122 /* signature mpi indices in bignumber array */
129 /* signature types */
132 #define SIGTYPE_STANDALONE		0x02	/* Standalone signature */
143 #define SIGTYPE_KEY_REVOCATION		0x20	/* Key revocation signature */
144 #define SIGTYPE_SUBKEY_REVOCATION	0x28	/* Subkey revocation signature */
145 #define SIGTYPE_CERT_REVOCATION		0x30	/* Certification revocation signature */
147 #define SIGTYPE_TIMESTAMP_SIG		0x40	/* Timestamp signature */
148 #define SIGTYPE_3RDPARTY		0x50	/* Third-Party Confirmation signature */
666 /* read mpis in signature */
698 /* add the signature sub packet to the signature packet */
713 /* read the subpackets in the signature */
801 			printf("Ignoring unusual/reserved signature subpacket %d\n", subpkt.tag);
811 /* parse signature packet */
868 		printf("read_sigpkt: unusual signature version (%u)\n", sigpkt->sig.version);
958 /* parse one pass signature packet */
1180 /* checks the packet is a signature packet, and the signature type is the expected one */
1204 /* recognise signature (and trust) packet */
1206 recog_signature(pgpv_t *pgp, pgpv_signature_t *signature)
1209 		printf("recog_signature: not a signature packet\n");
1212 	memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature));
1224 	pgpv_signature_t	 signature;
1237 		if (!recog_signature(pgp, &signature)) {
1238 			printf("recog_userid: can't recognise signature/trust\n");
1241 		ARRAY_APPEND(userid->sigs, signature);
1242 		if (signature.primary_userid) {
1243 			userid->primary_userid = signature.primary_userid;
1245 		if (signature.revoked) {
1246 			userid->revoked = signature.revoked;
1256 	pgpv_signature_t	 signature;
1266 		if (!recog_signature(pgp, &signature)) {
1267 			printf("recog_userattr: can't recognise signature/trust\n");
1270 		ARRAY_APPEND(userattr->sigs, signature);
1271 		if (signature.revoked) {
1272 			userattr->revoked = signature.revoked;
1282 	pgpv_signature_t	 signature;
1292 		recog_signature(pgp, &signature);
1293 		subkey->revoc_self_sig = signature;
1297 			printf("recog_subkey: not signature packet at %zu\n", pgp->pkt);
1300 		if (!recog_signature(pgp, &signature)) {
1301 			printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt);
1304 		ARRAY_APPEND(subkey->sigs, signature);
1305 		if (signature.keyexpiry) {
1307 			subkey->subkey.expiry = signature.keyexpiry;
1397 	cc = fmt_pubkey(s, size, &primary->primary, "signature ");
1412 /* check the padding on the signature */
1525 	cc = SUBKEY_LEN("signature") +
1531 /* use public decrypt to verify a signature */
1549 /* verify rsa signature */
1600 /* verify DSA signature */
1681 /* check dates on signature and key are valid */
1683 valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size)
1690 	if (signature->birth < pubkey->birth) {
1691 		TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth);
1696 	if (signature->expiry != 0) {
1697 		if ((t = signature->birth + signature->expiry) < now) {
1702 	if (now < signature->birth) {
1703 		TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth);
1743 	snprintf(cursor->why, sizeof(cursor->why), "No signature to verify");
1815 			"malformed armed signature at %zu", (size_t)(p - mem->mem));
1822 	read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
1824 	read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3);
1889 			read_binary_file(pgp, "signature", "%s", (const char *)p);
1896 			read_binary_memory(pgp, "signature", p, (size_t)size);
1955 	pgpv_signature_t	 signature;
1964 			printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n");
1969 		if (!recog_signature(pgp, &signature)) {
1970 			printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n");
1973 		if (signature.keyexpiry) {
1975 			primary->primary.expiry = signature.keyexpiry;
1977 		ARRAY_APPEND(primary->direct_sigs, signature);
2032 	} else if (strcmp(op, "signature") == 0) {
2087 /* fixup the detached signature packets */
2110 	read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
2135 /* match the calculated signature against the oen in the signature packet */
2137 match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size)
2145 		get_ref(&signature->hashstart), signature->hashlen,
2146 		(signature->type == SIGTYPE_TEXT) ? 't' : 'b');
2147 	if (ALG_IS_RSA(signature->keyalg)) {
2148 		match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2149 	} else if (ALG_IS_DSA(signature->keyalg)) {
2150 		match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2152 		snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg);
2155 	if (!match && signature->type == SIGTYPE_TEXT) {
2159 			get_ref(&signature->hashstart), signature->hashlen, 'w');
2160 		if (ALG_IS_RSA(signature->keyalg)) {
2161 			match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2162 		} else if (ALG_IS_DSA(signature->keyalg)) {
2163 			match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2170 	if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) {
2176 	if (signature->revoked) {
2262 	pgpv_signature_t	*signature;
2281 		/* got detached signature here */
2288 		snprintf(cursor->why, sizeof(cursor->why), "No signature found");
2294 	signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig;
2295 	/* sanity check values in signature and onepass agree */
2296 	if (signature->birth == 0) {
2298 			signature->birth, "] out of range", 0);
2301 	if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
2307 	if (onepass->hashalg != signature->hashalg) {
2309 			signature->hashalg, onepass->hashalg);
2312 	if (onepass->keyalg != signature->keyalg) {
2314 			signature->keyalg, onepass->keyalg);
2324 	cursor->sigtime = signature->birth;
2327 	if (!match_sig(cursor, signature, pubkey, data, insize)) {

Indexes created Mon Sep 09 02:09:33 MDT 2024