Replace reason uint8 with packet.ReasonForRevocation enum

twiss · twiss · commit db9fcc9df0d7 · 2020-05-27T16:22:58.000+02:00
diff --git a/openpgp/keys.go b/openpgp/keys.go
@@ -634,36 +634,17 @@ func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Co
 	return nil
 }
 
-// validRevocationReason reports whether the given revocation reason code is valid
-// as per RFC4880 section-5.2.3.23.
-func validRevocationReason(r uint8) bool {
-	switch r {
-	// Defined in RFC4880 section-5.2.3.23
-	case 0, 1, 2, 3, 32:
-		return true
-	default:
-		// Private use (RFC4880 section-5.2.3.23)
-		if 100 <= r && r <= 110 {
-			return true
-		}
-		return false
-	}
-}
-
 // RevokeKey generates a key revocation signature (packet.SigTypeKeyRevocation) with the
 // specified reason code and text (RFC4880 section-5.2.3.23).
 // If config is nil, sensible defaults will be used.
-func (e *Entity) RevokeKey(reason uint8, reasonText string, config *packet.Config) error {
-	if !validRevocationReason(reason) {
-		return errors.InvalidArgumentError("invalid reason code")
-	}
-
+func (e *Entity) RevokeKey(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
+	reasonCode := uint8(reason)
 	revSig := &packet.Signature{
 		CreationTime:         config.Now(),
 		SigType:              packet.SigTypeKeyRevocation,
 		PubKeyAlgo:           packet.PubKeyAlgoRSA,
 		Hash:                 config.Hash(),
-		RevocationReason:     &reason,
+		RevocationReason:     &reasonCode,
 		RevocationReasonText: reasonText,
 		IssuerKeyId:          &e.PrimaryKey.KeyId,
 	}
@@ -678,21 +659,18 @@ func (e *Entity) RevokeKey(reason uint8, reasonText string, config *packet.Confi
 // RevokeSubkey generates a subkey revocation signature (packet.SigTypeSubkeyRevocation) for
 // a subkey with the specified reason code and text (RFC4880 section-5.2.3.23).
 // If config is nil, sensible defaults will be used.
-func (e *Entity) RevokeSubkey(sk *Subkey, reason uint8, reasonText string, config *packet.Config) error {
-	if !validRevocationReason(reason) {
-		return errors.InvalidArgumentError("invalid reason code")
-	}
-
+func (e *Entity) RevokeSubkey(sk *Subkey, reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
 	if err := e.PrimaryKey.VerifyKeySignature(sk.PublicKey, sk.Sig); err != nil {
 		return errors.InvalidArgumentError("given subkey is not associated with this key")
 	}
 
+	reasonCode := uint8(reason)
 	revSig := &packet.Signature{
 		CreationTime:         config.Now(),
 		SigType:              packet.SigTypeSubkeyRevocation,
 		PubKeyAlgo:           packet.PubKeyAlgoRSA,
 		Hash:                 config.Hash(),
-		RevocationReason:     &reason,
+		RevocationReason:     &reasonCode,
 		RevocationReasonText: reasonText,
 		IssuerKeyId:          &e.PrimaryKey.KeyId,
 	}
diff --git a/openpgp/keys_test.go b/openpgp/keys_test.go
@@ -749,7 +749,7 @@ func TestRevokeKey(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = entity.RevokeKey(0, "Key revocation", nil)
+	err = entity.RevokeKey(packet.NoReason, "Key revocation", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -776,7 +776,7 @@ func TestRevokeKeyWithConfig(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = entity.RevokeKey(0, "Key revocation", c)
+	err = entity.RevokeKey(packet.NoReason, "Key revocation", c)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -805,7 +805,7 @@ func TestRevokeSubkey(t *testing.T) {
 	}
 
 	sk := &entity.Subkeys[0]
-	err = entity.RevokeSubkey(sk, 0, "Key revocation", nil)
+	err = entity.RevokeSubkey(sk, packet.NoReason, "Key revocation", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -852,7 +852,7 @@ func TestRevokeSubkeyWithAnotherEntity(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = newEntity.RevokeSubkey(&sk, 0, "Key revocation", nil)
+	err = newEntity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", nil)
 	if err == nil {
 		t.Fatal("Entity was able to revoke a subkey owned by a different entity")
 	}
@@ -867,7 +867,7 @@ func TestRevokeSubkeyWithInvalidSignature(t *testing.T) {
 	sk := entity.Subkeys[0]
 	sk.Sig = &packet.Signature{}
 
-	err = entity.RevokeSubkey(&sk, 0, "Key revocation", nil)
+	err = entity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", nil)
 	if err == nil {
 		t.Fatal("Entity was able to revoke a subkey with invalid signature")
 	}
@@ -884,7 +884,7 @@ func TestRevokeSubkeyWithConfig(t *testing.T) {
 	}
 
 	sk := entity.Subkeys[0]
-	err = entity.RevokeSubkey(&sk, 0, "Key revocation", c)
+	err = entity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", c)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/openpgp/packet/packet.go b/openpgp/packet/packet.go
@@ -540,3 +540,14 @@ func (mode AEADMode) TagLength() int {
 func (mode AEADMode) new(block cipher.Block) cipher.AEAD {
 	return algorithm.AEADMode(mode).New(block)
 }
+
+// ReasonForRevocation represents a revocation reason code as per RFC4880
+// section 5.2.3.23.
+type ReasonForRevocation uint8
+
+const (
+	NoReason       ReasonForRevocation = 0
+	KeySuperseded  ReasonForRevocation = 1
+	KeyCompromised ReasonForRevocation = 2
+	KeyRetired     ReasonForRevocation = 3
+)

Original file line number	Diff line number	Diff line change
`@@ -749,7 +749,7 @@ func TestRevokeKey(t *testing.T) {`
`749`	`749`	`t.Fatal(err)`
`750`	`750`	`}`
`751`	`751`
`752`		`- err = entity.RevokeKey(0, "Key revocation", nil)`
	`752`	`+ err = entity.RevokeKey(packet.NoReason, "Key revocation", nil)`
`753`	`753`	`if err != nil {`
`754`	`754`	`t.Fatal(err)`
`755`	`755`	`}`
`@@ -776,7 +776,7 @@ func TestRevokeKeyWithConfig(t *testing.T) {`
`776`	`776`	`t.Fatal(err)`
`777`	`777`	`}`
`778`	`778`
`779`		`- err = entity.RevokeKey(0, "Key revocation", c)`
	`779`	`+ err = entity.RevokeKey(packet.NoReason, "Key revocation", c)`
`780`	`780`	`if err != nil {`
`781`	`781`	`t.Fatal(err)`
`782`	`782`	`}`
`@@ -805,7 +805,7 @@ func TestRevokeSubkey(t *testing.T) {`
`805`	`805`	`}`
`806`	`806`
`807`	`807`	`sk := &entity.Subkeys[0]`
`808`		`- err = entity.RevokeSubkey(sk, 0, "Key revocation", nil)`
	`808`	`+ err = entity.RevokeSubkey(sk, packet.NoReason, "Key revocation", nil)`
`809`	`809`	`if err != nil {`
`810`	`810`	`t.Fatal(err)`
`811`	`811`	`}`
`@@ -852,7 +852,7 @@ func TestRevokeSubkeyWithAnotherEntity(t *testing.T) {`
`852`	`852`	`t.Fatal(err)`
`853`	`853`	`}`
`854`	`854`
`855`		`- err = newEntity.RevokeSubkey(&sk, 0, "Key revocation", nil)`
	`855`	`+ err = newEntity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", nil)`
`856`	`856`	`if err == nil {`
`857`	`857`	`t.Fatal("Entity was able to revoke a subkey owned by a different entity")`
`858`	`858`	`}`
`@@ -867,7 +867,7 @@ func TestRevokeSubkeyWithInvalidSignature(t *testing.T) {`
`867`	`867`	`sk := entity.Subkeys[0]`
`868`	`868`	`sk.Sig = &packet.Signature{}`
`869`	`869`
`870`		`- err = entity.RevokeSubkey(&sk, 0, "Key revocation", nil)`
	`870`	`+ err = entity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", nil)`
`871`	`871`	`if err == nil {`
`872`	`872`	`t.Fatal("Entity was able to revoke a subkey with invalid signature")`
`873`	`873`	`}`
`@@ -884,7 +884,7 @@ func TestRevokeSubkeyWithConfig(t *testing.T) {`
`884`	`884`	`}`
`885`	`885`
`886`	`886`	`sk := entity.Subkeys[0]`
`887`		`- err = entity.RevokeSubkey(&sk, 0, "Key revocation", c)`
	`887`	`+ err = entity.RevokeSubkey(&sk, packet.NoReason, "Key revocation", c)`
`888`	`888`	`if err != nil {`
`889`	`889`	`t.Fatal(err)`
`890`	`890`	`}`