Remove VerifyDetachedSignatureAndSaltedHash and SaltedHashSpecifier

openpgp/packet/signature.go

@@ -127,13 +127,6 @@ type VerifiableSignature struct {
 	Packet *Signature
 }
 
-// SaltedHashSpecifier specifies that the given salt and hash are
-// used by a v6 signature.
-type SaltedHashSpecifier struct {
-	Hash crypto.Hash
-	Salt []byte
-}
-
 // NewVerifiableSig returns a struct of type VerifiableSignature referencing the input signature.
 func NewVerifiableSig(signature *Signature) *VerifiableSignature {
 	return &VerifiableSignature{

openpgp/read.go

@@ -6,7 +6,6 @@
 package openpgp // import "github.com/ProtonMail/go-crypto/openpgp"
 
 import (
-	"bytes"
 	"crypto"
 	_ "crypto/sha256"
 	_ "crypto/sha512"
@@ -455,45 +454,32 @@ func (scr *signatureCheckReader) Read(buf []byte) (int, error) {
 // if any, and a possible signature verification error.
 // If the signer isn't known, ErrUnknownIssuer is returned.
 func VerifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
-	return verifyDetachedSignature(keyring, signed, signature, nil, nil, false, config)
+	return verifyDetachedSignature(keyring, signed, signature, nil, false, config)
 }
 
 // VerifyDetachedSignatureAndHash performs the same actions as
 // VerifyDetachedSignature and checks that the expected hash functions were used.
 func VerifyDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
-	return verifyDetachedSignature(keyring, signed, signature, expectedHashes, nil, true, config)
-}
-
-// VerifyDetachedSignatureAndSaltedHash performs the same actions as
-// VerifyDetachedSignature and checks that the expected hash functions and salts were used.
-func VerifyDetachedSignatureAndSaltedHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, expectedSaltedHashes []*packet.SaltedHashSpecifier, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
-	return verifyDetachedSignature(keyring, signed, signature, expectedHashes, expectedSaltedHashes, true, config)
+	return verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config)
 }
 
 // CheckDetachedSignature takes a signed file and a detached signature and
 // returns the entity the signature was signed by, if any, and a possible
 // signature verification error. If the signer isn't known,
 // ErrUnknownIssuer is returned.
 func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) {
-	_, signer, err = verifyDetachedSignature(keyring, signed, signature, nil, nil, false, config)
-	return
-}
-
-// CheckDetachedSignatureAndSaltedHash performs the same actions as
-// CheckDetachedSignature and checks that the expected hash functions or salted hash functions were used.
-func CheckDetachedSignatureAndSaltedHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, expectedSaltedHashes []*packet.SaltedHashSpecifier, config *packet.Config) (signer *Entity, err error) {
-	_, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, expectedSaltedHashes, true, config)
+	_, signer, err = verifyDetachedSignature(keyring, signed, signature, nil, false, config)
 	return
 }
 
 // CheckDetachedSignatureAndHash performs the same actions as
 // CheckDetachedSignature and checks that the expected hash functions were used.
 func CheckDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (signer *Entity, err error) {
-	_, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, nil, true, config)
+	_, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config)
 	return
 }
 
-func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, expectedSaltedHashes []*packet.SaltedHashSpecifier, checkHashes bool, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
+func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, checkHashes bool, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
 	var issuerKeyId uint64
 	var hashFunc crypto.Hash
 	var sigType packet.SignatureType
@@ -523,22 +509,11 @@ func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expec
 		sigType = sig.SigType
 		if checkHashes {
 			matchFound := false
-			if sig.Version == 6 {
-				// check for salted hashes
-				for _, expectedSaltedHash := range expectedSaltedHashes {
-					if hashFunc == expectedSaltedHash.Hash && bytes.Equal(sig.Salt(), expectedSaltedHash.Salt) {
-						matchFound = true
-						break
-					}
-				}
-
-			} else {
-				// check for hashes
-				for _, expectedHash := range expectedHashes {
-					if hashFunc == expectedHash {
-						matchFound = true
-						break
-					}
+			// check for hashes
+			for _, expectedHash := range expectedHashes {
+				if hashFunc == expectedHash {
+					matchFound = true
+					break
 				}
 			}
 			if !matchFound {

openpgp/v2/read.go

@@ -669,7 +669,6 @@ func VerifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, confi
 // Once all data is read from md.UnverifiedBody the detached signature is verified.
 // If a verification error occurs it is stored in md.SignatureError
 // If the signer isn't known, ErrUnknownIssuer is returned.
-// If expectedHashes or expectedSaltedHashes is not nil, the method checks
 // if they match the signatures metadata or else return an error
 func VerifyDetachedSignatureReader(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (md *MessageDetails, err error) {
 	return verifyDetachedSignatureReader(keyring, signed, signature, config)