diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-12-12 15:07:28 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2024-01-25 11:20:05 +0100 |
commit | aefc8b19e401ed6a94a582dc91dd83ff1a94143a (patch) | |
tree | 927682297cc918fae00edbe8ad21121459965b14 /openpgp/tests/for-each-artifact.rs | |
parent | 187baefa7b38288b929b74b8200bf461796af18c (diff) |
openpgp: Add Cert::into_packets2, TSK::into_packets.
- Cert::into_packet is problematic because it does not protect from
accidentally leaking secret key material. The documentation even
warns about that, but it still happened. Hence, this is a
violation of our safe-by-default principle guiding the API, and we
should fix it.
- The replacement, Cert::into_packets2, strips secret key material
just as serializing a cert does. To convert to a sequence of
packets while keeping the secret key material, a new function is
added: TSK::into_packets, analogous to how TSK serializes secret
key material.
Diffstat (limited to 'openpgp/tests/for-each-artifact.rs')
-rw-r--r-- | openpgp/tests/for-each-artifact.rs | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/openpgp/tests/for-each-artifact.rs b/openpgp/tests/for-each-artifact.rs index 4d22840d..cb729dc5 100644 --- a/openpgp/tests/for-each-artifact.rs +++ b/openpgp/tests/for-each-artifact.rs @@ -118,8 +118,8 @@ mod for_each_artifact { if p != q { eprintln!("roundtripping {:?} failed", src); - let p_: Vec<_> = p.clone().into_packets().collect(); - let q_: Vec<_> = q.clone().into_packets().collect(); + let p_: Vec<_> = p.clone().as_tsk().into_packets().collect(); + let q_: Vec<_> = q.clone().as_tsk().into_packets().collect(); eprintln!("original: {} packets; roundtripped: {} packets", p_.len(), q_.len()); @@ -141,6 +141,33 @@ mod for_each_artifact { assert_eq!(v, w, "Serialize and SerializeInto disagree on {:?}", p); + // Check that Cert::into_packets2() and Cert::to_vec() + // agree. (Cert::into_packets2() returns no secret keys if + // secret key material is present; Cert::to_vec only ever + // returns public keys.) + let v = p.to_vec()?; + let mut buf = Vec::new(); + for p in p.clone().into_packets2() { + p.serialize(&mut buf)?; + } + if let Err(_err) = diff_serialized(&buf, &v) { + panic!("Checking that \ + Cert::into_packets2() \ + and Cert::to_vec() agree."); + } + + // Check that Cert::as_tsk().into_packets() and + // Cert::as_tsk().to_vec() agree. + let v = p.as_tsk().to_vec()?; + let mut buf = Vec::new(); + for p in p.as_tsk().into_packets() { + p.serialize(&mut buf)?; + } + if let Err(_err) = diff_serialized(&buf, &v) { + panic!("Checking that Cert::as_tsk().into_packets() \ + and Cert::as_tsk().to_vec() agree."); + } + // Check that // Cert::strip_secret_key_material().into_packets() and // Cert::to_vec() agree. (Cert::into_packets() returns |