Return the timestamp of the first packet that verifies

In GetVerifiedSignatureTimestamp we loop over all packets and return the timestamp of the first verified packet.
ProtonMail · Dec 20, 2021 · 763c7b9 · 763c7b9
1 parent 32ed533
commit 763c7b9
Showing 1 changed file with 30 additions and 22 deletions.
diff --git a/crypto/keyring_message.go b/crypto/keyring_message.go
@@ -123,29 +123,37 @@ func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encrypted
 // and returns a SignatureVerificationError if fails.
 func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error) {
 	packets := packet.NewReader(bytes.NewReader(signature.Data))
-	p, err := packets.Next()
-	if err != nil {
-		return 0, errors.Wrap(err, "gopenpgp: can't parse signature")
-	}
-	sigPacket, ok := p.(*packet.Signature)
-	if !ok {
-		return 0, errors.New("gopenpgp: non signature packet found")
-	}
-	var outBuf bytes.Buffer
-	err = sigPacket.Serialize(&outBuf)
-	if err != nil {
-		return 0, errors.Wrap(err, "gopenpgp: can't serialize signature packet")
-	}
-	err = verifySignature(
-		keyRing.entities,
-		message.NewReader(),
-		outBuf.Bytes(),
-		verifyTime,
-	)
-	if err != nil {
-		return 0, err
+	var err error
+	var p packet.Packet
+	for {
+		p, err = packets.Next()
+		if errors.Is(err, io.EOF) {
+			break
+		}
+		if err != nil {
+			continue
+		}
+		sigPacket, ok := p.(*packet.Signature)
+		if !ok {
+			continue
+		}
+		var outBuf bytes.Buffer
+		err = sigPacket.Serialize(&outBuf)
+		if err != nil {
+			continue
+		}
+		err = verifySignature(
+			keyRing.entities,
+			message.NewReader(),
+			outBuf.Bytes(),
+			verifyTime,
+		)
+		if err != nil {
+			continue
+		}
+		return sigPacket.CreationTime.Unix(), nil
 	}
-	return sigPacket.CreationTime.Unix(), nil
+	return 0, errors.Wrap(err, "gopenpgp: can't verify any signature packets")
 }
 
 // ------ INTERNAL FUNCTIONS -------