openpgp-card-sequoia: cleanup internal ptf() hack

This fixes the generation of a mismatching Fingerprint on the card and OpenPGP public key when using generate_key(), which may have been cause by inconsistent kek/kdf parameter use for some ECC decryption subkeys.
2023-09-05 18:31:21 +02:00 · 2023-09-05 18:31:21 +02:00 · 52a145528e
commit 52a145528e
parent 01cc2caafc
3 changed files with 9 additions and 36 deletions
--- a/card-functionality/src/tests.rs
+++ b/card-functionality/src/tests.rs
@ -18,7 +18,6 @@ use openpgp_card_sequoia::Card;
 use sequoia_openpgp::parse::Parse;
 use sequoia_openpgp::policy::StandardPolicy;
 use sequoia_openpgp::serialize::SerializeInto;
-use sequoia_openpgp::types::{HashAlgorithm, SymmetricAlgorithm};
 use sequoia_openpgp::Cert;
 use thiserror;

@ -225,13 +224,7 @@ pub fn test_keygen(tx: &mut Card<Transaction>, param: &[&str]) -> Result<TestOut
    println!(" Generate subkey for Decryption");
    admin.set_algorithm(KeyType::Decryption, alg)?;
    let (pkm, ts) = admin.generate_key(KeyType::Decryption)?;
-    let key_dec = public_key_material_to_key(
-        &pkm,
-        KeyType::Decryption,
-        &ts,
-        Some(HashAlgorithm::SHA256),
-        Some(SymmetricAlgorithm::AES128),
-    )?;
+    let key_dec = public_key_material_to_key(&pkm, KeyType::Decryption, &ts, None, None)?;

    println!(" Generate subkey for Authentication");
    admin.set_algorithm(KeyType::Authentication, alg)?;
--- a/openpgp-card-sequoia/src/lib.rs
+++ b/openpgp-card-sequoia/src/lib.rs
@ -151,14 +151,11 @@ use openpgp_card::{Error, KeyType};
 use sequoia_openpgp::cert::prelude::ValidErasedKeyAmalgamation;
 use sequoia_openpgp::packet::key::SecretParts;
 use sequoia_openpgp::packet::{key, Key};
-use sequoia_openpgp::types::{HashAlgorithm, SymmetricAlgorithm};

 use crate::decryptor::CardDecryptor;
 use crate::signer::CardSigner;
 use crate::state::{Admin, Open, Sign, State, Transaction, User};
-use crate::util::{
-    public_key_material_and_fp_to_key, public_to_fingerprint, vka_as_uploadable_key,
-};
+use crate::util::{public_key_material_and_fp_to_key, vka_as_uploadable_key};

 mod decryptor;
 mod privkey;
@ -1185,24 +1182,6 @@ impl Card<Admin<'_, '_>> {
        self.card().key_import(key, key_type)
    }

-    /// Wrapper fn for `public_to_fingerprint` that uses SHA256/AES128 as default parameters.
-    ///
-    /// FIXME: This is a hack.
-    /// These parameters should probably be automatically determined based on the algorithm used?
-    fn ptf(
-        pkm: &PublicKeyMaterial,
-        time: KeyGenerationTime,
-        key_type: KeyType,
-    ) -> Result<Fingerprint, Error> {
-        public_to_fingerprint(
-            pkm,
-            &time,
-            key_type,
-            Some(HashAlgorithm::SHA256),      // FIXME
-            Some(SymmetricAlgorithm::AES128), // FIXME
-        )
-    }
-
    /// Configure the `algorithm_attributes` for key slot `key_type` based on
    /// the algorithm `algo`.
    /// This can be useful in preparation for [`Self::generate_key`].
@ -1241,6 +1220,7 @@ impl Card<Admin<'_, '_>> {
        &mut self,
        key_type: KeyType,
    ) -> Result<(PublicKeyMaterial, KeyGenerationTime), Error> {
-        self.card().generate_key(Self::ptf, key_type)
+        self.card()
+            .generate_key(crate::util::public_to_fingerprint, key_type)
    }
 }
--- a/openpgp-card-sequoia/src/util.rs
+++ b/openpgp-card-sequoia/src/util.rs
@ -321,16 +321,16 @@ pub fn public_key_material_to_key(
 /// Mapping function to get a fingerprint from "PublicKeyMaterial +
 /// timestamp + KeyType" (intended for use with `CardApp.generate_key()`).
 ///
-/// For ECC decryption keys, `hash` and `sym` can be optionally specified.
+/// For ECC decryption keys, `hash` and `sym` are set by Sequoia.
+/// This fingerprint calculation is based on the parameters that get
+/// selected in [`public_key_material_to_key`].
 pub(crate) fn public_to_fingerprint(
    pkm: &PublicKeyMaterial,
-    time: &KeyGenerationTime,
+    time: KeyGenerationTime,
    kt: KeyType,
-    hash: Option<HashAlgorithm>,
-    sym: Option<SymmetricAlgorithm>,
 ) -> Result<Fingerprint, Error> {
    // Transform PublicKeyMaterial into a Sequoia Key
-    let key = public_key_material_to_key(pkm, kt, time, hash, sym)?;
+    let key = public_key_material_to_key(pkm, kt, &time, None, None)?;

    // Get fingerprint from the Sequoia Key
    let fp = key.fingerprint();