X-Git-Url: http://nsz.repo.hu/git/?a=blobdiff_plain;f=patches%2Fdsa.diff;h=7ab461ba8c5a142ba2bf542aabeea5e75466884d;hb=9f813549e2ae467ff1d476fe3a92f27301f5abca;hp=b1c7629e568ee4346da1b1ab0e5fa5992c01b8da;hpb=2e5ef698d5adb0533348e522b17de6480b1717cc;p=epoint diff --git a/patches/dsa.diff b/patches/dsa.diff index b1c7629..7ab461b 100644 --- a/patches/dsa.diff +++ b/patches/dsa.diff @@ -1,7 +1,7 @@ -diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go ---- a/src/pkg/crypto/openpgp/packet/private_key.go Thu Nov 24 08:51:47 2011 -0800 -+++ b/src/pkg/crypto/openpgp/packet/private_key.go Tue Nov 29 17:21:15 2011 +0100 -@@ -27,7 +27,7 @@ +diff -r 7ec969250bfc src/pkg/crypto/openpgp/packet/private_key.go +--- a/src/pkg/crypto/openpgp/packet/private_key.go Tue Dec 27 09:49:19 2011 -0500 ++++ b/src/pkg/crypto/openpgp/packet/private_key.go Sat Dec 31 02:32:45 2011 +0100 +@@ -28,7 +28,7 @@ encryptedData []byte cipher CipherFunction s2k func(out, in []byte) @@ -10,13 +10,13 @@ diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go sha1Checksum bool iv []byte } -@@ -39,6 +39,13 @@ +@@ -40,6 +40,13 @@ return pk } -+func NewDSAPrivateKey(currentTimeSecs uint32, priv *dsa.PrivateKey, isSubkey bool) *PrivateKey { ++func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey, isSubkey bool) *PrivateKey { + pk := new(PrivateKey) -+ pk.PublicKey = *NewDSAPublicKey(currentTimeSecs, &priv.PublicKey, isSubkey) ++ pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey, isSubkey) + pk.PrivateKey = priv + return pk +} @@ -24,7 +24,7 @@ diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go func (pk *PrivateKey) parse(r io.Reader) (err error) { err = (&pk.PublicKey).parse(r) if err != nil { -@@ -120,6 +127,8 @@ +@@ -121,6 +128,8 @@ switch priv := pk.PrivateKey.(type) { case *rsa.PrivateKey: err = serializeRSAPrivateKey(privateKeyBuf, priv) @@ -33,7 +33,7 @@ diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go default: err = error_.InvalidArgumentError("non-RSA private key") } -@@ -171,6 +180,10 @@ +@@ -172,6 +181,10 @@ return writeBig(w, priv.Precomputed.Qinv) } @@ -44,17 +44,17 @@ diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go // Decrypt decrypts an encrypted private key using a passphrase. func (pk *PrivateKey) Decrypt(passphrase []byte) error { if !pk.Encrypted { -diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/public_key.go ---- a/src/pkg/crypto/openpgp/packet/public_key.go Thu Nov 24 08:51:47 2011 -0800 -+++ b/src/pkg/crypto/openpgp/packet/public_key.go Tue Nov 29 17:21:15 2011 +0100 -@@ -52,6 +52,23 @@ +diff -r 7ec969250bfc src/pkg/crypto/openpgp/packet/public_key.go +--- a/src/pkg/crypto/openpgp/packet/public_key.go Tue Dec 27 09:49:19 2011 -0500 ++++ b/src/pkg/crypto/openpgp/packet/public_key.go Sat Dec 31 02:32:45 2011 +0100 +@@ -53,6 +53,23 @@ return pk } +// NewDSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey. -+func NewDSAPublicKey(creationTimeSecs uint32, pub *dsa.PublicKey, isSubkey bool) *PublicKey { ++func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey, isSubkey bool) *PublicKey { + pk := &PublicKey{ -+ CreationTime: creationTimeSecs, ++ CreationTime: creationTime, + PubKeyAlgo: PubKeyAlgoDSA, + PublicKey: pub, + IsSubkey: isSubkey, @@ -71,3 +71,19 @@ diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/public_key.go func (pk *PublicKey) parse(r io.Reader) (err error) { // RFC 4880, section 5.5.2 var buf [6]byte +@@ -291,7 +308,14 @@ + return nil + case PubKeyAlgoDSA: + dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey) +- if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) { ++ // Hash truncation according to FIPS 186-3 section 4.6 ++ // Assuming Q.BitLen() is a multiple of 8 ++ n := len(hashBytes) ++ k := dsaPublicKey.Q.BitLen() / 8 ++ if n > k { ++ n = k ++ } ++ if !dsa.Verify(dsaPublicKey, hashBytes[:n], new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) { + return error_.SignatureError("DSA verification failure") + } + return nil