net: Bail out if the received keyid does not match.

- Arguably, the user wanted to fetch a key with a certain ID. If the server returns something different, we throw an error. That error contains both the expected keyid as well as the TPK from the server, in case the consumer wants to inspect the problem or make use of the key regardless.
author: Tobias Mueller <muelli@cryptobitch.de> 2019-09-26 12:36:49 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2019-11-15 12:12:25 +0100
commit: c08eff5da06ae6df459d1e45133c2113557927fe (patch)
tree: 7f12e5a7af9fbdde157d2487b88c7c7f8361fc1d /net
parent: 8a7da4c8fb4f940bd3b4d76de1933fe4ee06c7cc (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/net/src/lib.rs b/net/src/lib.rs
index 8a37ccc5..277761a8 100644
--- a/net/src/lib.rs
+++ b/net/src/lib.rs
@@ -160,6 +160,7 @@ impl KeyServer {
     /// Retrieves the key with the given `keyid`.
     pub fn get(&mut self, keyid: &KeyID)
                -> Box<dyn Future<Item=TPK, Error=failure::Error> + 'static> {
+        let keyid_want = keyid.clone();
         let uri = self.uri.join(
             &format!("pks/lookup?op=get&options=mr&search=0x{}",
                      keyid.to_hex()));
@@ -180,7 +181,22 @@ impl KeyServer {
                                      c,
                                      armor::ReaderMode::Tolerant(
                                          Some(armor::Kind::PublicKey)));
-                                 future::done(TPK::from_reader(r))
+                                 match TPK::from_reader(r) {
+                                     Ok(tpk) => {
+                                         if tpk.keys_all().any(|(_, _, key)| {
+                                             key.fingerprint().to_keyid()
+                                                 == keyid_want
+                                         }) {
+                                             future::done(Ok(tpk))
+                                         } else {
+                                             future::err(Error::MismatchedKeyID(
+                                                 keyid_want, tpk).into())
+                                         }
+                                     },
+                                     Err(e) => {
+                                         future::err(e.into())
+                                     }
+                                 }
                              },
                              StatusCode::NOT_FOUND =>
                                  future::err(Error::NotFound.into()),
@@ -283,6 +299,9 @@ pub enum Error {
     /// A requested key was not found.
     #[fail(display = "Key not found")]
     NotFound,
+    /// Mismatched key ID
+    #[fail(display = "Mismatched key ID, expected {}", _0)]
+    MismatchedKeyID(KeyID, TPK),
     /// A given keyserver URI was malformed.
     #[fail(display = "Malformed URI; expected hkp: or hkps:")]
     MalformedUri,
author	Tobias Mueller <muelli@cryptobitch.de>	2019-09-26 12:36:49 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2019-11-15 12:12:25 +0100
commit	c08eff5da06ae6df459d1e45133c2113557927fe (patch)
tree	7f12e5a7af9fbdde157d2487b88c7c7f8361fc1d /net
parent	8a7da4c8fb4f940bd3b4d76de1933fe4ee06c7cc (diff)