diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-06-27 17:12:26 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-06-27 17:12:26 +0200 |
commit | 0e026f8ac794a70012d36e662a0b54ad0888d890 (patch) | |
tree | 0c905dc768cea33dd3cd416398c00f489af953e9 /tool | |
parent | 9ce35cc2c757fae1338a356354608cf1d6fa563f (diff) |
openpgp: Rework secret key handling.
- Introduce two new types, `Encrypted` and `Unencrypted`, to make
the fields of enum `SecretKey` private. Add accessors, implement
From<..> to make the new types ergonomic to use, update callsites.
Diffstat (limited to 'tool')
-rw-r--r-- | tool/src/commands/dump.rs | 16 | ||||
-rw-r--r-- | tool/src/commands/mod.rs | 11 | ||||
-rw-r--r-- | tool/tests/sq-sign.rs | 4 |
3 files changed, 14 insertions, 17 deletions
diff --git a/tool/src/commands/dump.rs b/tool/src/commands/dump.rs index 39b37cee..57ee8deb 100644 --- a/tool/src/commands/dump.rs +++ b/tool/src/commands/dump.rs @@ -364,15 +364,15 @@ impl PacketDumper { } if let Some(secrets) = k.secret() { + use openpgp::packet::key::SecretKey; use openpgp::crypto::mpis::SecretKey::*; writeln!(output, "{}", i)?; writeln!(output, "{} Secret Key:", i)?; let ii = format!("{} ", i); match secrets { - openpgp::packet::key::SecretKey::Unencrypted { - mpis, - } => match mpis { + SecretKey::Unencrypted(ref u) => match u.mpis() + { RSA { d, p, q, u } => self.dump_mpis(output, &ii, &[&d.value, &p.value, &q.value, @@ -410,15 +410,13 @@ impl PacketDumper { &["rest"])?; }, }, - openpgp::packet::key::SecretKey::Encrypted { - s2k, algorithm, ciphertext, - } => { + SecretKey::Encrypted(ref e) => { writeln!(output, "{}", i)?; write!(output, "{} S2K: ", ii)?; - self.dump_s2k(output, &ii, s2k)?; + self.dump_s2k(output, &ii, e.s2k())?; writeln!(output, "{} Sym. algo: {}", ii, - algorithm)?; - self.dump_mpis(output, &ii, &[&ciphertext[..]], + e.algo())?; + self.dump_mpis(output, &ii, &[e.ciphertext()], &["ciphertext"])?; }, } diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 0f729968..298295f2 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -50,19 +50,18 @@ fn get_signing_keys(tpks: &[openpgp::TPK]) -> Result<Vec<crypto::KeyPair>> { .map(|k| k.2) { if let Some(mut secret) = key.secret() { - let secret_mpis = match secret { - SecretKey::Encrypted { .. } => { + let unencrypted = match secret { + SecretKey::Encrypted(ref e) => { let password = rpassword::read_password_from_tty(Some( &format!("Please enter password to decrypt {}/{}: ", tsk, key))).unwrap(); - secret.decrypt(key.pk_algo(), &password.into()) + e.decrypt(key.pk_algo(), &password.into()) .expect("decryption failed") }, - SecretKey::Unencrypted { ref mpis } => - mpis.clone(), + SecretKey::Unencrypted(ref u) => u.clone(), }; - keys.push(crypto::KeyPair::new(key.clone(), secret_mpis) + keys.push(crypto::KeyPair::new(key.clone(), unencrypted) .unwrap()); break 'next_tpk; } diff --git a/tool/tests/sq-sign.rs b/tool/tests/sq-sign.rs index 378bb48d..7fd4d575 100644 --- a/tool/tests/sq-sign.rs +++ b/tool/tests/sq-sign.rs @@ -210,10 +210,10 @@ fn sq_sign_append_on_compress_then_sign() { .unwrap(); let key = tsk.keys_all().signing_capable().nth(0).unwrap().2; let sec = match key.secret() { - Some(SecretKey::Unencrypted { ref mpis }) => mpis, + Some(SecretKey::Unencrypted(ref u)) => u.clone(), _ => unreachable!(), }; - let mut keypair = KeyPair::new(key.clone(), sec.clone()).unwrap(); + let mut keypair = KeyPair::new(key.clone(), sec).unwrap(); let signer = Signer::new(Message::new(File::create(&sig0).unwrap()), vec![&mut keypair], None) .unwrap(); |