示例#1
0
// ImportVerified imports a verified key under the label. The original
// signature data is preserved in the keystore.
func (s *KeyStore) ImportVerified(label string, signedKey []byte) bool {
	var pub []byte

	if !s.Valid(true) || s.Has(label) {
		return false
	}

	var vkey VerifiedKey
	_, err := asn1.Unmarshal(signedKey, &vkey)
	if err != nil {
		return false
	}

	var signerLabel string
	if bytes.Equal(vkey.Signer, s.PublicKey) {
		signerLabel = "self"
		pub = s.PublicKey
	} else {
		var ok bool
		signerLabel, ok = s.FindPublic(vkey.Signer)
		if !ok {
			return false
		}
		pub = s.Keys[signerLabel].Keys
	}

	if signerLabel == "" || pub == nil {
		return false
	} else if _, ok := s.VerifyKeySignature(signerLabel); !ok {
		return false
	}

	pubkey, err := public.UnmarshalPublic(pub)
	if err != nil {
		return false
	}

	signatureData := vkey.SignatureData()
	if !public.Verify(pubkey, signatureData, vkey.Signature) {
		return false
	}

	rec := &PublicKeyRecord{
		Label:         label,
		Version:       KeyStoreVersion,
		Timestamp:     time.Now().Unix(),
		Keys:          vkey.Public,
		KeySignature:  vkey.Signature,
		KeySigner:     pub,
		SignatureTime: vkey.Timestamp,
	}
	s.Keys[label] = rec
	return true
}
示例#2
0
// IsSelfSigned returns true if the verified key is self-signed.
func (vkey *VerifiedKey) IsSelfSigned() bool {
	if !bytes.Equal(vkey.Public, vkey.Signer) {
		return false
	}

	signer, err := public.UnmarshalPublic(vkey.Signer)
	if err != nil {
		return false
	}

	sigData := vkey.SignatureData()
	return public.Verify(signer, sigData, vkey.Signature)
}
示例#3
0
// Verify validates that the message was signed by the named public
// key.
func (s *KeyStore) Verify(label string, message, sig []byte) bool {
	if !s.Valid(true) {
		return false
	} else if !s.Has(label) {
		return false
	}

	pub := s.getPublic(label)
	if pub == nil {
		return false
	}

	return public.Verify(pub, message, sig)
}
示例#4
0
// AddKey adds the new peer key to the keystore, signing it with the
// owner's key. If the keystore is locked, this will fail.
func (s *KeyStore) AddKey(label string, peer []byte, metadata map[string]string) bool {
	if !s.Valid(true) {
		return false
	} else if s.Has(label) {
		return false
	} else if s.Locked() {
		return false
	} else if _, err := public.UnmarshalPublic(peer); err != nil {
		return false
	}

	signTime := time.Now().Unix()
	vkey := &VerifiedKey{
		Public:    peer,
		Signer:    s.PublicKey,
		Timestamp: signTime,
	}
	signatureData := vkey.SignatureData()

	sig, ok := public.Sign(s.privateKey, signatureData)
	if !ok {
		return false
	}
	if !public.Verify(s.privateKey.PublicKey, signatureData, sig) {
		return false
	}

	metadataCopy := map[string]string{}
	for k, v := range metadata {
		metadataCopy[k] = v
	}

	s.Keys[label] = &PublicKeyRecord{
		Label:         label,
		Timestamp:     time.Now().Unix(),
		Keys:          peer,
		KeySignature:  sig,
		KeySigner:     s.PublicKey,
		SignatureTime: signTime,
		Metadata:      metadataCopy,
	}
	return true
}
示例#5
0
// VerifyKeySignature authenticates the signature on the key indicated
// by label. If the label is self, Verify returns true as that label
// is assumed always valid.
func (s *KeyStore) VerifyKeySignature(label string) (string, bool) {
	if !s.Valid(true) {
		return "", false
	}

	if label == "self" {
		return "self", true
	}

	rec := s.Keys[label]
	var signerLabel string

	var vkey = &VerifiedKey{
		Public:    rec.Keys,
		Signature: rec.KeySignature,
		Timestamp: rec.SignatureTime,
	}
	if bytes.Equal(rec.KeySigner, s.PublicKey) {
		vkey.Signer = s.PublicKey
		signerLabel = "self"
	} else {
		var ok bool
		signerLabel, ok = s.FindPublic(rec.KeySigner)
		if !ok {
			return "", false
		}
		vkey.Signer = s.Keys[signerLabel].Keys
	}
	pub, err := public.UnmarshalPublic(vkey.Signer)
	if err != nil {
		return "", false
	}
	signatureData := vkey.SignatureData()

	if !public.Verify(pub, signatureData, vkey.Signature) {
		return "", false
	}
	return signerLabel, true
}