From a2373777f1ddb75f3310bb7b48c1bd45facef1b9 Mon Sep 17 00:00:00 2001 From: Daniel Alley Date: Wed, 31 May 2023 20:58:02 -0400 Subject: [PATCH] Clean up some formatting --- src/errors.rs | 2 +- src/rpm/signature/pgp.rs | 91 ++++++++++++++++++---------------------- 2 files changed, 42 insertions(+), 51 deletions(-) diff --git a/src/errors.rs b/src/errors.rs index 464fd2dc..92508542 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -82,7 +82,7 @@ pub enum RPMError { #[cfg(feature = "signature-pgp")] #[error("unsupported PGP key type {0:?}")] - UnsupportedPGPKeyType(pgp::crypto::PublicKeyAlgorithm), + UnsupportedPGPKeyType(pgp::crypto::public_key::PublicKeyAlgorithm), #[error("invalid file mode {raw_mode} - {reason}")] InvalidFileMode { raw_mode: i32, reason: &'static str }, diff --git a/src/rpm/signature/pgp.rs b/src/rpm/signature/pgp.rs index 236f7f0e..93282dba 100644 --- a/src/rpm/signature/pgp.rs +++ b/src/rpm/signature/pgp.rs @@ -3,15 +3,17 @@ use crate::errors::RPMError; use std::io::{Cursor, Read}; -use ::pgp::{composed::Deserializable, types::KeyTrait}; - -use ::pgp::packet::*; +use pgp::crypto::hash::HashAlgorithm; +use pgp::crypto::public_key::PublicKeyAlgorithm; +use pgp::packet::{SignatureConfig, SignatureType, SignatureVersion, Subpacket, SubpacketData}; +use pgp::{self, composed::Deserializable, types::KeyTrait}; +use pgp::{SignedPublicKey, SignedSecretKey}; fn now() -> ::chrono::DateTime<::chrono::Utc> { // accuracy of serialized format is only down to seconds - use ::chrono::offset::TimeZone; - let now = ::chrono::offset::Utc::now(); - ::chrono::offset::Utc + use chrono::offset::TimeZone; + let now = chrono::offset::Utc::now(); + chrono::offset::Utc .timestamp_opt(now.timestamp(), 0u32) .unwrap() // shouldn't fail as we are using 0 nanoseconds. } @@ -23,15 +25,15 @@ fn now() -> ::chrono::DateTime<::chrono::Utc> { /// by i.e. `gpg`. #[derive(Clone, Debug)] pub struct Signer { - secret_key: ::pgp::composed::signed_key::SignedSecretKey, + secret_key: SignedSecretKey, algorithm: traits::AlgorithmType, } impl From for ::pgp::crypto::public_key::PublicKeyAlgorithm { fn from(value: traits::AlgorithmType) -> Self { match value { - traits::AlgorithmType::RSA => ::pgp::crypto::public_key::PublicKeyAlgorithm::RSA, - traits::AlgorithmType::EdDSA => ::pgp::crypto::public_key::PublicKeyAlgorithm::EdDSA, + traits::AlgorithmType::RSA => PublicKeyAlgorithm::RSA, + traits::AlgorithmType::EdDSA => PublicKeyAlgorithm::EdDSA, } } } @@ -51,7 +53,7 @@ impl traits::Signing for Signer { version: SignatureVersion::V4, typ: SignatureType::Binary, pub_alg: self.algorithm().into(), - hash_alg: ::pgp::crypto::hash::HashAlgorithm::SHA2_256, + hash_alg: HashAlgorithm::SHA2_256, issuer: Some(self.secret_key.key_id()), created: Some(now), unhashed_subpackets: vec![], @@ -68,7 +70,7 @@ impl traits::Signing for Signer { let mut signature_bytes = Vec::with_capacity(1024); let mut cursor = Cursor::new(&mut signature_bytes); - ::pgp::packet::write_packet(&mut cursor, &signature_packet) + pgp::packet::write_packet(&mut cursor, &signature_packet) .map_err(|e| RPMError::SignError(Box::new(e)))?; Ok(signature_bytes) @@ -83,7 +85,7 @@ impl Signer { /// load the private key for signing pub fn load_from_asc_bytes(input: &[u8]) -> Result { // only asc loading is supported right now - let input = ::std::str::from_utf8(input).map_err(|e| RPMError::KeyLoadError { + let input = std::str::from_utf8(input).map_err(|e| RPMError::KeyLoadError { source: Box::new(e), details: "Failed to parse bytes as utf8 for ascii armored parsing", })?; @@ -91,17 +93,17 @@ impl Signer { } pub fn load_from_asc(input: &str) -> Result { - let (secret_key, _) = ::pgp::composed::signed_key::SignedSecretKey::from_string(input) - .map_err(|e| RPMError::KeyLoadError { + let (secret_key, _) = + SignedSecretKey::from_string(input).map_err(|e| RPMError::KeyLoadError { source: Box::new(e), details: "Failed to parse bytes as ascii armored key", })?; match secret_key.algorithm() { - pgp::crypto::PublicKeyAlgorithm::RSA => Ok(Self { + PublicKeyAlgorithm::RSA => Ok(Self { secret_key, algorithm: AlgorithmType::RSA, }), - pgp::crypto::PublicKeyAlgorithm::EdDSA => Ok(Self { + PublicKeyAlgorithm::EdDSA => Ok(Self { secret_key, algorithm: AlgorithmType::EdDSA, }), @@ -117,14 +119,14 @@ impl Signer { /// by i.e. `gpg`. #[derive(Clone, Debug)] pub struct Verifier { - public_key: ::pgp::composed::signed_key::SignedPublicKey, + public_key: SignedPublicKey, algorithm: AlgorithmType, } impl Verifier { fn parse_signature(signature: &[u8]) -> Result<::pgp::packet::Signature, RPMError> { let mut cursor = Cursor::new(signature); - let parser = ::pgp::packet::PacketParser::new(&mut cursor); + let parser = pgp::packet::PacketParser::new(&mut cursor); let signature = parser .filter_map(|res| match res { Ok(::pgp::packet::Packet::Signature(sig_packet)) => Some(sig_packet), @@ -221,7 +223,7 @@ impl traits::Verifying for Verifier { impl Verifier { pub fn load_from_asc_bytes(input: &[u8]) -> Result { // only asc loading is supported right now - let input = ::std::str::from_utf8(input).map_err(|e| RPMError::KeyLoadError { + let input = std::str::from_utf8(input).map_err(|e| RPMError::KeyLoadError { source: Box::new(e), details: "Failed to parse bytes as utf8 for ascii armored parsing", })?; @@ -229,18 +231,18 @@ impl Verifier { } pub fn load_from_asc(input: &str) -> Result { - let (public_key, _) = ::pgp::composed::signed_key::SignedPublicKey::from_string(input) - .map_err(|e| RPMError::KeyLoadError { + let (public_key, _) = + SignedPublicKey::from_string(input).map_err(|e| RPMError::KeyLoadError { source: Box::new(e), details: "Failed to parse bytes as ascii armored key", })?; match public_key.algorithm() { - pgp::crypto::PublicKeyAlgorithm::RSA => Ok(Self { + PublicKeyAlgorithm::RSA => Ok(Self { public_key, algorithm: AlgorithmType::RSA, }), - pgp::crypto::PublicKeyAlgorithm::EdDSA => Ok(Self { + PublicKeyAlgorithm::EdDSA => Ok(Self { public_key, algorithm: AlgorithmType::EdDSA, }), @@ -310,7 +312,8 @@ pub(crate) mod test { #[test] fn verify_pgp_crate() { - use ::pgp::types::{PublicKeyTrait, SecretKeyTrait}; + use pgp::types::{PublicKeyTrait, SecretKeyTrait}; + use pgp::Signature; let (signer, verifier) = prep(); let (signing_key, verification_key) = { (signer.secret_key, verifier.public_key) }; @@ -321,34 +324,26 @@ pub(crate) mod test { // stage 1: verify created signature is fine let signature = signing_key - .create_signature( - passwd_fn, - ::pgp::crypto::hash::HashAlgorithm::SHA2_256, - digest, - ) + .create_signature(passwd_fn, HashAlgorithm::SHA2_256, digest) .expect("Failed to crate signature"); verification_key - .verify_signature( - ::pgp::crypto::hash::HashAlgorithm::SHA2_256, - digest, - &signature, - ) + .verify_signature(HashAlgorithm::SHA2_256, digest, &signature) .expect("Failed to validate signature"); // stage 2: check parsing success // - let wrapped = ::pgp::Signature::new( - ::pgp::types::Version::Old, - ::pgp::packet::SignatureVersion::V4, - ::pgp::packet::SignatureType::Binary, - ::pgp::crypto::public_key::PublicKeyAlgorithm::RSA, - ::pgp::crypto::hash::HashAlgorithm::SHA2_256, + let wrapped = Signature::new( + pgp::types::Version::Old, + SignatureVersion::V4, + SignatureType::Binary, + PublicKeyAlgorithm::RSA, + HashAlgorithm::SHA2_256, [digest[0], digest[1]], signature, vec![ - ::pgp::packet::Subpacket::critical(SubpacketData::SignatureCreationTime(now())), - ::pgp::packet::Subpacket::critical(SubpacketData::Issuer(signing_key.key_id())), + Subpacket::critical(SubpacketData::SignatureCreationTime(now())), + Subpacket::critical(SubpacketData::Issuer(signing_key.key_id())), //::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition ], vec![], @@ -357,7 +352,7 @@ pub(crate) mod test { let mut x = Vec::with_capacity(1024); let mut buff = Cursor::new(&mut x); - ::pgp::packet::write_packet(&mut buff, &wrapped).expect("Write should be ok"); + pgp::packet::write_packet(&mut buff, &wrapped).expect("Write should be ok"); log::debug!("{:02x?}", &x[0..15]); @@ -366,11 +361,7 @@ pub(crate) mod test { assert_eq!(signature, wrapped); let signature = signature.signature; verification_key - .verify_signature( - ::pgp::crypto::hash::HashAlgorithm::SHA2_256, - digest, - &signature, - ) + .verify_signature(HashAlgorithm::SHA2_256, digest, &signature) .expect("Verify must succeed"); } @@ -388,8 +379,8 @@ pub(crate) mod test { let sig_cfg = SignatureConfig { version: SignatureVersion::V4, typ: SignatureType::Binary, - pub_alg: ::pgp::crypto::public_key::PublicKeyAlgorithm::RSA, - hash_alg: ::pgp::crypto::hash::HashAlgorithm::SHA2_256, + pub_alg: PublicKeyAlgorithm::RSA, + hash_alg: HashAlgorithm::SHA2_256, issuer: Some(signer.secret_key.key_id()), created: Some(now), unhashed_subpackets: vec![],