diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-11-25 14:04:41 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-09 13:24:56 +0100 |
| commit | 531e3252b86f6eacf02d7181c280e8c01c4a55f4 (patch) | |
| tree | 998ac3f660f37e9163f124dcec279749b977a168 /openpgp | |
| parent | 7f3d55f777f44f9046ac91afe8e398984f1e4ba1 (diff) | |
openpgp: Return Result from Signature::signature_alive.
- See #371.
Diffstat (limited to 'openpgp')
| -rw-r--r-- | openpgp/src/cert/mod.rs | 12 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 36 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 5 | ||||
| -rw-r--r-- | openpgp/src/serialize/cert_armored.rs | 2 |
4 files changed, 34 insertions, 21 deletions
diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index 0fb5d988..efe65cf4 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -225,7 +225,7 @@ impl<C> ComponentBinding<C> { }; self.self_signatures[i..].iter().filter(|s| { - s.signature_alive(t, time::Duration::new(0, 0)) + s.signature_alive(t, time::Duration::new(0, 0)).is_ok() }).nth(0) } @@ -292,7 +292,8 @@ impl<C> ComponentBinding<C> { selfsig_creation_time, t); if let Some(selfsig) = selfsig { - assert!(selfsig.signature_alive(t, time::Duration::new(0, 0))); + assert!( + selfsig.signature_alive(t, time::Duration::new(0, 0)).is_ok()); } macro_rules! check { @@ -322,7 +323,10 @@ impl<C> ComponentBinding<C> { rev.signature_creation_time() .unwrap_or_else(time_zero)); None - } else if !rev.signature_alive(t, time::Duration::new(0, 0)) { + } else if + ! rev.signature_alive(t, time::Duration::new(0, 0)) + .is_ok() + { t!(" ignoring revocation that is not alive ({:?} - {:?})", rev.signature_creation_time() .unwrap_or_else(time_zero), @@ -891,7 +895,7 @@ impl Cert { // No binding signature at time `t` => not alive. let selfsig = b.binding_signature(t)?; - if !selfsig.signature_alive(t, time::Duration::new(0, 0)) { + if !selfsig.signature_alive(t, time::Duration::new(0, 0)).is_ok() { return None; } diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index e732d17e..e125348b 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2162,7 +2162,7 @@ impl SubpacketAreas { /// /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 pub fn signature_alive<T, U>(&self, time: T, clock_skew_tolerance: U) - -> bool + -> Result<()> where T: Into<Option<time::SystemTime>>, U: Into<Option<time::Duration>> { @@ -2180,13 +2180,19 @@ impl SubpacketAreas { (time, tolerance) }; - if let Some(creation_time) = self.signature_creation_time() { + match (self.signature_creation_time(), self.signature_expiration_time()) + { + (None, _) => + Err(Error::MalformedPacket("no signature creation time".into()) + .into()), + (Some(c), Some(e)) if e.as_secs() > 0 && (c + e) < time => + Err(Error::Expired(c + e).into()), // Be careful to avoid underflow. - cmp::max(creation_time, time::UNIX_EPOCH + tolerance) - - tolerance <= time - && ! self.signature_expired(time) - } else { - false + (Some(c), _) if cmp::max(c, time::UNIX_EPOCH + tolerance) + - tolerance > time => + Err(Error::NotYetLive(cmp::max(c, time::UNIX_EPOCH + tolerance) + - tolerance).into()), + _ => Ok(()), } } @@ -2755,10 +2761,10 @@ fn accessors() { assert!(!sig_.signature_expired(now)); assert!(sig_.signature_expired(now + ten_minutes)); - assert!(sig_.signature_alive(None, zero_s)); - assert!(sig_.signature_alive(now, zero_s)); - assert!(!sig_.signature_alive(now - five_minutes, zero_s)); - assert!(!sig_.signature_alive(now + ten_minutes, zero_s)); + assert!(sig_.signature_alive(None, zero_s).is_ok()); + assert!(sig_.signature_alive(now, zero_s).is_ok()); + assert!(!sig_.signature_alive(now - five_minutes, zero_s).is_ok()); + assert!(!sig_.signature_alive(now + ten_minutes, zero_s).is_ok()); sig = sig.set_signature_expiration_time(None).unwrap(); let sig_ = @@ -2768,10 +2774,10 @@ fn accessors() { assert!(!sig_.signature_expired(now)); assert!(!sig_.signature_expired(now + ten_minutes)); - assert!(sig_.signature_alive(None, zero_s)); - assert!(sig_.signature_alive(now, zero_s)); - assert!(!sig_.signature_alive(now - five_minutes, zero_s)); - assert!(sig_.signature_alive(now + ten_minutes, zero_s)); + assert!(sig_.signature_alive(None, zero_s).is_ok()); + assert!(sig_.signature_alive(now, zero_s).is_ok()); + assert!(!sig_.signature_alive(now - five_minutes, zero_s).is_ok()); + assert!(sig_.signature_alive(now + ten_minutes, zero_s).is_ok()); sig = sig.set_exportable_certification(true).unwrap(); let sig_ = diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 272fc78f..ed8444ef 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -568,7 +568,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { if let Some(sig) = sig { sig.key_flags().for_signing() // Check expiry. - && sig.signature_alive(time, tolerance) + && sig.signature_alive(time, tolerance).is_ok() && sig.key_alive(key, time) } else { false @@ -704,6 +704,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { if sig.verify(key).unwrap_or(false) { if sig.signature_alive( self.time, self.clock_skew_tolerance) + .is_ok() { VerificationResult::GoodChecksum { sig: sig.clone(), @@ -1440,6 +1441,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { sig.key_flags().for_signing() // Check expiry. && sig.signature_alive(time, tolerance) + .is_ok() && sig.key_alive(key, time) } else { false @@ -1595,6 +1597,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { if sig.verify(key).unwrap_or(false) && sig.signature_alive( self.time, self.clock_skew_tolerance) + .is_ok() { // Check intended recipients. if let Some(identity) = diff --git a/openpgp/src/serialize/cert_armored.rs b/openpgp/src/serialize/cert_armored.rs index 35171b54..480c232b 100644 --- a/openpgp/src/serialize/cert_armored.rs +++ b/openpgp/src/serialize/cert_armored.rs @@ -40,7 +40,7 @@ impl Cert { // Ignore userids not "alive". }).filter_map(|uidb| { if uidb.binding_signature(None)? - .signature_alive(None, None) + .signature_alive(None, None).is_ok() { Some(uidb) } else { |