Deprecate Key#Check()

2020-11-04 16:42:28 +01:00 · 2020-11-04 16:42:28 +01:00 · b50a051c7e
commit b50a051c7e
parent dc08a383a1
4 changed files with 18 additions and 72 deletions
--- a/crypto/key.go
+++ b/crypto/key.go
@ -306,37 +306,8 @@ func (key *Key) IsUnlocked() (bool, error) {

 // Check verifies if the public keys match the private key parameters by
 // signing and verifying.
+// Deprecated: all keys are now checked on parsing.
 func (key *Key) Check() (bool, error) {
-	var err error
-	testSign := bytes.Repeat([]byte{0x01}, 64)
-	testReader := bytes.NewReader(testSign)
-
-	if !key.IsPrivate() {
-		return false, errors.New("gopenpgp: can check only private key")
-	}
-
-	unlocked, err := key.IsUnlocked()
-	if err != nil {
-		return false, err
-	}
-
-	if !unlocked {
-		return false, errors.New("gopenpgp: key is not unlocked")
-	}
-
-	var signBuf bytes.Buffer
-
-	if err = openpgp.DetachSign(&signBuf, key.entity, testReader, nil); err != nil {
-		return false, errors.New("gopenpgp: unable to sign with key")
-	}
-
-	testReader = bytes.NewReader(testSign)
-	signer, err := openpgp.CheckDetachedSignature(openpgp.EntityList{key.entity}, testReader, &signBuf, nil)
-
-	if signer == nil || err != nil {
-		return false, nil
-	}
-
 	return true, nil
 }

--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@ -241,33 +241,23 @@ func TestGenerateKeyWithPrimes(t *testing.T) {
 	assert.Exactly(t, prime2, pk.Primes[1].Bytes())
 }

-func TestCheckIntegrity(t *testing.T) {
-	isVerified, err := keyTestRSA.Check()
-	if err != nil {
-		t.Fatal("Expected no error while checking correct passphrase, got:", err)
-	}
-
-	assert.Exactly(t, true, isVerified)
+func TestFailCheckIntegrity25519(t *testing.T) {
+	failCheckIntegrity(t, "x25519", 0)
 }

-func TestFailCheckIntegrity(t *testing.T) {
-	// This test is done with ECC because in an RSA key we would need to replace the primes, but maintaining the moduli,
-	// that is a private struct element.
-	k1, _ := GenerateKey(keyTestName, keyTestDomain, "x25519", 256)
-	k2, _ := GenerateKey(keyTestName, keyTestDomain, "x25519", 256)
+func TestFailCheckIntegrityRSA(t *testing.T) {
+	failCheckIntegrity(t, "rsa", 2048)
+}
+
+func failCheckIntegrity(t *testing.T, keyType string, bits int) {
+	k1, _ := GenerateKey(keyTestName, keyTestDomain, keyType, bits)
+	k2, _ := GenerateKey(keyTestName, keyTestDomain, keyType, bits)

 	k1.entity.PrivateKey.PrivateKey = k2.entity.PrivateKey.PrivateKey // Swap private keys

-	isVerified, err := k1.Check()
-	if err != nil {
-		t.Fatal("Expected no error while checking key, got:", err)
-	}
-
-	assert.Exactly(t, false, isVerified)
-
 	serialized, err := k1.Serialize()
 	if err != nil {
-		t.Fatal("Expected no error while serializing keyring kr3, got:", err)
+		t.Fatal("Expected no error while serializing keyring, got:", err)
 	}

 	_, err = NewKey(serialized)