123 /* a signature sub packet */
170 /* a signature packet */
178 /* a one-pass signature packet */
295 	int64_t			 sigtime;		/* time of signature */
296 	char			 why[PGPV_REASON_LEN];	/* reason for bad signature */
384 /* signature mpi indices in bignumber array */
391 /* signature types */
394 #define SIGTYPE_STANDALONE		0x02	/* Standalone signature */
405 #define SIGTYPE_KEY_REVOCATION		0x20	/* Key revocation signature */
406 #define SIGTYPE_SUBKEY_REVOCATION	0x28	/* Subkey revocation signature */
407 #define SIGTYPE_CERT_REVOCATION		0x30	/* Certification revocation signature */
409 #define SIGTYPE_TIMESTAMP_SIG		0x40	/* Timestamp signature */
410 #define SIGTYPE_3RDPARTY		0x50	/* Third-Party Confirmation signature */
1051 /* read mpis in signature */
1083 /* add the signature sub packet to the signature packet */
1099 /* read the subpackets in the signature */
1191 			printf("Ignoring unusual/reserved signature subpacket %d\n", subpkt.tag);
1202 /* parse signature packet */
1261 		printf("read_sigpkt: unusual signature version (%u)\n", sigpkt->sig.version);
1351 /* parse one pass signature packet */
1575 /* checks the packet is a signature packet, and the signature type is the expected one */
1599 /* recognise signature (and trust) packet */
1601 recog_signature(pgpv_t *pgp, pgpv_signature_t *signature)
1604 		printf("recog_signature: not a signature packet\n");
1607 	memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature));
1619 	pgpv_signature_t	 signature;
1633 		if (!recog_signature(pgp, &signature)) {
1634 			printf("recog_userid: can't recognise signature/trust\n");
1638 		ARRAY_APPEND(pgp->signatures, signature);
1639 		if (signature.primary_userid) {
1640 			userid->primary_userid = signature.primary_userid;
1642 		if (signature.revoked) {
1643 			userid->revoked = signature.revoked;
1653 	pgpv_signature_t	 signature;
1663 		if (!recog_signature(pgp, &signature)) {
1664 			printf("recog_userattr: can't recognise signature/trust\n");
1668 		ARRAY_APPEND(pgp->signatures, signature);
1669 		if (signature.revoked) {
1670 			userattr->revoked = signature.revoked;
1680 	pgpv_signature_t	 signature;
1690 		recog_signature(pgp, &signature);
1691 		subkey->revoc_self_sig = signature;
1695 			printf("recog_subkey: not signature packet at %zu\n", pgp->pkt);
1698 		if (!recog_signature(pgp, &signature)) {
1699 			printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt);
1703 		ARRAY_APPEND(pgp->signatures, signature);
1704 		if (signature.keyexpiry) {
1706 			subkey->subkey.expiry = signature.keyexpiry;
1835 	if (!fmt_pubkey(obuf, pubkey, "signature    ")) {
1871 /* check the padding on the signature */
1985 	cc = SUBKEY_LEN("signature") +
1991 /* use public decrypt to verify a signature */
2009 /* verify rsa signature */
2060 /* verify DSA signature */
2141 /* check dates on signature and key are valid */
2143 valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size)
2150 	if (signature->birth < pubkey->birth) {
2151 		TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth);
2156 	if (signature->expiry != 0) {
2157 		if ((t = signature->birth + signature->expiry) < now) {
2162 	if (now < signature->birth) {
2163 		TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s", signature->birth);
2203 	snprintf(cursor->why, sizeof(cursor->why), "No signature to verify");
2312 			"malformed armed signature at %zu", (size_t)(p - mem->mem));
2325 	read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
2327 	read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3);
2392 			read_binary_file(pgp, "signature", "%s", (const char *)p);
2399 			read_binary_memory(pgp, "signature", p, (size_t)size);
2458 	pgpv_signature_t	 signature;
2467 			printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n");
2472 		if (!recog_signature(pgp, &signature)) {
2473 			printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n");
2476 		if (signature.keyexpiry) {
2478 			primary->primary.expiry = signature.keyexpiry;
2481 		ARRAY_APPEND(pgp->signatures, signature);
2540 	} else if (strcmp(op, "signature") == 0) {
2791 /* fixup the detached signature packets */
2814 	read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
2840 /* match the calculated signature against the one in the signature packet */
2842 match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size)
2850 		get_ref(&signature->hashstart), signature->hashlen,
2851 		(signature->type == SIGTYPE_TEXT) ? 't' : 'b');
2852 	if (ALG_IS_RSA(signature->keyalg)) {
2853 		match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2854 	} else if (ALG_IS_DSA(signature->keyalg)) {
2855 		match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2857 		snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg);
2860 	if (!match && signature->type == SIGTYPE_TEXT) {
2864 			get_ref(&signature->hashstart), signature->hashlen, 'w');
2865 		if (ALG_IS_RSA(signature->keyalg)) {
2866 			match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2867 		} else if (ALG_IS_DSA(signature->keyalg)) {
2868 			match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2875 	if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) {
2881 	if (signature->revoked) {
2888 /* fixup key id, with birth, keyalg and hashalg value from signature */
2890 fixup_ssh_keyid(pgpv_t *pgp, pgpv_signature_t *signature, const char *hashtype)
2897 		pubkey->keyalg = signature->keyalg;
2946 /* match the signature with the id indexed by 'primary' */
2948 match_sig_id(pgpv_cursor_t *cursor, pgpv_t *pgp, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary, unsigned sub)
2956 	cursor->sigtime = signature->birth;
2961 		return match_sig(cursor, signature, pubkey, data, insize);
2966 	return match_sig(cursor, signature, pubkey, data, insize);
2975 		return "signature packet";
2977 		return "onepass signature packet";
3160 	pgpv_signature_t	*signature;
3176 		/* got detached signature here */
3183 		snprintf(cursor->why, sizeof(cursor->why), "No signature found");
3189 	signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig;
3190 	/* sanity check values in signature and onepass agree */
3191 	if (signature->birth == 0) {
3193 				signature->birth, "] out of range", 0)) {
3199 	if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
3209 	if (onepass->hashalg != signature->hashalg) {
3212 			signature->hashalg, onepass->hashalg);
3215 	if (onepass->keyalg != signature->keyalg) {
3218 			signature->keyalg, onepass->keyalg);
3222 		fixup_ssh_keyid(cursor->pgp, signature, "sha1");
3235 	if (!match_sig_id(cursor, pgp, signature, litdata, (unsigned)j, sub)) {

Indexes created Mon Sep 09 02:09:33 MDT 2024