-
Notifications
You must be signed in to change notification settings - Fork 64
/
armor62_verify.go
81 lines (72 loc) · 3.39 KB
/
armor62_verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package saltpack
import (
"bytes"
"io"
)
var (
armor62SignatureHeaderChecker HeaderChecker = func(header string) (string, error) {
return parseFrame(header, MessageTypeAttachedSignature, headerMarker)
}
armor62SignatureFrameChecker FrameChecker = func(header, footer string) (string, error) {
return CheckArmor62(header, footer, MessageTypeAttachedSignature)
}
armor62DetachedSignatureHeaderChecker HeaderChecker = func(header string) (string, error) {
return parseFrame(header, MessageTypeDetachedSignature, headerMarker)
}
armor62DetachedSignatureFrameChecker FrameChecker = func(header, footer string) (string, error) {
return CheckArmor62(header, footer, MessageTypeDetachedSignature)
}
)
// NewDearmor62VerifyStream creates a stream that consumes data from reader
// r. It returns the signer's public key and a reader that only
// contains verified data. If the signer's key is not in keyring,
// it will return an error. It expects the data it reads from r to
// be armor62-encoded.
func NewDearmor62VerifyStream(versionValidator VersionValidator, r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, brand string, err error) {
dearmored, frame, err := NewArmor62DecoderStream(r, armor62SignatureHeaderChecker, armor62SignatureFrameChecker)
if err != nil {
return nil, nil, "", err
}
skey, vs, err = NewVerifyStream(versionValidator, dearmored, keyring)
if err != nil {
return nil, nil, "", err
}
if brand, err = frame.GetBrand(); err != nil {
return nil, nil, "", err
}
return skey, vs, brand, nil
}
// Dearmor62Verify checks the signature in signedMsg. It returns the
// signer's public key and a verified message. It expects
// signedMsg to be armor62-encoded.
func Dearmor62Verify(versionValidator VersionValidator, signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error) {
skey, stream, brand, err := NewDearmor62VerifyStream(versionValidator, bytes.NewBufferString(signedMsg), keyring)
if err != nil {
return nil, nil, "", err
}
verifiedMsg, err = io.ReadAll(stream)
if err != nil {
return nil, nil, "", err
}
return skey, verifiedMsg, brand, nil
}
// Dearmor62VerifyDetachedReader verifies that signature is a valid
// armor62-encoded signature for entire message read from Reader,
// and that the public key for the signer is in keyring. It returns
// the signer's public key.
func Dearmor62VerifyDetachedReader(versionValidator VersionValidator, r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error) {
dearmored, brand, _, _, err := Armor62OpenWithValidation(signature, armor62DetachedSignatureHeaderChecker, armor62DetachedSignatureFrameChecker)
if err != nil {
return nil, "", err
}
skey, err = VerifyDetachedReader(versionValidator, r, dearmored, keyring)
return skey, brand, err
}
// Dearmor62VerifyDetached verifies that signature is a valid
// armor62-encoded signature for message, and that the public key
// for the signer is in keyring. It returns the signer's public key.
func Dearmor62VerifyDetached(versionValidator VersionValidator, message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error) {
return Dearmor62VerifyDetachedReader(versionValidator, bytes.NewReader(message), signature, keyring)
}