nsz Git - epoint/blob - patches/sig.diff

   1 diff -r 7ec969250bfc src/pkg/crypto/openpgp/packet/signature.go
   2 --- a/src/pkg/crypto/openpgp/packet/signature.go        Tue Dec 27 09:49:19 2011 -0500
   3 +++ b/src/pkg/crypto/openpgp/packet/signature.go        Sat Dec 31 02:32:41 2011 +0100
   4 @@ -164,7 +164,7 @@
   5  const (
   6         creationTimeSubpacket        signatureSubpacketType = 2
   7         signatureExpirationSubpacket signatureSubpacketType = 3
   8 -       keyExpirySubpacket           signatureSubpacketType = 9
   9 +       keyExpirationSubpacket       signatureSubpacketType = 9
  10         prefSymmetricAlgosSubpacket  signatureSubpacketType = 11
  11         issuerSubpacket              signatureSubpacketType = 16
  12         prefHashAlgosSubpacket       signatureSubpacketType = 21
  13 @@ -225,11 +225,7 @@
  14                         return
  15                 }
  16                 t := binary.BigEndian.Uint32(subpacket)
  17 -               if t == 0 {
  18 -                       sig.CreationTime = time.Time{}
  19 -               } else {
  20 -                       sig.CreationTime = time.Unix(int64(t), 0)
  21 -               }
  22 +               sig.CreationTime = time.Unix(int64(t), 0)
  23         case signatureExpirationSubpacket:
  24                 // Signature expiration time, section 5.2.3.10
  25                 if !isHashed {
  26 @@ -241,7 +237,7 @@
  27                 }
  28                 sig.SigLifetimeSecs = new(uint32)
  29                 *sig.SigLifetimeSecs = binary.BigEndian.Uint32(subpacket)
  30 -       case keyExpirySubpacket:
  31 +       case keyExpirationSubpacket:
  32                 // Key expiration time, section 5.2.3.6
  33                 if !isHashed {
  34                         return
  35 @@ -443,7 +439,15 @@
  36                 sig.RSASignature.bytes, err = rsa.SignPKCS1v15(rand.Reader, priv.PrivateKey.(*rsa.PrivateKey), sig.Hash, digest)
  37                 sig.RSASignature.bitLength = uint16(8 * len(sig.RSASignature.bytes))
  38         case PubKeyAlgoDSA:
  39 -               r, s, err := dsa.Sign(rand.Reader, priv.PrivateKey.(*dsa.PrivateKey), digest)
  40 +               dsaPrivateKey := priv.PrivateKey.(*dsa.PrivateKey)
  41 +               // Hash truncation according to FIPS 186-3 section 4.6
  42 +               // Assuming Q.BitLen() is a multiple of 8
  43 +               n := len(digest)
  44 +               k := dsaPrivateKey.Q.BitLen() / 8
  45 +               if n > k {
  46 +                       n = k
  47 +               }
  48 +               r, s, err := dsa.Sign(rand.Reader, dsaPrivateKey, digest[:n])
  49                 if err == nil {
  50                         sig.DSASigR.bytes = r.Bytes()
  51                         sig.DSASigR.bitLength = uint16(8 * len(sig.DSASigR.bytes))
  52 @@ -556,5 +560,59 @@
  53                 subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId})
  54         }
  55
  56 +       if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 {
  57 +               sigLifetime := make([]byte, 4)
  58 +               binary.BigEndian.PutUint32(sigLifetime, *sig.SigLifetimeSecs)
  59 +               // signature expiration is marked as critical
  60 +               subpackets = append(subpackets, outputSubpacket{true, signatureExpirationSubpacket, true, sigLifetime})
  61 +       }
  62 +
  63 +       // The following subpackets may only appear in self-signatures
  64 +
  65 +       if sig.KeyLifetimeSecs != nil && *sig.KeyLifetimeSecs != 0 {
  66 +               keyLifetime := make([]byte, 4)
  67 +               binary.BigEndian.PutUint32(keyLifetime, *sig.KeyLifetimeSecs)
  68 +               // TODO:
  69 +               // key expiration is marked as critical
  70 +               subpackets = append(subpackets, outputSubpacket{true, keyExpirationSubpacket, true, keyLifetime})
  71 +       }
  72 +
  73 +       if sig.IsPrimaryId != nil && *sig.IsPrimaryId {
  74 +               subpackets = append(subpackets, outputSubpacket{true, primaryUserIdSubpacket, false, []byte{1}})
  75 +       }
  76 +
  77 +       // []byte slices of preferred algorithms are not copied
  78 +
  79 +       if len(sig.PreferredSymmetric) > 0 {
  80 +               subpackets = append(subpackets, outputSubpacket{true, prefSymmetricAlgosSubpacket, false, sig.PreferredSymmetric})
  81 +       }
  82 +
  83 +       if len(sig.PreferredHash) > 0 {
  84 +               subpackets = append(subpackets, outputSubpacket{true, prefHashAlgosSubpacket, false, sig.PreferredHash})
  85 +       }
  86 +
  87 +       if len(sig.PreferredCompression) > 0 {
  88 +               subpackets = append(subpackets, outputSubpacket{true, prefCompressionSubpacket, false, sig.PreferredCompression})
  89 +       }
  90 +
  91 +       // The Key Flags subpacket may only appear in self-signatures or certification signatures
  92 +
  93 +       if sig.FlagsValid {
  94 +               flags := byte(0)
  95 +               if sig.FlagCertify {
  96 +                       flags |= 1
  97 +               }
  98 +               if sig.FlagSign {
  99 +                       flags |= 2
 100 +               }
 101 +               if sig.FlagEncryptCommunications {
 102 +                       flags |= 4
 103 +               }
 104 +               if sig.FlagEncryptStorage {
 105 +                       flags |= 8
 106 +               }
 107 +               subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, false, []byte{flags}})
 108 +       }
 109 +
 110         return
 111  }