Esempio n. 1
0
func verifyDetachedSignature(key *packet.PublicKey, contentf, sigf io.Reader) error {
	var hashFunc crypto.Hash

	packets := packet.NewReader(sigf)
	p, err := packets.Next()
	if err != nil {
		return err
	}
	switch sig := p.(type) {
	case *packet.Signature:
		hashFunc = sig.Hash
	case *packet.SignatureV3:
		hashFunc = sig.Hash
	default:
		return errors.UnsupportedError("unrecognized signature")
	}

	h := hashFunc.New()
	if _, err := io.Copy(h, contentf); err != nil && err != io.EOF {
		return err
	}
	switch sig := p.(type) {
	case *packet.Signature:
		err = key.VerifySignature(h, sig)
	case *packet.SignatureV3:
		err = key.VerifySignatureV3(h, sig)
	default:
		panic("unreachable")
	}
	return err
}
Esempio n. 2
0
func (cs Server) validateTokenSignature(pk *packet.PublicKey, token, tokenSig string) error {
	sig, err := cs.receiveSignedNonce(strings.NewReader(tokenSig))
	if err != nil {
		return err
	}
	hash := sig.Hash.New()
	hash.Write([]byte(token))
	return pk.VerifySignature(hash, sig)
}
Esempio n. 3
0
func verifyContentSignature(content []byte, sig Signature, pubKey *packet.PublicKey) error {
	opgSig, ok := sig.(openpgpSignature)
	if !ok {
		panic(fmt.Errorf("not an internally supported Signature: %T", sig))
	}

	h := openpgpConfig.Hash().New()
	h.Write(content)
	return pubKey.VerifySignature(h, opgSig.sig)
}
Esempio n. 4
0
func newOpenPGPPubKey(intPubKey *packet.PublicKey) *openpgpPubKey {
	h := sha3.New384()
	h.Write(v1Header)
	err := intPubKey.Serialize(h)
	if err != nil {
		panic("internal error: cannot compute public key sha3-384")
	}
	sha3_384, err := EncodeDigest(crypto.SHA3_384, h.Sum(nil))
	if err != nil {
		panic("internal error: cannot compute public key sha3-384")
	}
	return &openpgpPubKey{pubKey: intPubKey, sha3_384: sha3_384}
}
Esempio n. 5
0
func Verify(payload string, signature []byte, pubkey *packet.PublicKey) error {

	// decode and read the signature

	block, err := armor.Decode(bytes.NewBuffer(signature))
	if err != nil {
		return err
	}

	pkt, err := packet.Read(block.Body)
	if err != nil {
		return err
	}

	sig, ok := pkt.(*packet.Signature)
	if !ok {
		return fmt.Errorf("could not parse the signature")
	}

	if sig.Hash != crypto.SHA256 || sig.Hash != crypto.SHA512 {
		return fmt.Errorf("was not a SHA-256 or SHA-512 signature")
	}

	if sig.SigType != packet.SigTypeBinary {
		return fmt.Errorf("was not a binary signature")
	}

	// verify the signature

	hash := sig.Hash.New()
	_, err = hash.Write([]byte(payload))
	if err != nil {
		return err
	}

	err = pubkey.VerifySignature(hash, sig)
	if err != nil {
		return err
	}

	return nil
}
Esempio n. 6
0
func (pkp *PublicKey) setPublicKey(pk *packet.PublicKey) error {
	buf := bytes.NewBuffer(nil)
	err := pk.Serialize(buf)
	if err != nil {
		return errgo.Mask(err)
	}
	fingerprint := hex.EncodeToString(pk.Fingerprint[:])
	bitLen, err := pk.BitLength()
	if err != nil {
		return errgo.Mask(err)
	}
	pkp.RFingerprint = Reverse(fingerprint)
	pkp.UUID = pkp.RFingerprint
	err = pkp.setV4IDs(pkp.UUID)
	if err != nil {
		return err
	}
	pkp.Creation = pk.CreationTime
	pkp.Algorithm = int(pk.PubKeyAlgo)
	pkp.BitLen = int(bitLen)
	pkp.Parsed = true
	return nil
}