func (vr *VerifyRequest) VerifySignature() bool {
armorData := reArmor(vr.CamliSig)
block, _ := armor.Decode(bytes.NewBufferString(armorData))
if block == nil {
return vr.fail("can't parse camliSig armor")
}
var p packet.Packet
var err error
p, err = packet.Read(block.Body)
if err != nil {
return vr.fail("error reading PGP packet from camliSig: " + err.Error())
}
sig, ok := p.(*packet.Signature)
if !ok {
return vr.fail("PGP packet isn't a signature packet")
}
if sig.Hash != crypto.SHA1 && sig.Hash != crypto.SHA256 {
return vr.fail("I can only verify SHA1 or SHA256 signatures")
}
if sig.SigType != packet.SigTypeBinary {
return vr.fail("I can only verify binary signatures")
}
hash := sig.Hash.New()
hash.Write(vr.bp) // payload bytes
err = vr.PublicKeyPacket.VerifySignature(hash, sig)
if err != nil {
return vr.fail(fmt.Sprintf("bad signature: %s", err))
}
vr.SignerKeyId = vr.PublicKeyPacket.KeyIdString()
return true
}
func (uid *UserId) Read() (err error) {
buf := bytes.NewBuffer(uid.Packet)
var p packet.Packet
if p, err = packet.Read(buf); err != nil {
return
}
return uid.setPacket(p)
}
func (uat *UserAttribute) Read() (err error) {
buf := bytes.NewBuffer(uat.Packet)
var p packet.Packet
if p, err = packet.Read(buf); err != nil {
return err
}
return uat.setPacket(p)
}
func (subkey *Subkey) Read() (err error) {
buf := bytes.NewBuffer(subkey.Packet)
var p packet.Packet
if p, err = packet.Read(buf); err != nil {
return err
}
return subkey.setPacket(p)
}
func (sig *Signature) Read() (err error) {
buf := bytes.NewBuffer(sig.Packet)
var p packet.Packet
if p, err = packet.Read(buf); err != nil {
return
}
return sig.setPacket(p)
}
// CheckDetachedSignature takes a signed file and a detached signature and
// returns the signer if the signature is valid. If the signer isn't known,
// ErrUnknownIssuer is returned.
func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
p, err := packet.Read(signature)
if err != nil {
return
}
var issuerKeyId uint64
var hashFunc crypto.Hash
var sigType packet.SignatureType
switch sig := p.(type) {
case *packet.Signature:
if sig.IssuerKeyId == nil {
return nil, errors.StructuralError("signature doesn't have an issuer")
}
issuerKeyId = *sig.IssuerKeyId
hashFunc = sig.Hash
sigType = sig.SigType
case *packet.SignatureV3:
issuerKeyId = sig.IssuerKeyId
hashFunc = sig.Hash
sigType = sig.SigType
default:
return nil, errors.StructuralError("non signature packet found")
}
h, wrappedHash, err := hashForSignature(hashFunc, sigType)
if err != nil {
return
}
_, err = io.Copy(wrappedHash, signed)
if err != nil && err != io.EOF {
return
}
keys := keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign)
if len(keys) == 0 {
return nil, errors.ErrUnknownIssuer
}
for _, key := range keys {
switch sig := p.(type) {
case *packet.Signature:
err = key.PublicKey.VerifySignature(h, sig)
case *packet.SignatureV3:
err = key.PublicKey.VerifySignatureV3(h, sig)
}
if err == nil {
return key.Entity, nil
}
}
if err == nil {
err = errors.ErrUnknownIssuer
}
return nil, err
}
func (pubkey *Pubkey) Read() (err error) {
buf := bytes.NewBuffer(pubkey.Packet)
var p packet.Packet
if p, err = packet.Read(buf); err != nil {
if pubkey.State&PacketStateUnsuppPubkey != 0 {
return nil
}
return err
}
err = pubkey.setPacket(p)
return
}
func getIssuerFromSignature(sigReader io.Reader) (uint64, error) {
p, err := packet.Read(sigReader)
if err != nil {
return 0, err
}
switch sig := p.(type) {
case *packet.Signature:
if sig.IssuerKeyId == nil {
return 0, errors.New("signature doesn't have an issuer")
}
return *sig.IssuerKeyId, nil
case *packet.SignatureV3:
return sig.IssuerKeyId, nil
default:
return 0, errors.New("non signature packet found")
}
}
// CheckDetachedSignature takes a signed file and a detached signature and
// returns the signer if the signature is valid. If the signer isn't known,
// ErrUnknownIssuer is returned.
func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
p, err := packet.Read(signature)
if err != nil {
return
}
sig, ok := p.(*packet.Signature)
if !ok {
return nil, errors.StructuralError("non signature packet found")
}
if sig.IssuerKeyId == nil {
return nil, errors.StructuralError("signature doesn't have an issuer")
}
keys := keyring.KeysById(*sig.IssuerKeyId)
if len(keys) == 0 {
return nil, errors.ErrUnknownIssuer
}
h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType)
if err != nil {
return
}
_, err = io.Copy(wrappedHash, signed)
if err != nil && err != io.EOF {
return
}
for _, key := range keys {
if key.SelfSignature.FlagsValid && !key.SelfSignature.FlagSign {
continue
}
err = key.PublicKey.VerifySignature(h, sig)
if err == nil {
return key.Entity, nil
}
}
if err != nil {
return
}
return nil, errors.ErrUnknownIssuer
}
func TestUatRtt(t *testing.T) {
f := MustInput(t, "uat.asc")
defer f.Close()
block, err := armor.Decode(f)
if err != nil {
t.Fatal(err)
}
var p packet.Packet
for {
p, err = packet.Read(block.Body)
if err != nil {
break
}
if uat, is := p.(*packet.UserAttribute); is {
var buf bytes.Buffer
uat.Serialize(&buf)
or := packet.NewOpaqueReader(bytes.NewBuffer(buf.Bytes()))
op, _ := or.Next()
assert.Equal(t, buf.Bytes()[3:], op.Contents)
}
}
}
func openArmoredPublicKeyFile(reader io.ReadCloser) (*packet.PublicKey, error) {
defer reader.Close()
var lr = io.LimitReader(reader, publicKeyMaxSize)
block, _ := armor.Decode(lr)
if block == nil {
return nil, errors.New("Couldn't find PGP block in public key file")
}
if block.Type != "PGP PUBLIC KEY BLOCK" {
return nil, errors.New("Invalid public key blob.")
}
p, err := packet.Read(block.Body)
if err != nil {
return nil, fmt.Errorf("Invalid public key blob: %v", err)
}
pk, ok := p.(*packet.PublicKey)
if !ok {
return nil, fmt.Errorf("Invalid public key blob; not a public key packet")
}
return pk, nil
}
func (sig *Signature) GetSignature() (packet.Packet, error) {
buf := bytes.NewBuffer(sig.Packet)
return packet.Read(buf)
}