update udat

ProtonMail · Sep 11, 2024 · ae4dcdb · ae4dcdb
1 parent 5b05b34
commit ae4dcdb
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 20 deletions.
diff --git a/openpgp/packet/public_key.go b/openpgp/packet/public_key.go
@@ -5,7 +5,6 @@
 package packet
 
 import (
-	"crypto"
 	"crypto/dsa"
 	"crypto/rsa"
 	"crypto/sha1"
@@ -1021,7 +1020,11 @@ func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error) {
 // VerifyUserAttributeSignature returns nil iff sig is a valid signature, made by this
 // public key, that uat is an attribute of pub.
 func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *PublicKey, sig *Signature) (err error) {
-	h, err := userAttributeSignatureHash(pkt, pub, sig.Hash)
+	h, err := sig.PrepareVerify()
+	if err != nil {
+		return err
+	}
+	h, err = userAttributeSignatureHash(pkt, pub, h)
 	if err != nil {
 		return err
 	}
@@ -1030,11 +1033,8 @@ func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *Publi
 
 // userAttributeSignatureHash returns a Hash of the message that needs to be signed
 // to assert that pk is a valid key for uat.
-func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, hashFunc crypto.Hash) (h hash.Hash, err error) {
-	if !hashFunc.Available() {
-		return nil, errors.UnsupportedError("hash function")
-	}
-	h = hashFunc.New()
+func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, hashFunc hash.Hash) (h hash.Hash, err error) {
+	h = hashFunc
 
 	// RFC 4880, section 5.2.4
 	if err := pk.SerializeSignaturePrefix(h); err != nil {

diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go
@@ -1000,37 +1000,41 @@ func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, co
 	return sig.Sign(prepareHash, priv, config)
 }
 
-// SignDirectKeyBinding computes a signature from priv
-// On success, the signature is stored in sig.
-// Call Serialize to write it out.
+// SignUserAttribute computes a signature from priv, asserting that pub has
+// user attribute uat.  On success, the signature is stored in sig. Call
+// Serialize to write it out.
 // If config is nil, sensible defaults will be used.
-func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error {
+func (sig *Signature) SignUserAttribute(uat *UserAttribute, pub *PublicKey, priv *PrivateKey, config *Config) error {
 	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	prepareHash, err := sig.PrepareSign(config)
 	if err != nil {
 		return err
 	}
-	if err := directKeySignatureHash(pub, prepareHash); err != nil {
+	h, err := userAttributeSignatureHash(uat, pub, prepareHash)
+	if err != nil {
 		return err
 	}
-	return sig.Sign(prepareHash, priv, config)
+	return sig.Sign(h, priv, config)
 }
 
-// SignUserAttribute computes a signature from priv, asserting that pub has
-// user attribute uat.  On success, the signature is stored in sig. Call
-// Serialize to write it out.
+// SignDirectKeyBinding computes a signature from priv
+// On success, the signature is stored in sig.
+// Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
-func (sig *Signature) SignUserAttribute(uat *UserAttribute, pub *PublicKey, priv *PrivateKey, config *Config) error {
+func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error {
 	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
-	h, err := userAttributeSignatureHash(uat, pub, sig.Hash)
+	prepareHash, err := sig.PrepareSign(config)
 	if err != nil {
 		return err
 	}
-	return sig.Sign(h, priv, config)
+	if err := directKeySignatureHash(pub, prepareHash); err != nil {
+		return err
+	}
+	return sig.Sign(prepareHash, priv, config)
 }
 
 // CrossSignKey computes a signature from signingKey on pub hashed using hashKey. On success,

diff --git a/openpgp/packet/userattribute.go b/openpgp/packet/userattribute.go
@@ -82,13 +82,15 @@ func newUserAttributePhotoBytes(photos [][]byte) (uat *UserAttribute, err error)
 func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute {
 	return &UserAttribute{Contents: contents}
 }
+
 func (uat *UserAttribute) data() []byte {
 	buf := bytes.NewBuffer(nil)
 	for _, osp := range uat.Contents {
 		osp.Serialize(buf)
 	}
 	return buf.Bytes()
 }
+
 func (uat *UserAttribute) parse(r io.Reader) (err error) {
 	// RFC 4880, section 5.13
 	b, err := io.ReadAll(r)

diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go
@@ -626,7 +626,6 @@ func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign boo
 			}
 		}
 	}
-
 	for _, subkey := range e.Subkeys {
 		if reSign {
 			if err := subkey.ReSign(config); err != nil {
-Original file line number
+Diff line change
@@ Expand Up @@
     			}
     		}
     	}
     	for _, subkey := range e.Subkeys {
     		if reSign {
     			if err := subkey.ReSign(config); err != nil {
@@ Expand Down @@