diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-01-21 12:09:25 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-01-21 14:54:21 +0100 |
commit | b121484054539c4401296a70548dee103910979d (patch) | |
tree | b2ac7e34bd25a8cea5548caad63cef0d8dc7888e | |
parent | 0b38b2e691c7376d762f07c529e8b3d0b8b7ecc6 (diff) |
openpgp: Reduce the usage of Cert::primary_key_signature.
-rw-r--r-- | openpgp/src/cert/builder.rs | 26 | ||||
-rw-r--r-- | openpgp/src/cert/keyiter.rs | 4 | ||||
-rw-r--r-- | openpgp/src/cert/mod.rs | 27 | ||||
-rw-r--r-- | openpgp/src/serialize/cert.rs | 6 | ||||
-rw-r--r-- | tool/src/commands/inspect.rs | 55 |
5 files changed, 54 insertions, 64 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index b8451766..42a29942 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -534,11 +534,9 @@ mod tests { assert_eq!(cert1.primary().pk_algo(), PublicKeyAlgorithm::EdDSA); assert!(cert1.subkeys().next().is_none()); - if let Some(sig) = cert1.primary_key_signature(None) { - assert!(sig.features().unwrap().supports_mdc()); - } else { - panic!(); - } + assert!(cert1.userids().primary(None).unwrap() + .binding_signature().unwrap() + .features().unwrap().supports_mdc()); } #[test] @@ -576,14 +574,8 @@ mod tests { .primary_key_flags(KeyFlags::default()) .add_transport_encryption_subkey() .generate().unwrap(); - let sig_pkts = &cert1.primary_key_signature(None).unwrap().hashed_area(); - - match sig_pkts.lookup(SubpacketTag::KeyFlags).unwrap().value() { - SubpacketValue::KeyFlags(ref ks) => assert!(ks.for_certification()), - v => panic!("Unexpected subpacket: {:?}", v), - } - - assert_eq!(cert1.subkeys().count(), 1); + assert!(cert1.keys().primary(None).unwrap().for_certification()); + assert_eq!(cert1.keys().subkeys().count(), 1); } #[test] @@ -666,7 +658,7 @@ mod tests { let now = cert.primary().creation_time() + 5 * s; // The subkeys may be created a tad later. let key = cert.primary(); - let sig = cert.primary_key_signature(None).unwrap(); + let sig = &cert.keys().primary_key().self_signatures()[0]; assert!(sig.key_alive(key, now).is_ok()); assert!(sig.key_alive(key, now + 590 * s).is_ok()); assert!(! sig.key_alive(key, now + 610 * s).is_ok()); @@ -697,7 +689,11 @@ mod tests { .generate().unwrap(); assert_eq!(cert.primary().creation_time(), UNIX_EPOCH); - assert_eq!(cert.primary_key_signature(None).unwrap() + assert_eq!(cert.keys().primary(None).unwrap() + .binding_signature() + .signature_creation_time().unwrap(), UNIX_EPOCH); + assert_eq!(cert.keys().primary(None).unwrap() + .direct_key_signature().unwrap() .signature_creation_time().unwrap(), UNIX_EPOCH); assert_eq!(rev.signature_creation_time().unwrap(), UNIX_EPOCH); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index bd0d648e..3174e6d2 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -511,12 +511,10 @@ impl<'a, P: 'a + key::KeyParts, R: 'a + key::KeyRole> ValidKeyIter<'a, P, R> { } } - let binding_signature = ka.binding_signature(); - if let Some(flags) = self.flags.as_ref() { if !ka.has_any_key_flag(flags) { t!("Have flags: {:?}, want flags: {:?}... skipping.", - binding_signature.key_flags(), flags); + flags, flags); continue; } } diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index 8c1e408f..20de650e 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -411,7 +411,7 @@ impl Cert { /// primary User ID's self signature. Since these signatures are /// associated with the UserID and not the primary key, that /// information is not contained in the key binding. Instead, you - /// should use methods like `Cert::primary_key_signature()` to get + /// should use methods like `Cert::keys().primary(t)` to get /// information about the primary key. pub fn primary(&self) -> &key::PublicKey { &self.primary.key() @@ -584,19 +584,24 @@ impl Cert { -> Result<Cert> { let sig = { - let (template, userid) = self - .primary_key_signature_full(Some(now)) - .ok_or(Error::MalformedCert("No self-signature".into()))?; + let primary = self.keys().primary(now)?; + let template = primary.binding_signature(); // Recompute the signature. let hash_algo = HashAlgorithm::SHA512; let mut hash = hash_algo.context()?; self.primary().hash(&mut hash); - if let Some((userid, _)) = userid { - userid.userid().hash(&mut hash); - } else { - assert_eq!(template.typ(), SignatureType::DirectKey); + match template.typ() { + SignatureType::DirectKey => + (), // Nothing to hash. + SignatureType::GenericCertification + | SignatureType::PersonaCertification + | SignatureType::CasualCertification + | SignatureType::PositiveCertification => + self.userids().primary(now).unwrap() + .userid().hash(&mut hash), + _ => unreachable!(), } // Generate the signature. @@ -1784,15 +1789,13 @@ mod test { fn merge_with_incomplete_update() { let cert = Cert::from_bytes(crate::tests::key("about-to-expire.expired.pgp")) .unwrap(); - assert!(! cert.primary_key_signature(None).unwrap() - .key_alive(cert.primary(), None).is_ok()); + cert.keys().primary(None).unwrap().alive().unwrap_err(); let update = Cert::from_bytes(crate::tests::key("about-to-expire.update-no-uid.pgp")) .unwrap(); let cert = cert.merge(update).unwrap(); - assert!(cert.primary_key_signature(None).unwrap() - .key_alive(cert.primary(), None).is_ok()); + cert.keys().primary(None).unwrap().alive().unwrap(); } #[test] diff --git a/openpgp/src/serialize/cert.rs b/openpgp/src/serialize/cert.rs index c21b8046..f5fa06e4 100644 --- a/openpgp/src/serialize/cert.rs +++ b/openpgp/src/serialize/cert.rs @@ -750,7 +750,8 @@ mod test { let uid_binding = uid.bind( &mut keypair, &cert, signature::Builder::from( - cert.primary_key_signature(None).unwrap().clone()) + cert.keys().primary(None).unwrap() + .direct_key_signature().unwrap().clone()) .set_type(SignatureType::PositiveCertification) .set_exportable_certification(false).unwrap()).unwrap(); @@ -760,7 +761,8 @@ mod test { let ua_binding = ua.bind( &mut keypair, &cert, signature::Builder::from( - cert.primary_key_signature(None).unwrap().clone()) + cert.keys().primary(None).unwrap() + .direct_key_signature().unwrap().clone()) .set_type(SignatureType::PositiveCertification) .set_exportable_certification(false).unwrap()).unwrap(); diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index 43ba1acc..13d0324c 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -4,6 +4,7 @@ use clap; extern crate sequoia_openpgp as openpgp; use crate::openpgp::{Packet, Result}; +use openpgp::packet::key::PublicParts; use crate::openpgp::parse::{Parse, PacketParserResult}; use super::dump::Convert; @@ -133,18 +134,14 @@ fn inspect_cert(output: &mut dyn io::Write, cert: &openpgp::Cert, writeln!(output)?; writeln!(output, " Fingerprint: {}", cert.fingerprint())?; inspect_revocation(output, "", cert.revoked(None))?; - let primary = cert.keys().primary_key(); - inspect_key(output, "", primary.key(), cert.primary_key_signature(None), - primary.certifications(), - print_keygrips, print_certifications)?; + let primary = cert.keys().primary(None)?; + inspect_key(output, "", primary, print_keygrips, print_certifications)?; writeln!(output)?; for ka in cert.keys().policy(None).skip(1) { writeln!(output, " Subkey: {}", ka.key().fingerprint())?; inspect_revocation(output, "", ka.revoked())?; - inspect_key(output, "", ka.key(), Some(ka.binding_signature()), - ka.binding().certifications(), - print_keygrips, print_certifications)?; + inspect_key(output, "", ka, print_keygrips, print_certifications)?; writeln!(output)?; } @@ -167,21 +164,16 @@ fn inspect_cert(output: &mut dyn io::Write, cert: &openpgp::Cert, Ok(()) } -fn inspect_key<P, R>(output: &mut dyn io::Write, - indent: &str, - key: &openpgp::packet::Key<P, R>, - binding_signature: Option<&openpgp::packet::Signature>, - certs: &[openpgp::packet::Signature], - print_keygrips: bool, - print_certifications: bool) +fn inspect_key(output: &mut dyn io::Write, + indent: &str, + ka: openpgp::cert::KeyAmalgamation<PublicParts>, + print_keygrips: bool, + print_certifications: bool) -> Result<()> - where P: openpgp::packet::key::KeyParts, - R: openpgp::packet::key::KeyRole { - if let Some(sig) = binding_signature { - if let Err(e) = sig.key_alive(key, None) { - writeln!(output, "{} Invalid: {}", indent, e)?; - } + let key = ka.key(); + if let Err(e) = ka.alive() { + writeln!(output, "{} Invalid: {}", indent, e)?; } if print_keygrips { @@ -194,20 +186,19 @@ fn inspect_key<P, R>(output: &mut dyn io::Write, } writeln!(output, "{} Creation time: {}", indent, key.creation_time().convert())?; - if let Some(sig) = binding_signature { - if let Some(expires) = sig.key_expiration_time() { - let expiration_time = key.creation_time() + expires; - writeln!(output, "{}Expiration time: {} (creation time + {})", - indent, - expiration_time.convert(), - expires.convert())?; - } + if let Some(expires) = ka.key_expiration_time() { + let expiration_time = key.creation_time() + expires; + writeln!(output, "{}Expiration time: {} (creation time + {})", + indent, + expiration_time.convert(), + expires.convert())?; + } - if let Some(flags) = sig.key_flags().and_then(inspect_key_flags) { - writeln!(output, "{} Key flags: {}", indent, flags)?; - } + if let Some(flags) = sig.key_flags().and_then(inspect_key_flags) { + writeln!(output, "{} Key flags: {}", indent, flags)?; } - inspect_certifications(output, certs, print_certifications)?; + inspect_certifications(output, ka.binding().certifications(), + print_certifications)?; Ok(()) } |