1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-27 06:42:05 +01:00

Fix order and nested-ness of one-pass-signatures

Fixes #164
This commit is contained in:
Paul Schaub 2021-08-04 15:42:25 +02:00
parent e4fdc3bc1e
commit 16c3116518
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -17,6 +17,8 @@ package org.pgpainless.encryption_signing;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
@ -134,12 +136,16 @@ public final class EncryptionStream extends OutputStream {
return; return;
} }
int sigIndex = 0;
for (SubkeyIdentifier identifier : signingOptions.getSigningMethods().keySet()) { for (SubkeyIdentifier identifier : signingOptions.getSigningMethods().keySet()) {
sigIndex++;
SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(identifier); SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(identifier);
if (!signingMethod.isDetached()) { if (!signingMethod.isDetached()) {
PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator(); PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator();
signatureGenerator.generateOnePassVersion(false).encode(outermostStream); // The last sig is not nested, all others are
boolean nested = sigIndex != signingOptions.getSigningMethods().size();
signatureGenerator.generateOnePassVersion(nested).encode(outermostStream);
} }
} }
} }
@ -238,7 +244,15 @@ public final class EncryptionStream extends OutputStream {
if (signingOptions == null || signingOptions.getSigningMethods().isEmpty()) { if (signingOptions == null || signingOptions.getSigningMethods().isEmpty()) {
return; return;
} }
// One-Pass-Signatures are bracketed. That means we have to append the signatures in reverse order
// compared to the one-pass-signature packets.
List<SubkeyIdentifier> signingKeys = new ArrayList<>();
for (SubkeyIdentifier signingKey : signingOptions.getSigningMethods().keySet()) { for (SubkeyIdentifier signingKey : signingOptions.getSigningMethods().keySet()) {
signingKeys.add(signingKey);
}
for (int i = signingKeys.size() - 1; i >= 0; i--) {
SubkeyIdentifier signingKey = signingKeys.get(i);
SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(signingKey); SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(signingKey);
PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator(); PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator();
PGPSignature signature = signatureGenerator.generate(); PGPSignature signature = signatureGenerator.generate();