From a9c9f78dd47aca19a4f5be911cfa09ae3e044e57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= <toberndo@yarkon.de>
Date: Tue, 4 Feb 2014 17:44:22 +0100
Subject: [PATCH] Verify subkey revocation signatures according to:
 http://www.rfc-editor.org/errata_search.php?rfc=4880&eid=3298

---
 src/key.js                | 2 +-
 src/packet/signature.js   | 2 +-
 test/general/key.js       | 2 +-
 test/general/signature.js | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/key.js b/src/key.js
index 9bf95f89..14a7a05e 100644
--- a/src/key.js
+++ b/src/key.js
@@ -640,7 +640,7 @@ SubKey.prototype.verify = function(primaryKey) {
   // check subkey revocation signature
   if (this.revocationSignature && !this.revocationSignature.isExpired() && 
      (this.revocationSignature.verified || 
-      this.revocationSignature.verify(primaryKey, {key: this.subKey}))) {
+      this.revocationSignature.verify(primaryKey, {key:primaryKey, bind: this.subKey}))) {
     return enums.keyStatus.revoked;
   }
   // check V3 expiration time
diff --git a/src/packet/signature.js b/src/packet/signature.js
index dee37696..0f9f7f8b 100644
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@@ -551,6 +551,7 @@ Signature.prototype.toSign = function (type, data) {
       break;
 
     case t.subkey_binding:
+    case t.subkey_revocation:
     case t.key_binding:
       return this.toSign(t.key, data) + this.toSign(t.key, {
         key: data.bind
@@ -563,7 +564,6 @@ Signature.prototype.toSign = function (type, data) {
       return data.key.writeOld();
 
     case t.key_revocation:
-    case t.subkey_revocation:
       return this.toSign(t.key, data);
     case t.timestamp:
       return '';
diff --git a/test/general/key.js b/test/general/key.js
index 75657025..371cad8f 100644
--- a/test/general/key.js
+++ b/test/general/key.js
@@ -278,7 +278,7 @@ describe('Key', function() {
     done();
   });
 
-  it.skip('Verify status of revoked subkey', function(done) {
+  it('Verify status of revoked subkey', function(done) {
     var pubKeys = openpgp.key.readArmored(pub_sig_test);
     expect(pubKeys).to.exist;
     expect(pubKeys.err).to.not.exist;
diff --git a/test/general/signature.js b/test/general/signature.js
index c2e2953b..df69d0e3 100644
--- a/test/general/signature.js
+++ b/test/general/signature.js
@@ -545,10 +545,10 @@ describe("Signature", function() {
     done();
   });
 
-  it.skip('Verify subkey revocation signature', function(done) {
+  it('Verify subkey revocation signature', function(done) {
     var pubKey = openpgp.key.readArmored(pub_revoked).keys[0];
 
-    var verified = pubKey.subKeys[0].revocationSignature.verify(pubKey.primaryKey, {key: pubKey.subKeys[0].subKey});
+    var verified = pubKey.subKeys[0].revocationSignature.verify(pubKey.primaryKey, {key: pubKey.primaryKey, bind: pubKey.subKeys[0].subKey});
 
     expect(verified).to.be.true;
     done();