func verifyDetachedSignature(key *packet.PublicKey, contentf, sigf io.Reader) error {
var hashFunc crypto.Hash
packets := packet.NewReader(sigf)
p, err := packets.Next()
if err != nil {
return err
}
switch sig := p.(type) {
case *packet.Signature:
hashFunc = sig.Hash
case *packet.SignatureV3:
hashFunc = sig.Hash
default:
return errors.UnsupportedError("unrecognized signature")
}
h := hashFunc.New()
if _, err := io.Copy(h, contentf); err != nil && err != io.EOF {
return err
}
switch sig := p.(type) {
case *packet.Signature:
err = key.VerifySignature(h, sig)
case *packet.SignatureV3:
err = key.VerifySignatureV3(h, sig)
default:
panic("unreachable")
}
return err
}
func (cs Server) validateTokenSignature(pk *packet.PublicKey, token, tokenSig string) error {
sig, err := cs.receiveSignedNonce(strings.NewReader(tokenSig))
if err != nil {
return err
}
hash := sig.Hash.New()
hash.Write([]byte(token))
return pk.VerifySignature(hash, sig)
}
func verifyContentSignature(content []byte, sig Signature, pubKey *packet.PublicKey) error {
opgSig, ok := sig.(openpgpSignature)
if !ok {
panic(fmt.Errorf("not an internally supported Signature: %T", sig))
}
h := openpgpConfig.Hash().New()
h.Write(content)
return pubKey.VerifySignature(h, opgSig.sig)
}
func newOpenPGPPubKey(intPubKey *packet.PublicKey) *openpgpPubKey {
h := sha3.New384()
h.Write(v1Header)
err := intPubKey.Serialize(h)
if err != nil {
panic("internal error: cannot compute public key sha3-384")
}
sha3_384, err := EncodeDigest(crypto.SHA3_384, h.Sum(nil))
if err != nil {
panic("internal error: cannot compute public key sha3-384")
}
return &openpgpPubKey{pubKey: intPubKey, sha3_384: sha3_384}
}
func Verify(payload string, signature []byte, pubkey *packet.PublicKey) error {
// decode and read the signature
block, err := armor.Decode(bytes.NewBuffer(signature))
if err != nil {
return err
}
pkt, err := packet.Read(block.Body)
if err != nil {
return err
}
sig, ok := pkt.(*packet.Signature)
if !ok {
return fmt.Errorf("could not parse the signature")
}
if sig.Hash != crypto.SHA256 || sig.Hash != crypto.SHA512 {
return fmt.Errorf("was not a SHA-256 or SHA-512 signature")
}
if sig.SigType != packet.SigTypeBinary {
return fmt.Errorf("was not a binary signature")
}
// verify the signature
hash := sig.Hash.New()
_, err = hash.Write([]byte(payload))
if err != nil {
return err
}
err = pubkey.VerifySignature(hash, sig)
if err != nil {
return err
}
return nil
}
func (pkp *PublicKey) setPublicKey(pk *packet.PublicKey) error {
buf := bytes.NewBuffer(nil)
err := pk.Serialize(buf)
if err != nil {
return errgo.Mask(err)
}
fingerprint := hex.EncodeToString(pk.Fingerprint[:])
bitLen, err := pk.BitLength()
if err != nil {
return errgo.Mask(err)
}
pkp.RFingerprint = Reverse(fingerprint)
pkp.UUID = pkp.RFingerprint
err = pkp.setV4IDs(pkp.UUID)
if err != nil {
return err
}
pkp.Creation = pk.CreationTime
pkp.Algorithm = int(pk.PubKeyAlgo)
pkp.BitLen = int(bitLen)
pkp.Parsed = true
return nil
}
