turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't set a policy implicitly.

Browse source
This commit is contained in:
Heiko Schaefer 2021-09-21 16:57:55 +02:00
parent dbbe4ed4c1
commit cf8fb05210
2 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
card-functionality/src/tests.rs
View file

@ -65,8 +65,14 @@ pub fn test_decrypt(
ca.verify_pw1("123456")?; ca.verify_pw1("123456")?;
let res = let p = StandardPolicy::new();
openpgp_card_sequoia::util::decrypt(&mut ca, &cert, msg.into_bytes())?;
let res = openpgp_card_sequoia::util::decrypt(
&mut ca,
&cert,
msg.into_bytes(),
&p,
)?;
let plain = String::from_utf8_lossy(&res); let plain = String::from_utf8_lossy(&res);
assert_eq!(plain, "Hello world!\n"); assert_eq!(plain, "Hello world!\n");
@ -85,9 +91,15 @@ pub fn test_sign(
let cert = Cert::from_str(param[0])?; let cert = Cert::from_str(param[0])?;
let p = StandardPolicy::new();
let msg = "Hello world, I am signed."; let msg = "Hello world, I am signed.";
let sig = let sig = openpgp_card_sequoia::util::sign(
openpgp_card_sequoia::util::sign(&mut ca, &cert, &mut msg.as_bytes())?; &mut ca,
&cert,
&mut msg.as_bytes(),
&p,
)?;
// validate sig // validate sig
assert!(util::verify_sig(&cert, msg.as_bytes(), sig.as_bytes())?); assert!(util::verify_sig(&cert, msg.as_bytes(), sig.as_bytes())?);

12
openpgp-card-sequoia/src/util.rs
View file

@ -19,7 +19,7 @@ use openpgp::packet::{
Key, UserID, Key, UserID,
}; };
use openpgp::parse::{stream::DecryptorBuilder, Parse}; use openpgp::parse::{stream::DecryptorBuilder, Parse};
use openpgp::policy::StandardPolicy; use openpgp::policy::Policy;
use openpgp::serialize::stream::{Message, Signer}; use openpgp::serialize::stream::{Message, Signer};
use openpgp::types::{KeyFlags, PublicKeyAlgorithm, SignatureType, Timestamp}; use openpgp::types::{KeyFlags, PublicKeyAlgorithm, SignatureType, Timestamp};
use openpgp::{Cert, Packet}; use openpgp::{Cert, Packet};
@ -263,11 +263,11 @@ pub fn sign(
ca: &mut CardApp, ca: &mut CardApp,
cert: &Cert, cert: &Cert,
input: &mut dyn io::Read, input: &mut dyn io::Read,
p: &dyn Policy,
) -> Result<String> { ) -> Result<String> {
let mut armorer = armor::Writer::new(vec![], armor::Kind::Signature)?; let mut armorer = armor::Writer::new(vec![], armor::Kind::Signature)?;
{ {
let p = StandardPolicy::new(); let s = signer::CardSigner::new(ca, cert, p)?;
let s = signer::CardSigner::new(ca, cert, &p)?;
let message = Message::new(&mut armorer); let message = Message::new(&mut armorer);
let mut message = Signer::new(message, s).detached().build()?; let mut message = Signer::new(message, s).detached().build()?;
@ -288,16 +288,16 @@ pub fn decrypt(
ca: &mut CardApp, ca: &mut CardApp,
cert: &Cert, cert: &Cert,
msg: Vec<u8>, msg: Vec<u8>,
p: &dyn Policy,
) -> Result<Vec<u8>> { ) -> Result<Vec<u8>> {
let mut decrypted = Vec::new(); let mut decrypted = Vec::new();
{ {
let reader = io::BufReader::new(&msg[..]); let reader = io::BufReader::new(&msg[..]);
let p = StandardPolicy::new(); let d = decryptor::CardDecryptor::new(ca, cert, p)?;
let d = decryptor::CardDecryptor::new(ca, cert, &p)?;
let db = DecryptorBuilder::from_reader(reader)?; let db = DecryptorBuilder::from_reader(reader)?;
let mut decryptor = db.with_policy(&p, None, d)?; let mut decryptor = db.with_policy(p, None, d)?;
// Read all data from decryptor and store in decrypted // Read all data from decryptor and store in decrypted
io::copy(&mut decryptor, &mut decrypted)?; io::copy(&mut decryptor, &mut decrypted)?;