diff options
-rw-r--r-- | openpgp-ffi/src/parse/stream.rs | 9 | ||||
-rw-r--r-- | openpgp/src/packet/key/mod.rs | 1 | ||||
-rw-r--r-- | openpgp/src/parse/stream.rs | 64 | ||||
-rw-r--r-- | tool/src/commands/mod.rs | 7 |
4 files changed, 36 insertions, 45 deletions
diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs index b96a84ef..76d19785 100644 --- a/openpgp-ffi/src/parse/stream.rs +++ b/openpgp-ffi/src/parse/stream.rs @@ -190,7 +190,7 @@ fn $fn_name<'a>( -> bool { use self::stream::VerificationResult::*; - if let $variant { sig, cert, key, binding, revoked } = result.ref_raw() { + if let $variant { sig, cert, ka, time } = result.ref_raw() { if let Some(mut p) = sig_r { *unsafe { p.as_mut() } = sig.move_into_raw(); } @@ -199,17 +199,18 @@ fn $fn_name<'a>( } if let Some(mut p) = key_r { *unsafe { p.as_mut() } = { - let key = key + let key = ka.key() .mark_parts_unspecified_ref() .mark_role_unspecified_ref(); key.move_into_raw() }; } if let Some(mut p) = binding_r { - *unsafe { p.as_mut() } = binding.move_into_raw(); + *unsafe { p.as_mut() } = + ka.binding_signature(*time).move_into_raw(); } if let Some(mut p) = revocation_status_r { - *unsafe { p.as_mut() } = revoked.move_into_raw(); + *unsafe { p.as_mut() } = ka.revoked(*time).move_into_raw(); } true } else { diff --git a/openpgp/src/packet/key/mod.rs b/openpgp/src/packet/key/mod.rs index ce49c7ce..5d0151ef 100644 --- a/openpgp/src/packet/key/mod.rs +++ b/openpgp/src/packet/key/mod.rs @@ -141,6 +141,7 @@ pub(crate) type SecretSubkey = Key<SecretParts, SubordinateRole>; /// A key with public parts, and an unspecified role /// (`UnspecifiedRole`). +#[allow(dead_code)] pub(crate) type UnspecifiedPublic = Key<PublicParts, UnspecifiedRole>; /// A key with secret parts, and an unspecified role /// (`UnspecifiedRole`). diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 7cde6e17..fda80f62 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -41,10 +41,10 @@ use crate::{ KeyID, Packet, Result, - RevocationStatus, packet, packet::Signature, Cert, + cert::KeyAmalgamation, crypto::SessionKey, serialize::Serialize, }; @@ -177,13 +177,10 @@ pub enum VerificationResult<'a> { cert: &'a Cert, /// The signing key that made the signature. - key: &'a key::UnspecifiedPublic, + ka: KeyAmalgamation<'a, key::PublicParts>, - /// The signing key's binding signature. - binding: Option<&'a Signature>, - - /// The signing key's revocation status - revoked: RevocationStatus<'a>, + /// The time at which the signature is evaluated. + time: time::SystemTime, }, /// The signature is good, but it is not alive at the specified @@ -199,13 +196,10 @@ pub enum VerificationResult<'a> { cert: &'a Cert, /// The signing key that made the signature. - key: &'a key::UnspecifiedPublic, - - /// The signing key's binding signature. - binding: Option<&'a Signature>, + ka: KeyAmalgamation<'a, key::PublicParts>, - /// The signing key's revocation status - revoked: RevocationStatus<'a>, + /// The time at which the signature is evaluated. + time: time::SystemTime, }, /// Unable to verify the signature because the key is missing. @@ -223,13 +217,10 @@ pub enum VerificationResult<'a> { cert: &'a Cert, /// The signing key that made the signature. - key: &'a key::UnspecifiedPublic, + ka: KeyAmalgamation<'a, key::PublicParts>, - /// The signing key's binding signature. - binding: Option<&'a Signature>, - - /// The signing key's revocation status - revoked: RevocationStatus<'a>, + /// The time at which the signature is evaluated. + time: time::SystemTime, }, } @@ -698,32 +689,30 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { for issuer in sig.get_issuers() { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys().policy(self.time).nth(*j).unwrap(); - let binding = ka.binding_signature(self.time); - let revoked = ka.revoked(self.time); - let key = ka.key(); - results.push_verification_result( - if sig.verify(key).unwrap_or(false) { + if sig.verify(ka.key()).unwrap_or(false) { if sig.signature_alive( self.time, self.clock_skew_tolerance) .is_ok() { VerificationResult::GoodChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } else { VerificationResult::NotAlive { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } } else { VerificationResult::BadChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } ); @@ -1595,14 +1584,9 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { for issuer in sig.get_issuers() { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys().policy(self.time).nth(*j).unwrap(); - let binding = ka.binding_signature(self.time); - let revoked = ka.revoked(self.time); - let key = ka.key(); - results.push_verification_result( - if sig.verify(key).unwrap_or(false) && + if sig.verify(ka.key()).unwrap_or(false) && sig.signature_alive( self.time, self.clock_skew_tolerance) .is_ok() @@ -1624,26 +1608,30 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { VerificationResult::BadChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } else { VerificationResult::GoodChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } } else { // No identity information. VerificationResult::GoodChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } } else { VerificationResult::BadChecksum { sig: sig.clone(), - cert, key, binding, revoked, + cert, ka, + time: self.time, } } ); diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 77b0d051..12ca6c6a 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -252,9 +252,10 @@ impl<'a> VHelper<'a> { } let (issuer, level) = match result { - GoodChecksum { sig, key, .. } - | NotAlive { sig, key, .. } - | BadChecksum { sig, key, .. } => (key.keyid(), sig.level()), + GoodChecksum { sig, ka, .. } + | NotAlive { sig, ka, .. } + | BadChecksum { sig, ka, .. } => + (ka.key().keyid(), sig.level()), MissingKey { .. } => unreachable!("handled above"), }; |