openpgp: Raise error conditions instead of calling 'error'.

* guix/openpgp.scm (&openpgp-error, &openpgp-unrecognized-packet-error)
(&openpgp-invalid-signature-error): New error conditions.
(openpgp-hash-algorithm): Add 'signature-port' parameter.  Raise an
error condition instead of calling 'error'.
(parse-subpackets): Likewise.
(get-data): Raise instead of calling 'error'.
(get-openpgp-detached-signature/ascii): Likewise.
(get-signature): Likewise.
This commit is contained in:
Ludovic Courtès 2020-05-02 23:44:00 +02:00
parent 041dc3a9c0
commit 05d973eef2
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -31,6 +31,12 @@ (define-module (guix openpgp)
verify-openpgp-signature
port-ascii-armored?
openpgp-error?
openpgp-unrecognized-packet-error?
openpgp-unrecognized-packet-error-port
openpgp-invalid-signature-error?
openpgp-invalid-signature-error-port
openpgp-signature?
openpgp-signature-issuer-key-id
openpgp-signature-issuer-fingerprint
@ -119,6 +125,19 @@ (define (string-hex-pad str)
(define (unixtime n)
(time-monotonic->date (make-time 'time-monotonic 0 n)))
;; Root of the error hierarchy.
(define-condition-type &openpgp-error &error
openpgp-error?)
;; Error raised when reading an unsupported or unrecognized packet tag.
(define-condition-type &openpgp-unrecognized-packet-error &openpgp-error
openpgp-unrecognized-packet-error?
(port openpgp-unrecognized-packet-error-port))
;; Error raised when reading an invalid signature packet.
(define-condition-type &openpgp-invalid-signature-error &openpgp-error
(port openpgp-invalid-signature-error-port))
;;;
;;; Bitwise I/O.
@ -312,7 +331,7 @@ (define HASH-SHA-384 9)
(define HASH-SHA-512 10)
(define HASH-SHA-224 11)
(define (openpgp-hash-algorithm id)
(define (openpgp-hash-algorithm id signature-port)
(cond ((= id HASH-MD5) 'md5)
((= id HASH-SHA-1) 'sha1)
((= id HASH-RIPE-MD160) 'rmd160)
@ -320,7 +339,9 @@ (define (openpgp-hash-algorithm id)
((= id HASH-SHA-384) 'sha384)
((= id HASH-SHA-512) 'sha512)
((= id HASH-SHA-224) 'sha224)
(else (error "unknown hash algorithm" id))))
(else
(raise (condition
(&openpgp-invalid-signature-error (port signature-port)))))))
(define COMPRESSION-UNCOMPRESSED 0)
(define COMPRESSION-ZIP 1) ;deflate
@ -455,7 +476,7 @@ (define (get-data p tag len)
((= tag PACKET-ONE-PASS-SIGNATURE)
'one-pass-signature) ;TODO: implement
(else
(error 'get-data "Unsupported packet type" tag)))))
(raise (condition (&openpgp-unrecognized-packet-error (port p))))))))
(define-record-type <openpgp-public-key>
(make-openpgp-public-key version subkey? time value fingerprint)
@ -509,7 +530,9 @@ (define (get-openpgp-detached-signature/ascii port)
((string=? type "PGP SIGNATURE")
(get-packet (open-bytevector-input-port data)))
(else
(error "expected PGP SIGNATURE" type)))))
(print "expected PGP SIGNATURE" type)
(raise (condition
(&openpgp-invalid-signature-error (port port))))))))
(define (hash-algorithm-name algorithm) ;XXX: should be in Guile-Gcrypt
"Return the name of ALGORITHM, a 'hash-algorithm' integer, as a symbol."
@ -626,15 +649,17 @@ (define (bytevector->hex bv)
(let-values (((hmlen type ctime keyid pkalg halg hashl16)
(get-integers p u8 u8 u32 u64 u8 u8 u16)))
(unless (= hmlen 5)
(error "invalid signature packet"))
(raise (condition
(&openpgp-invalid-signature-error (port p)))))
(print "Signature type: " type " creation time: " (unixtime ctime))
(print "Hash algorithm: " (openpgp-hash-algorithm halg))
(print "Hash algorithm: " (openpgp-hash-algorithm halg p))
(let ((value (get-sig p pkalg)))
(unless (port-eof? p)
(print "Trailing data in signature: " (get-bytevector-all p)))
(make-openpgp-signature version type
(public-key-algorithm pkalg)
(openpgp-hash-algorithm halg) hashl16
(openpgp-hash-algorithm halg p) hashl16
(list (integers->bytevector u8 type
u32 ctime))
;; Emulate hashed subpackets
@ -651,7 +676,7 @@ (define (bytevector->hex bv)
(get-bytevector-n p (get-u16 p)))
((hashl16) (get-u16 p)))
(print "Signature type: " type)
(print "Hash algorithm: " (openpgp-hash-algorithm halg))
(print "Hash algorithm: " (openpgp-hash-algorithm halg p))
(let ((value (get-sig p pkalg)))
(unless (port-eof? p)
(print "Trailing data in signature: " (get-bytevector-all p)))
@ -670,8 +695,8 @@ (define (bytevector->hex bv)
u8 #xff
u32 (+ 6 subpacket-len))))
(unhashed-subpackets
(parse-subpackets unhashed-subpackets))
(hashed-subpackets (parse-subpackets hashed-subpackets))
(parse-subpackets unhashed-subpackets p))
(hashed-subpackets (parse-subpackets hashed-subpackets p))
(subpackets (append hashed-subpackets
unhashed-subpackets))
(issuer-key-id (assoc-ref subpackets 'issuer))
@ -679,11 +704,14 @@ (define (bytevector->hex bv)
'issuer-fingerprint)))
(unless (or (not issuer) (not issuer-key-id)
(key-id-matches-fingerprint? issuer-key-id issuer))
(error "issuer key id does not match fingerprint" issuer))
(print "issuer key id does not match fingerprint"
issuer-key-id issuer)
(raise (condition
(&openpgp-invalid-signature-error (port p)))))
(make-openpgp-signature version type
(public-key-algorithm pkalg)
(openpgp-hash-algorithm halg)
(openpgp-hash-algorithm halg p)
hashl16
append-data
hashed-subpackets
@ -694,7 +722,7 @@ (define (bytevector->hex bv)
(print "Unsupported signature version: " version)
'unsupported-signature-version))))
(define (parse-subpackets bv)
(define (parse-subpackets bv signature-port)
(define (parse tag data)
(let ((type (fxbit-field tag 0 7))
(critical? (fxbit-set? tag 7)))
@ -740,7 +768,8 @@ (define (parse tag data)
value)))))))
((= type SUBPACKET-PREFERRED-HASH-ALGORITHMS)
(cons 'preferred-hash-algorithms
(map openpgp-hash-algorithm (bytevector->u8-list data))))
(map (cut openpgp-hash-algorithm <> signature-port)
(bytevector->u8-list data))))
((= type SUBPACKET-PREFERRED-COMPRESSION-ALGORITHMS)
(cons 'preferred-compression-algorithms
(map compression-algorithm (bytevector->u8-list data))))
@ -785,7 +814,9 @@ (define (parse tag data)
;; should be considered invalid.
(print "Unknown subpacket type: " type)
(if critical?
(error "unrecognized critical signature subpacket" type)
(raise (condition
(&openpgp-unrecognized-packet-error
(port signature-port))))
(list 'unsupported-subpacket type data))))))
(let ((p (open-bytevector-input-port bv)))