diff options
author | Tobias Mueller <muelli@cryptobitch.de> | 2019-09-26 12:36:49 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-11-15 12:12:25 +0100 |
commit | c08eff5da06ae6df459d1e45133c2113557927fe (patch) | |
tree | 7f12e5a7af9fbdde157d2487b88c7c7f8361fc1d /net | |
parent | 8a7da4c8fb4f940bd3b4d76de1933fe4ee06c7cc (diff) |
net: Bail out if the received keyid does not match.
- Arguably, the user wanted to fetch a key with a certain ID. If the
server returns something different, we throw an error. That error
contains both the expected keyid as well as the TPK from the
server, in case the consumer wants to inspect the problem or make
use of the key regardless.
Diffstat (limited to 'net')
-rw-r--r-- | net/src/lib.rs | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/net/src/lib.rs b/net/src/lib.rs index 8a37ccc5..277761a8 100644 --- a/net/src/lib.rs +++ b/net/src/lib.rs @@ -160,6 +160,7 @@ impl KeyServer { /// Retrieves the key with the given `keyid`. pub fn get(&mut self, keyid: &KeyID) -> Box<dyn Future<Item=TPK, Error=failure::Error> + 'static> { + let keyid_want = keyid.clone(); let uri = self.uri.join( &format!("pks/lookup?op=get&options=mr&search=0x{}", keyid.to_hex())); @@ -180,7 +181,22 @@ impl KeyServer { c, armor::ReaderMode::Tolerant( Some(armor::Kind::PublicKey))); - future::done(TPK::from_reader(r)) + match TPK::from_reader(r) { + Ok(tpk) => { + if tpk.keys_all().any(|(_, _, key)| { + key.fingerprint().to_keyid() + == keyid_want + }) { + future::done(Ok(tpk)) + } else { + future::err(Error::MismatchedKeyID( + keyid_want, tpk).into()) + } + }, + Err(e) => { + future::err(e.into()) + } + } }, StatusCode::NOT_FOUND => future::err(Error::NotFound.into()), @@ -283,6 +299,9 @@ pub enum Error { /// A requested key was not found. #[fail(display = "Key not found")] NotFound, + /// Mismatched key ID + #[fail(display = "Mismatched key ID, expected {}", _0)] + MismatchedKeyID(KeyID, TPK), /// A given keyserver URI was malformed. #[fail(display = "Malformed URI; expected hkp: or hkps:")] MalformedUri, |