refactor(v2): Implement feedback for key operations

ProtonMail · Nov 22, 2023 · 78f1529 · 78f1529
1 parent fb84e16
commit 78f1529
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 28 deletions.
diff --git a/openpgp/keys_v5_test.go b/openpgp/keys_v5_test.go
@@ -2,11 +2,8 @@ package openpgp
 
 import (
 	"bytes"
-	"io/ioutil"
 	"strings"
 	"testing"
-
-	"github.com/ProtonMail/go-crypto/openpgp/armor"
 )
 
 var foreignKeys = []string{
@@ -23,6 +20,8 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
 	}
 }
 
+// Deprecated
+/*
 // TODO: Replace message with a correctly generated one.
 func testV5ForeignSignedMessage(t *testing.T) {
 	kring, err := ReadArmoredKeyRing(strings.NewReader(v5PrivKey))
@@ -58,8 +57,6 @@ func testV5ForeignSignedMessage(t *testing.T) {
 	}
 }
 
-// Depricated
-/*
 func TestReadPrivateEncryptedV5Key(t *testing.T) {
 	c := &packet.Config{V5Keys: true}
 	e, err := NewEntity("V5 Key Owner", "V5 Key", "[email protected]", c)
@@ -116,7 +113,7 @@ func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
 	}
 }
 
-// Depricated
+// Deprecated
 /*
 func TestNewEntitySerializeV5Key(t *testing.T) {
 	c := &packet.Config{V5Keys: true}

diff --git a/openpgp/v2/key_generation.go b/openpgp/v2/key_generation.go
@@ -118,6 +118,7 @@ func newEntity(uid *userIdData, config *packet.Config) (*Entity, error) {
 	return e, nil
 }
 
+// AddUserId adds a user-id packet to the given entity.
 func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) error {
 	var keyProperties *keyProperties
 	if !config.V6() {
@@ -126,6 +127,7 @@ func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) e
 	return t.addUserId(userIdData{name, comment, email}, config, keyProperties)
 }
 
+// AddDirectKeySignature adds a fresh direct key signature with the selected key-properties.
 func (t *Entity) AddDirectKeySignature(selectedKeyProperties *keyProperties, config *packet.Config) error {
 	selfSignature := createSignaturePacket(&t.PrivateKey.PublicKey, packet.SigTypeDirectSignature, config)
 	err := writeKeyProperties(selfSignature, selectedKeyProperties)
@@ -330,7 +332,7 @@ func (e *Entity) addEncryptionSubkey(config *packet.Config, creationTime time.Ti
 	return nil
 }
 
-// Generates a signing key
+// newSigner generates a signing key.
 func newSigner(config *packet.Config) (signer interface{}, err error) {
 	switch config.PublicKeyAlgorithm() {
 	case packet.PubKeyAlgoRSA:
@@ -388,7 +390,7 @@ func newSigner(config *packet.Config) (signer interface{}, err error) {
 	}
 }
 
-// Generates an encryption/decryption key
+// newDecrypter generates an encryption/decryption key.
 func newDecrypter(config *packet.Config) (decrypter interface{}, err error) {
 	switch config.PublicKeyAlgorithm() {
 	case packet.PubKeyAlgoRSA:

diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go
@@ -55,7 +55,8 @@ type KeyRing interface {
 
 // PrimaryIdentity returns a valid non-revoked Identity while preferring
 // identities marked as primary, or the latest-created identity, in that order.
-func (e *Entity) PrimaryIdentity(date time.Time) (*packet.Signature, *Identity, error) {
+// Returns an nil for both return values if there is no valid primary identity.
+func (e *Entity) PrimaryIdentity(date time.Time) (*packet.Signature, *Identity) {
 	var primaryIdentityCandidates []*Identity
 	var primaryIdentityCandidatesSelfSigs []*packet.Signature
 	for _, identity := range e.Identities {
@@ -66,7 +67,7 @@ func (e *Entity) PrimaryIdentity(date time.Time) (*packet.Signature, *Identity,
 		}
 	}
 	if len(primaryIdentityCandidates) == 0 {
-		return nil, nil, errors.StructuralError("no primary identity found")
+		return nil, nil
 	}
 	primaryIdentity := -1
 	for idx := range primaryIdentityCandidates {
@@ -76,7 +77,7 @@ func (e *Entity) PrimaryIdentity(date time.Time) (*packet.Signature, *Identity,
 			primaryIdentity = idx
 		}
 	}
-	return primaryIdentityCandidatesSelfSigs[primaryIdentity], primaryIdentityCandidates[primaryIdentity], nil
+	return primaryIdentityCandidatesSelfSigs[primaryIdentity], primaryIdentityCandidates[primaryIdentity]
 }
 
 func shouldPreferIdentity(existingId, potentialNewId *packet.Signature) bool {
@@ -665,6 +666,7 @@ func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Co
 	return ident.SignIdentity(signer, config)
 }
 
+// LatestValidDirectSignature returns the latest valid direct key-signature of the entity.
 func (e *Entity) LatestValidDirectSignature(date time.Time) (selectedSig *packet.Signature, err error) {
 	for sigIdx := len(e.DirectSignatures) - 1; sigIdx >= 0; sigIdx-- {
 		sig := e.DirectSignatures[sigIdx]
@@ -686,8 +688,8 @@ func (e *Entity) LatestValidDirectSignature(date time.Time) (selectedSig *packet
 	return
 }
 
-// primarySelfSignature searches the entitity for the self-signature that stores key prefrences.
-// For V4 keys, returns the self-signature of the primary indentity, and the identity.
+// PrimarySelfSignature searches the entity for the self-signature that stores key preferences.
+// For V4 keys, returns the self-signature of the primary identity, and the identity.
 // For V6 keys, returns the latest valid direct-key self-signature, and no identity (nil).
 // This self-signature is to be used to check the key expiration,
 // algorithm preferences, and so on.
@@ -696,9 +698,9 @@ func (e *Entity) PrimarySelfSignature(date time.Time) (primarySig *packet.Signat
 		primarySig, err = e.LatestValidDirectSignature(date)
 		return
 	}
-	primarySig, _, err = e.PrimaryIdentity(date)
-	if err != nil {
-		return
+	primarySig, _ = e.PrimaryIdentity(date)
+	if primarySig == nil {
+		return nil, errors.StructuralError("no primary identity found")
 	}
 	return
 }
@@ -741,7 +743,6 @@ func (k *Key) IsPrimary() bool {
 	return k.PrimarySelfSignature == k.SelfSignature
 }
 
-// checkKeyRequirements
 func checkKeyRequirements(usedKey *packet.PublicKey, config *packet.Config) error {
 	algo := usedKey.PubKeyAlgo
 	if config.RejectPublicKeyAlgorithm(algo) {
@@ -758,9 +759,7 @@ func checkKeyRequirements(usedKey *packet.PublicKey, config *packet.Config) erro
 		if err != nil || config.RejectCurve(curve) {
 			return errors.WeakAlgorithmError("elliptic curve " + curve)
 		}
-		if usedKey.Version == 6 &&
-			(curve == packet.Curve25519 ||
-				curve == packet.Curve448) {
+		if usedKey.Version == 6 && (curve == packet.Curve25519 || curve == packet.Curve448) {
 			// Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.
 			return errors.StructuralError("v6 key uses legacy elliptic curve " + curve)
 		}

diff --git a/openpgp/v2/keys_test.go b/openpgp/v2/keys_test.go
@@ -1967,7 +1967,7 @@ zaXZE2aAMQ==
 		t.Fatal(err)
 	}
 	var config *packet.Config
-	sig, _, err := key[0].PrimaryIdentity(config.Now())
+	sig, _ := key[0].PrimaryIdentity(config.Now())
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/openpgp/v2/keys_v5_test.go b/openpgp/v2/keys_v5_test.go
@@ -2,11 +2,8 @@ package v2
 
 import (
 	"bytes"
-	"io/ioutil"
 	"strings"
 	"testing"
-
-	"github.com/ProtonMail/go-crypto/openpgp/armor"
 )
 
 var foreignKeys = []string{
@@ -23,7 +20,8 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
 	}
 }
 
-// TODO: Replace message with a correctly generated one.
+// Deprecated
+/*
 func testV5ForeignSignedMessage(t *testing.T) {
 	kring, err := ReadArmoredKeyRing(strings.NewReader(v5PrivKey))
 	if err != nil {
@@ -61,8 +59,6 @@ func testV5ForeignSignedMessage(t *testing.T) {
 	}
 }
 
-// Depricated
-/*
 func TestReadPrivateEncryptedV5Key(t *testing.T) {
 	c := &packet.Config{V5Keys: true}
 	e, err := NewEntity("V5 Key Owner", "V5 Key", "[email protected]", c)
@@ -119,7 +115,7 @@ func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
 	}
 }
 
-// Depricated
+// Deprecated
 /*
 func TestNewEntitySerializeV5Key(t *testing.T) {
 	c := &packet.Config{V5Keys: true}