diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-12-16 10:50:53 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-16 10:50:53 +0100 |
commit | 5b82408d1f53424add604c6387155f60d52cb6ee (patch) | |
tree | bc5651ff7592abcc2a75ad381d817be9fbcbae4b | |
parent | 8dc869f6b28ae2cd3bb9cc4ff7c4bc30a7c9c27f (diff) |
openpgp: Fix terminology.
- What the code called a "primary key binding" is actually a direct
key signature. Primary key bindings are signatures by
signing-capable subkeys over primary and subkey.
- See #402.
-rw-r--r-- | openpgp/src/cert/builder.rs | 2 | ||||
-rw-r--r-- | openpgp/src/cert/mod.rs | 22 | ||||
-rw-r--r-- | openpgp/src/crypto/hash.rs | 6 | ||||
-rw-r--r-- | openpgp/src/packet/signature/mod.rs | 26 | ||||
-rw-r--r-- | sqv/tests/revoked-key.rs | 6 |
5 files changed, 31 insertions, 31 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 618494de..42780a65 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -435,7 +435,7 @@ impl CertBuilder { let mut signer = key.clone().into_keypair() .expect("key generated above has a secret"); - let sig = sig.sign_primary_key_binding(&mut signer)?; + let sig = sig.sign_direct_key(&mut signer)?; Ok((key.mark_parts_public(), sig.into())) } diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index de259257..cb0de264 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -1402,15 +1402,15 @@ impl Cert { } check!("primary key", - self.primary, self_signatures, verify_primary_key_binding); + self.primary, self_signatures, verify_direct_key); check!("primary key", self.primary, self_revocations, verify_primary_key_revocation); check_3rd_party!("primary key", self.primary, certifications, lookup_fn, - verify_primary_key_binding, hash_primary_key_binding); + verify_direct_key, hash_direct_key); check_3rd_party!("primary key", self.primary, other_revocations, lookup_fn, - verify_primary_key_revocation, hash_primary_key_binding); + verify_primary_key_revocation, hash_direct_key); for binding in self.userids.iter_mut() { check!(format!("userid \"{}\"", @@ -1562,11 +1562,11 @@ impl Cert { match sig.typ() { DirectKey => { check_one!("primary key", self.primary.self_signatures, - sig, verify_primary_key_binding); + sig, verify_direct_key); check_one_3rd_party!( "primary key", self.primary.certifications, sig, lookup_fn, - verify_primary_key_binding, hash_primary_key_binding); + verify_direct_key, hash_direct_key); }, KeyRevocation => { @@ -1575,7 +1575,7 @@ impl Cert { check_one_3rd_party!( "primary key", self.primary.other_revocations, sig, lookup_fn, verify_primary_key_revocation, - hash_primary_key_binding); + hash_direct_key); }, GenericCertification | PersonaCertification @@ -2757,7 +2757,7 @@ mod test { .set_issuer_fingerprint(key.fingerprint()).unwrap() .set_issuer(key.keyid()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() - .sign_primary_key_binding(&mut pair).unwrap(); + .sign_direct_key(&mut pair).unwrap(); let rev1 = signature::Builder::new(SignatureType::KeyRevocation) .set_signature_creation_time(t2).unwrap() @@ -2765,7 +2765,7 @@ mod test { &b""[..]).unwrap() .set_issuer_fingerprint(key.fingerprint()).unwrap() .set_issuer(key.keyid()).unwrap() - .sign_primary_key_binding(&mut pair).unwrap(); + .sign_direct_key(&mut pair).unwrap(); let bind2 = signature::Builder::new(SignatureType::DirectKey) .set_features(&Features::sequoia()).unwrap() @@ -2775,7 +2775,7 @@ mod test { .set_issuer_fingerprint(key.fingerprint()).unwrap() .set_issuer(key.keyid()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() - .sign_primary_key_binding(&mut pair).unwrap(); + .sign_direct_key(&mut pair).unwrap(); let rev2 = signature::Builder::new(SignatureType::KeyRevocation) .set_signature_creation_time(t4).unwrap() @@ -2783,7 +2783,7 @@ mod test { &b""[..]).unwrap() .set_issuer_fingerprint(key.fingerprint()).unwrap() .set_issuer(key.keyid()).unwrap() - .sign_primary_key_binding(&mut pair).unwrap(); + .sign_direct_key(&mut pair).unwrap(); (bind1, rev1, bind2, rev2) }; @@ -3385,7 +3385,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= .set_issuer(key.keyid()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() .set_signature_creation_time(*t).unwrap() - .sign_primary_key_binding(&mut pair).unwrap(); + .sign_direct_key(&mut pair).unwrap(); let binding : Packet = binding.into(); diff --git a/openpgp/src/crypto/hash.rs b/openpgp/src/crypto/hash.rs index 363036ff..12502c10 100644 --- a/openpgp/src/crypto/hash.rs +++ b/openpgp/src/crypto/hash.rs @@ -373,9 +373,9 @@ impl Signature { Self::hash_standalone(sig) } - /// Returns the message digest of the primary key binding over the - /// specified primary key. - pub fn hash_primary_key_binding<'a, S>(sig: S, key: &key::PublicKey) + /// Returns the message digest of the direct key signature over + /// the specified primary key. + pub fn hash_direct_key<'a, S>(sig: S, key: &key::PublicKey) -> Result<Vec<u8>> where S: Into<&'a signature::Builder> { diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 6f74e471..b5dd9d7c 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -39,13 +39,13 @@ const TRACE : bool = false; /// /// This is the mutable version of a `Signature4` packet. To convert /// it to one, use [`sign_hash`], [`sign_message`], -/// [`sign_primary_key_binding`], [`sign_subkey_binding`], +/// [`sign_direct_key`], [`sign_subkey_binding`], /// [`sign_userid_binding`], [`sign_user_attribute_binding`], /// [`sign_standalone`], or [`sign_timestamp`], /// /// [`sign_hash`]: #method.sign_hash /// [`sign_message`]: #method.sign_message -/// [`sign_primary_key_binding`]: #method.sign_primary_key_binding +/// [`sign_direct_key`]: #method.sign_direct_key /// [`sign_subkey_binding`]: #method.sign_subkey_binding /// [`sign_userid_binding`]: #method.sign_userid_binding /// [`sign_user_attribute_binding`]: #method.sign_user_attribute_binding @@ -162,14 +162,14 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. - pub fn sign_primary_key_binding(mut self, signer: &mut dyn Signer) + pub fn sign_direct_key(mut self, signer: &mut dyn Signer) -> Result<Signature> { self.pk_algo = signer.public().pk_algo(); let digest = - Signature::hash_primary_key_binding(&self, - signer.public() - .mark_role_primary_ref())?; + Signature::hash_direct_key(&self, + signer.public() + .mark_role_primary_ref())?; self.sign(signer, digest) } @@ -782,9 +782,9 @@ impl Signature4 { self.verify_digest(key, &digest[..]) } - /// Verifies the primary key binding. + /// Verifies the direct key signature. /// - /// `self` is the primary key binding signature, `signer` is the + /// `self` is the direct key signature, `signer` is the /// key that allegedly made the signature, and `pk` is the primary /// key. /// @@ -801,9 +801,9 @@ impl Signature4 { /// key is not revoked, not expired, has a valid self-signature, /// has a subkey binding signature (if appropriate), has the /// signing capability, etc. - pub fn verify_primary_key_binding<R>(&self, - signer: &Key<key::PublicParts, R>, - pk: &key::PublicKey) + pub fn verify_direct_key<R>(&self, + signer: &Key<key::PublicParts, R>, + pk: &key::PublicKey) -> Result<bool> where R: key::KeyRole { @@ -811,7 +811,7 @@ impl Signature4 { return Err(Error::UnsupportedSignatureType(self.typ()).into()); } - let hash = Signature::hash_primary_key_binding(self, pk)?; + let hash = Signature::hash_direct_key(self, pk)?; self.verify_digest(signer, &hash[..]) } @@ -844,7 +844,7 @@ impl Signature4 { return Err(Error::UnsupportedSignatureType(self.typ()).into()); } - let hash = Signature::hash_primary_key_binding(self, pk)?; + let hash = Signature::hash_direct_key(self, pk)?; self.verify_digest(signer, &hash[..]) } diff --git a/sqv/tests/revoked-key.rs b/sqv/tests/revoked-key.rs index fdfe24b5..a37f30ae 100644 --- a/sqv/tests/revoked-key.rs +++ b/sqv/tests/revoked-key.rs @@ -309,7 +309,7 @@ fn create_key() { .set_issuer(key.fingerprint().into()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); - let direct1 = b.sign_primary_key_binding(&mut signer).unwrap(); + let direct1 = b.sign_direct_key(&mut signer).unwrap(); // 1st subkey binding signature valid from t_sk_binding on b = signature::Builder::new(SignatureType::SubkeyBinding) @@ -336,7 +336,7 @@ fn create_key() { .set_issuer(key.fingerprint().into()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); - let direct2 = b.sign_primary_key_binding(&mut signer).unwrap(); + let direct2 = b.sign_direct_key(&mut signer).unwrap(); // 2nd subkey binding signature valid from t3 on let mut b = signature::Builder::new(SignatureType::SubkeyBinding) @@ -385,7 +385,7 @@ fn create_key() { .unwrap(); } - let rev = b.sign_primary_key_binding(&mut signer).unwrap(); + let rev = b.sign_direct_key(&mut signer).unwrap(); let cert = Cert::from_packet_pile(PacketPile::from(vec![ key.clone().into(), direct1.clone().into(), |