diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-06-29 16:56:55 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-06-29 18:28:05 +0200 |
commit | 92c5a1612995201afbcd1b9b5b6d749cf1b2d6a7 (patch) | |
tree | 2d54c8654d014bc40e1b3a1c9a1d73d501739435 /sqv | |
parent | cd01d146546afb04fcbe493a2fa5d81077d646f4 (diff) |
openpgp: Don't unnecessarily set signature subpackets.
- When using the `SignatureBuilder`, the signature creation time and
issuer subpackets will be correctly set by default.
- Don't do it explicitly.
Diffstat (limited to 'sqv')
-rw-r--r-- | sqv/tests/revoked-key.rs | 50 | ||||
-rw-r--r-- | sqv/tests/wrong-key-flags.rs | 3 |
2 files changed, 8 insertions, 45 deletions
diff --git a/sqv/tests/revoked-key.rs b/sqv/tests/revoked-key.rs index 518bf8b8..838d5d18 100644 --- a/sqv/tests/revoked-key.rs +++ b/sqv/tests/revoked-key.rs @@ -304,8 +304,6 @@ fn create_key() { .set_key_flags(&KeyFlags::default() .set_signing(true).set_certification(true)).unwrap() .set_signature_creation_time(t1).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); let direct1 = b.sign_direct_key(&mut signer).unwrap(); @@ -314,13 +312,9 @@ fn create_key() { b = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) .set_key_flags(&KeyFlags::default().set_signing(true)).unwrap() .set_signature_creation_time(t_sk_binding).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap() .set_embedded_signature( signature::SignatureBuilder::new(SignatureType::PrimaryKeyBinding) .set_signature_creation_time(t_sk_binding).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.keyid()).unwrap() .sign_subkey_binding(&mut sk_signer, &key, &subkey).unwrap()) .unwrap(); let sk_bind1 = b.sign_subkey_binding(&mut signer, &key, &subkey).unwrap(); @@ -331,8 +325,6 @@ fn create_key() { .set_key_flags(&KeyFlags::default() .set_signing(true).set_certification(true)).unwrap() .set_signature_creation_time(t3).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap() .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) .unwrap(); let direct2 = b.sign_direct_key(&mut signer).unwrap(); @@ -341,13 +333,9 @@ fn create_key() { let mut b = signature::SignatureBuilder::new(SignatureType::SubkeyBinding) .set_key_flags(&KeyFlags::default().set_signing(true)).unwrap() .set_signature_creation_time(t3).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap() .set_embedded_signature( signature::SignatureBuilder::new(SignatureType::PrimaryKeyBinding) .set_signature_creation_time(t3).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.keyid()).unwrap() .sign_subkey_binding(&mut sk_signer, &key, &subkey).unwrap()) .unwrap(); let sk_bind2 = b.sign_subkey_binding(&mut signer, &key, &subkey).unwrap(); @@ -375,9 +363,7 @@ fn create_key() { ] { // Revocation sig valid from t2 on let mut b = signature::SignatureBuilder::new(SignatureType::KeyRevocation) - .set_signature_creation_time(t2).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap(); + .set_signature_creation_time(t2).unwrap(); if let Some(r) = reason { b = b.set_reason_for_revocation(r.clone(), r.to_string().as_bytes()) @@ -402,9 +388,7 @@ fn create_key() { // Again, this time we revoke the subkey. let mut b = signature::SignatureBuilder::new(SignatureType::SubkeyRevocation) - .set_signature_creation_time(t2).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap(); + .set_signature_creation_time(t2).unwrap(); if let Some(r) = reason { b = b.set_reason_for_revocation(r.clone(), r.to_string().as_bytes()) @@ -431,8 +415,6 @@ fn create_key() { // 0th message sig before t1 let sig0 = signature::SignatureBuilder::new(SignatureType::Binary) .set_signature_creation_time(t0).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap() .sign_message(&mut signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t0.pgp").unwrap(); Packet::from(sig0).serialize(&mut fd).unwrap(); @@ -440,62 +422,46 @@ fn create_key() { // 0th message sig before t1, subkey let sig0 = signature::SignatureBuilder::new(SignatureType::Binary) .set_signature_creation_time(t0).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.fingerprint().into()).unwrap() .sign_message(&mut sk_signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t0.sk.pgp").unwrap(); Packet::from(sig0).serialize(&mut fd).unwrap(); // 1st message sig between t1 and t2 b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(t12).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap(); + .set_signature_creation_time(t12).unwrap(); let sig1 = b.sign_message(&mut signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t1-t2.pgp").unwrap(); Packet::from(sig1).serialize(&mut fd).unwrap(); // 1st message sig between t1 and t2, subkey b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(t12).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.fingerprint().into()).unwrap(); + .set_signature_creation_time(t12).unwrap(); let sig1 = b.sign_message(&mut sk_signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t1-t2.sk.pgp").unwrap(); Packet::from(sig1).serialize(&mut fd).unwrap(); // 2nd message sig between t2 and t3 b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(t23).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap(); + .set_signature_creation_time(t23).unwrap(); let sig2 = b.sign_message(&mut signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t2-t3.pgp").unwrap(); Packet::from(sig2).serialize(&mut fd).unwrap(); // 2nd message sig between t2 and t3, subkey b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(t23).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.fingerprint().into()).unwrap(); + .set_signature_creation_time(t23).unwrap(); let sig2 = b.sign_message(&mut sk_signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t2-t3.sk.pgp").unwrap(); Packet::from(sig2).serialize(&mut fd).unwrap(); // 3rd message sig between t3 and now - b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(std::time::SystemTime::now()).unwrap() - .set_issuer_fingerprint(key.fingerprint()).unwrap() - .set_issuer(key.fingerprint().into()).unwrap(); + b = signature::SignatureBuilder::new(SignatureType::Binary); let sig3 = b.sign_message(&mut signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t3-now.pgp").unwrap(); Packet::from(sig3).serialize(&mut fd).unwrap(); // 3rd message sig between t3 and now, subkey - b = signature::SignatureBuilder::new(SignatureType::Binary) - .set_signature_creation_time(std::time::SystemTime::now()).unwrap() - .set_issuer_fingerprint(subkey.fingerprint()).unwrap() - .set_issuer(subkey.fingerprint().into()).unwrap(); + b = signature::SignatureBuilder::new(SignatureType::Binary); let sig3 = b.sign_message(&mut sk_signer, msg).unwrap(); let mut fd = File::create("revoked-key-sig-t3-now.sk.pgp").unwrap(); Packet::from(sig3).serialize(&mut fd).unwrap(); diff --git a/sqv/tests/wrong-key-flags.rs b/sqv/tests/wrong-key-flags.rs index 599725d2..222297c5 100644 --- a/sqv/tests/wrong-key-flags.rs +++ b/sqv/tests/wrong-key-flags.rs @@ -51,9 +51,6 @@ mod integration { // _ => unreachable!(), // }; // let mut b = signature::SignatureBuilder::new(SignatureType::Binary); -// b.set_signature_creation_time(time::now()).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); // b.sign_message( // &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), // HashAlgorithm::SHA512, b"Hello, World").unwrap() |