| 
									
										
										
										
											2018-11-27 23:52:20 +02:00
										 |  |  | // Copyright 2011 The Go Authors. All rights reserved. | 
					
						
							|  |  |  | // Use of this source code is governed by a BSD-style | 
					
						
							|  |  |  | // license that can be found in the LICENSE file. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Package openpgp implements high level operations on OpenPGP messages. | 
					
						
							| 
									
										
										
										
											2021-08-23 23:07:40 +01:00
										 |  |  | // | 
					
						
							|  |  |  | // Deprecated: this package is unmaintained except for security fixes. New | 
					
						
							|  |  |  | // applications should consider a more focused, modern alternative to OpenPGP | 
					
						
							|  |  |  | // for their specific task. If you are required to interoperate with OpenPGP | 
					
						
							|  |  |  | // systems and need a maintained package, consider a community fork. | 
					
						
							|  |  |  | // See https://golang.org/issue/44226. | 
					
						
							| 
									
										
										
										
											2018-11-27 23:52:20 +02:00
										 |  |  | package openpgp // import "golang.org/x/crypto/openpgp" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"crypto" | 
					
						
							|  |  |  | 	_ "crypto/sha256" | 
					
						
							|  |  |  | 	"hash" | 
					
						
							|  |  |  | 	"io" | 
					
						
							|  |  |  | 	"strconv" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	"golang.org/x/crypto/openpgp/armor" | 
					
						
							|  |  |  | 	"golang.org/x/crypto/openpgp/errors" | 
					
						
							|  |  |  | 	"golang.org/x/crypto/openpgp/packet" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // SignatureType is the armor type for a PGP signature. | 
					
						
							|  |  |  | var SignatureType = "PGP SIGNATURE" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // readArmored reads an armored block with the given type. | 
					
						
							|  |  |  | func readArmored(r io.Reader, expectedType string) (body io.Reader, err error) { | 
					
						
							|  |  |  | 	block, err := armor.Decode(r) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if block.Type != expectedType { | 
					
						
							|  |  |  | 		return nil, errors.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return block.Body, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // MessageDetails contains the result of parsing an OpenPGP encrypted and/or | 
					
						
							|  |  |  | // signed message. | 
					
						
							|  |  |  | type MessageDetails struct { | 
					
						
							|  |  |  | 	IsEncrypted              bool                // true if the message was encrypted. | 
					
						
							|  |  |  | 	EncryptedToKeyIds        []uint64            // the list of recipient key ids. | 
					
						
							|  |  |  | 	IsSymmetricallyEncrypted bool                // true if a passphrase could have decrypted the message. | 
					
						
							|  |  |  | 	DecryptedWith            Key                 // the private key used to decrypt the message, if any. | 
					
						
							|  |  |  | 	IsSigned                 bool                // true if the message is signed. | 
					
						
							|  |  |  | 	SignedByKeyId            uint64              // the key id of the signer, if any. | 
					
						
							|  |  |  | 	SignedBy                 *Key                // the key of the signer, if available. | 
					
						
							|  |  |  | 	LiteralData              *packet.LiteralData // the metadata of the contents | 
					
						
							|  |  |  | 	UnverifiedBody           io.Reader           // the contents of the message. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// If IsSigned is true and SignedBy is non-zero then the signature will | 
					
						
							|  |  |  | 	// be verified as UnverifiedBody is read. The signature cannot be | 
					
						
							|  |  |  | 	// checked until the whole of UnverifiedBody is read so UnverifiedBody | 
					
						
							|  |  |  | 	// must be consumed until EOF before the data can be trusted. Even if a | 
					
						
							|  |  |  | 	// message isn't signed (or the signer is unknown) the data may contain | 
					
						
							|  |  |  | 	// an authentication code that is only checked once UnverifiedBody has | 
					
						
							|  |  |  | 	// been consumed. Once EOF has been seen, the following fields are | 
					
						
							|  |  |  | 	// valid. (An authentication code failure is reported as a | 
					
						
							|  |  |  | 	// SignatureError error when reading from UnverifiedBody.) | 
					
						
							|  |  |  | 	SignatureError error               // nil if the signature is good. | 
					
						
							|  |  |  | 	Signature      *packet.Signature   // the signature packet itself, if v4 (default) | 
					
						
							|  |  |  | 	SignatureV3    *packet.SignatureV3 // the signature packet if it is a v2 or v3 signature | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	decrypted io.ReadCloser | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // A PromptFunction is used as a callback by functions that may need to decrypt | 
					
						
							|  |  |  | // a private key, or prompt for a passphrase. It is called with a list of | 
					
						
							|  |  |  | // acceptable, encrypted private keys and a boolean that indicates whether a | 
					
						
							|  |  |  | // passphrase is usable. It should either decrypt a private key or return a | 
					
						
							|  |  |  | // passphrase to try. If the decrypted private key or given passphrase isn't | 
					
						
							|  |  |  | // correct, the function will be called again, forever. Any error returned will | 
					
						
							|  |  |  | // be passed up. | 
					
						
							|  |  |  | type PromptFunction func(keys []Key, symmetric bool) ([]byte, error) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // A keyEnvelopePair is used to store a private key with the envelope that | 
					
						
							|  |  |  | // contains a symmetric key, encrypted with that key. | 
					
						
							|  |  |  | type keyEnvelopePair struct { | 
					
						
							|  |  |  | 	key          Key | 
					
						
							|  |  |  | 	encryptedKey *packet.EncryptedKey | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ReadMessage parses an OpenPGP message that may be signed and/or encrypted. | 
					
						
							|  |  |  | // The given KeyRing should contain both public keys (for signature | 
					
						
							|  |  |  | // verification) and, possibly encrypted, private keys for decrypting. | 
					
						
							|  |  |  | // If config is nil, sensible defaults will be used. | 
					
						
							|  |  |  | func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error) { | 
					
						
							|  |  |  | 	var p packet.Packet | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	var symKeys []*packet.SymmetricKeyEncrypted | 
					
						
							|  |  |  | 	var pubKeys []keyEnvelopePair | 
					
						
							|  |  |  | 	var se *packet.SymmetricallyEncrypted | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	packets := packet.NewReader(r) | 
					
						
							|  |  |  | 	md = new(MessageDetails) | 
					
						
							|  |  |  | 	md.IsEncrypted = true | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// The message, if encrypted, starts with a number of packets | 
					
						
							|  |  |  | 	// containing an encrypted decryption key. The decryption key is either | 
					
						
							|  |  |  | 	// encrypted to a public key, or with a passphrase. This loop | 
					
						
							|  |  |  | 	// collects these packets. | 
					
						
							|  |  |  | ParsePackets: | 
					
						
							|  |  |  | 	for { | 
					
						
							|  |  |  | 		p, err = packets.Next() | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		switch p := p.(type) { | 
					
						
							|  |  |  | 		case *packet.SymmetricKeyEncrypted: | 
					
						
							|  |  |  | 			// This packet contains the decryption key encrypted with a passphrase. | 
					
						
							|  |  |  | 			md.IsSymmetricallyEncrypted = true | 
					
						
							|  |  |  | 			symKeys = append(symKeys, p) | 
					
						
							|  |  |  | 		case *packet.EncryptedKey: | 
					
						
							|  |  |  | 			// This packet contains the decryption key encrypted to a public key. | 
					
						
							|  |  |  | 			md.EncryptedToKeyIds = append(md.EncryptedToKeyIds, p.KeyId) | 
					
						
							|  |  |  | 			switch p.Algo { | 
					
						
							|  |  |  | 			case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSAEncryptOnly, packet.PubKeyAlgoElGamal: | 
					
						
							|  |  |  | 				break | 
					
						
							|  |  |  | 			default: | 
					
						
							|  |  |  | 				continue | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			var keys []Key | 
					
						
							|  |  |  | 			if p.KeyId == 0 { | 
					
						
							|  |  |  | 				keys = keyring.DecryptionKeys() | 
					
						
							|  |  |  | 			} else { | 
					
						
							|  |  |  | 				keys = keyring.KeysById(p.KeyId) | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			for _, k := range keys { | 
					
						
							|  |  |  | 				pubKeys = append(pubKeys, keyEnvelopePair{k, p}) | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		case *packet.SymmetricallyEncrypted: | 
					
						
							|  |  |  | 			se = p | 
					
						
							|  |  |  | 			break ParsePackets | 
					
						
							|  |  |  | 		case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature: | 
					
						
							|  |  |  | 			// This message isn't encrypted. | 
					
						
							|  |  |  | 			if len(symKeys) != 0 || len(pubKeys) != 0 { | 
					
						
							|  |  |  | 				return nil, errors.StructuralError("key material not followed by encrypted message") | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			packets.Unread(p) | 
					
						
							|  |  |  | 			return readSignedMessage(packets, nil, keyring) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	var candidates []Key | 
					
						
							|  |  |  | 	var decrypted io.ReadCloser | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Now that we have the list of encrypted keys we need to decrypt at | 
					
						
							|  |  |  | 	// least one of them or, if we cannot, we need to call the prompt | 
					
						
							|  |  |  | 	// function so that it can decrypt a key or give us a passphrase. | 
					
						
							|  |  |  | FindKey: | 
					
						
							|  |  |  | 	for { | 
					
						
							|  |  |  | 		// See if any of the keys already have a private key available | 
					
						
							|  |  |  | 		candidates = candidates[:0] | 
					
						
							|  |  |  | 		candidateFingerprints := make(map[string]bool) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		for _, pk := range pubKeys { | 
					
						
							|  |  |  | 			if pk.key.PrivateKey == nil { | 
					
						
							|  |  |  | 				continue | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			if !pk.key.PrivateKey.Encrypted { | 
					
						
							|  |  |  | 				if len(pk.encryptedKey.Key) == 0 { | 
					
						
							|  |  |  | 					pk.encryptedKey.Decrypt(pk.key.PrivateKey, config) | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				if len(pk.encryptedKey.Key) == 0 { | 
					
						
							|  |  |  | 					continue | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				decrypted, err = se.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key) | 
					
						
							|  |  |  | 				if err != nil && err != errors.ErrKeyIncorrect { | 
					
						
							|  |  |  | 					return nil, err | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				if decrypted != nil { | 
					
						
							|  |  |  | 					md.DecryptedWith = pk.key | 
					
						
							|  |  |  | 					break FindKey | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 			} else { | 
					
						
							|  |  |  | 				fpr := string(pk.key.PublicKey.Fingerprint[:]) | 
					
						
							|  |  |  | 				if v := candidateFingerprints[fpr]; v { | 
					
						
							|  |  |  | 					continue | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				candidates = append(candidates, pk.key) | 
					
						
							|  |  |  | 				candidateFingerprints[fpr] = true | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if len(candidates) == 0 && len(symKeys) == 0 { | 
					
						
							|  |  |  | 			return nil, errors.ErrKeyIncorrect | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if prompt == nil { | 
					
						
							|  |  |  | 			return nil, errors.ErrKeyIncorrect | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		passphrase, err := prompt(candidates, len(symKeys) != 0) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		// Try the symmetric passphrase first | 
					
						
							|  |  |  | 		if len(symKeys) != 0 && passphrase != nil { | 
					
						
							|  |  |  | 			for _, s := range symKeys { | 
					
						
							|  |  |  | 				key, cipherFunc, err := s.Decrypt(passphrase) | 
					
						
							|  |  |  | 				if err == nil { | 
					
						
							|  |  |  | 					decrypted, err = se.Decrypt(cipherFunc, key) | 
					
						
							|  |  |  | 					if err != nil && err != errors.ErrKeyIncorrect { | 
					
						
							|  |  |  | 						return nil, err | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 					if decrypted != nil { | 
					
						
							|  |  |  | 						break FindKey | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	md.decrypted = decrypted | 
					
						
							|  |  |  | 	if err := packets.Push(decrypted); err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return readSignedMessage(packets, md, keyring) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // readSignedMessage reads a possibly signed message if mdin is non-zero then | 
					
						
							|  |  |  | // that structure is updated and returned. Otherwise a fresh MessageDetails is | 
					
						
							|  |  |  | // used. | 
					
						
							|  |  |  | func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing) (md *MessageDetails, err error) { | 
					
						
							|  |  |  | 	if mdin == nil { | 
					
						
							|  |  |  | 		mdin = new(MessageDetails) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	md = mdin | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	var p packet.Packet | 
					
						
							|  |  |  | 	var h hash.Hash | 
					
						
							|  |  |  | 	var wrappedHash hash.Hash | 
					
						
							|  |  |  | FindLiteralData: | 
					
						
							|  |  |  | 	for { | 
					
						
							|  |  |  | 		p, err = packets.Next() | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		switch p := p.(type) { | 
					
						
							|  |  |  | 		case *packet.Compressed: | 
					
						
							|  |  |  | 			if err := packets.Push(p.Body); err != nil { | 
					
						
							|  |  |  | 				return nil, err | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		case *packet.OnePassSignature: | 
					
						
							|  |  |  | 			if !p.IsLast { | 
					
						
							|  |  |  | 				return nil, errors.UnsupportedError("nested signatures") | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 			h, wrappedHash, err = hashForSignature(p.Hash, p.SigType) | 
					
						
							|  |  |  | 			if err != nil { | 
					
						
							|  |  |  | 				md = nil | 
					
						
							|  |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 			md.IsSigned = true | 
					
						
							|  |  |  | 			md.SignedByKeyId = p.KeyId | 
					
						
							|  |  |  | 			keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign) | 
					
						
							|  |  |  | 			if len(keys) > 0 { | 
					
						
							|  |  |  | 				md.SignedBy = &keys[0] | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		case *packet.LiteralData: | 
					
						
							|  |  |  | 			md.LiteralData = p | 
					
						
							|  |  |  | 			break FindLiteralData | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if md.SignedBy != nil { | 
					
						
							|  |  |  | 		md.UnverifiedBody = &signatureCheckReader{packets, h, wrappedHash, md} | 
					
						
							|  |  |  | 	} else if md.decrypted != nil { | 
					
						
							|  |  |  | 		md.UnverifiedBody = checkReader{md} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		md.UnverifiedBody = md.LiteralData.Body | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return md, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // hashForSignature returns a pair of hashes that can be used to verify a | 
					
						
							|  |  |  | // signature. The signature may specify that the contents of the signed message | 
					
						
							|  |  |  | // should be preprocessed (i.e. to normalize line endings). Thus this function | 
					
						
							|  |  |  | // returns two hashes. The second should be used to hash the message itself and | 
					
						
							|  |  |  | // performs any needed preprocessing. | 
					
						
							|  |  |  | func hashForSignature(hashId crypto.Hash, sigType packet.SignatureType) (hash.Hash, hash.Hash, error) { | 
					
						
							|  |  |  | 	if !hashId.Available() { | 
					
						
							|  |  |  | 		return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashId))) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	h := hashId.New() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	switch sigType { | 
					
						
							|  |  |  | 	case packet.SigTypeBinary: | 
					
						
							|  |  |  | 		return h, h, nil | 
					
						
							|  |  |  | 	case packet.SigTypeText: | 
					
						
							|  |  |  | 		return h, NewCanonicalTextHash(h), nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return nil, nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType))) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // checkReader wraps an io.Reader from a LiteralData packet. When it sees EOF | 
					
						
							|  |  |  | // it closes the ReadCloser from any SymmetricallyEncrypted packet to trigger | 
					
						
							|  |  |  | // MDC checks. | 
					
						
							|  |  |  | type checkReader struct { | 
					
						
							|  |  |  | 	md *MessageDetails | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (cr checkReader) Read(buf []byte) (n int, err error) { | 
					
						
							|  |  |  | 	n, err = cr.md.LiteralData.Body.Read(buf) | 
					
						
							|  |  |  | 	if err == io.EOF { | 
					
						
							|  |  |  | 		mdcErr := cr.md.decrypted.Close() | 
					
						
							|  |  |  | 		if mdcErr != nil { | 
					
						
							|  |  |  | 			err = mdcErr | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // signatureCheckReader wraps an io.Reader from a LiteralData packet and hashes | 
					
						
							|  |  |  | // the data as it is read. When it sees an EOF from the underlying io.Reader | 
					
						
							|  |  |  | // it parses and checks a trailing Signature packet and triggers any MDC checks. | 
					
						
							|  |  |  | type signatureCheckReader struct { | 
					
						
							|  |  |  | 	packets        *packet.Reader | 
					
						
							|  |  |  | 	h, wrappedHash hash.Hash | 
					
						
							|  |  |  | 	md             *MessageDetails | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) { | 
					
						
							|  |  |  | 	n, err = scr.md.LiteralData.Body.Read(buf) | 
					
						
							|  |  |  | 	scr.wrappedHash.Write(buf[:n]) | 
					
						
							|  |  |  | 	if err == io.EOF { | 
					
						
							|  |  |  | 		var p packet.Packet | 
					
						
							|  |  |  | 		p, scr.md.SignatureError = scr.packets.Next() | 
					
						
							|  |  |  | 		if scr.md.SignatureError != nil { | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		var ok bool | 
					
						
							|  |  |  | 		if scr.md.Signature, ok = p.(*packet.Signature); ok { | 
					
						
							|  |  |  | 			scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignature(scr.h, scr.md.Signature) | 
					
						
							|  |  |  | 		} else if scr.md.SignatureV3, ok = p.(*packet.SignatureV3); ok { | 
					
						
							|  |  |  | 			scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignatureV3(scr.h, scr.md.SignatureV3) | 
					
						
							|  |  |  | 		} else { | 
					
						
							|  |  |  | 			scr.md.SignatureError = errors.StructuralError("LiteralData not followed by Signature") | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		// The SymmetricallyEncrypted packet, if any, might have an | 
					
						
							|  |  |  | 		// unsigned hash of its own. In order to check this we need to | 
					
						
							|  |  |  | 		// close that Reader. | 
					
						
							|  |  |  | 		if scr.md.decrypted != nil { | 
					
						
							|  |  |  | 			mdcErr := scr.md.decrypted.Close() | 
					
						
							|  |  |  | 			if mdcErr != nil { | 
					
						
							|  |  |  | 				err = mdcErr | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // CheckDetachedSignature takes a signed file and a detached signature and | 
					
						
							|  |  |  | // returns the signer if the signature is valid. If the signer isn't known, | 
					
						
							|  |  |  | // ErrUnknownIssuer is returned. | 
					
						
							|  |  |  | func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) { | 
					
						
							|  |  |  | 	var issuerKeyId uint64 | 
					
						
							|  |  |  | 	var hashFunc crypto.Hash | 
					
						
							|  |  |  | 	var sigType packet.SignatureType | 
					
						
							|  |  |  | 	var keys []Key | 
					
						
							|  |  |  | 	var p packet.Packet | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	packets := packet.NewReader(signature) | 
					
						
							|  |  |  | 	for { | 
					
						
							|  |  |  | 		p, err = packets.Next() | 
					
						
							|  |  |  | 		if err == io.EOF { | 
					
						
							|  |  |  | 			return nil, errors.ErrUnknownIssuer | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		switch sig := p.(type) { | 
					
						
							|  |  |  | 		case *packet.Signature: | 
					
						
							|  |  |  | 			if sig.IssuerKeyId == nil { | 
					
						
							|  |  |  | 				return nil, errors.StructuralError("signature doesn't have an issuer") | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			issuerKeyId = *sig.IssuerKeyId | 
					
						
							|  |  |  | 			hashFunc = sig.Hash | 
					
						
							|  |  |  | 			sigType = sig.SigType | 
					
						
							|  |  |  | 		case *packet.SignatureV3: | 
					
						
							|  |  |  | 			issuerKeyId = sig.IssuerKeyId | 
					
						
							|  |  |  | 			hashFunc = sig.Hash | 
					
						
							|  |  |  | 			sigType = sig.SigType | 
					
						
							|  |  |  | 		default: | 
					
						
							|  |  |  | 			return nil, errors.StructuralError("non signature packet found") | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		keys = keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign) | 
					
						
							|  |  |  | 		if len(keys) > 0 { | 
					
						
							|  |  |  | 			break | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if len(keys) == 0 { | 
					
						
							|  |  |  | 		panic("unreachable") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	h, wrappedHash, err := hashForSignature(hashFunc, sigType) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if _, err := io.Copy(wrappedHash, signed); err != nil && err != io.EOF { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for _, key := range keys { | 
					
						
							|  |  |  | 		switch sig := p.(type) { | 
					
						
							|  |  |  | 		case *packet.Signature: | 
					
						
							|  |  |  | 			err = key.PublicKey.VerifySignature(h, sig) | 
					
						
							|  |  |  | 		case *packet.SignatureV3: | 
					
						
							|  |  |  | 			err = key.PublicKey.VerifySignatureV3(h, sig) | 
					
						
							|  |  |  | 		default: | 
					
						
							|  |  |  | 			panic("unreachable") | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if err == nil { | 
					
						
							|  |  |  | 			return key.Entity, nil | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return nil, err | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // CheckArmoredDetachedSignature performs the same actions as | 
					
						
							|  |  |  | // CheckDetachedSignature but expects the signature to be armored. | 
					
						
							|  |  |  | func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) { | 
					
						
							|  |  |  | 	body, err := readArmored(signature, SignatureType) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return CheckDetachedSignature(keyring, signed, body) | 
					
						
							|  |  |  | } |