diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-11-26 16:41:58 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-11-27 13:02:12 +0100 |
| commit | 0eccc8747c26e4676f2d2f8739e89f03357f87e0 (patch) | |
| tree | 20d89933d51472fd2cc7b63b6c62b3446c585e31 /openpgp | |
| parent | c64eb5733fa217f10e51f24dd1d6614703f0d828 (diff) | |
openpgp: Make variants of VerificationResult struct-like, add infos.
Diffstat (limited to 'openpgp')
| -rw-r--r-- | openpgp/examples/decrypt-with.rs | 30 | ||||
| -rw-r--r-- | openpgp/examples/generate-sign-verify.rs | 8 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 154 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 4 |
4 files changed, 119 insertions, 77 deletions
diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index e3b861e5..050f54d0 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -126,31 +126,19 @@ impl VerificationHelper for Helper { MessageLayer::SignatureGroup { ref results } => for result in results { match result { - GoodChecksum(ref sig, ..) => { - let issuer = sig.issuer() - .expect("good checksum has an issuer"); - eprintln!("Good signature from {}", issuer); + GoodChecksum { tpk, .. } => { + eprintln!("Good signature from {}", tpk); }, - NotAlive(ref sig) => { - let issuer = sig.issuer() - .expect("not alive has an issuer"); + NotAlive { tpk, .. } => { eprintln!("Good, but not alive signature from {}", - issuer); + tpk); }, - MissingKey(ref sig) => { - let issuer = sig.issuer() - .expect("missing key checksum has an \ - issuer"); - eprintln!("No key to check signature from {}", - issuer); + MissingKey { .. } => { + eprintln!("No key to check signature"); + }, + BadChecksum { tpk, .. } => { + eprintln!("Bad signature from {}", tpk); }, - BadChecksum(ref sig) => - if let Some(issuer) = sig.issuer() { - eprintln!("Bad signature from {}", issuer); - } else { - eprintln!("Bad signature without issuer \ - information"); - }, } } } diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index 0ab1c7a5..6c43f25c 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -106,15 +106,15 @@ impl<'a> VerificationHelper for Helper<'a> { // whether the signature checks out mathematically, we apply // our policy. match results.get(0) { - Some(VerificationResult::GoodChecksum(..)) => + Some(VerificationResult::GoodChecksum { .. }) => good = true, - Some(VerificationResult::NotAlive(..)) => + Some(VerificationResult::NotAlive { .. }) => return Err(failure::err_msg( "Signature good, but not alive")), - Some(VerificationResult::MissingKey(_)) => + Some(VerificationResult::MissingKey { .. }) => return Err(failure::err_msg( "Missing key to verify signature")), - Some(VerificationResult::BadChecksum(_)) => + Some(VerificationResult::BadChecksum { .. }) => return Err(failure::err_msg("Bad signature")), None => return Err(failure::err_msg("No signature")), diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 66937de1..a23cda9f 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -149,21 +149,68 @@ pub enum VerificationResult<'a> { /// model, such as the [web of trust] (WoT). /// /// [web of trust]: https://en.wikipedia.org/wiki/Web_of_trust - GoodChecksum(Signature, - &'a TPK, - &'a key::UnspecifiedPublic, - Option<&'a Signature>, - RevocationStatus<'a>), + GoodChecksum { + /// The signature. + sig: Signature, + + /// The signature's issuer. + tpk: &'a TPK, + + /// The signing key that made the signature. + key: &'a key::UnspecifiedPublic, + + /// The signing key's binding signature. + binding: Option<&'a Signature>, + + /// The signing key's revocation status + revoked: RevocationStatus<'a>, + }, + /// The signature is good, but it is not alive at the specified /// time. /// /// See `SubpacketAreas::signature_alive` for a definition of /// liveness. - NotAlive(Signature), + NotAlive { + /// The signature. + sig: Signature, + + /// The signature's issuer. + tpk: &'a TPK, + + /// The signing key that made the signature. + key: &'a key::UnspecifiedPublic, + + /// The signing key's binding signature. + binding: Option<&'a Signature>, + + /// The signing key's revocation status + revoked: RevocationStatus<'a>, + }, + /// Unable to verify the signature because the key is missing. - MissingKey(Signature), + MissingKey { + /// The signature. + sig: Signature, + }, + /// The signature is bad. - BadChecksum(Signature), + BadChecksum { + /// The signature. + sig: Signature, + + /// The signature's issuer. + tpk: &'a TPK, + + /// The signing key that made the signature. + key: &'a key::UnspecifiedPublic, + + /// The signing key's binding signature. + binding: Option<&'a Signature>, + + /// The signing key's revocation status + revoked: RevocationStatus<'a>, + }, } impl<'a> VerificationResult<'a> { @@ -171,10 +218,10 @@ impl<'a> VerificationResult<'a> { pub fn level(&self) -> usize { use self::VerificationResult::*; match self { - &GoodChecksum(ref sig, ..) => sig.level(), - &NotAlive(ref sig, ..) => sig.level(), - &MissingKey(ref sig) => sig.level(), - &BadChecksum(ref sig) => sig.level(), + GoodChecksum { sig, .. } => sig.level(), + NotAlive { sig, .. } => sig.level(), + MissingKey { sig, .. } => sig.level(), + BadChecksum { sig, .. } => sig.level(), } } } @@ -609,32 +656,37 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { IMessageLayer::SignatureGroup { sigs, .. } => { results.new_signature_group(); for sig in sigs.into_iter() { - let r = if let Some(issuer) = sig.get_issuer() { - if let Some((i, j)) = + if let Some(issuer) = sig.get_issuer() { + let r = if let Some((i, j)) = self.keys.get(&issuer) { let tpk = &self.tpks[*i]; - let (binding, revocation, key) + let (binding, revoked, key) = tpk.keys_all().nth(*j).unwrap(); if sig.verify(key).unwrap_or(false) { if sig.signature_alive(self.time, None) { - VerificationResult::GoodChecksum - (sig, tpk, key, binding, - revocation) + VerificationResult::GoodChecksum { + sig, tpk, key, binding, revoked, + } } else { - VerificationResult::NotAlive(sig) + VerificationResult::NotAlive { + sig, tpk, key, binding, revoked, + } } } else { - VerificationResult::BadChecksum(sig) + VerificationResult::BadChecksum { + sig, tpk, key, binding, revoked, + } } } else { - VerificationResult::MissingKey(sig) - } + VerificationResult::MissingKey { + sig, + } + }; + results.push_verification_result(r); } else { - // No issuer. - VerificationResult::BadChecksum(sig) - }; - results.push_verification_result(r) + // No issuer, ignore malformed signature. + } } }, } @@ -1466,11 +1518,11 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { IMessageLayer::SignatureGroup { sigs, .. } => { results.new_signature_group(); for sig in sigs.into_iter() { - results.push_verification_result( - if let Some(issuer) = sig.get_issuer() { + if let Some(issuer) = sig.get_issuer() { + results.push_verification_result( if let Some((i, j)) = self.keys.get(&issuer) { let tpk = &self.tpks[*i]; - let (binding, revocation, key) + let (binding, revoked, key) = tpk.keys_all().nth(*j).unwrap(); if sig.verify(key).unwrap_or(false) && sig.signature_alive(self.time, None) @@ -1490,33 +1542,35 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { // the signature as // bad. VerificationResult::BadChecksum - (sig) + { sig, tpk, key, binding, + revoked, } } else { VerificationResult::GoodChecksum - (sig, tpk, - key, - binding, - revocation) + { sig, tpk, key, binding, + revoked, } } } else { // No identity information. VerificationResult::GoodChecksum - (sig, tpk, key, binding, - revocation) + { sig, tpk, key, binding, + revoked, } } } else { - VerificationResult::BadChecksum(sig) + VerificationResult::BadChecksum { + sig, tpk, key, binding, revoked, + } } } else { - VerificationResult::MissingKey(sig) + VerificationResult::MissingKey { + sig, + } } - } else { - // No issuer. - VerificationResult::BadChecksum(sig) - } - ) + ); + } else { + // No issuer, ignore malformed signature. + } } - } + }, } } @@ -1628,10 +1682,10 @@ mod test { MessageLayer::SignatureGroup { ref results } => for result in results { match result { - GoodChecksum(..) => self.good += 1, - MissingKey(_) => self.unknown += 1, - NotAlive(_) => self.bad += 1, - BadChecksum(_) => self.bad += 1, + GoodChecksum { .. } => self.good += 1, + MissingKey { .. } => self.unknown += 1, + NotAlive { .. } => self.bad += 1, + BadChecksum { .. } => self.bad += 1, } } MessageLayer::Compression { .. } => (), @@ -1748,8 +1802,8 @@ mod test { match layer { MessageLayer::SignatureGroup { ref results } => { assert_eq!(results.len(), 1); - if let VerificationResult::MissingKey(ref sig) = - results[0] + if let VerificationResult::MissingKey { sig, .. } = + &results[0] { assert_eq!( &sig.issuer_fingerprint().unwrap() diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 3b45e7fb..c533124b 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -257,7 +257,7 @@ impl<'a> Signer<'a> { /// if let MessageLayer::SignatureGroup { ref results } = /// structure.iter().nth(0).unwrap() /// { - /// if let VerificationResult::GoodChecksum(..) = + /// if let VerificationResult::GoodChecksum { .. } = /// results.get(0).unwrap() /// { Ok(()) /* good */ } else { panic!() } /// } else { panic!() } @@ -361,7 +361,7 @@ impl<'a> Signer<'a> { /// if let MessageLayer::SignatureGroup { ref results } = /// structure.iter().nth(0).unwrap() /// { - /// if let VerificationResult::GoodChecksum(..) = + /// if let VerificationResult::GoodChecksum { .. } = /// results.get(0).unwrap() /// { Ok(()) /* good */ } else { panic!() } /// } else { panic!() } |