func (vr *VerifyRequest) VerifySignature() bool { armorData := reArmor(vr.CamliSig) block, _ := armor.Decode(bytes.NewBufferString(armorData)) if block == nil { return vr.fail("can't parse camliSig armor") } var p packet.Packet var err error p, err = packet.Read(block.Body) if err != nil { return vr.fail("error reading PGP packet from camliSig: " + err.Error()) } sig, ok := p.(*packet.Signature) if !ok { return vr.fail("PGP packet isn't a signature packet") } if sig.Hash != crypto.SHA1 && sig.Hash != crypto.SHA256 { return vr.fail("I can only verify SHA1 or SHA256 signatures") } if sig.SigType != packet.SigTypeBinary { return vr.fail("I can only verify binary signatures") } hash := sig.Hash.New() hash.Write(vr.bp) // payload bytes err = vr.PublicKeyPacket.VerifySignature(hash, sig) if err != nil { return vr.fail(fmt.Sprintf("bad signature: %s", err)) } vr.SignerKeyId = vr.PublicKeyPacket.KeyIdString() return true }
func (uid *UserId) Read() (err error) { buf := bytes.NewBuffer(uid.Packet) var p packet.Packet if p, err = packet.Read(buf); err != nil { return } return uid.setPacket(p) }
func (uat *UserAttribute) Read() (err error) { buf := bytes.NewBuffer(uat.Packet) var p packet.Packet if p, err = packet.Read(buf); err != nil { return err } return uat.setPacket(p) }
func (subkey *Subkey) Read() (err error) { buf := bytes.NewBuffer(subkey.Packet) var p packet.Packet if p, err = packet.Read(buf); err != nil { return err } return subkey.setPacket(p) }
func (sig *Signature) Read() (err error) { buf := bytes.NewBuffer(sig.Packet) var p packet.Packet if p, err = packet.Read(buf); err != nil { return } return sig.setPacket(p) }
// CheckDetachedSignature takes a signed file and a detached signature and // returns the signer if the signature is valid. If the signer isn't known, // ErrUnknownIssuer is returned. func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) { p, err := packet.Read(signature) if err != nil { return } var issuerKeyId uint64 var hashFunc crypto.Hash var sigType packet.SignatureType switch sig := p.(type) { case *packet.Signature: if sig.IssuerKeyId == nil { return nil, errors.StructuralError("signature doesn't have an issuer") } issuerKeyId = *sig.IssuerKeyId hashFunc = sig.Hash sigType = sig.SigType case *packet.SignatureV3: issuerKeyId = sig.IssuerKeyId hashFunc = sig.Hash sigType = sig.SigType default: return nil, errors.StructuralError("non signature packet found") } h, wrappedHash, err := hashForSignature(hashFunc, sigType) if err != nil { return } _, err = io.Copy(wrappedHash, signed) if err != nil && err != io.EOF { return } keys := keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign) if len(keys) == 0 { return nil, errors.ErrUnknownIssuer } for _, key := range keys { switch sig := p.(type) { case *packet.Signature: err = key.PublicKey.VerifySignature(h, sig) case *packet.SignatureV3: err = key.PublicKey.VerifySignatureV3(h, sig) } if err == nil { return key.Entity, nil } } if err == nil { err = errors.ErrUnknownIssuer } return nil, err }
func (pubkey *Pubkey) Read() (err error) { buf := bytes.NewBuffer(pubkey.Packet) var p packet.Packet if p, err = packet.Read(buf); err != nil { if pubkey.State&PacketStateUnsuppPubkey != 0 { return nil } return err } err = pubkey.setPacket(p) return }
func getIssuerFromSignature(sigReader io.Reader) (uint64, error) { p, err := packet.Read(sigReader) if err != nil { return 0, err } switch sig := p.(type) { case *packet.Signature: if sig.IssuerKeyId == nil { return 0, errors.New("signature doesn't have an issuer") } return *sig.IssuerKeyId, nil case *packet.SignatureV3: return sig.IssuerKeyId, nil default: return 0, errors.New("non signature packet found") } }
// CheckDetachedSignature takes a signed file and a detached signature and // returns the signer if the signature is valid. If the signer isn't known, // ErrUnknownIssuer is returned. func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) { p, err := packet.Read(signature) if err != nil { return } sig, ok := p.(*packet.Signature) if !ok { return nil, errors.StructuralError("non signature packet found") } if sig.IssuerKeyId == nil { return nil, errors.StructuralError("signature doesn't have an issuer") } keys := keyring.KeysById(*sig.IssuerKeyId) if len(keys) == 0 { return nil, errors.ErrUnknownIssuer } h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType) if err != nil { return } _, err = io.Copy(wrappedHash, signed) if err != nil && err != io.EOF { return } for _, key := range keys { if key.SelfSignature.FlagsValid && !key.SelfSignature.FlagSign { continue } err = key.PublicKey.VerifySignature(h, sig) if err == nil { return key.Entity, nil } } if err != nil { return } return nil, errors.ErrUnknownIssuer }
func TestUatRtt(t *testing.T) { f := MustInput(t, "uat.asc") defer f.Close() block, err := armor.Decode(f) if err != nil { t.Fatal(err) } var p packet.Packet for { p, err = packet.Read(block.Body) if err != nil { break } if uat, is := p.(*packet.UserAttribute); is { var buf bytes.Buffer uat.Serialize(&buf) or := packet.NewOpaqueReader(bytes.NewBuffer(buf.Bytes())) op, _ := or.Next() assert.Equal(t, buf.Bytes()[3:], op.Contents) } } }
func openArmoredPublicKeyFile(reader io.ReadCloser) (*packet.PublicKey, error) { defer reader.Close() var lr = io.LimitReader(reader, publicKeyMaxSize) block, _ := armor.Decode(lr) if block == nil { return nil, errors.New("Couldn't find PGP block in public key file") } if block.Type != "PGP PUBLIC KEY BLOCK" { return nil, errors.New("Invalid public key blob.") } p, err := packet.Read(block.Body) if err != nil { return nil, fmt.Errorf("Invalid public key blob: %v", err) } pk, ok := p.(*packet.PublicKey) if !ok { return nil, fmt.Errorf("Invalid public key blob; not a public key packet") } return pk, nil }
func (sig *Signature) GetSignature() (packet.Packet, error) { buf := bytes.NewBuffer(sig.Packet) return packet.Read(buf) }