func (chks *checkSuite) TestCheckForgery(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
encoded := asserts.Encode(chks.a)
content, encodedSig := chks.a.Signature()
// forgery
forgedSig := new(packet.Signature)
forgedSig.PubKeyAlgo = testPrivKey1.PubKeyAlgo
forgedSig.Hash = crypto.SHA256
forgedSig.CreationTime = time.Now()
forgedSig.IssuerKeyId = &testPrivKey0.KeyId
h := crypto.SHA256.New()
h.Write(content)
err = forgedSig.Sign(h, testPrivKey1, &packet.Config{DefaultHash: crypto.SHA256})
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
forgedSig.Serialize(buf)
forgedSigEncoded := "openpgp " + base64.StdEncoding.EncodeToString(buf.Bytes())
forgedEncoded := bytes.Replace(encoded, encodedSig, []byte(forgedSigEncoded), 1)
c.Assert(forgedEncoded, Not(DeepEquals), encoded)
forgedAssert, err := asserts.Decode(forgedEncoded)
c.Assert(err, IsNil)
err = db.Check(forgedAssert)
c.Assert(err, ErrorMatches, "failed signature verification: .*")
}
func signContent(content []byte, privKey *packet.PrivateKey) ([]byte, error) {
sig := new(packet.Signature)
sig.PubKeyAlgo = privKey.PubKeyAlgo
sig.Hash = openpgpConfig.Hash()
sig.CreationTime = time.Now()
sig.IssuerKeyId = &privKey.KeyId
h := openpgpConfig.Hash().New()
h.Write(content)
err := sig.Sign(h, privKey, openpgpConfig)
if err != nil {
return nil, err
}
buf := bytes.NewBufferString("openpgp ")
// TODO: split the base64 blob over many lines for readability of the resulting file
enc := base64.NewEncoder(base64.StdEncoding, buf)
err = sig.Serialize(enc)
if err != nil {
return nil, err
}
enc.Close()
return buf.Bytes(), nil
}
func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) {
if signer.PrivateKey == nil {
return errors.InvalidArgumentError("signing key doesn't have a private key")
}
if signer.PrivateKey.Encrypted {
return errors.InvalidArgumentError("signing key is encrypted")
}
sig := new(packet.Signature)
sig.SigType = sigType
sig.PubKeyAlgo = signer.PrivateKey.PubKeyAlgo
sig.Hash = config.Hash()
sig.CreationTime = config.Now()
sig.IssuerKeyId = &signer.PrivateKey.KeyId
h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType)
if err != nil {
return
}
io.Copy(wrappedHash, message)
err = sig.Sign(h, signer.PrivateKey, config)
if err != nil {
return
}
return sig.Serialize(w)
}
func (d *dashEscaper) Close() (err error) {
if !d.atBeginningOfLine {
if err = d.buffered.WriteByte(lf); err != nil {
return
}
}
sig := new(packet.Signature)
sig.SigType = packet.SigTypeText
sig.PubKeyAlgo = d.privateKey.PubKeyAlgo
sig.Hash = d.hashType
sig.CreationTime = d.config.Now()
sig.IssuerKeyId = &d.privateKey.KeyId
if err = sig.Sign(d.h, d.privateKey, d.config); err != nil {
return
}
out, err := armor.Encode(d.buffered, "PGP SIGNATURE", nil)
if err != nil {
return
}
if err = sig.Serialize(out); err != nil {
return
}
if err = out.Close(); err != nil {
return
}
if err = d.buffered.Flush(); err != nil {
return
}
return
}
func (chks *checkSuite) TestCheckForgery(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
Trusted: []asserts.Assertion{asserts.BootstrapAccountKeyForTest("canonical", trustedKey.PublicKey())},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
encoded := asserts.Encode(chks.a)
content, encodedSig := chks.a.Signature()
// forgery
forgedSig := new(packet.Signature)
forgedSig.PubKeyAlgo = packet.PubKeyAlgoRSA
forgedSig.Hash = crypto.SHA512
forgedSig.CreationTime = time.Now()
h := crypto.SHA512.New()
h.Write(content)
pk1 := packet.NewRSAPrivateKey(time.Unix(1, 0), testPrivKey1RSA)
err = forgedSig.Sign(h, pk1, &packet.Config{DefaultHash: crypto.SHA512})
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
forgedSig.Serialize(buf)
b := append([]byte{0x1}, buf.Bytes()...)
forgedSigEncoded := base64.StdEncoding.EncodeToString(b)
forgedEncoded := bytes.Replace(encoded, encodedSig, []byte(forgedSigEncoded), 1)
c.Assert(forgedEncoded, Not(DeepEquals), encoded)
forgedAssert, err := asserts.Decode(forgedEncoded)
c.Assert(err, IsNil)
err = db.Check(forgedAssert)
c.Assert(err, ErrorMatches, "failed signature verification: .*")
}
func signContent(content []byte, privateKey PrivateKey) ([]byte, error) {
opgPrivKey, ok := privateKey.(openpgpPrivateKey)
if !ok {
panic(fmt.Errorf("not an internally supported PrivateKey: %T", privateKey))
}
privKey := opgPrivKey.privk
sig := new(packet.Signature)
sig.PubKeyAlgo = privKey.PubKeyAlgo
sig.Hash = openpgpConfig.Hash()
sig.CreationTime = time.Now()
sig.IssuerKeyId = &privKey.KeyId
h := openpgpConfig.Hash().New()
h.Write(content)
err := sig.Sign(h, privKey, openpgpConfig)
if err != nil {
return nil, err
}
buf := new(bytes.Buffer)
err = sig.Serialize(buf)
if err != nil {
return nil, err
}
return encodeFormatAndData("openpgp", buf.Bytes()), nil
}
// Given a control.Marshal'able object, encode it to the blobstore, while
// also doing a detached OpenPGP signature. The objects returned (in order)
// are data, commited to the blobstore, the signature for that object, commited
// to the blobstore, and any error(s), finally.
func (a Archive) encodeSigned(data interface{}) (*blobstore.Object, *blobstore.Object, error) {
/* Right, so, the trick here is that we secretly call out to encode,
* but tap it with a pipe into the signing code */
if a.signingKey == nil {
return nil, nil, fmt.Errorf("No signing key loaded")
}
signature, err := a.Store.Create()
if err != nil {
return nil, nil, err
}
defer signature.Close()
hash := sha512.New()
obj, err := a.encode(data, hash)
if err != nil {
return nil, nil, err
}
sig := new(packet.Signature)
sig.SigType = packet.SigTypeBinary
sig.PubKeyAlgo = a.signingKey.PrivateKey.PubKeyAlgo
sig.Hash = crypto.SHA512
sig.CreationTime = new(packet.Config).Now()
sig.IssuerKeyId = &(a.signingKey.PrivateKey.KeyId)
err = sig.Sign(hash, a.signingKey.PrivateKey, &packet.Config{
DefaultHash: crypto.SHA512,
})
if err != nil {
return nil, nil, err
}
if err := sig.Serialize(signature); err != nil {
return nil, nil, err
}
sigObj, err := a.Store.Commit(*signature)
if err != nil {
return nil, nil, err
}
return obj, sigObj, nil
}
func (opgPrivK openpgpPrivateKey) sign(content []byte) (*packet.Signature, error) {
privk := opgPrivK.privk
sig := new(packet.Signature)
sig.PubKeyAlgo = privk.PubKeyAlgo
sig.Hash = openpgpConfig.Hash()
sig.CreationTime = time.Now()
h := openpgpConfig.Hash().New()
h.Write(content)
err := sig.Sign(h, privk, openpgpConfig)
if err != nil {
return nil, err
}
return sig, nil
}
func (gkms *gpgKeypairMgrSuite) TestUseInSigningBrokenSignature(c *C) {
_, rsaPrivKey := assertstest.ReadPrivKey(assertstest.DevKey)
pgpPrivKey := packet.NewRSAPrivateKey(time.Unix(1, 0), rsaPrivKey)
var breakSig func(sig *packet.Signature, cont []byte) []byte
mockGPG := func(prev asserts.GPGRunner, input []byte, args ...string) ([]byte, error) {
if args[1] == "--list-secret-keys" || args[1] == "--export" {
return prev(input, args...)
}
n := len(args)
c.Assert(args[n-1], Equals, "--detach-sign")
sig := new(packet.Signature)
sig.PubKeyAlgo = packet.PubKeyAlgoRSA
sig.Hash = crypto.SHA512
sig.CreationTime = time.Now()
// poking to break the signature
cont := breakSig(sig, input)
h := sig.Hash.New()
h.Write([]byte(cont))
err := sig.Sign(h, pgpPrivKey, nil)
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
sig.Serialize(buf)
return buf.Bytes(), nil
}
restore := asserts.MockRunGPG(mockGPG)
defer restore()
signDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: gkms.keypairMgr,
})
c.Assert(err, IsNil)
headers := map[string]interface{}{
"authority-id": "dev1-id",
"snap-sha3-384": blobSHA3_384,
"snap-id": "snap-id-1",
"grade": "devel",
"snap-size": "1025",
"timestamp": time.Now().Format(time.RFC3339),
}
tests := []struct {
breakSig func(*packet.Signature, []byte) []byte
expectedErr string
}{
{func(sig *packet.Signature, cont []byte) []byte {
sig.Hash = crypto.SHA1
return cont
}, "cannot sign assertion: bad GPG produced signature: expected SHA512 digest"},
{func(sig *packet.Signature, cont []byte) []byte {
return cont[:5]
}, "cannot sign assertion: bad GPG produced signature: it does not verify:.*"},
}
for _, t := range tests {
breakSig = t.breakSig
_, err = signDB.Sign(asserts.SnapBuildType, headers, nil, assertstest.DevKeyID)
c.Check(err, ErrorMatches, t.expectedErr)
}
}