diff --git a/CHANGELOG.md b/CHANGELOG.md index aedec55..7b7b774 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - The `SignatureVerificationError` struct now has a `Cause error` field, which is returned by the the Unwrap function. The cause is also included in the error message. NB: If the caller was relying on the exact message of the error, it might break the flow. +- When a signature fails verification because of the signature context, it returns a `SignatureVerificationError` with +status `constants.SIGNATURE_BAD_CONTEXT` instead of `constants.SIGNATURE_FAILED`. ## [2.6.1] 2023-03-22 diff --git a/constants/cipher.go b/constants/cipher.go index 970960c..ab8c72e 100644 --- a/constants/cipher.go +++ b/constants/cipher.go @@ -15,6 +15,7 @@ const ( SIGNATURE_NOT_SIGNED int = 1 SIGNATURE_NO_VERIFIER int = 2 SIGNATURE_FAILED int = 3 + SIGNATURE_BAD_CONTEXT int = 4 ) const DefaultCompression = 2 // ZLIB diff --git a/crypto/signature.go b/crypto/signature.go index bc34184..e376c28 100644 --- a/crypto/signature.go +++ b/crypto/signature.go @@ -3,7 +3,6 @@ package crypto import ( "bytes" "crypto" - "errors" "fmt" "io" "math" @@ -12,6 +11,7 @@ import ( "github.com/ProtonMail/go-crypto/openpgp" pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors" "github.com/ProtonMail/go-crypto/openpgp/packet" + "github.com/pkg/errors" "github.com/ProtonMail/gopenpgp/v2/constants" "github.com/ProtonMail/gopenpgp/v2/internal" @@ -51,6 +51,14 @@ func (e SignatureVerificationError) Unwrap() error { // newSignatureFailed creates a new SignatureVerificationError, type // SignatureFailed. +func newSignatureBadContext(cause error) SignatureVerificationError { + return SignatureVerificationError{ + Status: constants.SIGNATURE_BAD_CONTEXT, + Message: "Invalid signature context", + Cause: cause, + } +} + func newSignatureFailed(cause error) SignatureVerificationError { return SignatureVerificationError{ Status: constants.SIGNATURE_FAILED, @@ -266,7 +274,7 @@ func verifySignature( if verificationContext != nil { err := verificationContext.verifyContext(sig) if err != nil { - return nil, newSignatureFailed(err) + return nil, newSignatureBadContext(err) } } diff --git a/crypto/signature_test.go b/crypto/signature_test.go index d2f9166..fa0c649 100644 --- a/crypto/signature_test.go +++ b/crypto/signature_test.go @@ -75,7 +75,7 @@ func TestVerifyTextDetachedSig(t *testing.T) { } } -func checkVerificationError(t *testing.T, err error, expectedStatus int) { //nolint: unparam +func checkVerificationError(t *testing.T, err error, expectedStatus int) { if err == nil { t.Fatalf("Expected a verification error") } @@ -435,7 +435,7 @@ func Test_VerifyDetachedWithWrongContext(t *testing.T) { verificationContext, ) // then - checkVerificationError(t, err, constants.SIGNATURE_FAILED) + checkVerificationError(t, err, constants.SIGNATURE_BAD_CONTEXT) } func Test_VerifyDetachedWithMissingNonRequiredContext(t *testing.T) { @@ -491,7 +491,7 @@ func Test_VerifyDetachedWithMissingRequiredContext(t *testing.T) { verificationContext, ) // then - checkVerificationError(t, err, constants.SIGNATURE_FAILED) + checkVerificationError(t, err, constants.SIGNATURE_BAD_CONTEXT) } func Test_VerifyDetachedWithMissingRequiredContextBeforeCutoff(t *testing.T) { @@ -561,7 +561,7 @@ func Test_VerifyDetachedWithMissingRequiredContextAfterCutoff(t *testing.T) { verificationContext, ) // then - checkVerificationError(t, err, constants.SIGNATURE_FAILED) + checkVerificationError(t, err, constants.SIGNATURE_BAD_CONTEXT) } func Test_VerifyDetachedWithDoubleContext(t *testing.T) { @@ -587,5 +587,5 @@ func Test_VerifyDetachedWithDoubleContext(t *testing.T) { verificationContext, ) // then - checkVerificationError(t, err, constants.SIGNATURE_FAILED) + checkVerificationError(t, err, constants.SIGNATURE_BAD_CONTEXT) }