From 3ec712cfac2edff0928b182d3f3cf910f82afe0e Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 2 Mar 2021 14:53:27 +0100 Subject: Revert "sq: Make it build with sequoia-openpgp 1.0.0." This reverts commit 6e555106da58e943a7f2a3091c89c282232fc968. --- sq/src/commands/key.rs | 105 ++++++++--------------------------------------- sq/src/sq.rs | 5 --- sq/tests/sq-certify.rs | 6 +-- sq/tests/sq-key-adopt.rs | 5 +-- 4 files changed, 19 insertions(+), 102 deletions(-) (limited to 'sq') diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs index b48bffd3..9a619ab8 100644 --- a/sq/src/commands/key.rs +++ b/sq/src/commands/key.rs @@ -228,8 +228,8 @@ fn adopt(config: Config, m: &ArgMatches) -> Result<()> { // Gather the Key IDs / Fingerprints and make sure they are valid. for id in m.values_of("key").unwrap_or_default() { - let h = keyhandle_from_str(&id)?; - if keyhandle_is_invalid(&h) { + let h = id.parse::()?; + if h.is_invalid() { return Err(anyhow::anyhow!( "Invalid Fingerprint or KeyID ('{:?}')", id)); } @@ -317,7 +317,7 @@ fn adopt(config: Config, m: &ArgMatches) -> Result<()> { if missing.len() > 0 { return Err(anyhow::anyhow!( "Keys not found: {}", - missing.iter().map(|&h| format!("{:X}", h)).join(", "))); + missing.iter().map(|&h| h.to_hex()).join(", "))); } @@ -384,11 +384,12 @@ fn adopt(config: Config, m: &ArgMatches) -> Result<()> { let cert = cert.clone().insert_packets(packets.clone())?; - let mut message = config.create_or_stdout_pgp( - m.value_of("output"), - m.is_present("binary"), sequoia_openpgp::armor::Kind::SecretKey)?; - cert.as_tsk().serialize(&mut message)?; - message.finalize()?; + let mut sink = config.create_or_stdout_safe(m.value_of("output"))?; + if m.is_present("binary") { + cert.as_tsk().serialize(&mut sink)?; + } else { + cert.as_tsk().armored().serialize(&mut sink)?; + } let vc = cert.with_policy(&config.policy, None).expect("still valid"); for pair in packets[..].chunks(2) { @@ -476,7 +477,7 @@ fn attest_certifications(config: Config, m: &ArgMatches) if all { for certification in uid.certifications() { let mut h = hash_algo.context()?; - hash_for_confirmation(certification, &mut h); + certification.hash_for_confirmation(&mut h); attestations.push(h.into_digest()?); } } @@ -519,7 +520,7 @@ fn attest_certifications(config: Config, m: &ArgMatches) if all { for certification in ua.certifications() { let mut h = hash_algo.context()?; - hash_for_confirmation(certification, &mut h); + certification.hash_for_confirmation(&mut h); attestations.push(h.into_digest()?); } } @@ -559,84 +560,12 @@ fn attest_certifications(config: Config, m: &ArgMatches) // Finally, add the new signatures. let key = key.insert_packets(attestation_signatures)?; - let mut message = config.create_or_stdout_pgp( - m.value_of("output"), m.is_present("binary"), - sequoia_openpgp::armor::Kind::SecretKey)?; - key.as_tsk().serialize(&mut message)?; - message.finalize()?; - Ok(()) -} - -// XXX: The following functions are backports from sequoia-openpgp -// 1.1. Remove them by reverting the commit that introduced them once -// sequoia-sq depends on a newer version of sequoia-openpgp. - -fn keyhandle_from_str(s: &str) -> Result { - use sequoia_openpgp::{Fingerprint, KeyID}; - let bytes = &sequoia_openpgp::fmt::hex::decode_pretty(s)?[..]; - match Fingerprint::from_bytes(bytes) { - fpr @ Fingerprint::Invalid(_) => { - match KeyID::from_bytes(bytes) { - // If it can't be parsed as either a Fingerprint or a - // KeyID, return Fingerprint::Invalid. - KeyID::Invalid(_) => Ok(fpr.into()), - kid => Ok(kid.into()), - } - } - fpr => Ok(fpr.into()), - } -} - -fn keyhandle_is_invalid(h: &KeyHandle) -> bool { - use sequoia_openpgp::{Fingerprint, KeyID}; - match h { - KeyHandle::Fingerprint(Fingerprint::Invalid(_)) => true, - KeyHandle::KeyID(KeyID::Invalid(_)) => true, - _ => false, + let mut sink = config.create_or_stdout_safe(m.value_of("output"))?; + if m.is_present("binary") { + key.as_tsk().serialize(&mut sink)?; + } else { + key.as_tsk().armored().serialize(&mut sink)?; } -} -/// Hashes this signature for use in a Third-Party Confirmation -/// signature. -use sequoia_openpgp::{crypto::hash::Digest, packet::Signature}; -pub fn hash_for_confirmation(sig: &Signature, hash: &mut dyn Digest) { - use sequoia_openpgp::serialize::{Marshal, MarshalInto}; - // Section 5.2.4 of RFC4880: - // - // > When a signature is made over a Signature packet (type - // > 0x50), the hash data starts with the octet 0x88, followed - // > by the four-octet length of the signature, and then the - // > body of the Signature packet. (Note that this is an - // > old-style packet header for a Signature packet with the - // > length-of-length set to zero.) The unhashed subpacket - // > data of the Signature packet being hashed is not included - // > in the hash, and the unhashed subpacket data length value - // > is set to zero. - - // This code assumes that the signature has been verified - // prior to being confirmed, so it is well-formed. - let mut body = Vec::new(); - body.push(sig.version()); - body.push(sig.typ().into()); - body.push(sig.pk_algo().into()); - body.push(sig.hash_algo().into()); - - // The hashed area. - let l = sig.hashed_area().serialized_len() - // Assumes well-formedness. - .min(std::u16::MAX as usize); - body.extend(&(l as u16).to_be_bytes()); - // Assumes well-formedness. - let _ = sig.hashed_area().serialize(&mut body); - - // The unhashed area. - body.extend(&[0, 0]); // Size replaced by zero. - // Unhashed packets omitted. - - body.extend(sig.digest_prefix()); - let _ = sig.mpis().serialize(&mut body); - - hash.update(&[0x88]); - hash.update(&(body.len() as u32).to_be_bytes()); - hash.update(&body); + Ok(()) } diff --git a/sq/src/sq.rs b/sq/src/sq.rs index 55995c34..e2bdc42c 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -391,11 +391,6 @@ impl Config<'_> { fn main() -> Result<()> { let policy = &mut P::new(); - // XXX: Compat with sequoia-openpgp 1.0.0: - use openpgp::packet::signature::subpacket::SubpacketTag; - policy.accept_critical_subpacket(SubpacketTag::TrustSignature); - policy.accept_critical_subpacket(SubpacketTag::RegularExpression); - let matches = sq_cli::build().get_matches(); let known_notations: Vec<&str> = matches.values_of("known-notation") diff --git a/sq/tests/sq-certify.rs b/sq/tests/sq-certify.rs index ad50662f..4fddb136 100644 --- a/sq/tests/sq-certify.rs +++ b/sq/tests/sq-certify.rs @@ -124,11 +124,7 @@ fn sq_certify() -> Result<()> { "--expires-in", "1d", ]) .stdout().satisfies(|output| { - let p = &mut StandardPolicy::new(); - // XXX: Compat with sequoia-openpgp 1.0.0: - use openpgp::packet::signature::subpacket::SubpacketTag; - p.accept_critical_subpacket(SubpacketTag::TrustSignature); - p.accept_critical_subpacket(SubpacketTag::RegularExpression); + let p = &StandardPolicy::new(); let cert = Cert::from_bytes(output).unwrap(); let vc = cert.with_policy(p, None).unwrap(); diff --git a/sq/tests/sq-key-adopt.rs b/sq/tests/sq-key-adopt.rs index 0bebe2a4..5bb40f32 100644 --- a/sq/tests/sq-key-adopt.rs +++ b/sq/tests/sq-key-adopt.rs @@ -255,10 +255,7 @@ mod integration { Ok(()) } - // XXX: Compat with sequoia-openpgp 1.0.0, which just doesn't - // handle this correctly. However, this case is a bit bonkers, so - // we'll just ignore it for now. - #[allow(dead_code)] + #[test] fn adopt_own_primary() -> Result<()> { // Adopt own primary key. Assert::cargo_binary("sq").with_args(&[ -- cgit v1.2.3