From bbbc6da375d6584c7b2bcc74e838fff943f489d4 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Thu, 28 Nov 2019 15:27:33 +0100 Subject: Call TPKs Certificates, update identifiers, documentation. - Fixes #387. --- openpgp/src/parse/packet_parser_builder.rs | 2 +- openpgp/src/parse/parse.rs | 70 ++++++++--------- openpgp/src/parse/stream.rs | 118 ++++++++++++++--------------- 3 files changed, 95 insertions(+), 95 deletions(-) (limited to 'openpgp/src/parse') diff --git a/openpgp/src/parse/packet_parser_builder.rs b/openpgp/src/parse/packet_parser_builder.rs index e8e90cfd..b9b5ebb3 100644 --- a/openpgp/src/parse/packet_parser_builder.rs +++ b/openpgp/src/parse/packet_parser_builder.rs @@ -207,7 +207,7 @@ impl<'a> PacketParserBuilder<'a> { // We successfully parsed the first packet's header. pp.state.message_validator.push(pp.packet.tag(), &[0]); pp.state.keyring_validator.push(pp.packet.tag()); - pp.state.tpk_validator.push(pp.packet.tag()); + pp.state.cert_validator.push(pp.packet.tag()); Ok(PacketParserResult::Some(pp)) }, ParserResult::EOF((_reader, state, _path)) => { diff --git a/openpgp/src/parse/parse.rs b/openpgp/src/parse/parse.rs index f6d64b66..cda7bd46 100644 --- a/openpgp/src/parse/parse.rs +++ b/openpgp/src/parse/parse.rs @@ -2254,10 +2254,10 @@ struct PacketParserState { message_validator: MessageValidator, /// Whether the packet sequence is a valid OpenPGP keyring. - keyring_validator: crate::tpk::KeyringValidator, + keyring_validator: crate::cert::KeyringValidator, - /// Whether the packet sequence is a valid OpenPGP TPK. - tpk_validator: crate::tpk::TPKValidator, + /// Whether the packet sequence is a valid OpenPGP Cert. + cert_validator: crate::cert::CertValidator, // Whether this is the first packet in the packet sequence. first_packet: bool, @@ -2269,7 +2269,7 @@ impl PacketParserState { settings: settings, message_validator: Default::default(), keyring_validator: Default::default(), - tpk_validator: Default::default(), + cert_validator: Default::default(), first_packet: true, } } @@ -2397,7 +2397,7 @@ impl PacketParserEOF { fn new(mut state: PacketParserState) -> Self { state.message_validator.finish(); state.keyring_validator.finish(); - state.tpk_validator.finish(); + state.cert_validator.finish(); PacketParserEOF { state: state, @@ -2407,7 +2407,7 @@ impl PacketParserEOF { /// Whether the message is an OpenPGP Message. /// - /// As opposed to a TPK or just a bunch of packets. + /// As opposed to a Cert or just a bunch of packets. pub fn is_message(&self) -> Result<()> { use crate::message::MessageValidity; @@ -2422,7 +2422,7 @@ impl PacketParserEOF { /// /// As opposed to a Message or just a bunch of packets. pub fn is_keyring(&self) -> Result<()> { - use crate::tpk::KeyringValidity; + use crate::cert::KeyringValidity; match self.state.keyring_validator.check() { KeyringValidity::Keyring => Ok(()), @@ -2431,16 +2431,16 @@ impl PacketParserEOF { } } - /// Whether the message is an OpenPGP TPK. + /// Whether the message is an OpenPGP Cert. /// /// As opposed to a Message or just a bunch of packets. - pub fn is_tpk(&self) -> Result<()> { - use crate::tpk::TPKValidity; + pub fn is_cert(&self) -> Result<()> { + use crate::cert::CertValidity; - match self.state.tpk_validator.check() { - TPKValidity::TPK => Ok(()), - TPKValidity::TPKPrefix => unreachable!(), - TPKValidity::Error(err) => Err(err), + match self.state.cert_validator.check() { + CertValidity::Cert => Ok(()), + CertValidity::CertPrefix => unreachable!(), + CertValidity::Error(err) => Err(err), } } @@ -2713,7 +2713,7 @@ impl <'a> PacketParser<'a> { /// Before that, it is only possible to say that the message is a /// valid prefix or definitely not an OpenPGP keyring. pub fn possible_keyring(&self) -> Result<()> { - use crate::tpk::KeyringValidity; + use crate::cert::KeyringValidity; match self.state.keyring_validator.check() { KeyringValidity::Keyring => unreachable!(), @@ -2722,19 +2722,19 @@ impl <'a> PacketParser<'a> { } } - /// Returns whether the message appears to be an OpenPGP TPK. + /// Returns whether the message appears to be an OpenPGP Cert. /// /// Only when the whole message has been processed is it possible - /// to say whether the message is definitely an OpenPGP TPK. + /// to say whether the message is definitely an OpenPGP Cert. /// Before that, it is only possible to say that the message is a - /// valid prefix or definitely not an OpenPGP TPK. - pub fn possible_tpk(&self) -> Result<()> { - use crate::tpk::TPKValidity; - - match self.state.tpk_validator.check() { - TPKValidity::TPK => unreachable!(), - TPKValidity::TPKPrefix => Ok(()), - TPKValidity::Error(err) => Err(err), + /// valid prefix or definitely not an OpenPGP Cert. + pub fn possible_cert(&self) -> Result<()> { + use crate::cert::CertValidity; + + match self.state.cert_validator.check() { + CertValidity::Cert => unreachable!(), + CertValidity::CertPrefix => Ok(()), + CertValidity::Error(err) => Err(err), } } @@ -2774,7 +2774,7 @@ impl <'a> PacketParser<'a> { Tag::UserID => bad, Tag::UserAttribute => bad, - // It is reasonable to try and ignore garbage in TPKs, + // It is reasonable to try and ignore garbage in Certs, // because who knows what the keyservers return, etc. // But, if we have what appears to be an OpenPGP message, // then, ignore. @@ -2863,7 +2863,7 @@ impl <'a> PacketParser<'a> { if state.first_packet || skip > 32 * 1024 { // Limit the search space. This should be // enough to find a reasonable recovery point - // in a TPK. + // in a Cert. return Err(orig_error.unwrap()); } } @@ -3136,7 +3136,7 @@ impl <'a> PacketParser<'a> { let path = pp.path().to_vec(); pp.state.message_validator.push(pp.packet.tag(), &path); pp.state.keyring_validator.push(pp.packet.tag()); - pp.state.tpk_validator.push(pp.packet.tag()); + pp.state.cert_validator.push(pp.packet.tag()); pp.last_path = self.last_path; @@ -3205,7 +3205,7 @@ impl <'a> PacketParser<'a> { pp.state.message_validator.push( pp.packet.tag(), &path); pp.state.keyring_validator.push(pp.packet.tag()); - pp.state.tpk_validator.push(pp.packet.tag()); + pp.state.cert_validator.push(pp.packet.tag()); pp.last_path = last_path; @@ -4014,7 +4014,7 @@ mod test { } if let PacketParserResult::EOF(eof) = ppr { assert!(eof.is_keyring().is_ok()); - assert!(eof.is_tpk().is_err()); + assert!(eof.is_cert().is_err()); } else { unreachable!(); } @@ -4022,7 +4022,7 @@ mod test { } #[test] - fn tpk_validator() { + fn cert_validator() { for test in &["testy.pgp", "lutz.gpg", "testy-new.pgp", @@ -4035,12 +4035,12 @@ mod test { while let PacketParserResult::Some(pp) = ppr { assert!(pp.possible_keyring().is_ok()); - assert!(pp.possible_tpk().is_ok()); + assert!(pp.possible_cert().is_ok()); ppr = pp.recurse().unwrap().1; } if let PacketParserResult::EOF(eof) = ppr { assert!(eof.is_keyring().is_ok()); - assert!(eof.is_tpk().is_ok()); + assert!(eof.is_cert().is_ok()); } else { unreachable!(); } @@ -4133,10 +4133,10 @@ mod test { } #[test] - fn corrupted_tpk() { + fn corrupted_cert() { use crate::armor::{Reader, ReaderMode, Kind}; - // The following TPK is corrupted about a third the way + // The following Cert is corrupted about a third the way // through. Make sure we can recover. let mut ppr = PacketParser::from_reader( Reader::from_bytes(crate::tests::key("corrupted.pgp"), diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 7a6d2917..7f0e5196 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -45,7 +45,7 @@ use crate::{ RevocationStatus, packet, packet::Signature, - TPK, + Cert, crypto::SessionKey, serialize::Serialize, }; @@ -79,7 +79,7 @@ const BUFFER_SIZE: usize = 25 * 1024 * 1024; /// extern crate sequoia_openpgp as openpgp; /// extern crate failure; /// use std::io::Read; -/// use openpgp::{KeyID, TPK, Result}; +/// use openpgp::{KeyID, Cert, Result}; /// use openpgp::parse::stream::*; /// # fn main() { f().unwrap(); } /// # fn f() -> Result<()> { @@ -87,8 +87,8 @@ const BUFFER_SIZE: usize = 25 * 1024 * 1024; /// // This fetches keys and computes the validity of the verification. /// struct Helper {}; /// impl VerificationHelper for Helper { -/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { -/// Ok(Vec::new()) // Feed the TPKs to the verifier here... +/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { +/// Ok(Vec::new()) // Feed the Certs to the verifier here... /// } /// fn check(&mut self, structure: &MessageStructure) -> Result<()> { /// Ok(()) // Implement your verification policy here. @@ -123,8 +123,8 @@ const BUFFER_SIZE: usize = 25 * 1024 * 1024; /// # } pub struct Verifier<'a, H: VerificationHelper> { helper: H, - tpks: Vec, - /// Maps KeyID to tpks[i].keys_all().nth(j). + certs: Vec, + /// Maps KeyID to certs[i].keys_all().nth(j). keys: HashMap, oppr: Option>, structure: IMessageStructure, @@ -154,7 +154,7 @@ pub enum VerificationResult<'a> { sig: Signature, /// The signature's issuer. - tpk: &'a TPK, + cert: &'a Cert, /// The signing key that made the signature. key: &'a key::UnspecifiedPublic, @@ -176,7 +176,7 @@ pub enum VerificationResult<'a> { sig: Signature, /// The signature's issuer. - tpk: &'a TPK, + cert: &'a Cert, /// The signing key that made the signature. key: &'a key::UnspecifiedPublic, @@ -200,7 +200,7 @@ pub enum VerificationResult<'a> { sig: Signature, /// The signature's issuer. - tpk: &'a TPK, + cert: &'a Cert, /// The signing key that made the signature. key: &'a key::UnspecifiedPublic, @@ -428,8 +428,8 @@ enum IMessageLayer { /// Helper for signature verification. pub trait VerificationHelper { - /// Retrieves the TPKs containing the specified keys. - fn get_public_keys(&mut self, _: &[crate::KeyHandle]) -> Result>; + /// Retrieves the Certs containing the specified keys. + fn get_public_keys(&mut self, _: &[crate::KeyHandle]) -> Result>; /// Conveys the message structure. /// @@ -549,7 +549,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { let mut v = Verifier { helper: helper, - tpks: Vec::new(), + certs: Vec::new(), keys: HashMap::new(), oppr: None, structure: IMessageStructure::new(), @@ -574,16 +574,16 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { Packet::Literal(_) => { v.structure.insert_missing_signature_group(); // Query keys. - v.tpks = v.helper.get_public_keys(&issuers)?; + v.certs = v.helper.get_public_keys(&issuers)?; - for (i, tpk) in v.tpks.iter().enumerate() { - if can_sign(tpk.primary(), - tpk.primary_key_signature(None), t) { - v.keys.insert(tpk.fingerprint().into(), (i, 0)); - v.keys.insert(tpk.keyid().into(), (i, 0)); + for (i, cert) in v.certs.iter().enumerate() { + if can_sign(cert.primary(), + cert.primary_key_signature(None), t) { + v.keys.insert(cert.fingerprint().into(), (i, 0)); + v.keys.insert(cert.keyid().into(), (i, 0)); } - for (j, skb) in tpk.subkeys().enumerate() { + for (j, skb) in cert.subkeys().enumerate() { let key = skb.key(); if can_sign(key, skb.binding_signature(None), t) { v.keys.insert(key.fingerprint().into(), @@ -664,27 +664,27 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { 'sigs: for sig in sigs.into_iter() { for issuer in sig.get_issuers() { if let Some((i, j)) = self.keys.get(&issuer) { - let tpk = &self.tpks[*i]; + let cert = &self.certs[*i]; let (binding, revoked, key) - = tpk.keys_all().nth(*j).unwrap(); + = cert.keys_all().nth(*j).unwrap(); results.push_verification_result( if sig.verify(key).unwrap_or(false) { if sig.signature_alive(self.time, None) { VerificationResult::GoodChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } else { VerificationResult::NotAlive { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } } else { VerificationResult::BadChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } ); @@ -992,7 +992,7 @@ impl<'a> io::Read for Transformer<'a> { /// extern crate sequoia_openpgp as openpgp; /// extern crate failure; /// use std::io::{self, Read}; -/// use openpgp::{KeyID, TPK, Result}; +/// use openpgp::{KeyID, Cert, Result}; /// use openpgp::parse::stream::*; /// # fn main() { f().unwrap(); } /// # fn f() -> Result<()> { @@ -1000,8 +1000,8 @@ impl<'a> io::Read for Transformer<'a> { /// // This fetches keys and computes the validity of the verification. /// struct Helper {}; /// impl VerificationHelper for Helper { -/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { -/// Ok(Vec::new()) // Feed the TPKs to the verifier here... +/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { +/// Ok(Vec::new()) // Feed the Certs to the verifier here... /// } /// fn check(&mut self, structure: &MessageStructure) -> Result<()> { /// Ok(()) // Implement your verification policy here. @@ -1132,7 +1132,7 @@ impl DetachedVerifier { /// use std::io::Read; /// use openpgp::crypto::SessionKey; /// use openpgp::types::SymmetricAlgorithm; -/// use openpgp::{KeyID, TPK, Result, packet::{Key, PKESK, SKESK}}; +/// use openpgp::{KeyID, Cert, Result, packet::{Key, PKESK, SKESK}}; /// use openpgp::parse::stream::*; /// # fn main() { f().unwrap(); } /// # fn f() -> Result<()> { @@ -1140,8 +1140,8 @@ impl DetachedVerifier { /// // This fetches keys and computes the validity of the verification. /// struct Helper {}; /// impl VerificationHelper for Helper { -/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { -/// Ok(Vec::new()) // Feed the TPKs to the verifier here... +/// fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result> { +/// Ok(Vec::new()) // Feed the Certs to the verifier here... /// } /// fn check(&mut self, structure: &MessageStructure) -> Result<()> { /// Ok(()) // Implement your verification policy here. @@ -1185,8 +1185,8 @@ impl DetachedVerifier { /// # } pub struct Decryptor<'a, H: VerificationHelper + DecryptionHelper> { helper: H, - tpks: Vec, - /// Maps KeyID to tpks[i].keys_all().nth(j). + certs: Vec, + /// Maps KeyID to certs[i].keys_all().nth(j). keys: HashMap, oppr: Option>, identity: Option, @@ -1315,7 +1315,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { let mut v = Decryptor { helper: helper, - tpks: Vec::new(), + certs: Vec::new(), keys: HashMap::new(), oppr: None, identity: None, @@ -1381,9 +1381,9 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { Packet::Literal(_) => { v.structure.insert_missing_signature_group(); // Query keys. - v.tpks = v.helper.get_public_keys(&issuers)?; + v.certs = v.helper.get_public_keys(&issuers)?; - for (i, tpk) in v.tpks.iter().enumerate() { + for (i, cert) in v.certs.iter().enumerate() { let can_sign = |key: &key::UnspecifiedKey, sig: Option<&Signature>| -> bool { @@ -1397,13 +1397,13 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { } }; - if can_sign(tpk.primary().into(), - tpk.primary_key_signature(None)) { - v.keys.insert(tpk.fingerprint().into(), (i, 0)); - v.keys.insert(tpk.keyid().into(), (i, 0)); + if can_sign(cert.primary().into(), + cert.primary_key_signature(None)) { + v.keys.insert(cert.fingerprint().into(), (i, 0)); + v.keys.insert(cert.keyid().into(), (i, 0)); } - for (j, skb) in tpk.subkeys().enumerate() { + for (j, skb) in cert.subkeys().enumerate() { let key = skb.key(); if can_sign(key.into(), skb.binding_signature(None)) { v.keys.insert(key.fingerprint().into(), @@ -1539,9 +1539,9 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { 'sigs: for sig in sigs.into_iter() { for issuer in sig.get_issuers() { if let Some((i, j)) = self.keys.get(&issuer) { - let tpk = &self.tpks[*i]; + let cert = &self.certs[*i]; let (binding, revoked, key) - = tpk.keys_all().nth(*j).unwrap(); + = cert.keys_all().nth(*j).unwrap(); results.push_verification_result( if sig.verify(key).unwrap_or(false) && sig.signature_alive(self.time, None) @@ -1563,26 +1563,26 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { VerificationResult::BadChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } else { VerificationResult::GoodChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } } else { // No identity information. VerificationResult::GoodChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } } else { VerificationResult::BadChecksum { sig: sig.clone(), - tpk, key, binding, revoked, + cert, key, binding, revoked, } } ); @@ -1671,7 +1671,7 @@ mod test { unknown: usize, bad: usize, error: usize, - keys: Vec, + keys: Vec, } impl std::fmt::Debug for VHelper { @@ -1698,7 +1698,7 @@ mod test { } impl VHelper { - fn new(good: usize, unknown: usize, bad: usize, error: usize, keys: Vec) -> Self { + fn new(good: usize, unknown: usize, bad: usize, error: usize, keys: Vec) -> Self { VHelper { good: good, unknown: unknown, @@ -1710,7 +1710,7 @@ mod test { } impl VerificationHelper for VHelper { - fn get_public_keys(&mut self, _ids: &[crate::KeyHandle]) -> Result> { + fn get_public_keys(&mut self, _ids: &[crate::KeyHandle]) -> Result> { Ok(self.keys.clone()) } @@ -1755,7 +1755,7 @@ mod test { "neal.pgp", "emmelie-dorothea-dina-samantha-awina-ed25519.pgp" ].iter() - .map(|f| TPK::from_bytes(crate::tests::key(f)).unwrap()) + .map(|f| Cert::from_bytes(crate::tests::key(f)).unwrap()) .collect::>(); let tests = &[ ("messages/signed-1.gpg", VHelper::new(1, 0, 0, 0, keys.clone())), @@ -1832,7 +1832,7 @@ mod test { struct VHelper(()); impl VerificationHelper for VHelper { fn get_public_keys(&mut self, _ids: &[crate::KeyHandle]) - -> Result> { + -> Result> { Ok(Vec::new()) } @@ -1912,7 +1912,7 @@ mod test { let keys = [ "emmelie-dorothea-dina-samantha-awina-ed25519.pgp" ].iter() - .map(|f| TPK::from_bytes(crate::tests::key(f)).unwrap()) + .map(|f| Cert::from_bytes(crate::tests::key(f)).unwrap()) .collect::>(); let mut buffer = Vec::with_capacity(104 * 1024 * 1024); @@ -1991,11 +1991,11 @@ mod test { #[test] fn verify_long_message() { - use crate::tpk::{TPKBuilder, CipherSuite}; + use crate::cert::{CertBuilder, CipherSuite}; use crate::serialize::stream::{LiteralWriter, Signer, Message}; use std::io::Write; - let (tpk, _) = TPKBuilder::new() + let (cert, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .add_signing_subkey() .generate().unwrap(); @@ -2003,7 +2003,7 @@ mod test { // sign 30MiB message let mut buf = vec![]; { - let key = tpk.keys_all().signing_capable().nth(0).unwrap().2; + let key = cert.keys_all().signing_capable().nth(0).unwrap().2; let keypair = key.clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); @@ -2017,7 +2017,7 @@ mod test { } // Test Verifier. - let h = VHelper::new(0, 0, 0, 0, vec![tpk.clone()]); + let h = VHelper::new(0, 0, 0, 0, vec![cert.clone()]); let mut v = Verifier::from_bytes(&buf, h, None).unwrap(); assert!(!v.message_processed()); @@ -2040,7 +2040,7 @@ mod test { // Try the same, but this time we let .check() fail. let h = VHelper::new(0, 0, /* makes check() fail: */ 1, 0, - vec![tpk.clone()]); + vec![cert.clone()]); let mut v = Verifier::from_bytes(&buf, h, None).unwrap(); assert!(!v.message_processed()); @@ -2064,7 +2064,7 @@ mod test { assert!(v.helper_ref().error == 0); // Test Decryptor. - let h = VHelper::new(0, 0, 0, 0, vec![tpk.clone()]); + let h = VHelper::new(0, 0, 0, 0, vec![cert.clone()]); let mut v = Decryptor::from_bytes(&buf, h, None).unwrap(); assert!(!v.message_processed()); @@ -2087,7 +2087,7 @@ mod test { // Try the same, but this time we let .check() fail. let h = VHelper::new(0, 0, /* makes check() fail: */ 1, 0, - vec![tpk.clone()]); + vec![cert.clone()]); let mut v = Decryptor::from_bytes(&buf, h, None).unwrap(); assert!(!v.message_processed()); -- cgit v1.2.3