diff --git a/go/CHANGELOG.md b/go/CHANGELOG.md index 174126796bae..b8c789a007c8 100644 --- a/go/CHANGELOG.md +++ b/go/CHANGELOG.md @@ -1,6 +1,7 @@ ## 1.0.15 - If a public key really consists of the same key listed twice, then merge the two keys and try again (PR: keybase/client#2130). +- Support for sneak's public key (via vendored PR: keybase/go-crypto#17) ## 1.0.14 (2016-02-24) - Fix crasher on passphrase recover on Linux (PR: keybase/client#2062) diff --git a/go/vendor/github.com/keybase/go-crypto/openpgp/keys.go b/go/vendor/github.com/keybase/go-crypto/openpgp/keys.go index 757b7b9be1f0..be0752b212f1 100644 --- a/go/vendor/github.com/keybase/go-crypto/openpgp/keys.go +++ b/go/vendor/github.com/keybase/go-crypto/openpgp/keys.go @@ -393,7 +393,20 @@ EachPacket: current.UserId = pkt case *packet.Signature: - // First handle the case of a self-signature. According to RFC8440, + // These are signatures by other people on this key. Let's just ignore them + // from the beginning, since they shouldn't affect our key decoding one way + // or the other. + if pkt.IssuerKeyId != nil && *pkt.IssuerKeyId != e.PrimaryKey.KeyId { + continue + } + + // If this is a signature made by the keyholder, and the signature has stubbed out + // critical packets, then *now* we need to bail out. + if e := pkt.StubbedOutCriticalError; e != nil { + return nil, e + } + + // Next handle the case of a self-signature. According to RFC8440, // Section 5.2.3.3, if there are several self-signatures, // we should take the newer one. if current != nil && diff --git a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/private_key.go b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/private_key.go index ae2ad2a92706..a62a927880a2 100644 --- a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/private_key.go +++ b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/private_key.go @@ -47,6 +47,13 @@ func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey { return pk } +func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey { + pk := new(PrivateKey) + pk.PublicKey = *NewElGamalPublicKey(currentTime, &priv.PublicKey) + pk.PrivateKey = priv + return pk +} + func (pk *PrivateKey) parse(r io.Reader) (err error) { err = (&pk.PublicKey).parse(r) if err != nil { diff --git a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/public_key.go b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/public_key.go index 0f10f07e76c6..82f2ff882d7c 100644 --- a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/public_key.go +++ b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/public_key.go @@ -241,6 +241,21 @@ func (e *edDSAkey) check() error { return nil } +// NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey. +func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey { + pk := &PublicKey{ + CreationTime: creationTime, + PubKeyAlgo: PubKeyAlgoElGamal, + PublicKey: pub, + p: fromBig(pub.P), + g: fromBig(pub.G), + y: fromBig(pub.Y), + } + + pk.setFingerPrintAndKeyId() + return pk +} + func (pk *PublicKey) parse(r io.Reader) (err error) { // RFC 4880, section 5.5.2 var buf [6]byte diff --git a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/signature.go b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/signature.go index 49e8ea7c0964..23c1277b11f5 100644 --- a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/signature.go +++ b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/signature.go @@ -69,6 +69,9 @@ type Signature struct { // PolicyURI is optional. See RFC 4880, Section 5.2.3.20 for details PolicyURI string + // Regex is a regex that can match a PGP UID. See RFC 4880, 5.2.3.14 for details + Regex string + // MDC is set if this signature has a feature packet that indicates // support for MDC subpackets. MDC bool @@ -78,6 +81,11 @@ type Signature struct { // subkey as their own. EmbeddedSignature *Signature + // StubbedOutCriticalError is not fail-stop, since it shouldn't break key parsing + // when appearing in WoT-style cross signatures. But it should prevent a signature + // from being applied to a primary or subkey. + StubbedOutCriticalError error + outSubpackets []outputSubpacket } @@ -202,13 +210,14 @@ type signatureSubpacketType uint8 const ( creationTimeSubpacket signatureSubpacketType = 2 signatureExpirationSubpacket signatureSubpacketType = 3 + regularExpressionSubpacket signatureSubpacketType = 6 keyExpirationSubpacket signatureSubpacketType = 9 prefSymmetricAlgosSubpacket signatureSubpacketType = 11 issuerSubpacket signatureSubpacketType = 16 prefHashAlgosSubpacket signatureSubpacketType = 21 prefCompressionSubpacket signatureSubpacketType = 22 primaryUserIdSubpacket signatureSubpacketType = 25 - policyURI signatureSubpacketType = 26 + policyURISubpacket signatureSubpacketType = 26 keyFlagsSubpacket signatureSubpacketType = 27 reasonForRevocationSubpacket signatureSubpacketType = 29 featuresSubpacket signatureSubpacketType = 30 @@ -390,9 +399,14 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r if sigType := sig.EmbeddedSignature.SigType; sigType != SigTypePrimaryKeyBinding { return nil, errors.StructuralError("cross-signature has unexpected type " + strconv.Itoa(int(sigType))) } - case policyURI: + case policyURISubpacket: // See RFC 4880, Section 5.2.3.20 sig.PolicyURI = string(subpacket[:]) + case regularExpressionSubpacket: + sig.Regex = string(subpacket[:]) + if isCritical { + sig.StubbedOutCriticalError = errors.UnsupportedError("regex support is stubbed out") + } default: if isCritical { err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType))) diff --git a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/symmetric_key_encrypted.go b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/symmetric_key_encrypted.go index 3d319cfe0c44..d2bef0ce54d7 100644 --- a/go/vendor/github.com/keybase/go-crypto/openpgp/packet/symmetric_key_encrypted.go +++ b/go/vendor/github.com/keybase/go-crypto/openpgp/packet/symmetric_key_encrypted.go @@ -88,7 +88,7 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunc c.XORKeyStream(plaintextKey, ske.encryptedKey) cipherFunc := CipherFunction(plaintextKey[0]) if cipherFunc.blockSize() == 0 { - return nil, ske.CipherFunc, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc))) + return nil, ske.CipherFunc, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc))) } plaintextKey = plaintextKey[1:] if l := len(plaintextKey); l == 0 || l%cipherFunc.blockSize() != 0 { diff --git a/go/vendor/vendor.json b/go/vendor/vendor.json index 306ada40e655..d75591f778d7 100644 --- a/go/vendor/vendor.json +++ b/go/vendor/vendor.json @@ -114,8 +114,8 @@ }, { "path": "github.com/keybase/go-crypto/openpgp", - "revision": "a3a3f8860f3c8a0f0e15eecf945b01978ac36f83", - "revisionTime": "2016-02-21T19:57:56-05:00" + "revision": "c9f75daf8cf5fc3d670337035f84753d7610a411", + "revisionTime": "2016-02-29T10:42:14-05:00" }, { "path": "github.com/keybase/go-crypto/openpgp/armor", @@ -139,13 +139,13 @@ }, { "path": "github.com/keybase/go-crypto/openpgp/packet", - "revision": "5db6de1aca42e05efe425d66695a8b0432edf2a2", - "revisionTime": "2016-02-10T10:53:12-05:00" + "revision": "c9f75daf8cf5fc3d670337035f84753d7610a411", + "revisionTime": "2016-02-29T10:42:14-05:00" }, { "path": "github.com/keybase/go-crypto/openpgp/s2k", - "revision": "a3a3f8860f3c8a0f0e15eecf945b01978ac36f83", - "revisionTime": "2016-02-21T19:57:56-05:00" + "revision": "c9f75daf8cf5fc3d670337035f84753d7610a411", + "revisionTime": "2016-02-29T10:42:14-05:00" }, { "path": "github.com/keybase/go-crypto/rsa",