Update generated docs

README.rst

 ..
 .. NB:  This file is machine generated, DO NOT EDIT!
 ..
-.. Edit vmod.vcc and run make instead
+.. Edit ./vmod_crypto.vcc and run make instead
 ..
 
 .. role:: ref(emphasis)
 
-.. _vmod_crypto(3):
-
 ===========
 vmod_crypto
 ===========
 
----------------------
-Varnish crypto Module
----------------------
+------------------------------------------------------------------
+Public Key signature generation and verification for Varnish-Cache
+------------------------------------------------------------------
 
 :Manual section: 3
 
 SYNOPSIS
 ========
 
+.. parsed-literal::
 
-::
+  import crypto [as name] [from "path"]
+  
+  new xkey = crypto.key()
+  
+      BLOB xkey.use()
    
-   import crypto [from "path"] ;
+      VOID xkey.pem_pubkey(STRING)
    
-   new xverifier = verifier(ENUM digest, STRING key)
+      VOID xkey.pem_privkey(STRING, STRING password)
+   
+      VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
+   
+  new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
   
       BOOL xverifier.update(STRING)
    
@@ -36,6 +43,15 @@ SYNOPSIS
    
       BOOL xverifier.valid(BLOB signature)
    
+  new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
+  
+      BOOL xsigner.update(STRING)
+   
+      BOOL xsigner.update_blob(BLOB)
+   
+      BOOL xsigner.reset()
+   
+      BLOB xsigner.final()
    
 
 DESCRIPTION
@@ -64,56 +80,100 @@ Example
 		return (synth(400, "invalid signature"));
 	    }
 	}
-} -start
 
-CONTENTS
-========
+.. _crypto.key():
+
+new xkey = crypto.key()
+-----------------------
+
+Create a generic key object. The algorithm gets defined by the method
+called upon it.
+
+Any methods on `crypto.key()`_ may only be used in ``sub vcl_init {}``.
+
+.. _xkey.use():
+
+BLOB xkey.use()
+---------------
+
+Wrap the key in a blob to be passed to `crypto.verifier()`_
+
+.. _xkey.pem_pubkey():
+
+VOID xkey.pem_pubkey(STRING)
+----------------------------
+
+Create a key from the PEM-encoded public key.
+
+The cryptographic method to be used and the key length are
+automatically determined from _pem_. Typically supported methods
+comprise RSA and DSA.
+
+Any error is fatal to vcl initialization.
+
+.. _xkey.pem_privkey():
+
+VOID xkey.pem_privkey(STRING, STRING password=0)
+------------------------------------------------
+
+Create a key from the PEM-encoded private key, optionally decrypting
+it using `password`.
+
+The cryptographic method to be used and the key length are
+automatically determined from _pem_. Typically supported methods
+comprise RSA and DSA.
+
+Any error is fatal to vcl initialization.
 
-* :ref:`obj_verifier`
-* :ref:`func_verifier.reset`
-* :ref:`func_verifier.update`
-* :ref:`func_verifier.update_blob`
-* :ref:`func_verifier.valid`
+.. _xkey.rsa():
 
+VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
+---------------------------------------
 
-.. _obj_verifier:
+Create an RSA key from the parameters n, e, and optionally d.
 
-new xverifier = verifier(ENUM digest, STRING key)
--------------------------------------------------
+Any error is fatal to vcl initialization.
+
+.. _crypto.verifier():
+
+new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
+----------------------------------------------------------------------
 
 ::
 
-   new xverifier = verifier(
+   new xverifier = crypto.verifier(
       ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
-      STRING key
+      [STRING pem],
+      [BLOB key]
    )
 
 Create an object to verify signatures created using _digest_ and
 _key_.
 
-The _key_ argument is a PEM-encoded public key specification.
+The _key_ argument should be a call to `xkey.use()`_ on the respective
+`crypto.key()`_ object.
 
-The cryptographic method to be used and the key length are
-automatically determined from _key_. Typically supported methods
-comprise RSA and DSA.
+Alternatively to _key_, the _pem_ argument may be used to pass a
+PEM-encoded public key specification. Use of the _pem_ argument is
+deprecated.
 
-.. _func_verifier.update:
+Either the _key_ or the _pem_ argument must be given.
+
+.. _xverifier.update():
 
 BOOL xverifier.update(STRING)
 -----------------------------
 
 Add strings to the data to be verfied with the verifier object.
 
-
-.. _func_verifier.update_blob:
+.. _xverifier.update_blob():
 
 BOOL xverifier.update_blob(BLOB)
 --------------------------------
 
 Add a blob to the data to be verified with the verifier object.
 
-
-.. _func_verifier.reset:
+.. _xverifier.reset():
 
 BOOL xverifier.reset()
 ----------------------
@@ -121,8 +181,7 @@ BOOL xverifier.reset()
 Reset the verfication state as if previous calls to the update methods
 had not happened.
 
-
-.. _func_verifier.valid:
+.. _xverifier.valid():
 
 BOOL xverifier.valid(BLOB signature)
 ------------------------------------
@@ -134,20 +193,75 @@ Note that after calling .valid(), .update can be called again to add
 additional data, which can then be validated against a (different)
 signature using another call to .valid().
 
+.. _crypto.signer():
 
-SEE ALSO
-========vcl\(7),varnishd\(1)
+new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
+------------------------------------------------------------------
+
+::
+
+   new xsigner = crypto.signer(
+      ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
+      [STRING pem],
+      [BLOB key]
+   )
+
+Create an object to create signatures using _digest_ and _key_.
 
+The _key_ argument should be a call to `xkey.use()`_ on the respective
+`crypto.key()`_ private key object.
 
+Alternatively to _key_, the _pem_ argument may be used to pass a
+PEM-encoded private key specification. Password protection is not
+supported with a _pem_ argument. Use of the _pem_ argument is
+deprecated.
 
+Either the _key_ or the _pem_ argument must be given.
 
+.. _xsigner.update():
+
+BOOL xsigner.update(STRING)
+---------------------------
+
+Add strings to the data to be signed.
+
+.. _xsigner.update_blob():
+
+BOOL xsigner.update_blob(BLOB)
+------------------------------
+
+Add a blob to the data to be signed.
+
+.. _xsigner.reset():
+
+BOOL xsigner.reset()
+--------------------
+
+Reset the signer state as if previous calls to the update methods had
+not happened.
+
+.. _xsigner.final():
+
+BLOB xsigner.final()
+--------------------
+
+Return the signature for data added using `xsigner.update()` and
+`xsigner.update_blob()`.
+
+Note that after calling `xsigner.final()`,
+`xsigner.update()`/`xsigner.update_blob()` can be called again to add
+additional data, and more signatures can be generated with
+`xsigner.final()`.
+
+SEE ALSO
+========vcl\(7),varnishd\(1)
 
 COPYRIGHT
 =========
 
 ::
 
-  Copyright 2018 UPLEX Nils Goroll Systemoptimierung
+  Copyright 2018,2021 UPLEX Nils Goroll Systemoptimierung
   All rights reserved
  
   Author: Nils Goroll <nils.goroll@uplex.de>

src/vmod_crypto.rst

@@ -9,9 +9,9 @@
 
 .. _vmod_crypto(3):
 
-======================================================
-VMOD crypto - Public Key hash verification for Varnish
-======================================================
+================================================================================
+VMOD crypto - Public Key signature generation and verification for Varnish-Cache
+================================================================================
 
 SYNOPSIS
 ========
@@ -114,7 +114,7 @@ VOID xkey.pem_privkey(STRING, STRING password=0)
 ------------------------------------------------
 
 Create a key from the PEM-encoded private key, optionally decrypting
-it using `password`.
+it using _password_.
 
 The cryptographic method to be used and the key length are
 automatically determined from _pem_. Typically supported methods
@@ -186,9 +186,10 @@ BOOL xverifier.valid(BLOB signature)
 Check if _signature_ is a valid signature for the _verifier_ object
 given the previous updates.
 
-Note that after calling .valid(), .update can be called again to add
-additional data, which can then be validated against a (different)
-signature using another call to .valid().
+Note that after calling `xverifier.valid()`, `xverifier.update()` can
+be called again to add additional data, which can then be validated
+against a (different) signature using another call to
+`xverifier.valid()`.
 
 .. _crypto.signer():
 
@@ -258,7 +259,7 @@ COPYRIGHT
 
 ::
 
-  Copyright 2018 UPLEX Nils Goroll Systemoptimierung
+  Copyright 2018,2021 UPLEX Nils Goroll Systemoptimierung
   All rights reserved
  
   Author: Nils Goroll <nils.goroll@uplex.de>