subkey binding now works - SecurityInnovation#104

dkg · Sep 28, 2014 · 6ce75c6 · 6ce75c6
1 parent 61487e5
commit 6ce75c6
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 5 deletions.
diff --git a/pgpy/pgp.py b/pgpy/pgp.py
@@ -1179,12 +1179,20 @@ def sign(self, subject, **prefs):
                           legal(id='revoke', types=PGPUID, criteria=[], sigtypes={SignatureType.CertRevocation}),
                           legal(id='revoke', types=PGPKey, criteria=[getattr(subject, 'is_primary', False)],
                                 sigtypes={SignatureType.KeyRevocation}),
-                          legal(id='revoke', types=PGPKey, criteria=[not getattr(subject, 'is_primary', False)],
+                          legal(id='revoke', types=PGPKey, criteria=[getattr(subject, 'is_primary', None) is False],
                                 sigtypes={SignatureType.SubkeyRevocation}),
                           legal(id='selfcertify', types=(PGPUID, PGPKey),
                                 criteria=[ (getattr(subject, 'fingerprint', None) if isinstance(subject, PGPKey)
                                             else getattr(getattr(subject, '_parent', None), 'fingerprint', None)) == self.fingerprint],
                                 sigtypes=SignatureType.certifications ^ {SignatureType.CertRevocation}),
+                          legal(id='bind_sub', types=PGPKey,
+                                criteria=[getattr(subject, 'is_primary', None) is False,
+                                          getattr(getattr(subject, '_parent', None), 'fingerprint', None) == self.fingerprint],
+                                sigtypes={SignatureType.Subkey_Binding}),
+                          # legal(id='bind_pri', types=PGPKey,
+                          #       criteria=[getattr(subject, 'is_primary', None) is True,
+                          #                 getattr(self, '_parent', None) is not None,
+                          #                 getattr(subject, 'fingerprint', None) == self._parent.fingerprint]),
                           legal(id='certify', types=PGPUID, criteria=[],
                                 sigtypes=SignatureType.certifications ^ {SignatureType.CertRevocation}),
                           legal(id='directkey', types=PGPKey, criteria=[], sigtypes={SignatureType.DirectlyOnKey})]
@@ -1205,9 +1213,16 @@ def sign(self, subject, **prefs):
             comment = prefs.pop('comment', '')
             sig._signature.subpackets.addnew('ReasonForRevocation', hashed=True, code=reason, string=comment)
 
+        if combo.id in ['selfcertify', 'directkey', 'bind_sub']:
+            usage_flags = prefs.pop('usage', [])
+            sig._signature.subpackets.addnew('KeyFlags', hashed=True, flags=usage_flags)
+
+        # if combo.id == 'bind_sub' and subject.key_algorithm.can_sign:
+        #     esig = self.subkeys[subject.fingerprint.keyid].sign(self, sigtype=SignatureType.PrimaryKey_Binding)
+        #     sig._signature.subpackets.addnew('EmbeddedSignature', hashed=False, _sig=esig._signature)
+
         if combo.id in ['selfcertify', 'directkey']:
-            flag_opts = [('usage', 'KeyFlags'),
-                         ('cipherprefs', 'PreferredSymmetricAlgorithms'),
+            flag_opts = [('cipherprefs', 'PreferredSymmetricAlgorithms'),
                          ('hashprefs', 'PreferredHashAlgorithms'),
                          ('compprefs', 'PreferredCompressionAlgorithms'),]
             for flags, sp in iter((prefs.pop(f, []), sp) for f, sp in flag_opts):

diff --git a/tests/test_5_actions.py b/tests/test_5_actions.py
@@ -397,8 +397,30 @@ def test_revoke_subkey(self, sec, pub, write_clean, gpg_import, gpg_check_sigs):
         subkey._signatures.remove(rsig)
         assert rsig not in subkey
 
-    def test_bind_subkey(self):
-        pytest.skip("not implemented yet")
+    def test_bind_subkey(self, sec, pub, write_clean, gpg_import, gpg_check_sigs):
+        # this is temporary, until subkey generation works
+        # replace the first subkey's binding signature with a new one
+        subkey = next(iter(pub.subkeys.values()))
+        old_usage = subkey.usageflags
+        subkey._signatures.clear()
+
+        with self.assert_warnings():
+            bsig = sec.sign(subkey,
+                            sigtype=SignatureType.Subkey_Binding,
+                            usage=old_usage)
+            subkey += bsig
+
+            # verify with PGPy
+            assert pub.verify(subkey)
+            sv = pub.verify(pub)
+            assert sv
+            assert bsig in iter(s.signature for s in sv.good_signatures)
+
+        # verify with GPG
+        kfp = '{:s}.asc'.format(pub.fingerprint.shortid)
+        with write_clean(os.path.join('tests', 'testdata', kfp), 'w', str(pub)), \
+                gpg_import(os.path.join('.', kfp)) as kio:
+            assert 'invalid self-signature' not in kio
 
     def test_decrypt_rsa_message(self, rsa_encmsg):
         key = PGPKey()