diff options
author | Kees Cook <keescook@chromium.org> | 2021-10-01 19:57:17 -0700 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-10-04 16:20:59 -0400 |
commit | 4870cf5db4325622ee68f6a47f920e5faea3ffff (patch) | |
tree | 71d542687f0ab18dafdd070d1b921cbd2123d310 | |
parent | 05c27c25caa82f590648ebc8d6a6c56d1d8acc28 (diff) | |
download | patatt-4870cf5db4325622ee68f6a47f920e5faea3ffff.tar.gz |
validation: Report lack of signature
If we're trying to cryptographically validate a message, not having a
signature is not a success (exit 0). Use a specific return code for this
condition and report it.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r-- | patatt/__init__.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/patatt/__init__.py b/patatt/__init__.py index 85b4778..2e33bce 100644 --- a/patatt/__init__.py +++ b/patatt/__init__.py @@ -36,6 +36,7 @@ DEVKEY_HDR = b'X-Developer-Key' # Result and severity levels RES_VALID = 0 +RES_NOSIG = 4 RES_NOKEY = 8 RES_ERROR = 16 RES_BADSIG = 32 @@ -919,6 +920,7 @@ def validate_message(msgdata: bytes, sources: list, trim_body: bool = False) -> pm = PatattMessage(msgdata) if not pm.signed: logger.debug('message is not signed') + attestations.append((RES_NOSIG, None, None, None, None, ['no signatures found'])) return attestations # Find all identities for which we have public keys @@ -1019,6 +1021,10 @@ def cmd_validate(cmdargs, config: dict): logger.info(' | key: %s', keysrc) else: logger.info(' | key: default GnuPG keyring') + elif result <= RES_NOSIG: + logger.critical(' NOSIG | %s', fn) + for error in errors: + logger.critical(' | %s', error) elif result <= RES_NOKEY: logger.critical(' NOKEY | %s, %s', identity, fn) for error in errors: |