From 6ae9d4ec0661d21f1c1579b901d0cc400811c43c Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 17 Feb 2020 15:18:40 +0100 Subject: openpgp: Reduce the number of explicit key conversions. --- autocrypt/src/lib.rs | 5 ++--- guide/src/chapter_01.md | 28 ++++++++++++++++------------ guide/src/chapter_02.md | 21 +++++++++++++-------- openpgp/examples/decrypt-with.rs | 10 +++------- openpgp/examples/generate-encrypt-decrypt.rs | 5 +++-- openpgp/examples/generate-sign-verify.rs | 6 +++--- openpgp/src/cert/builder.rs | 12 +++++------- openpgp/src/serialize/cert.rs | 2 +- 8 files changed, 46 insertions(+), 43 deletions(-) diff --git a/autocrypt/src/lib.rs b/autocrypt/src/lib.rs index 95e6b297..f2aee4e9 100644 --- a/autocrypt/src/lib.rs +++ b/autocrypt/src/lib.rs @@ -112,9 +112,8 @@ impl AutocryptHeader { let mut acc = Vec::new(); // The primary key and the most recent selfsig. - let primary = cert.primary_key().bundle(); - acc.push(primary.key().clone().mark_role_primary().into()); - primary.self_signatures().iter().take(1) + acc.push(cert.primary_key().key().clone().into()); + cert.primary_key().bundle().self_signatures().iter().take(1) .for_each(|s| acc.push(s.clone().into())); // The subkeys and the most recent selfsig. diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index 178e8e83..0c891aab 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -57,9 +57,10 @@ fn main() { # -> openpgp::Result<()> # { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().with_policy(policy, None) -# .alive().revoked(false).for_signing().nth(0).unwrap() -# .key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk +# .keys().unencrypted_secret() +# .with_policy(policy, None).alive().revoked(false).for_signing() +# .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); @@ -211,9 +212,10 @@ fn generate() -> openpgp::Result { # -> openpgp::Result<()> # { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().with_policy(policy, None) -# .alive().revoked(false).for_signing().nth(0).unwrap() -# .key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk +# .keys().unencrypted_secret() +# .with_policy(policy, None).alive().revoked(false).for_signing() +# .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); @@ -365,9 +367,10 @@ fn sign(policy: &dyn Policy, -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. - let keypair = tsk.keys().with_policy(policy, None) - .alive().revoked(false).for_signing().nth(0).unwrap() - .key().clone().mark_parts_secret().unwrap().into_keypair()?; + let keypair = tsk + .keys().unencrypted_secret() + .with_policy(policy, None).alive().revoked(false).for_signing() + .nth(0).unwrap().key().clone().into_keypair()?; // Start streaming an OpenPGP message. let message = Message::new(sink); @@ -530,9 +533,10 @@ Verified data can be read from this using [`io::Read`]. # -> openpgp::Result<()> # { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().with_policy(policy, None) -# .alive().revoked(false).for_signing().nth(0).unwrap() -# .key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk +# .keys().unencrypted_secret() +# .with_policy(policy, None).alive().revoked(false).for_signing() +# .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 88dfe1d7..1d55e6d9 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -134,11 +134,12 @@ fn main() { # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.keys().with_policy(self.policy, None) +# let key = self.secret.keys().unencrypted_secret() +# .with_policy(self.policy, None) # .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. -# let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); +# let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) # .and_then(|(algo, session_key)| decrypt(algo, &session_key)) @@ -283,11 +284,12 @@ fn generate() -> openpgp::Result { # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.keys().with_policy(self.policy, None) +# let key = self.secret.keys().unencrypted_secret() +# .with_policy(self.policy, None) # .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. -# let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); +# let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) # .and_then(|(algo, session_key)| decrypt(algo, &session_key)) @@ -432,11 +434,12 @@ fn encrypt(policy: &dyn Policy, # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.keys().with_policy(self.policy, None) +# let key = self.secret.keys().unencrypted_secret() +# .with_policy(self.policy, None) # .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. -# let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); +# let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) # .and_then(|(algo, session_key)| decrypt(algo, &session_key)) @@ -594,11 +597,13 @@ impl<'a> DecryptionHelper for Helper<'a> { -> openpgp::Result> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { - let key = self.secret.keys().with_policy(self.policy, None) + // The encryption key is the first and only subkey. + let key = self.secret.keys().unencrypted_secret() + .with_policy(self.policy, None) .for_transport_encryption().nth(0).unwrap().key().clone(); // The secret key is not encrypted. - let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); + let mut pair = key.into_keypair().unwrap(); pkesks[0].decrypt(&mut pair, sym_algo) .and_then(|(algo, session_key)| decrypt(algo, &session_key)) diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 860c4a56..c4b9f56a 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -62,15 +62,11 @@ impl Helper { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys().with_policy(p, None) + for ka in cert.keys().unencrypted_secret().with_policy(p, None) .for_storage_encryption().for_transport_encryption() { - // This only works for unencrypted secret keys. - if let Ok(keypair) = - ka.key().clone().mark_parts_secret().unwrap().into_keypair() - { - keys.insert(ka.key().keyid(), keypair); - } + keys.insert(ka.key().keyid(), + ka.key().clone().into_keypair().unwrap()); } } diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 110c8b1a..55669c72 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -125,11 +125,12 @@ impl<'a> DecryptionHelper for Helper<'a> { -> openpgp::Result> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { - let key = self.secret.keys().with_policy(self.policy, None) + let key = self.secret.keys().unencrypted_secret() + .with_policy(self.policy, None) .for_transport_encryption().nth(0).unwrap().key().clone(); // The secret key is not encrypted. - let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); + let mut pair = key.into_keypair().unwrap(); pkesks[0].decrypt(&mut pair, sym_algo) .and_then(|(algo, session_key)| decrypt(algo, &session_key)) diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index 12709609..d371a812 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -45,9 +45,9 @@ fn sign(p: &dyn Policy, sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Ce -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. let keypair = tsk - .keys().with_policy(p, None).alive().revoked(false).for_signing() - .nth(0).unwrap() - .key().clone().mark_parts_secret().unwrap().into_keypair()?; + .keys().unencrypted_secret() + .with_policy(p, None).alive().revoked(false).for_signing() + .nth(0).unwrap().key().clone().into_keypair()?; // Start streaming an OpenPGP message. let message = Message::new(sink); diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 6f5c0f45..d0f81918 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -296,10 +296,9 @@ impl CertBuilder { // Generate & and self-sign primary key. let (primary, sig) = self.primary_key(creation_time)?; - let mut signer = primary.clone().mark_parts_secret().unwrap() - .into_keypair().unwrap(); + let mut signer = primary.clone().into_keypair().unwrap(); - packets.push(Packet::PublicKey({ + packets.push(Packet::SecretKey({ let mut primary = primary.clone(); if let Some(ref password) = self.password { primary.secret_mut().unwrap().encrypt_in_place(password)?; @@ -378,8 +377,7 @@ impl CertBuilder { builder = builder.set_embedded_signature(backsig)?; } - let signature = subkey.mark_parts_public_ref() - .bind(&mut signer, &cert, builder)?; + let signature = subkey.bind(&mut signer, &cert, builder)?; if let Some(ref password) = self.password { subkey.secret_mut().unwrap().encrypt_in_place(password)?; @@ -402,7 +400,7 @@ impl CertBuilder { } fn primary_key(&self, creation_time: std::time::SystemTime) - -> Result<(key::PublicKey, Signature)> + -> Result<(key::SecretKey, Signature)> { let mut key = self.primary.ciphersuite .unwrap_or(self.ciphersuite) @@ -423,7 +421,7 @@ impl CertBuilder { .expect("key generated above has a secret"); let sig = sig.sign_direct_key(&mut signer)?; - Ok((key.mark_parts_public(), sig.into())) + Ok((key, sig.into())) } } diff --git a/openpgp/src/serialize/cert.rs b/openpgp/src/serialize/cert.rs index 6e398265..c19c3b7b 100644 --- a/openpgp/src/serialize/cert.rs +++ b/openpgp/src/serialize/cert.rs @@ -759,7 +759,7 @@ mod test { let key: key::SecretSubkey = Key4::generate_ecc(false, Curve::Cv25519).unwrap().into(); - let key_binding = key.mark_parts_public_ref().bind( + let key_binding = key.bind( &mut keypair, &cert, signature::Builder::new(SignatureType::SubkeyBinding) .set_key_flags( -- cgit v1.2.3