1 use anyhow
::{bail, Error}
;
6 DetachedVerifierBuilder
, MessageLayer
, MessageStructure
, VerificationError
,
7 VerificationHelper
, VerifierBuilder
,
11 policy
::StandardPolicy
,
17 use crate::config
::WeakCryptoConfig
;
23 impl<'a
> VerificationHelper
for Helper
<'a
> {
24 fn get_certs(&mut self, _ids
: &[KeyHandle
]) -> sequoia_openpgp
::Result
<Vec
<Cert
>> {
25 // Return public keys for signature verification here.
26 Ok(vec
![self.cert
.clone()])
29 fn check(&mut self, structure
: MessageStructure
) -> sequoia_openpgp
::Result
<()> {
30 // In this function, we implement our signature verification policy.
34 // we don't want compression and/or encryption
35 if structure
.len() > 1 || structure
.is_empty() {
37 "unexpected GPG message structure - expected plain signed data, got {} layers!",
41 let layer
= &structure
[0];
42 let mut errors
= Vec
::new();
44 MessageLayer
::SignatureGroup { results }
=> {
45 // We possibly have multiple signatures, but not all keys, so `or` all the individual results.
46 for result
in results
{
49 Err(e
) => errors
.push(e
),
53 _
=> return Err(anyhow
::anyhow
!("Unexpected message structure")),
57 Ok(()) // Good signature.
60 eprintln
!("\nEncountered {} errors:", errors
.len());
63 for (n
, err
) in errors
.iter().enumerate() {
65 eprintln
!("\nSignature #{n}: {err}");
70 VerificationError
::MalformedSignature { error, .. }
71 | VerificationError
::UnboundKey { error, .. }
72 | VerificationError
::BadKey { error, .. }
73 | VerificationError
::BadSignature { error, .. }
=> {
74 let mut cause
= error
.chain();
76 cause
.next(); // already included in `err` above
77 eprintln
!("Caused by:");
78 for (n
, e
) in cause
.enumerate() {
79 eprintln
!("\t{n}: {e}");
83 VerificationError
::MissingKey { .. }
=> {}
// doesn't contain a cause
87 Err(anyhow
::anyhow
!("No valid signature found."))
92 /// Verifies GPG-signed `msg` was signed by `key`, returning the verified data without signature.
93 pub(crate) fn verify_signature(
96 detached_sig
: Option
<&[u8]>,
97 weak_crypto
: &WeakCryptoConfig
,
98 ) -> Result
<Vec
<u8>, Error
> {
99 let cert
= Cert
::from_bytes(key
)?
;
101 let mut policy
= StandardPolicy
::new();
102 if weak_crypto
.allow_sha1
{
103 policy
.accept_hash(HashAlgorithm
::SHA1
);
105 if let Some(min_dsa
) = weak_crypto
.min_dsa_key_size
{
107 policy
.accept_asymmetric_algo(sequoia_openpgp
::policy
::AsymmetricAlgorithm
::DSA1024
);
110 if let Some(min_rsa
) = weak_crypto
.min_rsa_key_size
{
112 policy
.accept_asymmetric_algo(sequoia_openpgp
::policy
::AsymmetricAlgorithm
::RSA1024
);
116 let helper
= Helper { cert: &cert }
;
118 let verified
= if let Some(sig
) = detached_sig
{
120 DetachedVerifierBuilder
::from_bytes(sig
)?
.with_policy(&policy
, None
, helper
)?
;
121 verifier
.verify_bytes(msg
)?
;
124 let mut verified
= Vec
::new();
125 let mut verifier
= VerifierBuilder
::from_bytes(msg
)?
.with_policy(&policy
, None
, helper
)?
;
126 let bytes
= io
::copy(&mut verifier
, &mut verified
)?
;
127 println
!("{bytes} bytes verified");
128 if !verifier
.message_processed() {
129 bail
!("Failed to verify message!");