lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use returned signature in GetVerifiedSignatureTimestamp

Browse source 
Instead of parsing the signature packets manually, use the signature
packet returned by VerifyDetachedSignatureAndHash to get the
signature creation time.
This commit is contained in:
Daniel Huigens 2023-02-15 18:04:47 +01:00
parent 379e4814e0
commit 9d05b3e9b6
3 changed files with 19 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

43
crypto/keyring_message.go
View file

@ -84,12 +84,13 @@ func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, erro
// VerifyDetached verifies a PlainMessage with a detached PGPSignature // VerifyDetached verifies a PlainMessage with a detached PGPSignature
// and returns a SignatureVerificationError if fails. // and returns a SignatureVerificationError if fails.
func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error { func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error {
return verifySignature( _, err := verifySignature(
keyRing.entities, keyRing.entities,
message.NewReader(), message.NewReader(),
signature.GetBinary(), signature.GetBinary(),
verifyTime, verifyTime,
) )
return err
} }
// SignDetachedEncrypted generates and returns a PGPMessage // SignDetachedEncrypted generates and returns a PGPMessage
@ -126,38 +127,16 @@ func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encrypted
// returns the creation time of the signature if it succeeds // returns the creation time of the signature if it succeeds
// and returns a SignatureVerificationError if fails. // and returns a SignatureVerificationError if fails.
func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error) { func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error) {
packets := packet.NewReader(bytes.NewReader(signature.Data)) sigPacket, err := verifySignature(
var err error keyRing.entities,
var p packet.Packet message.NewReader(),
for { signature.GetBinary(),
p, err = packets.Next() verifyTime,
if errors.Is(err, io.EOF) { )
break if err != nil {
} return 0, err
if err != nil {
continue
}
sigPacket, ok := p.(*packet.Signature)
if !ok {
continue
}
var outBuf bytes.Buffer
err = sigPacket.Serialize(&outBuf)
if err != nil {
continue
}
err = verifySignature(
keyRing.entities,
message.NewReader(),
outBuf.Bytes(),
verifyTime,
)
if err != nil {
continue
}
return sigPacket.CreationTime.Unix(), nil
} }
return 0, errors.Wrap(err, "gopenpgp: can't verify any signature packets") return sigPacket.CreationTime.Unix(), nil
} }
// ------ INTERNAL FUNCTIONS ------- // ------ INTERNAL FUNCTIONS -------

3
crypto/keyring_streaming.go
View file

@ -324,12 +324,13 @@ func (keyRing *KeyRing) VerifyDetachedStream(
signature *PGPSignature, signature *PGPSignature,
verifyTime int64, verifyTime int64,
) error { ) error {
return verifySignature( _, err := verifySignature(
keyRing.entities, keyRing.entities,
message, message,
signature.GetBinary(), signature.GetBinary(),
verifyTime, verifyTime,
) )
return err
} }
// SignDetachedEncryptedStream generates and returns a PGPMessage // SignDetachedEncryptedStream generates and returns a PGPMessage

12
crypto/signature.go
View file

@ -119,7 +119,7 @@ func verifyDetailsSignature(md *openpgp.MessageDetails, verifierKey *KeyRing) er
} }
// verifySignature verifies if a signature is valid with the entity list. // verifySignature verifies if a signature is valid with the entity list.
func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signature []byte, verifyTime int64) error { func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signature []byte, verifyTime int64) (*packet.Signature, error) {
config := &packet.Config{} config := &packet.Config{}
if verifyTime == 0 { if verifyTime == 0 {
config.Time = func() time.Time { config.Time = func() time.Time {
@ -134,9 +134,9 @@ func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signa
sig, signer, err := openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config) sig, signer, err := openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
if signer != nil && (errors.Is(err, pgpErrors.ErrSignatureExpired) || errors.Is(err, pgpErrors.ErrKeyExpired)) { if sig != nil && signer != nil && (errors.Is(err, pgpErrors.ErrSignatureExpired) || errors.Is(err, pgpErrors.ErrKeyExpired)) {
if verifyTime == 0 { // Expiration check disabled if verifyTime == 0 { // Expiration check disabled
return nil return sig, nil
} }
// Maybe the creation time offset pushed it over the edge // Maybe the creation time offset pushed it over the edge
@ -147,15 +147,15 @@ func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signa
_, err = signatureReader.Seek(0, io.SeekStart) _, err = signatureReader.Seek(0, io.SeekStart)
if err != nil { if err != nil {
return newSignatureFailed() return nil, newSignatureFailed()
} }
sig, signer, err = openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config) sig, signer, err = openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
} }
if err != nil || sig == nil || signer == nil { if err != nil || sig == nil || signer == nil {
return newSignatureFailed() return nil, newSignatureFailed()
} }
return nil return sig, nil
} }