diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-05-09 15:19:24 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-05-09 15:19:24 +0200 |
| commit | 75d4e6dda12e8b7ae8573227e61e718ede3f2cfc (patch) | |
| tree | c6b9e3f177d8c65d134acfd889c236203b2ac13f /guide | |
| parent | 8e0f817f312f469871a5fbed6bb961f6117ba742 (diff) | |
openpgp: Communicate message structure from the decryptor.
- Fixes #100.
Diffstat (limited to 'guide')
| -rw-r--r-- | guide/src/chapter_01.md | 204 | ||||
| -rw-r--r-- | guide/src/chapter_02.md | 8 |
2 files changed, 128 insertions, 84 deletions
diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index f5663bc9..8d973e07 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -101,30 +101,41 @@ fn main() { # Ok(vec![self.tpk.clone()]) # } # -# fn check(&mut self, sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, structure: &MessageStructure) # -> openpgp::Result<()> { # // In this function, we implement our signature verification # // policy. # -# // First, we are interested in signatures over the data, -# // i.e. level 0 signatures. -# let sigs_over_data = sigs.get(0) -# .ok_or_else(|| failure::err_msg("No level 0 signatures found"))?; -# -# // Now, let's see if there is a signature on that level. -# let sig_result = sigs_over_data.get(0) -# .ok_or_else(|| failure::err_msg("No signature found"))?; -# -# // Finally, given a VerificationResult, which only says -# // whether the signature checks out mathematically, we apply -# // our policy. -# match sig_result { -# VerificationResult::GoodChecksum(..) => -# Ok(()), // Good signature -# VerificationResult::MissingKey(_) => -# Err(failure::err_msg("Missing key to verify signature")), -# VerificationResult::BadChecksum(_) => -# Err(failure::err_msg("Bad signature")), +# let mut good = false; +# for (i, layer) in structure.iter().enumerate() { +# match (i, layer) { +# // First, we are interested in signatures over the +# // data, i.e. level 0 signatures. +# (0, MessageLayer::SignatureGroup { ref results }) => { +# // Finally, given a VerificationResult, which only says +# // whether the signature checks out mathematically, we apply +# // our policy. +# match results.get(0) { +# Some(VerificationResult::GoodChecksum(..)) => +# good = true, +# Some(VerificationResult::MissingKey(_)) => +# return Err(failure::err_msg( +# "Missing key to verify signature")), +# Some(VerificationResult::BadChecksum(_)) => +# return Err(failure::err_msg("Bad signature")), +# None => +# return Err(failure::err_msg("No signature")), +# } +# }, +# _ => return Err(failure::err_msg( +# "Unexpected message structure")), +# } +# } +# +# if good { +# Ok(()) // Good signature. +# } else { +# Err(failure::err_msg("Signature verification failed")) # } # } # } @@ -231,30 +242,41 @@ fn generate() -> openpgp::Result<openpgp::TPK> { # Ok(vec![self.tpk.clone()]) # } # -# fn check(&mut self, sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, structure: &MessageStructure) # -> openpgp::Result<()> { # // In this function, we implement our signature verification # // policy. # -# // First, we are interested in signatures over the data, -# // i.e. level 0 signatures. -# let sigs_over_data = sigs.get(0) -# .ok_or_else(|| failure::err_msg("No level 0 signatures found"))?; -# -# // Now, let's see if there is a signature on that level. -# let sig_result = sigs_over_data.get(0) -# .ok_or_else(|| failure::err_msg("No signature found"))?; -# -# // Finally, given a VerificationResult, which only says -# // whether the signature checks out mathematically, we apply -# // our policy. -# match sig_result { -# VerificationResult::GoodChecksum(..) => -# Ok(()), // Good signature -# VerificationResult::MissingKey(_) => -# Err(failure::err_msg("Missing key to verify signature")), -# VerificationResult::BadChecksum(_) => -# Err(failure::err_msg("Bad signature")), +# let mut good = false; +# for (i, layer) in structure.iter().enumerate() { +# match (i, layer) { +# // First, we are interested in signatures over the +# // data, i.e. level 0 signatures. +# (0, MessageLayer::SignatureGroup { ref results }) => { +# // Finally, given a VerificationResult, which only says +# // whether the signature checks out mathematically, we apply +# // our policy. +# match results.get(0) { +# Some(VerificationResult::GoodChecksum(..)) => +# good = true, +# Some(VerificationResult::MissingKey(_)) => +# return Err(failure::err_msg( +# "Missing key to verify signature")), +# Some(VerificationResult::BadChecksum(_)) => +# return Err(failure::err_msg("Bad signature")), +# None => +# return Err(failure::err_msg("No signature")), +# } +# }, +# _ => return Err(failure::err_msg( +# "Unexpected message structure")), +# } +# } +# +# if good { +# Ok(()) // Good signature. +# } else { +# Err(failure::err_msg("Signature verification failed")) # } # } # } @@ -361,30 +383,41 @@ fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::TPK) # Ok(vec![self.tpk.clone()]) # } # -# fn check(&mut self, sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, structure: &MessageStructure) # -> openpgp::Result<()> { # // In this function, we implement our signature verification # // policy. # -# // First, we are interested in signatures over the data, -# // i.e. level 0 signatures. -# let sigs_over_data = sigs.get(0) -# .ok_or_else(|| failure::err_msg("No level 0 signatures found"))?; -# -# // Now, let's see if there is a signature on that level. -# let sig_result = sigs_over_data.get(0) -# .ok_or_else(|| failure::err_msg("No signature found"))?; -# -# // Finally, given a VerificationResult, which only says -# // whether the signature checks out mathematically, we apply -# // our policy. -# match sig_result { -# VerificationResult::GoodChecksum(..) => -# Ok(()), // Good signature -# VerificationResult::MissingKey(_) => -# Err(failure::err_msg("Missing key to verify signature")), -# VerificationResult::BadChecksum(_) => -# Err(failure::err_msg("Bad signature")), +# let mut good = false; +# for (i, layer) in structure.iter().enumerate() { +# match (i, layer) { +# // First, we are interested in signatures over the +# // data, i.e. level 0 signatures. +# (0, MessageLayer::SignatureGroup { ref results }) => { +# // Finally, given a VerificationResult, which only says +# // whether the signature checks out mathematically, we apply +# // our policy. +# match results.get(0) { +# Some(VerificationResult::GoodChecksum(..)) => +# good = true, +# Some(VerificationResult::MissingKey(_)) => +# return Err(failure::err_msg( +# "Missing key to verify signature")), +# Some(VerificationResult::BadChecksum(_)) => +# return Err(failure::err_msg("Bad signature")), +# None => +# return Err(failure::err_msg("No signature")), +# } +# }, +# _ => return Err(failure::err_msg( +# "Unexpected message structure")), +# } +# } +# +# if good { +# Ok(()) // Good signature. +# } else { +# Err(failure::err_msg("Signature verification failed")) # } # } # } @@ -502,30 +535,41 @@ impl<'a> VerificationHelper for Helper<'a> { Ok(vec![self.tpk.clone()]) } - fn check(&mut self, sigs: Vec<Vec<VerificationResult>>) + fn check(&mut self, structure: &MessageStructure) -> openpgp::Result<()> { // In this function, we implement our signature verification // policy. - // First, we are interested in signatures over the data, - // i.e. level 0 signatures. - let sigs_over_data = sigs.get(0) - .ok_or_else(|| failure::err_msg("No level 0 signatures found"))?; - - // Now, let's see if there is a signature on that level. - let sig_result = sigs_over_data.get(0) - .ok_or_else(|| failure::err_msg("No signature found"))?; - - // Finally, given a VerificationResult, which only says - // whether the signature checks out mathematically, we apply - // our policy. - match sig_result { - VerificationResult::GoodChecksum(..) => - Ok(()), // Good signature - VerificationResult::MissingKey(_) => - Err(failure::err_msg("Missing key to verify signature")), - VerificationResult::BadChecksum(_) => - Err(failure::err_msg("Bad signature")), + let mut good = false; + for (i, layer) in structure.iter().enumerate() { + match (i, layer) { + // First, we are interested in signatures over the + // data, i.e. level 0 signatures. + (0, MessageLayer::SignatureGroup { ref results }) => { + // Finally, given a VerificationResult, which only says + // whether the signature checks out mathematically, we apply + // our policy. + match results.get(0) { + Some(VerificationResult::GoodChecksum(..)) => + good = true, + Some(VerificationResult::MissingKey(_)) => + return Err(failure::err_msg( + "Missing key to verify signature")), + Some(VerificationResult::BadChecksum(_)) => + return Err(failure::err_msg("Bad signature")), + None => + return Err(failure::err_msg("No signature")), + } + }, + _ => return Err(failure::err_msg( + "Unexpected message structure")), + } + } + + if good { + Ok(()) // Good signature. + } else { + Err(failure::err_msg("Signature verification failed")) } } } diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 751a04a1..f66e15b3 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -102,7 +102,7 @@ fn main() { # Ok(Vec::new()) # } # -# fn check(&mut self, _sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, _structure: &MessageStructure) # -> openpgp::Result<()> { # // Implement your signature verification policy here. # Ok(()) @@ -236,7 +236,7 @@ fn generate() -> openpgp::Result<openpgp::TPK> { # Ok(Vec::new()) # } # -# fn check(&mut self, _sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, _structure: &MessageStructure) # -> openpgp::Result<()> { # // Implement your signature verification policy here. # Ok(()) @@ -370,7 +370,7 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) # Ok(Vec::new()) # } # -# fn check(&mut self, _sigs: Vec<Vec<VerificationResult>>) +# fn check(&mut self, _structure: &MessageStructure) # -> openpgp::Result<()> { # // Implement your signature verification policy here. # Ok(()) @@ -518,7 +518,7 @@ impl<'a> VerificationHelper for Helper<'a> { Ok(Vec::new()) } - fn check(&mut self, _sigs: Vec<Vec<VerificationResult>>) + fn check(&mut self, _structure: &MessageStructure) -> openpgp::Result<()> { // Implement your signature verification policy here. Ok(()) |