Add API to sign stream with context

2023-03-20 11:52:52 +01:00 · 2023-03-20 11:52:52 +01:00 · c55b9d203c
commit c55b9d203c
parent 45070ef1ae
4 changed files with 54 additions and 38 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - When a signature fails verification because of the signature context, it returns a `SignatureVerificationError` with 
 status `constants.SIGNATURE_BAD_CONTEXT` instead of `constants.SIGNATURE_FAILED`.

+## Added
+- Add api for signature context on streams `SignDetachedStreamWithContext`.
+
 ## [2.6.1] 2023-03-22

 ### Security fix
--- a/crypto/keyring_message.go
+++ b/crypto/keyring_message.go
@ -2,7 +2,6 @@ package crypto

 import (
 	"bytes"
-	"crypto"
 	"io"
 	"io/ioutil"
 	"time"
@ -69,30 +68,12 @@ func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, erro
 // If a context is provided, it is added to the signature as notation data
 // with the name set in `constants.SignatureContextName`.
 func (keyRing *KeyRing) SignDetachedWithContext(message *PlainMessage, context *SigningContext) (*PGPSignature, error) {
-	signEntity, err := keyRing.getSigningEntity()
-	if err != nil {
-		return nil, err
-	}
-	var signatureNotations []*packet.Notation
-	if context != nil {
-		signatureNotations = []*packet.Notation{context.getNotation()}
-	}
-	config := &packet.Config{
-		DefaultHash:        crypto.SHA512,
-		Time:               getTimeGenerator(),
-		SignatureNotations: signatureNotations,
-	}
-	var outBuf bytes.Buffer
-	if message.IsBinary() {
-		err = openpgp.DetachSign(&outBuf, signEntity, message.NewReader(), config)
-	} else {
-		err = openpgp.DetachSignText(&outBuf, signEntity, message.NewReader(), config)
-	}
-	if err != nil {
-		return nil, errors.Wrap(err, "gopenpgp: error in signing")
-	}
-
-	return NewPGPSignature(outBuf.Bytes()), nil
+	return signMessageDetached(
+		keyRing,
+		message.NewReader(),
+		message.IsBinary(),
+		context,
+	)
 }

 // VerifyDetached verifies a PlainMessage with a detached PGPSignature
--- a/crypto/keyring_streaming.go
+++ b/crypto/keyring_streaming.go
@ -2,7 +2,6 @@ package crypto

 import (
 	"bytes"
-	"crypto"
 	"io"
 	"time"

@ -302,19 +301,19 @@ func (keyRing *KeyRing) DecryptSplitStream(

 // SignDetachedStream generates and returns a PGPSignature for a given message Reader.
 func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error) {
-	signEntity, err := keyRing.getSigningEntity()
-	if err != nil {
-		return nil, err
+	return keyRing.SignDetachedStreamWithContext(message, nil)
 }

-	config := &packet.Config{DefaultHash: crypto.SHA512, Time: getTimeGenerator()}
-	var outBuf bytes.Buffer
-	// sign bin
-	if err := openpgp.DetachSign(&outBuf, signEntity, message, config); err != nil {
-		return nil, errors.Wrap(err, "gopenpgp: error in signing")
-	}
-
-	return NewPGPSignature(outBuf.Bytes()), nil
+// SignDetachedStreamWithContext generates and returns a PGPSignature for a given message Reader.
+// If a context is provided, it is added to the signature as notation data
+// with the name set in `constants.SignatureContextName`.
+func (keyRing *KeyRing) SignDetachedStreamWithContext(message Reader, context *SigningContext) (*PGPSignature, error) {
+	return signMessageDetached(
+		keyRing,
+		message,
+		true,
+		context,
+	)
 }

 // VerifyDetachedStream verifies a message reader with a detached PGPSignature
--- a/crypto/signature.go
+++ b/crypto/signature.go
@ -280,3 +280,36 @@ func verifySignature(

 	return sig, nil
 }
+
+func signMessageDetached(
+	signKeyRing *KeyRing,
+	messageReader io.Reader,
+	isBinary bool,
+	context *SigningContext,
+) (*PGPSignature, error) {
+	config := &packet.Config{
+		DefaultHash: crypto.SHA512,
+		Time:        getTimeGenerator(),
+	}
+
+	signEntity, err := signKeyRing.getSigningEntity()
+	if err != nil {
+		return nil, err
+	}
+
+	if context != nil {
+		config.SignatureNotations = append(config.SignatureNotations, context.getNotation())
+	}
+
+	var outBuf bytes.Buffer
+	if isBinary {
+		err = openpgp.DetachSign(&outBuf, signEntity, messageReader, config)
+	} else {
+		err = openpgp.DetachSignText(&outBuf, signEntity, messageReader, config)
+	}
+	if err != nil {
+		return nil, errors.Wrap(err, "gopenpgp: error in signing")
+	}
+
+	return NewPGPSignature(outBuf.Bytes()), nil
+}