keyfork-shard: validate signatures using shard-specific validation requirements

This commit is contained in:
Ryan Heywood 2024-04-10 15:17:30 -04:00
parent f96ad11422
commit 194d475d59
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
2 changed files with 32 additions and 11 deletions

View File

@ -84,13 +84,23 @@ impl<P: PromptHandler> VerificationHelper for &mut Keyring<P> {
aead_algo, aead_algo,
} => {} } => {}
MessageLayer::SignatureGroup { results } => { MessageLayer::SignatureGroup { results } => {
for result in results { match &results[..] {
if let Err(e) = result { [Ok(_)] => {
return Ok(());
}
_ => {
// FIXME: anyhow leak: VerificationError impl std::error::Error // FIXME: anyhow leak: VerificationError impl std::error::Error
// return Err(e.context("Invalid signature")); // return Err(e.context("Invalid signature"));
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
}
}
/*
for result in results {
if let Err(e) = result {
return Err(anyhow::anyhow!("Invalid signature: {e}")); return Err(anyhow::anyhow!("Invalid signature: {e}"));
} }
} }
*/
} }
} }
} }

View File

@ -193,12 +193,23 @@ impl<P: PromptHandler> VerificationHelper for &mut SmartcardManager<P> {
aead_algo, aead_algo,
} => {} } => {}
MessageLayer::SignatureGroup { results } => { MessageLayer::SignatureGroup { results } => {
for result in results { match &results[..] {
if let Err(e) = result { [Ok(_)] => {
// FIXME: anyhow leak return Ok(());
return Err(anyhow::anyhow!("Verification error: {}", e.to_string())); }
_ => {
// FIXME: anyhow leak: VerificationError impl std::error::Error
// return Err(e.context("Invalid signature"));
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
} }
} }
/*
for result in results {
if let Err(e) = result {
return Err(anyhow::anyhow!("Invalid signature: {e}"));
}
}
*/
} }
} }
} }
@ -264,11 +275,11 @@ impl<P: PromptHandler> DecryptionHelper for &mut SmartcardManager<P> {
} else { } else {
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ") format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
}; };
let temp_pin = let temp_pin = self
self.pm .pm
.lock() .lock()
.expect(bug!(POISONED_MUTEX)) .expect(bug!(POISONED_MUTEX))
.prompt_validated_passphrase(&message, 3, &pin_validator)?; .prompt_validated_passphrase(&message, 3, &pin_validator)?;
let verification_status = transaction.verify_user_pin(temp_pin.as_str().trim()); let verification_status = transaction.verify_user_pin(temp_pin.as_str().trim());
match verification_status { match verification_status {
#[allow(clippy::ignored_unit_patterns)] #[allow(clippy::ignored_unit_patterns)]