From 6cacf957896f86c2dfbd5181fc61269697779f17 Mon Sep 17 00:00:00 2001 From: Nora Widdecke Date: Mon, 16 Mar 2020 18:33:17 +0100 Subject: openpgp: Use the signing key's issuer and issuer_fingerprint by default. - Fixes #451. - Add warning for set_issuer and set_issuer_fingerprint. Using them is likely either redundant or a mistake. --- openpgp/src/packet/signature/mod.rs | 35 ++++++++++++++++++++++++++++++- openpgp/src/packet/signature/subpacket.rs | 6 ++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 7aa1cd54..38aa214a 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -48,6 +48,14 @@ pub mod subpacket; /// [`sign_standalone`]: #method.sign_standalone /// [`sign_timestamp`]: #method.sign_timestamp /// +/// By default, these functions add references to the signing key by adding +/// Issuer and Issuer Fingerprint subpackets in the unhashed subpacket area. +/// To override, use [`set_issuer`] and [`set_issuer_fingerprint`]. +/// Caution: this likely makes the signature unverifiable. +/// +/// [`set_issuer`]: #method.set_issuer +/// [`set_issuer_fingerprint`]: #method.set_issuer_fingerprint +/// /// Signatures must always include a creation time. We automatically /// insert a creation time subpacket with the current time into the /// hashed subpacket area. To override the creation time, use @@ -134,6 +142,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_standalone(mut self, signer: &mut dyn Signer) -> Result { @@ -147,6 +157,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_timestamp(mut self, signer: &mut dyn Signer) -> Result { @@ -160,6 +172,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_direct_key(mut self, signer: &mut dyn Signer) -> Result { @@ -177,6 +191,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_userid_binding

(mut self, signer: &mut dyn Signer, key: &Key, userid: &UserID) @@ -194,6 +210,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_subkey_binding(mut self, signer: &mut dyn Signer, primary: &Key, subkey: &Key) @@ -213,6 +231,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `subkey_signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `subkey_signer`. pub fn sign_primary_key_binding(mut self, subkey_signer: &mut dyn Signer, primary: &Key, @@ -233,6 +253,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_user_attribute_binding

(mut self, signer: &mut dyn Signer, key: &Key, ua: &UserAttribute) @@ -251,6 +273,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_hash(mut self, signer: &mut dyn Signer, mut hash: hash::Context) -> Result @@ -272,6 +296,8 @@ impl Builder { /// /// The Signature's public-key algorithm field is set to the /// algorithm used by `signer`. + /// If not set before, Issuer and Issuer Fingerprint subpackets are added + /// pointing to `signer`. pub fn sign_message(mut self, signer: &mut dyn Signer, msg: M) -> Result where M: AsRef<[u8]> @@ -298,9 +324,16 @@ impl Builder { let algo = self.hash_algo; let mpis = signer.sign(algo, &digest)?; + let mut fields = self; + + if fields.issuer().is_none() && fields.issuer_fingerprint().is_none() { + fields = fields.set_issuer(signer.public().keyid())? + .set_issuer_fingerprint(signer.public().fingerprint())?; + } + Ok(Signature4 { common: Default::default(), - fields: self, + fields: fields, digest_prefix: [digest[0], digest[1]], mpis: mpis, computed_digest: Some(digest), diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index 84e53ab5..5fc0ccde 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2064,6 +2064,9 @@ impl signature::Builder { /// Sets the value of the Issuer subpacket, which contains the /// KeyID of the key that allegedly created this signature. + /// + /// Caution: By default, the issuer is set correctly when creating + /// the signature. Only use this function to override it. pub fn set_issuer(mut self, id: KeyID) -> Result { self.unhashed_area.replace(Subpacket::new( SubpacketValue::Issuer(id), @@ -2294,6 +2297,9 @@ impl signature::Builder { /// Sets the value of the Issuer Fingerprint subpacket, which /// contains the fingerprint of the key that allegedly created /// this signature. + /// + /// Caution: By default, the issuer fingerprint is set correctly when + /// creating the signature. Only use this function to override it. pub fn set_issuer_fingerprint(mut self, fp: Fingerprint) -> Result { self.unhashed_area.replace(Subpacket::new( SubpacketValue::IssuerFingerprint(fp), -- cgit v1.2.3