diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-11-17 17:15:00 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-11-18 11:27:21 +0100 |
commit | df9251ae12f937aa16645e143e06be647a690cfd (patch) | |
tree | 74e380fe52dc5f2a85a6cd02253138b2ac920355 | |
parent | 0bcdaa26f0e2201add9795b55c587bf384f3183e (diff) |
openpgp: Return iterator over bad signatures.
- This allows us to store verification errors with the signatures.
- See #619.
-rw-r--r-- | openpgp/src/cert.rs | 16 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/sha1cd.rs | 4 | ||||
-rw-r--r-- | openpgp/src/packet/signature.rs | 8 | ||||
-rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 40 | ||||
-rw-r--r-- | openpgp/src/packet_pile.rs | 2 |
5 files changed, 35 insertions, 35 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 73453e07..1b32d87f 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -1205,13 +1205,13 @@ impl Cert { /// # .generate()?; /// println!("{}'s has {} bad signatures.", /// cert.fingerprint(), - /// cert.bad_signatures().len()); - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// cert.bad_signatures().count()); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` - pub fn bad_signatures(&self) -> &[Signature] { - &self.bad + pub fn bad_signatures(&self) -> impl Iterator<Item = &Signature> { + self.bad.iter() } /// Returns a list of any designated revokers for this certificate. @@ -5611,7 +5611,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= assert_eq!(cert.userids().count(), 1); assert_eq!(cert.subkeys().count(), 1); assert_eq!(cert.unknowns().count(), 0); - assert_eq!(cert.bad_signatures().len(), 0); + assert_eq!(cert.bad_signatures().count(), 0); assert_eq!(cert.userids().nth(0).unwrap().self_signatures().len(), 1); assert_eq!(cert.subkeys().nth(0).unwrap().self_signatures().len(), 1); @@ -5635,7 +5635,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= assert_eq!(cert.userids().count(), 1); assert_eq!(cert.subkeys().count(), 1); assert_eq!(cert.unknowns().count(), 0); - assert_eq!(cert.bad_signatures().len(), 0); + assert_eq!(cert.bad_signatures().count(), 0); assert_eq!(cert.userids().nth(0).unwrap().self_signatures().len(), 1); assert_eq!(cert.subkeys().nth(0).unwrap().self_signatures().len(), 1); @@ -5688,7 +5688,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= assert_eq!(malicious_cert.with_policy(p, None)?.keys().subkeys() .for_signing().count(), 0); // Instead, it should be considered bad. - assert_eq!(malicious_cert.bad_signatures().len(), 1); + assert_eq!(malicious_cert.bad_signatures().count(), 1); Ok(()) } @@ -5744,7 +5744,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let p = &crate::policy::StandardPolicy::new(); assert_eq!(malicious_cert.with_policy(p, None)?.keys().subkeys() .for_signing().count(), 1); - assert_eq!(malicious_cert.bad_signatures().len(), 0); + assert_eq!(malicious_cert.bad_signatures().count(), 0); // Now try to merge it in. let merged = cert.clone().merge(malicious_cert.clone())?; diff --git a/openpgp/src/crypto/backend/sha1cd.rs b/openpgp/src/crypto/backend/sha1cd.rs index 088369c5..c7e362be 100644 --- a/openpgp/src/crypto/backend/sha1cd.rs +++ b/openpgp/src/crypto/backend/sha1cd.rs @@ -76,10 +76,10 @@ mod test { // Check mitigations. First, the illegitimate certification // should be discarded. - assert_eq!(alice.bad_signatures().len(), 1); + assert_eq!(alice.bad_signatures().count(), 1); // Bob's userid also got certified, hence there are two bad // signatures. - assert_eq!(bob.bad_signatures().len(), 2); + assert_eq!(bob.bad_signatures().count(), 2); // The mitigation also changes the identities of the keys // containing the collision attack. This is a good thing, diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index d171d074..07ba1098 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -433,7 +433,7 @@ impl SignatureFields { /// /// // Merge in the new signatures. /// let cert = cert.insert_packets(sigs.into_iter().map(Packet::from))?; -/// # assert_eq!(cert.bad_signatures().len(), 0); +/// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -1198,7 +1198,7 @@ impl SignatureBuilder { /// sig.into()])?; /// /// assert_eq!(cert.with_policy(p, None)?.keys().count(), 2); - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -3419,7 +3419,7 @@ mod test { // Parse into cert verifying the signatures. use std::convert::TryFrom; let cert = Cert::try_from(pp)?; - assert_eq!(cert.bad_signatures().len(), 1); + assert_eq!(cert.bad_signatures().count(), 1); assert_eq!(cert.keys().subkeys().count(), 1); let subkey = cert.keys().subkeys().nth(0).unwrap(); assert_eq!(subkey.self_signatures().len(), 1); @@ -3447,7 +3447,7 @@ mod test { assert!(sig.unhashed_area().iter().all(|p| p.authenticated())); // No information in the bad signature has been authenticated. - let sig = &cert.bad_signatures()[0]; + let sig = cert.bad_signatures().nth(0).unwrap(); assert!(sig.hashed_area().iter().all(|p| ! p.authenticated())); assert!(sig.unhashed_area().iter().all(|p| ! p.authenticated())); Ok(()) diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index 535c450b..7078eff6 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -3887,7 +3887,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -3943,7 +3943,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signatures. /// let cert = cert.insert_packets(sigs)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -4373,7 +4373,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let bob = bob.insert_packets(certification)?; - /// # assert_eq!(bob.bad_signatures().len(), 0); + /// # assert_eq!(bob.bad_signatures().count(), 0); /// # assert_eq!(bob.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } /// ``` @@ -4454,7 +4454,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let bob = bob.insert_packets(certification)?; - /// # assert_eq!(bob.bad_signatures().len(), 0); + /// # assert_eq!(bob.bad_signatures().count(), 0); /// # assert_eq!(bob.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } /// ``` @@ -4548,7 +4548,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let example_com = example_com.insert_packets(certification)?; - /// # assert_eq!(example_com.bad_signatures().len(), 0); + /// # assert_eq!(example_com.bad_signatures().count(), 0); /// # assert_eq!(example_com.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } /// ``` @@ -4645,7 +4645,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let example_com = example_com.insert_packets(certification)?; - /// # assert_eq!(example_com.bad_signatures().len(), 0); + /// # assert_eq!(example_com.bad_signatures().count(), 0); /// # assert_eq!(example_com.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } /// ``` @@ -4727,7 +4727,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let bob = bob.insert_packets(certification)?; - /// # assert_eq!(bob.bad_signatures().len(), 0); + /// # assert_eq!(bob.bad_signatures().count(), 0); /// # assert_eq!(bob.userids().nth(0).unwrap().certifications().len(), 1); /// # Ok(()) } /// ``` @@ -4816,7 +4816,7 @@ impl signature::SignatureBuilder { /// } /// /// let cert = cert.insert_packets(sigs)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # /// # // "Before" /// # for key in cert.with_policy(p, None)?.keys().subkeys() { @@ -4928,7 +4928,7 @@ impl signature::SignatureBuilder { /// } /// /// let cert = cert.insert_packets(sigs)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # /// # // "Before" /// # for key in cert.with_policy(p, None)?.keys().subkeys() { @@ -5038,7 +5038,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_preferred_symmetric_algorithms(mut self, @@ -5107,7 +5107,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let alice = alice.insert_packets(sig)?; - /// # assert_eq!(alice.bad_signatures().len(), 0); + /// # assert_eq!(alice.bad_signatures().count(), 0); /// # assert_eq!(alice.primary_key().self_signatures().len(), 2); /// # Ok(()) } /// ``` @@ -5373,7 +5373,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_notation<N, V, F>(mut self, name: N, value: V, flags: F, @@ -5469,7 +5469,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn add_notation<N, V, F>(mut self, name: N, value: V, flags: F, @@ -5554,7 +5554,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_preferred_hash_algorithms(mut self, @@ -5635,7 +5635,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_preferred_compression_algorithms(mut self, @@ -5712,7 +5712,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_key_server_preferences(mut self, @@ -5791,7 +5791,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) } /// ``` pub fn set_preferred_key_server<U>(mut self, uri: U) @@ -5955,7 +5955,7 @@ impl signature::SignatureBuilder { /// // Merge it into the certificate. /// let alice = alice.insert_packets(sig)?; /// # - /// # assert_eq!(alice.bad_signatures().len(), 0); + /// # assert_eq!(alice.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -6259,7 +6259,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signatures. /// let cert = cert.insert_packets(sigs)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` @@ -6637,7 +6637,7 @@ impl signature::SignatureBuilder { /// /// // Merge in the new signatures. /// let cert = cert.insert_packets(sigs)?; - /// # assert_eq!(cert.bad_signatures().len(), 0); + /// # assert_eq!(cert.bad_signatures().count(), 0); /// # Ok(()) /// # } /// ``` diff --git a/openpgp/src/packet_pile.rs b/openpgp/src/packet_pile.rs index 02758608..259716d6 100644 --- a/openpgp/src/packet_pile.rs +++ b/openpgp/src/packet_pile.rs @@ -98,7 +98,7 @@ use crate::parse::Cookie; /// let cert = Cert::try_from(pp)?; /// if let NotAsFarAsWeKnow = cert.revocation_status(policy, None) { /// // revocation signature is broken and the key is not definitely revoked -/// assert_eq!(cert.bad_signatures().len(), 1); +/// assert_eq!(cert.bad_signatures().count(), 1); /// } /// # else { /// # unreachable!(); |