From e3a3edc3ebc87d9f25b0b35e04611e5eff53eb40 Mon Sep 17 00:00:00 2001 From: Lukas Burkhalter Date: Thu, 20 Jun 2024 18:03:25 +0200 Subject: [PATCH] Remove existing randomized notations --- openpgp/packet/config.go | 3 ++- openpgp/packet/signature.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/openpgp/packet/config.go b/openpgp/packet/config.go index db5cfcfc..f3bff95f 100644 --- a/openpgp/packet/config.go +++ b/openpgp/packet/config.go @@ -366,7 +366,8 @@ func (c *Config) RandomizeSignaturesViaNotation() bool { return *c.NonDeterministicSignaturesViaNotation } -// Helper function to set a boolean pointer in the Config. +// BoolPointer is a helper function to set a boolean pointer in the Config. +// e.g., config.CheckPacketSequence = BoolPointer(true) func BoolPointer(value bool) *bool { return &value } diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go index bc21e571..60f8c064 100644 --- a/openpgp/packet/signature.go +++ b/openpgp/packet/signature.go @@ -881,6 +881,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e sig.Version = priv.PublicKey.Version sig.IssuerFingerprint = priv.PublicKey.Fingerprint if priv.Version != 6 && config.RandomizeSignaturesViaNotation() { + sig.removeNotationsWithName(SaltNotationName) salt, err := SignatureSaltForHash(sig.Hash, config.Random()) if err != nil { return err @@ -1421,3 +1422,17 @@ func SignatureSaltForHash(hash crypto.Hash, randReader io.Reader) ([]byte, error } return salt, nil } + +// removeNotationsWithName removes all notations in this signature with the given name. +func (sig *Signature) removeNotationsWithName(name string) { + if sig == nil || sig.Notations == nil { + return + } + updatedNotations := make([]*Notation, 0, len(sig.Notations)) + for _, notation := range sig.Notations { + if notation.Name != name { + updatedNotations = append(updatedNotations, notation) + } + } + sig.Notations = updatedNotations +}