From 816c5b3b51da7eae8b82e4326b745b72ddc5c01c Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Tue, 25 Feb 2025 16:19:26 +0200 Subject: [PATCH] Refactor pgp_revoke_t to rnp::Revocation. --- src/lib/pgp-key.cpp | 45 +++++----------------- src/lib/pgp-key.h | 88 +++++++++++++++++++++---------------------- src/lib/rnp.cpp | 16 ++++---- src/lib/signature.cpp | 24 ++++++++++++ src/lib/signature.hpp | 11 ++++++ src/lib/types.h | 11 ------ 6 files changed, 97 insertions(+), 98 deletions(-) diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp index e945177c0..b981bf605 100644 --- a/src/lib/pgp-key.cpp +++ b/src/lib/pgp-key.cpp @@ -100,15 +100,6 @@ pgp_decrypt_seckey(const pgp_key_t & key, } } -static const id_str_pair ss_rr_code_map[] = { - {PGP_REVOCATION_NO_REASON, "No reason specified"}, - {PGP_REVOCATION_SUPERSEDED, "Key is superseded"}, - {PGP_REVOCATION_COMPROMISED, "Key material has been compromised"}, - {PGP_REVOCATION_RETIRED, "Key is retired and no longer used"}, - {PGP_REVOCATION_NO_LONGER_VALID, "User ID information is no longer valid"}, - {0x00, NULL}, -}; - pgp_key_flags_t pgp_pk_alg_capabilities(pgp_pubkey_alg_t alg) { @@ -557,22 +548,6 @@ pgp_userid_t::clear_sigs() sigs_.clear(); } -pgp_revoke_t::pgp_revoke_t(rnp::Signature &sig) -{ - uid = sig.uid; - sigid = sig.sigid; - if (!sig.sig.has_subpkt(PGP_SIG_SUBPKT_REVOCATION_REASON)) { - RNP_LOG("Warning: no revocation reason in the revocation"); - code = PGP_REVOCATION_NO_REASON; - } else { - code = sig.sig.revocation_code(); - reason = sig.sig.revocation_reason(); - } - if (reason.empty()) { - reason = id_str_pair::lookup(ss_rr_code_map, code); - } -} - pgp_key_t::pgp_key_t(const pgp_key_pkt_t &keypkt) : pkt_(keypkt) { if (!is_key_pkt(pkt_.tag) || !pkt_.material->alg()) { @@ -966,7 +941,7 @@ pgp_key_t::revoked() const return revoked_; } -const pgp_revoke_t & +const rnp::Revocation & pgp_key_t::revocation() const { if (!revoked_) { @@ -2354,15 +2329,15 @@ pgp_key_t::sign_binding(const pgp_key_pkt_t & key, } void -pgp_key_t::gen_revocation(const pgp_revoke_t & revoke, - pgp_hash_alg_t hash, - const pgp_key_pkt_t & key, - pgp_signature_t & sig, - rnp::SecurityContext &ctx) +pgp_key_t::gen_revocation(const rnp::Revocation &rev, + pgp_hash_alg_t hash, + const pgp_key_pkt_t & key, + pgp_signature_t & sig, + rnp::SecurityContext & ctx) { sign_init(ctx.rng, sig, hash, ctx.time(), key.version); sig.set_type(is_primary_key_pkt(key.tag) ? PGP_SIG_REV_KEY : PGP_SIG_REV_SUBKEY); - sig.set_revocation_reason(revoke.code, revoke.reason); + sig.set_revocation_reason(rev.code, rev.reason); if (is_primary_key_pkt(key.tag)) { sign_direct(key, sig, ctx); @@ -2527,7 +2502,7 @@ pgp_key_t::refresh_revocations() continue; } revoked_ = true; - revocation_ = pgp_revoke_t(sig); + revocation_ = rnp::Revocation(sig); continue; } if (is_uid_revocation(sig)) { @@ -2540,7 +2515,7 @@ pgp_key_t::refresh_revocations() continue; } uid.revoked = true; - uid.revocation = pgp_revoke_t(sig); + uid.revocation = rnp::Revocation(sig); } } } @@ -2656,7 +2631,7 @@ pgp_key_t::refresh_data(pgp_key_t *primary, const rnp::SecurityContext &ctx) } revoked_ = true; try { - revocation_ = pgp_revoke_t(sig); + revocation_ = rnp::Revocation(sig); } catch (const std::exception &e) { RNP_LOG("%s", e.what()); return false; diff --git a/src/lib/pgp-key.h b/src/lib/pgp-key.h index 4738a4bd1..d1ca2ea2f 100644 --- a/src/lib/pgp-key.h +++ b/src/lib/pgp-key.h @@ -53,9 +53,9 @@ typedef struct pgp_userid_t { pgp_userid_pkt_t pkt{}; /* User ID or User Attribute packet as it was loaded */ rnp::RawPacket rawpkt{}; /* Raw packet contents */ std::string str{}; /* Human-readable representation of the userid */ - bool valid{}; /* User ID is valid, i.e. has valid, non-expired self-signature */ - bool revoked{}; - pgp_revoke_t revocation{}; + bool valid{}; /* User ID is valid, i.e. has valid, non-expired self-signature */ + bool revoked{}; + rnp::Revocation revocation; pgp_userid_t(const pgp_userid_pkt_t &pkt); @@ -92,12 +92,12 @@ struct pgp_key_t { pgp_fingerprint_t primary_fp_{}; /* fingerprint of the primary key (for subkeys) */ bool primary_fp_set_{}; std::vector - subkey_fps_{}; /* array of subkey fingerprints (for primary keys) */ - rnp::RawPacket rawpkt_; /* key raw packet */ - uint32_t uid0_{}; /* primary uid index in uids array */ - bool uid0_set_{}; /* flag for the above */ - bool revoked_{}; /* key has been revoked */ - pgp_revoke_t revocation_{}; /* revocation reason */ + subkey_fps_{}; /* array of subkey fingerprints (for primary keys) */ + rnp::RawPacket rawpkt_; /* key raw packet */ + uint32_t uid0_{}; /* primary uid index in uids array */ + bool uid0_set_{}; /* flag for the above */ + bool revoked_{}; /* key has been revoked */ + rnp::Revocation revocation_; /* revocation reason */ std::vector revokers_{}; pgp_validity_t validity_{}; /* key's validity */ uint64_t valid_till_{}; /* date till which key is/was valid */ @@ -123,36 +123,36 @@ struct pgp_key_t { pgp_key_t &operator=(const pgp_key_t &) = default; pgp_key_t &operator=(pgp_key_t &&) = default; - size_t sig_count() const; - rnp::Signature & get_sig(size_t idx); - const rnp::Signature &get_sig(size_t idx) const; - bool has_sig(const pgp_sig_id_t &id) const; - rnp::Signature & replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig); - rnp::Signature & get_sig(const pgp_sig_id_t &id); - const rnp::Signature &get_sig(const pgp_sig_id_t &id) const; - rnp::Signature & add_sig(const pgp_signature_t &sig, - size_t uid = PGP_UID_NONE, - bool begin = false); - bool del_sig(const pgp_sig_id_t &sigid); - size_t del_sigs(const std::vector &sigs); - size_t keysig_count() const; - rnp::Signature & get_keysig(size_t idx); - size_t uid_count() const; - pgp_userid_t & get_uid(size_t idx); - const pgp_userid_t & get_uid(size_t idx) const; - size_t get_uid_idx(const pgp_userid_pkt_t &uid) const; - pgp_userid_t & add_uid(const pgp_transferable_userid_t &uid); - bool has_uid(const std::string &uid) const; - uint32_t uid_idx(const pgp_userid_pkt_t &uid) const; - void del_uid(size_t idx); - bool has_primary_uid() const; - uint32_t get_primary_uid() const; - bool revoked() const; - const pgp_revoke_t & revocation() const; - void clear_revokes(); - void add_revoker(const pgp_fingerprint_t &revoker); - bool has_revoker(const pgp_fingerprint_t &revoker) const; - size_t revoker_count() const; + size_t sig_count() const; + rnp::Signature & get_sig(size_t idx); + const rnp::Signature & get_sig(size_t idx) const; + bool has_sig(const pgp_sig_id_t &id) const; + rnp::Signature & replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig); + rnp::Signature & get_sig(const pgp_sig_id_t &id); + const rnp::Signature & get_sig(const pgp_sig_id_t &id) const; + rnp::Signature & add_sig(const pgp_signature_t &sig, + size_t uid = PGP_UID_NONE, + bool begin = false); + bool del_sig(const pgp_sig_id_t &sigid); + size_t del_sigs(const std::vector &sigs); + size_t keysig_count() const; + rnp::Signature & get_keysig(size_t idx); + size_t uid_count() const; + pgp_userid_t & get_uid(size_t idx); + const pgp_userid_t & get_uid(size_t idx) const; + size_t get_uid_idx(const pgp_userid_pkt_t &uid) const; + pgp_userid_t & add_uid(const pgp_transferable_userid_t &uid); + bool has_uid(const std::string &uid) const; + uint32_t uid_idx(const pgp_userid_pkt_t &uid) const; + void del_uid(size_t idx); + bool has_primary_uid() const; + uint32_t get_primary_uid() const; + bool revoked() const; + const rnp::Revocation &revocation() const; + void clear_revokes(); + void add_revoker(const pgp_fingerprint_t &revoker); + bool has_revoker(const pgp_fingerprint_t &revoker) const; + size_t revoker_count() const; const pgp_fingerprint_t &get_revoker(size_t idx) const; const pgp_key_pkt_t & pkt() const noexcept; @@ -505,11 +505,11 @@ struct pgp_key_t { * @param key key or subkey packet to revoke. * @param sig object to store revocation signature. Will be populated in method call. */ - void gen_revocation(const pgp_revoke_t & revoke, - pgp_hash_alg_t hash, - const pgp_key_pkt_t & key, - pgp_signature_t & sig, - rnp::SecurityContext &ctx); + void gen_revocation(const rnp::Revocation &rev, + pgp_hash_alg_t hash, + const pgp_key_pkt_t & key, + pgp_signature_t & sig, + rnp::SecurityContext & ctx); #if defined(ENABLE_CRYPTO_REFRESH) /** diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp index 920018d75..edb48cf97 100644 --- a/src/lib/rnp.cpp +++ b/src/lib/rnp.cpp @@ -4003,10 +4003,10 @@ rnp_key_get_revoker(rnp_key_handle_t key) } static bool -fill_revocation_reason(rnp_ffi_t ffi, - pgp_revoke_t &revinfo, - const char * code, - const char * reason) +fill_revocation_reason(rnp_ffi_t ffi, + rnp::Revocation &revinfo, + const char * code, + const char * reason) { revinfo = {}; if (code && !str_to_revocation_type(code, &revinfo.code)) { @@ -4040,7 +4040,7 @@ rnp_key_get_revocation(rnp_ffi_t ffi, FFI_LOG(ffi, "Unknown hash algorithm: %s", hash); return RNP_ERROR_BAD_PARAMETERS; } - pgp_revoke_t revinfo = {}; + rnp::Revocation revinfo; if (!fill_revocation_reason(ffi, revinfo, code, reason)) { return RNP_ERROR_BAD_PARAMETERS; } @@ -6250,11 +6250,11 @@ try { if (!sig) { return RNP_ERROR_NULL_POINTER; } - pgp_revoke_t revinfo = {}; - if (!fill_revocation_reason(sig->ffi, revinfo, code, reason)) { + rnp::Revocation rev; + if (!fill_revocation_reason(sig->ffi, rev, code, reason)) { return RNP_ERROR_BAD_PARAMETERS; } - sig->sig->sig.set_revocation_reason(revinfo.code, revinfo.reason); + sig->sig->sig.set_revocation_reason(rev.code, rev.reason); return RNP_SUCCESS; } FFI_GUARD diff --git a/src/lib/signature.cpp b/src/lib/signature.cpp index 28a88d652..8352d82b0 100644 --- a/src/lib/signature.cpp +++ b/src/lib/signature.cpp @@ -70,4 +70,28 @@ Signature::expired(uint64_t at) const } return expiration + sig.creation() < at; } + +static const id_str_pair revocation_code_map[] = { + {PGP_REVOCATION_NO_REASON, "No reason specified"}, + {PGP_REVOCATION_SUPERSEDED, "Key is superseded"}, + {PGP_REVOCATION_COMPROMISED, "Key material has been compromised"}, + {PGP_REVOCATION_RETIRED, "Key is retired and no longer used"}, + {PGP_REVOCATION_NO_LONGER_VALID, "User ID information is no longer valid"}, + {0x00, NULL}, +}; + +Revocation::Revocation(rnp::Signature &sig) : uid(sig.uid), sigid(sig.sigid) +{ + if (!sig.sig.has_subpkt(PGP_SIG_SUBPKT_REVOCATION_REASON)) { + RNP_LOG("Warning: no revocation reason in the revocation"); + code = PGP_REVOCATION_NO_REASON; + } else { + code = sig.sig.revocation_code(); + reason = sig.sig.revocation_reason(); + } + if (reason.empty()) { + reason = id_str_pair::lookup(revocation_code_map, code); + } +} + } // namespace rnp diff --git a/src/lib/signature.hpp b/src/lib/signature.hpp index 278019256..685b4bb45 100644 --- a/src/lib/signature.hpp +++ b/src/lib/signature.hpp @@ -130,6 +130,17 @@ class Signature { bool expired(uint64_t at) const; }; +class Revocation { + public: + uint32_t uid; /* index in uid array */ + pgp_revocation_type_t code; /* revocation code */ + std::string reason; /* revocation reason */ + pgp_sig_id_t sigid; /* id of the corresponding subsig */ + + Revocation() : uid(0), code(PGP_REVOCATION_NO_REASON), sigid(){}; + Revocation(Signature &sig); +}; + } // namespace rnp #endif \ No newline at end of file diff --git a/src/lib/types.h b/src/lib/types.h index 26101455b..0ba9db1b1 100644 --- a/src/lib/types.h +++ b/src/lib/types.h @@ -242,17 +242,6 @@ namespace rnp { class Signature; } -/* user revocation info */ -typedef struct pgp_revoke_t { - uint32_t uid{}; /* index in uid array */ - pgp_revocation_type_t code{}; /* revocation code */ - std::string reason; /* revocation reason */ - pgp_sig_id_t sigid{}; /* id of the corresponding subsig */ - - pgp_revoke_t() = default; - pgp_revoke_t(rnp::Signature &sig); -} pgp_revoke_t; - typedef struct rnp_key_protection_params_t { pgp_symm_alg_t symm_alg; pgp_cipher_mode_t cipher_mode;