keyfork-shard: validate signatures using shard-specific validation requirements

2024-04-10 15:17:30 -04:00 · 2024-04-10 15:17:30 -04:00 · 194d475d59
parent f96ad11422
commit 194d475d59
2 changed files with 32 additions and 11 deletions
--- a/crates/keyfork-shard/src/openpgp/keyring.rs
+++ b/crates/keyfork-shard/src/openpgp/keyring.rs
@ -84,13 +84,23 @@ impl<P: PromptHandler> VerificationHelper for &mut Keyring<P> {
                    aead_algo,
                } => {}
                MessageLayer::SignatureGroup { results } => {
-                    for result in results {
-                        if let Err(e) = result {
+                    match &results[..] {
+                        [Ok(_)] => {
+                            return Ok(());
+                        }
+                        _ => {
                            // FIXME: anyhow leak: VerificationError impl std::error::Error
                            // return Err(e.context("Invalid signature"));
+                            return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
+                        }
+                    }
+                    /*
+                    for result in results {
+                        if let Err(e) = result {
                            return Err(anyhow::anyhow!("Invalid signature: {e}"));
                        }
                    }
+                    */
                }
            }
        }
--- a/crates/keyfork-shard/src/openpgp/smartcard.rs
+++ b/crates/keyfork-shard/src/openpgp/smartcard.rs
@ -193,12 +193,23 @@ impl<P: PromptHandler> VerificationHelper for &mut SmartcardManager<P> {
                    aead_algo,
                } => {}
                MessageLayer::SignatureGroup { results } => {
-                    for result in results {
-                        if let Err(e) = result {
-                            // FIXME: anyhow leak
-                            return Err(anyhow::anyhow!("Verification error: {}", e.to_string()));
+                    match &results[..] {
+                        [Ok(_)] => {
+                            return Ok(());
+                        }
+                        _ => {
+                            // FIXME: anyhow leak: VerificationError impl std::error::Error
+                            // return Err(e.context("Invalid signature"));
+                            return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
                        }
                    }
+                    /*
+                    for result in results {
+                        if let Err(e) = result {
+                            return Err(anyhow::anyhow!("Invalid signature: {e}"));
+                        }
+                    }
+                    */
                }
            }
        }
@ -264,11 +275,11 @@ impl<P: PromptHandler> DecryptionHelper for &mut SmartcardManager<P> {
            } else {
                format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
            };
-            let temp_pin =
-                self.pm
-                    .lock()
-                    .expect(bug!(POISONED_MUTEX))
-                    .prompt_validated_passphrase(&message, 3, &pin_validator)?;
+            let temp_pin = self
+                .pm
+                .lock()
+                .expect(bug!(POISONED_MUTEX))
+                .prompt_validated_passphrase(&message, 3, &pin_validator)?;
            let verification_status = transaction.verify_user_pin(temp_pin.as_str().trim());
            match verification_status {
                #[allow(clippy::ignored_unit_patterns)]