diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-06-28 15:56:23 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-07-16 12:19:46 +0200 |
commit | 7f65f84743a0c73bff69bbd5a87013bf4fb8f8b1 (patch) | |
tree | dd44206b698eb6b3c189e817503cbcb9d4468141 /openpgp/src/crypto/asymmetric.rs | |
parent | 05415fde3811e78483a8ee41c9399ba78528b64b (diff) |
openpgp: Rework unencrypted secret key handling.
- Instead of giving out references to the stored secret, use a new
function Unencrypted::map that maps a given function over the
secret. This allows us to encrypt the secret, and decrypt it on
demand.
Diffstat (limited to 'openpgp/src/crypto/asymmetric.rs')
-rw-r--r-- | openpgp/src/crypto/asymmetric.rs | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs index 60b7d6b0..49b95c0b 100644 --- a/openpgp/src/crypto/asymmetric.rs +++ b/openpgp/src/crypto/asymmetric.rs @@ -88,8 +88,9 @@ impl Signer for KeyPair { let mut rng = Yarrow::default(); - #[allow(deprecated)] - match (self.public.pk_algo(), self.public.mpis(), &self.secret.mpis()) + self.secret.map(|secret| { + #[allow(deprecated)] + match (self.public.pk_algo(), self.public.mpis(), secret) { (RSASign, &PublicKey::RSA { ref e, ref n }, @@ -198,7 +199,7 @@ impl Signer for KeyPair { "unsupported combination of algorithm {:?}, key {:?}, \ and secret key {:?}", pk_algo, self.public, self.secret)).into()), - } + }}) } } @@ -215,7 +216,8 @@ impl Decryptor for KeyPair { use crate::crypto::mpis::PublicKey; use nettle::rsa; - Ok(match (self.public.mpis(), &self.secret.mpis(), ciphertext) + self.secret.map( + |secret| Ok(match (self.public.mpis(), secret, ciphertext) { (PublicKey::RSA{ ref e, ref n }, mpis::SecretKey::RSA{ ref p, ref q, ref d, .. }, @@ -237,15 +239,14 @@ impl Decryptor for KeyPair { (PublicKey::ECDH{ .. }, mpis::SecretKey::ECDH { .. }, mpis::Ciphertext::ECDH { .. }) => - crate::crypto::ecdh::decrypt(&self.public, &self.secret.mpis(), - ciphertext)?, + crate::crypto::ecdh::decrypt(&self.public, secret, ciphertext)?, (public, secret, ciphertext) => return Err(Error::InvalidOperation(format!( "unsupported combination of key pair {:?}/{:?} \ and ciphertext {:?}", public, secret, ciphertext)).into()), - }) + })) } } |