func testParse(t *testing.T, input []byte, expected, expectedPlaintext string) {
b, rest := Decode(input)
if b == nil {
t.Fatal("failed to decode clearsign message")
}
if !bytes.Equal(rest, []byte("trailing")) {
t.Errorf("unexpected remaining bytes returned: %s", string(rest))
}
if b.ArmoredSignature.Type != "PGP SIGNATURE" {
t.Errorf("bad armor type, got:%s, want:PGP SIGNATURE", b.ArmoredSignature.Type)
}
if !bytes.Equal(b.Bytes, []byte(expected)) {
t.Errorf("bad body, got:%x want:%x", b.Bytes, expected)
}
if !bytes.Equal(b.Plaintext, []byte(expectedPlaintext)) {
t.Errorf("bad plaintext, got:%x want:%x", b.Plaintext, expectedPlaintext)
}
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
if err != nil {
t.Errorf("failed to parse public key: %s", err)
}
if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
t.Errorf("failed to check signature: %s", err)
}
}
func pgpDecryptClearsign(source io.Reader, sink io.Writer, kr openpgp.KeyRing) (*SignatureStatus, error) {
// clearsign decode only works with the whole data slice, not a reader
// so have to read it all here:
msg, err := ioutil.ReadAll(source)
if err != nil {
return nil, err
}
b, _ := clearsign.Decode(msg)
if b == nil {
return nil, fmt.Errorf("Unable to decode clearsigned message")
}
signer, err := openpgp.CheckDetachedSignature(kr, bytes.NewReader(b.Bytes), b.ArmoredSignature.Body)
if err != nil {
return nil, fmt.Errorf("Check sig error: %s", err)
}
n, err := io.Copy(sink, bytes.NewReader(b.Plaintext))
if err != nil {
return nil, err
}
G.Log.Debug("PGPDecrypt: copied %d bytes to writer", n)
var status SignatureStatus
if signer == nil {
return &status, nil
}
status.IsSigned = true
status.Verified = true
status.Entity = signer
return &status, nil
}
// runClearsign verifies a clearsign signature
func (e *PGPVerify) runClearsign(ctx *Context) error {
// clearsign decode only works with the whole data slice, not a reader
// so have to read it all here:
msg, err := ioutil.ReadAll(e.peek)
if err != nil {
return err
}
b, _ := clearsign.Decode(msg)
if b == nil {
return errors.New("Unable to decode clearsigned message")
}
sigBody, err := ioutil.ReadAll(b.ArmoredSignature.Body)
if err != nil {
return err
}
sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
if err != nil {
return err
}
signer, err := openpgp.CheckDetachedSignature(sk, bytes.NewReader(b.Bytes), bytes.NewReader(sigBody))
if err != nil {
return fmt.Errorf("Check sig error: %s", err)
}
e.owner = sk.Owner()
e.signStatus = &libkb.SignatureStatus{IsSigned: true}
if signer != nil {
e.signStatus.Verified = true
e.signStatus.Entity = signer
if err := e.checkSignedBy(ctx); err != nil {
return err
}
p, err := packet.Read(bytes.NewReader(sigBody))
if err != nil {
return err
}
if val, ok := p.(*packet.Signature); ok {
e.signStatus.SignatureTime = val.CreationTime
}
fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint)
OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime)
}
return nil
}
func TestSigning(t *testing.T) {
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
if err != nil {
t.Errorf("failed to parse public key: %s", err)
}
for i, test := range signingTests {
var buf bytes.Buffer
plaintext, err := Encode(&buf, keyring[0].PrivateKey, nil)
if err != nil {
t.Errorf("#%d: error from Encode: %s", i, err)
continue
}
if _, err := plaintext.Write([]byte(test.in)); err != nil {
t.Errorf("#%d: error from Write: %s", i, err)
continue
}
if err := plaintext.Close(); err != nil {
t.Fatalf("#%d: error from Close: %s", i, err)
continue
}
b, _ := Decode(buf.Bytes())
if b == nil {
t.Errorf("#%d: failed to decode clearsign message", i)
continue
}
if !bytes.Equal(b.Bytes, []byte(test.signed)) {
t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Bytes, test.signed)
continue
}
if !bytes.Equal(b.Plaintext, []byte(test.plaintext)) {
t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Plaintext, test.plaintext)
continue
}
if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
t.Errorf("#%d: failed to check signature: %s", i, err)
}
}
}