = "pgp_", name = "tsk",
-                     derive = "Clone, Debug, PartialEq, Parse, Serialize")]
-pub struct TSK(openpgp::TSK);
-
-/// Generates a new RSA 3072 bit key with UID `primary_uid`.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system"
-fn pgp_tsk_new(errp: Option<&mut *mut ::error::Error>,
-               primary_uid: *const c_char,
-               tsk_out: *mut *mut TSK,
-               revocation_out: *mut *mut Signature)
-               -> Status
-{
-    let tsk_out = ffi_param_ref_mut!(tsk_out);
-    let revocation_out = ffi_param_ref_mut!(revocation_out);
-    let primary_uid = ffi_param_cstr!(primary_uid).to_string_lossy();
-    match openpgp::TSK::new(primary_uid) {
-        Ok((tsk, revocation)) => {
-            *tsk_out = tsk.move_into_raw();
-            *revocation_out = revocation.move_into_raw();
-            Status::Success
-        },
-        Err(e) => Err::<(), failure::Error>(e).move_into_raw(errp),
-    }
-}
-
-/// Returns a reference to the corresponding TPK.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system"
-fn pgp_tsk_tpk(tsk: *const TSK)
-               -> *const TPK {
-    tsk.ref_raw().tpk().move_into_raw()
-}
-
-/// Converts the TSK into a TPK.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system"
-fn pgp_tsk_into_tpk(tsk: *mut TSK)
-                    -> *mut TPK {
-    tsk.move_from_raw().into_tpk().move_into_raw()
-}
+/// [`sequoia-openpgp::tpk::TSK`]: ../../sequoia_openpgp/enum.TSK.html
+#[::ffi_wrapper_type(prefix = "pgp_", name = "tsk", derive = "Serialize")]
+pub struct TSK<'a>(openpgp::tpk::TSK<'a>);