openpgp: Rework unencrypted secret key handling.

- Instead of giving out references to the stored secret, use a new function Unencrypted::map that maps a given function over the secret. This allows us to encrypt the secret, and decrypt it on demand.
author: Justus Winter <justus@sequoia-pgp.org> 2019-06-28 15:56:23 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2019-07-16 12:19:46 +0200
commit: 7f65f84743a0c73bff69bbd5a87013bf4fb8f8b1 (patch)
tree: dd44206b698eb6b3c189e817503cbcb9d4468141 /openpgp/src/crypto/asymmetric.rs
parent: 05415fde3811e78483a8ee41c9399ba78528b64b (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs
index 60b7d6b0..49b95c0b 100644
--- a/openpgp/src/crypto/asymmetric.rs
+++ b/openpgp/src/crypto/asymmetric.rs
@@ -88,8 +88,9 @@ impl Signer for KeyPair {
 
         let mut rng = Yarrow::default();
 
-        #[allow(deprecated)]
-        match (self.public.pk_algo(), self.public.mpis(), &self.secret.mpis())
+        self.secret.map(|secret| {
+            #[allow(deprecated)]
+            match (self.public.pk_algo(), self.public.mpis(), secret)
         {
             (RSASign,
              &PublicKey::RSA { ref e, ref n },
@@ -198,7 +199,7 @@ impl Signer for KeyPair {
                 "unsupported combination of algorithm {:?}, key {:?}, \
                  and secret key {:?}",
                 pk_algo, self.public, self.secret)).into()),
-        }
+        }})
     }
 }
 
@@ -215,7 +216,8 @@ impl Decryptor for KeyPair {
         use crate::crypto::mpis::PublicKey;
         use nettle::rsa;
 
-        Ok(match (self.public.mpis(), &self.secret.mpis(), ciphertext)
+        self.secret.map(
+            |secret| Ok(match (self.public.mpis(), secret, ciphertext)
         {
             (PublicKey::RSA{ ref e, ref n },
              mpis::SecretKey::RSA{ ref p, ref q, ref d, .. },
@@ -237,15 +239,14 @@ impl Decryptor for KeyPair {
             (PublicKey::ECDH{ .. },
              mpis::SecretKey::ECDH { .. },
              mpis::Ciphertext::ECDH { .. }) =>
-                crate::crypto::ecdh::decrypt(&self.public, &self.secret.mpis(),
-                                        ciphertext)?,
+                crate::crypto::ecdh::decrypt(&self.public, secret, ciphertext)?,
 
             (public, secret, ciphertext) =>
                 return Err(Error::InvalidOperation(format!(
                     "unsupported combination of key pair {:?}/{:?} \
                      and ciphertext {:?}",
                     public, secret, ciphertext)).into()),
-        })
+        }))
     }
 }
author	Justus Winter <justus@sequoia-pgp.org>	2019-06-28 15:56:23 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2019-07-16 12:19:46 +0200
commit	7f65f84743a0c73bff69bbd5a87013bf4fb8f8b1 (patch)
tree	dd44206b698eb6b3c189e817503cbcb9d4468141 /openpgp/src/crypto/asymmetric.rs
parent	05415fde3811e78483a8ee41c9399ba78528b64b (diff)