lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Wrap the cause of signature verification errors.

Browse source 
Instead of swallowing the cause of verification errors,
we use error wrapping to communicate the cause to the caller.
This commit is contained in:
M. Thiercelin 2023-03-06 13:52:17 +01:00
parent 58dbea76e7
commit e9fca4d62f
No known key found for this signature in database
GPG key ID: 29581E7E24EBEC0A
5 changed files with 48 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

26
crypto/signature.go
View file

@ -29,23 +29,33 @@ var allowedHashes = []crypto.Hash{
type SignatureVerificationError struct {
Status int
Message string
Cause error
}
// Error is the base method for all errors.
func (e SignatureVerificationError) Error() string {
if e.Cause != nil {
return fmt.Sprintf("Signature Verification Error: %v caused by %v", e.Message, e.Cause)
}
return fmt.Sprintf("Signature Verification Error: %v", e.Message)
}
// Unwrap returns the cause of failure.
func (e SignatureVerificationError) Unwrap() error {
return e.Cause
}
// ------------------
// Internal functions
// ------------------
// newSignatureFailed creates a new SignatureVerificationError, type
// SignatureFailed.
func newSignatureFailed() SignatureVerificationError {
func newSignatureFailed(cause error) SignatureVerificationError {
return SignatureVerificationError{
Status: constants.SIGNATURE_FAILED,
Message: "Invalid signature",
Cause: cause,
}
}
@ -108,7 +118,7 @@ func verifyDetailsSignature(md *openpgp.MessageDetails, verifierKey *KeyRing) er
return newSignatureNoVerifier()
}
if md.SignatureError != nil {
return newSignatureFailed()
return newSignatureFailed(md.SignatureError)
}
if md.Signature == nil ||
md.Signature.Hash < allowedHashes[0] ||
@ -238,21 +248,25 @@ func verifySignature(
_, err = signatureReader.Seek(0, io.SeekStart)
if err != nil {
return nil, newSignatureFailed()
return nil, newSignatureFailed(err)
}
sig, signer, err = openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
}
}
if err != nil || sig == nil || signer == nil {
return nil, newSignatureFailed()
if err != nil {
return nil, newSignatureFailed(err)
}
if sig == nil || signer == nil {
return nil, newSignatureFailed(errors.New("gopenpgp: no signer or valid signature"))
}
if verificationContext != nil {
err := verificationContext.verifyContext(sig)
if err != nil {
return nil, newSignatureFailed()
return nil, newSignatureFailed(err)
}
}