openpgp: Use the signing key's issuer and issuer_fingerprint by default.

- Fixes #451. - Add warning for set_issuer and set_issuer_fingerprint. Using them is likely either redundant or a mistake.
author: Nora Widdecke <nora@sequoia-pgp.org> 2020-03-16 18:33:17 +0100
committer: Nora Widdecke <nora@sequoia-pgp.org> 2020-03-19 11:54:06 +0100
commit: 6cacf957896f86c2dfbd5181fc61269697779f17 (patch)
tree: 3fbeba9a8eae79c8066fe264bee581379a2b6e66
parent: 4eb60d2d2f160542a21b102a4205a2be5aaeb459 (diff)
2 files changed, 40 insertions, 1 deletions
diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs
index 7aa1cd54..38aa214a 100644
--- a/openpgp/src/packet/signature/mod.rs
+++ b/openpgp/src/packet/signature/mod.rs
@@ -48,6 +48,14 @@ pub mod subpacket;
 ///   [`sign_standalone`]: #method.sign_standalone
 ///   [`sign_timestamp`]: #method.sign_timestamp
 ///
+/// By default, these functions add references to the signing key by adding
+/// Issuer and Issuer Fingerprint subpackets in the unhashed subpacket area.
+/// To override, use [`set_issuer`] and [`set_issuer_fingerprint`].
+/// Caution: this likely makes the signature unverifiable.
+///
+///   [`set_issuer`]: #method.set_issuer
+///   [`set_issuer_fingerprint`]: #method.set_issuer_fingerprint
+///
 /// Signatures must always include a creation time.  We automatically
 /// insert a creation time subpacket with the current time into the
 /// hashed subpacket area.  To override the creation time, use
@@ -134,6 +142,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_standalone(mut self, signer: &mut dyn Signer)
                            -> Result<Signature>
     {
@@ -147,6 +157,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_timestamp(mut self, signer: &mut dyn Signer)
                           -> Result<Signature>
     {
@@ -160,6 +172,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_direct_key(mut self, signer: &mut dyn Signer)
         -> Result<Signature>
     {
@@ -177,6 +191,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_userid_binding<P>(mut self, signer: &mut dyn Signer,
                                   key: &Key<P, key::PrimaryRole>,
                                   userid: &UserID)
@@ -194,6 +210,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_subkey_binding<P, Q>(mut self, signer: &mut dyn Signer,
                                      primary: &Key<P, key::PrimaryRole>,
                                      subkey: &Key<Q, key::SubordinateRole>)
@@ -213,6 +231,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `subkey_signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `subkey_signer`.
     pub fn sign_primary_key_binding<P, Q>(mut self,
                                           subkey_signer: &mut dyn Signer,
                                           primary: &Key<P, key::PrimaryRole>,
@@ -233,6 +253,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_user_attribute_binding<P>(mut self, signer: &mut dyn Signer,
                                           key: &Key<P, key::PrimaryRole>,
                                           ua: &UserAttribute)
@@ -251,6 +273,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_hash(mut self, signer: &mut dyn Signer,
                      mut hash: hash::Context)
         -> Result<Signature>
@@ -272,6 +296,8 @@ impl Builder {
     ///
     /// The Signature's public-key algorithm field is set to the
     /// algorithm used by `signer`.
+    /// If not set before, Issuer and Issuer Fingerprint subpackets are added
+    /// pointing to `signer`.
     pub fn sign_message<M>(mut self, signer: &mut dyn Signer, msg: M)
         -> Result<Signature>
         where M: AsRef<[u8]>
@@ -298,9 +324,16 @@ impl Builder {
         let algo = self.hash_algo;
         let mpis = signer.sign(algo, &digest)?;
 
+        let mut fields = self;
+
+        if fields.issuer().is_none() && fields.issuer_fingerprint().is_none() {
+            fields = fields.set_issuer(signer.public().keyid())?
+                .set_issuer_fingerprint(signer.public().fingerprint())?;
+        }
+
         Ok(Signature4 {
             common: Default::default(),
-            fields: self,
+            fields: fields,
             digest_prefix: [digest[0], digest[1]],
             mpis: mpis,
             computed_digest: Some(digest),
diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs
index 84e53ab5..5fc0ccde 100644
--- a/openpgp/src/packet/signature/subpacket.rs
+++ b/openpgp/src/packet/signature/subpacket.rs
@@ -2064,6 +2064,9 @@ impl signature::Builder {
 
     /// Sets the value of the Issuer subpacket, which contains the
     /// KeyID of the key that allegedly created this signature.
+    ///
+    /// Caution: By default, the issuer is set correctly when creating
+    /// the signature. Only use this function to override it.
     pub fn set_issuer(mut self, id: KeyID) -> Result<Self> {
         self.unhashed_area.replace(Subpacket::new(
             SubpacketValue::Issuer(id),
@@ -2294,6 +2297,9 @@ impl signature::Builder {
     /// Sets the value of the Issuer Fingerprint subpacket, which
     /// contains the fingerprint of the key that allegedly created
     /// this signature.
+    ///
+    /// Caution: By default, the issuer fingerprint is set correctly when
+    /// creating the signature. Only use this function to override it.
     pub fn set_issuer_fingerprint(mut self, fp: Fingerprint) -> Result<Self> {
         self.unhashed_area.replace(Subpacket::new(
             SubpacketValue::IssuerFingerprint(fp),
author	Nora Widdecke <nora@sequoia-pgp.org>	2020-03-16 18:33:17 +0100
committer	Nora Widdecke <nora@sequoia-pgp.org>	2020-03-19 11:54:06 +0100
commit	6cacf957896f86c2dfbd5181fc61269697779f17 (patch)
tree	3fbeba9a8eae79c8066fe264bee581379a2b6e66
parent	4eb60d2d2f160542a21b102a4205a2be5aaeb459 (diff)