update uat

ProtonMail · Sep 10, 2024 · 4db783b · 4db783b
1 parent 2a61c28
commit 4db783b
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 11 deletions.
diff --git a/openpgp/packet/public_key.go b/openpgp/packet/public_key.go
@@ -1024,7 +1024,7 @@ func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *Publi
 	if err != nil {
 		return err
 	}
-	h, err = userAttributeSignatureHash(pkt, pub, h)
+	err = userAttributeSignatureHash(pkt, pub, h)
 	if err != nil {
 		return err
 	}
@@ -1033,15 +1033,14 @@ func (pk *PublicKey) VerifyUserAttributeSignature(pkt *UserAttribute, pub *Publi
 
 // userAttributeSignatureHash returns a Hash of the message that needs to be signed
 // to assert that pk is a valid key for uat.
-func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, hashFunc hash.Hash) (h hash.Hash, err error) {
-	h = hashFunc
+func userAttributeSignatureHash(uat *UserAttribute, pk *PublicKey, h hash.Hash) (err error) {
 
 	// RFC 4880, section 5.2.4
 	if err := pk.SerializeSignaturePrefix(h); err != nil {
-		return nil, err
+		return err
 	}
 	if err := pk.serializeWithoutHeaders(h); err != nil {
-		return nil, err
+		return err
 	}
 
 	data := uat.data()

diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go
@@ -990,11 +990,11 @@ func (sig *Signature) SignUserAttribute(uat *UserAttribute, pub *PublicKey, priv
 	if err != nil {
 		return err
 	}
-	h, err := userAttributeSignatureHash(uat, pub, prepareHash)
+	err = userAttributeSignatureHash(uat, pub, prepareHash)
 	if err != nil {
 		return err
 	}
-	return sig.Sign(h, priv, config)
+	return sig.Sign(prepareHash, priv, config)
 }
 
 // SignDirectKeyBinding computes a signature from priv

diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go
@@ -607,7 +607,7 @@ func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign boo
 			}
 
 			if attr.SelfSignature == nil {
-				return goerrors.New("openpgp: can't re-sign identity without valid self-signature")
+				return goerrors.New("openpgp: can't re-sign user attribute without valid self-signature")
 			}
 			err = attr.SelfSignature.SignUserAttribute(userAttribute, e.PrimaryKey, e.PrivateKey, config)
 			if err != nil {

diff --git a/openpgp/v2/uat.go b/openpgp/v2/uat.go
@@ -45,9 +45,6 @@ func (t *Entity) AddPhotos(jpegBytes [][]byte, config *packet.Config) error {
 }
 
 func addUserAttribute(e *Entity, packets *packet.Reader, pkt *packet.UserAttribute) error {
-	// Make a new Attribute object, that we might wind up throwing away.
-	// We'll only add it if we get a valid self-signature over this
-	// user attribute.
 	uat := new(Attribute)
 	uat.UserAttribute = pkt
 	e.Attributes = append(e.Attributes, uat)

diff --git a/openpgp/v2/user.go b/openpgp/v2/user.go
@@ -19,6 +19,8 @@ type Identity struct {
 	Revocations         []*packet.VerifiableSignature
 }
 
+// Attribute represents a user attribute (such as an image) claimed by an
+// Entity and zero or more assertions by other entities about that claim.
 type Attribute struct {
 	UserAttribute *packet.UserAttribute
 	SelfSignature *packet.Signature