// NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
// single identity composed of the given full name, comment and email, any of
// which may be empty but must not contain any of "()<>\x00".
// If config is nil, sensible defaults will be used.
func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
currentTime := config.Now()
uid := packet.NewUserId(name, comment, email)
if uid == nil {
return nil, errors.InvalidArgumentError("user id field contained invalid characters")
}
signingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
if err != nil {
return nil, err
}
encryptingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
if err != nil {
return nil, err
}
e := &Entity{
PrimaryKey: packet.NewRSAPublicKey(currentTime, &signingPriv.PublicKey),
PrivateKey: packet.NewRSAPrivateKey(currentTime, signingPriv),
Identities: make(map[string]*Identity),
}
isPrimaryId := true
e.Identities[uid.Id] = &Identity{
Name: uid.Name,
UserId: uid,
SelfSignature: &packet.Signature{
CreationTime: currentTime,
SigType: packet.SigTypePositiveCert,
PubKeyAlgo: packet.PubKeyAlgoRSA,
Hash: config.Hash(),
IsPrimaryId: &isPrimaryId,
FlagsValid: true,
FlagSign: true,
FlagCertify: true,
IssuerKeyId: &e.PrimaryKey.KeyId,
},
}
e.Subkeys = make([]Subkey, 1)
e.Subkeys[0] = Subkey{
PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey),
PrivateKey: packet.NewRSAPrivateKey(currentTime, encryptingPriv),
Sig: &packet.Signature{
CreationTime: currentTime,
SigType: packet.SigTypeSubkeyBinding,
PubKeyAlgo: packet.PubKeyAlgoRSA,
Hash: config.Hash(),
FlagsValid: true,
FlagEncryptStorage: true,
FlagEncryptCommunications: true,
IssuerKeyId: &e.PrimaryKey.KeyId,
},
}
e.Subkeys[0].PublicKey.IsSubkey = true
e.Subkeys[0].PrivateKey.IsSubkey = true
return e, nil
}
func generatePrivateKey() (*packet.PrivateKey, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
return packet.NewRSAPrivateKey(time.Now(), priv), nil
}
func (chks *checkSuite) TestCheckForgery(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
Trusted: []asserts.Assertion{asserts.BootstrapAccountKeyForTest("canonical", trustedKey.PublicKey())},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
encoded := asserts.Encode(chks.a)
content, encodedSig := chks.a.Signature()
// forgery
forgedSig := new(packet.Signature)
forgedSig.PubKeyAlgo = packet.PubKeyAlgoRSA
forgedSig.Hash = crypto.SHA512
forgedSig.CreationTime = time.Now()
h := crypto.SHA512.New()
h.Write(content)
pk1 := packet.NewRSAPrivateKey(time.Unix(1, 0), testPrivKey1RSA)
err = forgedSig.Sign(h, pk1, &packet.Config{DefaultHash: crypto.SHA512})
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
forgedSig.Serialize(buf)
b := append([]byte{0x1}, buf.Bytes()...)
forgedSigEncoded := base64.StdEncoding.EncodeToString(b)
forgedEncoded := bytes.Replace(encoded, encodedSig, []byte(forgedSigEncoded), 1)
c.Assert(forgedEncoded, Not(DeepEquals), encoded)
forgedAssert, err := asserts.Decode(forgedEncoded)
c.Assert(err, IsNil)
err = db.Check(forgedAssert)
c.Assert(err, ErrorMatches, "failed signature verification: .*")
}
func generateSubkey() (*openpgp.Subkey, error) {
priv, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, err
}
when := time.Now()
spriv := packet.NewRSAPrivateKey(when, priv)
return &openpgp.Subkey{
PrivateKey: spriv,
PublicKey: &spriv.PublicKey,
Sig: newSignature(),
}, nil
}
func (gkms *gpgKeypairMgrSuite) TestUseInSigningBrokenSignature(c *C) {
_, rsaPrivKey := assertstest.ReadPrivKey(assertstest.DevKey)
pgpPrivKey := packet.NewRSAPrivateKey(time.Unix(1, 0), rsaPrivKey)
var breakSig func(sig *packet.Signature, cont []byte) []byte
mockGPG := func(prev asserts.GPGRunner, input []byte, args ...string) ([]byte, error) {
if args[1] == "--list-secret-keys" || args[1] == "--export" {
return prev(input, args...)
}
n := len(args)
c.Assert(args[n-1], Equals, "--detach-sign")
sig := new(packet.Signature)
sig.PubKeyAlgo = packet.PubKeyAlgoRSA
sig.Hash = crypto.SHA512
sig.CreationTime = time.Now()
// poking to break the signature
cont := breakSig(sig, input)
h := sig.Hash.New()
h.Write([]byte(cont))
err := sig.Sign(h, pgpPrivKey, nil)
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
sig.Serialize(buf)
return buf.Bytes(), nil
}
restore := asserts.MockRunGPG(mockGPG)
defer restore()
signDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: gkms.keypairMgr,
})
c.Assert(err, IsNil)
headers := map[string]interface{}{
"authority-id": "dev1-id",
"snap-sha3-384": blobSHA3_384,
"snap-id": "snap-id-1",
"grade": "devel",
"snap-size": "1025",
"timestamp": time.Now().Format(time.RFC3339),
}
tests := []struct {
breakSig func(*packet.Signature, []byte) []byte
expectedErr string
}{
{func(sig *packet.Signature, cont []byte) []byte {
sig.Hash = crypto.SHA1
return cont
}, "cannot sign assertion: bad GPG produced signature: expected SHA512 digest"},
{func(sig *packet.Signature, cont []byte) []byte {
return cont[:5]
}, "cannot sign assertion: bad GPG produced signature: it does not verify:.*"},
}
for _, t := range tests {
breakSig = t.breakSig
_, err = signDB.Sign(asserts.SnapBuildType, headers, nil, assertstest.DevKeyID)
c.Check(err, ErrorMatches, t.expectedErr)
}
}
// RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.
func RSAPrivateKey(privk *rsa.PrivateKey) PrivateKey {
intPrivk := packet.NewRSAPrivateKey(v1FixedTimestamp, privk)
return openpgpPrivateKey{intPrivk}
}