turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't check cert revocation status when decrypting.

Browse source
This commit is contained in:
Heiko Schaefer 2021-11-22 15:35:51 +01:00
parent af673f537c
commit 7413b5c062
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
3 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
openpgp-card-sequoia/src/decryptor.rs
View file

@ -49,7 +49,7 @@ impl<'a> CardDecryptor<'a> {
let fp = openpgp::Fingerprint::from_bytes(fp.as_bytes()); let fp = openpgp::Fingerprint::from_bytes(fp.as_bytes());
if let Some(vk) = if let Some(vk) =
sq_util::get_subkey_by_fingerprint(cert, policy, &fp)? sq_util::get_subkey_by_fingerprint(cert, policy, &fp, false)?
{ {
if vk.for_storage_encryption() || vk.for_transport_encryption() if vk.for_storage_encryption() || vk.for_transport_encryption()
{ {

2
openpgp-card-sequoia/src/signer.rs
View file

@ -45,7 +45,7 @@ impl<'a> CardSigner<'a> {
let fp = openpgp::Fingerprint::from_bytes(fp.as_bytes()); let fp = openpgp::Fingerprint::from_bytes(fp.as_bytes());
if let Some(vk) = if let Some(vk) =
sq_util::get_subkey_by_fingerprint(cert, policy, &fp)? sq_util::get_subkey_by_fingerprint(cert, policy, &fp, true)?
{ {
if vk.for_signing() { if vk.for_signing() {
let key = vk.key().clone(); let key = vk.key().clone();

9
openpgp-card-sequoia/src/sq_util.rs
View file

@ -98,7 +98,11 @@ pub fn get_subkey_by_fingerprint<'a>(
cert: &'a Cert, cert: &'a Cert,
policy: &'a dyn Policy, policy: &'a dyn Policy,
fp: &Fingerprint, fp: &Fingerprint,
check_revocation: bool,
) -> Result<Option<ValidErasedKeyAmalgamation<'a, PublicParts>>, Error> { ) -> Result<Option<ValidErasedKeyAmalgamation<'a, PublicParts>>, Error> {
// FIXME: if `test_revocation`, then first check if the primary key is
// revoked?
// Find the (sub)key in `cert` that matches the fingerprint from // Find the (sub)key in `cert` that matches the fingerprint from
// the Card's signing-key slot. // the Card's signing-key slot.
let keys: Vec<_> = let keys: Vec<_> =
@ -111,12 +115,15 @@ pub fn get_subkey_by_fingerprint<'a>(
let validkey = keys[0].clone().with_policy(policy, None)?; let validkey = keys[0].clone().with_policy(policy, None)?;
validkey.alive()?; validkey.alive()?;
if let RevocationStatus::Revoked(_) = validkey.revocation_status() { if check_revocation {
if let RevocationStatus::Revoked(_) = validkey.revocation_status()
{
return Err(Error::InternalError(anyhow!( return Err(Error::InternalError(anyhow!(
"(Sub)key {} in the cert is revoked", "(Sub)key {} in the cert is revoked",
fp fp
))); )));
} }
}
Ok(Some(validkey)) Ok(Some(validkey))
} else { } else {