From ab7d940de9e8d33f7abb04d9bb41789da0f9c9b9 Mon Sep 17 00:00:00 2001 From: asonix Date: Tue, 22 Nov 2022 15:25:42 -0600 Subject: [PATCH] Improve error in signature verification (again) --- src/error.rs | 3 +++ src/middleware/verifier.rs | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/error.rs b/src/error.rs index 9a9dc4e..8fcd05d 100644 --- a/src/error.rs +++ b/src/error.rs @@ -103,6 +103,9 @@ pub(crate) enum ErrorKind { #[error("Couldn't read signature")] ReadSignature(signature::Error), + #[error("Couldn't verify signature")] + VerifySignature(signature::Error), + #[error("Couldn't parse the signature header")] HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue), diff --git a/src/middleware/verifier.rs b/src/middleware/verifier.rs index 83f967a..21d5b06 100644 --- a/src/middleware/verifier.rs +++ b/src/middleware/verifier.rs @@ -16,7 +16,7 @@ use std::{future::Future, pin::Pin}; pub(crate) struct MyVerify(pub Requests, pub ActorCache, pub State); impl MyVerify { - #[tracing::instrument("Verify signature", skip(self, signature))] + #[tracing::instrument("Verify request", skip(self, signature, signing_string))] async fn verify( &self, algorithm: Option, @@ -106,6 +106,7 @@ impl PublicKeyResponse { } } +#[tracing::instrument("Verify signature")] async fn do_verify( public_key: &str, signature: String, @@ -121,7 +122,9 @@ async fn do_verify( let hashed = Sha256::new_with_prefix(signing_string.as_bytes()); let verifying_key = VerifyingKey::new_with_prefix(public_key); - verifying_key.verify_digest(hashed, &signature)?; + verifying_key + .verify_digest(hashed, &signature) + .map_err(ErrorKind::VerifySignature)?; Ok(()) as Result<(), Error> })