diff options
-rw-r--r-- | openpgp/src/cert/revoke.rs | 10 | ||||
-rw-r--r-- | openpgp/src/crypto/hash.rs | 24 | ||||
-rw-r--r-- | openpgp/src/packet/signature/mod.rs | 137 |
3 files changed, 101 insertions, 70 deletions
diff --git a/openpgp/src/cert/revoke.rs b/openpgp/src/cert/revoke.rs index 4342df59..bc7b36fd 100644 --- a/openpgp/src/cert/revoke.rs +++ b/openpgp/src/cert/revoke.rs @@ -12,6 +12,7 @@ use crate::types::{ use crate::crypto::hash::Hash; use crate::crypto::Signer; use crate::packet::{ + Key, key, signature, Signature, @@ -220,11 +221,12 @@ impl SubkeyRevocationBuilder { /// Returns a revocation certificate for the cert `Cert` signed by /// `signer`. - pub fn build<H>(mut self, signer: &mut dyn Signer, - cert: &Cert, key: &key::PublicSubkey, - hash_algo: H) + pub fn build<H, P>(mut self, signer: &mut dyn Signer, + cert: &Cert, key: &Key<P, key::SubordinateRole>, + hash_algo: H) -> Result<Signature> - where H: Into<Option<HashAlgorithm>> + where H: Into<Option<HashAlgorithm>>, + P: key::KeyParts, { let hash_algo = hash_algo.into().unwrap_or(HashAlgorithm::SHA512); let creation_time diff --git a/openpgp/src/crypto/hash.rs b/openpgp/src/crypto/hash.rs index 05bff4c6..292776c2 100644 --- a/openpgp/src/crypto/hash.rs +++ b/openpgp/src/crypto/hash.rs @@ -380,9 +380,10 @@ impl Signature { /// Returns the message digest of the direct key signature over /// the specified primary key. - pub fn hash_direct_key<'a, S>(sig: S, key: &key::PublicKey) + pub fn hash_direct_key<'a, P, S>(sig: S, key: &Key<P, key::PrimaryRole>) -> Result<Vec<u8>> - where S: Into<&'a signature::Builder> + where P: key::KeyParts, + S: Into<&'a signature::Builder>, { let sig = sig.into(); @@ -436,11 +437,12 @@ impl Signature { /// Returns the message digest of the user ID binding over the /// specified primary key, user ID, and signature. - pub fn hash_userid_binding<'a, S>(sig: S, - key: &key::PublicKey, - userid: &UserID) + pub fn hash_userid_binding<'a, P, S>(sig: S, + key: &Key<P, key::PrimaryRole>, + userid: &UserID) -> Result<Vec<u8>> - where S: Into<&'a signature::Builder> + where P: key::KeyParts, + S: Into<&'a signature::Builder> { let sig = sig.into(); let mut h = sig.hash_algo().context()?; @@ -456,11 +458,13 @@ impl Signature { /// Returns the message digest of the user attribute binding over /// the specified primary key, user attribute, and signature. - pub fn hash_user_attribute_binding<'a, S>(sig: S, - key: &key::PublicKey, - ua: &UserAttribute) + pub fn hash_user_attribute_binding<'a, P, S>( + sig: S, + key: &Key<P, key::PrimaryRole>, + ua: &UserAttribute) -> Result<Vec<u8>> - where S: Into<&'a signature::Builder> + where P: key::KeyParts, + S: Into<&'a signature::Builder>, { let sig = sig.into(); diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 5480fec6..2b711b87 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -178,10 +178,11 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. - pub fn sign_userid_binding(mut self, signer: &mut dyn Signer, - key: &key::PublicKey, - userid: &UserID) + pub fn sign_userid_binding<P>(mut self, signer: &mut dyn Signer, + key: &Key<P, key::PrimaryRole>, + userid: &UserID) -> Result<Signature> + where P: key::KeyParts, { self.pk_algo = signer.public().pk_algo(); let digest = Signature::hash_userid_binding(&self, key, userid)?; @@ -230,10 +231,11 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. - pub fn sign_user_attribute_binding(mut self, signer: &mut dyn Signer, - key: &key::PublicKey, - ua: &UserAttribute) + pub fn sign_user_attribute_binding<P>(mut self, signer: &mut dyn Signer, + key: &Key<P, key::PrimaryRole>, + ua: &UserAttribute) -> Result<Signature> + where P: key::KeyParts, { self.pk_algo = signer.public().pk_algo(); let digest = @@ -734,8 +736,9 @@ impl Signature4 { /// is not revoked, not expired, has a valid self-signature, has a /// subkey binding signature (if appropriate), has the signing /// capability, etc. - pub fn verify<R>(&self, key: &Key<key::PublicParts, R>) -> Result<bool> - where R: key::KeyRole + pub fn verify<P, R>(&self, key: &Key<P, R>) -> Result<bool> + where P: key::KeyParts, + R: key::KeyRole, { if !(self.typ() == SignatureType::Binary || self.typ() == SignatureType::Text) { @@ -762,9 +765,9 @@ impl Signature4 { /// is not revoked, not expired, has a valid self-signature, has a /// subkey binding signature (if appropriate), has the signing /// capability, etc. - pub fn verify_standalone<R>(&self, key: &Key<key::PublicParts, R>) - -> Result<bool> - where R: key::KeyRole + pub fn verify_standalone<P, R>(&self, key: &Key<P, R>) -> Result<bool> + where P: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::Standalone { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -789,9 +792,9 @@ impl Signature4 { /// is not revoked, not expired, has a valid self-signature, has a /// subkey binding signature (if appropriate), has the signing /// capability, etc. - pub fn verify_timestamp<R>(&self, key: &Key<key::PublicParts, R>) - -> Result<bool> - where R: key::KeyRole + pub fn verify_timestamp<P, R>(&self, key: &Key<P, R>) -> Result<bool> + where P: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::Timestamp { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -822,11 +825,13 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_direct_key<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey) + pub fn verify_direct_key<P, Q, R>(&self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::DirectKey { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -855,11 +860,13 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_primary_key_revocation<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey) + pub fn verify_primary_key_revocation<P, Q, R>(&self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::KeyRevocation { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -893,12 +900,16 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_subkey_binding<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - subkey: &key::PublicSubkey) + pub fn verify_subkey_binding<P, Q, R, S>( + &self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + subkey: &Key<S, key::SubordinateRole>) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, + S: key::KeyParts, { if self.typ() != SignatureType::SubkeyBinding { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -978,12 +989,16 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_subkey_revocation<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - subkey: &key::PublicSubkey) + pub fn verify_subkey_revocation<P, Q, R, S>( + &self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + subkey: &Key<S, key::SubordinateRole>) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, + S: key::KeyParts, { if self.typ() != SignatureType::SubkeyRevocation { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -1012,12 +1027,14 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_userid_binding<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - userid: &UserID) + pub fn verify_userid_binding<P, Q, R>(&self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + userid: &UserID) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if !(self.typ() == SignatureType::GenericCertification || self.typ() == SignatureType::PersonaCertification @@ -1049,12 +1066,14 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_userid_revocation<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - userid: &UserID) + pub fn verify_userid_revocation<P, Q, R>(&self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + userid: &UserID) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::CertificationRevocation { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -1083,12 +1102,14 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_user_attribute_binding<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - ua: &UserAttribute) + pub fn verify_user_attribute_binding<P, Q, R>(&self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + ua: &UserAttribute) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if !(self.typ() == SignatureType::GenericCertification || self.typ() == SignatureType::PersonaCertification @@ -1120,12 +1141,15 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_user_attribute_revocation<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey, - ua: &UserAttribute) + pub fn verify_user_attribute_revocation<P, Q, R>( + &self, + signer: &Key<P, R>, + pk: &Key<Q, key::PrimaryRole>, + ua: &UserAttribute) -> Result<bool> - where R: key::KeyRole + where P: key::KeyParts, + Q: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::CertificationRevocation { return Err(Error::UnsupportedSignatureType(self.typ()).into()); @@ -1154,11 +1178,12 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_message<R, M>(&self, signer: &Key<key::PublicParts, R>, - msg: M) + pub fn verify_message<M, P, R>(&self, signer: &Key<P, R>, + msg: M) -> Result<bool> - where R: key::KeyRole, - M: AsRef<[u8]>, + where M: AsRef<[u8]>, + P: key::KeyParts, + R: key::KeyRole, { if self.typ() != SignatureType::Binary && self.typ() != SignatureType::Text { |