diff options
Diffstat (limited to 'libgo/go/crypto/openpgp/packet')
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/compressed.go | 4 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/encrypted_key.go | 16 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/one_pass_signature.go | 8 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/packet.go | 6 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/packet_test.go | 4 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/private_key.go | 35 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/public_key.go | 48 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/reader.go | 4 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/signature.go | 117 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/symmetric_key_encrypted.go | 14 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/symmetrically_encrypted.go | 27 | ||||
| -rw-r--r-- | libgo/go/crypto/openpgp/packet/symmetrically_encrypted_test.go | 7 |
12 files changed, 187 insertions, 103 deletions
diff --git a/libgo/go/crypto/openpgp/packet/compressed.go b/libgo/go/crypto/openpgp/packet/compressed.go index f80d798cfe6..36736e34a0e 100644 --- a/libgo/go/crypto/openpgp/packet/compressed.go +++ b/libgo/go/crypto/openpgp/packet/compressed.go @@ -7,7 +7,7 @@ package packet import ( "compress/flate" "compress/zlib" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "io" "strconv" ) @@ -31,7 +31,7 @@ func (c *Compressed) parse(r io.Reader) error { case 2: c.Body, err = zlib.NewReader(r) default: - err = error_.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0]))) + err = errors.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0]))) } return err diff --git a/libgo/go/crypto/openpgp/packet/encrypted_key.go b/libgo/go/crypto/openpgp/packet/encrypted_key.go index b24fa3a3fd3..479a643935e 100644 --- a/libgo/go/crypto/openpgp/packet/encrypted_key.go +++ b/libgo/go/crypto/openpgp/packet/encrypted_key.go @@ -6,7 +6,7 @@ package packet import ( "crypto/openpgp/elgamal" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/rand" "crypto/rsa" "encoding/binary" @@ -35,7 +35,7 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) { return } if buf[0] != encryptedKeyVersion { - return error_.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0]))) + return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0]))) } e.KeyId = binary.BigEndian.Uint64(buf[1:9]) e.Algo = PublicKeyAlgorithm(buf[9]) @@ -77,7 +77,7 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey) error { c2 := new(big.Int).SetBytes(e.encryptedMPI2) b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2) default: - err = error_.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo))) + err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo))) } if err != nil { @@ -89,7 +89,7 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey) error { expectedChecksum := uint16(b[len(b)-2])<<8 | uint16(b[len(b)-1]) checksum := checksumKeyMaterial(e.Key) if checksum != expectedChecksum { - return error_.StructuralError("EncryptedKey checksum incorrect") + return errors.StructuralError("EncryptedKey checksum incorrect") } return nil @@ -116,16 +116,16 @@ func SerializeEncryptedKey(w io.Writer, rand io.Reader, pub *PublicKey, cipherFu case PubKeyAlgoElGamal: return serializeEncryptedKeyElGamal(w, rand, buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock) case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly: - return error_.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) + return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) } - return error_.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) + return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) } func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub *rsa.PublicKey, keyBlock []byte) error { cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock) if err != nil { - return error_.InvalidArgumentError("RSA encryption failed: " + err.Error()) + return errors.InvalidArgumentError("RSA encryption failed: " + err.Error()) } packetLen := 10 /* header length */ + 2 /* mpi size */ + len(cipherText) @@ -144,7 +144,7 @@ func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte, pub *elgamal.PublicKey, keyBlock []byte) error { c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock) if err != nil { - return error_.InvalidArgumentError("ElGamal encryption failed: " + err.Error()) + return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error()) } packetLen := 10 /* header length */ diff --git a/libgo/go/crypto/openpgp/packet/one_pass_signature.go b/libgo/go/crypto/openpgp/packet/one_pass_signature.go index 13e6aa5aff8..822cfe9b8f6 100644 --- a/libgo/go/crypto/openpgp/packet/one_pass_signature.go +++ b/libgo/go/crypto/openpgp/packet/one_pass_signature.go @@ -6,7 +6,7 @@ package packet import ( "crypto" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/openpgp/s2k" "encoding/binary" "io" @@ -33,13 +33,13 @@ func (ops *OnePassSignature) parse(r io.Reader) (err error) { return } if buf[0] != onePassSignatureVersion { - err = error_.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0]))) + err = errors.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0]))) } var ok bool ops.Hash, ok = s2k.HashIdToHash(buf[2]) if !ok { - return error_.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2]))) + return errors.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2]))) } ops.SigType = SignatureType(buf[1]) @@ -57,7 +57,7 @@ func (ops *OnePassSignature) Serialize(w io.Writer) error { var ok bool buf[2], ok = s2k.HashToHashId(ops.Hash) if !ok { - return error_.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash))) + return errors.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash))) } buf[3] = uint8(ops.PubKeyAlgo) binary.BigEndian.PutUint64(buf[4:12], ops.KeyId) diff --git a/libgo/go/crypto/openpgp/packet/packet.go b/libgo/go/crypto/openpgp/packet/packet.go index 778df15c0bd..f7c1964fd4c 100644 --- a/libgo/go/crypto/openpgp/packet/packet.go +++ b/libgo/go/crypto/openpgp/packet/packet.go @@ -10,7 +10,7 @@ import ( "crypto/aes" "crypto/cast5" "crypto/cipher" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "io" "math/big" ) @@ -162,7 +162,7 @@ func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader, return } if buf[0]&0x80 == 0 { - err = error_.StructuralError("tag byte does not have MSB set") + err = errors.StructuralError("tag byte does not have MSB set") return } if buf[0]&0x40 == 0 { @@ -337,7 +337,7 @@ func Read(r io.Reader) (p Packet, err error) { se.MDC = true p = se default: - err = error_.UnknownPacketTypeError(tag) + err = errors.UnknownPacketTypeError(tag) } if p != nil { err = p.parse(contents) diff --git a/libgo/go/crypto/openpgp/packet/packet_test.go b/libgo/go/crypto/openpgp/packet/packet_test.go index 53266413c86..e4b86914192 100644 --- a/libgo/go/crypto/openpgp/packet/packet_test.go +++ b/libgo/go/crypto/openpgp/packet/packet_test.go @@ -6,7 +6,7 @@ package packet import ( "bytes" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "encoding/hex" "fmt" "io" @@ -152,7 +152,7 @@ func TestReadHeader(t *testing.T) { for i, test := range readHeaderTests { tag, length, contents, err := readHeader(readerFromHex(test.hexInput)) if test.structuralError { - if _, ok := err.(error_.StructuralError); ok { + if _, ok := err.(errors.StructuralError); ok { continue } t.Errorf("%d: expected StructuralError, got:%s", i, err) diff --git a/libgo/go/crypto/openpgp/packet/private_key.go b/libgo/go/crypto/openpgp/packet/private_key.go index d67e9688617..5a90d0625fa 100644 --- a/libgo/go/crypto/openpgp/packet/private_key.go +++ b/libgo/go/crypto/openpgp/packet/private_key.go @@ -9,7 +9,7 @@ import ( "crypto/cipher" "crypto/dsa" "crypto/openpgp/elgamal" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/openpgp/s2k" "crypto/rsa" "crypto/sha1" @@ -28,14 +28,21 @@ type PrivateKey struct { encryptedData []byte cipher CipherFunction s2k func(out, in []byte) - PrivateKey interface{} // An *rsa.PrivateKey. + PrivateKey interface{} // An *rsa.PrivateKey or *dsa.PrivateKey. sha1Checksum bool iv []byte } -func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey, isSubkey bool) *PrivateKey { +func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey { pk := new(PrivateKey) - pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey, isSubkey) + pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey) + pk.PrivateKey = priv + return pk +} + +func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey { + pk := new(PrivateKey) + pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey) pk.PrivateKey = priv return pk } @@ -72,13 +79,13 @@ func (pk *PrivateKey) parse(r io.Reader) (err error) { pk.sha1Checksum = true } default: - return error_.UnsupportedError("deprecated s2k function in private key") + return errors.UnsupportedError("deprecated s2k function in private key") } if pk.Encrypted { blockSize := pk.cipher.blockSize() if blockSize == 0 { - return error_.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher))) + return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher))) } pk.iv = make([]byte, blockSize) _, err = readFull(r, pk.iv) @@ -121,8 +128,10 @@ func (pk *PrivateKey) Serialize(w io.Writer) (err error) { switch priv := pk.PrivateKey.(type) { case *rsa.PrivateKey: err = serializeRSAPrivateKey(privateKeyBuf, priv) + case *dsa.PrivateKey: + err = serializeDSAPrivateKey(privateKeyBuf, priv) default: - err = error_.InvalidArgumentError("non-RSA private key") + err = errors.InvalidArgumentError("unknown private key type") } if err != nil { return @@ -172,6 +181,10 @@ func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error { return writeBig(w, priv.Precomputed.Qinv) } +func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error { + return writeBig(w, priv.X) +} + // Decrypt decrypts an encrypted private key using a passphrase. func (pk *PrivateKey) Decrypt(passphrase []byte) error { if !pk.Encrypted { @@ -188,18 +201,18 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error { if pk.sha1Checksum { if len(data) < sha1.Size { - return error_.StructuralError("truncated private key data") + return errors.StructuralError("truncated private key data") } h := sha1.New() h.Write(data[:len(data)-sha1.Size]) sum := h.Sum(nil) if !bytes.Equal(sum, data[len(data)-sha1.Size:]) { - return error_.StructuralError("private key checksum failure") + return errors.StructuralError("private key checksum failure") } data = data[:len(data)-sha1.Size] } else { if len(data) < 2 { - return error_.StructuralError("truncated private key data") + return errors.StructuralError("truncated private key data") } var sum uint16 for i := 0; i < len(data)-2; i++ { @@ -207,7 +220,7 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error { } if data[len(data)-2] != uint8(sum>>8) || data[len(data)-1] != uint8(sum) { - return error_.StructuralError("private key checksum failure") + return errors.StructuralError("private key checksum failure") } data = data[:len(data)-2] } diff --git a/libgo/go/crypto/openpgp/packet/public_key.go b/libgo/go/crypto/openpgp/packet/public_key.go index 9aa30e0c15f..ba178b519eb 100644 --- a/libgo/go/crypto/openpgp/packet/public_key.go +++ b/libgo/go/crypto/openpgp/packet/public_key.go @@ -7,7 +7,7 @@ package packet import ( "crypto/dsa" "crypto/openpgp/elgamal" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/rsa" "crypto/sha1" "encoding/binary" @@ -39,12 +39,11 @@ func fromBig(n *big.Int) parsedMPI { } // NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey. -func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey, isSubkey bool) *PublicKey { +func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey { pk := &PublicKey{ CreationTime: creationTime, PubKeyAlgo: PubKeyAlgoRSA, PublicKey: pub, - IsSubkey: isSubkey, n: fromBig(pub.N), e: fromBig(big.NewInt(int64(pub.E))), } @@ -53,6 +52,22 @@ func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey, isSubkey bool) return pk } +// NewDSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey. +func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey { + pk := &PublicKey{ + CreationTime: creationTime, + PubKeyAlgo: PubKeyAlgoDSA, + PublicKey: pub, + p: fromBig(pub.P), + q: fromBig(pub.Q), + g: fromBig(pub.G), + y: fromBig(pub.Y), + } + + pk.setFingerPrintAndKeyId() + return pk +} + func (pk *PublicKey) parse(r io.Reader) (err error) { // RFC 4880, section 5.5.2 var buf [6]byte @@ -61,7 +76,7 @@ func (pk *PublicKey) parse(r io.Reader) (err error) { return } if buf[0] != 4 { - return error_.UnsupportedError("public key version") + return errors.UnsupportedError("public key version") } pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0) pk.PubKeyAlgo = PublicKeyAlgorithm(buf[5]) @@ -73,7 +88,7 @@ func (pk *PublicKey) parse(r io.Reader) (err error) { case PubKeyAlgoElGamal: err = pk.parseElGamal(r) default: - err = error_.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo))) + err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo))) } if err != nil { return @@ -105,7 +120,7 @@ func (pk *PublicKey) parseRSA(r io.Reader) (err error) { } if len(pk.e.bytes) > 3 { - err = error_.UnsupportedError("large public exponent") + err = errors.UnsupportedError("large public exponent") return } rsa := &rsa.PublicKey{ @@ -255,7 +270,7 @@ func (pk *PublicKey) serializeWithoutHeaders(w io.Writer) (err error) { case PubKeyAlgoElGamal: return writeMPIs(w, pk.p, pk.g, pk.y) } - return error_.InvalidArgumentError("bad public-key algorithm") + return errors.InvalidArgumentError("bad public-key algorithm") } // CanSign returns true iff this public key can generate signatures @@ -267,18 +282,18 @@ func (pk *PublicKey) CanSign() bool { // public key, of the data hashed into signed. signed is mutated by this call. func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error) { if !pk.CanSign() { - return error_.InvalidArgumentError("public key cannot generate signatures") + return errors.InvalidArgumentError("public key cannot generate signatures") } signed.Write(sig.HashSuffix) hashBytes := signed.Sum(nil) if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] { - return error_.SignatureError("hash tag doesn't match") + return errors.SignatureError("hash tag doesn't match") } if pk.PubKeyAlgo != sig.PubKeyAlgo { - return error_.InvalidArgumentError("public key and signature use different algorithms") + return errors.InvalidArgumentError("public key and signature use different algorithms") } switch pk.PubKeyAlgo { @@ -286,13 +301,18 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes) if err != nil { - return error_.SignatureError("RSA verification failure") + return errors.SignatureError("RSA verification failure") } return nil case PubKeyAlgoDSA: dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey) + // Need to truncate hashBytes to match FIPS 186-3 section 4.6. + subgroupSize := (dsaPublicKey.Q.BitLen() + 7) / 8 + if len(hashBytes) > subgroupSize { + hashBytes = hashBytes[:subgroupSize] + } if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) { - return error_.SignatureError("DSA verification failure") + return errors.SignatureError("DSA verification failure") } return nil default: @@ -306,7 +326,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro func keySignatureHash(pk, signed *PublicKey, sig *Signature) (h hash.Hash, err error) { h = sig.Hash.New() if h == nil { - return nil, error_.UnsupportedError("hash function") + return nil, errors.UnsupportedError("hash function") } // RFC 4880, section 5.2.4 @@ -332,7 +352,7 @@ func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) (err func userIdSignatureHash(id string, pk *PublicKey, sig *Signature) (h hash.Hash, err error) { h = sig.Hash.New() if h == nil { - return nil, error_.UnsupportedError("hash function") + return nil, errors.UnsupportedError("hash function") } // RFC 4880, section 5.2.4 diff --git a/libgo/go/crypto/openpgp/packet/reader.go b/libgo/go/crypto/openpgp/packet/reader.go index e3d733cb021..1a3e8e23133 100644 --- a/libgo/go/crypto/openpgp/packet/reader.go +++ b/libgo/go/crypto/openpgp/packet/reader.go @@ -5,7 +5,7 @@ package packet import ( - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "io" ) @@ -34,7 +34,7 @@ func (r *Reader) Next() (p Packet, err error) { r.readers = r.readers[:len(r.readers)-1] continue } - if _, ok := err.(error_.UnknownPacketTypeError); !ok { + if _, ok := err.(errors.UnknownPacketTypeError); !ok { return nil, err } } diff --git a/libgo/go/crypto/openpgp/packet/signature.go b/libgo/go/crypto/openpgp/packet/signature.go index 1cdc1ee0f0c..c3ffb3a6fb9 100644 --- a/libgo/go/crypto/openpgp/packet/signature.go +++ b/libgo/go/crypto/openpgp/packet/signature.go @@ -7,9 +7,8 @@ package packet import ( "crypto" "crypto/dsa" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/openpgp/s2k" - "crypto/rand" "crypto/rsa" "encoding/binary" "hash" @@ -61,7 +60,7 @@ func (sig *Signature) parse(r io.Reader) (err error) { return } if buf[0] != 4 { - err = error_.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0]))) + err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0]))) return } @@ -74,14 +73,14 @@ func (sig *Signature) parse(r io.Reader) (err error) { switch sig.PubKeyAlgo { case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA: default: - err = error_.UnsupportedError("public key algorithm " + strconv.Itoa(int(sig.PubKeyAlgo))) + err = errors.UnsupportedError("public key algorithm " + strconv.Itoa(int(sig.PubKeyAlgo))) return } var ok bool sig.Hash, ok = s2k.HashIdToHash(buf[2]) if !ok { - return error_.UnsupportedError("hash function " + strconv.Itoa(int(buf[2]))) + return errors.UnsupportedError("hash function " + strconv.Itoa(int(buf[2]))) } hashedSubpacketsLength := int(buf[3])<<8 | int(buf[4]) @@ -153,7 +152,7 @@ func parseSignatureSubpackets(sig *Signature, subpackets []byte, isHashed bool) } if sig.CreationTime.IsZero() { - err = error_.StructuralError("no creation time in signature") + err = errors.StructuralError("no creation time in signature") } return @@ -164,7 +163,7 @@ type signatureSubpacketType uint8 const ( creationTimeSubpacket signatureSubpacketType = 2 signatureExpirationSubpacket signatureSubpacketType = 3 - keyExpirySubpacket signatureSubpacketType = 9 + keyExpirationSubpacket signatureSubpacketType = 9 prefSymmetricAlgosSubpacket signatureSubpacketType = 11 issuerSubpacket signatureSubpacketType = 16 prefHashAlgosSubpacket signatureSubpacketType = 21 @@ -207,7 +206,7 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r rest = subpacket[length:] subpacket = subpacket[:length] if len(subpacket) == 0 { - err = error_.StructuralError("zero length signature subpacket") + err = errors.StructuralError("zero length signature subpacket") return } packetType = signatureSubpacketType(subpacket[0] & 0x7f) @@ -217,37 +216,33 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r switch packetType { case creationTimeSubpacket: if !isHashed { - err = error_.StructuralError("signature creation time in non-hashed area") + err = errors.StructuralError("signature creation time in non-hashed area") return } if len(subpacket) != 4 { - err = error_.StructuralError("signature creation time not four bytes") + err = errors.StructuralError("signature creation time not four bytes") return } t := binary.BigEndian.Uint32(subpacket) - if t == 0 { - sig.CreationTime = time.Time{} - } else { - sig.CreationTime = time.Unix(int64(t), 0) - } + sig.CreationTime = time.Unix(int64(t), 0) case signatureExpirationSubpacket: // Signature expiration time, section 5.2.3.10 if !isHashed { return } if len(subpacket) != 4 { - err = error_.StructuralError("expiration subpacket with bad length") + err = errors.StructuralError("expiration subpacket with bad length") return } sig.SigLifetimeSecs = new(uint32) *sig.SigLifetimeSecs = binary.BigEndian.Uint32(subpacket) - case keyExpirySubpacket: + case keyExpirationSubpacket: // Key expiration time, section 5.2.3.6 if !isHashed { return } if len(subpacket) != 4 { - err = error_.StructuralError("key expiration subpacket with bad length") + err = errors.StructuralError("key expiration subpacket with bad length") return } sig.KeyLifetimeSecs = new(uint32) @@ -262,7 +257,7 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r case issuerSubpacket: // Issuer, section 5.2.3.5 if len(subpacket) != 8 { - err = error_.StructuralError("issuer subpacket with bad length") + err = errors.StructuralError("issuer subpacket with bad length") return } sig.IssuerKeyId = new(uint64) @@ -287,7 +282,7 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r return } if len(subpacket) != 1 { - err = error_.StructuralError("primary user id subpacket with bad length") + err = errors.StructuralError("primary user id subpacket with bad length") return } sig.IsPrimaryId = new(bool) @@ -300,7 +295,7 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r return } if len(subpacket) == 0 { - err = error_.StructuralError("empty key flags subpacket") + err = errors.StructuralError("empty key flags subpacket") return } sig.FlagsValid = true @@ -319,14 +314,14 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r default: if isCritical { - err = error_.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType))) + err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType))) return } } return Truncated: - err = error_.StructuralError("signature subpacket truncated") + err = errors.StructuralError("signature subpacket truncated") return } @@ -401,7 +396,7 @@ func (sig *Signature) buildHashSuffix() (err error) { sig.HashSuffix[3], ok = s2k.HashToHashId(sig.Hash) if !ok { sig.HashSuffix = nil - return error_.InvalidArgumentError("hash cannot be represented in OpenPGP: " + strconv.Itoa(int(sig.Hash))) + return errors.InvalidArgumentError("hash cannot be represented in OpenPGP: " + strconv.Itoa(int(sig.Hash))) } sig.HashSuffix[4] = byte(hashedSubpacketsLen >> 8) sig.HashSuffix[5] = byte(hashedSubpacketsLen) @@ -431,7 +426,7 @@ func (sig *Signature) signPrepareHash(h hash.Hash) (digest []byte, err error) { // Sign signs a message with a private key. The hash, h, must contain // the hash of the message to be signed and will be mutated by this function. // On success, the signature is stored in sig. Call Serialize to write it out. -func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey) (err error) { +func (sig *Signature) Sign(rand io.Reader, h hash.Hash, priv *PrivateKey) (err error) { sig.outSubpackets = sig.buildSubpackets() digest, err := sig.signPrepareHash(h) if err != nil { @@ -440,10 +435,17 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey) (err error) { switch priv.PubKeyAlgo { case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - sig.RSASignature.bytes, err = rsa.SignPKCS1v15(rand.Reader, priv.PrivateKey.(*rsa.PrivateKey), sig.Hash, digest) + sig.RSASignature.bytes, err = rsa.SignPKCS1v15(rand, priv.PrivateKey.(*rsa.PrivateKey), sig.Hash, digest) sig.RSASignature.bitLength = uint16(8 * len(sig.RSASignature.bytes)) case PubKeyAlgoDSA: - r, s, err := dsa.Sign(rand.Reader, priv.PrivateKey.(*dsa.PrivateKey), digest) + dsaPriv := priv.PrivateKey.(*dsa.PrivateKey) + + // Need to truncate hashBytes to match FIPS 186-3 section 4.6. + subgroupSize := (dsaPriv.Q.BitLen() + 7) / 8 + if len(digest) > subgroupSize { + digest = digest[:subgroupSize] + } + r, s, err := dsa.Sign(rand, dsaPriv, digest) if err == nil { sig.DSASigR.bytes = r.Bytes() sig.DSASigR.bitLength = uint16(8 * len(sig.DSASigR.bytes)) @@ -451,7 +453,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey) (err error) { sig.DSASigS.bitLength = uint16(8 * len(sig.DSASigS.bytes)) } default: - err = error_.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo))) + err = errors.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo))) } return @@ -460,22 +462,22 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey) (err error) { // SignUserId computes a signature from priv, asserting that pub is a valid // key for the identity id. On success, the signature is stored in sig. Call // Serialize to write it out. -func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey) error { +func (sig *Signature) SignUserId(rand io.Reader, id string, pub *PublicKey, priv *PrivateKey) error { h, err := userIdSignatureHash(id, pub, sig) if err != nil { return nil } - return sig.Sign(h, priv) + return sig.Sign(rand, h, priv) } // SignKey computes a signature from priv, asserting that pub is a subkey. On // success, the signature is stored in sig. Call Serialize to write it out. -func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey) error { +func (sig *Signature) SignKey(rand io.Reader, pub *PublicKey, priv *PrivateKey) error { h, err := keySignatureHash(&priv.PublicKey, pub, sig) if err != nil { return err } - return sig.Sign(h, priv) + return sig.Sign(rand, h, priv) } // Serialize marshals sig to w. SignRSA or SignDSA must have been called first. @@ -484,7 +486,7 @@ func (sig *Signature) Serialize(w io.Writer) (err error) { sig.outSubpackets = sig.rawSubpackets } if sig.RSASignature.bytes == nil && sig.DSASigR.bytes == nil { - return error_.InvalidArgumentError("Signature: need to call SignRSA or SignDSA before Serialize") + return errors.InvalidArgumentError("Signature: need to call SignRSA or SignDSA before Serialize") } sigLength := 0 @@ -556,5 +558,54 @@ func (sig *Signature) buildSubpackets() (subpackets []outputSubpacket) { subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId}) } + if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 { + sigLifetime := make([]byte, 4) + binary.BigEndian.PutUint32(sigLifetime, *sig.SigLifetimeSecs) + subpackets = append(subpackets, outputSubpacket{true, signatureExpirationSubpacket, true, sigLifetime}) + } + + // Key flags may only appear in self-signatures or certification signatures. + + if sig.FlagsValid { + var flags byte + if sig.FlagCertify { + flags |= 1 + } + if sig.FlagSign { + flags |= 2 + } + if sig.FlagEncryptCommunications { + flags |= 4 + } + if sig.FlagEncryptStorage { + flags |= 8 + } + subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, false, []byte{flags}}) + } + + // The following subpackets may only appear in self-signatures + + if sig.KeyLifetimeSecs != nil && *sig.KeyLifetimeSecs != 0 { + keyLifetime := make([]byte, 4) + binary.BigEndian.PutUint32(keyLifetime, *sig.KeyLifetimeSecs) + subpackets = append(subpackets, outputSubpacket{true, keyExpirationSubpacket, true, keyLifetime}) + } + + if sig.IsPrimaryId != nil && *sig.IsPrimaryId { + subpackets = append(subpackets, outputSubpacket{true, primaryUserIdSubpacket, false, []byte{1}}) + } + + if len(sig.PreferredSymmetric) > 0 { + subpackets = append(subpackets, outputSubpacket{true, prefSymmetricAlgosSubpacket, false, sig.PreferredSymmetric}) + } + + if len(sig.PreferredHash) > 0 { + subpackets = append(subpackets, outputSubpacket{true, prefHashAlgosSubpacket, false, sig.PreferredHash}) + } + + if len(sig.PreferredCompression) > 0 { + subpackets = append(subpackets, outputSubpacket{true, prefCompressionSubpacket, false, sig.PreferredCompression}) + } + return } diff --git a/libgo/go/crypto/openpgp/packet/symmetric_key_encrypted.go b/libgo/go/crypto/openpgp/packet/symmetric_key_encrypted.go index 76d5151379a..94e07050401 100644 --- a/libgo/go/crypto/openpgp/packet/symmetric_key_encrypted.go +++ b/libgo/go/crypto/openpgp/packet/symmetric_key_encrypted.go @@ -7,7 +7,7 @@ package packet import ( "bytes" "crypto/cipher" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" "crypto/openpgp/s2k" "io" "strconv" @@ -37,12 +37,12 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) { return } if buf[0] != symmetricKeyEncryptedVersion { - return error_.UnsupportedError("SymmetricKeyEncrypted version") + return errors.UnsupportedError("SymmetricKeyEncrypted version") } ske.CipherFunc = CipherFunction(buf[1]) if ske.CipherFunc.KeySize() == 0 { - return error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1]))) + return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1]))) } ske.s2k, err = s2k.Parse(r) @@ -60,7 +60,7 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) { err = nil if n != 0 { if n == maxSessionKeySizeInBytes { - return error_.UnsupportedError("oversized encrypted session key") + return errors.UnsupportedError("oversized encrypted session key") } ske.encryptedKey = encryptedKey[:n] } @@ -89,13 +89,13 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error { c.XORKeyStream(ske.encryptedKey, ske.encryptedKey) ske.CipherFunc = CipherFunction(ske.encryptedKey[0]) if ske.CipherFunc.blockSize() == 0 { - return error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc))) + return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc))) } ske.CipherFunc = CipherFunction(ske.encryptedKey[0]) ske.Key = ske.encryptedKey[1:] if len(ske.Key)%ske.CipherFunc.blockSize() != 0 { ske.Key = nil - return error_.StructuralError("length of decrypted key not a multiple of block size") + return errors.StructuralError("length of decrypted key not a multiple of block size") } } @@ -110,7 +110,7 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error { func SerializeSymmetricKeyEncrypted(w io.Writer, rand io.Reader, passphrase []byte, cipherFunc CipherFunction) (key []byte, err error) { keySize := cipherFunc.KeySize() if keySize == 0 { - return nil, error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc))) + return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc))) } s2kBuf := new(bytes.Buffer) diff --git a/libgo/go/crypto/openpgp/packet/symmetrically_encrypted.go b/libgo/go/crypto/openpgp/packet/symmetrically_encrypted.go index dff776e3eb2..e99a23b9fb2 100644 --- a/libgo/go/crypto/openpgp/packet/symmetrically_encrypted.go +++ b/libgo/go/crypto/openpgp/packet/symmetrically_encrypted.go @@ -6,8 +6,7 @@ package packet import ( "crypto/cipher" - error_ "crypto/openpgp/error" - "crypto/rand" + "crypto/openpgp/errors" "crypto/sha1" "crypto/subtle" "hash" @@ -35,7 +34,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { return err } if buf[0] != symmetricallyEncryptedVersion { - return error_.UnsupportedError("unknown SymmetricallyEncrypted version") + return errors.UnsupportedError("unknown SymmetricallyEncrypted version") } } se.contents = r @@ -48,10 +47,10 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { keySize := c.KeySize() if keySize == 0 { - return nil, error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) + return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) } if len(key) != keySize { - return nil, error_.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") + return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") } if se.prefix == nil { @@ -61,7 +60,7 @@ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.Read return nil, err } } else if len(se.prefix) != c.blockSize()+2 { - return nil, error_.InvalidArgumentError("can't try ciphers with different block lengths") + return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") } ocfbResync := cipher.OCFBResync @@ -72,7 +71,7 @@ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.Read s := cipher.NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) if s == nil { - return nil, error_.KeyIncorrectError + return nil, errors.KeyIncorrectError } plaintext := cipher.StreamReader{S: s, R: se.contents} @@ -181,7 +180,7 @@ const mdcPacketTagByte = byte(0x80) | 0x40 | 19 func (ser *seMDCReader) Close() error { if ser.error { - return error_.SignatureError("error during reading") + return errors.SignatureError("error during reading") } for !ser.eof { @@ -192,18 +191,18 @@ func (ser *seMDCReader) Close() error { break } if err != nil { - return error_.SignatureError("error during reading") + return errors.SignatureError("error during reading") } } if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size { - return error_.SignatureError("MDC packet not found") + return errors.SignatureError("MDC packet not found") } ser.h.Write(ser.trailer[:2]) final := ser.h.Sum(nil) if subtle.ConstantTimeCompare(final, ser.trailer[2:]) != 1 { - return error_.SignatureError("hash mismatch") + return errors.SignatureError("hash mismatch") } return nil } @@ -253,9 +252,9 @@ func (c noOpCloser) Close() error { // SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet // to w and returns a WriteCloser to which the to-be-encrypted packets can be // written. -func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte) (contents io.WriteCloser, err error) { +func SerializeSymmetricallyEncrypted(w io.Writer, rand io.Reader, c CipherFunction, key []byte) (contents io.WriteCloser, err error) { if c.KeySize() != len(key) { - return nil, error_.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") + return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") } writeCloser := noOpCloser{w} ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC) @@ -271,7 +270,7 @@ func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte) block := c.new(key) blockSize := block.BlockSize() iv := make([]byte, blockSize) - _, err = rand.Reader.Read(iv) + _, err = rand.Read(iv) if err != nil { return } diff --git a/libgo/go/crypto/openpgp/packet/symmetrically_encrypted_test.go b/libgo/go/crypto/openpgp/packet/symmetrically_encrypted_test.go index 8eee9713983..f7d133d0bbe 100644 --- a/libgo/go/crypto/openpgp/packet/symmetrically_encrypted_test.go +++ b/libgo/go/crypto/openpgp/packet/symmetrically_encrypted_test.go @@ -6,7 +6,8 @@ package packet import ( "bytes" - error_ "crypto/openpgp/error" + "crypto/openpgp/errors" + "crypto/rand" "crypto/sha1" "encoding/hex" "io" @@ -70,7 +71,7 @@ func testMDCReader(t *testing.T) { err = mdcReader.Close() if err == nil { t.Error("corruption: no error") - } else if _, ok := err.(*error_.SignatureError); !ok { + } else if _, ok := err.(*errors.SignatureError); !ok { t.Errorf("corruption: expected SignatureError, got: %s", err) } } @@ -82,7 +83,7 @@ func TestSerialize(t *testing.T) { c := CipherAES128 key := make([]byte, c.KeySize()) - w, err := SerializeSymmetricallyEncrypted(buf, c, key) + w, err := SerializeSymmetricallyEncrypted(buf, rand.Reader, c, key) if err != nil { t.Errorf("error from SerializeSymmetricallyEncrypted: %s", err) return |