コード例 #1
0
ファイル: verify.go プロジェクト: camlistore/camlistore
func (vr *VerifyRequest) VerifySignature() bool {
	armorData := reArmor(vr.CamliSig)
	block, _ := armor.Decode(bytes.NewBufferString(armorData))
	if block == nil {
		return vr.fail("can't parse camliSig armor")
	}
	var p packet.Packet
	var err error
	p, err = packet.Read(block.Body)
	if err != nil {
		return vr.fail("error reading PGP packet from camliSig: " + err.Error())
	}
	sig, ok := p.(*packet.Signature)
	if !ok {
		return vr.fail("PGP packet isn't a signature packet")
	}
	if sig.Hash != crypto.SHA1 && sig.Hash != crypto.SHA256 {
		return vr.fail("I can only verify SHA1 or SHA256 signatures")
	}
	if sig.SigType != packet.SigTypeBinary {
		return vr.fail("I can only verify binary signatures")
	}
	hash := sig.Hash.New()
	hash.Write(vr.bp) // payload bytes
	err = vr.PublicKeyPacket.VerifySignature(hash, sig)
	if err != nil {
		return vr.fail(fmt.Sprintf("bad signature: %s", err))
	}
	vr.SignerKeyId = vr.PublicKeyPacket.KeyIdString()
	return true
}
コード例 #2
0
ファイル: crypto.go プロジェクト: niemeyer/snapd
func (expk *extPGPPrivateKey) sign(content []byte) (*packet.Signature, error) {
	if expk.bitLen < 4096 {
		return nil, fmt.Errorf("signing needs at least a 4096 bits key, got %d", expk.bitLen)
	}

	out, err := expk.doSign(content)
	if err != nil {
		return nil, err
	}

	badSig := fmt.Sprintf("bad %s produced signature: ", expk.from)

	sigpkt, err := packet.Read(bytes.NewBuffer(out))
	if err != nil {
		return nil, fmt.Errorf(badSig+"%v", err)
	}

	sig, ok := sigpkt.(*packet.Signature)
	if !ok {
		return nil, fmt.Errorf(badSig+"got %T", sigpkt)
	}

	if sig.Hash != crypto.SHA512 {
		return nil, fmt.Errorf(badSig + "expected SHA512 digest")
	}

	err = expk.pubKey.verify(content, sig)
	if err != nil {
		return nil, fmt.Errorf(badSig+"it does not verify: %v", err)
	}

	return sig, nil
}
コード例 #3
0
ファイル: identify.go プロジェクト: thwarted/quickpgp
func trySig(filename string) (bool, error) {
	sigFile, err := os.Open(filename)
	if err != nil {
		return true, err
	}
	defer sigFile.Close()

	b, err := armor.Decode(sigFile)
	if err != nil && err != io.EOF {
		return true, err
	}
	if b == nil {
		return false, nil
	}

	// Read the signature file
	pack, err := packet.Read(b.Body)
	if err != nil {
		return true, err
	}

	// Was it really a signature file ? If yes, get the Signature
	if signature, ok := pack.(*packet.Signature); !ok {
		return false, nil
	} else {
		fmt.Printf("Signature made %s\n", signature.CreationTime.Format(time.RFC3339))
		// Signature made Wed 05 Aug 2015 11:48:13 PM UTC using RSA key ID F553000C
		// Primary key fingerprint: EF64 BCCB 58BC F501 FEDA  0582 0581 2930 F553 000C
		// binary signature, digest algorithm SHA256
		return true, nil
	}
}
コード例 #4
0
ファイル: crypto.go プロジェクト: niemeyer/snapd
func decodeV1(b []byte, kind string) (packet.Packet, error) {
	if len(b) == 0 {
		return nil, fmt.Errorf("cannot decode %s: no data", kind)
	}
	buf := make([]byte, base64.StdEncoding.DecodedLen(len(b)))
	n, err := base64.StdEncoding.Decode(buf, b)
	if err != nil {
		return nil, fmt.Errorf("cannot decode %s: %v", kind, err)
	}
	if n == 0 {
		return nil, fmt.Errorf("cannot decode %s: base64 without data", kind)
	}
	buf = buf[:n]
	if buf[0] != v1 {
		return nil, fmt.Errorf("unsupported %s format version: %d", kind, buf[0])
	}
	rd := bytes.NewReader(buf[1:])
	pkt, err := packet.Read(rd)
	if err != nil {
		return nil, fmt.Errorf("cannot decode %s: %v", kind, err)
	}
	if rd.Len() != 0 {
		return nil, fmt.Errorf("%s has spurious trailing data", kind)
	}
	return pkt, nil
}
コード例 #5
0
ファイル: account_key.go プロジェクト: General-Beck/snappy
func checkPublicKey(ab *AssertionBase, fingerprintName string) (*packet.PublicKey, error) {
	pubKeyBody := ab.Body()
	if len(pubKeyBody) == 0 {
		return nil, fmt.Errorf("expected public key, not empty body")
	}
	format, key, err := splitFormatAndBase64Decode(pubKeyBody)
	if err != nil {
		return nil, fmt.Errorf("public key: %v", err)
	}
	if format != "openpgp" {
		return nil, fmt.Errorf("unsupported public key format: %q", format)
	}
	pkt, err := packet.Read(bytes.NewBuffer(key))
	if err != nil {
		return nil, fmt.Errorf("could not parse public key data: %v", err)
	}
	pubk, ok := pkt.(*packet.PublicKey)
	if !ok {
		return nil, fmt.Errorf("expected public key, got instead: %T", pkt)
	}
	fp, err := hex.DecodeString(ab.Header(fingerprintName))
	if err != nil {
		return nil, fmt.Errorf("could not parse %v header: %v", fingerprintName, err)
	}
	if len(fp) == 0 {
		return nil, fmt.Errorf("missing %v header", fingerprintName)
	}
	if bytes.Compare(fp, pubk.Fingerprint[:]) != 0 {
		return nil, fmt.Errorf("public key does not match provided fingerprint")
	}
	return pubk, nil
}
コード例 #6
0
ファイル: database_test.go プロジェクト: pedronis/snappy
func (dbs *databaseSuite) TestPublicKey(c *C) {
	pk := testPrivKey1
	keyID := pk.PublicKey().ID()
	err := dbs.db.ImportKey(pk)
	c.Assert(err, IsNil)

	pubk, err := dbs.db.PublicKey(keyID)
	c.Assert(err, IsNil)
	c.Check(pubk.ID(), Equals, keyID)

	// usual pattern is to then encode it
	encoded, err := asserts.EncodePublicKey(pubk)
	c.Assert(err, IsNil)
	data, err := base64.StdEncoding.DecodeString(string(encoded))
	c.Assert(err, IsNil)
	c.Check(data[0], Equals, uint8(1)) // v1

	// check details of packet
	const newHeaderBits = 0x80 | 0x40
	c.Check(data[1]&newHeaderBits, Equals, uint8(newHeaderBits))
	c.Check(data[2] < 192, Equals, true) // small packet, 1 byte length
	c.Check(data[3], Equals, uint8(4))   // openpgp v4
	pkt, err := packet.Read(bytes.NewBuffer(data[1:]))
	c.Assert(err, IsNil)
	pubKey, ok := pkt.(*packet.PublicKey)
	c.Assert(ok, Equals, true)
	c.Check(pubKey.PubKeyAlgo, Equals, packet.PubKeyAlgoRSA)
	c.Check(pubKey.IsSubkey, Equals, false)
	fixedTimestamp := time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC)
	c.Check(pubKey.CreationTime.Equal(fixedTimestamp), Equals, true)
	// hash of blob content == hash of key
	h384 := sha3.Sum384(data)
	encHash := base64.RawURLEncoding.EncodeToString(h384[:])
	c.Check(encHash, DeepEquals, testPrivKey1SHA3_384)
}
コード例 #7
0
ファイル: read.go プロジェクト: ernesto-jimenez/gocompatible
// CheckDetachedSignature takes a signed file and a detached signature and
// returns the signer if the signature is valid. If the signer isn't known,
// ErrUnknownIssuer is returned.
func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
	p, err := packet.Read(signature)
	if err != nil {
		return
	}

	var issuerKeyId uint64
	var hashFunc crypto.Hash
	var sigType packet.SignatureType

	switch sig := p.(type) {
	case *packet.Signature:
		if sig.IssuerKeyId == nil {
			return nil, errors.StructuralError("signature doesn't have an issuer")
		}
		issuerKeyId = *sig.IssuerKeyId
		hashFunc = sig.Hash
		sigType = sig.SigType
	case *packet.SignatureV3:
		issuerKeyId = sig.IssuerKeyId
		hashFunc = sig.Hash
		sigType = sig.SigType
	default:
		return nil, errors.StructuralError("non signature packet found")
	}

	h, wrappedHash, err := hashForSignature(hashFunc, sigType)
	if err != nil {
		return
	}

	_, err = io.Copy(wrappedHash, signed)
	if err != nil && err != io.EOF {
		return
	}

	keys := keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign)
	if len(keys) == 0 {
		return nil, errors.ErrUnknownIssuer
	}

	for _, key := range keys {
		switch sig := p.(type) {
		case *packet.Signature:
			err = key.PublicKey.VerifySignature(h, sig)
		case *packet.SignatureV3:
			err = key.PublicKey.VerifySignatureV3(h, sig)
		}
		if err == nil {
			return key.Entity, nil
		}
	}

	if err == nil {
		err = errors.ErrUnknownIssuer
	}
	return nil, err
}
コード例 #8
0
ファイル: openpgp.go プロジェクト: bfix/gospel
// GetPublicKey converts an ASCII-armored public key representation
// into an OpenPGP key.
func GetPublicKey(buf []byte) (*packet.PublicKey, error) {
	keyRdr, err := armor.Decode(bytes.NewBuffer(buf))
	if err != nil {
		return nil, err
	}
	keyData, err := packet.Read(keyRdr.Body)
	if err != nil {
		return nil, err
	}
	key, ok := keyData.(*packet.PublicKey)
	if !ok {
		return nil, errors.New("Invalid public key")
	}
	return key, nil
}
コード例 #9
0
ファイル: auth_policy.go プロジェクト: petertseng/p2
// Returns the key ID used to sign a message. This method is extracted
// from `openpgp.CheckDetachedSignature()`, which only reports that a
// key wasn't found, not *which* key wasn't found.
func signerKeyId(signature []byte) (uint64, error) {
	p, err := packet.Read(bytes.NewReader(signature))
	if err != nil {
		return 0, err
	}
	switch sig := p.(type) {
	case *packet.Signature:
		if sig.IssuerKeyId == nil {
			return 0, errors.StructuralError("signature doesn't have an issuer")
		}
		return *sig.IssuerKeyId, nil
	case *packet.SignatureV3:
		return sig.IssuerKeyId, nil
	default:
		return 0, errors.StructuralError("non signature packet found")
	}
}
コード例 #10
0
ファイル: crypto.go プロジェクト: robert-ancell/snapd
func decodeOpenpgp(formatAndBase64 []byte, kind string) (packet.Packet, error) {
	if len(formatAndBase64) == 0 {
		return nil, fmt.Errorf("empty %s", kind)
	}
	format, data, err := splitFormatAndBase64Decode(formatAndBase64)
	if err != nil {
		return nil, fmt.Errorf("%s: %v", kind, err)
	}
	if format != "openpgp" {
		return nil, fmt.Errorf("unsupported %s format: %q", kind, format)
	}
	pkt, err := packet.Read(bytes.NewReader(data))
	if err != nil {
		return nil, fmt.Errorf("could not decode %s data: %v", kind, err)
	}
	return pkt, nil
}
コード例 #11
0
ファイル: gpg.go プロジェクト: camlistore/camlistore
func parsePubKey(r io.Reader) (*packet.PublicKey, error) {
	block, _ := armor.Decode(r)
	if block == nil {
		return nil, errors.New("can't parse armor")
	}
	var p packet.Packet
	var err error
	p, err = packet.Read(block.Body)
	if err != nil {
		return nil, err
	}
	pk, ok := p.(*packet.PublicKey)
	if !ok {
		return nil, errors.New("PGP packet isn't a public key")
	}
	return pk, nil
}
コード例 #12
0
ファイル: verify.go プロジェクト: Cutehacks/qpm
func Verify(payload string, signature []byte, pubkey *packet.PublicKey) error {

	// decode and read the signature

	block, err := armor.Decode(bytes.NewBuffer(signature))
	if err != nil {
		return err
	}

	pkt, err := packet.Read(block.Body)
	if err != nil {
		return err
	}

	sig, ok := pkt.(*packet.Signature)
	if !ok {
		return fmt.Errorf("could not parse the signature")
	}

	if sig.Hash != crypto.SHA256 || sig.Hash != crypto.SHA512 {
		return fmt.Errorf("was not a SHA-256 or SHA-512 signature")
	}

	if sig.SigType != packet.SigTypeBinary {
		return fmt.Errorf("was not a binary signature")
	}

	// verify the signature

	hash := sig.Hash.New()
	_, err = hash.Write([]byte(payload))
	if err != nil {
		return err
	}

	err = pubkey.VerifySignature(hash, sig)
	if err != nil {
		return err
	}

	return nil
}
コード例 #13
0
ファイル: pgptest.go プロジェクト: jacobhaven/goutils
func main() {
	b, err := armor.Decode(p512Key)
	if err != nil {
		log.Fatal(err)
	}
	// p, err := ioutil.ReadAll(b.Body)
	// if err != nil {
	// 	log.Fatal(err)
	// }
	// for i := range p {
	// 	fmt.Printf("%#02x, ", p[i])
	// }

	p, err := packet.Read(b.Body)
	if err != nil {
		log.Fatal(err)
	}
	if p, ok := p.(*packet.PrivateKey); ok {
		log.Println(p.PublicKey.PubKeyAlgo)
	}
}
コード例 #14
0
ファイル: database_test.go プロジェクト: General-Beck/snappy
func (dbs *databaseSuite) TestImportKey(c *C) {
	privk, err := asserts.GeneratePrivateKeyInTest()
	c.Assert(err, IsNil)
	expectedFingerprint := hex.EncodeToString(privk.PublicKey.Fingerprint[:])

	fingerp, err := dbs.db.ImportKey("account0", privk)
	c.Assert(err, IsNil)
	c.Check(fingerp, Equals, expectedFingerprint)

	keyPath := filepath.Join(dbs.rootDir, "private-keys-v0/account0", fingerp)
	info, err := os.Stat(keyPath)
	c.Assert(err, IsNil)
	c.Check(info.Mode().Perm(), Equals, os.FileMode(0600)) // secret
	// too white box? ok at least until we have more functionality
	fpriv, err := os.Open(keyPath)
	c.Assert(err, IsNil)
	pk, err := packet.Read(fpriv)
	c.Assert(err, IsNil)
	privKeyFromDisk, ok := pk.(*packet.PrivateKey)
	c.Assert(ok, Equals, true)
	c.Check(hex.EncodeToString(privKeyFromDisk.PublicKey.Fingerprint[:]), Equals, expectedFingerprint)
}
コード例 #15
0
ファイル: keys.go プロジェクト: camlistore/camlistore
func openArmoredPublicKeyFile(reader io.ReadCloser) (*packet.PublicKey, error) {
	defer reader.Close()

	var lr = io.LimitReader(reader, publicKeyMaxSize)
	block, _ := armor.Decode(lr)
	if block == nil {
		return nil, errors.New("Couldn't find PGP block in public key file")
	}
	if block.Type != "PGP PUBLIC KEY BLOCK" {
		return nil, errors.New("Invalid public key blob.")
	}
	p, err := packet.Read(block.Body)
	if err != nil {
		return nil, fmt.Errorf("Invalid public key blob: %v", err)
	}

	pk, ok := p.(*packet.PublicKey)
	if !ok {
		return nil, fmt.Errorf("Invalid public key blob; not a public key packet")
	}
	return pk, nil
}
コード例 #16
0
func privateKeyToAssertsKey(key []byte) (asserts.PrivateKey, string, error) {
	const errorInvalidKey = "error-invalid-key"

	// Validate the signing-key
	block, err := armor.Decode(bytes.NewReader(key))
	if err != nil {
		return nil, errorInvalidKey, err
	}

	pkt, err := packet.Read(block.Body)
	if err != nil {
		return nil, errorInvalidKey, err
	}

	privk, ok := pkt.(*packet.PrivateKey)
	if !ok {
		return nil, errorInvalidKey, errors.New("Not a private key")
	}
	if _, ok := privk.PrivateKey.(*rsa.PrivateKey); !ok {
		return nil, errorInvalidKey, errors.New("Not an RSA private key")
	}
	return asserts.RSAPrivateKey(privk.PrivateKey.(*rsa.PrivateKey)), "", nil
}
コード例 #17
0
ファイル: database_test.go プロジェクト: alecu/snappy
func (dbs *databaseSuite) TestPublicKey(c *C) {
	pk := asserts.OpenPGPPrivateKey(testPrivKey1)
	fingerp := pk.PublicKey().Fingerprint()
	keyid := pk.PublicKey().ID()
	err := dbs.db.ImportKey("account0", pk)
	c.Assert(err, IsNil)

	pubk, err := dbs.db.PublicKey("account0", keyid)
	c.Assert(err, IsNil)
	c.Check(pubk.Fingerprint(), Equals, fingerp)

	// usual pattern is to then encode it
	encoded, err := asserts.EncodePublicKey(pubk)
	c.Assert(err, IsNil)
	c.Check(bytes.HasPrefix(encoded, []byte("openpgp ")), Equals, true)
	data, err := base64.StdEncoding.DecodeString(string(encoded[len("openpgp "):]))
	c.Assert(err, IsNil)
	pkt, err := packet.Read(bytes.NewBuffer(data))
	c.Assert(err, IsNil)
	pubKey, ok := pkt.(*packet.PublicKey)
	c.Assert(ok, Equals, true)
	c.Assert(pubKey.Fingerprint, DeepEquals, testPrivKey1.PublicKey.Fingerprint)
}
コード例 #18
0
ファイル: io_test.go プロジェクト: squeed/openpgp
func (s *SamplePacketSuite) TestUatRtt(c *gc.C) {
	f := testing.MustInput("uat.asc")
	defer f.Close()
	block, err := armor.Decode(f)
	c.Assert(err, gc.IsNil)
	var p packet.Packet
	for {
		p, err = packet.Read(block.Body)
		if err != nil {
			c.Assert(err, gc.Equals, io.EOF)
			break
		}

		uat, ok := p.(*packet.UserAttribute)
		if ok {
			var buf bytes.Buffer
			uat.Serialize(&buf)
			or := packet.NewOpaqueReader(bytes.NewBuffer(buf.Bytes()))
			op, _ := or.Next()
			c.Assert(buf.Bytes()[3:], gc.DeepEquals, op.Contents)
		}
	}
}
コード例 #19
0
ファイル: assertstest.go プロジェクト: niemeyer/snapd
// ReadPrivKey reads a PGP private key (either armored or simply base64 encoded). It panics on error.
func ReadPrivKey(pk string) (asserts.PrivateKey, *rsa.PrivateKey) {
	rd := bytes.NewReader([]byte(pk))
	blk, err := armor.Decode(rd)
	var body io.Reader
	if err == nil {
		body = blk.Body
	} else {
		rd.Seek(0, 0)
		// try unarmored
		body = base64.NewDecoder(base64.StdEncoding, rd)
	}
	pkt, err := packet.Read(body)
	if err != nil {
		panic(err)
	}

	pkPkt := pkt.(*packet.PrivateKey)
	rsaPrivKey, ok := pkPkt.PrivateKey.(*rsa.PrivateKey)
	if !ok {
		panic("not a RSA key")
	}

	return asserts.RSAPrivateKey(rsaPrivKey), rsaPrivKey
}
コード例 #20
0
ファイル: crypto.go プロジェクト: General-Beck/snappy
func parseSignature(signature []byte) (Signature, error) {
	if len(signature) == 0 {
		return nil, fmt.Errorf("empty signature")
	}
	format, sigData, err := splitFormatAndBase64Decode(signature)
	if err != nil {
		return nil, fmt.Errorf("signature: %v", err)
	}
	if format != "openpgp" {
		return nil, fmt.Errorf("unsupported signature format: %q", format)
	}
	pkt, err := packet.Read(bytes.NewReader(sigData))
	if err != nil {
		return nil, fmt.Errorf("could not parse signature data: %v", err)
	}
	sig, ok := pkt.(*packet.Signature)
	if !ok {
		return nil, fmt.Errorf("expected signature, got instead: %T", pkt)
	}
	if sig.IssuerKeyId == nil {
		return nil, fmt.Errorf("expected issuer key id in signature")
	}
	return openpgpSignature{sig}, nil
}
コード例 #21
0
ファイル: gpg.go プロジェクト: camlistore/camlistore
func (cs Server) receiveSignedNonce(r io.Reader) (*packet.Signature, error) {
	block, _ := armor.Decode(r)
	if block == nil {
		return nil, errors.New("can't parse armor")
	}
	var p packet.Packet
	var err error
	p, err = packet.Read(block.Body)
	if err != nil {
		return nil, err
	}
	sig, ok := p.(*packet.Signature)
	if !ok {
		return nil, errors.New("PGP packet isn't a signature packet")
	}
	if sig.Hash != crypto.SHA1 && sig.Hash != crypto.SHA256 {
		return nil, errors.New("can only verify SHA1 or SHA256 signatures")
	}
	if sig.SigType != packet.SigTypeBinary {
		return nil, errors.New("can only verify binary signatures")
	}

	return sig, nil
}