tools.linux.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] validation: Report lack of signature
@ 2021-10-02  2:57 Kees Cook
  2021-10-04 20:41 ` Konstantin Ryabitsev
  0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2021-10-02  2:57 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: Kees Cook, tools

If we're trying to cryptographically validate a message, not having a
signature is not a success (exit 0). Use a specific return code for this
condition and report it.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 patatt/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/patatt/__init__.py b/patatt/__init__.py
index 41b7dfda6b75..5d880bcf32b1 100644
--- a/patatt/__init__.py
+++ b/patatt/__init__.py
@@ -36,6 +36,7 @@ DEVKEY_HDR = b'X-Developer-Key'
 
 # Result and severity levels
 RES_VALID = 0
+RES_NOSIG = 4
 RES_NOKEY = 8
 RES_ERROR = 16
 RES_BADSIG = 32
@@ -919,6 +920,7 @@ def validate_message(msgdata: bytes, sources: list, trim_body: bool = False) ->
     pm = PatattMessage(msgdata)
     if not pm.signed:
         logger.debug('message is not signed')
+        attestations.append((RES_NOSIG, None, None, None, None, ['no signatures found']))
         return attestations
 
     # Find all identities for which we have public keys
@@ -1019,6 +1021,10 @@ def cmd_validate(cmdargs, config: dict):
                         logger.info('       | key: %s', keysrc)
                     else:
                         logger.info('       | key: default GnuPG keyring')
+                elif result <= RES_NOSIG:
+                    logger.critical(' NOSIG | %s', fn)
+                    for error in errors:
+                        logger.critical('       | %s', error)
                 elif result <= RES_NOKEY:
                     logger.critical(' NOKEY | %s, %s', identity, fn)
                     for error in errors:
-- 
2.30.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] validation: Report lack of signature
  2021-10-02  2:57 [PATCH] validation: Report lack of signature Kees Cook
@ 2021-10-04 20:41 ` Konstantin Ryabitsev
  0 siblings, 0 replies; 2+ messages in thread
From: Konstantin Ryabitsev @ 2021-10-04 20:41 UTC (permalink / raw)
  To: Kees Cook; +Cc: tools

On Fri, 1 Oct 2021 19:57:17 -0700, Kees Cook wrote:
> If we're trying to cryptographically validate a message, not having a
> signature is not a success (exit 0). Use a specific return code for this
> condition and report it.
> 
> 

Applied, thanks!

[1/1] validation: Report lack of signature
      commit: 4870cf5db4325622ee68f6a47f920e5faea3ffff

Best regards,
-- 
Konstantin Ryabitsev <konstantin@linuxfoundation.org>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-10-04 20:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-02  2:57 [PATCH] validation: Report lack of signature Kees Cook
2021-10-04 20:41 ` Konstantin Ryabitsev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).