From dd73b3831fb311931c868018ca7ee0b009628cba Mon Sep 17 00:00:00 2001 From: zouxu Date: Tue, 10 Sep 2024 07:11:51 +0800 Subject: [PATCH] update uat --- openpgp/packet/public_key.go | 9 ++++----- openpgp/packet/signature.go | 4 ++-- openpgp/v2/keys.go | 2 +- openpgp/v2/uat.go | 3 --- openpgp/v2/user.go | 2 ++ 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/openpgp/packet/public_key.go b/openpgp/packet/public_key.go index 65c57bf24..3569acc9e 100644 --- a/openpgp/packet/public_key.go +++ b/openpgp/packet/public_key.go @@ -1024,7 +1024,7 @@ func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *Publi if err != nil { return err } - h, err = userAttributeSignatureHash(pkt, pub, h) + err = userAttributeSignatureHash(pkt, pub, h) if err != nil { return err } @@ -1033,15 +1033,14 @@ func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *Publi // userAttributeSignatureHash returns a Hash of the message that needs to be signed // to assert that pk is a valid key for uat. -func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, hashFunc hash.Hash) (h hash.Hash, err error) { - h = hashFunc +func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, h hash.Hash) (err error) { // RFC 4880, section 5.2.4 if err := pk.SerializeSignaturePrefix(h); err != nil { - return nil, err + return err } if err := pk.serializeWithoutHeaders(h); err != nil { - return nil, err + return err } data := uat.data() diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go index fb72e323e..a4fa43732 100644 --- a/openpgp/packet/signature.go +++ b/openpgp/packet/signature.go @@ -1012,11 +1012,11 @@ func (sig *Signature) SignUserAttribute(uat *UserAttribute, pub *PublicKey, priv if err != nil { return err } - h, err := userAttributeSignatureHash(uat, pub, prepareHash) + err = userAttributeSignatureHash(uat, pub, prepareHash) if err != nil { return err } - return sig.Sign(h, priv, config) + return sig.Sign(prepareHash, priv, config) } // SignDirectKeyBinding computes a signature from priv diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go index f00298b60..480587872 100644 --- a/openpgp/v2/keys.go +++ b/openpgp/v2/keys.go @@ -607,7 +607,7 @@ func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign boo } if attr.SelfSignature == nil { - return goerrors.New("openpgp: can't re-sign identity without valid self-signature") + return goerrors.New("openpgp: can't re-sign user attribute without valid self-signature") } err = attr.SelfSignature.SignUserAttribute(userAttribute, e.PrimaryKey, e.PrivateKey, config) if err != nil { diff --git a/openpgp/v2/uat.go b/openpgp/v2/uat.go index b951b7e5d..a29446c99 100644 --- a/openpgp/v2/uat.go +++ b/openpgp/v2/uat.go @@ -45,9 +45,6 @@ func (t *Entity) AddPhotos(jpegBytes [][]byte, config *packet.Config) error { } func addUserAttribute(e *Entity, packets *packet.Reader, pkt *packet.UserAttribute) error { - // Make a new Attribute object, that we might wind up throwing away. - // We'll only add it if we get a valid self-signature over this - // user attribute. uat := new(Attribute) uat.UserAttribute = pkt e.Attributes = append(e.Attributes, uat) diff --git a/openpgp/v2/user.go b/openpgp/v2/user.go index eb863f9bd..c2ccc34b7 100644 --- a/openpgp/v2/user.go +++ b/openpgp/v2/user.go @@ -19,6 +19,8 @@ type Identity struct { Revocations []*packet.VerifiableSignature } +// Attribute represents a user attribute (such as an image) claimed by an +// Entity and zero or more assertions by other entities about that claim. type Attribute struct { UserAttribute *packet.UserAttribute SelfSignature *packet.Signature