1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-25 04:17:59 +01:00

Add methods to control direct-key sigs and add unfinished test for primaryUserId test

This commit is contained in:
Paul Schaub 2024-02-03 13:16:37 +01:00
parent fa9b07d2ce
commit f08981b78c
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 52 additions and 1 deletions

View file

@ -103,6 +103,7 @@ open class GenerateOpenPgpKey(
private val primaryKey = private val primaryKey =
OpenPgpComponentKeyBuilder.V4PrimaryKeyBuilder(primaryKeyType, referenceTime, policy) OpenPgpComponentKeyBuilder.V4PrimaryKeyBuilder(primaryKeyType, referenceTime, policy)
private val subkeys = mutableListOf<OpenPgpComponentKeyBuilder.V4SubkeyBuilder>() private val subkeys = mutableListOf<OpenPgpComponentKeyBuilder.V4SubkeyBuilder>()
private var addDirectKeySignature = true
private val preferencesCallback = private val preferencesCallback =
SelfSignatureSubpackets.applyHashed { SelfSignatureSubpackets.applyHashed {
@ -113,6 +114,16 @@ open class GenerateOpenPgpKey(
primaryFlags?.let { setKeyFlags(*it.toTypedArray()) } primaryFlags?.let { setKeyFlags(*it.toTypedArray()) }
} }
fun directKeySignature(
subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()
) = apply {
addDirectKeySignature = false
primaryKey.directKeySignature(
subpacketsCallback = preferencesCallback.then(subpacketsCallback))
}
fun noDirectKeySignature() = apply { addDirectKeySignature = false }
/** /**
* Add a user-id to the key. The subpackets of the binding signature are prepopulated, * Add a user-id to the key. The subpackets of the binding signature are prepopulated,
* setting algorithm preferences and features. However, the subpackets can still be modified * setting algorithm preferences and features. However, the subpackets can still be modified
@ -259,7 +270,9 @@ open class GenerateOpenPgpKey(
): PGPSecretKeyRing { ): PGPSecretKeyRing {
// add a direct key sig with preferences // add a direct key sig with preferences
primaryKey.directKeySignature(subpacketsCallback = preferencesCallback) if (addDirectKeySignature) {
primaryKey.directKeySignature(subpacketsCallback = preferencesCallback)
}
return PGPSecretKeyRing( return PGPSecretKeyRing(
mutableListOf( mutableListOf(

View file

@ -7,10 +7,14 @@ package org.pgpainless.key.generation
import org.bouncycastle.bcpg.sig.Exportable import org.bouncycastle.bcpg.sig.Exportable
import org.bouncycastle.bcpg.sig.PrimaryUserID import org.bouncycastle.bcpg.sig.PrimaryUserID
import org.bouncycastle.bcpg.sig.Revocable import org.bouncycastle.bcpg.sig.Revocable
import org.bouncycastle.extensions.toAsciiArmor
import org.junit.jupiter.api.Test import org.junit.jupiter.api.Test
import org.pgpainless.PGPainless import org.pgpainless.PGPainless
import org.pgpainless.algorithm.HashAlgorithm
import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.key.generation.type.KeyType import org.pgpainless.key.generation.type.KeyType
import org.pgpainless.key.generation.type.eddsa.EdDSACurve import org.pgpainless.key.generation.type.eddsa.EdDSACurve
import org.pgpainless.key.generation.type.xdh.XDHSpec
import org.pgpainless.policy.Policy import org.pgpainless.policy.Policy
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
@ -70,4 +74,38 @@ class MalformedKeyGenerationTest {
PGPainless.readKeyRing().secretKeyRing(key.encoded)!! PGPainless.readKeyRing().secretKeyRing(key.encoded)!!
// TODO: Check interpretation of faulty packet // TODO: Check interpretation of faulty packet
} }
@Test
fun primaryUserIdOnDirectKeySig() {
val policy = Policy.getInstance()
val key =
GenerateOpenPgpKey(policy)
.buildV4Key(
KeyType.EDDSA(EdDSACurve._Ed25519),
listOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.directKeySignature(
SelfSignatureSubpackets.applyHashed {
setPrimaryUserId()
setPreferredHashAlgorithms(HashAlgorithm.SHA224)
})
.addUserId(
"Alice <alice@pgpainless.org>",
SelfSignatureSubpackets.applyHashed {
setPrimaryUserId(null)
setPreferredHashAlgorithms(HashAlgorithm.SHA256)
})
.addUserId(
"Bob <bob@pgpainless.org>",
SelfSignatureSubpackets.applyHashed {
setPrimaryUserId()
setPreferredHashAlgorithms(HashAlgorithm.SHA384)
})
.addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519))
.build()
println(key.toAsciiArmor())
// TODO: Test, which hash algo is used when we encrypt+sign a message for this key.
// Correct would be SHA384, since this is the primary user-id.
// PrimaryUserID packets on the DK sig shall be ignored.
}
} }