diff options
| -rw-r--r-- | guide/src/chapter_01.md | 12 | ||||
| -rw-r--r-- | ipc/examples/gpg-agent-decrypt.rs | 4 | ||||
| -rw-r--r-- | ipc/tests/gpg-agent.rs | 2 | ||||
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 3 | ||||
| -rw-r--r-- | openpgp-ffi/src/parse/stream.rs | 27 | ||||
| -rw-r--r-- | openpgp/examples/decrypt-with.rs | 3 | ||||
| -rw-r--r-- | openpgp/examples/generate-sign-verify.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 16 | ||||
| -rw-r--r-- | tool/src/commands/mod.rs | 18 |
9 files changed, 87 insertions, 0 deletions
diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index 3c0ab811..9770e089 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -125,6 +125,9 @@ fn main() { # Some(VerificationResult::MissingKey { .. }) => # return Err(failure::err_msg( # "Missing key to verify signature")), +# Some(VerificationResult::Error { error, .. }) => +# return Err(failure::err_msg( +# format!("Bad signature: {:?}", error))), # Some(VerificationResult::BadChecksum { .. }) => # return Err(failure::err_msg("Bad signature")), # None => @@ -270,6 +273,9 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # Some(VerificationResult::MissingKey { .. }) => # return Err(failure::err_msg( # "Missing key to verify signature")), +# Some(VerificationResult::Error { error, .. }) => +# return Err(failure::err_msg( +# format!("Bad signature: {:?}", error))), # Some(VerificationResult::BadChecksum { .. }) => # return Err(failure::err_msg("Bad signature")), # None => @@ -415,6 +421,9 @@ fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) # Some(VerificationResult::MissingKey { .. }) => # return Err(failure::err_msg( # "Missing key to verify signature")), +# Some(VerificationResult::Error { error, .. }) => +# return Err(failure::err_msg( +# format!("Bad signature: {:?}", error))), # Some(VerificationResult::BadChecksum { .. }) => # return Err(failure::err_msg("Bad signature")), # None => @@ -571,6 +580,9 @@ impl<'a> VerificationHelper for Helper<'a> { Some(VerificationResult::MissingKey { .. }) => return Err(failure::err_msg( "Missing key to verify signature")), + Some(VerificationResult::Error { error, .. }) => + return Err(failure::err_msg( + format!("Bad signature: {:?}", error))), Some(VerificationResult::BadChecksum { .. }) => return Err(failure::err_msg("Bad signature")), None => diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index fe692689..8b39762c 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -146,6 +146,10 @@ impl<'a> VerificationHelper for Helper<'a> { BadChecksum { cert, .. } => { eprintln!("Bad signature from {}", cert); }, + Error { error, .. } => { + eprintln!("Error verifying signature: {}", + error); + }, } } } diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index 2176d467..5461d7a6 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -172,6 +172,8 @@ fn sign() { "Missing key to verify signature")), Some(VerificationResult::BadChecksum { .. }) => return Err(failure::err_msg("Bad signature")), + Some(VerificationResult::Error { error, .. }) => + return Err(error), None => return Err(failure::err_msg("No signature")), } diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 1a27fad9..32794aa3 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -1728,6 +1728,9 @@ bool pgp_verification_result_bad_checksum (pgp_verification_result_t, pgp_key_t *, pgp_signature_t *, pgp_revocation_status_t *); +bool pgp_verification_result_error (pgp_verification_result_t, + pgp_signature_t *, + pgp_error_t *); /*/ /// Decrypts an OpenPGP message. diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs index 9780da0c..2bc43280 100644 --- a/openpgp-ffi/src/parse/stream.rs +++ b/openpgp-ffi/src/parse/stream.rs @@ -173,6 +173,7 @@ fn pgp_verification_result_variant(result: *const VerificationResult) MissingKey { .. } => 2, BadChecksum { .. } => 3, NotAlive { .. } => 4, + Error { .. } => 5, } } @@ -263,6 +264,32 @@ fn pgp_verification_result_missing_key<'a>( /// members in `sig_r` and the like iff `sig_r != NULL`. make_decomposition_fn!(pgp_verification_result_bad_checksum, BadChecksum); +/// Decomposes a `VerificationResult::Error`. +/// +/// Returns `true` iff the given value is a +/// `VerificationResult::Error`, and returns the variants members +/// in `sig_r` and the like iff `sig_r != NULL`. +#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" +fn pgp_verification_result_error<'a>( + result: *const VerificationResult<'a>, + sig_r: Maybe<*mut Signature>, + err_r: Maybe<*mut crate::error::Error>) + -> bool +{ + use self::stream::VerificationResult::*; + if let Error { sig, error, .. } = result.ref_raw() { + if let Some(mut p) = sig_r { + *unsafe { p.as_mut() } = sig.move_into_raw(); + } + if let Some(mut p) = err_r { + *unsafe { p.as_mut() } = error.move_into_raw(); + } + true + } else { + false + } +} + /// Passed as the first argument to the callbacks used by pgp_verify /// and pgp_decrypt. pub struct HelperCookie { diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 35393924..2892761e 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -135,6 +135,9 @@ impl VerificationHelper for Helper { BadChecksum { cert, .. } => { eprintln!("Bad signature from {}", cert); }, + Error { error, .. } => { + eprintln!("Error: {}", error); + }, } } } diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index 65202609..fefc8a20 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -118,6 +118,8 @@ impl<'a> VerificationHelper for Helper<'a> { "Missing key to verify signature")), Some(VerificationResult::BadChecksum { .. }) => return Err(failure::err_msg("Bad signature")), + Some(VerificationResult::Error { error, .. }) => + return Err(error), None => return Err(failure::err_msg("No signature")), } diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index fd278e16..336f64e0 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -212,6 +212,20 @@ pub enum VerificationResult<'a> { /// The signing key that made the signature. ka: KeyAmalgamation<'a, key::PublicParts>, }, + + /// An error occured while verifying the signature. + /// + /// This could occur if the signature is invalid (e.g., no + /// Signature Creation Time packet), the key is invalid (e.g., the + /// key is not alive, the key is revoked, the key is not signing + /// capable), etc. + Error { + /// The signature. + sig: Signature, + + /// The reason. + error: failure::Error, + }, } impl<'a> VerificationResult<'a> { @@ -223,6 +237,7 @@ impl<'a> VerificationResult<'a> { NotAlive { sig, .. } => sig.level(), MissingKey { sig, .. } => sig.level(), BadChecksum { sig, .. } => sig.level(), + Error { sig, .. } => sig.level(), } } } @@ -1772,6 +1787,7 @@ mod test { MissingKey { .. } => self.unknown += 1, NotAlive { .. } => self.bad += 1, BadChecksum { .. } => self.bad += 1, + Error { .. } => self.bad += 1, } } MessageLayer::Compression { .. } => (), diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 25b94198..a8e8a93b 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -192,6 +192,7 @@ struct VHelper<'a> { unknown_checksums: usize, bad_signatures: usize, bad_checksums: usize, + broken_signatures: usize, } impl<'a> VHelper<'a> { @@ -210,6 +211,7 @@ impl<'a> VHelper<'a> { unknown_checksums: 0, bad_signatures: 0, bad_checksums: 0, + broken_signatures: 0, } } @@ -230,6 +232,7 @@ impl<'a> VHelper<'a> { p(&mut dirty, "unknown checksum", self.unknown_checksums); p(&mut dirty, "bad signature", self.bad_signatures); p(&mut dirty, "bad checksum", self.bad_checksums); + p(&mut dirty, "broken signatures", self.broken_signatures); if dirty { eprintln!("."); } @@ -238,6 +241,19 @@ impl<'a> VHelper<'a> { fn print_sigs(&mut self, results: &[VerificationResult]) { use self::VerificationResult::*; for result in results { + if let Error { sig, error } = result { + let issuer = sig.get_issuers().iter().nth(0) + .expect("key has an issuer") + .to_string(); + let what = match sig.level() { + 0 => "checksum".into(), + n => format!("level {} notarizing checksum", n), + }; + eprintln!("Error verifying {} from {}: {}", + what, issuer, error); + self.broken_signatures += 1; + continue; + } if let MissingKey { sig } = result { let issuer = sig.get_issuers().iter().nth(0) .expect("missing key checksum has an issuer") @@ -257,6 +273,7 @@ impl<'a> VHelper<'a> { | BadChecksum { sig, ka, .. } => (ka.key().keyid(), sig.level()), MissingKey { .. } => unreachable!("handled above"), + Error { .. } => unreachable!("handled above"), }; let trusted = self.trusted.contains(&issuer); @@ -297,6 +314,7 @@ impl<'a> VHelper<'a> { } }, MissingKey { .. } => unreachable!("handled above"), + Error { .. } => unreachable!("handled above"), } } } |