diff options
author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2020-10-20 10:11:23 +0200 |
---|---|---|
committer | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2020-12-01 14:55:56 +0100 |
commit | d40cd05ece363d49fad83f0d37b7f7a01090a585 (patch) | |
tree | 0d5c43bb5d67a22942e64b14ddaf915ed97531d8 | |
parent | 6e3cc5e9e95d18ffc180138415c5372d7b514fa8 (diff) |
openpgp: Allow using `None` to indicate signer's key should be used as the `key` parameter.
- Make sign_direct_key take Key of key::PublicParts.
- Simplify calling sign_direct_key by using Into.
- Allow passing None to sign_subkey_binding.
- Allow passing None to sign_userid_binding.
- Allow using None as key parameter.
- Improve docs mentioning new default for `pk`.
- `pk` set to `Option::None` will now default to signer's public key.
- Fixes #565.
-rw-r--r-- | openpgp/src/cert.rs | 10 | ||||
-rw-r--r-- | openpgp/src/cert/amalgamation/key.rs | 7 | ||||
-rw-r--r-- | openpgp/src/cert/builder.rs | 2 | ||||
-rw-r--r-- | openpgp/src/packet/signature.rs | 71 | ||||
-rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 42 | ||||
-rw-r--r-- | openpgp/src/policy.rs | 4 | ||||
-rw-r--r-- | sqv/tests/revoked-key.rs | 14 |
7 files changed, 86 insertions, 64 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 29782b44..1202ae5f 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -4438,13 +4438,13 @@ mod test { .set_signature_creation_time(t1).unwrap() .set_key_validity_period(Some(time::Duration::new(10 * 52 * 7 * 24 * 60 * 60, 0))).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() - .sign_direct_key(&mut pair, &key).unwrap(); + .sign_direct_key(&mut pair, key.parts_as_public()).unwrap(); let rev1 = signature::SignatureBuilder::new(SignatureType::KeyRevocation) .set_signature_creation_time(t2).unwrap() .set_reason_for_revocation(ReasonForRevocation::KeySuperseded, &b""[..]).unwrap() - .sign_direct_key(&mut pair, &key).unwrap(); + .sign_direct_key(&mut pair, key.parts_as_public()).unwrap(); let bind2 = signature::SignatureBuilder::new(SignatureType::DirectKey) .set_features(&Features::sequoia()).unwrap() @@ -4452,13 +4452,13 @@ mod test { .set_signature_creation_time(t3).unwrap() .set_key_validity_period(Some(time::Duration::new(10 * 52 * 7 * 24 * 60 * 60, 0))).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() - .sign_direct_key(&mut pair, &key).unwrap(); + .sign_direct_key(&mut pair, key.parts_as_public()).unwrap(); let rev2 = signature::SignatureBuilder::new(SignatureType::KeyRevocation) .set_signature_creation_time(t4).unwrap() .set_reason_for_revocation(ReasonForRevocation::KeyCompromised, &b""[..]).unwrap() - .sign_direct_key(&mut pair, &key).unwrap(); + .sign_direct_key(&mut pair, key.parts_as_public()).unwrap(); (bind1, rev1, bind2, rev2) }; @@ -5125,7 +5125,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= .unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap() .set_signature_creation_time(*t).unwrap() - .sign_direct_key(&mut pair, &key).unwrap(); + .sign_direct_key(&mut pair, key.parts_as_public()).unwrap(); let binding : Packet = binding.into(); diff --git a/openpgp/src/cert/amalgamation/key.rs b/openpgp/src/cert/amalgamation/key.rs index 192ba5bf..7071829e 100644 --- a/openpgp/src/cert/amalgamation/key.rs +++ b/openpgp/src/cert/amalgamation/key.rs @@ -1624,8 +1624,7 @@ impl<'a, P> ValidErasedKeyAmalgamation<'a, P> signature::subpacket::SubpacketTag::PrimaryUserID); // Generate the signature. - sigs.push(builder.sign_direct_key(primary_signer, - &self.cert().primary_key())?); + sigs.push(builder.sign_direct_key(primary_signer, None)?); // Second, generate a new binding signature for every // userid. We need to be careful not to change the @@ -1645,7 +1644,7 @@ impl<'a, P> ValidErasedKeyAmalgamation<'a, P> }).unwrap_or(false))?; sigs.push(builder.sign_userid_binding(primary_signer, - &self.cert().primary_key(), + self.cert().primary_key().component(), &userid)?); } } else { @@ -1687,7 +1686,7 @@ impl<'a, P> ValidErasedKeyAmalgamation<'a, P> sigs.push(sig.sign_subkey_binding( primary_signer, - &self.cert().primary_key(), + self.cert().primary_key().component(), self.key().role_as_subordinate())?); } diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 9f7f91b9..d30cee59 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -1105,7 +1105,7 @@ impl CertBuilder<'_> { let mut signer = key.clone().into_keypair() .expect("key generated above has a secret"); - let sig = sig.sign_direct_key(&mut signer, &key)?; + let sig = sig.sign_direct_key(&mut signer, key.parts_as_public())?; Ok((key, sig.into())) } diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index f083bffc..ddc80214 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -423,7 +423,7 @@ impl SignatureFields { /// Ok(a) /// })? /// // Update the direct key signature. -/// .sign_direct_key(&mut signer, pk)?); +/// .sign_direct_key(&mut signer, None)?); /// } /// /// for ua in vc.userids() { @@ -762,6 +762,11 @@ impl SignatureBuilder { /// [`set_signature_creation_time`]: #method.set_signature_creation_time /// [`preserve_signature_creation_time`]: #method.preserve_signature_creation_time /// + /// If `pk` is set to `None` the signature will be computed over the public key + /// retrieved from the `signer` parameter, i.e. a self-signature will be created. + /// To create a third-party-signature provide an explicit public key as the + /// `pk` parameter. + /// /// # Examples /// /// Set the default value for the [Preferred Symmetric Algorithms @@ -799,17 +804,17 @@ impl SignatureBuilder { /// vec![ SymmetricAlgorithm::AES256, /// SymmetricAlgorithm::AES128, /// ])? - /// .sign_direct_key(&mut signer, pk)?; + /// .sign_direct_key(&mut signer, None)?; /// /// // Verify it. /// sig.verify_direct_key(signer.public(), pk)?; /// # Ok(()) /// # } /// ``` - pub fn sign_direct_key<P>(mut self, signer: &mut dyn Signer, - pk: &Key<P, key::PrimaryRole>) + pub fn sign_direct_key<'a, PK>(mut self, signer: &mut dyn Signer, + pk: PK) -> Result<Signature> - where P: key::KeyParts, + where PK: Into<Option<&'a Key<key::PublicParts, key::PrimaryRole>>> { match self.typ { SignatureType::DirectKey => (), @@ -821,7 +826,9 @@ impl SignatureBuilder { self = self.pre_sign(signer)?; let mut hash = self.hash_algo().context()?; + let pk = pk.into().unwrap_or_else(|| signer.public().role_as_primary()); self.hash_direct_key(&mut hash, pk); + self.sign(signer, hash.into_digest()?) } @@ -895,6 +902,11 @@ impl SignatureBuilder { /// [`set_signature_creation_time`]: #method.set_signature_creation_time /// [`preserve_signature_creation_time`]: #method.preserve_signature_creation_time /// + /// If `pk` is set to `None` the signature will be computed over the public key + /// retrieved from the `signer` parameter, i.e. a self-signature will be created. + /// To create a third-party-signature provide an explicit public key as the + /// `pk` parameter. + /// /// # Examples /// /// Set the [Preferred Symmetric Algorithms subpacket], which will @@ -922,8 +934,6 @@ impl SignatureBuilder { /// // Derive a signer. /// let mut signer = key.clone().parts_into_secret()?.into_keypair()?; /// - /// let pk = cert.primary_key().key(); - /// /// // Update the User ID's binding signature. /// let ua = cert.with_policy(p, None)?.userids().nth(0).unwrap(); /// let mut new_sig = SignatureBuilder::from( @@ -932,18 +942,19 @@ impl SignatureBuilder { /// vec![ SymmetricAlgorithm::AES256, /// SymmetricAlgorithm::AES128, /// ])? - /// .sign_userid_binding(&mut signer, pk, ua.userid())?; + /// .sign_userid_binding(&mut signer, None, ua.userid())?; /// /// // Verify it. + /// let pk = cert.primary_key().key(); + /// /// new_sig.verify_userid_binding(signer.public(), pk, ua.userid())?; /// # Ok(()) /// # } /// ``` - pub fn sign_userid_binding<P>(mut self, signer: &mut dyn Signer, - key: &Key<P, key::PrimaryRole>, - userid: &UserID) + pub fn sign_userid_binding<'a, PK>(mut self, signer: &mut dyn Signer, + key: PK, userid: &UserID) -> Result<Signature> - where P: key::KeyParts, + where PK: Into<Option<&'a Key<key::PublicParts, key::PrimaryRole>>> { match self.typ { SignatureType::GenericCertification => (), @@ -957,6 +968,8 @@ impl SignatureBuilder { self = self.pre_sign(signer)?; + let key = key.into().unwrap_or_else(|| signer.public().role_as_primary()); + let mut hash = self.hash_algo().context()?; self.hash_userid_binding(&mut hash, key, userid); self.sign(signer, hash.into_digest()?) @@ -1022,6 +1035,9 @@ impl SignatureBuilder { /// [`set_signature_creation_time`]: #method.set_signature_creation_time /// [`preserve_signature_creation_time`]: #method.preserve_signature_creation_time /// + /// If `pk` is set to `None` the signature will be computed over the public key + /// retrieved from the `signer` parameter. + /// /// # Examples /// /// Add a new subkey intended for encrypting data in motion to an @@ -1052,7 +1068,7 @@ impl SignatureBuilder { /// /// let sig = SignatureBuilder::new(SignatureType::SubkeyBinding) /// .set_key_flags(&KeyFlags::empty().set_transport_encryption())? - /// .sign_subkey_binding(&mut pk_signer, &pk, &subkey)?; + /// .sign_subkey_binding(&mut pk_signer, None, &subkey)?; /// /// let cert = cert.insert_packets(vec![Packet::SecretSubkey(subkey), /// sig.into()])?; @@ -1061,12 +1077,12 @@ impl SignatureBuilder { /// # Ok(()) /// # } /// ``` - pub fn sign_subkey_binding<P, Q>(mut self, signer: &mut dyn Signer, - primary: &Key<P, key::PrimaryRole>, + pub fn sign_subkey_binding<'a, PK, Q>(mut self, signer: &mut dyn Signer, + primary: PK, subkey: &Key<Q, key::SubordinateRole>) -> Result<Signature> - where P: key::KeyParts, - Q: key::KeyParts, + where Q: key::KeyParts, + PK: Into<Option<&'a Key<key::PublicParts, key::PrimaryRole>>>, { match self.typ { SignatureType::SubkeyBinding => (), @@ -1077,6 +1093,7 @@ impl SignatureBuilder { self = self.pre_sign(signer)?; + let primary = primary.into().unwrap_or_else(|| signer.public().role_as_primary()); let mut hash = self.hash_algo().context()?; self.hash_subkey_binding(&mut hash, primary, subkey); self.sign(signer, hash.into_digest()?) @@ -1199,7 +1216,7 @@ impl SignatureBuilder { /// .set_embedded_signature( /// SignatureBuilder::new(SignatureType::PrimaryKeyBinding) /// .sign_primary_key_binding(&mut sk_signer, &pk, &subkey)?)? - /// .sign_subkey_binding(&mut pk_signer, &pk, &subkey)?; + /// .sign_subkey_binding(&mut pk_signer, None, &subkey)?; /// /// let cert = cert.insert_packets(vec![Packet::SecretSubkey(subkey), /// sig.into()])?; @@ -1294,6 +1311,11 @@ impl SignatureBuilder { /// [`set_signature_creation_time`]: #method.set_signature_creation_time /// [`preserve_signature_creation_time`]: #method.preserve_signature_creation_time /// + /// If `pk` is set to `None` the signature will be computed over the public key + /// retrieved from the `signer` parameter, i.e. a self-signature will be created. + /// To create a third-party-signature provide an explicit public key as the + /// `pk` parameter. + /// /// # Examples /// /// Add a new User Attribute to an existing certificate: @@ -1331,7 +1353,7 @@ impl SignatureBuilder { /// /// let mut sig = /// SignatureBuilder::new(SignatureType::PositiveCertification) - /// .sign_user_attribute_binding(&mut signer, pk, &ua)?; + /// .sign_user_attribute_binding(&mut signer, None, &ua)?; /// /// // Verify it. /// sig.verify_user_attribute_binding(signer.public(), pk, &ua)?; @@ -1341,11 +1363,10 @@ impl SignatureBuilder { /// # Ok(()) /// # } /// ``` - pub fn sign_user_attribute_binding<P>(mut self, signer: &mut dyn Signer, - key: &Key<P, key::PrimaryRole>, - ua: &UserAttribute) + pub fn sign_user_attribute_binding<'a, PK>(mut self, signer: &mut dyn Signer, + key: PK, ua: &UserAttribute) -> Result<Signature> - where P: key::KeyParts, + where PK: Into<Option<&'a Key<key::PublicParts, key::PrimaryRole>>> { match self.typ { SignatureType::GenericCertification => (), @@ -1359,6 +1380,8 @@ impl SignatureBuilder { self = self.pre_sign(signer)?; + let key = key.into().unwrap_or_else(|| signer.public().role_as_primary()); + let mut hash = self.hash_algo().context()?; self.hash_user_attribute_binding(&mut hash, key, ua); self.sign(signer, hash.into_digest()?) @@ -3369,7 +3392,7 @@ mod test { NotationDataFlags::empty().set_human_readable(), false)? .sign_userid_binding(&mut primary_signer, - &alice.primary_key(), + alice.primary_key().component(), &alice.userids().nth(0).unwrap()) { Ok(v) => v, Err(e) => if i < SIG_BACKDATE_BY { diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index 7078eff6..ae5ccf1d 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -3883,7 +3883,7 @@ impl signature::SignatureBuilder { /// true)?)?; /// Ok(a) /// })? - /// .sign_direct_key(&mut signer, pk)?; + /// .sign_direct_key(&mut signer, None)?; /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; @@ -3926,7 +3926,7 @@ impl signature::SignatureBuilder { /// Ok(a) /// })? /// // Update the direct key signature. - /// .sign_direct_key(&mut signer, pk)?); + /// .sign_direct_key(&mut signer, Some(pk))?); /// } /// /// for ua in vc.userids() { @@ -4363,7 +4363,7 @@ impl signature::SignatureBuilder { /// let certification = SignatureBuilder::new(SignatureType::GenericCertification) /// .set_exportable_certification(false)? /// .sign_userid_binding( - /// &mut alices_signer, &bob.primary_key(), bobs_userid)?; + /// &mut alices_signer, bob.primary_key().key(), bobs_userid)?; /// # assert_eq!(certification /// # .hashed_area() /// # .iter() @@ -4444,7 +4444,7 @@ impl signature::SignatureBuilder { /// let certification = SignatureBuilder::new(SignatureType::GenericCertification) /// .set_trust_signature(1, 120)? /// .sign_userid_binding( - /// &mut alices_signer, &bob.primary_key(), bobs_userid)?; + /// &mut alices_signer, bob.primary_key().component(), bobs_userid)?; /// # assert_eq!(certification /// # .hashed_area() /// # .iter() @@ -4531,7 +4531,7 @@ impl signature::SignatureBuilder { /// .set_regular_expression("<[^>]+[@.]example\\.com>$")? /// .sign_userid_binding( /// &mut alices_signer, - /// &example_com.primary_key(), + /// example_com.primary_key().component(), /// example_com_userid)?; /// # assert_eq!(certification /// # .hashed_area() @@ -4628,7 +4628,7 @@ impl signature::SignatureBuilder { /// .add_regular_expression("<[^>]+[@.]example\\.net>$")? /// .sign_userid_binding( /// &mut alices_signer, - /// &example_com.primary_key(), + /// example_com.primary_key().component(), /// example_com_userid)?; /// # assert_eq!(certification /// # .hashed_area() @@ -4717,7 +4717,7 @@ impl signature::SignatureBuilder { /// .set_signature_validity_period( /// std::time::Duration::new(SECONDS_IN_YEAR, 0))? /// .sign_userid_binding( - /// &mut alices_signer, &bob.primary_key(), bobs_userid)?; + /// &mut alices_signer, bob.primary_key().component(), bobs_userid)?; /// # assert_eq!(certification /// # .hashed_area() /// # .iter() @@ -4811,7 +4811,7 @@ impl signature::SignatureBuilder { /// // This reuses any existing backsignature. /// let sig = SignatureBuilder::from(key.binding_signature().clone()) /// .set_key_validity_period(std::time::Duration::new(10 * 60, 0))? - /// .sign_subkey_binding(&mut signer, &pk, &key)?; + /// .sign_subkey_binding(&mut signer, None, &key)?; /// sigs.push(sig); /// } /// @@ -4923,7 +4923,7 @@ impl signature::SignatureBuilder { /// .set_key_expiration_time(&key, /// time::SystemTime::now() /// + time::Duration::new(10 * 60, 0))? - /// .sign_subkey_binding(&mut signer, &pk, &key)?; + /// .sign_subkey_binding(&mut signer, None, &key)?; /// sigs.push(sig); /// } /// @@ -5028,7 +5028,7 @@ impl signature::SignatureBuilder { /// vec![ SymmetricAlgorithm::AES256, /// SymmetricAlgorithm::AES128, /// ])? - /// .sign_direct_key(&mut signer, &cert.primary_key())?; + /// .sign_direct_key(&mut signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5097,7 +5097,7 @@ impl signature::SignatureBuilder { /// .set_revocation_key(vec![ /// RevocationKey::new(bob.primary_key().pk_algo(), bob.fingerprint(), false), /// ])? - /// .sign_direct_key(&mut alices_signer, &alice.primary_key())?; + /// .sign_direct_key(&mut alices_signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5363,7 +5363,7 @@ impl signature::SignatureBuilder { /// NotationDataFlags::empty().set_human_readable(), false)? /// .add_notation("proof@metacode.biz", "https://news.ycombinator.com/user?id=wiktor-k", /// NotationDataFlags::empty().set_human_readable(), false)? - /// .sign_userid_binding(&mut signer, &cert.primary_key(), &userid)?; + /// .sign_userid_binding(&mut signer, None, &userid)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5459,7 +5459,7 @@ impl signature::SignatureBuilder { /// NotationDataFlags::empty().set_human_readable(), false)? /// .add_notation("proof@metacode.biz", "https://news.ycombinator.com/user?id=wiktor-k", /// NotationDataFlags::empty().set_human_readable(), false)? - /// .sign_userid_binding(&mut signer, &cert.primary_key(), &userid)?; + /// .sign_userid_binding(&mut signer, None, &userid)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5544,7 +5544,7 @@ impl signature::SignatureBuilder { /// vec![ HashAlgorithm::SHA512, /// HashAlgorithm::SHA256, /// ])? - /// .sign_direct_key(&mut signer, &cert.primary_key())?; + /// .sign_direct_key(&mut signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5625,7 +5625,7 @@ impl signature::SignatureBuilder { /// CompressionAlgorithm::Zip, /// CompressionAlgorithm::BZip2, /// ])? - /// .sign_direct_key(&mut signer, &cert.primary_key())?; + /// .sign_direct_key(&mut signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5702,7 +5702,7 @@ impl signature::SignatureBuilder { /// SignatureBuilder::from(sig.clone()) /// .set_key_server_preferences( /// KeyServerPreferences::empty().set_no_modify())? - /// .sign_direct_key(&mut signer, &cert.primary_key())?; + /// .sign_direct_key(&mut signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5781,7 +5781,7 @@ impl signature::SignatureBuilder { /// let sig = /// SignatureBuilder::from(sig.clone()) /// .set_preferred_key_server(&"https://keys.openpgp.org")? - /// .sign_direct_key(&mut signer, &cert.primary_key())?; + /// .sign_direct_key(&mut signer, None)?; /// # assert_eq!(sig /// # .hashed_area() /// # .iter() @@ -5942,7 +5942,7 @@ impl signature::SignatureBuilder { /// .clone() /// ) /// .set_policy_uri("https://example.org/~alice/signing-policy.txt")? - /// .sign_direct_key(&mut signer, pk)?; + /// .sign_direct_key(&mut signer, None)?; /// # let mut sig = sig; /// # sig.verify_direct_key(signer.public(), pk)?; /// # assert_eq!(sig @@ -6243,7 +6243,7 @@ impl signature::SignatureBuilder { /// .set_features( /// &sig.features().unwrap_or_else(Features::sequoia) /// .set_aead())? - /// .sign_direct_key(&mut signer, pk)?); + /// .sign_direct_key(&mut signer, None)?); /// } /// /// for ua in vc.userids() { @@ -6353,7 +6353,7 @@ impl signature::SignatureBuilder { /// .set_embedded_signature( /// SignatureBuilder::new(SignatureType::PrimaryKeyBinding) /// .sign_primary_key_binding(&mut sk_signer, &pk, &subkey)?)? - /// .sign_subkey_binding(&mut pk_signer, &pk, &subkey)?; + /// .sign_subkey_binding(&mut pk_signer, None, &subkey)?; /// /// let cert = cert.insert_packets(vec![Packet::SecretSubkey(subkey), /// sig.into()])?; @@ -6621,7 +6621,7 @@ impl signature::SignatureBuilder { /// .set_features( /// &sig.features().unwrap_or_else(Features::sequoia) /// .set_aead())? - /// .sign_direct_key(&mut signer, pk)?); + /// .sign_direct_key(&mut signer, None)?); /// } /// /// for ua in vc.userids() { diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index c247275e..8a33a8c2 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1513,7 +1513,7 @@ mod test { let binding = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) .set_key_flags(&KeyFlags::empty().set_transport_encryption())? .sign_subkey_binding(&mut pk.clone().into_keypair()?, - &pk, &subkey)?; + pk.parts_as_public(), &subkey)?; let cert = cert.insert_packets( vec![ Packet::from(subkey), binding.into() ])?; @@ -1536,7 +1536,7 @@ mod test { let binding = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) .set_key_flags(&KeyFlags::empty().set_transport_encryption())? .sign_subkey_binding(&mut pk.clone().into_keypair()?, - &pk, &subkey)?; + pk.parts_as_public(), &subkey)?; let cert = cert.insert_packets( vec![ Packet::from(subkey), binding.into() ])?; diff --git a/sqv/tests/revoked-key.rs b/sqv/tests/revoked-key.rs index 44e41e41..404092e1 100644 --- a/sqv/tests/revoked-key.rs +++ b/sqv/tests/revoked-key.rs @@ -305,7 +305,7 @@ fn create_key() { let uid_binding = signature::SignatureBuilder::new(SignatureType::PositiveCertification) .set_signature_creation_time(t1).unwrap() - .sign_userid_binding(&mut signer, &key, &uid).unwrap(); + .sign_userid_binding(&mut signer, None, &uid).unwrap(); // Create subkey. let mut subkey: Key<_, SubordinateRole> = make_key().into(); @@ -320,7 +320,7 @@ fn create_key() { .set_signature_creation_time(t1).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); - let direct1 = b.sign_direct_key(&mut signer, &key).unwrap(); + let direct1 = b.sign_direct_key(&mut signer, None).unwrap(); // 1st subkey binding signature valid from t_sk_binding on b = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) @@ -331,7 +331,7 @@ fn create_key() { .set_signature_creation_time(t_sk_binding).unwrap() .sign_primary_key_binding(&mut sk_signer, &key, &subkey).unwrap()) .unwrap(); - let sk_bind1 = b.sign_subkey_binding(&mut signer, &key, &subkey).unwrap(); + let sk_bind1 = b.sign_subkey_binding(&mut signer, None, &subkey).unwrap(); // 2nd direct key signature valid from t3 on b = signature::SignatureBuilder::new(SignatureType::DirectKey) @@ -341,7 +341,7 @@ fn create_key() { .set_signature_creation_time(t3).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); - let direct2 = b.sign_direct_key(&mut signer, &key).unwrap(); + let direct2 = b.sign_direct_key(&mut signer, None).unwrap(); // 2nd subkey binding signature valid from t3 on let mut b = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) @@ -352,7 +352,7 @@ fn create_key() { .set_signature_creation_time(t3).unwrap() .sign_primary_key_binding(&mut sk_signer, &key, &subkey).unwrap()) .unwrap(); - let sk_bind2 = b.sign_subkey_binding(&mut signer, &key, &subkey).unwrap(); + let sk_bind2 = b.sign_subkey_binding(&mut signer, None, &subkey).unwrap(); let cert = Cert::try_from(vec![ key.clone().into(), @@ -386,7 +386,7 @@ fn create_key() { .unwrap(); } - let rev = b.sign_direct_key(&mut signer, &key).unwrap(); + let rev = b.sign_direct_key(&mut signer, None).unwrap(); let cert = Cert::try_from(vec![ key.clone().into(), direct1.clone().into(), @@ -413,7 +413,7 @@ fn create_key() { .unwrap(); } - let rev = b.sign_subkey_binding(&mut signer, &key, &subkey).unwrap(); + let rev = b.sign_subkey_binding(&mut signer, None, &subkey).unwrap(); let cert = Cert::try_from(vec![ key.clone().into(), direct1.clone().into(), |