keyfork-shard: homogenize function signatures, start work on decrypt_one()
This commit is contained in:
parent
726670fe96
commit
2670cf63a3
|
@ -232,8 +232,8 @@ fn decode_metadata_v1(buf: &[u8]) -> Result<(u8, Cert, Vec<Cert>)> {
|
|||
// single message.
|
||||
fn decrypt_with_manager(
|
||||
threshold: u8,
|
||||
certs: &[Cert],
|
||||
messages: &mut HashMap<KeyID, EncryptedMessage>,
|
||||
certs: &[Cert],
|
||||
policy: NullPolicy,
|
||||
manager: &mut SmartcardManager,
|
||||
) -> Result<HashMap<KeyID, Vec<u8>>> {
|
||||
|
@ -276,10 +276,10 @@ fn decrypt_with_manager(
|
|||
// NOTE: When using single-decryptor mechanism, only a single key should be provided in Keyring to
|
||||
// decrypt messages with.
|
||||
fn decrypt_with_keyring(
|
||||
messages: &mut HashMap<KeyID, EncryptedMessage>,
|
||||
certs: &[Cert],
|
||||
policy: &NullPolicy,
|
||||
keyring: &mut Keyring,
|
||||
messages: &mut HashMap<KeyID, EncryptedMessage>,
|
||||
) -> Result<HashMap<KeyID, Vec<u8>>, Error> {
|
||||
let mut decrypted_messages = HashMap::new();
|
||||
|
||||
|
@ -309,6 +309,53 @@ fn decrypt_with_keyring(
|
|||
Ok(decrypted_messages)
|
||||
}
|
||||
|
||||
fn decrypt_metadata(
|
||||
message: &EncryptedMessage,
|
||||
policy: &NullPolicy,
|
||||
keyring: &mut Keyring,
|
||||
manager: &mut SmartcardManager,
|
||||
) -> Result<Vec<u8>> {
|
||||
Ok(if keyring.is_empty() {
|
||||
manager.load_any_card()?;
|
||||
message.decrypt_with(policy, manager)?
|
||||
} else {
|
||||
message.decrypt_with(policy, keyring)?
|
||||
})
|
||||
}
|
||||
|
||||
fn decrypt_one(
|
||||
messages: Vec<EncryptedMessage>,
|
||||
keyring: &mut Keyring,
|
||||
manager: &mut SmartcardManager,
|
||||
metadata: EncryptedMessage,
|
||||
) -> Result<Vec<u8>> {
|
||||
let policy = NullPolicy::new();
|
||||
|
||||
let content = decrypt_metadata(&metadata, &policy, &mut *keyring, &mut *manager)?;
|
||||
|
||||
let (_threshold, root_cert, certs) = decode_metadata_v1(&content)?;
|
||||
|
||||
keyring.set_root_cert(root_cert.clone());
|
||||
manager.set_root_cert(root_cert);
|
||||
|
||||
let mut messages: HashMap<KeyID, EncryptedMessage> =
|
||||
HashMap::from_iter(certs.iter().map(|c| c.keyid()).zip(messages));
|
||||
|
||||
let decrypted_messages = decrypt_with_keyring(&mut messages, &certs, &policy, keyring)?;
|
||||
|
||||
if let Some(message) = decrypted_messages.into_values().next() {
|
||||
return Ok(message);
|
||||
}
|
||||
|
||||
let decrypted_messages = decrypt_with_manager(1, &mut messages, &certs, policy, manager)?;
|
||||
|
||||
if let Some(message) = decrypted_messages.into_values().next() {
|
||||
return Ok(message);
|
||||
}
|
||||
|
||||
unreachable!("smartcard manager should always decrypt")
|
||||
}
|
||||
|
||||
pub fn combine(
|
||||
certs: Vec<Cert>,
|
||||
metadata: EncryptedMessage,
|
||||
|
@ -321,16 +368,7 @@ pub fn combine(
|
|||
|
||||
let mut keyring = Keyring::new(certs)?;
|
||||
let mut manager = SmartcardManager::new()?;
|
||||
let content = if keyring.is_empty() {
|
||||
// NOTE: Any card plugged in that can't decrypt, will raise issues.
|
||||
// This should not be used on a system where OpenPGP cards are available that shouldn't be
|
||||
// used. The manager will try every wildcard packet for the card on the system, and once no
|
||||
// matching PKESK packet has been found, will return an error.
|
||||
manager.load_any_card()?;
|
||||
metadata.decrypt_with(&policy, &mut manager)?
|
||||
} else {
|
||||
metadata.decrypt_with(&policy, &mut keyring)?
|
||||
};
|
||||
let content = decrypt_metadata(&metadata, &policy, &mut keyring, &mut manager)?;
|
||||
|
||||
let (threshold, root_cert, certs) = decode_metadata_v1(&content)?;
|
||||
|
||||
|
@ -344,7 +382,7 @@ pub fn combine(
|
|||
HashMap::from_iter(certs.iter().map(|c| c.keyid()).zip(messages));
|
||||
|
||||
let mut decrypted_messages =
|
||||
decrypt_with_keyring(&certs, &policy, &mut keyring, &mut messages)?;
|
||||
decrypt_with_keyring(&mut messages, &certs, &policy, &mut keyring)?;
|
||||
|
||||
// clean decrypted messages from encrypted messages
|
||||
messages.retain(|k, _v| !decrypted_messages.contains_key(k));
|
||||
|
@ -353,8 +391,8 @@ pub fn combine(
|
|||
if left_from_threshold > 0 {
|
||||
let new_messages = decrypt_with_manager(
|
||||
left_from_threshold as u8,
|
||||
&certs,
|
||||
&mut messages,
|
||||
&certs,
|
||||
policy,
|
||||
&mut manager,
|
||||
)?;
|
||||
|
|
Loading…
Reference in New Issue