Refactor pgp_revoke_t to rnp::Revocation.

rnpgp · Feb 25, 2025 · 816c5b3 · 816c5b3
1 parent cb6409c
commit 816c5b3
Show file tree

Hide file tree

Showing 6 changed files with 97 additions and 98 deletions.
diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp
@@ -100,15 +100,6 @@ pgp_decrypt_seckey(const pgp_key_t &              key,
     }
 }
 
-static const id_str_pair ss_rr_code_map[] = {
-  {PGP_REVOCATION_NO_REASON, "No reason specified"},
-  {PGP_REVOCATION_SUPERSEDED, "Key is superseded"},
-  {PGP_REVOCATION_COMPROMISED, "Key material has been compromised"},
-  {PGP_REVOCATION_RETIRED, "Key is retired and no longer used"},
-  {PGP_REVOCATION_NO_LONGER_VALID, "User ID information is no longer valid"},
-  {0x00, NULL},
-};
-
 pgp_key_flags_t
 pgp_pk_alg_capabilities(pgp_pubkey_alg_t alg)
 {
@@ -557,22 +548,6 @@ pgp_userid_t::clear_sigs()
     sigs_.clear();
 }
 
-pgp_revoke_t::pgp_revoke_t(rnp::Signature &sig)
-{
-    uid = sig.uid;
-    sigid = sig.sigid;
-    if (!sig.sig.has_subpkt(PGP_SIG_SUBPKT_REVOCATION_REASON)) {
-        RNP_LOG("Warning: no revocation reason in the revocation");
-        code = PGP_REVOCATION_NO_REASON;
-    } else {
-        code = sig.sig.revocation_code();
-        reason = sig.sig.revocation_reason();
-    }
-    if (reason.empty()) {
-        reason = id_str_pair::lookup(ss_rr_code_map, code);
-    }
-}
-
 pgp_key_t::pgp_key_t(const pgp_key_pkt_t &keypkt) : pkt_(keypkt)
 {
     if (!is_key_pkt(pkt_.tag) || !pkt_.material->alg()) {
@@ -966,7 +941,7 @@ pgp_key_t::revoked() const
     return revoked_;
 }
 
-const pgp_revoke_t &
+const rnp::Revocation &
 pgp_key_t::revocation() const
 {
     if (!revoked_) {
@@ -2354,15 +2329,15 @@ pgp_key_t::sign_binding(const pgp_key_pkt_t & key,
 }
 
 void
-pgp_key_t::gen_revocation(const pgp_revoke_t &  revoke,
-                          pgp_hash_alg_t        hash,
-                          const pgp_key_pkt_t & key,
-                          pgp_signature_t &     sig,
-                          rnp::SecurityContext &ctx)
+pgp_key_t::gen_revocation(const rnp::Revocation &rev,
+                          pgp_hash_alg_t         hash,
+                          const pgp_key_pkt_t &  key,
+                          pgp_signature_t &      sig,
+                          rnp::SecurityContext & ctx)
 {
     sign_init(ctx.rng, sig, hash, ctx.time(), key.version);
     sig.set_type(is_primary_key_pkt(key.tag) ? PGP_SIG_REV_KEY : PGP_SIG_REV_SUBKEY);
-    sig.set_revocation_reason(revoke.code, revoke.reason);
+    sig.set_revocation_reason(rev.code, rev.reason);
 
     if (is_primary_key_pkt(key.tag)) {
         sign_direct(key, sig, ctx);
@@ -2527,7 +2502,7 @@ pgp_key_t::refresh_revocations()
                 continue;
             }
             revoked_ = true;
-            revocation_ = pgp_revoke_t(sig);
+            revocation_ = rnp::Revocation(sig);
             continue;
         }
         if (is_uid_revocation(sig)) {
@@ -2540,7 +2515,7 @@ pgp_key_t::refresh_revocations()
                 continue;
             }
             uid.revoked = true;
-            uid.revocation = pgp_revoke_t(sig);
+            uid.revocation = rnp::Revocation(sig);
         }
     }
 }
@@ -2656,7 +2631,7 @@ pgp_key_t::refresh_data(pgp_key_t *primary, const rnp::SecurityContext &ctx)
         }
         revoked_ = true;
         try {
-            revocation_ = pgp_revoke_t(sig);
+            revocation_ = rnp::Revocation(sig);
         } catch (const std::exception &e) {
             RNP_LOG("%s", e.what());
             return false;

diff --git a/src/lib/pgp-key.h b/src/lib/pgp-key.h
@@ -53,9 +53,9 @@ typedef struct pgp_userid_t {
     pgp_userid_pkt_t pkt{};    /* User ID or User Attribute packet as it was loaded */
     rnp::RawPacket   rawpkt{}; /* Raw packet contents */
     std::string      str{};    /* Human-readable representation of the userid */
-    bool         valid{}; /* User ID is valid, i.e. has valid, non-expired self-signature */
-    bool         revoked{};
-    pgp_revoke_t revocation{};
+    bool            valid{}; /* User ID is valid, i.e. has valid, non-expired self-signature */
+    bool            revoked{};
+    rnp::Revocation revocation;
 
     pgp_userid_t(const pgp_userid_pkt_t &pkt);
 
@@ -92,12 +92,12 @@ struct pgp_key_t {
     pgp_fingerprint_t         primary_fp_{}; /* fingerprint of the primary key (for subkeys) */
     bool                      primary_fp_set_{};
     std::vector<pgp_fingerprint_t>
-                   subkey_fps_{}; /* array of subkey fingerprints (for primary keys) */
-    rnp::RawPacket rawpkt_;       /* key raw packet */
-    uint32_t       uid0_{};       /* primary uid index in uids array */
-    bool           uid0_set_{};   /* flag for the above */
-    bool           revoked_{};    /* key has been revoked */
-    pgp_revoke_t   revocation_{}; /* revocation reason */
+                    subkey_fps_{}; /* array of subkey fingerprints (for primary keys) */
+    rnp::RawPacket  rawpkt_;       /* key raw packet */
+    uint32_t        uid0_{};       /* primary uid index in uids array */
+    bool            uid0_set_{};   /* flag for the above */
+    bool            revoked_{};    /* key has been revoked */
+    rnp::Revocation revocation_;   /* revocation reason */
     std::vector<pgp_fingerprint_t> revokers_{};
     pgp_validity_t                 validity_{};   /* key's validity */
     uint64_t                       valid_till_{}; /* date till which key is/was valid */
@@ -123,36 +123,36 @@ struct pgp_key_t {
     pgp_key_t &operator=(const pgp_key_t &) = default;
     pgp_key_t &operator=(pgp_key_t &&) = default;
 
-    size_t                sig_count() const;
-    rnp::Signature &      get_sig(size_t idx);
-    const rnp::Signature &get_sig(size_t idx) const;
-    bool                  has_sig(const pgp_sig_id_t &id) const;
-    rnp::Signature &      replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig);
-    rnp::Signature &      get_sig(const pgp_sig_id_t &id);
-    const rnp::Signature &get_sig(const pgp_sig_id_t &id) const;
-    rnp::Signature &      add_sig(const pgp_signature_t &sig,
-                                  size_t                 uid = PGP_UID_NONE,
-                                  bool                   begin = false);
-    bool                  del_sig(const pgp_sig_id_t &sigid);
-    size_t                del_sigs(const std::vector<pgp_sig_id_t> &sigs);
-    size_t                keysig_count() const;
-    rnp::Signature &      get_keysig(size_t idx);
-    size_t                uid_count() const;
-    pgp_userid_t &        get_uid(size_t idx);
-    const pgp_userid_t &  get_uid(size_t idx) const;
-    size_t                get_uid_idx(const pgp_userid_pkt_t &uid) const;
-    pgp_userid_t &        add_uid(const pgp_transferable_userid_t &uid);
-    bool                  has_uid(const std::string &uid) const;
-    uint32_t              uid_idx(const pgp_userid_pkt_t &uid) const;
-    void                  del_uid(size_t idx);
-    bool                  has_primary_uid() const;
-    uint32_t              get_primary_uid() const;
-    bool                  revoked() const;
-    const pgp_revoke_t &  revocation() const;
-    void                  clear_revokes();
-    void                  add_revoker(const pgp_fingerprint_t &revoker);
-    bool                  has_revoker(const pgp_fingerprint_t &revoker) const;
-    size_t                revoker_count() const;
+    size_t                 sig_count() const;
+    rnp::Signature &       get_sig(size_t idx);
+    const rnp::Signature & get_sig(size_t idx) const;
+    bool                   has_sig(const pgp_sig_id_t &id) const;
+    rnp::Signature &       replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig);
+    rnp::Signature &       get_sig(const pgp_sig_id_t &id);
+    const rnp::Signature & get_sig(const pgp_sig_id_t &id) const;
+    rnp::Signature &       add_sig(const pgp_signature_t &sig,
+                                   size_t                 uid = PGP_UID_NONE,
+                                   bool                   begin = false);
+    bool                   del_sig(const pgp_sig_id_t &sigid);
+    size_t                 del_sigs(const std::vector<pgp_sig_id_t> &sigs);
+    size_t                 keysig_count() const;
+    rnp::Signature &       get_keysig(size_t idx);
+    size_t                 uid_count() const;
+    pgp_userid_t &         get_uid(size_t idx);
+    const pgp_userid_t &   get_uid(size_t idx) const;
+    size_t                 get_uid_idx(const pgp_userid_pkt_t &uid) const;
+    pgp_userid_t &         add_uid(const pgp_transferable_userid_t &uid);
+    bool                   has_uid(const std::string &uid) const;
+    uint32_t               uid_idx(const pgp_userid_pkt_t &uid) const;
+    void                   del_uid(size_t idx);
+    bool                   has_primary_uid() const;
+    uint32_t               get_primary_uid() const;
+    bool                   revoked() const;
+    const rnp::Revocation &revocation() const;
+    void                   clear_revokes();
+    void                   add_revoker(const pgp_fingerprint_t &revoker);
+    bool                   has_revoker(const pgp_fingerprint_t &revoker) const;
+    size_t                 revoker_count() const;
     const pgp_fingerprint_t &get_revoker(size_t idx) const;
 
     const pgp_key_pkt_t &   pkt() const noexcept;
@@ -505,11 +505,11 @@ struct pgp_key_t {
      * @param key key or subkey packet to revoke.
      * @param sig object to store revocation signature. Will be populated in method call.
      */
-    void gen_revocation(const pgp_revoke_t &  revoke,
-                        pgp_hash_alg_t        hash,
-                        const pgp_key_pkt_t & key,
-                        pgp_signature_t &     sig,
-                        rnp::SecurityContext &ctx);
+    void gen_revocation(const rnp::Revocation &rev,
+                        pgp_hash_alg_t         hash,
+                        const pgp_key_pkt_t &  key,
+                        pgp_signature_t &      sig,
+                        rnp::SecurityContext & ctx);
 
 #if defined(ENABLE_CRYPTO_REFRESH)
     /**

diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp
@@ -4003,10 +4003,10 @@ rnp_key_get_revoker(rnp_key_handle_t key)
 }
 
 static bool
-fill_revocation_reason(rnp_ffi_t     ffi,
-                       pgp_revoke_t &revinfo,
-                       const char *  code,
-                       const char *  reason)
+fill_revocation_reason(rnp_ffi_t        ffi,
+                       rnp::Revocation &revinfo,
+                       const char *     code,
+                       const char *     reason)
 {
     revinfo = {};
     if (code && !str_to_revocation_type(code, &revinfo.code)) {
@@ -4040,7 +4040,7 @@ rnp_key_get_revocation(rnp_ffi_t        ffi,
         FFI_LOG(ffi, "Unknown hash algorithm: %s", hash);
         return RNP_ERROR_BAD_PARAMETERS;
     }
-    pgp_revoke_t revinfo = {};
+    rnp::Revocation revinfo;
     if (!fill_revocation_reason(ffi, revinfo, code, reason)) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
@@ -6250,11 +6250,11 @@ try {
     if (!sig) {
         return RNP_ERROR_NULL_POINTER;
     }
-    pgp_revoke_t revinfo = {};
-    if (!fill_revocation_reason(sig->ffi, revinfo, code, reason)) {
+    rnp::Revocation rev;
+    if (!fill_revocation_reason(sig->ffi, rev, code, reason)) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
-    sig->sig->sig.set_revocation_reason(revinfo.code, revinfo.reason);
+    sig->sig->sig.set_revocation_reason(rev.code, rev.reason);
     return RNP_SUCCESS;
 }
 FFI_GUARD

diff --git a/src/lib/signature.cpp b/src/lib/signature.cpp
@@ -70,4 +70,28 @@ Signature::expired(uint64_t at) const
     }
     return expiration + sig.creation() < at;
 }
+
+static const id_str_pair revocation_code_map[] = {
+  {PGP_REVOCATION_NO_REASON, "No reason specified"},
+  {PGP_REVOCATION_SUPERSEDED, "Key is superseded"},
+  {PGP_REVOCATION_COMPROMISED, "Key material has been compromised"},
+  {PGP_REVOCATION_RETIRED, "Key is retired and no longer used"},
+  {PGP_REVOCATION_NO_LONGER_VALID, "User ID information is no longer valid"},
+  {0x00, NULL},
+};
+
+Revocation::Revocation(rnp::Signature &sig) : uid(sig.uid), sigid(sig.sigid)
+{
+    if (!sig.sig.has_subpkt(PGP_SIG_SUBPKT_REVOCATION_REASON)) {
+        RNP_LOG("Warning: no revocation reason in the revocation");
+        code = PGP_REVOCATION_NO_REASON;
+    } else {
+        code = sig.sig.revocation_code();
+        reason = sig.sig.revocation_reason();
+    }
+    if (reason.empty()) {
+        reason = id_str_pair::lookup(revocation_code_map, code);
+    }
+}
+
 } // namespace rnp
diff --git a/src/lib/signature.hpp b/src/lib/signature.hpp
@@ -130,6 +130,17 @@ class Signature {
     bool expired(uint64_t at) const;
 };
 
+class Revocation {
+  public:
+    uint32_t              uid;    /* index in uid array */
+    pgp_revocation_type_t code;   /* revocation code */
+    std::string           reason; /* revocation reason */
+    pgp_sig_id_t          sigid;  /* id of the corresponding subsig */
+
+    Revocation() : uid(0), code(PGP_REVOCATION_NO_REASON), sigid(){};
+    Revocation(Signature &sig);
+};
+
 } // namespace rnp
 
 #endif
diff --git a/src/lib/types.h b/src/lib/types.h
@@ -242,17 +242,6 @@ namespace rnp {
 class Signature;
 }
 
-/* user revocation info */
-typedef struct pgp_revoke_t {
-    uint32_t              uid{};   /* index in uid array */
-    pgp_revocation_type_t code{};  /* revocation code */
-    std::string           reason;  /* revocation reason */
-    pgp_sig_id_t          sigid{}; /* id of the corresponding subsig */
-
-    pgp_revoke_t() = default;
-    pgp_revoke_t(rnp::Signature &sig);
-} pgp_revoke_t;
-
 typedef struct rnp_key_protection_params_t {
     pgp_symm_alg_t    symm_alg;
     pgp_cipher_mode_t cipher_mode;