passforios-gopenpgp/crypto/sign_detached.go

package crypto

import (
	"bytes"
	"errors"
	"strings"
	"time"

	"github.com/ProtonMail/go-pm-crypto/internal"
	"golang.org/x/crypto/openpgp"
	errors2 "golang.org/x/crypto/openpgp/errors"
	"golang.org/x/crypto/openpgp/packet"
	"io"
)

// Use: ios/android only
// SignTextDetached sign detached text type
func (pm *PmCrypto) SignTextDetached(plainText string, privateKey *KeyRing, passphrase string, trim bool) (string, error) {
	//sign with 0x01 text
	if trim {
		plainText = internal.TrimNewlines(plainText)
	}

	signEntity := privateKey.GetSigningEntity(passphrase)

	if signEntity == nil {
		return "", errors.New("cannot sign message, signer key is not unlocked")
	}

	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: pm.getTimeGenerator()}

	att := strings.NewReader(plainText)

	var outBuf bytes.Buffer
	//SignText
	if err := openpgp.ArmoredDetachSignText(&outBuf, signEntity, att, config); err != nil {
		return "", err
	}

	return outBuf.String(), nil
}

// Use: ios/android only
// Sign detached bin data using string key
func (pm *PmCrypto) SignBinDetached(plainData []byte, privateKey *KeyRing, passphrase string) (string, error) {
	//sign with 0x00
	signEntity := privateKey.GetSigningEntity(passphrase)

	if signEntity == nil {
		return "", errors.New("cannot sign message, singer key is not unlocked")
	}

	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: pm.getTimeGenerator()}

	att := bytes.NewReader(plainData)

	var outBuf bytes.Buffer
	//sign bin
	if err := openpgp.ArmoredDetachSign(&outBuf, signEntity, att, config); err != nil {
		return "", err
	}

	return outBuf.String(), nil
}

// Use: ios/android only
// Verify detached text - check if signature is valid using a given publicKey in binary format
func (pm *PmCrypto) VerifyTextSignDetachedBinKey(signature string, plainText string, publicKey *KeyRing, verifyTime int64) (bool, error) {

	plainText = internal.TrimNewlines(plainText)
	origText := bytes.NewReader(bytes.NewBufferString(plainText).Bytes())

	return verifySignature(publicKey.entities, origText, signature, verifyTime)
}

func verifySignature(pubKeyEntries openpgp.EntityList, origText *bytes.Reader, signature string, verifyTime int64) (bool, error) {
	config := &packet.Config{}
	if verifyTime == 0 {
		config.Time = func() time.Time {
			return time.Unix(0, 0)
		}
	} else {
		config.Time = func() time.Time {
			return time.Unix(verifyTime+internal.CreationTimeOffset, 0)
		}
	}
	signatureReader := strings.NewReader(signature)

	signer, err := openpgp.CheckArmoredDetachedSignature(pubKeyEntries, origText, signatureReader, config)

	if err == errors2.ErrSignatureExpired && signer != nil {
		if verifyTime > 0 {
			// Maybe the creation time offset pushed it over the edge
			// Retry with the actual verification time
			config.Time = func() time.Time {
				return time.Unix(verifyTime, 0)
			}

			signatureReader.Seek(0, io.SeekStart)
			signer, err = openpgp.CheckArmoredDetachedSignature(pubKeyEntries, origText, signatureReader, config)
		} else {
			// verifyTime = 0: time check disabled, everything is okay
			err = nil
		}
	}
	if err != nil {
		return false, err
	}
	if signer == nil {
		return false, errors.New("signer is empty")
	}
	// if signer.PrimaryKey.KeyId != signed.PrimaryKey.KeyId {
	// 	// t.Errorf("wrong signer got:%x want:%x", signer.PrimaryKey.KeyId, 0)
	// 	return false, errors.New("signer is nil")
	// }
	return true, nil
}

// Use: ios/android only
// Verify detached text in binary format - check if signature is valid using a given publicKey in binary format
func (pm *PmCrypto) VerifyBinSignDetachedBinKey(signature string, plainData []byte, publicKey *KeyRing, verifyTime int64) (bool, error) {

	origText := bytes.NewReader(plainData)

	return verifySignature(publicKey.entities, origText, signature, verifyTime)
}
Add decryptMime and refactor package structure 2018-09-11 11:09:28 +02:00			`package crypto`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`import (`
			`"bytes"`
			`"errors"`
			`"strings"`
			`"time"`

Minor build fixes 2018-11-01 17:03:43 +01:00			`"github.com/ProtonMail/go-pm-crypto/internal"`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`"golang.org/x/crypto/openpgp"`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00			`errors2 "golang.org/x/crypto/openpgp/errors"`
Refactor: Moved relevant parts of Key and KeyRing objs from go-pmapi 2018-09-20 15:20:45 +02:00			`"golang.org/x/crypto/openpgp/packet"`
bugfix 2018-07-31 01:13:00 +02:00			`"io"`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`)`

Methods use + unit tests update 2019-01-11 00:23:00 +01:00			`// Use: ios/android only`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`// SignTextDetached sign detached text type`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`func (pm PmCrypto) SignTextDetached(plainText string, privateKey KeyRing, passphrase string, trim bool) (string, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`//sign with 0x01 text`
add trim leading function 2018-06-05 15:26:55 -07:00			`if trim {`
Add decryptMime and refactor package structure 2018-09-11 11:09:28 +02:00			`plainText = internal.TrimNewlines(plainText)`
add trim leading function 2018-06-05 15:26:55 -07:00			`}`

Signing/unlocking entities simplification 2018-11-21 21:11:30 +01:00			`signEntity := privateKey.GetSigningEntity(passphrase)`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`if signEntity == nil {`
more cleanup, fixes 2018-06-04 17:50:26 -07:00			`return "", errors.New("cannot sign message, signer key is not unlocked")`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Refactor: Moved relevant parts of Key and KeyRing objs from go-pmapi 2018-09-20 15:20:45 +02:00			`config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: pm.getTimeGenerator()}`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`att := strings.NewReader(plainText)`

			`var outBuf bytes.Buffer`
			`//SignText`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`if err := openpgp.ArmoredDetachSignText(&outBuf, signEntity, att, config); err != nil {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`return "", err`
			`}`

			`return outBuf.String(), nil`
			`}`

Methods use + unit tests update 2019-01-11 00:23:00 +01:00			`// Use: ios/android only`
Issue #3: mobile client fallback version 2018-11-05 22:55:45 +01:00			`// Sign detached bin data using string key`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`func (pm PmCrypto) SignBinDetached(plainData []byte, privateKey KeyRing, passphrase string) (string, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`//sign with 0x00`
Signing/unlocking entities simplification 2018-11-21 21:11:30 +01:00			`signEntity := privateKey.GetSigningEntity(passphrase)`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`if signEntity == nil {`
			`return "", errors.New("cannot sign message, singer key is not unlocked")`
			`}`

Refactor: Moved relevant parts of Key and KeyRing objs from go-pmapi 2018-09-20 15:20:45 +02:00			`config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: pm.getTimeGenerator()}`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`att := bytes.NewReader(plainData)`

			`var outBuf bytes.Buffer`
			`//sign bin`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`if err := openpgp.ArmoredDetachSign(&outBuf, signEntity, att, config); err != nil {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`return "", err`
			`}`

			`return outBuf.String(), nil`
			`}`

Methods use + unit tests update 2019-01-11 00:23:00 +01:00			`// Use: ios/android only`
Issue #3: mobile client fallback version 2018-11-05 22:55:45 +01:00			`// Verify detached text - check if signature is valid using a given publicKey in binary format`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`func (pm PmCrypto) VerifyTextSignDetachedBinKey(signature string, plainText string, publicKey KeyRing, verifyTime int64) (bool, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00
Add decryptMime and refactor package structure 2018-09-11 11:09:28 +02:00			`plainText = internal.TrimNewlines(plainText)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`origText := bytes.NewReader(bytes.NewBufferString(plainText).Bytes())`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`return verifySignature(publicKey.entities, origText, signature, verifyTime)`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00			`}`

			`func verifySignature(pubKeyEntries openpgp.EntityList, origText *bytes.Reader, signature string, verifyTime int64) (bool, error) {`
			`config := &packet.Config{}`
			`if verifyTime == 0 {`
			`config.Time = func() time.Time {`
			`return time.Unix(0, 0)`
			`}`
			`} else {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`config.Time = func() time.Time {`
Refactor: Moved relevant parts of Key and KeyRing objs from go-pmapi 2018-09-20 15:20:45 +02:00			`return time.Unix(verifyTime+internal.CreationTimeOffset, 0)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
			`}`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00			`signatureReader := strings.NewReader(signature)`

wrapper for mobile 2018-06-04 16:05:14 -07:00			`signer, err := openpgp.CheckArmoredDetachedSignature(pubKeyEntries, origText, signatureReader, config)`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00
			`if err == errors2.ErrSignatureExpired && signer != nil {`
			`if verifyTime > 0 {`
			`// Maybe the creation time offset pushed it over the edge`
			`// Retry with the actual verification time`
			`config.Time = func() time.Time {`
			`return time.Unix(verifyTime, 0)`
			`}`
bugfix 2018-07-31 01:13:00 +02:00
			`signatureReader.Seek(0, io.SeekStart)`
Add a 2 day offset for signature creation time checking 2018-07-31 01:00:45 +02:00			`signer, err = openpgp.CheckArmoredDetachedSignature(pubKeyEntries, origText, signatureReader, config)`
			`} else {`
			`// verifyTime = 0: time check disabled, everything is okay`
			`err = nil`
			`}`
			`}`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`if err != nil {`
			`return false, err`
			`}`
			`if signer == nil {`
			`return false, errors.New("signer is empty")`
			`}`
			`// if signer.PrimaryKey.KeyId != signed.PrimaryKey.KeyId {`
			`// // t.Errorf("wrong signer got:%x want:%x", signer.PrimaryKey.KeyId, 0)`
			`// return false, errors.New("signer is nil")`
			`// }`
			`return true, nil`
			`}`

Methods use + unit tests update 2019-01-11 00:23:00 +01:00			`// Use: ios/android only`
Issue #3: mobile client fallback version 2018-11-05 22:55:45 +01:00			`// Verify detached text in binary format - check if signature is valid using a given publicKey in binary format`
Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`func (pm PmCrypto) VerifyBinSignDetachedBinKey(signature string, plainData []byte, publicKey KeyRing, verifyTime int64) (bool, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`origText := bytes.NewReader(plainData)`

Android-side KeyRing reuse refactoring support 2018-11-09 13:03:46 +01:00			`return verifySignature(publicKey.entities, origText, signature, verifyTime)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`