diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-11-28 15:27:33 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-11-28 16:26:43 +0100 |
| commit | bbbc6da375d6584c7b2bcc74e838fff943f489d4 (patch) | |
| tree | 0a965698c96dbc0fc8541c6adc2224935b68bc07 /openpgp/src | |
| parent | f53c77752ff04c3713c175a76a06723042e681ae (diff) | |
Call TPKs Certificates, update identifiers, documentation.
- Fixes #387.
Diffstat (limited to 'openpgp/src')
| -rw-r--r-- | openpgp/src/armor.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/autocrypt.rs | 98 | ||||
| -rw-r--r-- | openpgp/src/cert/bindings.rs (renamed from openpgp/src/tpk/bindings.rs) | 122 | ||||
| -rw-r--r-- | openpgp/src/cert/builder.rs (renamed from openpgp/src/tpk/builder.rs) | 154 | ||||
| -rw-r--r-- | openpgp/src/cert/keyiter.rs (renamed from openpgp/src/tpk/keyiter.rs) | 74 | ||||
| -rw-r--r-- | openpgp/src/cert/mod.rs (renamed from openpgp/src/tpk/mod.rs) | 1070 | ||||
| -rw-r--r-- | openpgp/src/cert/parser/low_level/grammar.lalrpop (renamed from openpgp/src/tpk/parser/low_level/grammar.lalrpop) | 26 | ||||
| -rw-r--r-- | openpgp/src/cert/parser/low_level/grammar.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/cert/parser/low_level/lexer.rs (renamed from openpgp/src/tpk/parser/low_level/lexer.rs) | 8 | ||||
| -rw-r--r-- | openpgp/src/cert/parser/low_level/mod.rs (renamed from openpgp/src/tpk/parser/low_level/mod.rs) | 16 | ||||
| -rw-r--r-- | openpgp/src/cert/parser/mod.rs (renamed from openpgp/src/tpk/parser/mod.rs) | 302 | ||||
| -rw-r--r-- | openpgp/src/cert/revoke.rs (renamed from openpgp/src/tpk/revoke.rs) | 142 | ||||
| -rw-r--r-- | openpgp/src/crypto/hash.rs | 28 | ||||
| -rw-r--r-- | openpgp/src/crypto/keygrip.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/crypto/mpis.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/lib.rs | 16 | ||||
| -rw-r--r-- | openpgp/src/packet/key/mod.rs | 22 | ||||
| -rw-r--r-- | openpgp/src/packet/pkesk.rs | 22 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/mod.rs | 28 | ||||
| -rw-r--r-- | openpgp/src/packet/tag.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/parse/packet_parser_builder.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/parse/parse.rs | 70 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 118 | ||||
| -rw-r--r-- | openpgp/src/serialize/cert.rs (renamed from openpgp/src/serialize/tpk.rs) | 290 | ||||
| -rw-r--r-- | openpgp/src/serialize/cert_armored.rs (renamed from openpgp/src/serialize/tpk_armored.rs) | 66 | ||||
| -rw-r--r-- | openpgp/src/serialize/mod.rs | 30 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 50 | ||||
| -rw-r--r-- | openpgp/src/tests.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/tpk/parser/low_level/grammar.rs | 2 |
29 files changed, 1390 insertions, 1390 deletions
diff --git a/openpgp/src/armor.rs b/openpgp/src/armor.rs index 86c22f2a..12456ade 100644 --- a/openpgp/src/armor.rs +++ b/openpgp/src/armor.rs @@ -58,7 +58,7 @@ pub enum Kind { /// validated, in this crate's terminology, this is just a /// `PacketPile`.) Message, - /// A transferable public key. + /// A certificate. PublicKey, /// A transferable secret key. SecretKey, diff --git a/openpgp/src/autocrypt.rs b/openpgp/src/autocrypt.rs index d283ca1d..0b848ec3 100644 --- a/openpgp/src/autocrypt.rs +++ b/openpgp/src/autocrypt.rs @@ -25,7 +25,7 @@ use crate::Error; use crate::Result; use crate::Packet; use crate::packet::SKESK; -use crate::TPK; +use crate::Cert; use crate::parse::{ Parse, PacketParserResult, PacketParser, @@ -80,7 +80,7 @@ pub struct AutocryptHeader { pub header_type: AutocryptHeaderType, /// The parsed key data. - pub key: Option<TPK>, + pub key: Option<Cert>, /// All attributes. pub attributes: Vec<Attribute>, @@ -96,22 +96,22 @@ impl AutocryptHeader { } /// Creates a new "Autocrypt" header. - pub fn new_sender<'a, P>(tpk: &TPK, addr: &str, prefer_encrypt: P) + pub fn new_sender<'a, P>(cert: &Cert, addr: &str, prefer_encrypt: P) -> Result<Self> where P: Into<Option<&'a str>> { use crate::packet::key; - // Minimize TPK. + // Minimize Cert. let mut acc = Vec::new(); // The primary key and the most recent selfsig. - acc.push(tpk.primary().clone().into()); - tpk.direct_signatures().iter().take(1) + acc.push(cert.primary().clone().into()); + cert.direct_signatures().iter().take(1) .for_each(|s| acc.push(s.clone().into())); // The subkeys and the most recent selfsig. - for skb in tpk.subkeys() { + for skb in cert.subkeys() { // Skip if revoked. if ! skb.self_revocations().is_empty() || ! skb.other_revocations().is_empty() @@ -126,7 +126,7 @@ impl AutocryptHeader { } // The UserIDs matching ADDR. - for uidb in tpk.userids() { + for uidb in cert.userids() { // XXX: Fix match once we have the rfc2822-name-addr. if let Ok(Some(a)) = uidb.userid().email() { if &a == addr { @@ -143,11 +143,11 @@ impl AutocryptHeader { } } - let cleaned_tpk = TPK::from_packet_pile(acc.into())?; + let cleaned_cert = Cert::from_packet_pile(acc.into())?; Ok(AutocryptHeader { header_type: AutocryptHeaderType::Sender, - key: Some(cleaned_tpk), + key: Some(cleaned_cert), attributes: vec![ Attribute { critical: true, @@ -255,8 +255,8 @@ impl AutocryptHeaders { if key == "keydata" { if let Ok(decoded) = base64::decode( &value.replace(" ", "")[..]) { - if let Ok(tpk) = TPK::from_bytes(&decoded[..]) { - header.key = Some(tpk); + if let Ok(cert) = Cert::from_bytes(&decoded[..]) { + header.key = Some(cert); } } } @@ -323,11 +323,11 @@ pub struct AutocryptSetupMessage { // passcode. passcode_begin: Option<String>, - tpk: TPK, + cert: Cert, } impl AutocryptSetupMessage { - /// Creates a new Autocrypt Setup Message for the specified `TPK`. + /// Creates a new Autocrypt Setup Message for the specified `Cert`. /// /// You can set the `prefer_encrypt` setting, which defaults to /// "nopreference", using `set_prefer_encrypt`. @@ -337,13 +337,13 @@ impl AutocryptSetupMessage { /// /// To decode an Autocrypt Setup Message, use the `from_bytes` or /// `from_reader` methods. - pub fn new(tpk: TPK) -> Self { + pub fn new(cert: Cert) -> Self { AutocryptSetupMessage { prefer_encrypt: None, passcode: None, passcode_format: None, passcode_begin: None, - tpk: tpk, + cert: cert, } } @@ -472,13 +472,13 @@ impl AutocryptSetupMessage { let mut w = LiteralWriter::new(w).build()?; - // The inner message is an ASCII-armored encoded TPK. + // The inner message is an ASCII-armored encoded Cert. let mut w = armor::Writer::new( &mut w, armor::Kind::SecretKey, &[ (&"Autocrypt-Prefer-Encrypt"[..], self.prefer_encrypt().unwrap_or(&"nopreference"[..])) ])?; - self.tpk.as_tsk().serialize(&mut w)?; + self.cert.as_tsk().serialize(&mut w)?; w.finalize()?; Ok(()) } @@ -597,10 +597,10 @@ impl AutocryptSetupMessage { }) } - /// Returns the TPK consuming the `AutocryptSetupMessage` in the + /// Returns the Cert consuming the `AutocryptSetupMessage` in the /// process. - pub fn into_tpk(self) -> TPK { - self.tpk + pub fn into_cert(self) -> Cert { + self.cert } } @@ -670,7 +670,7 @@ impl<'a> AutocryptSetupMessageParser<'a> { } // Get the literal data packet. - let (prefer_encrypt, tpk) = if let PacketParserResult::Some(mut pp) = ppr { + let (prefer_encrypt, cert) = if let PacketParserResult::Some(mut pp) = ppr { match pp.packet { Packet::Literal(_) => (), p => return Err(Error::MalformedMessage( @@ -680,8 +680,8 @@ impl<'a> AutocryptSetupMessageParser<'a> { } // The inner message consists of an ASCII-armored encoded - // TPK. - let (prefer_encrypt, tpk) = { + // Cert. + let (prefer_encrypt, cert) = { let mut r = armor::Reader::new( &mut pp, armor::ReaderMode::Tolerant( @@ -708,14 +708,14 @@ impl<'a> AutocryptSetupMessageParser<'a> { } }; - let tpk = TPK::from_reader(r)?; + let cert = Cert::from_reader(r)?; - (prefer_encrypt, tpk) + (prefer_encrypt, cert) }; ppr = pp.recurse()?.1; - (prefer_encrypt, tpk) + (prefer_encrypt, cert) } else { return Err( Error::MalformedMessage( @@ -761,7 +761,7 @@ impl<'a> AutocryptSetupMessageParser<'a> { passcode: self.passcode, passcode_format: self.passcode_format, passcode_begin: self.passcode_begin, - tpk: tpk, + cert: cert, }) } } @@ -902,12 +902,12 @@ In the light of the Efail vulnerability I am asking myself if it's assert_eq!(ac.headers[0].get("prefer-encrypt").unwrap().value, "mutual"); - let tpk = ac.headers[0].key.as_ref() + let cert = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().fingerprint(), + assert_eq!(cert.primary().fingerprint(), Fingerprint::from_hex( &"156962B0F3115069ACA970C68E3B03A279B772D6"[..]).unwrap()); - assert_eq!(tpk.userids().next().unwrap().userid().value(), + assert_eq!(cert.userids().next().unwrap().userid().value(), &b"holger krekel <holger@merlinux.eu>"[..]); @@ -925,12 +925,12 @@ In the light of the Efail vulnerability I am asking myself if it's assert!(ac.headers[0].get("prefer_encrypt").is_none()); - let tpk = ac.headers[0].key.as_ref() + let cert = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().fingerprint(), + assert_eq!(cert.primary().fingerprint(), Fingerprint::from_hex( &"D4AB192964F76A7F8F8A9B357BD18320DEADFA11"[..]).unwrap()); - assert_eq!(tpk.userids().next().unwrap().userid().value(), + assert_eq!(cert.userids().next().unwrap().userid().value(), &b"Vincent Breitmoser <look@my.amazin.horse>"[..]); @@ -948,12 +948,12 @@ In the light of the Efail vulnerability I am asking myself if it's assert!(ac.headers[0].get("prefer_encrypt").is_none()); - let tpk = ac.headers[0].key.as_ref() + let cert = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().fingerprint(), + assert_eq!(cert.primary().fingerprint(), Fingerprint::from_hex( &"4F9F89F5505AC1D1A260631CDB1187B9DD5F693B"[..]).unwrap()); - assert_eq!(tpk.userids().next().unwrap().userid().value(), + assert_eq!(cert.userids().next().unwrap().userid().value(), &b"Patrick Brunschwig <patrick@enigmail.net>"[..]); let ac2 = AutocryptHeaders::from_bytes(&PATRICK_UNFOLDED[..]).unwrap(); @@ -1039,18 +1039,18 @@ In the light of the Efail vulnerability I am asking myself if it's let asm = asm.parse().unwrap(); // A basic check to make sure we got the key. - assert_eq!(asm.into_tpk().fingerprint(), + assert_eq!(asm.into_cert().fingerprint(), Fingerprint::from_hex( "E604 68CE 44D7 7C3F CE9F D072 71DB C565 7FDE 65A7") .unwrap()); // Create an ASM for testy-private. Then decrypt it and make - // sure the TPK, etc. survived the round trip. - let tpk = - TPK::from_bytes(crate::tests::key("testy-private.pgp")).unwrap(); + // sure the Cert, etc. survived the round trip. + let cert = + Cert::from_bytes(crate::tests::key("testy-private.pgp")).unwrap(); - let mut asm = AutocryptSetupMessage::new(tpk) + let mut asm = AutocryptSetupMessage::new(cert) .set_prefer_encrypt("mutual"); let mut buffer = Vec::new(); asm.serialize(&mut buffer).unwrap(); @@ -1063,8 +1063,8 @@ In the light of the Efail vulnerability I am asking myself if it's #[test] fn autocrypt_header_new() { - let tpk = TPK::from_bytes(crate::tests::key("testy.pgp")).unwrap(); - let header = AutocryptHeader::new_sender(&tpk, "testy@example.org", + let cert = Cert::from_bytes(crate::tests::key("testy.pgp")).unwrap(); + let header = AutocryptHeader::new_sender(&cert, "testy@example.org", "mutual").unwrap(); let mut buf = Vec::new(); write!(&mut buf, "Autocrypt: ").unwrap(); @@ -1081,13 +1081,13 @@ In the light of the Efail vulnerability I am asking myself if it's assert_eq!(ac.headers[0].get("prefer-encrypt").unwrap().value, "mutual"); - let tpk = ac.headers[0].key.as_ref() + let cert = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(&tpk.primary().fingerprint().to_string(), + assert_eq!(&cert.primary().fingerprint().to_string(), "3E88 77C8 7727 4692 9751 89F5 D03F 6F86 5226 FE8B"); - assert_eq!(tpk.userids().len(), 1); - assert_eq!(tpk.subkeys().len(), 1); - assert_eq!(tpk.userids().next().unwrap().userid().value(), + assert_eq!(cert.userids().len(), 1); + assert_eq!(cert.subkeys().len(), 1); + assert_eq!(cert.userids().next().unwrap().userid().value(), &b"Testy McTestface <testy@example.org>"[..]); } } diff --git a/openpgp/src/tpk/bindings.rs b/openpgp/src/cert/bindings.rs index 2d111d7b..032c7ba2 100644 --- a/openpgp/src/tpk/bindings.rs +++ b/openpgp/src/cert/bindings.rs @@ -2,7 +2,7 @@ use std::time; use crate::Error; use crate::Result; -use crate::TPK; +use crate::Cert; use crate::types::{HashAlgorithm, SignatureType}; use crate::conversions::Time; use crate::crypto::Signer; @@ -11,7 +11,7 @@ use crate::packet::{UserID, UserAttribute, key, Key, signature, Signature}; impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// Creates a binding signature. /// - /// The signature binds this userid to `tpk`. `signer` will be used + /// The signature binds this userid to `cert`. `signer` will be used /// to create a signature using `signature` as builder. /// The`hash_algo` defaults to SHA512, `creation_time` to the /// current time. @@ -22,38 +22,38 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// /// # Example /// - /// This example demonstrates how to bind this key to a TPK. Note - /// that in general, the `TPKBuilder` is a better way to add - /// subkeys to a TPK. + /// This example demonstrates how to bind this key to a Cert. Note + /// that in general, the `CertBuilder` is a better way to add + /// subkeys to a Cert. /// /// ``` - /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, tpk::*}; + /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, cert::*}; /// # f().unwrap(); /// # fn f() -> Result<()> { - /// // Generate a TPK, and create a keypair from the primary key. - /// let (tpk, _) = TPKBuilder::new().generate()?; - /// let mut keypair = tpk.primary().clone() + /// // Generate a Cert, and create a keypair from the primary key. + /// let (cert, _) = CertBuilder::new().generate()?; + /// let mut keypair = cert.primary().clone() /// .mark_parts_secret()?.into_keypair()?; /// /// // Let's add an encryption subkey. /// let flags = KeyFlags::default().set_encrypt_at_rest(true); - /// assert_eq!(tpk.keys_valid().key_flags(flags.clone()).count(), 0); + /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0); /// /// // Generate a subkey and a binding signature. /// let subkey : key::SecretSubkey /// = Key4::generate_ecc(false, Curve::Cv25519)?.into(); /// let builder = signature::Builder::new(SignatureType::SubkeyBinding) /// .set_key_flags(&flags)?; - /// let binding = subkey.bind(&mut keypair, &tpk, builder, None)?; + /// let binding = subkey.bind(&mut keypair, &cert, builder, None)?; /// - /// // Now merge the key and binding signature into the TPK. - /// let tpk = tpk.merge_packets(vec![subkey.into(), + /// // Now merge the key and binding signature into the Cert. + /// let cert = cert.merge_packets(vec![subkey.into(), /// binding.into()])?; /// /// // Check that we have an encryption subkey. - /// assert_eq!(tpk.keys_valid().key_flags(flags).count(), 1); + /// assert_eq!(cert.keys_valid().key_flags(flags).count(), 1); /// # Ok(()) } - pub fn bind<T, R>(&self, signer: &mut dyn Signer<R>, tpk: &TPK, + pub fn bind<T, R>(&self, signer: &mut dyn Signer<R>, cert: &Cert, signature: signature::Builder, creation_time: T) -> Result<Signature> @@ -67,14 +67,14 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { }))? .set_issuer_fingerprint(signer.public().fingerprint())? .set_issuer(signer.public().keyid())? - .sign_subkey_binding(signer, tpk.primary(), self) + .sign_subkey_binding(signer, cert.primary(), self) } } impl UserID { /// Creates a binding signature. /// - /// The signature binds this userid to `tpk`. `signer` will be used + /// The signature binds this userid to `cert`. `signer` will be used /// to create a signature using `signature` as builder. /// The`hash_algo` defaults to SHA512, `creation_time` to the /// current time. @@ -85,33 +85,33 @@ impl UserID { /// /// # Example /// - /// This example demonstrates how to bind this userid to a TPK. - /// Note that in general, the `TPKBuilder` is a better way to add - /// userids to a TPK. + /// This example demonstrates how to bind this userid to a Cert. + /// Note that in general, the `CertBuilder` is a better way to add + /// userids to a Cert. /// /// ``` - /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, tpk::*}; + /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, cert::*}; /// # f().unwrap(); /// # fn f() -> Result<()> { - /// // Generate a TPK, and create a keypair from the primary key. - /// let (tpk, _) = TPKBuilder::new().generate()?; - /// let mut keypair = tpk.primary().clone() + /// // Generate a Cert, and create a keypair from the primary key. + /// let (cert, _) = CertBuilder::new().generate()?; + /// let mut keypair = cert.primary().clone() /// .mark_parts_secret()?.into_keypair()?; - /// assert_eq!(tpk.userids().len(), 0); + /// assert_eq!(cert.userids().len(), 0); /// /// // Generate a userid and a binding signature. /// let userid = UserID::from("test@example.org"); /// let builder = /// signature::Builder::new(SignatureType::PositiveCertificate); - /// let binding = userid.bind(&mut keypair, &tpk, builder, None)?; + /// let binding = userid.bind(&mut keypair, &cert, builder, None)?; /// - /// // Now merge the userid and binding signature into the TPK. - /// let tpk = tpk.merge_packets(vec![userid.into(), binding.into()])?; + /// // Now merge the userid and binding signature into the Cert. + /// let cert = cert.merge_packets(vec![userid.into(), binding.into()])?; /// /// // Check that we have a userid. - /// assert_eq!(tpk.userids().len(), 1); + /// assert_eq!(cert.userids().len(), 1); /// # Ok(()) } - pub fn bind<T, R>(&self, signer: &mut dyn Signer<R>, tpk: &TPK, + pub fn bind<T, R>(&self, signer: &mut dyn Signer<R>, cert: &Cert, signature: signature::Builder, creation_time: T) -> Result<Signature> @@ -126,12 +126,12 @@ impl UserID { .set_issuer_fingerprint(signer.public().fingerprint())? .set_issuer(signer.public().keyid())? .sign_userid_binding( - signer, tpk.primary(), self) + signer, cert.primary(), self) } /// Returns a certificate for the user id. /// - /// The signature binds this userid to `tpk`. `signer` will be + /// The signature binds this userid to `cert`. `signer` will be /// used to create a certification signature of type /// `signature_type`. `signature_type` defaults to /// `SignatureType::GenericCertificate`, `hash_algo` to SHA512, @@ -152,19 +152,19 @@ impl UserID { /// This example demonstrates how to certify a userid. /// /// ``` - /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, tpk::*}; + /// # use sequoia_openpgp::{*, packet::prelude::*, types::*, cert::*}; /// # f().unwrap(); /// # fn f() -> Result<()> { - /// // Generate a TPK, and create a keypair from the primary key. - /// let (alice, _) = TPKBuilder::new() + /// // Generate a Cert, and create a keypair from the primary key. + /// let (alice, _) = CertBuilder::new() /// .primary_keyflags(KeyFlags::default().set_certify(true)) /// .add_userid("alice@example.org") /// .generate()?; /// let mut keypair = alice.primary().clone() /// .mark_parts_secret()?.into_keypair()?; /// - /// // Generate a TPK for Bob. - /// let (bob, _) = TPKBuilder::new() + /// // Generate a Cert for Bob. + /// let (bob, _) = CertBuilder::new() /// .primary_keyflags(KeyFlags::default().set_certify(true)) /// .add_userid("bob@example.org") /// .generate()?; @@ -181,7 +181,7 @@ impl UserID { /// // Check that we have a certification on the userid. /// assert_eq!(bob.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } - pub fn certify<S, H, T, R>(&self, signer: &mut dyn Signer<R>, tpk: &TPK, + pub fn certify<S, H, T, R>(&self, signer: &mut dyn Signer<R>, cert: &Cert, signature_type: S, hash_algo: H, creation_time: T) -> Result<Signature> @@ -204,7 +204,7 @@ impl UserID { if let Some(algo) = hash_algo.into() { sig = sig.set_hash_algo(algo); } - self.bind(signer, tpk, sig, + self.bind(signer, cert, sig, // Unwrap arguments to prevent further // monomorphization of bind(). creation_time.into().unwrap_or_else(|| { @@ -216,7 +216,7 @@ impl UserID { impl UserAttribute { /// Creates a binding signature. /// - /// The signature binds this user attribute to `tpk`. `signer` + /// The signature binds this user attribute to `cert`. `signer` /// will be used to create a signature using `signature` as /// builder. The`hash_algo` defaults to SHA512, `creation_time` /// to the current time. @@ -228,20 +228,20 @@ impl UserAttribute { /// # Example /// /// This example demonstrates how to bind this user attribute to a - /// TPK. Note that in general, the `TPKBuilder` is a better way - /// to add userids to a TPK. + /// Cert. Note that in general, the `CertBuilder` is a better way + /// to add us |