diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-04-21 15:29:48 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-04-26 13:16:57 +0200 |
| commit | 815bb18f7dbbfb8074a34707a254415b8184280d (patch) | |
| tree | 3345277ff77dbb6289a8e6e6cbd47469760bf72e /openpgp/src/cert.rs | |
| parent | 65624f499b30589a40c6f4fa87f34f0c0f407394 (diff) | |
openpgp: Add high-level interface for attested certifications.
- Fixes #335.
Diffstat (limited to 'openpgp/src/cert.rs')
| -rw-r--r-- | openpgp/src/cert.rs | 72 |
1 files changed, 55 insertions, 17 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index f7f962ef..162b63e0 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -6013,10 +6013,10 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= #[test] fn attested_key_signatures() -> Result<()> { use crate::{ - crypto::hash::Hash, packet::signature::SignatureBuilder, types::*, }; + let p = &crate::policy::StandardPolicy::new(); let (alice, _) = CertBuilder::new() .add_userid("alice@foo.com") @@ -6039,26 +6039,25 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= = bob.userids().next().unwrap().userid().bind( &mut alice_signer, &bob, SignatureBuilder::new(SignatureType::GenericCertification))?; + let bob = bob.insert_packets(vec![ + alice_certifies_bob.clone(), + ])?; - // Have Bob attest that certification. - let hash_algo = HashAlgorithm::default(); - - // First, hash the certification. - let mut h = hash_algo.context()?; - alice_certifies_bob.hash_for_confirmation(&mut h); - let digest = h.into_digest()?; - - // Then, prepare an attested key signature. - let mut h = hash_algo.context()?; - bob.primary_key().key().hash(&mut h); - bob.userids().next().unwrap().userid().hash(&mut h); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .certifications().count(), 1); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 0); - let attestation = SignatureBuilder::new(SignatureType::AttestationKey) - .set_attested_certifications(vec![digest])? - .sign_hash(&mut bob_signer, h)?; + // Have Bob attest that certification. + let attestations = + bob.userids().next().unwrap().attest_certifications( + p, + &mut bob_signer, + vec![&alice_certifies_bob])?; + assert_eq!(attestations.len(), 1); + let attestation = attestations[0].clone(); let bob = bob.insert_packets(vec![ - alice_certifies_bob.clone(), attestation.clone(), ])?; @@ -6067,6 +6066,10 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= Some(&alice_certifies_bob)); assert_eq!(&bob.userids().next().unwrap().bundle().attestations[0], &attestation); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .certifications().count(), 1); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 1); // Check that attested key signatures are kept over merges. let bob_ = bob.clone().merge_public(bob_pristine.clone())?; @@ -6075,6 +6078,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= Some(&alice_certifies_bob)); assert_eq!(&bob_.userids().next().unwrap().bundle().attestations[0], &attestation); + assert_eq!(bob_.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 1); // And the other way around. let bob_ = bob_pristine.clone().merge_public(bob.clone())?; @@ -6083,6 +6088,33 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= Some(&alice_certifies_bob)); assert_eq!(&bob_.userids().next().unwrap().bundle().attestations[0], &attestation); + assert_eq!(bob_.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 1); + + // Have Bob withdraw any prior attestations. + + let attestations = + bob.userids().next().unwrap().attest_certifications( + p, + &mut bob_signer, + &[])?; + assert_eq!(attestations.len(), 1); + let attestation = attestations[0].clone(); + + let bob = bob.insert_packets(vec![ + attestation.clone(), + ])?; + + assert_eq!(bob.bad_signatures().count(), 0); + assert_eq!(bob.userids().next().unwrap().certifications().next(), + Some(&alice_certifies_bob)); + assert_eq!(&bob.userids().next().unwrap().bundle().attestations[0], + &attestation); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .certifications().count(), 1); + assert_eq!(bob.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 0); + Ok(()) } @@ -6094,6 +6126,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= use crate::{ crypto::hash::Digest, }; + let p = &crate::policy::StandardPolicy::new(); let test = Cert::from_bytes(crate::tests::key("1pa3pc-dkgpg.pgp"))?; assert_eq!(test.bad_signatures().count(), 0); @@ -6131,6 +6164,11 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= assert!(digests.contains(&digest[..])); } + assert_eq!(test.with_policy(p, None)?.userids().next().unwrap() + .certifications().count(), 1); + assert_eq!(test.with_policy(p, None)?.userids().next().unwrap() + .attested_certifications().count(), 1); + Ok(()) } |