openpgp: Improve tracking of secret keys.

  - We use marker traits to track with the type system if a Key has
    secret key material attached.  Previously, it was possible to
    subvert that by taking the secret key material using
    Key4::set_secret, creating a Key4<SecretParts, ..> without any
    secrets.

  - Related, the accessor functions returned an
    Option<SecretKeyMaterial> even for Key4<SecretParts, ..>.

  - Replace set_secret by add_secret and take_secret that also change
    the Key's type accordingly.  Make the accessors infallible if we
    know we have a secret key, rename Key4<P, R>::secret to
    Key4<P, R>::optional_secret to make the distinction clear.

  - Fixes #435.

1 files changed, 2 insertions, 2 deletions

diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs
index 0a39cd60..4ab19c8d 100644
--- a/openpgp/src/packet/pkesk.rs
+++ b/openpgp/src/packet/pkesk.rs
@@ -376,12 +376,12 @@ mod tests {
         let private_mpis = mpis::SecretKeyMaterial::ECDH {
             scalar: MPI::new(&sec[..]).into(),
         };
-        let mut key: key::UnspecifiedPublic
+        let key: key::UnspecifiedPublic
             = Key4::new(std::time::SystemTime::now(),
                         PublicKeyAlgorithm::ECDH,
                         public_mpis)
                 .unwrap().into();
-        key.set_secret(Some(private_mpis.into()));
+        let key = key.add_secret(private_mpis.into()).0;
         let sess_key = SessionKey::new(32);
         let pkesk = PKESK3::for_recipient(SymmetricAlgorithm::AES256, &sess_key,
                                           &key).unwrap();