keyfork-shard: validate signatures using shard-specific validation requirements
This commit is contained in:
parent
f96ad11422
commit
194d475d59
|
@ -84,13 +84,23 @@ impl<P: PromptHandler> VerificationHelper for &mut Keyring<P> {
|
||||||
aead_algo,
|
aead_algo,
|
||||||
} => {}
|
} => {}
|
||||||
MessageLayer::SignatureGroup { results } => {
|
MessageLayer::SignatureGroup { results } => {
|
||||||
for result in results {
|
match &results[..] {
|
||||||
if let Err(e) = result {
|
[Ok(_)] => {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
_ => {
|
||||||
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
||||||
// return Err(e.context("Invalid signature"));
|
// return Err(e.context("Invalid signature"));
|
||||||
|
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
for result in results {
|
||||||
|
if let Err(e) = result {
|
||||||
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -193,12 +193,23 @@ impl<P: PromptHandler> VerificationHelper for &mut SmartcardManager<P> {
|
||||||
aead_algo,
|
aead_algo,
|
||||||
} => {}
|
} => {}
|
||||||
MessageLayer::SignatureGroup { results } => {
|
MessageLayer::SignatureGroup { results } => {
|
||||||
for result in results {
|
match &results[..] {
|
||||||
if let Err(e) = result {
|
[Ok(_)] => {
|
||||||
// FIXME: anyhow leak
|
return Ok(());
|
||||||
return Err(anyhow::anyhow!("Verification error: {}", e.to_string()));
|
}
|
||||||
|
_ => {
|
||||||
|
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
||||||
|
// return Err(e.context("Invalid signature"));
|
||||||
|
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
for result in results {
|
||||||
|
if let Err(e) = result {
|
||||||
|
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -264,11 +275,11 @@ impl<P: PromptHandler> DecryptionHelper for &mut SmartcardManager<P> {
|
||||||
} else {
|
} else {
|
||||||
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
|
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
|
||||||
};
|
};
|
||||||
let temp_pin =
|
let temp_pin = self
|
||||||
self.pm
|
.pm
|
||||||
.lock()
|
.lock()
|
||||||
.expect(bug!(POISONED_MUTEX))
|
.expect(bug!(POISONED_MUTEX))
|
||||||
.prompt_validated_passphrase(&message, 3, &pin_validator)?;
|
.prompt_validated_passphrase(&message, 3, &pin_validator)?;
|
||||||
let verification_status = transaction.verify_user_pin(temp_pin.as_str().trim());
|
let verification_status = transaction.verify_user_pin(temp_pin.as_str().trim());
|
||||||
match verification_status {
|
match verification_status {
|
||||||
#[allow(clippy::ignored_unit_patterns)]
|
#[allow(clippy::ignored_unit_patterns)]
|
||||||
|
|
Loading…
Reference in New Issue