diff options
author | Neal H. Walfield <neal@pep.foundation> | 2019-11-09 23:55:02 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2019-11-10 00:05:23 +0100 |
commit | b8e5ef908ee211daee84a0782a115ae7fc003ec0 (patch) | |
tree | 360698ced26dc36aad015e11b89137d613b89208 /openpgp/src/parse | |
parent | 365862ed513057900c0d6c106ec51dff0a09693e (diff) |
openpgp: Distinguish bad signatures from those that are not alive.
- Return a different `VerificationResult` for signatures that are
not alive (BadSignature) from signatures that are actually
bad (BadCheck).
Diffstat (limited to 'openpgp/src/parse')
-rw-r--r-- | openpgp/src/parse/stream.rs | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 29e3e85e..4d07b483 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -152,6 +152,12 @@ pub enum VerificationResult<'a> { &'a key::UnspecifiedPublic, Option<&'a Signature>, RevocationStatus<'a>), + /// The signature is good, but it is not alive at the specified + /// time. + /// + /// See `SubpacketAreas::signature_alive` for a definition of + /// liveness. + NotAlive(Signature), /// Unable to verify the signature because the key is missing. MissingKey(Signature), /// The signature is bad. @@ -164,6 +170,7 @@ impl<'a> VerificationResult<'a> { use self::VerificationResult::*; match self { &GoodChecksum(ref sig, ..) => sig.level(), + &NotAlive(ref sig, ..) => sig.level(), &MissingKey(ref sig) => sig.level(), &BadChecksum(ref sig) => sig.level(), } @@ -597,33 +604,34 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { IMessageLayer::SignatureGroup { sigs, .. } => { results.new_signature_group(); for sig in sigs.into_iter() { - results.push_verification_result( - if let Some(issuer) = sig.get_issuer() { - if let Some((i, j)) = - self.keys.get(&issuer) - { - let tpk = &self.tpks[*i]; - let (binding, revocation, key) - = tpk.keys_all().nth(*j) - .unwrap(); - if sig.verify(key).unwrap_or(false) - && sig.signature_alive(self.time) - { + let r = if let Some(issuer) = sig.get_issuer() { + if let Some((i, j)) = + self.keys.get(&issuer) + { + let tpk = &self.tpks[*i]; + let (binding, revocation, key) + = tpk.keys_all().nth(*j).unwrap(); + if sig.verify(key).unwrap_or(false) { + if sig.signature_alive(self.time) { VerificationResult::GoodChecksum (sig, tpk, key, binding, revocation) + } else if !sig.signature_alive(self.time) { + VerificationResult::NotAlive(sig) } else { - VerificationResult::BadChecksum - (sig) + VerificationResult::BadChecksum(sig) } } else { - VerificationResult::MissingKey(sig) + VerificationResult::BadChecksum(sig) } } else { - // No issuer. - VerificationResult::BadChecksum(sig) + VerificationResult::MissingKey(sig) } - ) + } else { + // No issuer. + VerificationResult::BadChecksum(sig) + }; + results.push_verification_result(r) } }, } @@ -1614,6 +1622,7 @@ mod test { match result { GoodChecksum(..) => self.good += 1, MissingKey(_) => self.unknown += 1, + NotAlive(_) => self.bad += 1, BadChecksum(_) => self.bad += 1, } } |