diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-01-15 10:29:40 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-01-15 11:34:49 +0100 |
| commit | 263df5c5510a0685cc98274234456510aaa16713 (patch) | |
| tree | 86b2d7e04603c8833addce45bb357ac1b2c880be /sq | |
| parent | c69380439fe2dbe0d4ced968a273e21cd474f15e (diff) | |
sq: Push creation of mappings closer to the leafs.
Diffstat (limited to 'sq')
| -rw-r--r-- | sq/src/commands/decrypt.rs | 40 | ||||
| -rw-r--r-- | sq/src/commands/mod.rs | 35 | ||||
| -rw-r--r-- | sq/src/sq.rs | 21 |
3 files changed, 45 insertions, 51 deletions
diff --git a/sq/src/commands/decrypt.rs b/sq/src/commands/decrypt.rs index a2d24514..31d4ab33 100644 --- a/sq/src/commands/decrypt.rs +++ b/sq/src/commands/decrypt.rs @@ -5,7 +5,6 @@ use std::io; use rpassword; use sequoia_openpgp as openpgp; -use sequoia_core::Context; use crate::openpgp::types::SymmetricAlgorithm; use crate::openpgp::fmt::hex; use crate::openpgp::crypto::{self, SessionKey}; @@ -21,12 +20,17 @@ use crate::openpgp::parse::stream::{ VerificationHelper, DecryptionHelper, DecryptorBuilder, MessageStructure, }; use crate::openpgp::policy::Policy; -use sequoia_store as store; -use super::{dump::PacketDumper, VHelper}; +use crate::{ + Config, + commands::{ + dump::PacketDumper, + VHelper, + }, +}; -struct Helper<'a> { - vhelper: VHelper<'a>, +struct Helper { + vhelper: VHelper, secret_keys: HashMap<KeyID, Key<key::SecretParts, key::UnspecifiedRole>>, key_identities: HashMap<KeyID, Fingerprint>, @@ -35,12 +39,11 @@ struct Helper<'a> { dumper: Option<PacketDumper>, } -impl<'a> Helper<'a> { - fn new(ctx: &'a Context, policy: &'a dyn Policy, - mapping: &'a mut store::Mapping, - signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, - dump_session_key: bool, dump: bool) - -> Self +impl Helper { + fn new<'a>(config: Config, policy: &'a dyn Policy, + signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, + dump_session_key: bool, dump: bool) + -> Self { let mut keys = HashMap::new(); let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new(); @@ -68,7 +71,7 @@ impl<'a> Helper<'a> { } Helper { - vhelper: VHelper::new(ctx, mapping, signatures, certs), + vhelper: VHelper::new(config, signatures, certs), secret_keys: keys, key_identities: identities, key_hints: hints, @@ -109,7 +112,7 @@ impl<'a> Helper<'a> { } } -impl<'a> VerificationHelper for Helper<'a> { +impl VerificationHelper for Helper { fn inspect(&mut self, pp: &PacketParser) -> Result<()> { if let Some(dumper) = self.dumper.as_mut() { dumper.packet(&mut io::stderr(), @@ -128,7 +131,7 @@ impl<'a> VerificationHelper for Helper<'a> { } } -impl<'a> DecryptionHelper for Helper<'a> { +impl DecryptionHelper for Helper { fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK], sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> openpgp::Result<Option<Fingerprint>> @@ -274,14 +277,14 @@ impl<'a> DecryptionHelper for Helper<'a> { } } -pub fn decrypt(ctx: &Context, policy: &dyn Policy, mapping: &mut store::Mapping, +pub fn decrypt(config: Config, policy: &dyn Policy, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, dump_session_key: bool, dump: bool, hex: bool) -> Result<()> { - let helper = Helper::new(ctx, policy, mapping, signatures, certs, secrets, + let helper = Helper::new(config, policy, signatures, certs, secrets, dump_session_key, dump || hex); let mut decryptor = DecryptorBuilder::from_reader(input)? .mapping(hex) @@ -298,14 +301,13 @@ pub fn decrypt(ctx: &Context, policy: &dyn Policy, mapping: &mut store::Mapping, return Ok(()); } -pub fn decrypt_unwrap(ctx: &Context, policy: &dyn Policy, - mapping: &mut store::Mapping, +pub fn decrypt_unwrap(config: Config, policy: &dyn Policy, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, secrets: Vec<Cert>, dump_session_key: bool) -> Result<()> { - let mut helper = Helper::new(ctx, policy, mapping, 0, Vec::new(), secrets, + let mut helper = Helper::new(config, policy, 0, Vec::new(), secrets, dump_session_key, false); let mut ppr = PacketParser::from_reader(input)?; diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index 0c4728ef..330c71bd 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -7,7 +7,6 @@ use std::time::SystemTime; use rpassword; use sequoia_openpgp as openpgp; -use sequoia_core::Context; use crate::openpgp::types::{ CompressionAlgorithm, }; @@ -28,6 +27,10 @@ use crate::openpgp::serialize::stream::{ use crate::openpgp::policy::Policy; use sequoia_store as store; +use crate::{ + Config, +}; + pub mod decrypt; pub use self::decrypt::decrypt; mod sign; @@ -196,9 +199,8 @@ pub fn encrypt<'a>(policy: &'a dyn Policy, Ok(()) } -struct VHelper<'a> { - ctx: &'a Context, - mapping: &'a mut store::Mapping, +struct VHelper { + config: Config, signatures: usize, certs: Option<Vec<Cert>>, labels: HashMap<KeyID, String>, @@ -211,13 +213,12 @@ struct VHelper<'a> { broken_signatures: usize, } -impl<'a> VHelper<'a> { - fn new(ctx: &'a Context, mapping: &'a mut store::Mapping, signatures: usize, +impl VHelper { + fn new(config: Config, signatures: usize, certs: Vec<Cert>) -> Self { VHelper { - ctx: ctx, - mapping: mapping, + config, signatures: signatures, certs: Some(certs), labels: HashMap::new(), @@ -323,7 +324,7 @@ impl<'a> VHelper<'a> { } } -impl<'a> VerificationHelper for VHelper<'a> { +impl VerificationHelper for VHelper { fn get_certs(&mut self, ids: &[openpgp::KeyHandle]) -> Result<Vec<Cert>> { let mut certs = self.certs.take().unwrap(); // Get all keys. @@ -335,12 +336,19 @@ impl<'a> VerificationHelper for VHelper<'a> { // Explicitly provided keys are trusted. self.trusted = seen.clone(); + use sequoia_store::Mapping; + let mapping = Mapping::open(&self.config.context, + self.config.network_policy, + &self.config.realm_name, + &self.config.mapping_name) + .context("Failed to open the mapping")?; + // Try to get missing Certs from the mapping. for id in ids.iter().map(|i| KeyID::from(i)) .filter(|i| !seen.contains(i)) { let _ = - self.mapping.lookup_by_subkeyid(&id) + mapping.lookup_by_subkeyid(&id) .and_then(|binding| { self.labels.insert(id.clone(), binding.label()?); @@ -363,7 +371,7 @@ impl<'a> VerificationHelper for VHelper<'a> { .filter(|i| !seen.contains(i)) { let _ = - store::Store::lookup_by_subkeyid(self.ctx, &id) + store::Store::lookup_by_subkeyid(&self.config.context, &id) .and_then(|key| { // Keys from the pool are NOT trusted. key.cert() @@ -403,14 +411,13 @@ impl<'a> VerificationHelper for VHelper<'a> { } } -pub fn verify(ctx: &Context, policy: &dyn Policy, - mapping: &mut store::Mapping, +pub fn verify(config: Config, policy: &dyn Policy, input: &mut (dyn io::Read + Sync + Send), detached: Option<&mut (dyn io::Read + Sync + Send)>, output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>) -> Result<()> { - let helper = VHelper::new(ctx, mapping, signatures, certs); + let helper = VHelper::new(config, signatures, certs); let helper = if let Some(dsig) = detached { let mut v = DetachedVerifierBuilder::from_reader(dsig)? .with_policy(policy, None, helper)?; diff --git a/sq/src/sq.rs b/sq/src/sq.rs index d84c51e8..148ea8e0 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -306,12 +306,7 @@ fn main() -> Result<()> { let secrets = m.values_of("secret-key-file") .map(load_keys) .unwrap_or(Ok(vec![]))?; - let mut mapping = Mapping::open(&config.context, - config.network_policy, - &config.realm_name, - &config.mapping_name) - .context("Failed to open the mapping")?; - commands::decrypt(&config.context, policy, &mut mapping, + commands::decrypt(config, policy, &mut input, &mut output, signatures, certs, secrets, m.is_present("dump-session-key"), @@ -405,12 +400,7 @@ fn main() -> Result<()> { let certs = m.values_of("sender-cert-file") .map(load_certs) .unwrap_or(Ok(vec![]))?; - let mut mapping = Mapping::open(&config.context, - config.network_policy, - &config.realm_name, - &config.mapping_name) - .context("Failed to open the mapping")?; - commands::verify(&config.context, policy, &mut mapping, &mut input, + commands::verify(config, policy, &mut input, detached.as_mut().map(|r| r as &mut (dyn io::Read + Sync + Send)), &mut output, signatures, certs)?; }, @@ -503,13 +493,8 @@ fn main() -> Result<()> { let secrets = m.values_of("secret-key-file") .map(load_keys) .unwrap_or(Ok(vec![]))?; - let mut mapping = Mapping::open(&config.context, - config.network_policy, - &config.realm_name, - &config.mapping_name) - .context("Failed to open the mapping")?; commands::decrypt::decrypt_unwrap( - &config.context, policy, &mut mapping, + config, policy, &mut input, &mut output, secrets, m.is_present("dump-session-key"))?; output.finalize()?; |