diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 14:20:53 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 15:59:16 +0100 |
| commit | a464ce819ccd1fa07ff8c6d0be74cff5eec5cf34 (patch) | |
| tree | 31ed9d18b9c7802a93b4e4c8e6e85d1121b201d8 /openpgp/examples | |
| parent | b9b6533bd5394cd5cdb6b91b5c5ca7a02e3ea199 (diff) | |
openpgp: Add a policy object.
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
Diffstat (limited to 'openpgp/examples')
| -rw-r--r-- | openpgp/examples/decrypt-with.rs | 10 | ||||
| -rw-r--r-- | openpgp/examples/encrypt-for.rs | 5 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 27 | ||||
| -rw-r--r-- | openpgp/examples/generate-sign-verify.rs | 17 | ||||
| -rw-r--r-- | openpgp/examples/notarize.rs | 4 | ||||
| -rw-r--r-- | openpgp/examples/pad.rs | 4 | ||||
| -rw-r--r-- | openpgp/examples/sign-detached.rs | 4 | ||||
| -rw-r--r-- | openpgp/examples/sign.rs | 4 |
8 files changed, 52 insertions, 23 deletions
diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 3f470f0f..b52c143c 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -21,8 +21,12 @@ use crate::openpgp::parse::{ MessageLayer, }, }; +use crate::openpgp::policy::Policy; +use crate::openpgp::policy::StandardPolicy as P; pub fn main() { + let p = &P::new(); + let args: Vec<String> = env::args().collect(); if args.len() < 2 { panic!("A simple decryption filter.\n\n\ @@ -38,7 +42,7 @@ pub fn main() { // Now, create a decryptor with a helper using the given Certs. let mut decryptor = - Decryptor::from_reader(io::stdin(), Helper::new(certs), None).unwrap(); + Decryptor::from_reader(p, io::stdin(), Helper::new(p, certs), None).unwrap(); // Finally, stream the decrypted data to stdout. io::copy(&mut decryptor, &mut io::stdout()) @@ -54,11 +58,11 @@ struct Helper { impl Helper { /// Creates a Helper for the given Certs with appropriate secrets. - fn new(certs: Vec<openpgp::Cert>) -> Self { + fn new(p: &dyn Policy, certs: Vec<openpgp::Cert>) -> Self { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys().policy(None) + for ka in cert.keys().set_policy(p, None) .for_storage_encryption().for_transport_encryption() { // This only works for unencrypted secret keys. diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index 63e0e071..b64165b7 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -11,8 +11,11 @@ use crate::openpgp::parse::Parse; use crate::openpgp::serialize::stream::{ Message, LiteralWriter, Encryptor, }; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); + let args: Vec<String> = env::args().collect(); if args.len() < 3 { panic!("A simple encryption filter.\n\n\ @@ -39,7 +42,7 @@ fn main() { certs.iter() .flat_map(|cert| { cert.keys() - .policy(None).alive().revoked(false).key_flags(&mode) + .set_policy(p, None).alive().revoked(false).key_flags(&mode) }) .map(|ka| ka.key().into()) .collect::<Vec<_>>(); diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 0e109ccd..8258aaf4 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -7,20 +7,24 @@ use crate::openpgp::crypto::SessionKey; use crate::openpgp::types::SymmetricAlgorithm; use crate::openpgp::serialize::stream::*; use crate::openpgp::parse::stream::*; +use crate::openpgp::policy::Policy; +use crate::openpgp::policy::StandardPolicy as P; const MESSAGE: &'static str = "дружба"; fn main() { + let p = &P::new(); + // Generate a key. let key = generate().unwrap(); // Encrypt the message. let mut ciphertext = Vec::new(); - encrypt(&mut ciphertext, MESSAGE, &key).unwrap(); + encrypt(p, &mut ciphertext, MESSAGE, &key).unwrap(); // Decrypt the message. let mut plaintext = Vec::new(); - decrypt(&mut plaintext, &ciphertext, &key).unwrap(); + decrypt(p, &mut plaintext, &ciphertext, &key).unwrap(); assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); } @@ -38,11 +42,13 @@ fn generate() -> openpgp::Result<openpgp::Cert> { } /// Encrypts the given message. -fn encrypt(sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) - -> openpgp::Result<()> { +fn encrypt(p: &dyn Policy, sink: &mut dyn Write, plaintext: &str, + recipient: &openpgp::Cert) + -> openpgp::Result<()> +{ // Build a vector of recipients to hand to Encryptor. - let mut recipients = recipient - .keys().policy(None).alive().revoked(false) + let mut recipients = + recipient.keys().set_policy(p, None).alive().revoked(false) .for_transport_encryption() .map(|ka| ka.key().into()) .collect::<Vec<_>>(); @@ -72,16 +78,18 @@ fn encrypt(sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) } /// Decrypts the given message. -fn decrypt(sink: &mut dyn Write, ciphertext: &[u8], recipient: &openpgp::Cert) +fn decrypt(p: &dyn Policy, + sink: &mut dyn Write, ciphertext: &[u8], recipient: &openpgp::Cert) -> openpgp::Result<()> { // Make a helper that that feeds the recipient's secret key to the // decryptor. let helper = Helper { secret: recipient, + policy: p, }; // Now, create a decryptor with a helper using the given Certs. - let mut decryptor = Decryptor::from_bytes(ciphertext, helper, None)?; + let mut decryptor = Decryptor::from_bytes(p, ciphertext, helper, None)?; // Decrypt the data. io::copy(&mut decryptor, sink)?; @@ -91,6 +99,7 @@ fn decrypt(sink: &mut dyn Write, ciphertext: &[u8], recipient: &openpgp::Cert) struct Helper<'a> { secret: &'a openpgp::Cert, + policy: &'a Policy, } impl<'a> VerificationHelper for Helper<'a> { @@ -115,7 +124,7 @@ impl<'a> DecryptionHelper for Helper<'a> { -> openpgp::Result<Option<openpgp::Fingerprint>> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { - let key = self.secret.keys().policy(None) + let key = self.secret.keys().set_policy(self.policy, None) .for_transport_encryption().nth(0).unwrap().key().clone(); // The secret key is not encrypted. diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index 8df9f1cf..e3142667 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -6,20 +6,24 @@ extern crate failure; extern crate sequoia_openpgp as openpgp; use crate::openpgp::serialize::stream::*; use crate::openpgp::parse::stream::*; +use crate::openpgp::policy::Policy; +use crate::openpgp::policy::StandardPolicy as P; const MESSAGE: &'static str = "дружба"; fn main() { + let p = &P::new(); + // Generate a key. let key = generate().unwrap(); // Sign the message. let mut signed_message = Vec::new(); - sign(&mut signed_message, MESSAGE, &key).unwrap(); + sign(p, &mut signed_message, MESSAGE, &key).unwrap(); // Verify the message. let mut plaintext = Vec::new(); - verify(&mut plaintext, &signed_message, &key).unwrap(); + verify(p, &mut plaintext, &signed_message, &key).unwrap(); assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); } @@ -37,11 +41,11 @@ fn generate() -> openpgp::Result<openpgp::Cert> { } /// Signs the given message. -fn sign(sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Cert) +fn sign(p: &dyn Policy, sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Cert) -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. let keypair = tsk - .keys().policy(None).alive().revoked(false).for_signing() + .keys().set_policy(p, None).alive().revoked(false).for_signing() .nth(0).unwrap() .key().clone().mark_parts_secret().unwrap().into_keypair()?; @@ -65,7 +69,8 @@ fn sign(sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Cert) } /// Verifies the given message. -fn verify(sink: &mut dyn Write, signed_message: &[u8], sender: &openpgp::Cert) +fn verify(p: &dyn Policy, sink: &mut dyn Write, + signed_message: &[u8], sender: &openpgp::Cert) -> openpgp::Result<()> { // Make a helper that that feeds the sender's public key to the // verifier. @@ -74,7 +79,7 @@ fn verify(sink: &mut dyn Write, signed_message: &[u8], sender: &openpgp::Cert) }; // Now, create a verifier with a helper using the given Certs. - let mut verifier = Verifier::from_bytes(signed_message, helper, None)?; + let mut verifier = Verifier::from_bytes(p, signed_message, helper, None)?; // Verify the data. io::copy(&mut verifier, sink)?; diff --git a/openpgp/examples/notarize.rs b/openpgp/examples/notarize.rs index 5d14ff9e..62042e60 100644 --- a/openpgp/examples/notarize.rs +++ b/openpgp/examples/notarize.rs @@ -12,8 +12,10 @@ use crate::openpgp::{ serialize::Serialize, }; use crate::openpgp::serialize::stream::{Message, LiteralWriter, Signer}; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); let args: Vec<String> = env::args().collect(); if args.len() < 2 { panic!("A simple notarizing filter.\n\n\ @@ -29,7 +31,7 @@ fn main() { let mut n = 0; for key in tsk.keys() - .policy(None).alive().revoked(false).for_signing().secret() + .set_policy(p, None).alive().revoked(false).for_signing().secret() .map(|ka| ka.key()) { keys.push({ diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs index f0792d4e..68efa655 100644 --- a/openpgp/examples/pad.rs +++ b/openpgp/examples/pad.rs @@ -13,8 +13,10 @@ use crate::openpgp::serialize::stream::{ Message, LiteralWriter, Encryptor, Recipient, }; use crate::openpgp::serialize::padding::*; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); let args: Vec<String> = env::args().collect(); if args.len() < 3 { panic!("A simple encryption filter.\n\n\ @@ -41,7 +43,7 @@ fn main() { .iter() .flat_map(|cert| { cert.keys() - .policy(None).alive().revoked(false).key_flags(&mode) + .set_policy(p, None).alive().revoked(false).key_flags(&mode) }) .map(|ka| Recipient::new(KeyID::wildcard(), ka.key())) .collect::<Vec<_>>(); diff --git a/openpgp/examples/sign-detached.rs b/openpgp/examples/sign-detached.rs index 4d228f34..e93cd0e2 100644 --- a/openpgp/examples/sign-detached.rs +++ b/openpgp/examples/sign-detached.rs @@ -8,8 +8,10 @@ extern crate sequoia_openpgp as openpgp; use crate::openpgp::armor; use crate::openpgp::parse::Parse; use crate::openpgp::serialize::stream::{Message, Signer}; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); let args: Vec<String> = env::args().collect(); if args.len() < 2 { panic!("A simple filter creating a detached signature.\n\n\ @@ -25,7 +27,7 @@ fn main() { let mut n = 0; for key in tsk - .keys().policy(None).alive().revoked(false).for_signing().secret() + .keys().set_policy(p, None).alive().revoked(false).for_signing().secret() .map(|ka| ka.key()) { keys.push({ diff --git a/openpgp/examples/sign.rs b/openpgp/examples/sign.rs index b6bedeb4..85565b2e 100644 --- a/openpgp/examples/sign.rs +++ b/openpgp/examples/sign.rs @@ -7,8 +7,10 @@ extern crate sequoia_openpgp as openpgp; use crate::openpgp::armor; use crate::openpgp::parse::Parse; use crate::openpgp::serialize::stream::{Message, LiteralWriter, Signer}; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); let args: Vec<String> = env::args().collect(); if args.len() < 2 { panic!("A simple signing filter.\n\n\ @@ -24,7 +26,7 @@ fn main() { let mut n = 0; for key in tsk.keys() - .policy(None).alive().revoked(false).for_signing().secret() + .set_policy(p, None).alive().revoked(false).for_signing().secret() .map(|ka| ka.key()) { keys.push({ |