openpgp: Add Cert::into_packets2, TSK::into_packets.

- Cert::into_packet is problematic because it does not protect from accidentally leaking secret key material. The documentation even warns about that, but it still happened. Hence, this is a violation of our safe-by-default principle guiding the API, and we should fix it. - The replacement, Cert::into_packets2, strips secret key material just as serializing a cert does. To convert to a sequence of packets while keeping the secret key material, a new function is added: TSK::into_packets, analogous to how TSK serializes secret key material.
author: Justus Winter <justus@sequoia-pgp.org> 2023-12-12 15:07:28 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2024-01-25 11:20:05 +0100
commit: aefc8b19e401ed6a94a582dc91dd83ff1a94143a (patch)
tree: 927682297cc918fae00edbe8ad21121459965b14 /openpgp/tests/for-each-artifact.rs
parent: 187baefa7b38288b929b74b8200bf461796af18c (diff)
1 files changed, 29 insertions, 2 deletions
diff --git a/openpgp/tests/for-each-artifact.rs b/openpgp/tests/for-each-artifact.rs
index 4d22840d..cb729dc5 100644
--- a/openpgp/tests/for-each-artifact.rs
+++ b/openpgp/tests/for-each-artifact.rs
@@ -118,8 +118,8 @@ mod for_each_artifact {
             if p != q {
                 eprintln!("roundtripping {:?} failed", src);
 
-                let p_: Vec<_> = p.clone().into_packets().collect();
-                let q_: Vec<_> = q.clone().into_packets().collect();
+                let p_: Vec<_> = p.clone().as_tsk().into_packets().collect();
+                let q_: Vec<_> = q.clone().as_tsk().into_packets().collect();
                 eprintln!("original: {} packets; roundtripped: {} packets",
                           p_.len(), q_.len());
 
@@ -141,6 +141,33 @@ mod for_each_artifact {
             assert_eq!(v, w,
                        "Serialize and SerializeInto disagree on {:?}", p);
 
+            // Check that Cert::into_packets2() and Cert::to_vec()
+            // agree.  (Cert::into_packets2() returns no secret keys if
+            // secret key material is present; Cert::to_vec only ever
+            // returns public keys.)
+            let v = p.to_vec()?;
+            let mut buf = Vec::new();
+            for p in p.clone().into_packets2() {
+                p.serialize(&mut buf)?;
+            }
+            if let Err(_err) = diff_serialized(&buf, &v) {
+                panic!("Checking that \
+                        Cert::into_packets2() \
+                        and Cert::to_vec() agree.");
+            }
+
+            // Check that Cert::as_tsk().into_packets() and
+            // Cert::as_tsk().to_vec() agree.
+            let v = p.as_tsk().to_vec()?;
+            let mut buf = Vec::new();
+            for p in p.as_tsk().into_packets() {
+                p.serialize(&mut buf)?;
+            }
+            if let Err(_err) = diff_serialized(&buf, &v) {
+                panic!("Checking that Cert::as_tsk().into_packets() \
+                        and Cert::as_tsk().to_vec() agree.");
+            }
+
             // Check that
             // Cert::strip_secret_key_material().into_packets() and
             // Cert::to_vec() agree.  (Cert::into_packets() returns
author	Justus Winter <justus@sequoia-pgp.org>	2023-12-12 15:07:28 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2024-01-25 11:20:05 +0100
commit	aefc8b19e401ed6a94a582dc91dd83ff1a94143a (patch)
tree	927682297cc918fae00edbe8ad21121459965b14 /openpgp/tests/for-each-artifact.rs
parent	187baefa7b38288b929b74b8200bf461796af18c (diff)